bouncycastle: Android tree with upstream code for version 1.52

Android tree as of 1af9aad12fedf1d93333e19f5ed0ab86f1cc4e2a Change-Id: I714fa0954a5d000cd88d1fb78b0b7fe28246d404
author: Sergio Giro <sgiro@google.com> 2016-02-01 10:41:58 +0000
committer: Sergio Giro <sgiro@google.com> 2016-02-01 10:41:58 +0000
commit: 53b61f9fe9d58034fcc7021137e92460f91b70ce (patch)
tree: 90632062175928181977c1ab3ab59951bc1146c3 /bcprov/src
parent: 3eebc2629986481f9fc77ab101c0c9b8ff2f2660 (diff)
download: android_external_bouncycastle-53b61f9fe9d58034fcc7021137e92460f91b70ce.tar.gz
android_external_bouncycastle-53b61f9fe9d58034fcc7021137e92460f91b70ce.tar.bz2
android_external_bouncycastle-53b61f9fe9d58034fcc7021137e92460f91b70ce.zip
1134 files changed, 88244 insertions, 19892 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/LICENSE.java b/bcprov/src/main/java/org/bouncycastle/LICENSE.java
index b02dfbc..2104505 100644
--- a/bcprov/src/main/java/org/bouncycastle/LICENSE.java
+++ b/bcprov/src/main/java/org/bouncycastle/LICENSE.java
@@ -3,7 +3,7 @@ package org.bouncycastle;
 /**
  * The Bouncy Castle License
  *
- * Copyright (c) 2000-2013 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
+ * Copyright (c) 2000-2015 The Legion Of The Bouncy Castle Inc. (http://www.bouncycastle.org)
  * <p>
  * Permission is hereby granted, free of charge, to any person obtaining a copy of this software 
  * and associated documentation files (the "Software"), to deal in the Software without restriction, 
@@ -24,7 +24,7 @@ package org.bouncycastle;
 public class LICENSE
 {
     public static String licenseText =
-      "Copyright (c) 2000-2013 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org) "
+      "Copyright (c) 2000-2015 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org) "
       + System.getProperty("line.separator")
       + System.getProperty("line.separator")
       + "Permission is hereby granted, free of charge, to any person obtaining a copy of this software "
diff --git a/bcprov/src/main/java/org/bouncycastle/apache/bzip2/BZip2Constants.java b/bcprov/src/main/java/org/bouncycastle/apache/bzip2/BZip2Constants.java
deleted file mode 100644
index e86bdee..0000000
--- a/bcprov/src/main/java/org/bouncycastle/apache/bzip2/BZip2Constants.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-/*
- * This package is based on the work done by Keiron Liddle, Aftex Software
- * <keiron@aftexsw.com> to whom the Ant project is very grateful for his
- * great code.
- */
-
-package org.bouncycastle.apache.bzip2;
-
-/**
- * Base class for both the compress and decompress classes.
- * Holds common arrays, and static data.
- *
- * @author <a href="mailto:keiron@aftexsw.com">Keiron Liddle</a>
- */
-public interface BZip2Constants {
-
-    int baseBlockSize = 100000;
-    int MAX_ALPHA_SIZE = 258;
-    int MAX_CODE_LEN = 23;
-    int RUNA = 0;
-    int RUNB = 1;
-    int N_GROUPS = 6;
-    int G_SIZE = 50;
-    int N_ITERS = 4;
-    int MAX_SELECTORS = (2 + (900000 / G_SIZE));
-    int NUM_OVERSHOOT_BYTES = 20;
-
-    int[] rNums = {
-        619, 720, 127, 481, 931, 816, 813, 233, 566, 247,
-        985, 724, 205, 454, 863, 491, 741, 242, 949, 214,
-        733, 859, 335, 708, 621, 574, 73, 654, 730, 472,
-        419, 436, 278, 496, 867, 210, 399, 680, 480, 51,
-        878, 465, 811, 169, 869, 675, 611, 697, 867, 561,
-        862, 687, 507, 283, 482, 129, 807, 591, 733, 623,
-        150, 238, 59, 379, 684, 877, 625, 169, 643, 105,
-        170, 607, 520, 932, 727, 476, 693, 425, 174, 647,
-        73, 122, 335, 530, 442, 853, 695, 249, 445, 515,
-        909, 545, 703, 919, 874, 474, 882, 500, 594, 612,
-        641, 801, 220, 162, 819, 984, 589, 513, 495, 799,
-        161, 604, 958, 533, 221, 400, 386, 867, 600, 782,
-        382, 596, 414, 171, 516, 375, 682, 485, 911, 276,
-        98, 553, 163, 354, 666, 933, 424, 341, 533, 870,
-        227, 730, 475, 186, 263, 647, 537, 686, 600, 224,
-        469, 68, 770, 919, 190, 373, 294, 822, 808, 206,
-        184, 943, 795, 384, 383, 461, 404, 758, 839, 887,
-        715, 67, 618, 276, 204, 918, 873, 777, 604, 560,
-        951, 160, 578, 722, 79, 804, 96, 409, 713, 940,
-        652, 934, 970, 447, 318, 353, 859, 672, 112, 785,
-        645, 863, 803, 350, 139, 93, 354, 99, 820, 908,
-        609, 772, 154, 274, 580, 184, 79, 626, 630, 742,
-        653, 282, 762, 623, 680, 81, 927, 626, 789, 125,
-        411, 521, 938, 300, 821, 78, 343, 175, 128, 250,
-        170, 774, 972, 275, 999, 639, 495, 78, 352, 126,
-        857, 956, 358, 619, 580, 124, 737, 594, 701, 612,
-        669, 112, 134, 694, 363, 992, 809, 743, 168, 974,
-        944, 375, 748, 52, 600, 747, 642, 182, 862, 81,
-        344, 805, 988, 739, 511, 655, 814, 334, 249, 515,
-        897, 955, 664, 981, 649, 113, 974, 459, 893, 228,
-        433, 837, 553, 268, 926, 240, 102, 654, 459, 51,
-        686, 754, 806, 760, 493, 403, 415, 394, 687, 700,
-        946, 670, 656, 610, 738, 392, 760, 799, 887, 653,
-        978, 321, 576, 617, 626, 502, 894, 679, 243, 440,
-        680, 879, 194, 572, 640, 724, 926, 56, 204, 700,
-        707, 151, 457, 449, 797, 195, 791, 558, 945, 679,
-        297, 59, 87, 824, 713, 663, 412, 693, 342, 606,
-        134, 108, 571, 364, 631, 212, 174, 643, 304, 329,
-        343, 97, 430, 751, 497, 314, 983, 374, 822, 928,
-        140, 206, 73, 263, 980, 736, 876, 478, 430, 305,
-        170, 514, 364, 692, 829, 82, 855, 953, 676, 246,
-        369, 970, 294, 750, 807, 827, 150, 790, 288, 923,
-        804, 378, 215, 828, 592, 281, 565, 555, 710, 82,
-        896, 831, 547, 261, 524, 462, 293, 465, 502, 56,
-        661, 821, 976, 991, 658, 869, 905, 758, 745, 193,
-        768, 550, 608, 933, 378, 286, 215, 979, 792, 961,
-        61, 688, 793, 644, 986, 403, 106, 366, 905, 644,
-        372, 567, 466, 434, 645, 210, 389, 550, 919, 135,
-        780, 773, 635, 389, 707, 100, 626, 958, 165, 504,
-        920, 176, 193, 713, 857, 265, 203, 50, 668, 108,
-        645, 990, 626, 197, 510, 357, 358, 850, 858, 364,
-        936, 638
-    };
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/apache/bzip2/CBZip2InputStream.java b/bcprov/src/main/java/org/bouncycastle/apache/bzip2/CBZip2InputStream.java
deleted file mode 100644
index 08d05e7..0000000
--- a/bcprov/src/main/java/org/bouncycastle/apache/bzip2/CBZip2InputStream.java
+++ /dev/null
@@ -1,848 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-/*
- * This package is based on the work done by Keiron Liddle, Aftex Software
- * <keiron@aftexsw.com> to whom the Ant project is very grateful for his
- * great code.
- */
-package org.bouncycastle.apache.bzip2;
-
-import java.io.InputStream;
-import java.io.IOException;
-
-/**
- * An input stream that decompresses from the BZip2 format (with the file
- * header chars) to be read as any other stream.
- *
- * @author <a href="mailto:keiron@aftexsw.com">Keiron Liddle</a>
- *
- * <b>NB:</b> note this class has been modified to read the leading BZ from the
- * start of the BZIP2 stream to make it compatible with other PGP programs.
- */
-public class CBZip2InputStream extends InputStream implements BZip2Constants {
-    private static void cadvise() {
-        System.out.println("CRC Error");
-        //throw new CCoruptionError();
-    }
-
-//    private static void badBGLengths() {
-//        cadvise();
-//    }
-//
-//    private static void bitStreamEOF() {
-//        cadvise();
-//    }
-
-    private static void compressedStreamEOF() {
-        cadvise();
-    }
-
-    private void makeMaps() {
-        int i;
-        nInUse = 0;
-        for (i = 0; i < 256; i++) {
-            if (inUse[i]) {
-                seqToUnseq[nInUse] = (char) i;
-                unseqToSeq[i] = (char) nInUse;
-                nInUse++;
-            }
-        }
-    }
-
-    /*
-      index of the last char in the block, so
-      the block size == last + 1.
-    */
-    private int  last;
-
-    /*
-      index in zptr[] of original string after sorting.
-    */
-    private int  origPtr;
-
-    /*
-      always: in the range 0 .. 9.
-      The current block size is 100000 * this number.
-    */
-    private int blockSize100k;
-
-    private boolean blockRandomised;
-
-    private int bsBuff;
-    private int bsLive;
-    private CRC mCrc = new CRC();
-
-    private boolean[] inUse = new boolean[256];
-    private int nInUse;
-
-    private char[] seqToUnseq = new char[256];
-    private char[] unseqToSeq = new char[256];
-
-    private char[] selector = new char[MAX_SELECTORS];
-    private char[] selectorMtf = new char[MAX_SELECTORS];
-
-    private int[] tt;
-    private char[] ll8;
-
-    /*
-      freq table collected to save a pass over the data
-      during decompression.
-    */
-    private int[] unzftab = new int[256];
-
-    private int[][] limit = new int[N_GROUPS][MAX_ALPHA_SIZE];
-    private int[][] base = new int[N_GROUPS][MAX_ALPHA_SIZE];
-    private int[][] perm = new int[N_GROUPS][MAX_ALPHA_SIZE];
-    private int[] minLens = new int[N_GROUPS];
-
-    private InputStream bsStream;
-
-    private boolean streamEnd = false;
-
-    private int currentChar = -1;
-
-    private static final int START_BLOCK_STATE = 1;
-    private static final int RAND_PART_A_STATE = 2;
-    private static final int RAND_PART_B_STATE = 3;
-    private static final int RAND_PART_C_STATE = 4;
-    private static final int NO_RAND_PART_A_STATE = 5;
-    private static final int NO_RAND_PART_B_STATE = 6;
-    private static final int NO_RAND_PART_C_STATE = 7;
-
-    private int currentState = START_BLOCK_STATE;
-
-    private int storedBlockCRC, storedCombinedCRC;
-    private int computedBlockCRC, computedCombinedCRC;
-
-    int i2, count, chPrev, ch2;
-    int i, tPos;
-    int rNToGo = 0;
-    int rTPos  = 0;
-    int j2;
-    char z;
-
-    public CBZip2InputStream(InputStream zStream)
-        throws IOException
-    {
-        ll8 = null;
-        tt = null;
-        bsSetStream(zStream);
-        initialize();
-        initBlock();
-        setupBlock();
-    }
-
-    public int read() {
-        if (streamEnd) {
-            return -1;
-        } else {
-            int retChar = currentChar;
-            switch(currentState) {
-            case START_BLOCK_STATE:
-                break;
-            case RAND_PART_A_STATE:
-                break;
-            case RAND_PART_B_STATE:
-                setupRandPartB();
-                break;
-            case RAND_PART_C_STATE:
-                setupRandPartC();
-                break;
-            case NO_RAND_PART_A_STATE:
-                break;
-            case NO_RAND_PART_B_STATE:
-                setupNoRandPartB();
-                break;
-            case NO_RAND_PART_C_STATE:
-                setupNoRandPartC();
-                break;
-            default:
-                break;
-            }
-            return retChar;
-        }
-    }
-
-    private void initialize() throws IOException {
-        char magic3, magic4;
-        magic3 = bsGetUChar();
-        magic4 = bsGetUChar();
-        if (magic3 != 'B' && magic4 != 'Z')
-        {
-            throw new IOException("Not a BZIP2 marked stream");
-        }
-        magic3 = bsGetUChar();
-        magic4 = bsGetUChar();
-        if (magic3 != 'h' || magic4 < '1' || magic4 > '9') {
-            bsFinishedWithStream();
-            streamEnd = true;
-            return;
-        }
-
-        setDecompressStructureSizes(magic4 - '0');
-        computedCombinedCRC = 0;
-    }
-
-    private void initBlock() {
-        char magic1, magic2, magic3, magic4;
-        char magic5, magic6;
-        magic1 = bsGetUChar();
-        magic2 = bsGetUChar();
-        magic3 = bsGetUChar();
-        magic4 = bsGetUChar();
-        magic5 = bsGetUChar();
-        magic6 = bsGetUChar();
-        if (magic1 == 0x17 && magic2 == 0x72 && magic3 == 0x45
-            && magic4 == 0x38 && magic5 == 0x50 && magic6 == 0x90) {
-            complete();
-            return;
-        }
-
-        if (magic1 != 0x31 || magic2 != 0x41 || magic3 != 0x59
-            || magic4 != 0x26 || magic5 != 0x53 || magic6 != 0x59) {
-            badBlockHeader();
-            streamEnd = true;
-            return;
-        }
-
-        storedBlockCRC = bsGetInt32();
-
-        if (bsR(1) == 1) {
-            blockRandomised = true;
-        } else {
-            blockRandomised = false;
-        }
-
-        //        currBlockNo++;
-        getAndMoveToFrontDecode();
-
-        mCrc.initialiseCRC();
-        currentState = START_BLOCK_STATE;
-    }
-
-    private void endBlock() {
-        computedBlockCRC = mCrc.getFinalCRC();
-        /* A bad CRC is considered a fatal error. */
-        if (storedBlockCRC != computedBlockCRC) {
-            crcError();
-        }
-
-        computedCombinedCRC = (computedCombinedCRC << 1)
-            | (computedCombinedCRC >>> 31);
-        computedCombinedCRC ^= computedBlockCRC;
-    }
-
-    private void complete() {
-        storedCombinedCRC = bsGetInt32();
-        if (storedCombinedCRC != computedCombinedCRC) {
-            crcError();
-        }
-
-        bsFinishedWithStream();
-        streamEnd = true;
-    }
-
-    private static void blockOverrun() {
-        cadvise();
-    }
-
-    private static void badBlockHeader() {
-        cadvise();
-    }
-
-    private static void crcError() {
-        cadvise();
-    }
-
-    private void bsFinishedWithStream() {
-        try {
-            if (this.bsStream != null) {
-                if (this.bsStream != System.in) {
-                    this.bsStream.close();
-                    this.bsStream = null;
-                }
-            }
-        } catch (IOException ioe) {
-            //ignore
-        }
-    }
-
-    private void bsSetStream(InputStream f) {
-        bsStream = f;
-        bsLive = 0;
-        bsBuff = 0;
-    }
-
-    private int bsR(int n) {
-        int v;
-        while (bsLive < n) {
-            int zzi;
-            char thech = 0;
-            try {
-                thech = (char) bsStream.read();
-            } catch (IOException e) {
-                compressedStreamEOF();
-            }
-            if (thech == -1) {
-                compressedStreamEOF();
-            }
-            zzi = thech;
-            bsBuff = (bsBuff << 8) | (zzi & 0xff);
-            bsLive += 8;
-        }
-
-        v = (bsBuff >> (bsLive - n)) & ((1 << n) - 1);
-        bsLive -= n;
-        return v;
-    }
-
-    private char bsGetUChar() {
-        return (char) bsR(8);
-    }
-
-    private int bsGetint() {
-        int u = 0;
-        u = (u << 8) | bsR(8);
-        u = (u << 8) | bsR(8);
-        u = (u << 8) | bsR(8);
-        u = (u << 8) | bsR(8);
-        return u;
-    }
-
-    private int bsGetIntVS(int numBits) {
-        return (int) bsR(numBits);
-    }
-
-    private int bsGetInt32() {
-        return (int) bsGetint();
-    }
-
-    private void hbCreateDecodeTables(int[] limit, int[] base,
-                                      int[] perm, char[] length,
-                                      int minLen, int maxLen, int alphaSize) {
-        int pp, i, j, vec;
-
-        pp = 0;
-        for (i = minLen; i <= maxLen; i++) {
-            for (j = 0; j < alphaSize; j++) {
-                if (length[j] == i) {
-                    perm[pp] = j;
-                    pp++;
-                }
-            }
-        }
-
-        for (i = 0; i < MAX_CODE_LEN; i++) {
-            base[i] = 0;
-        }
-        for (i = 0; i < alphaSize; i++) {
-            base[length[i] + 1]++;
-        }
-
-        for (i = 1; i < MAX_CODE_LEN; i++) {
-            base[i] += base[i - 1];
-        }
-
-        for (i = 0; i < MAX_CODE_LEN; i++) {
-            limit[i] = 0;
-        }
-        vec = 0;
-
-        for (i = minLen; i <= maxLen; i++) {
-            vec += (base[i + 1] - base[i]);
-            limit[i] = vec - 1;
-            vec <<= 1;
-        }
-        for (i = minLen + 1; i <= maxLen; i++) {
-            base[i] = ((limit[i - 1] + 1) << 1) - base[i];
-        }
-    }
-
-    private void recvDecodingTables() {
-        char len[][] = new char[N_GROUPS][MAX_ALPHA_SIZE];
-        int i, j, t, nGroups, nSelectors, alphaSize;
-        int minLen, maxLen;
-        boolean[] inUse16 = new boolean[16];
-
-        /* Receive the mapping table */
-        for (i = 0; i < 16; i++) {
-            if (bsR(1) == 1) {
-                inUse16[i] = true;
-            } else {
-                inUse16[i] = false;
-            }
-        }
-
-        for (i = 0; i < 256; i++) {
-            inUse[i] = false;
-        }
-
-        for (i = 0; i < 16; i++) {
-            if (inUse16[i]) {
-                for (j = 0; j < 16; j++) {
-                    if (bsR(1) == 1) {
-                        inUse[i * 16 + j] = true;
-                    }
-                }
-            }
-        }
-
-        makeMaps();
-        alphaSize = nInUse + 2;
-
-        /* Now the selectors */
-        nGroups = bsR(3);
-        nSelectors = bsR(15);
-        for (i = 0; i < nSelectors; i++) {
-            j = 0;
-            while (bsR(1) == 1) {
-                j++;
-            }
-            selectorMtf[i] = (char) j;
-        }
-
-        /* Undo the MTF values for the selectors. */
-        {
-            char[] pos = new char[N_GROUPS];
-            char tmp, v;
-            for (v = 0; v < nGroups; v++) {
-                pos[v] = v;
-            }
-
-            for (i = 0; i < nSelectors; i++) {
-                v = selectorMtf[i];
-                tmp = pos[v];
-                while (v > 0) {
-                    pos[v] = pos[v - 1];
-                    v--;
-                }
-                pos[0] = tmp;
-                selector[i] = tmp;
-            }
-        }
-
-        /* Now the coding tables */
-        for (t = 0; t < nGroups; t++) {
-            int curr = bsR(5);
-            for (i = 0; i < alphaSize; i++) {
-                while (bsR(1) == 1) {
-                    if (bsR(1) == 0) {
-                        curr++;
-                    } else {
-                        curr--;
-                    }
-                }
-                len[t][i] = (char) curr;
-            }
-        }
-
-        /* Create the Huffman decoding tables */
-        for (t = 0; t < nGroups; t++) {
-            minLen = 32;
-            maxLen = 0;
-            for (i = 0; i < alphaSize; i++) {
-                if (len[t][i] > maxLen) {
-                    maxLen = len[t][i];
-                }
-                if (len[t][i] < minLen) {
-                    minLen = len[t][i];
-                }
-            }
-            hbCreateDecodeTables(limit[t], base[t], perm[t], len[t], minLen,
-                                 maxLen, alphaSize);
-            minLens[t] = minLen;
-        }
-    }
-
-    private void getAndMoveToFrontDecode() {
-        char[] yy = new char[256];
-        int i, j, nextSym, limitLast;
-        int EOB, groupNo, groupPos;
-
-        limitLast = baseBlockSize * blockSize100k;
-        origPtr = bsGetIntVS(24);
-
-        recvDecodingTables();
-        EOB = nInUse + 1;
-        groupNo = -1;
-        groupPos = 0;
-
-        /*
-          Setting up the unzftab entries here is not strictly
-          necessary, but it does save having to do it later
-          in a separate pass, and so saves a block's worth of
-          cache misses.
-        */
-        for (i = 0; i <= 255; i++) {
-            unzftab[i] = 0;
-        }
-
-        for (i = 0; i <= 255; i++) {
-            yy[i] = (char) i;
-        }
-
-        last = -1;
-
-        {
-            int zt, zn, zvec, zj;
-            if (groupPos == 0) {
-                groupNo++;
-                groupPos = G_SIZE;
-            }
-            groupPos--;
-            zt = selector[groupNo];
-            zn = minLens[zt];
-            zvec = bsR(zn);
-            while (zvec > limit[zt][zn]) {
-                zn++;
-                {
-                    {
-                        while (bsLive < 1) {
-                            int zzi;
-                            char thech = 0;
-                            try {
-                                thech = (char) bsStream.read();
-                            } catch (IOException e) {
-                                compressedStreamEOF();
-                            }
-                            if (thech == -1) {
-                                compressedStreamEOF();
-                            }
-                            zzi = thech;
-                            bsBuff = (bsBuff << 8) | (zzi & 0xff);
-                            bsLive += 8;
-                        }
-                    }
-                    zj = (bsBuff >> (bsLive - 1)) & 1;
-                    bsLive--;
-                }
-                zvec = (zvec << 1) | zj;
-            }
-            nextSym = perm[zt][zvec - base[zt][zn]];
-        }
-
-        while (true) {
-
-            if (nextSym == EOB) {
-                break;
-            }
-
-            if (nextSym == RUNA || nextSym == RUNB) {
-                char ch;
-                int s = -1;
-                int N = 1;
-                do {
-                    if (nextSym == RUNA) {
-                        s = s + (0 + 1) * N;
-                    } else if (nextSym == RUNB) {
-                        s = s + (1 + 1) * N;
-                           }
-                    N = N * 2;
-                    {
-                        int zt, zn, zvec, zj;
-                        if (groupPos == 0) {
-                            groupNo++;
-                            groupPos = G_SIZE;
-                        }
-                        groupPos--;
-                        zt = selector[groupNo];
-                        zn = minLens[zt];
-                        zvec = bsR(zn);
-                        while (zvec > limit[zt][zn]) {
-                            zn++;
-                            {
-                                {
-                                    while (bsLive < 1) {
-                                        int zzi;
-                                        char thech = 0;
-                                        try {
-                                            thech = (char) bsStream.read();
-                                        } catch (IOException e) {
-                                            compressedStreamEOF();
-                                        }
-                                        if (thech == -1) {
-                                            compressedStreamEOF();
-                                        }
-                                        zzi = thech;
-                                        bsBuff = (bsBuff << 8) | (zzi & 0xff);
-                                        bsLive += 8;
-                                    }
-                                }
-                                zj = (bsBuff >> (bsLive - 1)) & 1;
-                                bsLive--;
-                            }
-                            zvec = (zvec << 1) | zj;
-                        }
-                        nextSym = perm[zt][zvec - base[zt][zn]];
-                    }
-                } while (nextSym == RUNA || nextSym == RUNB);
-
-                s++;
-                ch = seqToUnseq[yy[0]];
-                unzftab[ch] += s;
-
-                while (s > 0) {
-                    last++;
-                    ll8[last] = ch;
-                    s--;
-                }
-
-                if (last >= limitLast) {
-                    blockOverrun();
-                }
-                continue;
-            } else {
-                char tmp;
-                last++;
-                if (last >= limitLast) {
-                    blockOverrun();
-                }
-
-                tmp = yy[nextSym - 1];
-                unzftab[seqToUnseq[tmp]]++;
-                ll8[last] = seqToUnseq[tmp];
-
-                /*
-                  This loop is hammered during decompression,
-                  hence the unrolling.
-
-                  for (j = nextSym-1; j > 0; j--) yy[j] = yy[j-1];
-                */
-
-                j = nextSym - 1;
-                for (; j > 3; j -= 4) {
-                    yy[j]     = yy[j - 1];
-                    yy[j - 1] = yy[j - 2];
-                    yy[j - 2] = yy[j - 3];
-                    yy[j - 3] = yy[j - 4];
-                }
-                for (; j > 0; j--) {
-                    yy[j] = yy[j - 1];
-                }
-
-                yy[0] = tmp;
-                {
-                    int zt, zn, zvec, zj;
-                    if (groupPos == 0) {
-                        groupNo++;
-                        groupPos = G_SIZE;
-                    }
-                    groupPos--;
-                    zt = selector[groupNo];
-                    zn = minLens[zt];
-                    zvec = bsR(zn);
-                    while (zvec > limit[zt][zn]) {
-                        zn++;
-                        {
-                            {
-                                while (bsLive < 1) {
-                                    int zzi;
-                                    char thech = 0;
-                                    try {
-                                        thech = (char) bsStream.read();
-                                    } catch (IOException e) {
-                                        compressedStreamEOF();
-                                    }
-                                    zzi = thech;
-                                    bsBuff = (bsBuff << 8) | (zzi & 0xff);
-                                    bsLive += 8;
-                                }
-                            }
-                            zj = (bsBuff >> (bsLive - 1)) & 1;
-                            bsLive--;
-                        }
-                        zvec = (zvec << 1) | zj;
-                    }
-                    nextSym = perm[zt][zvec - base[zt][zn]];
-                }
-                continue;
-            }
-        }
-    }
-
-    private void setupBlock() {
-        int[] cftab = new int[257];
-        char ch;
-
-        cftab[0] = 0;
-        for (i = 1; i <= 256; i++) {
-            cftab[i] = unzftab[i - 1];
-        }
-        for (i = 1; i <= 256; i++) {
-            cftab[i] += cftab[i - 1];
-        }
-
-        for (i = 0; i <= last; i++) {
-            ch = (char) ll8[i];
-            tt[cftab[ch]] = i;
-            cftab[ch]++;
-        }
-        cftab = null;
-
-        tPos = tt[origPtr];
-
-        count = 0;
-        i2 = 0;
-        ch2 = 256;   /* not a char and not EOF */
-
-        if (blockRandomised) {
-            rNToGo = 0;
-            rTPos = 0;
-            setupRandPartA();
-        } else {
-            setupNoRandPartA();
-        }
-    }
-
-    private void setupRandPartA() {
-        if (i2 <= last) {
-            chPrev = ch2;
-            ch2 = ll8[tPos];
-            tPos = tt[tPos];
-            if (rNToGo == 0) {
-                rNToGo = rNums[rTPos];
-                rTPos++;
-                if (rTPos == 512) {
-                    rTPos = 0;
-                }
-            }
-            rNToGo--;
-            ch2 ^= (int) ((rNToGo == 1) ? 1 : 0);
-            i2++;
-
-            currentChar = ch2;
-            currentState = RAND_PART_B_STATE;
-            mCrc.updateCRC(ch2);
-        } else {
-            endBlock();
-            initBlock();
-            setupBlock();
-        }
-    }
-
-    private void setupNoRandPartA() {
-        if (i2 <= last) {
-            chPrev = ch2;
-            ch2 = ll8[tPos];
-            tPos = tt[tPos];
-            i2++;
-
-            currentChar = ch2;
-            currentState = NO_RAND_PART_B_STATE;
-            mCrc.updateCRC(ch2);
-        } else {
-            endBlock();
-            initBlock();
-            setupBlock();
-        }
-    }
-
-    private void setupRandPartB() {
-        if (ch2 != chPrev) {
-            currentState = RAND_PART_A_STATE;
-            count = 1;
-            setupRandPartA();
-        } else {
-            count++;
-            if (count >= 4) {
-                z = ll8[tPos];
-                tPos = tt[tPos];
-                if (rNToGo == 0) {
-                    rNToGo = rNums[rTPos];
-                    rTPos++;
-                    if (rTPos == 512) {
-                        rTPos = 0;
-                    }
-                }
-                rNToGo--;
-                z ^= ((rNToGo == 1) ? 1 : 0);
-                j2 = 0;
-                currentState = RAND_PART_C_STATE;
-                setupRandPartC();
-            } else {
-                currentState = RAND_PART_A_STATE;
-                setupRandPartA();
-            }
-        }
-    }
-
-    private void setupRandPartC() {
-        if (j2 < (int) z) {
-            currentChar = ch2;
-            mCrc.updateCRC(ch2);
-            j2++;
-        } else {
-            currentState = RAND_PART_A_STATE;
-            i2++;
-            count = 0;
-            setupRandPartA();
-        }
-    }
-
-    private void setupNoRandPartB() {
-        if (ch2 != chPrev) {
-            currentState = NO_RAND_PART_A_STATE;
-            count = 1;
-            setupNoRandPartA();
-        } else {
-            count++;
-            if (count >= 4) {
-                z = ll8[tPos];
-                tPos = tt[tPos];
-                currentState = NO_RAND_PART_C_STATE;
-                j2 = 0;
-                setupNoRandPartC();
-            } else {
-                currentState = NO_RAND_PART_A_STATE;
-                setupNoRandPartA();
-            }
-        }
-    }
-
-    private void setupNoRandPartC() {
-        if (j2 < (int) z) {
-            currentChar = ch2;
-            mCrc.updateCRC(ch2);
-            j2++;
-        } else {
-            currentState = NO_RAND_PART_A_STATE;
-            i2++;
-            count = 0;
-            setupNoRandPartA();
-        }
-    }
-
-    private void setDecompressStructureSizes(int newSize100k) {
-        if (!(0 <= newSize100k && newSize100k <= 9 && 0 <= blockSize100k
-               && blockSize100k <= 9)) {
-            // throw new IOException("Invalid block size");
-        }
-
-        blockSize100k = newSize100k;
-
-        if (newSize100k == 0) {
-            return;
-        }
-
-        int n = baseBlockSize * newSize100k;
-        ll8 = new char[n];
-        tt = new int[n];
-    }
-}
-
diff --git a/bcprov/src/main/java/org/bouncycastle/apache/bzip2/CBZip2OutputStream.java b/bcprov/src/main/java/org/bouncycastle/apache/bzip2/CBZip2OutputStream.java
deleted file mode 100644
index 0503583..0000000
--- a/bcprov/src/main/java/org/bouncycastle/apache/bzip2/CBZip2OutputStream.java
+++ /dev/null
@@ -1,1651 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-/*
- * This package is based on the work done by Keiron Liddle, Aftex Software
- * <keiron@aftexsw.com> to whom the Ant project is very grateful for his
- * great code.
- */
-
-package org.bouncycastle.apache.bzip2;
-
-import java.io.OutputStream;
-import java.io.IOException;
-
-/**
- * An output stream that compresses into the BZip2 format (with the file
- * header chars) into another stream.
- *
- * @author <a href="mailto:keiron@aftexsw.com">Keiron Liddle</a>
- *
- * TODO:    Update to BZip2 1.0.1
- * <b>NB:</b> note this class has been modified to add a leading BZ to the
- * start of the BZIP2 stream to make it compatible with other PGP programs.
- */
-public class CBZip2OutputStream extends OutputStream implements BZip2Constants {
-    protected static final int SETMASK = (1 << 21);
-    protected static final int CLEARMASK = (~SETMASK);
-    protected static final int GREATER_ICOST = 15;
-    protected static final int LESSER_ICOST = 0;
-    protected static final int SMALL_THRESH = 20;
-    protected static final int DEPTH_THRESH = 10;
-
-    /*
-      If you are ever unlucky/improbable enough
-      to get a stack overflow whilst sorting,
-      increase the following constant and try
-      again.  In practice I have never seen the
-      stack go above 27 elems, so the following
-      limit seems very generous.
-    */
-    protected static final int QSORT_STACK_SIZE = 1000;
-    private boolean finished;
-
-    private static void panic() {
-        System.out.println("panic");
-        //throw new CError();
-    }
-
-    private void makeMaps() {
-        int i;
-        nInUse = 0;
-        for (i = 0; i < 256; i++) {
-            if (inUse[i]) {
-                seqToUnseq[nInUse] = (char) i;
-                unseqToSeq[i] = (char) nInUse;
-                nInUse++;
-            }
-        }
-    }
-
-    protected static void hbMakeCodeLengths(char[] len, int[] freq,
-                                            int alphaSize, int maxLen) {
-        /*
-          Nodes and heap entries run from 1.  Entry 0
-          for both the heap and nodes is a sentinel.
-        */
-        int nNodes, nHeap, n1, n2, i, j, k;
-        boolean  tooLong;
-
-        int[] heap = new int[MAX_ALPHA_SIZE + 2];
-        int[] weight = new int[MAX_ALPHA_SIZE * 2];
-        int[] parent = new int[MAX_ALPHA_SIZE * 2];
-
-        for (i = 0; i < alphaSize; i++) {
-            weight[i + 1] = (freq[i] == 0 ? 1 : freq[i]) << 8;
-        }
-
-        while (true) {
-            nNodes = alphaSize;
-            nHeap = 0;
-
-            heap[0] = 0;
-            weight[0] = 0;
-            parent[0] = -2;
-
-            for (i = 1; i <= alphaSize; i++) {
-                parent[i] = -1;
-                nHeap++;
-                heap[nHeap] = i;
-                {
-                    int zz, tmp;
-                    zz = nHeap;
-                    tmp = heap[zz];
-                    while (weight[tmp] < weight[heap[zz >> 1]]) {
-                        heap[zz] = heap[zz >> 1];
-                        zz >>= 1;
-                    }
-                    heap[zz] = tmp;
-                }
-            }
-            if (!(nHeap < (MAX_ALPHA_SIZE + 2))) {
-                panic();
-            }
-
-            while (nHeap > 1) {
-                n1 = heap[1];
-                heap[1] = heap[nHeap];
-                nHeap--;
-                {
-                    int zz = 0, yy = 0, tmp = 0;
-                    zz = 1;
-                    tmp = heap[zz];
-                    while (true) {
-                        yy = zz << 1;
-                        if (yy > nHeap) {
-                            break;
-                        }
-                        if (yy < nHeap
-                            && weight[heap[yy + 1]] < weight[heap[yy]]) {
-                            yy++;
-                        }
-                        if (weight[tmp] < weight[heap[yy]]) {
-                            break;
-                        }
-                        heap[zz] = heap[yy];
-                        zz = yy;
-                    }
-                    heap[zz] = tmp;
-                }
-                n2 = heap[1];
-                heap[1] = heap[nHeap];
-                nHeap--;
-                {
-                    int zz = 0, yy = 0, tmp = 0;
-                    zz = 1;
-                    tmp = heap[zz];
-                    while (true) {
-                        yy = zz << 1;
-                        if (yy > nHeap) {
-                            break;
-                        }
-                        if (yy < nHeap
-                            && weight[heap[yy + 1]] < weight[heap[yy]]) {
-                            yy++;
-                        }
-                        if (weight[tmp] < weight[heap[yy]]) {
-                            break;
-                        }
-                        heap[zz] = heap[yy];
-                        zz = yy;
-                    }
-                    heap[zz] = tmp;
-                }
-                nNodes++;
-                parent[n1] = parent[n2] = nNodes;
-
-                weight[nNodes] = ((weight[n1] & 0xffffff00)
-                                  + (weight[n2] & 0xffffff00))
-                    | (1 + (((weight[n1] & 0x000000ff) >
-                             (weight[n2] & 0x000000ff)) ?
-                            (weight[n1] & 0x000000ff) :
-                            (weight[n2] & 0x000000ff)));
-
-                parent[nNodes] = -1;
-                nHeap++;
-                heap[nHeap] = nNodes;
-                {
-                    int zz = 0, tmp = 0;
-                    zz = nHeap;
-                    tmp = heap[zz];
-                    while (weight[tmp] < weight[heap[zz >> 1]]) {
-                        heap[zz] = heap[zz >> 1];
-                        zz >>= 1;
-                    }
-                    heap[zz] = tmp;
-                }
-            }
-            if (!(nNodes < (MAX_ALPHA_SIZE * 2))) {
-                panic();
-            }
-
-            tooLong = false;
-            for (i = 1; i <= alphaSize; i++) {
-                j = 0;
-                k = i;
-                while (parent[k] >= 0) {
-                    k = parent[k];
-                    j++;
-                }
-                len[i - 1] = (char) j;
-                if (j > maxLen) {
-                    tooLong = true;
-                }
-            }
-
-            if (!tooLong) {
-                break;
-            }
-
-            for (i = 1; i < alphaSize; i++) {
-                j = weight[i] >> 8;
-                j = 1 + (j / 2);
-                weight[i] = j << 8;
-            }
-        }
-    }
-
-    /*
-      index of the last char in the block, so
-      the block size == last + 1.
-    */
-    int last;
-
-    /*
-      index in zptr[] of original string after sorting.
-    */
-    int origPtr;
-
-    /*
-      always: in the range 0 .. 9.
-      The current block size is 100000 * this number.
-    */
-    int blockSize100k;
-
-    boolean blockRandomised;
-
-    int bytesOut;
-    int bsBuff;
-    int bsLive;
-    CRC mCrc = new CRC();
-
-    private boolean[] inUse = new boolean[256];
-    private int nInUse;
-
-    private char[] seqToUnseq = new char[256];
-    private char[] unseqToSeq = new char[256];
-
-    private char[] selector = new char[MAX_SELECTORS];
-    private char[] selectorMtf = new char[MAX_SELECTORS];
-
-    private char[] block;
-    private int[] quadrant;
-    private int[] zptr;
-    private short[] szptr;
-    private int[] ftab;
-
-    private int nMTF;
-
-    private int[] mtfFreq = new int[MAX_ALPHA_SIZE];
-
-    /*
-     * Used when sorting.  If too many long comparisons
-     * happen, we stop sorting, randomise the block
-     * slightly, and try again.
-     */
-    private int workFactor;
-    private int workDone;
-    private int workLimit;
-    private boolean firstAttempt;
-    private int nBlocksRandomised;
-
-    private int currentChar = -1;
-    private int runLength = 0;
-
-    public CBZip2OutputStream(OutputStream inStream) throws IOException {
-        this(inStream, 9);
-    }
-
-    public CBZip2OutputStream(OutputStream inStream, int inBlockSize)
-        throws IOException {
-        block = null;
-        quadrant = null;
-        zptr = null;
-        ftab = null;
-
-        inStream.write('B');
-        inStream.write('Z');
-
-        bsSetStream(inStream);
-
-        workFactor = 50;
-        if (inBlockSize > 9) {
-            inBlockSize = 9;
-        }
-        if (inBlockSize < 1) {
-            inBlockSize = 1;
-        }
-        blockSize100k = inBlockSize;
-        allocateCompressStructures();
-        initialize();
-        initBlock();
-    }
-
-    /**
-     *
-     * modified by Oliver Merkel, 010128
-     *
-     */
-    public void write(int bv) throws IOException {
-        int b = (256 + bv) % 256;
-        if (currentChar != -1) {
-            if (currentChar == b) {
-                runLength++;
-                if (runLength > 254) {
-                    writeRun();
-                    currentChar = -1;
-                    runLength = 0;
-                }
-            } else {
-                writeRun();
-                runLength = 1;
-                currentChar = b;
-            }
-        } else {
-            currentChar = b;
-            runLength++;
-        }
-    }
-
-    private void writeRun() throws IOException {
-        if (last < allowableBlockSize) {
-            inUse[currentChar] = true;
-            for (int i = 0; i < runLength; i++) {
-                mCrc.updateCRC((char) currentChar);
-            }
-            switch (runLength) {
-            case 1:
-                last++;
-                block[last + 1] = (char) currentChar;
-                break;
-            case 2:
-                last++;
-                block[last + 1] = (char) currentChar;
-                last++;
-                block[last + 1] = (char) currentChar;
-                break;
-            case 3:
-                last++;
-                block[last + 1] = (char) currentChar;
-                last++;
-                block[last + 1] = (char) currentChar;
-                last++;
-                block[last + 1] = (char) currentChar;
-                break;
-            default:
-                inUse[runLength - 4] = true;
-                last++;
-                block[last + 1] = (char) currentChar;
-                last++;
-                block[last + 1] = (char) currentChar;
-                last++;
-                block[last + 1] = (char) currentChar;
-                last++;
-                block[last + 1] = (char) currentChar;
-                last++;
-                block[last + 1] = (char) (runLength - 4);
-                break;
-            }
-        } else {
-            endBlock();
-            initBlock();
-            writeRun();
-        }
-    }
-
-    boolean closed = false;
-
-    protected void finalize() throws Throwable {
-        close();
-        super.finalize();
-    }
-
-    public void close() throws IOException {
-        if (closed) {
-            return;
-        }
-
-        finish();
-
-        closed = true;
-        super.close();
-        bsStream.close();
-    }
-
-    public void finish() throws IOException {
-        if (finished) {
-            return;
-        }
-
-        if (runLength > 0) {
-            writeRun();
-        }
-        currentChar = -1;
-        endBlock();
-        endCompression();
-        finished = true;
-        flush();
-    }
-    
-    public void flush() throws IOException {
-        super.flush();
-        bsStream.flush();
-    }
-
-    private int blockCRC, combinedCRC;
-
-    private void initialize() throws IOException {
-        bytesOut = 0;
-        nBlocksRandomised = 0;
-
-        /* Write `magic' bytes h indicating file-format == huffmanised,
-           followed by a digit indicating blockSize100k.
-        */
-        bsPutUChar('h');
-        bsPutUChar('0' + blockSize100k);
-
-        combinedCRC = 0;
-    }
-
-    private int allowableBlockSize;
-
-    private void initBlock() {
-        //        blockNo++;
-        mCrc.initialiseCRC();
-        last = -1;
-        //        ch = 0;
-
-        for (int i = 0; i < 256; i++) {
-            inUse[i] = false;
-        }
-
-        /* 20 is just a paranoia constant */
-        allowableBlockSize = baseBlockSize * blockSize100k - 20;
-    }
-
-    private void endBlock() throws IOException {
-        blockCRC = mCrc.getFinalCRC();
-        combinedCRC = (combinedCRC << 1) | (combinedCRC >>> 31);
-        combinedCRC ^= blockCRC;
-
-        /* sort the block and establish posn of original string */
-        doReversibleTransformation();
-
-        /*
-          A 6-byte block header, the value chosen arbitrarily
-          as 0x314159265359 :-).  A 32 bit value does not really
-          give a strong enough guarantee that the value will not
-          appear by chance in the compressed datastream.  Worst-case
-          probability of this event, for a 900k block, is about
-          2.0e-3 for 32 bits, 1.0e-5 for 40 bits and 4.0e-8 for 48 bits.
-          For a compressed file of size 100Gb -- about 100000 blocks --
-          only a 48-bit marker will do.  NB: normal compression/
-          decompression do *not* rely on these statistical properties.
-          They are only important when trying to recover blocks from
-          damaged files.
-        */
-        bsPutUChar(0x31);
-        bsPutUChar(0x41);
-        bsPutUChar(0x59);
-        bsPutUChar(0x26);
-        bsPutUChar(0x53);
-        bsPutUChar(0x59);
-
-        /* Now the block's CRC, so it is in a known place. */
-        bsPutint(blockCRC);
-
-        /* Now a single bit indicating randomisation. */
-        if (blockRandomised) {
-            bsW(1, 1);
-            nBlocksRandomised++;
-        } else {
-            bsW(1, 0);
-        }
-
-        /* Finally, block's contents proper. */
-        moveToFrontCodeAndSend();
-    }
-
-    private void endCompression() throws IOException {
-        /*
-          Now another magic 48-bit number, 0x177245385090, to
-          indicate the end of the last block.  (sqrt(pi), if
-          you want to know.  I did want to use e, but it contains
-          too much repetition -- 27 18 28 18 28 46 -- for me
-          to feel statistically comfortable.  Call me paranoid.)
-        */
-        bsPutUChar(0x17);
-        bsPutUChar(0x72);
-        bsPutUChar(0x45);
-        bsPutUChar(0x38);
-        bsPutUChar(0x50);
-        bsPutUChar(0x90);
-
-        bsPutint(combinedCRC);
-
-        bsFinishedWithStream();
-    }
-
-    private void hbAssignCodes (int[] code, char[] length, int minLen,
-                                int maxLen, int alphaSize) {
-        int n, vec, i;
-
-        vec = 0;
-        for (n = minLen; n <= maxLen; n++) {
-            for (i = 0; i < alphaSize; i++) {
-                if (length[i] == n) {
-                    code[i] = vec;
-                    vec++;
-                }
-            }
-            vec <<= 1;
-        }
-    }
-
-    private void bsSetStream(OutputStream f) {
-        bsStream = f;
-        bsLive = 0;
-        bsBuff = 0;
-        bytesOut = 0;
-    }
-
-    private void bsFinishedWithStream() throws IOException {
-        while (bsLive > 0) {
-            int ch = (bsBuff >> 24);
-            try {
-                bsStream.write(ch); // write 8-bit
-            } catch (IOException e) {
-                throw  e;
-            }
-            bsBuff <<= 8;
-            bsLive -= 8;
-            bytesOut++;
-        }
-    }
-
-    private void bsW(int n, int v) throws IOException {
-        while (bsLive >= 8) {
-            int ch = (bsBuff >> 24);
-            try {
-                bsStream.write(ch); // write 8-bit
-            } catch (IOException e) {
-                throw e;
-            }
-            bsBuff <<= 8;
-            bsLive -= 8;
-            bytesOut++;
-        }
-        bsBuff |= (v << (32 - bsLive - n));
-        bsLive += n;
-    }
-
-    private void bsPutUChar(int c) throws IOException {
-        bsW(8, c);
-    }
-
-    private void bsPutint(int u) throws IOException {
-        bsW(8, (u >> 24) & 0xff);
-        bsW(8, (u >> 16) & 0xff);
-        bsW(8, (u >>  8) & 0xff);
-        bsW(8,  u        & 0xff);
-    }
-
-    private void bsPutIntVS(int numBits, int c) throws IOException {
-        bsW(numBits, c);
-    }
-
-    private void sendMTFValues() throws IOException {
-        char len[][] = new char[N_GROUPS][MAX_ALPHA_SIZE];
-
-        int v, t, i, j, gs, ge, totc, bt, bc, iter;
-        int nSelectors = 0, alphaSize, minLen, maxLen, selCtr;
-        int nGroups;//, nBytes;
-
-        alphaSize = nInUse + 2;
-        for (t = 0; t < N_GROUPS; t++) {
-            for (v = 0; v < alphaSize; v++) {
-                len[t][v] = (char) GREATER_ICOST;
-            }
-        }
-
-        /* Decide how many coding tables to use */
-        if (nMTF <= 0) {
-            panic();
-        }
-
-        if (nMTF < 200) {
-            nGroups = 2;
-        } else if (nMTF < 600) {
-            nGroups = 3;
-        } else if (nMTF < 1200) {
-            nGroups = 4;
-        } else if (nMTF < 2400) {
-            nGroups = 5;
-        } else {
-            nGroups = 6;
-        }
-
-        /* Generate an initial set of coding tables */ {
-            int nPart, remF, tFreq, aFreq;
-
-            nPart = nGroups;
-            remF  = nMTF;
-            gs = 0;
-            while (nPart > 0) {
-                tFreq = remF / nPart;
-                ge = gs - 1;
-                aFreq = 0;
-                while (aFreq < tFreq && ge < alphaSize - 1) {
-                    ge++;
-                    aFreq += mtfFreq[ge];
-                }
-
-                if (ge > gs && nPart != nGroups && nPart != 1
-                    && ((nGroups - nPart) % 2 == 1)) {
-                    aFreq -= mtfFreq[ge];
-                    ge--;
-                }
-
-                for (v = 0; v < alphaSize; v++) {
-                    if (v >= gs && v <= ge) {
-                        len[nPart - 1][v] = (char) LESSER_ICOST;
-                    } else {
-                        len[nPart - 1][v] = (char) GREATER_ICOST;
-                    }
-                }
-
-                nPart--;
-                gs = ge + 1;
-                remF -= aFreq;
-            }
-        }
-
-        int[][] rfreq = new int[N_GROUPS][MAX_ALPHA_SIZE];
-        int[] fave = new int[N_GROUPS];
-        short[] cost = new short[N_GROUPS];
-        /*
-          Iterate up to N_ITERS times to improve the tables.
-        */
-        for (iter = 0; iter < N_ITERS; iter++) {
-            for (t = 0; t < nGroups; t++) {
-                fave[t] = 0;
-            }
-
-            for (t = 0; t < nGroups; t++) {
-                for (v = 0; v < alphaSize; v++) {
-                    rfreq[t][v] = 0;
-                }
-            }
-
-            nSelectors = 0;
-            totc = 0;
-            gs = 0;
-            while (true) {
-
-                /* Set group start & end marks. */
-                if (gs >= nMTF) {
-                    break;
-                }
-                ge = gs + G_SIZE - 1;
-                if (ge >= nMTF) {
-                    ge = nMTF - 1;
-                }
-
-                /*
-                  Calculate the cost of this group as coded
-                  by each of the coding tables.
-                */
-                for (t = 0; t < nGroups; t++) {
-                    cost[t] = 0;
-                }
-
-                if (nGroups == 6) {
-                    short cost0, cost1, cost2, cost3, cost4, cost5;
-                    cost0 = cost1 = cost2 = cost3 = cost4 = cost5 = 0;
-                    for (i = gs; i <= ge; i++) {
-                        short icv = szptr[i];
-                        cost0 += len[0][icv];
-                        cost1 += len[1][icv];
-                        cost2 += len[2][icv];
-                        cost3 += len[3][icv];
-                        cost4 += len[4][icv];
-                        cost5 += len[5][icv];
-                    }
-                    cost[0] = cost0;
-                    cost[1] = cost1;
-                    cost[2] = cost2;
-                    cost[3] = cost3;
-                    cost[4] = cost4;
-                    cost[5] = cost5;
-                } else {
-                    for (i = gs; i <= ge; i++) {
-                        short icv = szptr[i];
-                        for (t = 0; t < nGroups; t++) {
-                            cost[t] += len[t][icv];
-                        }
-                    }
-                }
-
-                /*
-                  Find the coding table which is best for this group,
-                  and record its identity in the selector table.
-                */
-                bc = 999999999;
-                bt = -1;
-                for (t = 0; t < nGroups; t++) {
-                    if (cost[t] < bc) {
-                        bc = cost[t];
-                        bt = t;
-                    }
-                }
-                totc += bc;
-                fave[bt]++;
-                selector[nSelectors] = (char) bt;
-                nSelectors++;
-
-                /*
-                  Increment the symbol frequencies for the selected table.
-                */
-                for (i = gs; i <= ge; i++) {
-                    rfreq[bt][szptr[i]]++;
-                }
-
-                gs = ge + 1;
-            }
-
-            /*
-              Recompute the tables based on the accumulated frequencies.
-            */
-            for (t = 0; t < nGroups; t++) {
-                hbMakeCodeLengths(len[t], rfreq[t], alphaSize, 20);
-            }
-        }
-
-        rfreq = null;
-        fave = null;
-        cost = null;
-
-        if (!(nGroups < 8)) {
-            panic();
-        }
-        if (!(nSelectors < 32768 && nSelectors <= (2 + (900000 / G_SIZE)))) {
-            panic();
-        }
-
-
-        /* Compute MTF values for the selectors. */
-        {
-            char[] pos = new char[N_GROUPS];
-            char ll_i, tmp2, tmp;
-            for (i = 0; i < nGroups; i++) {
-                pos[i] = (char) i;
-            }
-            for (i = 0; i < nSelectors; i++) {
-                ll_i = selector[i];
-                j = 0;
-                tmp = pos[j];
-                while (ll_i != tmp) {
-                    j++;
-                    tmp2 = tmp;
-                    tmp = pos[j];
-                    pos[j] = tmp2;
-                }
-                pos[0] = tmp;
-                selectorMtf[i] = (char) j;
-            }
-        }
-
-        int[][] code = new int[N_GROUPS][MAX_ALPHA_SIZE];
-
-        /* Assign actual codes for the tables. */
-        for (t = 0; t < nGroups; t++) {
-            minLen = 32;
-            maxLen = 0;
-            for (i = 0; i < alphaSize; i++) {
-                if (len[t][i] > maxLen) {
-                    maxLen = len[t][i];
-                }
-                if (len[t][i] < minLen) {
-                    minLen = len[t][i];
-                }
-            }
-            if (maxLen > 20) {
-                panic();
-            }
-            if (minLen < 1) {
-                panic();
-            }
-            hbAssignCodes(code[t], len[t], minLen, maxLen, alphaSize);
-        }
-
-        /* Transmit the mapping table. */
-        {
-            boolean[] inUse16 = new boolean[16];
-            for (i = 0; i < 16; i++) {
-                inUse16[i] = false;
-                for (j = 0; j < 16; j++) {
-                    if (inUse[i * 16 + j]) {
-                        inUse16[i] = true;
-                    }
-                }
-            }
-
-//            nBytes = bytesOut;
-            for (i = 0; i < 16; i++) {
-                if (inUse16[i]) {
-                    bsW(1, 1);
-                } else {
-                    bsW(1, 0);
-                }
-            }
-
-            for (i = 0; i < 16; i++) {
-                if (inUse16[i]) {
-                    for (j = 0; j < 16; j++) {
-                        if (inUse[i * 16 + j]) {
-                            bsW(1, 1);
-                        } else {
-                            bsW(1, 0);
-                        }
-                    }
-                }
-            }
-
-        }
-
-        /* Now the selectors. */
-//        nBytes = bytesOut;
-        bsW (3, nGroups);
-        bsW (15, nSelectors);
-        for (i = 0; i < nSelectors; i++) {
-            for (j = 0; j < selectorMtf[i]; j++) {
-                bsW(1, 1);
-            }
-            bsW(1, 0);
-        }
-
-        /* Now the coding tables. */
-//        nBytes = bytesOut;
-
-        for (t = 0; t < nGroups; t++) {
-            int curr = len[t][0];
-            bsW(5, curr);
-            for (i = 0; i < alphaSize; i++) {
-                while (curr < len[t][i]) {
-                    bsW(2, 2);
-                    curr++; /* 10 */
-                }
-                while (curr > len[t][i]) {
-                    bsW(2, 3);
-                    curr--; /* 11 */
-                }
-                bsW (1, 0);
-            }
-        }
-
-        /* And finally, the block data proper */
-//        nBytes = bytesOut;
-        selCtr = 0;
-        gs = 0;
-        while (true) {
-            if (gs >= nMTF) {
-                break;
-            }
-            ge = gs + G_SIZE - 1;
-            if (ge >= nMTF) {
-                ge = nMTF - 1;
-            }
-            for (i = gs; i <= ge; i++) {
-                bsW(len[selector[selCtr]][szptr[i]],
-                    code[selector[selCtr]][szptr[i]]);
-            }
-
-            gs = ge + 1;
-            selCtr++;
-        }
-        if (!(selCtr == nSelectors)) {
-            panic();
-        }
-    }
-
-    private void moveToFrontCodeAndSend () throws IOException {
-        bsPutIntVS(24, origPtr);
-        generateMTFValues();
-        sendMTFValues();
-    }
-
-    private OutputStream bsStream;
-
-    private void simpleSort(int lo, int hi, int d) {
-        int i, j, h, bigN, hp;
-        int v;
-
-        bigN = hi - lo + 1;
-        if (bigN < 2) {
-            return;
-        }
-
-        hp = 0;
-        while (incs[hp] < bigN) {
-            hp++;
-        }
-        hp--;
-
-        for (; hp >= 0; hp--) {
-            h = incs[hp];
-
-            i = lo + h;
-            while (true) {
-                /* copy 1 */
-                if (i > hi) {
-                    break;
-                }
-                v = zptr[i];
-                j = i;
-                while (fullGtU(zptr[j - h] + d, v + d)) {
-                    zptr[j] = zptr[j - h];
-                    j = j - h;
-                    if (j <= (lo + h - 1)) {
-                        break;
-                    }
-                }
-                zptr[j] = v;
-                i++;
-
-                /* copy 2 */
-                if (i > hi) {
-                    break;
-                }
-                v = zptr[i];
-                j = i;
-                while (fullGtU(zptr[j - h] + d, v + d)) {
-                    zptr[j] = zptr[j - h];
-                    j = j - h;
-                    if (j <= (lo + h - 1)) {
-                        break;
-                    }
-                }
-                zptr[j] = v;
-                i++;
-
-                /* copy 3 */
-                if (i > hi) {
-                    break;
-                }
-                v = zptr[i];
-                j = i;
-                while (fullGtU(zptr[j - h] + d, v + d)) {
-                    zptr[j] = zptr[j - h];
-                    j = j - h;
-                    if (j <= (lo + h - 1)) {
-                        break;
-                    }
-                }
-                zptr[j] = v;
-                i++;
-
-                if (workDone > workLimit && firstAttempt) {
-                    return;
-                }
-            }
-        }
-    }
-
-    private void vswap(int p1, int p2, int n) {
-        int temp = 0;
-        while (n > 0) {
-            temp = zptr[p1];
-            zptr[p1] = zptr[p2];
-            zptr[p2] = temp;
-            p1++;
-            p2++;
-            n--;
-        }
-    }
-
-    private char med3(char a, char b, char c) {
-        char t;
-        if (a > b) {
-            t = a;
-            a = b;
-            b = t;
-        }
-        if (b > c) {
-            t = b;
-            b = c;
-            c = t;
-        }
-        if (a > b) {
-            b = a;
-        }
-        return b;
-    }
-
-    private static class StackElem {
-        int ll;
-        int hh;
-        int dd;
-    }
-
-    private void qSort3(int loSt, int hiSt, int dSt) {
-        int unLo, unHi, ltLo, gtHi, med, n, m;
-        int sp, lo, hi, d;
-        StackElem[] stack = new StackElem[QSORT_STACK_SIZE];
-        for (int count = 0; count < QSORT_STACK_SIZE; count++) {
-            stack[count] = new StackElem();
-        }
-
-        sp = 0;
-
-        stack[sp].ll = loSt;
-        stack[sp].hh = hiSt;
-        stack[sp].dd = dSt;
-        sp++;
-
-        while (sp > 0) {
-            if (sp >= QSORT_STACK_SIZE) {
-                panic();
-            }
-
-            sp--;
-            lo = stack[sp].ll;
-            hi = stack[sp].hh;
-            d = stack[sp].dd;
-
-            if (hi - lo < SMALL_THRESH || d > DEPTH_THRESH) {
-                simpleSort(lo, hi, d);
-                if (workDone > workLimit && firstAttempt) {
-                    return;
-                }
-                continue;
-            }
-
-            med = med3(block[zptr[lo] + d + 1],
-                       block[zptr[hi            ] + d  + 1],
-                       block[zptr[(lo + hi) >> 1] + d + 1]);
-
-            unLo = ltLo = lo;
-            unHi = gtHi = hi;
-
-            while (true) {
-                while (true) {
-                    if (unLo > unHi) {
-                        break;
-                    }
-                    n = ((int) block[zptr[unLo] + d + 1]) - med;
-                    if (n == 0) {
-                        int temp = 0;
-                        temp = zptr[unLo];
-                        zptr[unLo] = zptr[ltLo];
-                        zptr[ltLo] = temp;
-                        ltLo++;
-                        unLo++;
-                        continue;
-                    }
-                    if (n >  0) {
-                        break;
-                    }
-                    unLo++;
-                }
-                while (true) {
-                    if (unLo > unHi) {
-                        break;
-                    }
-                    n = ((int) block[zptr[unHi] + d + 1]) - med;
-                    if (n == 0) {
-                        int temp = 0;
-                        temp = zptr[unHi];
-                        zptr[unHi] = zptr[gtHi];
-                        zptr[gtHi] = temp;
-                        gtHi--;
-                        unHi--;
-                        continue;
-                    }
-                    if (n <  0) {
-                        break;
-                    }
-                    unHi--;
-                }
-                if (unLo > unHi) {
-                    break;
-                }
-                int temp = 0;
-                temp = zptr[unLo];
-                zptr[unLo] = zptr[unHi];
-                zptr[unHi] = temp;
-                unLo++;
-                unHi--;
-            }
-
-            if (gtHi < ltLo) {
-                stack[sp].ll = lo;
-                stack[sp].hh = hi;
-                stack[sp].dd = d + 1;
-                sp++;
-                continue;
-            }
-
-            n = ((ltLo - lo) < (unLo - ltLo)) ? (ltLo - lo) : (unLo - ltLo);
-            vswap(lo, unLo - n, n);
-            m = ((hi - gtHi) < (gtHi - unHi)) ? (hi - gtHi) : (gtHi - unHi);
-            vswap(unLo, hi - m + 1, m);
-
-            n = lo + unLo - ltLo - 1;
-            m = hi - (gtHi - unHi) + 1;
-
-            stack[sp].ll = lo;
-            stack[sp].hh = n;
-            stack[sp].dd = d;
-            sp++;
-
-            stack[sp].ll = n + 1;
-            stack[sp].hh = m - 1;
-            stack[sp].dd = d + 1;
-            sp++;
-
-            stack[sp].ll = m;
-            stack[sp].hh = hi;
-            stack[sp].dd = d;
-            sp++;
-        }
-    }
-
-    private void mainSort() {
-        int i, j, ss, sb;
-        int[] runningOrder = new int[256];
-        int[] copy = new int[256];
-        boolean[] bigDone = new boolean[256];
-        int c1, c2;
-        int numQSorted;
-
-        /*
-          In the various block-sized structures, live data runs
-          from 0 to last+NUM_OVERSHOOT_BYTES inclusive.  First,
-          set up the overshoot area for block.
-        */
-
-        //   if (verbosity >= 4) fprintf ( stderr, "   sort initialise ...\n" );
-        for (i = 0; i < NUM_OVERSHOOT_BYTES; i++) {
-            block[last + i + 2] = block[(i % (last + 1)) + 1];
-        }
-        for (i = 0; i <= last + NUM_OVERSHOOT_BYTES; i++) {
-            quadrant[i] = 0;
-        }
-
-        block[0] = (char) (block[last + 1]);
-
-        if (last < 4000) {
-            /*
-              Use simpleSort(), since the full sorting mechanism
-              has quite a large constant overhead.
-            */
-            for (i = 0; i <= last; i++) {
-                zptr[i] = i;
-            }
-            firstAttempt = false;
-            workDone = workLimit = 0;
-            simpleSort(0, last, 0);
-        } else {
-            numQSorted = 0;
-            for (i = 0; i <= 255; i++) {
-                bigDone[i] = false;
-            }
-
-            for (i = 0; i <= 65536; i++) {
-                ftab[i] = 0;
-            }
-
-            c1 = block[0];
-            for (i = 0; i <= last; i++) {
-                c2 = block[i + 1];
-                ftab[(c1 << 8) + c2]++;
-                c1 = c2;
-            }
-
-            for (i = 1; i <= 65536; i++) {
-                ftab[i] += ftab[i - 1];
-            }
-
-            c1 = block[1];
-            for (i = 0; i < last; i++) {
-                c2 = block[i + 2];
-                j = (c1 << 8) + c2;
-                c1 = c2;
-                ftab[j]--;
-                zptr[ftab[j]] = i;
-            }
-
-            j = ((block[last + 1]) << 8) + (block[1]);
-            ftab[j]--;
-            zptr[ftab[j]] = last;
-
-            /*
-              Now ftab contains the first loc of every small bucket.
-              Calculate the running order, from smallest to largest
-              big bucket.
-            */
-
-            for (i = 0; i <= 255; i++) {
-                runningOrder[i] = i;
-            }
-
-            {
-                int vv;
-                int h = 1;
-                do {
-                    h = 3 * h + 1;
-                }
-                while (h <= 256);
-                do {
-                    h = h / 3;
-                    for (i = h; i <= 255; i++) {
-                        vv = runningOrder[i];
-                        j = i;
-                        while ((ftab[((runningOrder[j - h]) + 1) << 8]
-                                - ftab[(runningOrder[j - h]) << 8]) >
-                               (ftab[((vv) + 1) << 8] - ftab[(vv) << 8])) {
-                            runningOrder[j] = runningOrder[j - h];
-                            j = j - h;
-                            if (j <= (h - 1)) {
-                                break;
-                            }
-                        }
-                        runningOrder[j] = vv;
-                    }
-                } while (h != 1);
-            }
-
-            /*
-              The main sorting loop.
-            */
-            for (i = 0; i <= 255; i++) {
-
-                /*
-                  Process big buckets, starting with the least full.
-                */
-                ss = runningOrder[i];
-
-                /*
-                  Complete the big bucket [ss] by quicksorting
-                  any unsorted small buckets [ss, j].  Hopefully
-                  previous pointer-scanning phases have already
-                  completed many of the small buckets [ss, j], so
-                  we don't have to sort them at all.
-                */
-                for (j = 0; j <= 255; j++) {
-                    sb = (ss << 8) + j;
-                    if (!((ftab[sb] & SETMASK) == SETMASK)) {
-                        int lo = ftab[sb] & CLEARMASK;
-                        int hi = (ftab[sb + 1] & CLEARMASK) - 1;
-                        if (hi > lo) {
-                            qSort3(lo, hi, 2);
-                            numQSorted += (hi - lo + 1);
-                            if (workDone > workLimit && firstAttempt) {
-                                return;
-                            }
-                        }
-                        ftab[sb] |= SETMASK;
-                    }
-                }
-
-                /*
-                  The ss big bucket is now done.  Record this fact,
-                  and update the quadrant descriptors.  Remember to
-                  update quadrants in the overshoot area too, if
-                  necessary.  The "if (i < 255)" test merely skips
-                  this updating for the last bucket processed, since
-                  updating for the last bucket is pointless.
-                */
-                bigDone[ss] = true;
-
-                if (i < 255) {
-                    int bbStart  = ftab[ss << 8] & CLEARMASK;
-                    int bbSize   = (ftab[(ss + 1) << 8] & CLEARMASK) - bbStart;
-                    int shifts   = 0;
-
-                    while ((bbSize >> shifts) > 65534) {
-                        shifts++;
-                    }
-
-                    for (j = 0; j < bbSize; j++) {
-                        int a2update = zptr[bbStart + j];
-                        int qVal = (j >> shifts);
-                        quadrant[a2update] = qVal;
-                        if (a2update < NUM_OVERSHOOT_BYTES) {
-                            quadrant[a2update + last + 1] = qVal;
-                        }
-                    }
-
-                    if (!(((bbSize - 1) >> shifts) <= 65535)) {
-                        panic();
-                    }
-                }
-
-                /*
-                  Now scan this big bucket so as to synthesise the
-                  sorted order for small buckets [t, ss] for all t != ss.
-                */
-                for (j = 0; j <= 255; j++) {
-                    copy[j] = ftab[(j << 8) + ss] & CLEARMASK;
-                }
-
-                for (j = ftab[ss << 8] & CLEARMASK;
-                     j < (ftab[(ss + 1) << 8] & CLEARMASK); j++) {
-                    c1 = block[zptr[j]];
-                    if (!bigDone[c1]) {
-                        zptr[copy[c1]] = zptr[j] == 0 ? last : zptr[j] - 1;
-                        copy[c1]++;
-                    }
-                }
-
-                for (j = 0; j <= 255; j++) {
-                    ftab[(j << 8) + ss] |= SETMASK;
-                }
-            }
-        }
-    }
-
-    private void randomiseBlock() {
-        int i;
-        int rNToGo = 0;
-        int rTPos  = 0;
-        for (i = 0; i < 256; i++) {
-            inUse[i] = false;
-        }
-
-        for (i = 0; i <= last; i++) {
-            if (rNToGo == 0) {
-                rNToGo = (char) rNums[rTPos];
-                rTPos++;
-                if (rTPos == 512) {
-                    rTPos = 0;
-                }
-            }
-            rNToGo--;
-            block[i + 1] ^= ((rNToGo == 1) ? 1 : 0);
-            // handle 16 bit signed numbers
-            block[i + 1] &= 0xFF;
-
-            inUse[block[i + 1]] = true;
-        }
-    }
-
-    private void doReversibleTransformation() {
-        int i;
-
-        workLimit = workFactor * last;
-        workDone = 0;
-        blockRandomised = false;
-        firstAttempt = true;
-
-        mainSort();
-
-        if (workDone > workLimit && firstAttempt) {
-            randomiseBlock();
-            workLimit = workDone = 0;
-            blockRandomised = true;
-            firstAttempt = false;
-            mainSort();
-        }
-
-        origPtr = -1;
-        for (i = 0; i <= last; i++) {
-            if (zptr[i] == 0) {
-                origPtr = i;
-                break;
-            }
-        }
-
-        if (origPtr == -1) {
-            panic();
-        }
-    }
-
-    private boolean fullGtU(int i1, int i2) {
-        int k;
-        char c1, c2;
-        int s1, s2;
-
-        c1 = block[i1 + 1];
-        c2 = block[i2 + 1];
-        if (c1 != c2) {
-            return (c1 > c2);
-        }
-        i1++;
-        i2++;
-
-        c1 = block[i1 + 1];
-        c2 = block[i2 + 1];
-        if (c1 != c2) {
-            return (c1 > c2);
-        }
-        i1++;
-        i2++;
-
-        c1 = block[i1 + 1];
-        c2 = block[i2 + 1];
-        if (c1 != c2) {
-            return (c1 > c2);
-        }
-        i1++;
-        i2++;
-
-        c1 = block[i1 + 1];
-        c2 = block[i2 + 1];
-        if (c1 != c2) {
-            return (c1 > c2);
-        }
-        i1++;
-        i2++;
-
-        c1 = block[i1 + 1];
-        c2 = block[i2 + 1];
-        if (c1 != c2) {
-            return (c1 > c2);
-        }
-        i1++;
-        i2++;
-
-        c1 = block[i1 + 1];
-        c2 = block[i2 + 1];
-        if (c1 != c2) {
-            return (c1 > c2);
-        }
-        i1++;
-        i2++;
-
-        k = last + 1;
-
-        do {
-            c1 = block[i1 + 1];
-            c2 = block[i2 + 1];
-            if (c1 != c2) {
-                return (c1 > c2);
-            }
-            s1 = quadrant[i1];
-            s2 = quadrant[i2];
-            if (s1 != s2) {
-                return (s1 > s2);
-            }
-            i1++;
-            i2++;
-
-            c1 = block[i1 + 1];
-            c2 = block[i2 + 1];
-            if (c1 != c2) {
-                return (c1 > c2);
-            }
-            s1 = quadrant[i1];
-            s2 = quadrant[i2];
-            if (s1 != s2) {
-                return (s1 > s2);
-            }
-            i1++;
-            i2++;
-
-            c1 = block[i1 + 1];
-            c2 = block[i2 + 1];
-            if (c1 != c2) {
-                return (c1 > c2);
-            }
-            s1 = quadrant[i1];
-            s2 = quadrant[i2];
-            if (s1 != s2) {
-                return (s1 > s2);
-            }
-            i1++;
-            i2++;
-
-            c1 = block[i1 + 1];
-            c2 = block[i2 + 1];
-            if (c1 != c2) {
-                return (c1 > c2);
-            }
-            s1 = quadrant[i1];
-            s2 = quadrant[i2];
-            if (s1 != s2) {
-                return (s1 > s2);
-            }
-            i1++;
-            i2++;
-
-            if (i1 > last) {
-                i1 -= last;
-                i1--;
-            }
-            if (i2 > last) {
-                i2 -= last;
-                i2--;
-            }
-
-            k -= 4;
-            workDone++;
-        } while (k >= 0);
-
-        return false;
-    }
-
-    /*
-      Knuth's increments seem to work better
-      than Incerpi-Sedgewick here.  Possibly
-      because the number of elems to sort is
-      usually small, typically <= 20.
-    */
-    private int[] incs = { 1, 4, 13, 40, 121, 364, 1093, 3280,
-                           9841, 29524, 88573, 265720,
-                           797161, 2391484 };
-
-    private void allocateCompressStructures () {
-        int n = baseBlockSize * blockSize100k;
-        block = new char[(n + 1 + NUM_OVERSHOOT_BYTES)];
-        quadrant = new int[(n + NUM_OVERSHOOT_BYTES)];
-        zptr = new int[n];
-        ftab = new int[65537];
-
-        if (block == null || quadrant == null || zptr == null
-            || ftab == null) {
-            //int totalDraw = (n + 1 + NUM_OVERSHOOT_BYTES) + (n + NUM_OVERSHOOT_BYTES) + n + 65537;
-            //compressOutOfMemory ( totalDraw, n );
-        }
-
-        /*
-          The back end needs a place to store the MTF values
-          whilst it calculates the coding tables.  We could
-          put them in the zptr array.  However, these values
-          will fit in a short, so we overlay szptr at the
-          start of zptr, in the hope of reducing the number
-          of cache misses induced by the multiple traversals
-          of the MTF values when calculating coding tables.
-          Seems to improve compression speed by about 1%.
-        */
-        //    szptr = zptr;
-
-
-        szptr = new short[2 * n];
-    }
-
-    private void generateMTFValues() {
-        char[] yy = new char[256];
-        int  i, j;
-        char tmp;
-        char tmp2;
-        int zPend;
-        int wr;
-        int EOB;
-
-        makeMaps();
-        EOB = nInUse + 1;
-
-        for (i = 0; i <= EOB; i++) {
-            mtfFreq[i] = 0;
-        }
-
-        wr = 0;
-        zPend = 0;
-        for (i = 0; i < nInUse; i++) {
-            yy[i] = (char) i;
-        }
-
-
-        for (i = 0; i <= last; i++) {
-            char ll_i;
-
-            ll_i = unseqToSeq[block[zptr[i]]];
-
-            j = 0;
-            tmp = yy[j];
-            while (ll_i != tmp) {
-                j++;
-                tmp2 = tmp;
-                tmp = yy[j];
-                yy[j] = tmp2;
-            }
-            yy[0] = tmp;
-
-            if (j == 0) {
-                zPend++;
-            } else {
-                if (zPend > 0) {
-                    zPend--;
-                    while (true) {
-                        switch (zPend % 2) {
-                        case 0:
-                            szptr[wr] = (short) RUNA;
-                            wr++;
-                            mtfFreq[RUNA]++;
-                            break;
-                        case 1:
-                            szptr[wr] = (short) RUNB;
-                            wr++;
-                            mtfFreq[RUNB]++;
-                            break;
-                        }
-                        if (zPend < 2) {
-                            break;
-                        }
-                        zPend = (zPend - 2) / 2;
-                    }
-                    zPend = 0;
-                }
-                szptr[wr] = (short) (j + 1);
-                wr++;
-                mtfFreq[j + 1]++;
-            }
-        }
-
-        if (zPend > 0) {
-            zPend--;
-            while (true) {
-                switch (zPend % 2) {
-                case 0:
-                    szptr[wr] = (short) RUNA;
-                    wr++;
-                    mtfFreq[RUNA]++;
-                    break;
-                case 1:
-                    szptr[wr] = (short) RUNB;
-                    wr++;
-                    mtfFreq[RUNB]++;
-                    break;
-                }
-                if (zPend < 2) {
-                    break;
-                }
-                zPend = (zPend - 2) / 2;
-            }
-        }
-
-        szptr[wr] = (short) EOB;
-        wr++;
-        mtfFreq[EOB]++;
-
-        nMTF = wr;
-    }
-}
-
-
diff --git a/bcprov/src/main/java/org/bouncycastle/apache/bzip2/CRC.java b/bcprov/src/main/java/org/bouncycastle/apache/bzip2/CRC.java
deleted file mode 100644
index ce03d28..0000000
--- a/bcprov/src/main/java/org/bouncycastle/apache/bzip2/CRC.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-/*
- * This package is based on the work done by Keiron Liddle, Aftex Software
- * <keiron@aftexsw.com> to whom the Ant project is very grateful for his
- * great code.
- */
-
-package org.bouncycastle.apache.bzip2;
-
-/**
- * A simple class the hold and calculate the CRC for sanity checking
- * of the data.
- *
- * @author <a href="mailto:keiron@aftexsw.com">Keiron Liddle</a>
- */
-class CRC {
-    public static int crc32Table[] = {
-        0x00000000, 0x04c11db7, 0x09823b6e, 0x0d4326d9,
-        0x130476dc, 0x17c56b6b, 0x1a864db2, 0x1e475005,
-        0x2608edb8, 0x22c9f00f, 0x2f8ad6d6, 0x2b4bcb61,
-        0x350c9b64, 0x31cd86d3, 0x3c8ea00a, 0x384fbdbd,
-        0x4c11db70, 0x48d0c6c7, 0x4593e01e, 0x4152fda9,
-        0x5f15adac, 0x5bd4b01b, 0x569796c2, 0x52568b75,
-        0x6a1936c8, 0x6ed82b7f, 0x639b0da6, 0x675a1011,
-        0x791d4014, 0x7ddc5da3, 0x709f7b7a, 0x745e66cd,
-        0x9823b6e0, 0x9ce2ab57, 0x91a18d8e, 0x95609039,
-        0x8b27c03c, 0x8fe6dd8b, 0x82a5fb52, 0x8664e6e5,
-        0xbe2b5b58, 0xbaea46ef, 0xb7a96036, 0xb3687d81,
-        0xad2f2d84, 0xa9ee3033, 0xa4ad16ea, 0xa06c0b5d,
-        0xd4326d90, 0xd0f37027, 0xddb056fe, 0xd9714b49,
-        0xc7361b4c, 0xc3f706fb, 0xceb42022, 0xca753d95,
-        0xf23a8028, 0xf6fb9d9f, 0xfbb8bb46, 0xff79a6f1,
-        0xe13ef6f4, 0xe5ffeb43, 0xe8bccd9a, 0xec7dd02d,
-        0x34867077, 0x30476dc0, 0x3d044b19, 0x39c556ae,
-        0x278206ab, 0x23431b1c, 0x2e003dc5, 0x2ac12072,
-        0x128e9dcf, 0x164f8078, 0x1b0ca6a1, 0x1fcdbb16,
-        0x018aeb13, 0x054bf6a4, 0x0808d07d, 0x0cc9cdca,
-        0x7897ab07, 0x7c56b6b0, 0x71159069, 0x75d48dde,
-        0x6b93dddb, 0x6f52c06c, 0x6211e6b5, 0x66d0fb02,
-        0x5e9f46bf, 0x5a5e5b08, 0x571d7dd1, 0x53dc6066,
-        0x4d9b3063, 0x495a2dd4, 0x44190b0d, 0x40d816ba,
-        0xaca5c697, 0xa864db20, 0xa527fdf9, 0xa1e6e04e,
-        0xbfa1b04b, 0xbb60adfc, 0xb6238b25, 0xb2e29692,
-        0x8aad2b2f, 0x8e6c3698, 0x832f1041, 0x87ee0df6,
-        0x99a95df3, 0x9d684044, 0x902b669d, 0x94ea7b2a,
-        0xe0b41de7, 0xe4750050, 0xe9362689, 0xedf73b3e,
-        0xf3b06b3b, 0xf771768c, 0xfa325055, 0xfef34de2,
-        0xc6bcf05f, 0xc27dede8, 0xcf3ecb31, 0xcbffd686,
-        0xd5b88683, 0xd1799b34, 0xdc3abded, 0xd8fba05a,
-        0x690ce0ee, 0x6dcdfd59, 0x608edb80, 0x644fc637,
-        0x7a089632, 0x7ec98b85, 0x738aad5c, 0x774bb0eb,
-        0x4f040d56, 0x4bc510e1, 0x46863638, 0x42472b8f,
-        0x5c007b8a, 0x58c1663d, 0x558240e4, 0x51435d53,
-        0x251d3b9e, 0x21dc2629, 0x2c9f00f0, 0x285e1d47,
-        0x36194d42, 0x32d850f5, 0x3f9b762c, 0x3b5a6b9b,
-        0x0315d626, 0x07d4cb91, 0x0a97ed48, 0x0e56f0ff,
-        0x1011a0fa, 0x14d0bd4d, 0x19939b94, 0x1d528623,
-        0xf12f560e, 0xf5ee4bb9, 0xf8ad6d60, 0xfc6c70d7,
-        0xe22b20d2, 0xe6ea3d65, 0xeba91bbc, 0xef68060b,
-        0xd727bbb6, 0xd3e6a601, 0xdea580d8, 0xda649d6f,
-        0xc423cd6a, 0xc0e2d0dd, 0xcda1f604, 0xc960ebb3,
-        0xbd3e8d7e, 0xb9ff90c9, 0xb4bcb610, 0xb07daba7,
-        0xae3afba2, 0xaafbe615, 0xa7b8c0cc, 0xa379dd7b,
-        0x9b3660c6, 0x9ff77d71, 0x92b45ba8, 0x9675461f,
-        0x8832161a, 0x8cf30bad, 0x81b02d74, 0x857130c3,
-        0x5d8a9099, 0x594b8d2e, 0x5408abf7, 0x50c9b640,
-        0x4e8ee645, 0x4a4ffbf2, 0x470cdd2b, 0x43cdc09c,
-        0x7b827d21, 0x7f436096, 0x7200464f, 0x76c15bf8,
-        0x68860bfd, 0x6c47164a, 0x61043093, 0x65c52d24,
-        0x119b4be9, 0x155a565e, 0x18197087, 0x1cd86d30,
-        0x029f3d35, 0x065e2082, 0x0b1d065b, 0x0fdc1bec,
-        0x3793a651, 0x3352bbe6, 0x3e119d3f, 0x3ad08088,
-        0x2497d08d, 0x2056cd3a, 0x2d15ebe3, 0x29d4f654,
-        0xc5a92679, 0xc1683bce, 0xcc2b1d17, 0xc8ea00a0,
-        0xd6ad50a5, 0xd26c4d12, 0xdf2f6bcb, 0xdbee767c,
-        0xe3a1cbc1, 0xe760d676, 0xea23f0af, 0xeee2ed18,
-        0xf0a5bd1d, 0xf464a0aa, 0xf9278673, 0xfde69bc4,
-        0x89b8fd09, 0x8d79e0be, 0x803ac667, 0x84fbdbd0,
-        0x9abc8bd5, 0x9e7d9662, 0x933eb0bb, 0x97ffad0c,
-        0xafb010b1, 0xab710d06, 0xa6322bdf, 0xa2f33668,
-        0xbcb4666d, 0xb8757bda, 0xb5365d03, 0xb1f740b4
-    };
-
-    public CRC() {
-        initialiseCRC();
-    }
-
-    void initialiseCRC() {
-        globalCrc = 0xffffffff;
-    }
-
-    int getFinalCRC() {
-        return ~globalCrc;
-    }
-
-    int getGlobalCRC() {
-        return globalCrc;
-    }
-
-    void setGlobalCRC(int newCrc) {
-        globalCrc = newCrc;
-    }
-
-    void updateCRC(int inCh) {
-        int temp = (globalCrc >> 24) ^ inCh;
-        if (temp < 0) {
-            temp = 256 + temp;
-        }
-        globalCrc = (globalCrc << 8) ^ CRC.crc32Table[temp];
-    }
-
-    int globalCrc;
-}
-
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java
index d7216a6..8816b2b 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java
@@ -2,9 +2,18 @@ package org.bouncycastle.asn1;
 
 import java.io.IOException;
 
+/**
+ * Interface to parse ASN.1 application specific objects.
+ */
 public interface ASN1ApplicationSpecificParser
     extends ASN1Encodable, InMemoryRepresentable
 {
+    /**
+     * Read the next object in the parser.
+     *
+     * @return an ASN1Encodable
+     * @throws IOException on a parsing or decoding error.
+     */
     ASN1Encodable readObject()
         throws IOException;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
index 1360e8b..ace3110 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
@@ -1,15 +1,204 @@
 package org.bouncycastle.asn1;
 
+import java.io.IOException;
+
+import org.bouncycastle.util.Arrays;
+
+/**
+ * Public facade of ASN.1 Boolean data.
+ * <p>
+ * Use following to place a new instance of ASN.1 Boolean in your dataset:
+ * </p>
+ * <ul>
+ * <li> ASN1Boolean.TRUE literal</li>
+ * <li> ASN1Boolean.FALSE literal</li>
+ * <li> {@link ASN1Boolean#getInstance(boolean) ASN1Boolean.getInstance(boolean)}</li>
+ * <li> {@link ASN1Boolean#getInstance(int) ASN1Boolean.getInstance(int)}</li>
+ * </ul>
+ * </p>
+ */
 public class ASN1Boolean
-    extends DERBoolean
+    extends ASN1Primitive
 {
-    public ASN1Boolean(boolean value)
+    private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff };
+    private static final byte[] FALSE_VALUE = new byte[] { 0 };
+
+    private byte[]         value;
+
+    public static final ASN1Boolean FALSE = new ASN1Boolean(false);
+    public static final ASN1Boolean TRUE  = new ASN1Boolean(true);
+
+    /**
+     * return a boolean from the passed in object.
+     *
+     * @param obj an ASN1Boolean or an object that can be converted into one.
+     * @exception IllegalArgumentException if the object cannot be converted.
+     * @return an ASN1Boolean instance.
+     */
+    public static ASN1Boolean getInstance(
+        Object  obj)
+    {
+        if (obj == null || obj instanceof ASN1Boolean)
+        {
+            return (ASN1Boolean)obj;
+        }
+
+        if (obj instanceof byte[])
+        {
+            byte[] enc = (byte[])obj;
+            try
+            {
+                return (ASN1Boolean)fromByteArray(enc);
+            }
+            catch (IOException e)
+            {
+                throw new IllegalArgumentException("failed to construct boolean from byte[]: " + e.getMessage());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+    }
+
+    /**
+     * return an ASN1Boolean from the passed in boolean.
+     * @return an ASN1Boolean instance.
+     */
+    public static ASN1Boolean getInstance(
+        boolean  value)
+    {
+        return (value ? TRUE : FALSE);
+    }
+
+    /**
+     * return an ASN1Boolean from the passed in value.
+     * @return an ASN1Boolean instance.
+     */
+    public static ASN1Boolean getInstance(
+        int value)
+    {
+        return (value != 0 ? TRUE : FALSE);
+    }
+
+    /**
+     * return a Boolean from a tagged object.
+     *
+     * @param obj the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *              tagged false otherwise.
+     * @exception IllegalArgumentException if the tagged object cannot
+     *               be converted.
+     * @return an ASN1Boolean instance.
+     */
+    public static ASN1Boolean getInstance(
+        ASN1TaggedObject obj,
+        boolean          explicit)
+    {
+        ASN1Primitive o = obj.getObject();
+
+        if (explicit || o instanceof ASN1Boolean)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return ASN1Boolean.fromOctetString(((ASN1OctetString)o).getOctets());
+        }
+    }
+
+    ASN1Boolean(
+        byte[] value)
+    {
+        if (value.length != 1)
+        {
+            throw new IllegalArgumentException("byte value should have 1 byte in it");
+        }
+
+        if (value[0] == 0)
+        {
+            this.value = FALSE_VALUE;
+        }
+        else if ((value[0] & 0xff) == 0xff)
+        {
+            this.value = TRUE_VALUE;
+        }
+        else
+        {
+            this.value = Arrays.clone(value);
+        }
+    }
+
+    /**
+     * @deprecated use getInstance(boolean) method.
+     * @param value true or false.
+     */
+    public ASN1Boolean(
+        boolean     value)
     {
-        super(value);
+        this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
     }
 
-    ASN1Boolean(byte[] value)
+    public boolean isTrue()
     {
-        super(value);
+        return (value[0] != 0);
+    }
+
+    boolean isConstructed()
+    {
+        return false;
+    }
+
+    int encodedLength()
+    {
+        return 3;
+    }
+
+    void encode(
+        ASN1OutputStream out)
+        throws IOException
+    {
+        out.writeEncoded(BERTags.BOOLEAN, value);
+    }
+
+    protected boolean asn1Equals(
+        ASN1Primitive  o)
+    {
+        if (o instanceof ASN1Boolean)
+        {
+            return (value[0] == ((ASN1Boolean)o).value[0]);
+        }
+
+        return false;
+    }
+
+    public int hashCode()
+    {
+        return value[0];
+    }
+
+
+    public String toString()
+    {
+      return (value[0] != 0) ? "TRUE" : "FALSE";
+    }
+
+    static ASN1Boolean fromOctetString(byte[] value)
+    {
+        if (value.length != 1)
+        {
+            throw new IllegalArgumentException("BOOLEAN value should have 1 byte in it");
+        }
+
+        if (value[0] == 0)
+        {
+            return FALSE;
+        }
+        else if ((value[0] & 0xff) == 0xff)
+        {
+            return TRUE;
+        }
+        else
+        {
+            return new ASN1Boolean(value);
+        }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Choice.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Choice.java
index 603131d..8a6714f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Choice.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Choice.java
@@ -5,8 +5,22 @@ package org.bouncycastle.asn1;
  * own object any attempt to tag the object implicitly will convert the tag to
  * an explicit one as the encoding rules require.
  * <p>
- * If you use this interface your class should also implement the getInstance
- * pattern which takes a tag object and the tagging mode used. 
+ * If you use this interface your class should also implement the getInstance()
+ * pattern which takes a tag object and the tagging mode used.
+ * <p>
+ * <hr>
+ * <p><b>X.690</b></p>
+ * <p><b>8: Basic encoding rules</b></p>
+ * <p><b>8.13 Encoding of a choice value </b></p>
+ * <p>
+ * The encoding of a choice value shall be the same as the encoding of a value of the chosen type.
+ * <blockquote>
+ * NOTE 1 &mdash; The encoding may be primitive or constructed depending on the chosen type.
+ * <p>
+ * NOTE 2 &mdash; The tag used in the identifier octets is the tag of the chosen type,
+ * as specified in the ASN.1 definition of the choice type.
+ * </blockquote>
+ * </p>
  */
 public interface ASN1Choice
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java
index f5738bf..aa8825c 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java
@@ -1,6 +1,13 @@
 package org.bouncycastle.asn1;
 
+/**
+ * Basic interface to produce serialisers for ASN.1 encodings.
+ */
 public interface ASN1Encodable
 {
+    /**
+     * Return an object, possibly constructed, of ASN.1 primitives
+     * @return an ASN.1 primitive.
+     */
     ASN1Primitive toASN1Primitive();
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java
index 2819a8d..530da52 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java
@@ -3,19 +3,35 @@ package org.bouncycastle.asn1;
 import java.util.Enumeration;
 import java.util.Vector;
 
+/**
+ * Mutable class for building ASN.1 constructed objects.
+ */
 public class ASN1EncodableVector
 {
     Vector v = new Vector();
 
+    /**
+     * Base constructor.
+     */
     public ASN1EncodableVector()
     {
     }
 
+    /**
+     * Add an encodable to the vector.
+     *
+     * @param obj the encodable to add.
+     */
     public void add(ASN1Encodable obj)
     {
         v.addElement(obj);
     }
 
+    /**
+     * Add the contents of another vector.
+     *
+     * @param other the vector to add.
+     */
     public void addAll(ASN1EncodableVector other)
     {
         for (Enumeration en = other.v.elements(); en.hasMoreElements();)
@@ -24,11 +40,22 @@ public class ASN1EncodableVector
         }
     }
 
+    /**
+     * Return the object at position i in this vector.
+     *
+     * @param i the index of the object of interest.
+     * @return the object at position i.
+     */
     public ASN1Encodable get(int i)
     {
         return (ASN1Encodable)v.elementAt(i);
     }
 
+    /**
+     * Return the size of the vector.
+     *
+     * @return the object count in the vector.
+     */
     public int size()
     {
         return v.size();
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Encoding.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Encoding.java
index 821d3b9..94a8842 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Encoding.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Encoding.java
@@ -1,8 +1,22 @@
 package org.bouncycastle.asn1;
 
+/**
+ * Supported encoding formats.
+ */
 public interface ASN1Encoding
 {
+    /**
+     * DER - distinguished encoding rules.
+     */
     static final String DER = "DER";
+
+    /**
+     * DL - definite length encoding.
+     */
     static final String DL = "DL";
+
+    /**
+     * BER - basic encoding rules.
+     */
     static final String BER = "BER";
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
index d93fd91..d6fd2e2 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
@@ -1,22 +1,174 @@
 package org.bouncycastle.asn1;
 
+import java.io.IOException;
 import java.math.BigInteger;
 
+import org.bouncycastle.util.Arrays;
+
+/**
+ * Class representing the ASN.1 ENUMERATED type.
+ */
 public class ASN1Enumerated
-    extends DEREnumerated
+    extends ASN1Primitive
 {
-    ASN1Enumerated(byte[] bytes)
+    byte[]      bytes;
+
+    /**
+     * return an enumerated from the passed in object
+     *
+     * @param obj an ASN1Enumerated or an object that can be converted into one.
+     * @exception IllegalArgumentException if the object cannot be converted.
+     * @return an ASN1Enumerated instance, or null.
+     */
+    public static ASN1Enumerated getInstance(
+        Object  obj)
+    {
+        if (obj == null || obj instanceof ASN1Enumerated)
+        {
+            return (ASN1Enumerated)obj;
+        }
+
+        if (obj instanceof byte[])
+        {
+            try
+            {
+                return (ASN1Enumerated)fromByteArray((byte[])obj);
+            }
+            catch (Exception e)
+            {
+                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+    }
+
+    /**
+     * return an Enumerated from a tagged object.
+     *
+     * @param obj the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *              tagged false otherwise.
+     * @exception IllegalArgumentException if the tagged object cannot
+     *               be converted.
+     * @return an ASN1Enumerated instance, or null.
+     */
+    public static ASN1Enumerated getInstance(
+        ASN1TaggedObject obj,
+        boolean          explicit)
+    {
+        ASN1Primitive o = obj.getObject();
+
+        if (explicit || o instanceof ASN1Enumerated)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return fromOctetString(((ASN1OctetString)o).getOctets());
+        }
+    }
+
+    /**
+     * Constructor from int.
+     *
+     * @param value the value of this enumerated.
+     */
+    public ASN1Enumerated(
+        int         value)
+    {
+        bytes = BigInteger.valueOf(value).toByteArray();
+    }
+
+    /**
+     * Constructor from BigInteger
+     *
+     * @param value the value of this enumerated.
+     */
+    public ASN1Enumerated(
+        BigInteger   value)
+    {
+        bytes = value.toByteArray();
+    }
+
+    /**
+     * Constructor from encoded BigInteger.
+     *
+     * @param bytes the value of this enumerated as an encoded BigInteger (signed).
+     */
+    public ASN1Enumerated(
+        byte[]   bytes)
+    {
+        this.bytes = bytes;
+    }
+
+    public BigInteger getValue()
     {
-        super(bytes);
+        return new BigInteger(bytes);
     }
 
-    public ASN1Enumerated(BigInteger value)
+    boolean isConstructed()
     {
-        super(value);
+        return false;
     }
 
-    public ASN1Enumerated(int value)
+    int encodedLength()
     {
-        super(value);
+        return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length;
+    }
+
+    void encode(
+        ASN1OutputStream out)
+        throws IOException
+    {
+        out.writeEncoded(BERTags.ENUMERATED, bytes);
+    }
+    
+    boolean asn1Equals(
+        ASN1Primitive  o)
+    {
+        if (!(o instanceof ASN1Enumerated))
+        {
+            return false;
+        }
+
+        ASN1Enumerated other = (ASN1Enumerated)o;
+
+        return Arrays.areEqual(this.bytes, other.bytes);
+    }
+
+    public int hashCode()
+    {
+        return Arrays.hashCode(bytes);
+    }
+
+    private static ASN1Enumerated[] cache = new ASN1Enumerated[12];
+
+    static ASN1Enumerated fromOctetString(byte[] enc)
+    {
+        if (enc.length > 1)
+        {
+            return new ASN1Enumerated(Arrays.clone(enc));
+        }
+
+        if (enc.length == 0)
+        {
+            throw new IllegalArgumentException("ENUMERATED has zero length");
+        }
+        int value = enc[0] & 0xff;
+
+        if (value >= cache.length)
+        {
+            return new ASN1Enumerated(Arrays.clone(enc));
+        }
+
+        ASN1Enumerated possibleMatch = cache[value];
+
+        if (possibleMatch == null)
+        {
+            possibleMatch = cache[value] = new ASN1Enumerated(Arrays.clone(enc));
+        }
+
+        return possibleMatch;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
index 0088a53..bbe5ae1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
@@ -1,22 +1,374 @@
 package org.bouncycastle.asn1;
 
+import java.io.IOException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.Locale;
+import java.util.SimpleTimeZone;
+import java.util.TimeZone;
 
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Strings;
+
+/**
+ * Base class representing the ASN.1 GeneralizedTime type.
+ * <p>
+ * The main difference between these and UTC time is a 4 digit year.
+ * </p>
+ */
 public class ASN1GeneralizedTime
-    extends DERGeneralizedTime
+    extends ASN1Primitive
 {
-    ASN1GeneralizedTime(byte[] bytes)
+    private byte[] time;
+
+    /**
+     * return a generalized time from the passed in object
+     *
+     * @param obj an ASN1GeneralizedTime or an object that can be converted into one.
+     * @return an ASN1GeneralizedTime instance, or null.
+     * @throws IllegalArgumentException if the object cannot be converted.
+     */
+    public static ASN1GeneralizedTime getInstance(
+        Object obj)
+    {
+        if (obj == null || obj instanceof ASN1GeneralizedTime)
+        {
+            return (ASN1GeneralizedTime)obj;
+        }
+
+        if (obj instanceof byte[])
+        {
+            try
+            {
+                return (ASN1GeneralizedTime)fromByteArray((byte[])obj);
+            }
+            catch (Exception e)
+            {
+                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+    }
+
+    /**
+     * return a Generalized Time object from a tagged object.
+     *
+     * @param obj      the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *                 tagged false otherwise.
+     * @return an ASN1GeneralizedTime instance.
+     * @throws IllegalArgumentException if the tagged object cannot
+     * be converted.
+     */
+    public static ASN1GeneralizedTime getInstance(
+        ASN1TaggedObject obj,
+        boolean explicit)
+    {
+        ASN1Primitive o = obj.getObject();
+
+        if (explicit || o instanceof ASN1GeneralizedTime)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new ASN1GeneralizedTime(((ASN1OctetString)o).getOctets());
+        }
+    }
+
+    /**
+     * The correct format for this is YYYYMMDDHHMMSS[.f]Z, or without the Z
+     * for local time, or Z+-HHMM on the end, for difference between local
+     * time and UTC time. The fractional second amount f must consist of at
+     * least one number with trailing zeroes removed.
+     *
+     * @param time the time string.
+     * @throws IllegalArgumentException if String is an illegal format.
+     */
+    public ASN1GeneralizedTime(
+        String time)
+    {
+        this.time = Strings.toByteArray(time);
+        try
+        {
+            this.getDate();
+        }
+        catch (ParseException e)
+        {
+            throw new IllegalArgumentException("invalid date string: " + e.getMessage());
+        }
+    }
+
+    /**
+     * Base constructor from a java.util.date object
+     *
+     * @param time a date object representing the time of interest.
+     */
+    public ASN1GeneralizedTime(
+        Date time)
+    {
+        SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+
+        dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+
+        this.time = Strings.toByteArray(dateF.format(time));
+    }
+
+    /**
+     * Base constructor from a java.util.date and Locale - you may need to use this if the default locale
+     * doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible with other ASN.1 implementations.
+     *
+     * @param time a date object representing the time of interest.
+     * @param locale an appropriate Locale for producing an ASN.1 GeneralizedTime value.
+     */
+    public ASN1GeneralizedTime(
+        Date time,
+        Locale locale)
+    {
+        SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", locale);
+
+        dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+
+        this.time = Strings.toByteArray(dateF.format(time));
+    }
+
+    ASN1GeneralizedTime(
+        byte[] bytes)
+    {
+        this.time = bytes;
+    }
+
+    /**
+     * Return the time.
+     *
+     * @return The time string as it appeared in the encoded object.
+     */
+    public String getTimeString()
+    {
+        return Strings.fromByteArray(time);
+    }
+
+    /**
+     * return the time - always in the form of
+     * YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm).
+     * <p>
+     * Normally in a certificate we would expect "Z" rather than "GMT",
+     * however adding the "GMT" means we can just use:
+     * <pre>
+     *     dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+     * </pre>
+     * To read in the time and get a date which is compatible with our local
+     * time zone.
+     * </p>
+     */
+    public String getTime()
+    {
+        String stime = Strings.fromByteArray(time);
+
+        //
+        // standardise the format.
+        //
+        if (stime.charAt(stime.length() - 1) == 'Z')
+        {
+            return stime.substring(0, stime.length() - 1) + "GMT+00:00";
+        }
+        else
+        {
+            int signPos = stime.length() - 5;
+            char sign = stime.charAt(signPos);
+            if (sign == '-' || sign == '+')
+            {
+                return stime.substring(0, signPos)
+                    + "GMT"
+                    + stime.substring(signPos, signPos + 3)
+                    + ":"
+                    + stime.substring(signPos + 3);
+            }
+            else
+            {
+                signPos = stime.length() - 3;
+                sign = stime.charAt(signPos);
+                if (sign == '-' || sign == '+')
+                {
+                    return stime.substring(0, signPos)
+                        + "GMT"
+                        + stime.substring(signPos)
+                        + ":00";
+                }
+            }
+        }
+        return stime + calculateGMTOffset();
+    }
+
+    private String calculateGMTOffset()
+    {
+        String sign = "+";
+        TimeZone timeZone = TimeZone.getDefault();
+        int offset = timeZone.getRawOffset();
+        if (offset < 0)
+        {
+            sign = "-";
+            offset = -offset;
+        }
+        int hours = offset / (60 * 60 * 1000);
+        int minutes = (offset - (hours * 60 * 60 * 1000)) / (60 * 1000);
+
+        try
+        {
+            if (timeZone.useDaylightTime() && timeZone.inDaylightTime(this.getDate()))
+            {
+                hours += sign.equals("+") ? 1 : -1;
+            }
+        }
+        catch (ParseException e)
+        {
+            // we'll do our best and ignore daylight savings
+        }
+
+        return "GMT" + sign + convert(hours) + ":" + convert(minutes);
+    }
+
+    private String convert(int time)
+    {
+        if (time < 10)
+        {
+            return "0" + time;
+        }
+
+        return Integer.toString(time);
+    }
+
+    public Date getDate()
+        throws ParseException
+    {
+        SimpleDateFormat dateF;
+        String stime = Strings.fromByteArray(time);
+        String d = stime;
+
+        if (stime.endsWith("Z"))
+        {
+            if (hasFractionalSeconds())
+            {
+                dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
+            }
+            else
+            {
+                dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+            }
+
+            dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+        }
+        else if (stime.indexOf('-') > 0 || stime.indexOf('+') > 0)
+        {
+            d = this.getTime();
+            if (hasFractionalSeconds())
+            {
+                dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
+            }
+            else
+            {
+                dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+            }
+
+            dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+        }
+        else
+        {
+            if (hasFractionalSeconds())
+            {
+                dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS");
+            }
+            else
+            {
+                dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+            }
+
+            dateF.setTimeZone(new SimpleTimeZone(0, TimeZone.getDefault().getID()));
+        }
+
+        if (hasFractionalSeconds())
+        {
+            // java misinterprets extra digits as being milliseconds...
+            String frac = d.substring(14);
+            int index;
+            for (index = 1; index < frac.length(); index++)
+            {
+                char ch = frac.charAt(index);
+                if (!('0' <= ch && ch <= '9'))
+                {
+                    break;
+                }
+            }
+
+            if (index - 1 > 3)
+            {
+                frac = frac.substring(0, 4) + frac.substring(index);
+                d = d.substring(0, 14) + frac;
+            }
+            else if (index - 1 == 1)
+            {
+                frac = frac.substring(0, index) + "00" + frac.substring(index);
+                d = d.substring(0, 14) + frac;
+            }
+            else if (index - 1 == 2)
+            {
+                frac = frac.substring(0, index) + "0" + frac.substring(index);
+                d = d.substring(0, 14) + frac;
+            }
+        }
+
+        return dateF.parse(d);
+    }
+
+    private boolean hasFractionalSeconds()
+    {
+        for (int i = 0; i != time.length; i++)
+        {
+            if (time[i] == '.')
+            {
+                if (i == 14)
+                {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
+    boolean isConstructed()
     {
-        super(bytes);
+        return false;
     }
 
-    public ASN1GeneralizedTime(Date time)
+    int encodedLength()
     {
-        super(time);
+        int length = time.length;
+
+        return 1 + StreamUtil.calculateBodyLength(length) + length;
+    }
+
+    void encode(
+        ASN1OutputStream out)
+        throws IOException
+    {
+        out.writeEncoded(BERTags.GENERALIZED_TIME, time);
+    }
+
+    boolean asn1Equals(
+        ASN1Primitive o)
+    {
+        if (!(o instanceof ASN1GeneralizedTime))
+        {
+            return false;
+        }
+
+        return Arrays.areEqual(time, ((ASN1GeneralizedTime)o).time);
     }
 
-    public ASN1GeneralizedTime(String time)
+    public int hashCode()
     {
-        super(time);
+        return Arrays.hashCode(time);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
index 4471433..1971af9 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
@@ -124,6 +124,12 @@ public class ASN1InputStream
 
     /**
      * build an object given its tag and the number of bytes to construct it from.
+     *
+     * @param tag the full tag details.
+     * @param tagNo the tagNo defined.
+     * @param length the length of the object.
+     * @return the resulting primitive.
+     * @throws java.io.IOException on processing exception.
      */
     protected ASN1Primitive buildObject(
         int       tag,
@@ -438,7 +444,7 @@ public class ASN1InputStream
             case IA5_STRING:
                 return new DERIA5String(defIn.toByteArray());
             case INTEGER:
-                return new ASN1Integer(defIn.toByteArray());
+                return new ASN1Integer(defIn.toByteArray(), false);
             case NULL:
                 return DERNull.INSTANCE;   // actual content is ignored (enforce 0 length?)
             case NUMERIC_STRING:
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Integer.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
index d60c6a8..10326cf 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
@@ -1,22 +1,157 @@
 package org.bouncycastle.asn1;
 
+import java.io.IOException;
 import java.math.BigInteger;
 
+import org.bouncycastle.util.Arrays;
+
+/**
+ * Class representing the ASN.1 INTEGER type.
+ */
 public class ASN1Integer
-    extends DERInteger
+    extends ASN1Primitive
 {
-    ASN1Integer(byte[] bytes)
+    byte[] bytes;
+
+    /**
+     * return an integer from the passed in object
+     *
+     * @param obj an ASN1Integer or an object that can be converted into one.
+     * @throws IllegalArgumentException if the object cannot be converted.
+     * @return an ASN1Integer instance.
+     */
+    public static ASN1Integer getInstance(
+        Object obj)
+    {
+        if (obj == null || obj instanceof ASN1Integer)
+        {
+            return (ASN1Integer)obj;
+        }
+
+        if (obj instanceof byte[])
+        {
+            try
+            {
+                return (ASN1Integer)fromByteArray((byte[])obj);
+            }
+            catch (Exception e)
+            {
+                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+    }
+
+    /**
+     * return an Integer from a tagged object.
+     *
+     * @param obj      the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *                 tagged false otherwise.
+     * @throws IllegalArgumentException if the tagged object cannot
+     * be converted.
+     * @return an ASN1Integer instance.
+     */
+    public static ASN1Integer getInstance(
+        ASN1TaggedObject obj,
+        boolean explicit)
+    {
+        ASN1Primitive o = obj.getObject();
+
+        if (explicit || o instanceof ASN1Integer)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new ASN1Integer(ASN1OctetString.getInstance(obj.getObject()).getOctets());
+        }
+    }
+
+    public ASN1Integer(
+        long value)
     {
-        super(bytes);
+        bytes = BigInteger.valueOf(value).toByteArray();
     }
 
-    public ASN1Integer(BigInteger value)
+    public ASN1Integer(
+        BigInteger value)
     {
-        super(value);
+        bytes = value.toByteArray();
     }
 
-    public ASN1Integer(long value)
+    public ASN1Integer(
+        byte[] bytes)
     {
-        super(value);
+        this(bytes, true);
     }
+
+    ASN1Integer(byte[] bytes, boolean clone)
+    {
+        this.bytes = (clone) ? Arrays.clone(bytes) : bytes;
+    }
+
+    public BigInteger getValue()
+    {
+        return new BigInteger(bytes);
+    }
+
+    /**
+     * in some cases positive values get crammed into a space,
+     * that's not quite big enough...
+     * @return the BigInteger that results from treating this ASN.1 INTEGER as unsigned.
+     */
+    public BigInteger getPositiveValue()
+    {
+        return new BigInteger(1, bytes);
+    }
+
+    boolean isConstructed()
+    {
+        return false;
+    }
+
+    int encodedLength()
+    {
+        return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length;
+    }
+
+    void encode(
+        ASN1OutputStream out)
+        throws IOException
+    {
+        out.writeEncoded(BERTags.INTEGER, bytes);
+    }
+
+    public int hashCode()
+    {
+        int value = 0;
+
+        for (int i = 0; i != bytes.length; i++)
+        {
+            value ^= (bytes[i] & 0xff) << (i % 4);
+        }
+
+        return value;
+    }
+
+    boolean asn1Equals(
+        ASN1Primitive o)
+    {
+        if (!(o instanceof ASN1Integer))
+        {
+            return false;
+        }
+
+        ASN1Integer other = (ASN1Integer)o;
+
+        return Arrays.areEqual(bytes, other.bytes);
+    }
+
+    public String toString()
+    {
+        return getValue().toString();
+    }
+
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java
index 6402869..f39d120 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java
@@ -3,18 +3,26 @@ package org.bouncycastle.asn1;
 import java.io.IOException;
 
 /**
- * A NULL object.
+ * A NULL object - use DERNull.INSTANCE for populating structures.
  */
 public abstract class ASN1Null
     extends ASN1Primitive
 {
     /**
-     * @deprecated use DERNull.INSTANCE
+     * Return an instance of ASN.1 NULL from the passed in object.
+     * <p>
+     * Accepted inputs:
+     * <ul>
+     * <li> null &rarr; null
+     * <li> {@link ASN1Null} object
+     * <li> a byte[] containing ASN.1 NULL object
+     * </ul>
+     * </p>
+     *
+     * @param o object to be converted.
+     * @return an instance of ASN1Null, or null.
+     * @exception IllegalArgumentException if the object cannot be converted.
      */
-    public ASN1Null()
-    {
-    }
-
     public static ASN1Null getInstance(Object o)
     {
         if (o instanceof ASN1Null)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Object.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Object.java
index 956fb7d..304866f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Object.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Object.java
@@ -3,8 +3,13 @@ package org.bouncycastle.asn1;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 
+import org.bouncycastle.util.Encodable;
+
+/**
+ * Base class for defining an ASN.1 object.
+ */
 public abstract class ASN1Object
-    implements ASN1Encodable
+    implements ASN1Encodable, Encodable
 {
     /**
      * Return the default BER or DER encoding for this object.
@@ -88,10 +93,21 @@ public abstract class ASN1Object
         return this.toASN1Primitive();
     }
 
+    /**
+     * Return true if obj is a byte array and represents an object with the given tag value.
+     *
+     * @param obj object of interest.
+     * @param tagValue tag value to check for.
+     * @return  true if obj is a byte encoding starting with the given tag value, false otherwise.
+     */
     protected static boolean hasEncodedTagValue(Object obj, int tagValue)
     {
         return (obj instanceof byte[]) && ((byte[])obj)[0] == tagValue;
     }
 
+    /**
+     * Method providing a primitive representation of this object suitable for encoding.
+     * @return a primitive representation of this object.
+     */
     public abstract ASN1Primitive toASN1Primitive();
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
index 98f46a6..4de41b7 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
@@ -1,21 +1,205 @@
 package org.bouncycastle.asn1;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+
+import org.bouncycastle.util.Arrays;
+
+/**
+ * Class representing the ASN.1 OBJECT IDENTIFIER type.
+ */
 public class ASN1ObjectIdentifier
-    extends DERObjectIdentifier
+    extends ASN1Primitive
 {
-    public ASN1ObjectIdentifier(String identifier)
+    String identifier;
+
+    private byte[] body;
+
+    /**
+     * return an OID from the passed in object
+     * @param obj an ASN1ObjectIdentifier or an object that can be converted into one.
+     * @throws IllegalArgumentException if the object cannot be converted.
+     * @return an ASN1ObjectIdentifier instance, or null.
+     */
+    public static ASN1ObjectIdentifier getInstance(
+        Object obj)
+    {
+        if (obj == null || obj instanceof ASN1ObjectIdentifier)
+        {
+            return (ASN1ObjectIdentifier)obj;
+        }
+
+        if (obj instanceof ASN1Encodable && ((ASN1Encodable)obj).toASN1Primitive() instanceof ASN1ObjectIdentifier)
+        {
+            return (ASN1ObjectIdentifier)((ASN1Encodable)obj).toASN1Primitive();
+        }
+
+        if (obj instanceof byte[])
+        {
+            byte[] enc = (byte[])obj;
+            try
+            {
+                return (ASN1ObjectIdentifier)fromByteArray(enc);
+            }
+            catch (IOException e)
+            {
+                throw new IllegalArgumentException("failed to construct object identifier from byte[]: " + e.getMessage());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+    }
+
+    /**
+     * return an Object Identifier from a tagged object.
+     *
+     * @param obj      the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *                 tagged false otherwise.
+     * @throws IllegalArgumentException if the tagged object cannot
+     * be converted.
+     * @return an ASN1ObjectIdentifier instance, or null.
+     */
+    public static ASN1ObjectIdentifier getInstance(
+        ASN1TaggedObject obj,
+        boolean explicit)
+    {
+        ASN1Primitive o = obj.getObject();
+
+        if (explicit || o instanceof ASN1ObjectIdentifier)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return ASN1ObjectIdentifier.fromOctetString(ASN1OctetString.getInstance(obj.getObject()).getOctets());
+        }
+    }
+
+    private static final long LONG_LIMIT = (Long.MAX_VALUE >> 7) - 0x7f;
+
+    ASN1ObjectIdentifier(
+        byte[] bytes)
+    {
+        StringBuffer objId = new StringBuffer();
+        long value = 0;
+        BigInteger bigValue = null;
+        boolean first = true;
+
+        for (int i = 0; i != bytes.length; i++)
+        {
+            int b = bytes[i] & 0xff;
+
+            if (value <= LONG_LIMIT)
+            {
+                value += (b & 0x7f);
+                if ((b & 0x80) == 0)             // end of number reached
+                {
+                    if (first)
+                    {
+                        if (value < 40)
+                        {
+                            objId.append('0');
+                        }
+                        else if (value < 80)
+                        {
+                            objId.append('1');
+                            value -= 40;
+                        }
+                        else
+                        {
+                            objId.append('2');
+                            value -= 80;
+                        }
+                        first = false;
+                    }
+
+                    objId.append('.');
+                    objId.append(value);
+                    value = 0;
+                }
+                else
+                {
+                    value <<= 7;
+                }
+            }
+            else
+            {
+                if (bigValue == null)
+                {
+                    bigValue = BigInteger.valueOf(value);
+                }
+                bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f));
+                if ((b & 0x80) == 0)
+                {
+                    if (first)
+                    {
+                        objId.append('2');
+                        bigValue = bigValue.subtract(BigInteger.valueOf(80));
+                        first = false;
+                    }
+
+                    objId.append('.');
+                    objId.append(bigValue);
+                    bigValue = null;
+                    value = 0;
+                }
+                else
+                {
+                    bigValue = bigValue.shiftLeft(7);
+                }
+            }
+        }
+
+        this.identifier = objId.toString();
+        this.body = Arrays.clone(bytes);
+    }
+
+    /**
+     * Create an OID based on the passed in String.
+     *
+     * @param identifier a string representation of an OID.
+     */
+    public ASN1ObjectIdentifier(
+        String identifier)
     {
-        super(identifier);
+        if (identifier == null)
+        {
+            throw new IllegalArgumentException("'identifier' cannot be null");
+        }
+        if (!isValidIdentifier(identifier))
+        {
+            throw new IllegalArgumentException("string " + identifier + " not an OID");
+        }
+
+        this.identifier = identifier;
     }
 
-    ASN1ObjectIdentifier(byte[] bytes)
+     /**
+      * Create an OID that creates a branch under the current one.
+      *
+      * @param branchID node numbers for the new branch.
+      * @return the OID for the new created branch.
+      */
+    ASN1ObjectIdentifier(ASN1ObjectIdentifier oid, String branchID)
     {
-        super(bytes);
+        if (!isValidBranchID(branchID, 0))
+        {
+            throw new IllegalArgumentException("string " + branchID + " not a valid OID branch");
+        }
+
+        this.identifier = oid.getId() + "." + branchID;
     }
 
-    ASN1ObjectIdentifier(ASN1ObjectIdentifier oid, String branch)
+    /**
+     * Return the OID as a string.
+     *
+     * @return the string representation of the OID carried by this object.
+     */
+    public String getId()
     {
-        super(oid, branch);
+        return identifier;
     }
 
     /**
@@ -31,12 +215,258 @@ public class ASN1ObjectIdentifier
 
     /**
      * Return  true if this oid is an extension of the passed in branch, stem.
+     *
      * @param stem the arc or branch that is a possible parent.
-     * @return  true if the branch is on the passed in stem, false otherwise.
+     * @return true if the branch is on the passed in stem, false otherwise.
      */
     public boolean on(ASN1ObjectIdentifier stem)
     {
         String id = getId(), stemId = stem.getId();
         return id.length() > stemId.length() && id.charAt(stemId.length()) == '.' && id.startsWith(stemId);
     }
+
+    private void writeField(
+        ByteArrayOutputStream out,
+        long fieldValue)
+    {
+        byte[] result = new byte[9];
+        int pos = 8;
+        result[pos] = (byte)((int)fieldValue & 0x7f);
+        while (fieldValue >= (1L << 7))
+        {
+            fieldValue >>= 7;
+            result[--pos] = (byte)((int)fieldValue & 0x7f | 0x80);
+        }
+        out.write(result, pos, 9 - pos);
+    }
+
+    private void writeField(
+        ByteArrayOutputStream out,
+        BigInteger fieldValue)
+    {
+        int byteCount = (fieldValue.bitLength() + 6) / 7;
+        if (byteCount == 0)
+        {
+            out.write(0);
+        }
+        else
+        {
+            BigInteger tmpValue = fieldValue;
+            byte[] tmp = new byte[byteCount];
+            for (int i = byteCount - 1; i >= 0; i--)
+            {
+                tmp[i] = (byte)((tmpValue.intValue() & 0x7f) | 0x80);
+                tmpValue = tmpValue.shiftRight(7);
+            }
+            tmp[byteCount - 1] &= 0x7f;
+            out.write(tmp, 0, tmp.length);
+        }
+    }
+
+    private void doOutput(ByteArrayOutputStream aOut)
+    {
+        OIDTokenizer tok = new OIDTokenizer(identifier);
+        int first = Integer.parseInt(tok.nextToken()) * 40;
+
+        String secondToken = tok.nextToken();
+        if (secondToken.length() <= 18)
+        {
+            writeField(aOut, first + Long.parseLong(secondToken));
+        }
+        else
+        {
+            writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first)));
+        }
+
+        while (tok.hasMoreTokens())
+        {
+            String token = tok.nextToken();
+            if (token.length() <= 18)
+            {
+                writeField(aOut, Long.parseLong(token));
+            }
+            else
+            {
+                writeField(aOut, new BigInteger(token));
+            }
+        }
+    }
+
+    protected synchronized byte[] getBody()
+    {
+        if (body == null)
+        {
+            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+            doOutput(bOut);
+
+            body = bOut.toByteArray();
+        }
+
+        return body;
+    }
+
+    boolean isConstructed()
+    {
+        return false;
+    }
+
+    int encodedLength()
+        throws IOException
+    {
+        int length = getBody().length;
+
+        return 1 + StreamUtil.calculateBodyLength(length) + length;
+    }
+
+    void encode(
+        ASN1OutputStream out)
+        throws IOException
+    {
+        byte[] enc = getBody();
+
+        out.write(BERTags.OBJECT_IDENTIFIER);
+        out.writeLength(enc.length);
+        out.write(enc);
+    }
+
+    public int hashCode()
+    {
+        return identifier.hashCode();
+    }
+
+    boolean asn1Equals(
+        ASN1Primitive o)
+    {
+        if (!(o instanceof ASN1ObjectIdentifier))
+        {
+            return false;
+        }
+
+        return identifier.equals(((ASN1ObjectIdentifier)o).identifier);
+    }
+
+    public String toString()
+    {
+        return getId();
+    }
+
+    private static boolean isValidBranchID(
+        String branchID, int start)
+    {
+        boolean periodAllowed = false;
+
+        int pos = branchID.length();
+        while (--pos >= start)
+        {
+            char ch = branchID.charAt(pos);
+
+            // TODO Leading zeroes?
+            if ('0' <= ch && ch <= '9')
+            {
+                periodAllowed = true;
+                continue;
+            }
+
+            if (ch == '.')
+            {
+                if (!periodAllowed)
+                {
+                    return false;
+                }
+
+                periodAllowed = false;
+                continue;
+            }
+
+            return false;
+        }
+
+        return periodAllowed;
+    }
+
+    private static boolean isValidIdentifier(
+        String identifier)
+    {
+        if (identifier.length() < 3 || identifier.charAt(1) != '.')
+        {
+            return false;
+        }
+
+        char first = identifier.charAt(0);
+        if (first < '0' || first > '2')
+        {
+            return false;
+        }
+
+        return isValidBranchID(identifier, 2);
+    }
+
+    private static ASN1ObjectIdentifier[][] cache = new ASN1ObjectIdentifier[256][];
+
+    static ASN1ObjectIdentifier fromOctetString(byte[] enc)
+    {
+        if (enc.length < 3)
+        {
+            return new ASN1ObjectIdentifier(enc);
+        }
+
+        int idx1 = enc[enc.length - 2] & 0xff;
+        // in this case top bit is always zero
+        int idx2 = enc[enc.length - 1] & 0x7f;
+
+        ASN1ObjectIdentifier possibleMatch;
+
+        synchronized (cache)
+        {
+            ASN1ObjectIdentifier[] first = cache[idx1];
+            if (first == null)
+            {
+                first = cache[idx1] = new ASN1ObjectIdentifier[128];
+            }
+
+            possibleMatch = first[idx2];
+            if (possibleMatch == null)
+            {
+                return first[idx2] = new ASN1ObjectIdentifier(enc);
+            }
+
+            if (Arrays.areEqual(enc, possibleMatch.getBody()))
+            {
+                return possibleMatch;
+            }
+
+            idx1 = (idx1 + 1) & 0xff;
+            first = cache[idx1];
+            if (first == null)
+            {
+                first = cache[idx1] = new ASN1ObjectIdentifier[128];
+            }
+
+            possibleMatch = first[idx2];
+            if (possibleMatch == null)
+            {
+                return first[idx2] = new ASN1ObjectIdentifier(enc);
+            }
+
+            if (Arrays.areEqual(enc, possibleMatch.getBody()))
+            {
+                return possibleMatch;
+            }
+
+            idx2 = (idx2 + 1) & 0x7f;
+            possibleMatch = first[idx2];
+            if (possibleMatch == null)
+            {
+                return first[idx2] = new ASN1ObjectIdentifier(enc);
+            }
+        }
+
+        if (Arrays.areEqual(enc, possibleMatch.getBody()))
+        {
+            return possibleMatch;
+        }
+
+        return new ASN1ObjectIdentifier(enc);
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java
index 703b858..200b66a 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java
@@ -7,6 +7,96 @@ import java.io.InputStream;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.encoders.Hex;
 
+/**
+ * Abstract base for the ASN.1 OCTET STRING data type
+ * <p>
+ * This supports BER, and DER forms of the data.
+ * </p><p>
+ * DER form is always primitive single OCTET STRING, while
+ * BER support includes the constructed forms.
+ * </p>
+ * <hr>
+ * <p><b>X.690</b></p>
+ * <p><b>8: Basic encoding rules</b></p>
+ * <p><b>8.7 Encoding of an octetstring value</b></p>
+ * <p>
+ * <b>8.7.1</b> The encoding of an octetstring value shall be
+ * either primitive or constructed at the option of the sender.
+ * <blockquote>
+ * NOTE &mdash; Where it is necessary to transfer part of an octet string
+ * before the entire OCTET STRING is available, the constructed encoding
+ * is used.
+ * </blockquote>
+ * <p>
+ * <b>8.7.2</b> The primitive encoding contains zero,
+ * one or more contents octets equal in value to the octets
+ * in the data value, in the order they appear in the data value,
+ * and with the most significant bit of an octet of the data value
+ * aligned with the most significant bit of an octet of the contents octets.
+ * </p>
+ * <p>
+ * <b>8.7.3</b> The contents octets for the constructed encoding shall consist
+ * of zero, one, or more encodings.
+ * <blockquote>
+ * NOTE &mdash; Each such encoding includes identifier, length, and contents octets,
+ * and may include end-of-contents octets if it is constructed.
+ * </blockquote>
+ * </p>
+ * <p>
+ * <b>8.7.3.1</b> To encode an octetstring value in this way,
+ * it is segmented. Each segment shall consist of a series of
+ * consecutive octets of the value. There shall be no significance
+ * placed on the segment boundaries.
+ * <blockquote>
+ * NOTE &mdash; A segment may be of size zero, i.e. contain no octets.
+ * </blockquote>
+ * </p>
+ * <p>
+ * <b>8.7.3.2</b> Each encoding in the contents octets shall represent
+ * a segment of the overall octetstring, the encoding arising from
+ * a recursive application of this subclause.
+ * In this recursive application, each segment is treated as if it were
+ * a octetstring value. The encodings of the segments shall appear in the contents
+ * octets in the order in which their octets appear in the overall value.
+ * <blockquote>
+ * NOTE 1 &mdash; As a consequence of this recursion,
+ * each encoding in the contents octets may itself
+ * be primitive or constructed.
+ * However, such encodings will usually be primitive.
+ * </p><p>
+ * NOTE 2 &mdash; In particular, the tags in the contents octets are always universal class, number 4.
+ * </blockquote>
+ * </p>
+ * <p><b>9: Canonical encoding rules</b></p>
+ * <p><b>9.1 Length forms</b></p>
+ * <p>
+ * If the encoding is constructed, it shall employ the indefinite length form.
+ * If the encoding is primitive, it shall include the fewest length octets necessary.
+ * [Contrast with 8.1.3.2 b).]
+ * </p>
+ * <p><b>9.2 String encoding forms</b></p>
+ * <p>
+ * BIT STRING, OCTET STRING,and restricted character string
+ * values shall be encoded with a primitive encoding if they would
+ * require no more than 1000 contents octets, and as a constructed
+ * encoding otherwise. The string fragments contained in
+ * the constructed encoding shall be encoded with a primitive encoding.
+ * The encoding of each fragment, except possibly
+ * the last, shall have 1000 contents octets. (Contrast with 8.21.6.)
+ * </p>
+ * <b>10: Distinguished encoding rules</b>
+ * </p><p>
+ * <b>10.1 Length forms</b>
+ * The definite form of length encoding shall be used,
+ * encoded in the minimum number of octets.
+ * [Contrast with 8.1.3.2 b).] 
+ * </p><p>
+ * <b>10.2 String encoding forms</b>
+ * For BIT STRING, OCTET STRING and restricted character string types,
+ * the constructed form of encoding shall not be used.
+ * (Contrast with 8.21.6.)
+ * </p>
+ */
 public abstract class ASN1OctetString
     extends ASN1Primitive
     implements ASN1OctetStringParser
@@ -88,16 +178,31 @@ public abstract class ASN1OctetString
         this.string = string;
     }
 
+    /**
+     * Return the content of the OCTET STRING as an InputStream.
+     *
+     * @return an InputStream representing the OCTET STRING's content.
+     */
     public InputStream getOctetStream()
     {
         return new ByteArrayInputStream(string);
     }
 
+    /**
+     * Return the parser associated with this object.
+     *
+     * @return a parser based on this OCTET STRING
+     */
     public ASN1OctetStringParser parser()
     {
         return this;
     }
 
+    /**
+     * Return the content of the OCTET STRING as a byte array.
+     *
+     * @return the byte[] representing the OCTET STRING's content.
+     */
     public byte[] getOctets()
     {
         return string;
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java
index 0042317..122331f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java
@@ -2,8 +2,16 @@ package org.bouncycastle.asn1;
 
 import java.io.InputStream;
 
+/**
+ * A basic parser for an OCTET STRING object
+ */
 public interface ASN1OctetStringParser
     extends ASN1Encodable, InMemoryRepresentable
 {
+    /**
+     * Return the content of the OCTET STRING as an InputStream.
+     *
+     * @return an InputStream representing the OCTET STRING's content.
+     */
     public InputStream getOctetStream();
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Primitive.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Primitive.java
index e6fe137..3c887e5 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Primitive.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Primitive.java
@@ -2,6 +2,9 @@ package org.bouncycastle.asn1;
 
 import java.io.IOException;
 
+/**
+ * Base class for ASN.1 primitive objects. These are the actual objects used to generate byte encodings.
+ */
 public abstract class ASN1Primitive
     extends ASN1Object
 {
@@ -47,11 +50,21 @@ public abstract class ASN1Primitive
         return this;
     }
 
+    /**
+     * Return the current object as one which encodes using Distinguished Encoding Rules.
+     *
+     * @return a DER version of this.
+     */
     ASN1Primitive toDERObject()
     {
         return this;
     }
 
+    /**
+     * Return the current object as one which encodes using Definite Length encoding.
+     *
+     * @return a DL version of this.
+     */
     ASN1Primitive toDLObject()
     {
         return this;
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java
index 0507a2b..aa543f2 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java
@@ -4,16 +4,64 @@ import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Vector;
 
+/**
+ * ASN.1 <code>SEQUENCE</code> and <code>SEQUENCE OF</code> constructs.
+ * <p>
+ * DER form is always definite form length fields, while
+ * BER support uses indefinite form.
+ * <hr>
+ * <p><b>X.690</b></p>
+ * <p><b>8: Basic encoding rules</b></p>
+ * <p><b>8.9 Encoding of a sequence value </b></p>
+ * 8.9.1 The encoding of a sequence value shall be constructed.
+ * <p>
+ * <b>8.9.2</b> The contents octets shall consist of the complete
+ * encoding of one data value from each of the types listed in
+ * the ASN.1 definition of the sequence type, in the order of
+ * their appearance in the definition, unless the type was referenced
+ * with the keyword <b>OPTIONAL</b> or the keyword <b>DEFAULT</b>.
+ * </p><p>
+ * <b>8.9.3</b> The encoding of a data value may, but need not,
+ * be present for a type which was referenced with the keyword
+ * <b>OPTIONAL</b> or the keyword <b>DEFAULT</b>.
+ * If present, it shall appear in the encoding at the point
+ * corresponding to the appearance of the type in the ASN.1 definition.
+ * </p><p>
+ * <b>8.10 Encoding of a sequence-of value </b>
+ * </p><p>
+ * <b>8.10.1</b> The encoding of a sequence-of value shall be constructed.
+ * <p>
+ * <b>8.10.2</b> The contents octets shall consist of zero,
+ * one or more complete encodings of data values from the type listed in
+ * the ASN.1 definition.
+ * <p>
+ * <b>8.10.3</b> The order of the encodings of the data values shall be
+ * the same as the order of the data values in the sequence-of value to
+ * be encoded.
+ * </p>
+ * <p><b>9: Canonical encoding rules</b></p>
+ * <p><b>9.1 Length forms</b></p>
+ * If the encoding is constructed, it shall employ the indefinite length form.
+ * If the encoding is primitive, it shall include the fewest length octets necessary.
+ * [Contrast with 8.1.3.2 b).]
+ *
+ * <p><b>11: Restrictions on BER employed by both CER and DER</b></p>
+ * <p><b>11.5 Set and sequence components with default value</b></p>
+ * The encoding of a set value or sequence value shall not include
+ * an encoding for any component value which is equal to
+ * its default value.
+ */
 public abstract class ASN1Sequence
     extends ASN1Primitive
 {
     protected Vector seq = new Vector();
 
     /**
-     * return an ASN1Sequence from the given object.
+     * Return an ASN1Sequence from the given object.
      *
      * @param obj the object we want converted.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return an ASN1Sequence instance, or null.
      */
     public static ASN1Sequence getInstance(
         Object  obj)
@@ -65,6 +113,7 @@ public abstract class ASN1Sequence
      *          false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *          be converted.
+     * @return an ASN1Sequence instance.
      */
     public static ASN1Sequence getInstance(
         ASN1TaggedObject    obj,
@@ -110,14 +159,15 @@ public abstract class ASN1Sequence
     }
 
     /**
-     * create an empty sequence
+     * Create an empty sequence
      */
     protected ASN1Sequence()
     {
     }
 
     /**
-     * create a sequence containing one object
+     * Create a sequence containing one object
+     * @param obj the object to be put in the SEQUENCE.
      */
     protected ASN1Sequence(
         ASN1Encodable obj)
@@ -126,7 +176,8 @@ public abstract class ASN1Sequence
     }
 
     /**
-     * create a sequence containing a vector of objects.
+     * Create a sequence containing a vector of objects.
+     * @param v the vector of objects to be put in the SEQUENCE
      */
     protected ASN1Sequence(
         ASN1EncodableVector v)
@@ -138,7 +189,7 @@ public abstract class ASN1Sequence
     }
 
     /**
-     * create a sequence containing a vector of objects.
+     * Create a sequence containing a vector of objects.
      */
     protected ASN1Sequence(
         ASN1Encodable[]   array)
@@ -209,7 +260,7 @@ public abstract class ASN1Sequence
     }
 
     /**
-     * return the object at the sequence position indicated by index.
+     * Return the object at the sequence position indicated by index.
      *
      * @param index the sequence number (starting at zero) of the object
      * @return the object at the sequence position indicated by index.
@@ -221,7 +272,7 @@ public abstract class ASN1Sequence
     }
 
     /**
-     * return the number of objects in this sequence.
+     * Return the number of objects in this sequence.
      *
      * @return the number of objects in this sequence.
      */
@@ -290,6 +341,10 @@ public abstract class ASN1Sequence
         return encObj;
     }
 
+    /**
+     * Change current SEQUENCE object to be encoded as {@link DERSequence}.
+     * This is part of Distinguished Encoding Rules form serialization.
+     */
     ASN1Primitive toDERObject()
     {
         ASN1Sequence derSeq = new DERSequence();
@@ -299,6 +354,10 @@ public abstract class ASN1Sequence
         return derSeq;
     }
 
+    /**
+     * Change current SEQUENCE object to be encoded as {@link DLSequence}.
+     * This is part of Direct Length form serialization.
+     */
     ASN1Primitive toDLObject()
     {
         ASN1Sequence dlSeq = new DLSequence();
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java
index 441f150..22f83c2 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java
@@ -2,9 +2,18 @@ package org.bouncycastle.asn1;
 
 import java.io.IOException;
 
+/**
+ * A basic parser for a SEQUENCE object
+ */
 public interface ASN1SequenceParser
     extends ASN1Encodable, InMemoryRepresentable
 {
+    /**
+     * Read the next object from the underlying object representing a SEQUENCE.
+     *
+     * @throws IOException for bad input stream.
+     * @return the next object, null if we are at the end.
+     */
     ASN1Encodable readObject()
         throws IOException;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Set.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Set.java
index f1ac6c7..b4d263a 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Set.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Set.java
@@ -5,7 +5,94 @@ import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Vector;
 
-abstract public class ASN1Set
+/**
+ * ASN.1 <code>SET</code> and <code>SET OF</code> constructs.
+ * <p>
+ * Note: This does not know which syntax the set is!
+ * (The difference: ordering of SET elements or not ordering.)
+ * <p>
+ * DER form is always definite form length fields, while
+ * BER support uses indefinite form.
+ * <p>
+ * The CER form support does not exist.
+ * <p>
+ * <hr>
+ * <h2>X.690</h2>
+ * <h3>8: Basic encoding rules</h3>
+ * <h4>8.11 Encoding of a set value </h4>
+ * <b>8.11.1</b> The encoding of a set value shall be constructed
+ * <p>
+ * <b>8.11.2</b> The contents octets shall consist of the complete
+ * encoding of a data value from each of the types listed in the
+ * ASN.1 definition of the set type, in an order chosen by the sender,
+ * unless the type was referenced with the keyword
+ * <b>OPTIONAL</b> or the keyword <b>DEFAULT</b>.
+ * <p>
+ * <b>8.11.3</b> The encoding of a data value may, but need not,
+ * be present for a type which was referenced with the keyword
+ * <b>OPTIONAL</b> or the keyword <b>DEFAULT</b>.
+ * <blockquote>
+ * NOTE &mdash; The order of data values in a set value is not significant,
+ * and places no constraints on the order during transfer
+ * </blockquote>
+ * <h4>8.12 Encoding of a set-of value</h4>
+ * <b>8.12.1</b> The encoding of a set-of value shall be constructed.
+ * <p>
+ * <b>8.12.2</b> The text of 8.10.2 applies:
+ * <i>The contents octets shall consist of zero,
+ * one or more complete encodings of data values from the type listed in
+ * the ASN.1 definition.</i>
+ * <p>
+ * <b>8.12.3</b> The order of data values need not be preserved by
+ * the encoding and subsequent decoding.
+ *
+ * <h3>9: Canonical encoding rules</h3>
+ * <h4>9.1 Length forms</h4>
+ * If the encoding is constructed, it shall employ the indefinite length form.
+ * If the encoding is primitive, it shall include the fewest length octets necessary.
+ * [Contrast with 8.1.3.2 b).]
+ * <h4>9.3 Set components</h4>
+ * The encodings of the component values of a set value shall
+ * appear in an order determined by their tags as specified
+ * in 8.6 of ITU-T Rec. X.680 | ISO/IEC 8824-1.
+ * Additionally, for the purposes of determining the order in which
+ * components are encoded when one or more component is an untagged
+ * choice type, each untagged choice type is ordered as though it
+ * has a tag equal to that of the smallest tag in that choice type
+ * or any untagged choice types nested within.
+ *
+ * <h3>10: Distinguished encoding rules</h3>
+ * <h4>10.1 Length forms</h4>
+ * The definite form of length encoding shall be used,
+ * encoded in the minimum number of octets.
+ * [Contrast with 8.1.3.2 b).]
+ * <h4>10.3 Set components</h4>
+ * The encodings of the component values of a set value shall appear
+ * in an order determined by their tags as specified
+ * in 8.6 of ITU-T Rec. X.680 | ISO/IEC 8824-1.
+ * <blockquote>
+ * NOTE &mdash; Where a component of the set is an untagged choice type,
+ * the location of that component in the ordering will depend on
+ * the tag of the choice component being encoded.
+ * </blockquote>
+ *
+ * <h3>11: Restrictions on BER employed by both CER and DER</h3>
+ * <h4>11.5 Set and sequence components with default value </h4>
+ * The encoding of a set value or sequence value shall not include
+ * an encoding for any component value which is equal to
+ * its default value.
+ * <h4>11.6 Set-of components </h4>
+ * <p>
+ * The encodings of the component values of a set-of value
+ * shall appear in ascending order, the encodings being compared
+ * as octet strings with the shorter components being padded at
+ * their trailing end with 0-octets.
+ * <blockquote>
+ * NOTE &mdash; The padding octets are for comparison purposes only
+ * and do not appear in the encodings.
+ * </blockquote>
+ */
+public abstract class ASN1Set
     extends ASN1Primitive
 {
     private Vector set = new Vector();
@@ -16,6 +103,7 @@ abstract public class ASN1Set
      *
      * @param obj the object we want converted.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return an ASN1Set instance, or null.
      */
     public static ASN1Set getInstance(
         Object  obj)
@@ -67,6 +155,7 @@ abstract public class ASN1Set
      *          false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *          be converted.
+     * @return an ASN1Set instance.
      */
     public static ASN1Set getInstance(
         ASN1TaggedObject    obj,
@@ -135,6 +224,7 @@ abstract public class ASN1Set
 
     /**
      * create a sequence containing one object
+     * @param obj object to be added to the SET.
      */
     protected ASN1Set(
         ASN1Encodable obj)
@@ -144,6 +234,8 @@ abstract public class ASN1Set
 
     /**
      * create a sequence containing a vector of objects.
+     * @param v a vector of objects to make up the SET.
+     * @param doSort true if should be sorted DER style, false otherwise.
      */
     protected ASN1Set(
         ASN1EncodableVector v,
@@ -275,6 +367,10 @@ abstract public class ASN1Set
         return hashCode;
     }
 
+    /**
+     * Change current SET object to be encoded as {@link DERSet}.
+     * This is part of Distinguished Encoding Rules form serialization.
+     */
     ASN1Primitive toDERObject()
     {
         if (isSorted)
@@ -304,6 +400,10 @@ abstract public class ASN1Set
         }
     }
 
+    /**
+     * Change current SET object to be encoded as {@link DLSet}.
+     * This is part of Direct Length form serialization.
+     */
     ASN1Primitive toDLObject()
     {
         ASN1Set derSet = new DLSet();
@@ -381,22 +481,17 @@ abstract public class ASN1Set
         return len == a.length;
     }
 
-    private byte[] getEncoded(
+    private byte[] getDEREncoded(
         ASN1Encodable obj)
     {
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
         try
         {
-            aOut.writeObject(obj);
+            return obj.toASN1Primitive().getEncoded(ASN1Encoding.DER);
         }
         catch (IOException e)
         {
             throw new IllegalArgumentException("cannot encode object added to SET");
         }
-
-        return bOut.toByteArray();
     }
 
     protected void sort()
@@ -413,13 +508,13 @@ abstract public class ASN1Set
                 {
                     int    index = 0;
                     int    swapIndex = 0;
-                    byte[] a = getEncoded((ASN1Encodable)set.elementAt(0));
+                    byte[] a = getDEREncoded((ASN1Encodable)set.elementAt(0));
 
                     swapped = false;
 
                     while (index != lastSwap)
                     {
-                        byte[] b = getEncoded((ASN1Encodable)set.elementAt(index + 1));
+                        byte[] b = getDEREncoded((ASN1Encodable)set.elementAt(index + 1));
 
                         if (lessThanOrEqual(a, b))
                         {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java
index e025535..5f36dbb 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java
@@ -2,9 +2,18 @@ package org.bouncycastle.asn1;
 
 import java.io.IOException;
 
+/**
+ * A basic parser for a SET object
+ */
 public interface ASN1SetParser
     extends ASN1Encodable, InMemoryRepresentable
 {
+    /**
+     * Read the next object from the underlying object representing a SET.
+     *
+     * @throws IOException for bad input stream.
+     * @return the next object, null if we are at the end.
+     */
     public ASN1Encodable readObject()
         throws IOException;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
index 420fa34..418c101 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
@@ -4,6 +4,9 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 
+/**
+ * A parser for ASN.1 streams which also returns, where possible, parsers for the objects it encounters.
+ */
 public class ASN1StreamParser
 {
     private final InputStream _in;
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
index d3816f2..2c82df3 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
@@ -1,22 +1,314 @@
 package org.bouncycastle.asn1;
 
+import java.io.IOException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.Locale;
+import java.util.SimpleTimeZone;
 
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Strings;
+
+/**
+- * UTC time object.
+ * Internal facade of {@link ASN1UTCTime}.
+ * <p>
+ * This datatype is valid only from 1950-01-01 00:00:00 UTC until 2049-12-31 23:59:59 UTC.
+ * <p>
+ * <hr>
+ * <p><b>X.690</b></p>
+ * <p><b>11: Restrictions on BER employed by both CER and DER</b></p>
+ * <p><b>11.8 UTCTime </b></p>
+ * <b>11.8.1</b> The encoding shall terminate with "Z",
+ * as described in the ITU-T X.680 | ISO/IEC 8824-1 clause on UTCTime.
+ * <p>
+ * <b>11.8.2</b> The seconds element shall always be present.
+ * <p>
+ * <b>11.8.3</b> Midnight (GMT) shall be represented in the form:
+ * <blockquote>
+ * "YYMMDD000000Z"
+ * </blockquote>
+ * where "YYMMDD" represents the day following the midnight in question.
+ */
 public class ASN1UTCTime
-    extends DERUTCTime
+    extends ASN1Primitive
 {
-    ASN1UTCTime(byte[] bytes)
+    private byte[]      time;
+
+    /**
+     * return an UTC Time from the passed in object.
+     *
+     * @param obj an ASN1UTCTime or an object that can be converted into one.
+     * @exception IllegalArgumentException if the object cannot be converted.
+     * @return an ASN1UTCTime instance, or null.
+     */
+    public static ASN1UTCTime getInstance(
+        Object  obj)
+    {
+        if (obj == null || obj instanceof ASN1UTCTime)
+        {
+            return (ASN1UTCTime)obj;
+        }
+
+        if (obj instanceof byte[])
+        {
+            try
+            {
+                return (ASN1UTCTime)fromByteArray((byte[])obj);
+            }
+            catch (Exception e)
+            {
+                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+    }
+
+    /**
+     * return an UTC Time from a tagged object.
+     *
+     * @param obj the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *              tagged false otherwise.
+     * @exception IllegalArgumentException if the tagged object cannot
+     *               be converted.
+     * @return an ASN1UTCTime instance, or null.
+     */
+    public static ASN1UTCTime getInstance(
+        ASN1TaggedObject obj,
+        boolean          explicit)
+    {
+        ASN1Object o = obj.getObject();
+
+        if (explicit || o instanceof ASN1UTCTime)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new ASN1UTCTime(((ASN1OctetString)o).getOctets());
+        }
+    }
+
+    /**
+     * The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were
+     * never encoded. When you're creating one of these objects from scratch, that's
+     * what you want to use, otherwise we'll try to deal with whatever gets read from
+     * the input stream... (this is why the input format is different from the getTime()
+     * method output).
+     * <p>
+     *
+     * @param time the time string.
+     */
+    public ASN1UTCTime(
+        String time)
+    {
+        this.time = Strings.toByteArray(time);
+        try
+        {
+            this.getDate();
+        }
+        catch (ParseException e)
+        {
+            throw new IllegalArgumentException("invalid date string: " + e.getMessage());
+        }
+    }
+
+    /**
+     * base constructor from a java.util.date object
+     * @param time the Date to build the time from.
+     */
+    public ASN1UTCTime(
+        Date time)
+    {
+        SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'");
+
+        dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
+
+        this.time = Strings.toByteArray(dateF.format(time));
+    }
+
+    /**
+     * Base constructor from a java.util.date and Locale - you may need to use this if the default locale
+     * doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible with other ASN.1 implementations.
+     *
+     * @param time a date object representing the time of interest.
+     * @param locale an appropriate Locale for producing an ASN.1 UTCTime value.
+     */
+    public ASN1UTCTime(
+        Date time,
+        Locale locale)
+    {
+        SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", locale);
+
+        dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
+
+        this.time = Strings.toByteArray(dateF.format(time));
+    }
+
+    ASN1UTCTime(
+        byte[] time)
+    {
+        this.time = time;
+    }
+
+    /**
+     * return the time as a date based on whatever a 2 digit year will return. For
+     * standardised processing use getAdjustedDate().
+     *
+     * @return the resulting date
+     * @exception ParseException if the date string cannot be parsed.
+     */
+    public Date getDate()
+        throws ParseException
+    {
+        SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz");
+
+        return dateF.parse(getTime());
+    }
+
+    /**
+     * return the time as an adjusted date
+     * in the range of 1950 - 2049.
+     *
+     * @return a date in the range of 1950 to 2049.
+     * @exception ParseException if the date string cannot be parsed.
+     */
+    public Date getAdjustedDate()
+        throws ParseException
+    {
+        SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+
+        dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
+
+        return dateF.parse(getAdjustedTime());
+    }
+
+    /**
+     * return the time - always in the form of
+     *  YYMMDDhhmmssGMT(+hh:mm|-hh:mm).
+     * <p>
+     * Normally in a certificate we would expect "Z" rather than "GMT",
+     * however adding the "GMT" means we can just use:
+     * <pre>
+     *     dateF = new SimpleDateFormat("yyMMddHHmmssz");
+     * </pre>
+     * To read in the time and get a date which is compatible with our local
+     * time zone.
+     * <p>
+     * <b>Note:</b> In some cases, due to the local date processing, this
+     * may lead to unexpected results. If you want to stick the normal
+     * convention of 1950 to 2049 use the getAdjustedTime() method.
+     */
+    public String getTime()
+    {
+        String stime = Strings.fromByteArray(time);
+
+        //
+        // standardise the format.
+        //
+        if (stime.indexOf('-') < 0 && stime.indexOf('+') < 0)
+        {
+            if (stime.length() == 11)
+            {
+                return stime.substring(0, 10) + "00GMT+00:00";
+            }
+            else
+            {
+                return stime.substring(0, 12) + "GMT+00:00";
+            }
+        }
+        else
+        {
+            int index = stime.indexOf('-');
+            if (index < 0)
+            {
+                index = stime.indexOf('+');
+            }
+            String d = stime;
+
+            if (index == stime.length() - 3)
+            {
+                d += "00";
+            }
+
+            if (index == 10)
+            {
+                return d.substring(0, 10) + "00GMT" + d.substring(10, 13) + ":" + d.substring(13, 15);
+            }
+            else
+            {
+                return d.substring(0, 12) + "GMT" + d.substring(12, 15) + ":" +  d.substring(15, 17);
+            }
+        }
+    }
+
+    /**
+     * return a time string as an adjusted date with a 4 digit year. This goes
+     * in the range of 1950 - 2049.
+     */
+    public String getAdjustedTime()
+    {
+        String   d = this.getTime();
+
+        if (d.charAt(0) < '5')
+        {
+            return "20" + d;
+        }
+        else
+        {
+            return "19" + d;
+        }
+    }
+
+    boolean isConstructed()
+    {
+        return false;
+    }
+
+    int encodedLength()
+    {
+        int length = time.length;
+
+        return 1 + StreamUtil.calculateBodyLength(length) + length;
+    }
+
+    void encode(
+        ASN1OutputStream  out)
+        throws IOException
     {
-        super(bytes);
+        out.write(BERTags.UTC_TIME);
+
+        int length = time.length;
+
+        out.writeLength(length);
+
+        for (int i = 0; i != length; i++)
+        {
+            out.write((byte)time[i]);
+        }
+    }
+
+    boolean asn1Equals(
+        ASN1Primitive o)
+    {
+        if (!(o instanceof ASN1UTCTime))
+        {
+            return false;
+        }
+
+        return Arrays.areEqual(time, ((ASN1UTCTime)o).time);
     }
 
-    public ASN1UTCTime(Date time)
+    public int hashCode()
     {
-        super(time);
+        return Arrays.hashCode(time);
     }
 
-    public ASN1UTCTime(String time)
+    public String toString()
     {
-        super(time);
+      return Strings.fromByteArray(time);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java
index 5b59288..85d9843 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java
@@ -103,15 +103,6 @@ public class DERApplicationSpecific
                 throw new IllegalArgumentException("failed to construct object from byte[]: " + e.getMessage());
             }
         }
-        else if (obj instanceof ASN1Encodable)
-        {
-            ASN1Primitive primitive = ((ASN1Encodable)obj).toASN1Primitive();
-
-            if (primitive instanceof ASN1Sequence)
-            {
-                return (DERApplicationSpecific)primitive;
-            }
-        }
 
         throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERBMPString.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERBMPString.java
index 341e46a..635300b 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERBMPString.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERBMPString.java
@@ -18,6 +18,7 @@ public class DERBMPString
      *
      * @param obj the object we want converted.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return a DERBMPString instance, or null.
      */
     public static DERBMPString getInstance(
         Object  obj)
@@ -50,6 +51,7 @@ public class DERBMPString
      *              tagged false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *              be converted.
+     * @return a DERBMPString instance.
      */
     public static DERBMPString getInstance(
         ASN1TaggedObject obj,
@@ -69,6 +71,7 @@ public class DERBMPString
 
     /**
      * basic constructor - byte encoded string.
+     * @param string the encoded BMP STRING to wrap.
      */
     DERBMPString(
         byte[]   string)
@@ -90,6 +93,7 @@ public class DERBMPString
 
     /**
      * basic constructor
+     * @param string a String to wrap as a BMP STRING.
      */
     public DERBMPString(
         String   string)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERBitString.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERBitString.java
index a7b02ec..4852a79 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERBitString.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERBitString.java
@@ -18,7 +18,8 @@ public class DERBitString
     protected int         padBits;
 
     /**
-     * return the correct number of pad bits for a bit string defined in
+     * @param bitString an int containing the BIT STRING
+     * @return the correct number of pad bits for a bit string defined in
      * a 32 bit constant
      */
     static protected int getPadBits(
@@ -66,7 +67,8 @@ public class DERBitString
     }
 
     /**
-     * return the correct number of bytes for a bit string defined in
+     * @param bitString an int containing the BIT STRING
+     * @return the correct number of bytes for a bit string defined in
      * a 32 bit constant
      */
     static protected byte[] getBytes(int bitString)
@@ -93,7 +95,9 @@ public class DERBitString
     /**
      * return a Bit String from the passed in object
      *
+     * @param obj a DERBitString or an object that can be converted into one.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return a DERBitString instance, or null.
      */
     public static DERBitString getInstance(
         Object  obj)
@@ -114,6 +118,7 @@ public class DERBitString
      *              tagged false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *               be converted.
+     * @return a DERBitString instance, or null.
      */
     public static DERBitString getInstance(
         ASN1TaggedObject obj,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java
index 8b8d226..378ea35 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java
@@ -1,179 +1,22 @@
 package org.bouncycastle.asn1;
 
-import java.io.IOException;
-
-import org.bouncycastle.util.Arrays;
-
+/**
+ * @deprecated use ASN1Boolean
+ */
 public class DERBoolean
-    extends ASN1Primitive
+    extends ASN1Boolean
 {
-    private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff };
-    private static final byte[] FALSE_VALUE = new byte[] { 0 };
-
-    private byte[]         value;
-
-    public static final ASN1Boolean FALSE = new ASN1Boolean(false);
-    public static final ASN1Boolean TRUE  = new ASN1Boolean(true);
-
-
-    /**
-     * return a boolean from the passed in object.
-     *
-     * @exception IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1Boolean getInstance(
-        Object  obj)
-    {
-        if (obj == null || obj instanceof ASN1Boolean)
-        {
-            return (ASN1Boolean)obj;
-        }
-
-        if (obj instanceof DERBoolean)
-        {
-            return ((DERBoolean)obj).isTrue() ? DERBoolean.TRUE : DERBoolean.FALSE;
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
-    /**
-     * return a ASN1Boolean from the passed in boolean.
-     */
-    public static ASN1Boolean getInstance(
-        boolean  value)
-    {
-        return (value ? TRUE : FALSE);
-    }
-
-    /**
-     * return a ASN1Boolean from the passed in boolean.
-     */
-    public static ASN1Boolean getInstance(
-        int value)
-    {
-        return (value != 0 ? TRUE : FALSE);
-    }
-
-    /**
-     * return a Boolean from a tagged object.
-     *
-     * @param obj the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *              tagged false otherwise.
-     * @exception IllegalArgumentException if the tagged object cannot
-     *               be converted.
-     */
-    public static ASN1Boolean getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
-    {
-        ASN1Primitive o = obj.getObject();
-
-        if (explicit || o instanceof DERBoolean)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return ASN1Boolean.fromOctetString(((ASN1OctetString)o).getOctets());
-        }
-    }
-    
-    DERBoolean(
-        byte[]       value)
-    {
-        if (value.length != 1)
-        {
-            throw new IllegalArgumentException("byte value should have 1 byte in it");
-        }
-
-        if (value[0] == 0)
-        {
-            this.value = FALSE_VALUE;
-        }
-        else if (value[0] == 0xff)
-        {
-            this.value = TRUE_VALUE;
-        }
-        else
-        {
-            this.value = Arrays.clone(value);
-        }
-    }
-
     /**
      * @deprecated use getInstance(boolean) method.
      * @param value
      */
-    public DERBoolean(
-        boolean     value)
-    {
-        this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
-    }
-
-    public boolean isTrue()
-    {
-        return (value[0] != 0);
-    }
-
-    boolean isConstructed()
-    {
-        return false;
-    }
-
-    int encodedLength()
+    public DERBoolean(boolean value)
     {
-        return 3;
+        super(value);
     }
 
-    void encode(
-        ASN1OutputStream out)
-        throws IOException
+    DERBoolean(byte[] value)
     {
-        out.writeEncoded(BERTags.BOOLEAN, value);
-    }
-    
-    protected boolean asn1Equals(
-        ASN1Primitive  o)
-    {
-        if ((o == null) || !(o instanceof DERBoolean))
-        {
-            return false;
-        }
-
-        return (value[0] == ((DERBoolean)o).value[0]);
-    }
-    
-    public int hashCode()
-    {
-        return value[0];
-    }
-
-
-    public String toString()
-    {
-      return (value[0] != 0) ? "TRUE" : "FALSE";
-    }
-
-    static ASN1Boolean fromOctetString(byte[] value)
-    {
-        if (value.length != 1)
-        {
-            throw new IllegalArgumentException("BOOLEAN value should have 1 byte in it");
-        }
-
-        if (value[0] == 0)
-        {
-            return FALSE;
-        }
-        else if (value[0] == 0xff)
-        {
-            return TRUE;
-        }
-        else
-        {
-            return new ASN1Boolean(value);
-        }
+        super(value);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DEREnumerated.java b/bcprov/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
index 9b1ef55..daa8777 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
@@ -1,170 +1,37 @@
 package org.bouncycastle.asn1;
 
-import java.io.IOException;
 import java.math.BigInteger;
 
-import org.bouncycastle.util.Arrays;
-
 /**
- * Use ASN1Enumerated instead of this.
+ * @deprecated Use ASN1Enumerated instead of this.
  */
 public class DEREnumerated
-    extends ASN1Primitive
+    extends ASN1Enumerated
 {
-    byte[]      bytes;
-
-    /**
-     * return an integer from the passed in object
-     *
-     * @exception IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1Enumerated getInstance(
-        Object  obj)
-    {
-        if (obj == null || obj instanceof ASN1Enumerated)
-        {
-            return (ASN1Enumerated)obj;
-        }
-
-        if (obj instanceof DEREnumerated)
-        {
-            return new ASN1Enumerated(((DEREnumerated)obj).getValue());
-        }
-
-        if (obj instanceof byte[])
-        {
-            try
-            {
-                return (ASN1Enumerated)fromByteArray((byte[])obj);
-            }
-            catch (Exception e)
-            {
-                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
-            }
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
-    /**
-     * return an Enumerated from a tagged object.
-     *
-     * @param obj the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *              tagged false otherwise.
-     * @exception IllegalArgumentException if the tagged object cannot
-     *               be converted.
-     */
-    public static ASN1Enumerated getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
-    {
-        ASN1Primitive o = obj.getObject();
-
-        if (explicit || o instanceof DEREnumerated)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return fromOctetString(((ASN1OctetString)o).getOctets());
-        }
-    }
-
     /**
+     * @param bytes the value of this enumerated as an encoded BigInteger (signed).
      * @deprecated use ASN1Enumerated
      */
-    public DEREnumerated(
-        int         value)
+    DEREnumerated(byte[] bytes)
     {
-        bytes = BigInteger.valueOf(value).toByteArray();
+        super(bytes);
     }
 
     /**
+     * @param value the value of this enumerated.
      * @deprecated use ASN1Enumerated
      */
-    public DEREnumerated(
-        BigInteger   value)
+    public DEREnumerated(BigInteger value)
     {
-        bytes = value.toByteArray();
+        super(value);
     }
 
     /**
+     * @param value the value of this enumerated.
      * @deprecated use ASN1Enumerated
      */
-    public DEREnumerated(
-        byte[]   bytes)
-    {
-        this.bytes = bytes;
-    }
-
-    public BigInteger getValue()
-    {
-        return new BigInteger(bytes);
-    }
-
-    boolean isConstructed()
+    public DEREnumerated(int value)
     {
-        return false;
-    }
-
-    int encodedLength()
-    {
-        return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length;
-    }
-
-    void encode(
-        ASN1OutputStream out)
-        throws IOException
-    {
-        out.writeEncoded(BERTags.ENUMERATED, bytes);
-    }
-    
-    boolean asn1Equals(
-        ASN1Primitive  o)
-    {
-        if (!(o instanceof DEREnumerated))
-        {
-            return false;
-        }
-
-        DEREnumerated other = (DEREnumerated)o;
-
-        return Arrays.areEqual(this.bytes, other.bytes);
-    }
-
-    public int hashCode()
-    {
-        return Arrays.hashCode(bytes);
-    }
-
-    private static ASN1Enumerated[] cache = new ASN1Enumerated[12];
-
-    static ASN1Enumerated fromOctetString(byte[] enc)
-    {
-        if (enc.length > 1)
-        {
-            return new ASN1Enumerated(Arrays.clone(enc));
-        }
-
-        if (enc.length == 0)
-        {
-            throw new IllegalArgumentException("ENUMERATED has zero length");
-        }
-        int value = enc[0] & 0xff;
-
-        if (value >= cache.length)
-        {
-            return new ASN1Enumerated(Arrays.clone(enc));
-        }
-
-        ASN1Enumerated possibleMatch = cache[value];
-
-        if (possibleMatch == null)
-        {
-            possibleMatch = cache[value] = new ASN1Enumerated(Arrays.clone(enc));
-        }
-
-        return possibleMatch;
+        super(value);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java
index 43e4673..adee74e 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java
@@ -1,350 +1,28 @@
 package org.bouncycastle.asn1;
 
-import java.io.IOException;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
 import java.util.Date;
-import java.util.SimpleTimeZone;
-import java.util.TimeZone;
-
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Strings;
 
 /**
- * Generalized time object.
+ * DER Generalized time object.
  */
 public class DERGeneralizedTime
-    extends ASN1Primitive
+    extends ASN1GeneralizedTime
 {
-    private byte[]      time;
-
-    /**
-     * return a generalized time from the passed in object
-     *
-     * @exception IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1GeneralizedTime getInstance(
-        Object  obj)
-    {
-        if (obj == null || obj instanceof ASN1GeneralizedTime)
-        {
-            return (ASN1GeneralizedTime)obj;
-        }
-
-        if (obj instanceof DERGeneralizedTime)
-        {
-            return new ASN1GeneralizedTime(((DERGeneralizedTime)obj).time);
-        }
-
-        if (obj instanceof byte[])
-        {
-            try
-            {
-                return (ASN1GeneralizedTime)fromByteArray((byte[])obj);
-            }
-            catch (Exception e)
-            {
-                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
-            }
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
-    /**
-     * return a Generalized Time object from a tagged object.
-     *
-     * @param obj the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *              tagged false otherwise.
-     * @exception IllegalArgumentException if the tagged object cannot
-     *               be converted.
-     */
-    public static ASN1GeneralizedTime getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
-    {
-        ASN1Primitive o = obj.getObject();
-
-        if (explicit || o instanceof DERGeneralizedTime)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return new ASN1GeneralizedTime(((ASN1OctetString)o).getOctets());
-        }
-    }
-    
-    /**
-     * The correct format for this is YYYYMMDDHHMMSS[.f]Z, or without the Z
-     * for local time, or Z+-HHMM on the end, for difference between local
-     * time and UTC time. The fractional second amount f must consist of at
-     * least one number with trailing zeroes removed.
-     *
-     * @param time the time string.
-     * @exception IllegalArgumentException if String is an illegal format.
-     */
-    public DERGeneralizedTime(
-        String  time)
-    {
-        this.time = Strings.toByteArray(time);
-        try
-        {
-            this.getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalArgumentException("invalid date string: " + e.getMessage());
-        }
-    }
-
-    /**
-     * base constructor from a java.util.date object
-     */
-    public DERGeneralizedTime(
-        Date time)
-    {
-        SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
-
-        dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
-
-        this.time = Strings.toByteArray(dateF.format(time));
-    }
-
-    DERGeneralizedTime(
-        byte[]  bytes)
-    {
-        this.time = bytes;
-    }
-
-    /**
-     * Return the time.
-     * @return The time string as it appeared in the encoded object.
-     */
-    public String getTimeString()
-    {
-        return Strings.fromByteArray(time);
-    }
-    
-    /**
-     * return the time - always in the form of 
-     *  YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm).
-     * <p>
-     * Normally in a certificate we would expect "Z" rather than "GMT",
-     * however adding the "GMT" means we can just use:
-     * <pre>
-     *     dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
-     * </pre>
-     * To read in the time and get a date which is compatible with our local
-     * time zone.
-     */
-    public String getTime()
-    {
-        String stime = Strings.fromByteArray(time);
-
-        //
-        // standardise the format.
-        //             
-        if (stime.charAt(stime.length() - 1) == 'Z')
-        {
-            return stime.substring(0, stime.length() - 1) + "GMT+00:00";
-        }
-        else
-        {
-            int signPos = stime.length() - 5;
-            char sign = stime.charAt(signPos);
-            if (sign == '-' || sign == '+')
-            {
-                return stime.substring(0, signPos)
-                    + "GMT"
-                    + stime.substring(signPos, signPos + 3)
-                    + ":"
-                    + stime.substring(signPos + 3);
-            }
-            else
-            {
-                signPos = stime.length() - 3;
-                sign = stime.charAt(signPos);
-                if (sign == '-' || sign == '+')
-                {
-                    return stime.substring(0, signPos)
-                        + "GMT"
-                        + stime.substring(signPos)
-                        + ":00";
-                }
-            }
-        }            
-        return stime + calculateGMTOffset();
-    }
 
-    private String calculateGMTOffset()
+    DERGeneralizedTime(byte[] bytes)
     {
-        String sign = "+";
-        TimeZone timeZone = TimeZone.getDefault();
-        int offset = timeZone.getRawOffset();
-        if (offset < 0)
-        {
-            sign = "-";
-            offset = -offset;
-        }
-        int hours = offset / (60 * 60 * 1000);
-        int minutes = (offset - (hours * 60 * 60 * 1000)) / (60 * 1000);
-
-        try
-        {
-            if (timeZone.useDaylightTime() && timeZone.inDaylightTime(this.getDate()))
-            {
-                hours += sign.equals("+") ? 1 : -1;
-            }
-        }
-        catch (ParseException e)
-        {
-            // we'll do our best and ignore daylight savings
-        }
-
-        return "GMT" + sign + convert(hours) + ":" + convert(minutes);
+        super(bytes);
     }
 
-    private String convert(int time)
+    public DERGeneralizedTime(Date time)
     {
-        if (time < 10)
-        {
-            return "0" + time;
-        }
-
-        return Integer.toString(time);
-    }
-
-    public Date getDate()
-        throws ParseException
-    {
-        SimpleDateFormat dateF;
-        String stime = Strings.fromByteArray(time);
-        String d = stime;
-
-        if (stime.endsWith("Z"))
-        {
-            if (hasFractionalSeconds())
-            {
-                dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
-            }
-            else
-            {
-                dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
-            }
-
-            dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
-        }
-        else if (stime.indexOf('-') > 0 || stime.indexOf('+') > 0)
-        {
-            d = this.getTime();
-            if (hasFractionalSeconds())
-            { 
-                dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
-            }
-            else
-            {
-                dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
-            }
-
-            dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
-        }
-        else
-        {
-            if (hasFractionalSeconds())
-            {
-                dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS");
-            }
-            else
-            {
-                dateF = new SimpleDateFormat("yyyyMMddHHmmss");
-            }
-
-            dateF.setTimeZone(new SimpleTimeZone(0, TimeZone.getDefault().getID()));
-        }
-
-        if (hasFractionalSeconds())
-        {
-            // java misinterprets extra digits as being milliseconds...
-            String frac = d.substring(14);
-            int    index;
-            for (index = 1; index < frac.length(); index++)
-            {
-                char ch = frac.charAt(index);
-                if (!('0' <= ch && ch <= '9'))
-                {
-                    break;        
-                }
-            }
-
-            if (index - 1 > 3)
-            {
-                frac = frac.substring(0, 4) + frac.substring(index);
-                d = d.substring(0, 14) + frac;
-            }
-            else if (index - 1 == 1)
-            {
-                frac = frac.substring(0, index) + "00" + frac.substring(index);
-                d = d.substring(0, 14) + frac;
-            }
-            else if (index - 1 == 2)
-            {
-                frac = frac.substring(0, index) + "0" + frac.substring(index);
-                d = d.substring(0, 14) + frac;
-            }
-        }
-
-        return dateF.parse(d);
+        super(time);
     }
 
-    private boolean hasFractionalSeconds()
+    public DERGeneralizedTime(String time)
     {
-        for (int i = 0; i != time.length; i++)
-        {
-            if (time[i] == '.')
-            {
-                if (i == 14)
-                {
-                    return true;
-                }
-            }
-        }
-        return false;
+        super(time);
     }
 
-    boolean isConstructed()
-    {
-        return false;
-    }
-
-    int encodedLength()
-    {
-        int length = time.length;
-
-        return 1 + StreamUtil.calculateBodyLength(length) + length;
-    }
-
-    void encode(
-        ASN1OutputStream  out)
-        throws IOException
-    {
-        out.writeEncoded(BERTags.GENERALIZED_TIME, time);
-    }
-    
-    boolean asn1Equals(
-        ASN1Primitive  o)
-    {
-        if (!(o instanceof DERGeneralizedTime))
-        {
-            return false;
-        }
-
-        return Arrays.areEqual(time, ((DERGeneralizedTime)o).time);
-    }
-    
-    public int hashCode()
-    {
-        return Arrays.hashCode(time);
-    }
+    // TODO: create proper DER encoding.
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERIA5String.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERIA5String.java
index 631672e..1c533b1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERIA5String.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERIA5String.java
@@ -17,7 +17,9 @@ public class DERIA5String
     /**
      * return a IA5 string from the passed in object
      *
+     * @param obj a DERIA5String or an object that can be converted into one.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return a DERIA5String instance, or null.
      */
     public static DERIA5String getInstance(
         Object  obj)
@@ -50,6 +52,7 @@ public class DERIA5String
      *              tagged false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *               be converted.
+     * @return a DERIA5String instance, or null.
      */
     public static DERIA5String getInstance(
         ASN1TaggedObject obj,
@@ -69,6 +72,7 @@ public class DERIA5String
 
     /**
      * basic constructor - with bytes.
+     * @param string the byte encoding of the characters making up the string.
      */
     DERIA5String(
         byte[]   string)
@@ -78,6 +82,7 @@ public class DERIA5String
 
     /**
      * basic constructor - without validation.
+     * @param string the base string to use..
      */
     public DERIA5String(
         String   string)
@@ -163,7 +168,8 @@ public class DERIA5String
      * return true if the passed in String can be represented without
      * loss as an IA5String, false otherwise.
      *
-     * @return true if in printable set, false otherwise.
+     * @param str the string to check.
+     * @return true if character set in IA5String set, false otherwise.
      */
     public static boolean isIA5String(
         String  str)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERInteger.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERInteger.java
index 57cc84a..d2e850f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERInteger.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERInteger.java
@@ -1,160 +1,30 @@
 package org.bouncycastle.asn1;
 
-import java.io.IOException;
 import java.math.BigInteger;
 
-import org.bouncycastle.util.Arrays;
-
 /**
- * Use ASN1Integer instead of this,
+ * @deprecated  Use ASN1Integer instead of this,
  */
 public class DERInteger
-    extends ASN1Primitive
+    extends ASN1Integer
 {
-    byte[]      bytes;
-
-    /**
-     * return an integer from the passed in object
-     *
-     * @exception IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1Integer getInstance(
-        Object  obj)
-    {
-        if (obj == null || obj instanceof ASN1Integer)
-        {
-            return (ASN1Integer)obj;
-        }
-        if (obj instanceof DERInteger)
-        {
-            return new ASN1Integer((((DERInteger)obj).getValue()));
-        }
-
-        if (obj instanceof byte[])
-        {
-            try
-            {
-                return (ASN1Integer)fromByteArray((byte[])obj);
-            }
-            catch (Exception e)
-            {
-                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
-            }
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
     /**
-     * return an Integer from a tagged object.
+     * Constructor from a byte array containing a signed representation of the number.
      *
-     * @param obj the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *              tagged false otherwise.
-     * @exception IllegalArgumentException if the tagged object cannot
-     *               be converted.
-     */
-    public static ASN1Integer getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
-    {
-        ASN1Primitive o = obj.getObject();
-
-        if (explicit || o instanceof DERInteger)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return new ASN1Integer(ASN1OctetString.getInstance(obj.getObject()).getOctets());
-        }
-    }
-
-    /**
-     * @deprecated use ASN1Integer constructor
-     */
-    public DERInteger(
-        long         value)
-    {
-        bytes = BigInteger.valueOf(value).toByteArray();
-    }
-
-    /**
-     * @deprecated use ASN1Integer constructor
+     * @param bytes a byte array containing the signed number.A copy is made of the byte array.
      */
-    public DERInteger(
-        BigInteger   value)
+    public DERInteger(byte[] bytes)
     {
-        bytes = value.toByteArray();
+        super(bytes, true);
     }
 
-    /**
-     * @deprecated use ASN1Integer constructor
-     */
-    public DERInteger(
-        byte[]   bytes)
+    public DERInteger(BigInteger value)
     {
-        this.bytes = bytes;
-    }
-
-    public BigInteger getValue()
-    {
-        return new BigInteger(bytes);
-    }
-
-    /**
-     * in some cases positive values get crammed into a space,
-     * that's not quite big enough...
-     */
-    public BigInteger getPositiveValue()
-    {
-        return new BigInteger(1, bytes);
-    }
-
-    boolean isConstructed()
-    {
-        return false;
-    }
-
-    int encodedLength()
-    {
-        return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length;
-    }
-
-    void encode(
-        ASN1OutputStream out)
-        throws IOException
-    {
-        out.writeEncoded(BERTags.INTEGER, bytes);
-    }
-    
-    public int hashCode()
-    {
-         int     value = 0;
- 
-         for (int i = 0; i != bytes.length; i++)
-         {
-             value ^= (bytes[i] & 0xff) << (i % 4);
-         }
- 
-         return value;
-    }
-
-    boolean asn1Equals(
-        ASN1Primitive  o)
-    {
-        if (!(o instanceof DERInteger))
-        {
-            return false;
-        }
-
-        DERInteger other = (DERInteger)o;
-
-        return Arrays.areEqual(bytes, other.bytes);
+        super(value);
     }
 
-    public String toString()
+    public DERInteger(long value)
     {
-      return getValue().toString();
+        super(value);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERNumericString.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERNumericString.java
index eca4eea..e1b1276 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERNumericString.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERNumericString.java
@@ -17,7 +17,9 @@ public class DERNumericString
     /**
      * return a Numeric string from the passed in object
      *
+     * @param obj a DERNumericString or an object that can be converted into one.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return a DERNumericString instance, or null
      */
     public static DERNumericString getInstance(
         Object  obj)
@@ -50,6 +52,7 @@ public class DERNumericString
      *              tagged false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *               be converted.
+     * @return a DERNumericString instance, or null.
      */
     public static DERNumericString getInstance(
         ASN1TaggedObject obj,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
index 3d4d04c..acb2ada 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
@@ -1,446 +1,24 @@
 package org.bouncycastle.asn1;
 
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-
-import org.bouncycastle.util.Arrays;
-
 /**
- * Use ASN1ObjectIdentifier instead of this,
+ *
+ * @deprecated Use ASN1ObjectIdentifier instead of this,
  */
 public class DERObjectIdentifier
-    extends ASN1Primitive
+    extends ASN1ObjectIdentifier
 {
-    String identifier;
-
-    private byte[] body;
-
-    /**
-     * return an OID from the passed in object
-     *
-     * @throws IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1ObjectIdentifier getInstance(
-        Object obj)
-    {
-        if (obj == null || obj instanceof ASN1ObjectIdentifier)
-        {
-            return (ASN1ObjectIdentifier)obj;
-        }
-
-        if (obj instanceof DERObjectIdentifier)
-        {
-            return new ASN1ObjectIdentifier(((DERObjectIdentifier)obj).getId());
-        }
-
-        if (obj instanceof ASN1Encodable && ((ASN1Encodable)obj).toASN1Primitive() instanceof ASN1ObjectIdentifier)
-        {
-            return (ASN1ObjectIdentifier)((ASN1Encodable)obj).toASN1Primitive();
-        }
-
-        if (obj instanceof byte[])
-        {
-            byte[] enc = (byte[])obj;
-            if (enc[0] == BERTags.OBJECT_IDENTIFIER)
-            {
-                try
-                {
-                    return (ASN1ObjectIdentifier)fromByteArray(enc);
-                }
-                catch (IOException e)
-                {
-                    throw new IllegalArgumentException("failed to construct sequence from byte[]: " + e.getMessage());
-                }
-            }
-            else
-            {    // TODO: this really shouldn't be supported here...
-                return ASN1ObjectIdentifier.fromOctetString((byte[])obj);
-            }
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
-    /**
-     * return an Object Identifier from a tagged object.
-     *
-     * @param obj      the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *                 tagged false otherwise.
-     * @throws IllegalArgumentException if the tagged object cannot
-     * be converted.
-     */
-    public static ASN1ObjectIdentifier getInstance(
-        ASN1TaggedObject obj,
-        boolean explicit)
-    {
-        ASN1Primitive o = obj.getObject();
-
-        if (explicit || o instanceof DERObjectIdentifier)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return ASN1ObjectIdentifier.fromOctetString(ASN1OctetString.getInstance(obj.getObject()).getOctets());
-        }
-    }
-
-    private static final long LONG_LIMIT = (Long.MAX_VALUE >> 7) - 0x7f;
-
-    DERObjectIdentifier(
-        byte[] bytes)
+    public DERObjectIdentifier(String identifier)
     {
-        StringBuffer objId = new StringBuffer();
-        long value = 0;
-        BigInteger bigValue = null;
-        boolean first = true;
-
-        for (int i = 0; i != bytes.length; i++)
-        {
-            int b = bytes[i] & 0xff;
-
-            if (value <= LONG_LIMIT)
-            {
-                value += (b & 0x7f);
-                if ((b & 0x80) == 0)             // end of number reached
-                {
-                    if (first)
-                    {
-                        if (value < 40)
-                        {
-                            objId.append('0');
-                        }
-                        else if (value < 80)
-                        {
-                            objId.append('1');
-                            value -= 40;
-                        }
-                        else
-                        {
-                            objId.append('2');
-                            value -= 80;
-                        }
-                        first = false;
-                    }
-
-                    objId.append('.');
-                    objId.append(value);
-                    value = 0;
-                }
-                else
-                {
-                    value <<= 7;
-                }
-            }
-            else
-            {
-                if (bigValue == null)
-                {
-                    bigValue = BigInteger.valueOf(value);
-                }
-                bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f));
-                if ((b & 0x80) == 0)
-                {
-                    if (first)
-                    {
-                        objId.append('2');
-                        bigValue = bigValue.subtract(BigInteger.valueOf(80));
-                        first = false;
-                    }
-
-                    objId.append('.');
-                    objId.append(bigValue);
-                    bigValue = null;
-                    value = 0;
-                }
-                else
-                {
-                    bigValue = bigValue.shiftLeft(7);
-                }
-            }
-        }
-
-        this.identifier = objId.toString();
-        this.body = Arrays.clone(bytes);
+        super(identifier);
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier constructor.
-     */
-    public DERObjectIdentifier(
-        String identifier)
+    DERObjectIdentifier(byte[] bytes)
     {
-        if (identifier == null)
-        {
-            throw new IllegalArgumentException("'identifier' cannot be null");
-        }
-        if (!isValidIdentifier(identifier))
-        {
-            throw new IllegalArgumentException("string " + identifier + " not an OID");
-        }
-
-        this.identifier = identifier;
+        super(bytes);
     }
 
-    DERObjectIdentifier(DERObjectIdentifier oid, String branchID)
+    DERObjectIdentifier(ASN1ObjectIdentifier oid, String branch)
     {
-        if (!isValidBranchID(branchID, 0))
-        {
-            throw new IllegalArgumentException("string " + branchID + " not a valid OID branch");
-        }
-
-        this.identifier = oid.getId() + "." + branchID;
-    }
-
-    public String getId()
-    {
-        return identifier;
-    }
-
-    private void writeField(
-        ByteArrayOutputStream out,
-        long fieldValue)
-    {
-        byte[] result = new byte[9];
-        int pos = 8;
-        result[pos] = (byte)((int)fieldValue & 0x7f);
-        while (fieldValue >= (1L << 7))
-        {
-            fieldValue >>= 7;
-            result[--pos] = (byte)((int)fieldValue & 0x7f | 0x80);
-        }
-        out.write(result, pos, 9 - pos);
-    }
-
-    private void writeField(
-        ByteArrayOutputStream out,
-        BigInteger fieldValue)
-    {
-        int byteCount = (fieldValue.bitLength() + 6) / 7;
-        if (byteCount == 0)
-        {
-            out.write(0);
-        }
-        else
-        {
-            BigInteger tmpValue = fieldValue;
-            byte[] tmp = new byte[byteCount];
-            for (int i = byteCount - 1; i >= 0; i--)
-            {
-                tmp[i] = (byte)((tmpValue.intValue() & 0x7f) | 0x80);
-                tmpValue = tmpValue.shiftRight(7);
-            }
-            tmp[byteCount - 1] &= 0x7f;
-            out.write(tmp, 0, tmp.length);
-        }
-    }
-
-    private void doOutput(ByteArrayOutputStream aOut)
-    {
-        OIDTokenizer tok = new OIDTokenizer(identifier);
-        int first = Integer.parseInt(tok.nextToken()) * 40;
-
-        String secondToken = tok.nextToken();
-        if (secondToken.length() <= 18)
-        {
-            writeField(aOut, first + Long.parseLong(secondToken));
-        }
-        else
-        {
-            writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first)));
-        }
-
-        while (tok.hasMoreTokens())
-        {
-            String token = tok.nextToken();
-            if (token.length() <= 18)
-            {
-                writeField(aOut, Long.parseLong(token));
-            }
-            else
-            {
-                writeField(aOut, new BigInteger(token));
-            }
-        }
-    }
-
-    protected synchronized byte[] getBody()
-    {
-        if (body == null)
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
-            doOutput(bOut);
-
-            body = bOut.toByteArray();
-        }
-
-        return body;
-    }
-
-    boolean isConstructed()
-    {
-        return false;
-    }
-
-    int encodedLength()
-        throws IOException
-    {
-        int length = getBody().length;
-
-        return 1 + StreamUtil.calculateBodyLength(length) + length;
-    }
-
-    void encode(
-        ASN1OutputStream out)
-        throws IOException
-    {
-        byte[] enc = getBody();
-
-        out.write(BERTags.OBJECT_IDENTIFIER);
-        out.writeLength(enc.length);
-        out.write(enc);
-    }
-
-    public int hashCode()
-    {
-        return identifier.hashCode();
-    }
-
-    boolean asn1Equals(
-        ASN1Primitive o)
-    {
-        if (!(o instanceof DERObjectIdentifier))
-        {
-            return false;
-        }
-
-        return identifier.equals(((DERObjectIdentifier)o).identifier);
-    }
-
-    public String toString()
-    {
-        return getId();
-    }
-
-    private static boolean isValidBranchID(
-        String branchID, int start)
-    {
-        boolean periodAllowed = false;
-
-        int pos = branchID.length();
-        while (--pos >= start)
-        {
-            char ch = branchID.charAt(pos);
-
-            // TODO Leading zeroes?
-            if ('0' <= ch && ch <= '9')
-            {
-                periodAllowed = true;
-                continue;
-            }
-
-            if (ch == '.')
-            {
-                if (!periodAllowed)
-                {
-                    return false;
-                }
-
-                periodAllowed = false;
-                continue;
-            }
-
-            return false;
-        }
-
-        return periodAllowed;
-    }
-
-    private static boolean isValidIdentifier(
-        String identifier)
-    {
-        if (identifier.length() < 3 || identifier.charAt(1) != '.')
-        {
-            return false;
-        }
-
-        char first = identifier.charAt(0);
-        if (first < '0' || first > '2')
-        {
-            return false;
-        }
-
-        return isValidBranchID(identifier, 2);
-    }
-
-    private static ASN1ObjectIdentifier[][] cache = new ASN1ObjectIdentifier[256][];
-
-    static ASN1ObjectIdentifier fromOctetString(byte[] enc)
-    {
-        if (enc.length < 3)
-        {
-            return new ASN1ObjectIdentifier(enc);
-        }
-
-        int idx1 = enc[enc.length - 2] & 0xff;
-        // in this case top bit is always zero
-        int idx2 = enc[enc.length - 1] & 0x7f;
-
-        ASN1ObjectIdentifier possibleMatch;
-
-        synchronized (cache)
-        {
-            ASN1ObjectIdentifier[] first = cache[idx1];
-            if (first == null)
-            {
-                first = cache[idx1] = new ASN1ObjectIdentifier[128];
-            }
-
-            possibleMatch = first[idx2];
-            if (possibleMatch == null)
-            {
-                return first[idx2] = new ASN1ObjectIdentifier(enc);
-            }
-
-            if (Arrays.areEqual(enc, possibleMatch.getBody()))
-            {
-                return possibleMatch;
-            }
-
-            idx1 = (idx1 + 1) & 0xff;
-            first = cache[idx1];
-            if (first == null)
-            {
-                first = cache[idx1] = new ASN1ObjectIdentifier[128];
-            }
-
-            possibleMatch = first[idx2];
-            if (possibleMatch == null)
-            {
-                return first[idx2] = new ASN1ObjectIdentifier(enc);
-            }
-
-            if (Arrays.areEqual(enc, possibleMatch.getBody()))
-            {
-                return possibleMatch;
-            }
-
-            idx2 = (idx2 + 1) & 0x7f;
-            possibleMatch = first[idx2];
-            if (possibleMatch == null)
-            {
-                return first[idx2] = new ASN1ObjectIdentifier(enc);
-            }
-        }
-
-        if (Arrays.areEqual(enc, possibleMatch.getBody()))
-        {
-            return possibleMatch;
-        }
-
-        return new ASN1ObjectIdentifier(enc);
+        super(oid, branch);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERPrintableString.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERPrintableString.java
index 9f9b3dd..e7c5d75 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERPrintableString.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERPrintableString.java
@@ -16,8 +16,10 @@ public class DERPrintableString
 
     /**
      * return a printable string from the passed in object.
-     * 
+     *
+     * @param obj a DERPrintableString or an object that can be converted into one.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return a DERPrintableString instance, or null.
      */
     public static DERPrintableString getInstance(
         Object  obj)
@@ -50,6 +52,7 @@ public class DERPrintableString
      *              tagged false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *               be converted.
+     * @return a DERPrintableString instance, or null.
      */
     public static DERPrintableString getInstance(
         ASN1TaggedObject obj,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java
index d50fb7c..783cd33 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java
@@ -18,7 +18,9 @@ public class DERT61String
     /**
      * return a T61 string from the passed in object.
      *
+     * @param obj a DERT61String or an object that can be converted into one.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return a DERT61String instance, or null
      */
     public static DERT61String getInstance(
         Object  obj)
@@ -51,6 +53,7 @@ public class DERT61String
      *              tagged false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *               be converted.
+     * @return a DERT61String instance, or null
      */
     public static DERT61String getInstance(
         ASN1TaggedObject obj,
@@ -70,6 +73,8 @@ public class DERT61String
 
     /**
      * basic constructor - string encoded as a sequence of bytes.
+     *
+     * @param string the byte encoding of the string to be wrapped.
      */
     public DERT61String(
         byte[]   string)
@@ -79,6 +84,8 @@ public class DERT61String
 
     /**
      * basic constructor - with string 8 bit assumed.
+     *
+     * @param string the string to be wrapped.
      */
     public DERT61String(
         String   string)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61UTF8String.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61UTF8String.java
index dd81798..784aaa9 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61UTF8String.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61UTF8String.java
@@ -18,7 +18,9 @@ public class DERT61UTF8String
     /**
      * return a T61 string from the passed in object. UTF-8 Encoding is assumed in this case.
      *
+     * @param obj a DERT61UTF8String or an object that can be converted into one.
      * @throws IllegalArgumentException if the object cannot be converted.
+     * @return a DERT61UTF8String instance, or null
      */
     public static DERT61UTF8String getInstance(
         Object obj)
@@ -56,6 +58,7 @@ public class DERT61UTF8String
      *                 tagged false otherwise.
      * @throws IllegalArgumentException if the tagged object cannot
      * be converted.
+     * @return a DERT61UTF8String instance, or null
      */
     public static DERT61UTF8String getInstance(
         ASN1TaggedObject obj,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERUTCTime.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERUTCTime.java
index c5bd536..18e17b1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERUTCTime.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERUTCTime.java
@@ -1,278 +1,27 @@
 package org.bouncycastle.asn1;
 
-import java.io.IOException;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
 import java.util.Date;
-import java.util.SimpleTimeZone;
-
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Strings;
 
 /**
- * UTC time object.
+ * DER UTC time object.
  */
 public class DERUTCTime
-    extends ASN1Primitive
+    extends ASN1UTCTime
 {
-    private byte[]      time;
-
-    /**
-     * return an UTC Time from the passed in object.
-     *
-     * @exception IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1UTCTime getInstance(
-        Object  obj)
-    {
-        if (obj == null || obj instanceof ASN1UTCTime)
-        {
-            return (ASN1UTCTime)obj;
-        }
-
-        if (obj instanceof DERUTCTime)
-        {
-            return new ASN1UTCTime(((DERUTCTime)obj).time);
-        }
-
-        if (obj instanceof byte[])
-        {
-            try
-            {
-                return (ASN1UTCTime)fromByteArray((byte[])obj);
-            }
-            catch (Exception e)
-            {
-                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
-            }
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
-    /**
-     * return an UTC Time from a tagged object.
-     *
-     * @param obj the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *              tagged false otherwise.
-     * @exception IllegalArgumentException if the tagged object cannot
-     *               be converted.
-     */
-    public static ASN1UTCTime getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
-    {
-        ASN1Object o = obj.getObject();
-
-        if (explicit || o instanceof ASN1UTCTime)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return new ASN1UTCTime(((ASN1OctetString)o).getOctets());
-        }
-    }
-    
-    /**
-     * The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were
-     * never encoded. When you're creating one of these objects from scratch, that's
-     * what you want to use, otherwise we'll try to deal with whatever gets read from
-     * the input stream... (this is why the input format is different from the getTime()
-     * method output).
-     * <p>
-     *
-     * @param time the time string.
-     */
-    public DERUTCTime(
-        String  time)
-    {
-        this.time = Strings.toByteArray(time);
-        try
-        {
-            this.getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalArgumentException("invalid date string: " + e.getMessage());
-        }
-    }
-
-    /**
-     * base constructer from a java.util.date object
-     */
-    public DERUTCTime(
-        Date time)
-    {
-        SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'");
-
-        dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
-
-        this.time = Strings.toByteArray(dateF.format(time));
-    }
-
-    DERUTCTime(
-        byte[]  time)
-    {
-        this.time = time;
-    }
-
-    /**
-     * return the time as a date based on whatever a 2 digit year will return. For
-     * standardised processing use getAdjustedDate().
-     *
-     * @return the resulting date
-     * @exception ParseException if the date string cannot be parsed.
-     */
-    public Date getDate()
-        throws ParseException
-    {
-        SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz");
-
-        return dateF.parse(getTime());
-    }
-
-    /**
-     * return the time as an adjusted date
-     * in the range of 1950 - 2049.
-     *
-     * @return a date in the range of 1950 to 2049.
-     * @exception ParseException if the date string cannot be parsed.
-     */
-    public Date getAdjustedDate()
-        throws ParseException
+    DERUTCTime(byte[] bytes)
     {
-        SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
-
-        dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
-
-        return dateF.parse(getAdjustedTime());
-    }
-
-    /**
-     * return the time - always in the form of 
-     *  YYMMDDhhmmssGMT(+hh:mm|-hh:mm).
-     * <p>
-     * Normally in a certificate we would expect "Z" rather than "GMT",
-     * however adding the "GMT" means we can just use:
-     * <pre>
-     *     dateF = new SimpleDateFormat("yyMMddHHmmssz");
-     * </pre>
-     * To read in the time and get a date which is compatible with our local
-     * time zone.
-     * <p>
-     * <b>Note:</b> In some cases, due to the local date processing, this
-     * may lead to unexpected results. If you want to stick the normal
-     * convention of 1950 to 2049 use the getAdjustedTime() method.
-     */
-    public String getTime()
-    {
-        String stime = Strings.fromByteArray(time);
-
-        //
-        // standardise the format.
-        //
-        if (stime.indexOf('-') < 0 && stime.indexOf('+') < 0)
-        {
-            if (stime.length() == 11)
-            {
-                return stime.substring(0, 10) + "00GMT+00:00";
-            }
-            else
-            {
-                return stime.substring(0, 12) + "GMT+00:00";
-            }
-        }
-        else
-        {
-            int index = stime.indexOf('-');
-            if (index < 0)
-            {
-                index = stime.indexOf('+');
-            }
-            String d = stime;
-
-            if (index == stime.length() - 3)
-            {
-                d += "00";
-            }
-
-            if (index == 10)
-            {
-                return d.substring(0, 10) + "00GMT" + d.substring(10, 13) + ":" + d.substring(13, 15);
-            }
-            else
-            {
-                return d.substring(0, 12) + "GMT" + d.substring(12, 15) + ":" +  d.substring(15, 17);
-            }
-        }
-    }
-
-    /**
-     * return a time string as an adjusted date with a 4 digit year. This goes
-     * in the range of 1950 - 2049.
-     */
-    public String getAdjustedTime()
-    {
-        String   d = this.getTime();
-
-        if (d.charAt(0) < '5')
-        {
-            return "20" + d;
-        }
-        else
-        {
-            return "19" + d;
-        }
-    }
-
-    boolean isConstructed()
-    {
-        return false;
+        super(bytes);
     }
 
-    int encodedLength()
+    public DERUTCTime(Date time)
     {
-        int length = time.length;
-
-        return 1 + StreamUtil.calculateBodyLength(length) + length;
+        super(time);
     }
 
-    void encode(
-        ASN1OutputStream  out)
-        throws IOException
+    public DERUTCTime(String time)
     {
-        out.write(BERTags.UTC_TIME);
-
-        int length = time.length;
-
-        out.writeLength(length);
-
-        for (int i = 0; i != length; i++)
-        {
-            out.write((byte)time[i]);
-        }
+        super(time);
     }
-    
-    boolean asn1Equals(
-        ASN1Primitive o)
-    {
-        if (!(o instanceof DERUTCTime))
-        {
-            return false;
-        }
 
-        return Arrays.areEqual(time, ((DERUTCTime)o).time);
-    }
-    
-    public int hashCode()
-    {
-        return Arrays.hashCode(time);
-    }
-
-    public String toString() 
-    {
-      return Strings.fromByteArray(time);
-    }
+    // TODO: create proper DER encoding.
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERUTF8String.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERUTF8String.java
index fa34b22..f54d1db 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERUTF8String.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERUTF8String.java
@@ -15,10 +15,12 @@ public class DERUTF8String
     private byte[]  string;
 
     /**
-     * return an UTF8 string from the passed in object.
-     * 
+     * Return an UTF8 string from the passed in object.
+     *
+     * @param obj a DERUTF8String or an object that can be converted into one.
      * @exception IllegalArgumentException
      *                if the object cannot be converted.
+     * @return a DERUTF8String instance, or null
      */
     public static DERUTF8String getInstance(Object obj)
     {
@@ -44,7 +46,7 @@ public class DERUTF8String
     }
 
     /**
-     * return an UTF8 String from a tagged object.
+     * Return an UTF8 String from a tagged object.
      * 
      * @param obj
      *            the tagged object holding the object we want
@@ -53,6 +55,7 @@ public class DERUTF8String
      *            otherwise.
      * @exception IllegalArgumentException
      *                if the tagged object cannot be converted.
+     * @return a DERUTF8String instance, or null
      */
     public static DERUTF8String getInstance(
         ASN1TaggedObject obj,
@@ -71,7 +74,7 @@ public class DERUTF8String
     }
 
     /**
-     * basic constructor - byte encoded string.
+     * Basic constructor - byte encoded string.
      */
     DERUTF8String(byte[] string)
     {
@@ -79,7 +82,7 @@ public class DERUTF8String
     }
 
     /**
-     * basic constructor
+     * Basic constructor
      */
     public DERUTF8String(String string)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERUniversalString.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERUniversalString.java
index 51b0799..0d447df 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERUniversalString.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERUniversalString.java
@@ -18,7 +18,9 @@ public class DERUniversalString
     /**
      * return a Universal String from the passed in object.
      *
+     * @param obj a DERUniversalString or an object that can be converted into one.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return a DERUniversalString instance, or null
      */
     public static DERUniversalString getInstance(
         Object  obj)
@@ -51,6 +53,7 @@ public class DERUniversalString
      *              tagged false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *               be converted.
+     * @return a DERUniversalString instance, or null
      */
     public static DERUniversalString getInstance(
         ASN1TaggedObject obj,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERVisibleString.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERVisibleString.java
index 18e7d73..6eb282c 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERVisibleString.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERVisibleString.java
@@ -6,7 +6,10 @@ import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Strings;
 
 /**
- * DER VisibleString object.
+ * DER VisibleString object encoding ISO 646 (ASCII) character code points 32 to 126.
+ * <p>
+ * Explicit character set escape sequences are not allowed.
+ * </p>
  */
 public class DERVisibleString
     extends ASN1Primitive
@@ -15,9 +18,11 @@ public class DERVisibleString
     private byte[]  string;
 
     /**
-     * return a Visible String from the passed in object.
+     * Return a Visible String from the passed in object.
      *
+     * @param obj a DERVisibleString or an object that can be converted into one.
      * @exception IllegalArgumentException if the object cannot be converted.
+     * @return a DERVisibleString instance, or null
      */
     public static DERVisibleString getInstance(
         Object  obj)
@@ -43,13 +48,14 @@ public class DERVisibleString
     }
 
     /**
-     * return a Visible String from a tagged object.
+     * Return a Visible String from a tagged object.
      *
      * @param obj the tagged object holding the object we want
      * @param explicit true if the object is meant to be explicitly
      *              tagged false otherwise.
      * @exception IllegalArgumentException if the tagged object cannot
      *               be converted.
+     * @return a DERVisibleString instance, or null
      */
     public static DERVisibleString getInstance(
         ASN1TaggedObject obj,
@@ -68,7 +74,7 @@ public class DERVisibleString
     }
 
     /**
-     * basic constructor - byte encoded string.
+     * Basic constructor - byte encoded string.
      */
     DERVisibleString(
         byte[]   string)
@@ -77,7 +83,7 @@ public class DERVisibleString
     }
 
     /**
-     * basic constructor
+     * Basic constructor
      */
     public DERVisibleString(
         String   string)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DLSet.java b/bcprov/src/main/java/org/bouncycastle/asn1/DLSet.java
index 91e83fa..e3042c2 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DLSet.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DLSet.java
@@ -11,13 +11,13 @@ import java.util.Enumeration;
  * <h3>8: Basic encoding rules</h3>
  * <h4>8.11 Encoding of a set value </h4>
  * <b>8.11.1</b> The encoding of a set value shall be constructed
- * <p/>
+ * <p>
  * <b>8.11.2</b> The contents octets shall consist of the complete
  * encoding of a data value from each of the types listed in the
  * ASN.1 definition of the set type, in an order chosen by the sender,
  * unless the type was referenced with the keyword
  * <b>OPTIONAL</b> or the keyword <b>DEFAULT</b>.
- * <p/>
+ * <p>
  * <b>8.11.3</b> The encoding of a data value may, but need not,
  * be present for a type which was referenced with the keyword
  * <b>OPTIONAL</b> or the keyword <b>DEFAULT</b>.
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java b/bcprov/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java
index a4b1492..9374ab7 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java
@@ -2,8 +2,15 @@ package org.bouncycastle.asn1;
 
 import java.io.IOException;
 
+/**
+ * Interface implemented by objects that can be converted from streaming to in-memory objects.
+ */
 public interface InMemoryRepresentable
 {
+    /**
+     * Get the in-memory representation of the ASN.1 object.
+     * @throws IOException for bad input data.
+     */
     ASN1Primitive getLoadedObject()
         throws IOException;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/bc/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/bc/package.html
new file mode 100644
index 0000000..a8beb00
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/bc/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+ASN.1 classes specific to the Bouncy Castle APIs.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/bsi/BSIObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/bsi/BSIObjectIdentifiers.java
new file mode 100644
index 0000000..315f6c4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/bsi/BSIObjectIdentifiers.java
@@ -0,0 +1,35 @@
+package org.bouncycastle.asn1.bsi;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+
+/**
+ * See https://www.bsi.bund.de/cae/servlet/contentblob/471398/publicationFile/30615/BSI-TR-03111_pdf.pdf
+ */
+public interface BSIObjectIdentifiers
+{
+    static final ASN1ObjectIdentifier bsi_de = new ASN1ObjectIdentifier("0.4.0.127.0.7");
+
+    /* 0.4.0.127.0.7.1.1 */
+    static final ASN1ObjectIdentifier id_ecc = bsi_de.branch("1.1");
+    
+    /* 0.4.0.127.0.7.1.1.4.1 */
+    static final ASN1ObjectIdentifier ecdsa_plain_signatures = id_ecc.branch("4.1");
+    
+    /* 0.4.0.127.0.7.1.1.4.1.1 */
+    static final ASN1ObjectIdentifier ecdsa_plain_SHA1 = ecdsa_plain_signatures.branch("1");
+
+    /* 0.4.0.127.0.7.1.1.4.1.2 */
+    static final ASN1ObjectIdentifier ecdsa_plain_SHA224 = ecdsa_plain_signatures.branch("2");
+
+    /* 0.4.0.127.0.7.1.1.4.1.3 */
+    static final ASN1ObjectIdentifier ecdsa_plain_SHA256 = ecdsa_plain_signatures.branch("3");
+
+    /* 0.4.0.127.0.7.1.1.4.1.4 */
+    static final ASN1ObjectIdentifier ecdsa_plain_SHA384 = ecdsa_plain_signatures.branch("4");
+
+    /* 0.4.0.127.0.7.1.1.4.1.5 */
+    static final ASN1ObjectIdentifier ecdsa_plain_SHA512 = ecdsa_plain_signatures.branch("5");
+
+    /* 0.4.0.127.0.7.1.1.4.1.6 */
+    static final ASN1ObjectIdentifier ecdsa_plain_RIPEMD160 = ecdsa_plain_signatures.branch("6");
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/bsi/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/bsi/package.html
new file mode 100644
index 0000000..be9bd80
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/bsi/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+ASN.1 classes specific to the Bundesamt f&uuml;r Sicherheit in der Informationstechnik (BSI) standards.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cmp/CMPCertificate.java b/bcprov/src/main/java/org/bouncycastle/asn1/cmp/CMPCertificate.java
index 243aacb..782c8c2 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cmp/CMPCertificate.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cmp/CMPCertificate.java
@@ -1,5 +1,7 @@
 package org.bouncycastle.asn1.cmp;
 
+import java.io.IOException;
+
 import org.bouncycastle.asn1.ASN1Choice;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
@@ -14,14 +16,31 @@ public class CMPCertificate
     implements ASN1Choice
 {
     private Certificate x509v3PKCert;
-    private AttributeCertificate x509v2AttrCert;
+
+    private int        otherTagValue;
+    private ASN1Object otherCert;
 
     /**
-     * Note: the addition of attribute certificates is a BC extension.
+     * Note: the addition of attribute certificates is a BC extension. If you use this constructor they
+     * will be added with a tag value of 1.
+     * @deprecated use (type. otherCert) constructor
      */
     public CMPCertificate(AttributeCertificate x509v2AttrCert)
     {
-        this.x509v2AttrCert = x509v2AttrCert;
+        this(1, x509v2AttrCert);
+    }
+
+    /**
+     * Note: the addition of other certificates is a BC extension. If you use this constructor they
+     * will be added with an explicit tag value of type.
+     *
+     * @param type the type of the certificate (used as a tag value).
+     * @param otherCert the object representing the certificate
+     */
+    public CMPCertificate(int type, ASN1Object otherCert)
+    {
+        this.otherTagValue = type;
+        this.otherCert = otherCert;
     }
 
     public CMPCertificate(Certificate x509v3PKCert)
@@ -41,14 +60,28 @@ public class CMPCertificate
             return (CMPCertificate)o;
         }
 
-        if (o instanceof ASN1Sequence || o instanceof byte[])
+        if (o instanceof byte[])
+        {
+            try
+            {
+                o = ASN1Primitive.fromByteArray((byte[])o);
+            }
+            catch (IOException e)
+            {
+                throw new IllegalArgumentException("Invalid encoding in CMPCertificate");
+            }
+        }
+
+        if (o instanceof ASN1Sequence)
         {
             return new CMPCertificate(Certificate.getInstance(o));
         }
 
         if (o instanceof ASN1TaggedObject)
         {
-            return new CMPCertificate(AttributeCertificate.getInstance(((ASN1TaggedObject)o).getObject()));
+            ASN1TaggedObject taggedObject = (ASN1TaggedObject)o;
+
+            return new CMPCertificate(taggedObject.getTagNo(), taggedObject.getObject());
         }
 
         throw new IllegalArgumentException("Invalid object: " + o.getClass().getName());
@@ -64,27 +97,43 @@ public class CMPCertificate
         return x509v3PKCert;
     }
 
+    /**
+     * Return an AttributeCertificate interpretation of otherCert.
+     * @deprecated use getOtherCert and getOtherTag to make sure message is really what it should be.
+     *
+     * @return  an AttributeCertificate
+     */
     public AttributeCertificate getX509v2AttrCert()
     {
-        return x509v2AttrCert;
+        return AttributeCertificate.getInstance(otherCert);
+    }
+
+    public int getOtherCertTag()
+    {
+        return otherTagValue;
+    }
+
+    public ASN1Object getOtherCert()
+    {
+        return otherCert;
     }
 
     /**
      * <pre>
      * CMPCertificate ::= CHOICE {
-     *            x509v3PKCert        Certificate
-     *            x509v2AttrCert      [1] AttributeCertificate
+     *            x509v3PKCert    Certificate
+     *            otherCert      [tag] EXPLICIT ANY DEFINED BY tag
      *  }
      * </pre>
-     * Note: the addition of attribute certificates is a BC extension.
+     * Note: the addition of the explicit tagging is a BC extension. We apologise for the warped syntax, but hopefully you get the idea.
      *
      * @return a basic ASN.1 object representation.
      */
     public ASN1Primitive toASN1Primitive()
     {
-        if (x509v2AttrCert != null)
+        if (otherCert != null)
         {        // explicit following CMP conventions
-            return new DERTaggedObject(true, 1, x509v2AttrCert);
+            return new DERTaggedObject(true, otherTagValue, otherCert);
         }
 
         return x509v3PKCert.toASN1Primitive();
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java b/bcprov/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java
index afab192..82f1b08 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cmp/PKIHeader.java
@@ -4,13 +4,13 @@ import java.util.Enumeration;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.x500.X500Name;
@@ -31,7 +31,7 @@ public class PKIHeader
     private ASN1Integer pvno;
     private GeneralName sender;
     private GeneralName recipient;
-    private DERGeneralizedTime messageTime;
+    private ASN1GeneralizedTime messageTime;
     private AlgorithmIdentifier protectionAlg;
     private ASN1OctetString senderKID;       // KeyIdentifier
     private ASN1OctetString recipKID;        // KeyIdentifier
@@ -56,7 +56,7 @@ public class PKIHeader
             switch (tObj.getTagNo())
             {
             case 0:
-                messageTime = DERGeneralizedTime.getInstance(tObj, true);
+                messageTime = ASN1GeneralizedTime.getInstance(tObj, true);
                 break;
             case 1:
                 protectionAlg = AlgorithmIdentifier.getInstance(tObj, true);
@@ -136,7 +136,7 @@ public class PKIHeader
         return recipient;
     }
 
-    public DERGeneralizedTime getMessageTime()
+    public ASN1GeneralizedTime getMessageTime()
     {
         return messageTime;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cmp/PKIHeaderBuilder.java b/bcprov/src/main/java/org/bouncycastle/asn1/cmp/PKIHeaderBuilder.java
index 76d6bab..c5465a9 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cmp/PKIHeaderBuilder.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cmp/PKIHeaderBuilder.java
@@ -6,7 +6,6 @@ import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
@@ -46,16 +45,6 @@ public class PKIHeaderBuilder
         this.recipient = recipient;
     }
 
-    /**
-     * @deprecated use ASN1GeneralizedTime
-     */
-    public PKIHeaderBuilder setMessageTime(DERGeneralizedTime time)
-    {
-        messageTime = ASN1GeneralizedTime.getInstance(time);
-
-        return this;
-    }
-
     public PKIHeaderBuilder setMessageTime(ASN1GeneralizedTime time)
     {
         messageTime = time;
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cmp/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/cmp/package.html
new file mode 100644
index 0000000..d5ce6b9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cmp/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting PKIX-CMP as described RFC 4210.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attribute.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attribute.java
index 066cf69..8c48743 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attribute.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attribute.java
@@ -7,7 +7,6 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 
 /**
@@ -73,17 +72,6 @@ public class Attribute
         attrValues = (ASN1Set)seq.getObjectAt(1);
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public Attribute(
-        DERObjectIdentifier attrType,
-        ASN1Set             attrValues)
-    {
-        this.attrType = new ASN1ObjectIdentifier(attrType.getId());
-        this.attrValues = attrValues;
-    }
-
     public Attribute(
         ASN1ObjectIdentifier attrType,
         ASN1Set             attrValues)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java
index 02b6cc1..3b8e0be 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java
@@ -8,7 +8,6 @@ import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSet;
 
 /**
@@ -91,14 +90,6 @@ public class AttributeTable
     }
 
     /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public Attribute get(DERObjectIdentifier oid)
-    {
-        return get(new ASN1ObjectIdentifier(oid.getId()));
-    }
-
-    /**
      * Return the first attribute matching the OBJECT IDENTIFIER oid.
      * 
      * @param oid type of attribute required.
@@ -117,14 +108,6 @@ public class AttributeTable
         return (Attribute)value;
     }
 
-     /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public ASN1EncodableVector getAll(DERObjectIdentifier oid)
-    {
-        return getAll(new ASN1ObjectIdentifier(oid.getId()));
-    }
-
     /**
      * Return all the attributes matching the OBJECT IDENTIFIER oid. The vector will be 
      * empty if there are no attributes of the required type present.
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/EncryptedData.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/EncryptedData.java
index 2c83958..080abfc 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/EncryptedData.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/EncryptedData.java
@@ -6,6 +6,7 @@ import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.BERSequence;
 import org.bouncycastle.asn1.BERTaggedObject;
 
@@ -73,7 +74,7 @@ public class EncryptedData
 
         if (seq.size() == 3)
         {
-            this.unprotectedAttrs = ASN1Set.getInstance(seq.getObjectAt(2));
+            this.unprotectedAttrs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(2), false);
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java
index f0eae59..a680e4a 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java
@@ -1,12 +1,12 @@
 package org.bouncycastle.asn1.cms;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
 
@@ -28,12 +28,12 @@ public class RecipientKeyIdentifier
     extends ASN1Object
 {
     private ASN1OctetString      subjectKeyIdentifier;
-    private DERGeneralizedTime   date;
+    private ASN1GeneralizedTime  date;
     private OtherKeyAttribute    other;
 
     public RecipientKeyIdentifier(
         ASN1OctetString         subjectKeyIdentifier,
-        DERGeneralizedTime      date,
+        ASN1GeneralizedTime     date,
         OtherKeyAttribute       other)
     {
         this.subjectKeyIdentifier = subjectKeyIdentifier;
@@ -43,7 +43,7 @@ public class RecipientKeyIdentifier
 
     public RecipientKeyIdentifier(
         byte[]                  subjectKeyIdentifier,
-        DERGeneralizedTime      date,
+        ASN1GeneralizedTime     date,
         OtherKeyAttribute       other)
     {
         this.subjectKeyIdentifier = new DEROctetString(subjectKeyIdentifier);
@@ -71,9 +71,9 @@ public class RecipientKeyIdentifier
         case 1:
             break;
         case 2:
-            if (seq.getObjectAt(1) instanceof DERGeneralizedTime)
+            if (seq.getObjectAt(1) instanceof ASN1GeneralizedTime)
             {
-                date = (DERGeneralizedTime)seq.getObjectAt(1); 
+                date = ASN1GeneralizedTime.getInstance(seq.getObjectAt(1));
             }
             else
             {
@@ -81,7 +81,7 @@ public class RecipientKeyIdentifier
             }
             break;
         case 3:
-            date  = (DERGeneralizedTime)seq.getObjectAt(1);
+            date  = ASN1GeneralizedTime.getInstance(seq.getObjectAt(1));
             other = OtherKeyAttribute.getInstance(seq.getObjectAt(2));
             break;
         default:
@@ -136,7 +136,7 @@ public class RecipientKeyIdentifier
         return subjectKeyIdentifier;
     }
 
-    public DERGeneralizedTime getDate()
+    public ASN1GeneralizedTime getDate()
     {
         return date;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java
index 977fce6..84f12a9 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java
@@ -3,12 +3,15 @@ package org.bouncycastle.asn1.cms;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.Locale;
 import java.util.SimpleTimeZone;
 
 import org.bouncycastle.asn1.ASN1Choice;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1UTCTime;
 import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DERUTCTime;
 
@@ -47,8 +50,8 @@ public class Time
     public Time(
         ASN1Primitive   time)
     {
-        if (!(time instanceof DERUTCTime)
-            && !(time instanceof DERGeneralizedTime))
+        if (!(time instanceof ASN1UTCTime)
+            && !(time instanceof ASN1GeneralizedTime))
         {
             throw new IllegalArgumentException("unknown object passed to Time");
         }
@@ -57,28 +60,61 @@ public class Time
     }
 
     /**
-     * Create a time object from a given date - if the year is in between 1950
+     * Creates a time object from a given date - if the date is between 1950
      * and 2049 a UTCTime object is generated, otherwise a GeneralizedTime
      * is used.
+     *
+     * @param time a date object representing the time of interest.
      */
     public Time(
-        Date    date)
+        Date    time)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
 
         dateF.setTimeZone(tz);
 
-        String  d = dateF.format(date) + "Z";
+        String  d = dateF.format(time) + "Z";
+        int     year = Integer.parseInt(d.substring(0, 4));
+
+        if (year < 1950 || year > 2049)
+        {
+            this.time = new DERGeneralizedTime(d);
+        }
+        else
+        {
+            this.time = new DERUTCTime(d.substring(2));
+        }
+    }
+
+    /**
+     * Creates a time object from a given date and locale - if the date is between 1950
+     * and 2049 a UTCTime object is generated, otherwise a GeneralizedTime
+     * is used. You may need to use this constructor if the default locale
+     * doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible with other ASN.1 implementations.
+     *
+     * @param time a date object representing the time of interest.
+     * @param locale an appropriate Locale for producing an ASN.1 GeneralizedTime value.
+     */
+    public Time(
+        Date    time,
+        Locale locale)
+    {
+        SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
+        SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
+
+        dateF.setTimeZone(tz);
+
+        String  d = dateF.format(time) + "Z";
         int     year = Integer.parseInt(d.substring(0, 4));
 
         if (year < 1950 || year > 2049)
         {
-            time = new DERGeneralizedTime(d);
+            this.time = new DERGeneralizedTime(d);
         }
         else
         {
-            time = new DERUTCTime(d.substring(2));
+            this.time = new DERUTCTime(d.substring(2));
         }
     }
 
@@ -103,13 +139,13 @@ public class Time
         {
             return (Time)obj;
         }
-        else if (obj instanceof DERUTCTime)
+        else if (obj instanceof ASN1UTCTime)
         {
-            return new Time((DERUTCTime)obj);
+            return new Time((ASN1UTCTime)obj);
         }
-        else if (obj instanceof DERGeneralizedTime)
+        else if (obj instanceof ASN1GeneralizedTime)
         {
-            return new Time((DERGeneralizedTime)obj);
+            return new Time((ASN1GeneralizedTime)obj);
         }
 
         throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
@@ -120,13 +156,13 @@ public class Time
      */
     public String getTime()
     {
-        if (time instanceof DERUTCTime)
+        if (time instanceof ASN1UTCTime)
         {
-            return ((DERUTCTime)time).getAdjustedTime();
+            return ((ASN1UTCTime)time).getAdjustedTime();
         }
         else
         {
-            return ((DERGeneralizedTime)time).getTime();
+            return ((ASN1GeneralizedTime)time).getTime();
         }
     }
 
@@ -137,13 +173,13 @@ public class Time
     {
         try
         {
-            if (time instanceof DERUTCTime)
+            if (time instanceof ASN1UTCTime)
             {
-                return ((DERUTCTime)time).getAdjustedDate();
+                return ((ASN1UTCTime)time).getAdjustedDate();
             }
             else
             {
-                return ((DERGeneralizedTime)time).getDate();
+                return ((ASN1GeneralizedTime)time).getDate();
             }
         }
         catch (ParseException e)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ecc/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ecc/package.html
new file mode 100644
index 0000000..9d33025
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ecc/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for CMS ECC - RFC 5753/3278.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/cms/package.html
new file mode 100644
index 0000000..c165a7a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting Cryptographic Message Syntax as described in PKCS#7 and RFC 3369 (formerly RFC 2630).
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/crmf/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/crmf/package.html
new file mode 100644
index 0000000..c804924
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/crmf/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting PKIX-CRMF as described RFC 4211.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java
index fb1d9e9..b0233da 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java
@@ -6,8 +6,8 @@ import java.util.Hashtable;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.math.ec.ECConstants;
 import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.math.ec.ECPoint;
 
 /**
  * table of the available named parameters for GOST 3410-2001.
@@ -26,7 +26,9 @@ public class ECGOST3410NamedCurves
         ECCurve.Fp curve = new ECCurve.Fp(
             mod_p, // p
             new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639316"), // a
-            new BigInteger("166")); // b
+            new BigInteger("166"), // b
+            mod_q,
+            ECConstants.ONE);
 
         ECDomainParameters ecParams = new ECDomainParameters(
             curve,
@@ -43,7 +45,9 @@ public class ECGOST3410NamedCurves
         curve = new ECCurve.Fp(
             mod_p, // p
             new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639316"),
-            new BigInteger("166"));
+            new BigInteger("166"),
+            mod_q,
+            ECConstants.ONE);
 
         ecParams = new ECDomainParameters(
             curve,
@@ -60,7 +64,9 @@ public class ECGOST3410NamedCurves
         curve = new ECCurve.Fp(
             mod_p, // p
             new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564823190"), // a
-            new BigInteger("28091019353058090096996979000309560759124368558014865957655842872397301267595")); // b
+            new BigInteger("28091019353058090096996979000309560759124368558014865957655842872397301267595"), // b
+            mod_q,
+            ECConstants.ONE);
 
         ecParams = new ECDomainParameters(
             curve,
@@ -77,7 +83,9 @@ public class ECGOST3410NamedCurves
         curve = new ECCurve.Fp(
             mod_p, // p
             new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502616"),
-            new BigInteger("32858"));
+            new BigInteger("32858"),
+            mod_q,
+            ECConstants.ONE);
 
         ecParams = new ECDomainParameters(
             curve,
@@ -93,7 +101,9 @@ public class ECGOST3410NamedCurves
         curve = new ECCurve.Fp(
             mod_p, // p
             new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502616"), // a
-            new BigInteger("32858")); // b
+            new BigInteger("32858"), // b
+            mod_q,
+            ECConstants.ONE);
 
         ecParams = new ECDomainParameters(
             curve,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cryptopro/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/cryptopro/package.html
new file mode 100644
index 0000000..2b0af9e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cryptopro/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for CRYPTO-PRO related objects - such as GOST identifiers.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/dvcs/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/dvcs/package.html
new file mode 100644
index 0000000..a941922
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/dvcs/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and processing Data Validation and Certification Server (DVCS) protocols as described in RFC 3029.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/eac/CVCertificate.java b/bcprov/src/main/java/org/bouncycastle/asn1/eac/CVCertificate.java
index 845925c..7bbd7f1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/eac/CVCertificate.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/eac/CVCertificate.java
@@ -15,7 +15,6 @@ import org.bouncycastle.asn1.DEROctetString;
 
 /**
  * an iso7816Certificate structure.
- * <p/>
  * <pre>
  *  Certificate ::= SEQUENCE {
  *      CertificateBody         Iso7816CertificateBody,
@@ -85,7 +84,6 @@ public class CVCertificate
      * Create an iso7816Certificate structure from an ASN1InputStream.
      *
      * @param aIS the byte stream to parse.
-     * @return the Iso7816CertificateStructure represented by the byte stream.
      * @throws IOException if there is a problem parsing the data.
      */
     public CVCertificate(ASN1InputStream aIS)
@@ -129,7 +127,6 @@ public class CVCertificate
      *
      * @param body the Iso7816CertificateBody object containing the body.
      * @param signature   the byte array containing the signature
-     * @return the Iso7816CertificateStructure
      * @throws IOException if there is a problem parsing the data.
      */
     public CVCertificate(CertificateBody body, byte[] signature)
@@ -147,7 +144,6 @@ public class CVCertificate
      *
      * @param obj the Object to extract the certificate from.
      * @return the Iso7816CertificateStructure represented by the byte stream.
-     * @throws IOException if there is a problem parsing the data.
      */
     public static CVCertificate getInstance(Object obj)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/eac/CertificateBody.java b/bcprov/src/main/java/org/bouncycastle/asn1/eac/CertificateBody.java
index 87d6554..04c4d70 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/eac/CertificateBody.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/eac/CertificateBody.java
@@ -13,7 +13,6 @@ import org.bouncycastle.asn1.DEROctetString;
 
 /**
  * an Iso7816CertificateBody structure.
- * <p/>
  * <pre>
  *  CertificateBody ::= SEQUENCE {
  *      // version of the certificate format. Must be 0 (version 1)
@@ -128,7 +127,6 @@ public class CertificateBody
      * @param certificateHolderAuthorization
      * @param certificateEffectiveDate
      * @param certificateExpirationDate
-     * @throws IOException
      */
     public CertificateBody(
         DERApplicationSpecific certificateProfileIdentifier,
@@ -276,7 +274,6 @@ public class CertificateBody
      * create a "request" or "profile" type Iso7816CertificateBody according to the variables sets.
      *
      * @return return the ASN1Primitive representing the "request" or "profile" type certificate body.
-     * @throws IOException if the DERApplicationSpecific cannot be created or if data are missings to create a valid certificate.
      */
     public ASN1Primitive toASN1Primitive()
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/eac/CertificateHolderAuthorization.java b/bcprov/src/main/java/org/bouncycastle/asn1/eac/CertificateHolderAuthorization.java
index 93ae57f..ba8486a 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/eac/CertificateHolderAuthorization.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/eac/CertificateHolderAuthorization.java
@@ -13,7 +13,6 @@ import org.bouncycastle.util.Integers;
 
 /**
  * an Iso7816CertificateHolderAuthorization structure.
- * <p/>
  * <pre>
  *  Certificate Holder Authorization ::= SEQUENCE {
  *      // specifies the format and the rules for the evaluation of the authorization
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java
index 77416dc..805a506 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java
@@ -4,17 +4,17 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 /**
  * German Federal Office for Information Security
- * (Bundesamt für Sicherheit in der Informationstechnik)
+ * (Bundesamt f&uuml;r Sicherheit in der Informationstechnik)
  * <a href="http://www.bsi.bund.de/">http://www.bsi.bund.de/</a>
  * <p>
  * <a href="https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html">BSI TR-03110</a>
  * Technical Guideline Advanced Security Mechanisms for Machine Readable Travel Documents
  * <p>
- * <a href="https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03110/TR-03110_v2.1_P3pdf.pdf?__blob=publicationFile">Technical Guideline TR-03110-3</a>
+ * <a href="https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03110/TR-03110_v2.1_P3pdf.pdf">
+ * Technical Guideline TR-03110-3</a>
  * Advanced Security Mechanisms for Machine Readable Travel Documents;
  * Part 3: Common Specifications.
  */
-
 public interface EACObjectIdentifiers
 {
     /**
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/eac/ECDSAPublicKey.java b/bcprov/src/main/java/org/bouncycastle/asn1/eac/ECDSAPublicKey.java
index 3dd22fc..077807f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/eac/ECDSAPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/eac/ECDSAPublicKey.java
@@ -15,7 +15,6 @@ import org.bouncycastle.asn1.DERTaggedObject;
 
 /**
  * an Iso7816ECDSAPublicKeyStructure structure.
- * <p/>
  * <pre>
  *  Certificate Holder Authorization ::= SEQUENCE {
  *      ASN1TaggedObject primeModulusP;        // OPTIONAL
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/eac/PackedDate.java b/bcprov/src/main/java/org/bouncycastle/asn1/eac/PackedDate.java
index 29b0881..e19c96f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/eac/PackedDate.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/eac/PackedDate.java
@@ -3,6 +3,7 @@ package org.bouncycastle.asn1.eac;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.Locale;
 import java.util.SimpleTimeZone;
 
 import org.bouncycastle.util.Arrays;
@@ -21,7 +22,9 @@ public class PackedDate
     }
 
     /**
-     * base constructer from a java.util.date object
+     * Base constructor from a java.util.date object.
+     *
+     * @param time a date object representing the time of interest.
      */
     public PackedDate(
         Date time)
@@ -33,6 +36,24 @@ public class PackedDate
         this.time = convert(dateF.format(time));
     }
 
+    /**
+     * Base constructor from a java.util.date object. You may need to use this constructor if the default locale
+     * doesn't use a Gregorian calender so that the PackedDate produced is compatible with other ASN.1 implementations.
+     *
+     * @param time a date object representing the time of interest.
+     * @param locale an appropriate Locale for producing an ASN.1 GeneralizedTime value.
+     */
+    public PackedDate(
+        Date time,
+        Locale locale)
+    {
+        SimpleDateFormat dateF = new SimpleDateFormat("yyMMdd'Z'", locale);
+
+        dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
+
+        this.time = convert(dateF.format(time));
+    }
+
     private byte[] convert(String sTime)
     {
         char[] digs = sTime.toCharArray();
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/eac/RSAPublicKey.java b/bcprov/src/main/java/org/bouncycastle/asn1/eac/RSAPublicKey.java
index 7c85169..3e1727e 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/eac/RSAPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/eac/RSAPublicKey.java
@@ -12,7 +12,6 @@ import org.bouncycastle.asn1.DERSequence;
 
 /**
  * an Iso7816RSAPublicKeyStructure structure.
- * <p/>
  * <pre>
  *  Certificate Holder Authorization ::= SEQUENCE {
  *      // modulus should be at least 1024bit and a multiple of 512.
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/eac/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/eac/package.html
new file mode 100644
index 0000000..360d598
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/eac/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+ASN.1 classes specific to the Bundesamt f&uuml;r Sicherheit in der Informationstechnik (BSI) Technical Guideline Advanced Security Mechanisms for Machine Readable Travel Documents.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/esf/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/esf/package.html
new file mode 100644
index 0000000..de27367
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/esf/package.html
@@ -0,0 +1,6 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting [ESF] RFC3126 
+Electronic Signature Formats for long term electronic signatures.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java b/bcprov/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java
index 93d9d0c..462d968 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java
@@ -6,7 +6,6 @@ import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERUTF8String;
 
@@ -47,25 +46,6 @@ public class ContentHints
         }
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public ContentHints(
-        DERObjectIdentifier contentType)
-    {
-        this(new ASN1ObjectIdentifier(contentType.getId()));
-    }
-
-        /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public ContentHints(
-        DERObjectIdentifier contentType,
-        DERUTF8String contentDescription)
-    {
-        this(new ASN1ObjectIdentifier(contentType.getId()), contentDescription);
-    }
-
     public ContentHints(
         ASN1ObjectIdentifier contentType)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ess/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/ess/package.html
new file mode 100644
index 0000000..21854b3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ess/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting Enhanced Security Services for S/MIME as described RFC 2634 and RFC 5035.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/gnu/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/gnu/package.html
new file mode 100644
index 0000000..cdb9f59
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/gnu/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+ASN.1 classes specific to the GNU APIs and applications.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/iana/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/iana/package.html
new file mode 100644
index 0000000..bb60b43
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/iana/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+ASN.1 classes specific to the Internet Assigned Numbers Authority (IANA).
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java b/bcprov/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java
index 2cae261..ff629f2 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java
@@ -13,7 +13,7 @@ import org.bouncycastle.asn1.x509.Certificate;
 /**
  * The CscaMasterList object. This object can be wrapped in a
  * CMSSignedData to be published in LDAP.
- * <p/>
+ *
  * <pre>
  * CscaMasterList ::= SEQUENCE {
  *   version                CscaMasterListVersion,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/icao/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/icao/package.html
new file mode 100644
index 0000000..f2301db
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/icao/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+ICAO ASN.1 classes for electronic passport.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
index 932d300..dff3d84 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
@@ -19,8 +19,6 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
  * the expiry of the corresponding certificate. Hence, clients MUST support this
  * extension. If a positive statement of availability is to be delivered, this
  * extension syntax and OID MUST be used.
- * <p/>
- * <p/>
  * <pre>
  *     CertHash ::= SEQUENCE {
  *       hashAlgorithm AlgorithmIdentifier,
@@ -53,16 +51,15 @@ public class CertHash
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
+     * <p>
      * The sequence is of type CertHash:
-     * <p/>
      * <pre>
      *     CertHash ::= SEQUENCE {
      *       hashAlgorithm AlgorithmIdentifier,
      *       certificateHash OCTET STRING
      *     }
      * </pre>
-     *
+     * </p>
      * @param seq The ASN.1 sequence.
      */
     private CertHash(ASN1Sequence seq)
@@ -102,9 +99,8 @@ public class CertHash
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *     CertHash ::= SEQUENCE {
      *       hashAlgorithm AlgorithmIdentifier,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java
index cffcc5a..5c12016 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java
@@ -16,7 +16,7 @@ import org.bouncycastle.asn1.x509.Certificate;
  * ISIS-MTT-Optional: The certificate requested by the client by inserting the
  * RetrieveIfAllowed extension in the request, will be returned in this
  * extension.
- * <p/>
+ * <p>
  * ISIS-MTT-SigG: The signature act allows publishing certificates only then,
  * when the certificate owner gives his explicit permission. Accordingly, there
  * may be �nondownloadable� certificates, about which the responder must provide
@@ -36,7 +36,6 @@ import org.bouncycastle.asn1.x509.Certificate;
  * Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If
  * any of the OCTET STRING options is used, it MUST contain the DER encoding of
  * the requested certificate.
- * <p/>
  * <pre>
  *            RequestedCertificate ::= CHOICE {
  *              Certificate Certificate,
@@ -105,7 +104,7 @@ public class RequestedCertificate
 
     /**
      * Constructor from a given details.
-     * <p/>
+     * <p>
      * Only one parameter can be given. All other must be <code>null</code>.
      *
      * @param certificate          Given as Certificate
@@ -155,9 +154,8 @@ public class RequestedCertificate
     
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *            RequestedCertificate ::= CHOICE {
      *              Certificate Certificate,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/package.html
new file mode 100644
index 0000000..cd95ca3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for the ISIS-MTT profile for OCSP.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/package.html
new file mode 100644
index 0000000..14ab390
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for the ISIS-MTT Project.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java
index ff9ed12..55c7d43 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java
@@ -54,9 +54,8 @@ public class AdditionalInformationSyntax
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *   AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
      * </pre>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java
index 202373e..4943d52 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java
@@ -11,28 +11,28 @@ import org.bouncycastle.asn1.x509.GeneralName;
 
 /**
  * Attribute to indicate admissions to certain professions.
- * <p/>
+ *
  * <pre>
  *     AdmissionSyntax ::= SEQUENCE
  *     {
  *       admissionAuthority GeneralName OPTIONAL,
  *       contentsOfAdmissions SEQUENCE OF Admissions
  *     }
- * <p/>
+ *
  *     Admissions ::= SEQUENCE
  *     {
  *       admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
  *       namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
  *       professionInfos SEQUENCE OF ProfessionInfo
  *     }
- * <p/>
+ *
  *     NamingAuthority ::= SEQUENCE
  *     {
  *       namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
  *       namingAuthorityUrl IA5String OPTIONAL,
  *       namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
  *     }
- * <p/>
+ *
  *     ProfessionInfo ::= SEQUENCE
  *     {
  *       namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
@@ -42,8 +42,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  *       addProfessionInfo OCTET STRING OPTIONAL
  *     }
  * </pre>
- * <p/>
- * <p/>
+ * <p>
  * ISIS-MTT PROFILE: The relatively complex structure of AdmissionSyntax
  * supports the following concepts and requirements:
  * <ul>
@@ -68,7 +67,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  * component namingAuthorityId are grouped under the OID-branch
  * id-isis-at-namingAuthorities and must be applied for.
  * <li>See
- * http://www.teletrust.de/anwend.asp?Id=30200&Sprache=E_&HomePG=0 for
+ * http://www.teletrust.de/anwend.asp?Id=30200&amp;Sprache=E_&amp;HomePG=0 for
  * an application form and http://www.teletrust.de/links.asp?id=30220,11
  * for an overview of registered naming authorities.
  * <li> By means of the data type ProfessionInfo certain professions,
@@ -80,7 +79,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  * addProfessionInfo may contain additional applicationspecific information in
  * DER-encoded form.
  * </ul>
- * <p/>
+ * <p>
  * By means of different namingAuthority-OIDs or profession OIDs hierarchies of
  * professions, specializations, disciplines, fields of activity, etc. can be
  * expressed. The issuing admission authority should always be indicated (field
@@ -89,9 +88,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  * naming authority by the exclusive use of the component professionItems. In
  * this case the certification authority is responsible for the verification of
  * the admission information.
- * <p/>
- * <p/>
- * <p/>
+ * <p>
  * This attribute is single-valued. Still, several admissions can be captured in
  * the sequence structure of the component contentsOfAdmissions of
  * AdmissionSyntax or in the component professionInfos of Admissions. The
@@ -102,7 +99,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  * value for the component namingAuthority of ProfessionInfo. Within the latter
  * component the default value can be overwritten, in case that another naming
  * authority needs to be recorded.
- * <p/>
+ * <p>
  * The length of the string objects is limited to 128 characters. It is
  * recommended to indicate a namingAuthorityURL in all issued attribute
  * certificates. If a namingAuthorityURL is indicated, the field professionItems
@@ -143,30 +140,29 @@ public class AdmissionSyntax
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
+     * <p>
      * The sequence is of type ProcurationSyntax:
-     * <p/>
      * <pre>
      *     AdmissionSyntax ::= SEQUENCE
      *     {
      *       admissionAuthority GeneralName OPTIONAL,
      *       contentsOfAdmissions SEQUENCE OF Admissions
      *     }
-     * <p/>
+     *
      *     Admissions ::= SEQUENCE
      *     {
      *       admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
      *       namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
      *       professionInfos SEQUENCE OF ProfessionInfo
      *     }
-     * <p/>
+     *
      *     NamingAuthority ::= SEQUENCE
      *     {
      *       namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
      *       namingAuthorityUrl IA5String OPTIONAL,
      *       namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
      *     }
-     * <p/>
+     *
      *     ProfessionInfo ::= SEQUENCE
      *     {
      *       namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
@@ -176,7 +172,7 @@ public class AdmissionSyntax
      *       addProfessionInfo OCTET STRING OPTIONAL
      *     }
      * </pre>
-     *
+     * </p>
      * @param seq The ASN.1 sequence.
      */
     private AdmissionSyntax(ASN1Sequence seq)
@@ -209,30 +205,29 @@ public class AdmissionSyntax
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *     AdmissionSyntax ::= SEQUENCE
      *     {
      *       admissionAuthority GeneralName OPTIONAL,
      *       contentsOfAdmissions SEQUENCE OF Admissions
      *     }
-     * <p/>
+     *
      *     Admissions ::= SEQUENCE
      *     {
      *       admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
      *       namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
      *       professionInfos SEQUENCE OF ProfessionInfo
      *     }
-     * <p/>
+     *
      *     NamingAuthority ::= SEQUENCE
      *     {
      *       namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
      *       namingAuthorityUrl IA5String OPTIONAL,
      *       namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
      *     }
-     * <p/>
+     *
      *     ProfessionInfo ::= SEQUENCE
      *     {
      *       namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java
index 3a5ef24..bda1514 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java
@@ -14,7 +14,6 @@ import org.bouncycastle.asn1.x509.GeneralName;
 
 /**
  * An Admissions structure.
- * <p/>
  * <pre>
  *            Admissions ::= SEQUENCE
  *            {
@@ -22,7 +21,6 @@ import org.bouncycastle.asn1.x509.GeneralName;
  *              namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
  *              professionInfos SEQUENCE OF ProfessionInfo
  *            }
- * <p/>
  * </pre>
  *
  * @see org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax
@@ -56,9 +54,8 @@ public class Admissions
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
+     * <p>
      * The sequence is of type ProcurationSyntax:
-     * <p/>
      * <pre>
      *            Admissions ::= SEQUENCE
      *            {
@@ -67,7 +64,7 @@ public class Admissions
      *              professionInfos SEQUENCE OF ProfessionInfo
      *            }
      * </pre>
-     *
+     * </p>
      * @param seq The ASN.1 sequence.
      */
     private Admissions(ASN1Sequence seq)
@@ -117,7 +114,7 @@ public class Admissions
 
     /**
      * Constructor from a given details.
-     * <p/>
+     * <p>
      * Parameter <code>professionInfos</code> is mandatory.
      *
      * @param admissionAuthority The admission authority.
@@ -155,9 +152,8 @@ public class Admissions
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *       Admissions ::= SEQUENCE
      *       {
@@ -165,7 +161,6 @@ public class Admissions
      *         namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
      *         professionInfos SEQUENCE OF ProfessionInfo
      *       }
-     * <p/>
      * </pre>
      *
      * @return an ASN1Primitive
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java
index 20887ce..987c590 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java
@@ -15,7 +15,7 @@ import org.bouncycastle.asn1.DERTaggedObject;
 
 /**
  * A declaration of majority.
- * <p/>
+ *
  * <pre>
  *           DeclarationOfMajoritySyntax ::= CHOICE
  *           {
@@ -28,7 +28,7 @@ import org.bouncycastle.asn1.DERTaggedObject;
  *             dateOfBirth [2] IMPLICIT GeneralizedTime
  *           }
  * </pre>
- * <p/>
+ * <p>
  * fullAgeAtCountry indicates the majority of the owner with respect to the laws
  * of a specific country.
  */
@@ -101,9 +101,8 @@ public class DeclarationOfMajority
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *           DeclarationOfMajoritySyntax ::= CHOICE
      *           {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java
index 1b10199..7425287 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java
@@ -17,11 +17,10 @@ import org.bouncycastle.asn1.DERSequence;
  * since January 1, 2004. For the sake of backward compatibility with
  * certificates already in use, components SHOULD support MonetaryLimit (as well
  * as QcEuLimitValue).
- * <p/>
+ * <p>
  * Indicates a monetary limit within which the certificate holder is authorized
  * to act. (This value DOES NOT express a limit on the liability of the
  * certification authority).
- * <p/>
  * <pre>
  *    MonetaryLimitSyntax ::= SEQUENCE
  *    {
@@ -30,9 +29,9 @@ import org.bouncycastle.asn1.DERSequence;
  *      exponent INTEGER
  *    }
  * </pre>
- * <p/>
+ * <p>
  * currency must be the ISO code.
- * <p/>
+ * <p>
  * value = amount�10*exponent
  */
 public class MonetaryLimit
@@ -72,8 +71,7 @@ public class MonetaryLimit
 
     /**
      * Constructor from a given details.
-     * <p/>
-     * <p/>
+     * <p>
      * value = amount�10^exponent
      *
      * @param currency The currency. Must be the ISO code.
@@ -104,9 +102,8 @@ public class MonetaryLimit
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *    MonetaryLimitSyntax ::= SEQUENCE
      *    {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
index 237f5e5..9a123c3 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
@@ -11,7 +11,6 @@ import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1String;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
 import org.bouncycastle.asn1.x500.DirectoryString;
@@ -71,8 +70,6 @@ public class NamingAuthority
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
-     * <p/>
      * <pre>
      *             NamingAuthority ::= SEQUENCE
      *             {
@@ -173,27 +170,9 @@ public class NamingAuthority
         return namingAuthorityUrl;
     }
 
-        /**
-     * Constructor from given details.
-     * <p/>
-     * All parameters can be combined.
-     *
-     * @param namingAuthorityId   ObjectIdentifier for naming authority.
-     * @param namingAuthorityUrl  URL for naming authority.
-     * @param namingAuthorityText Textual representation of naming authority.
-         * @deprecated use ASN1ObjectIdentifier method
-     */
-    public NamingAuthority(DERObjectIdentifier namingAuthorityId,
-                           String namingAuthorityUrl, DirectoryString namingAuthorityText)
-    {
-        this.namingAuthorityId = new ASN1ObjectIdentifier(namingAuthorityId.getId());
-        this.namingAuthorityUrl = namingAuthorityUrl;
-        this.namingAuthorityText = namingAuthorityText;
-    }
-
     /**
      * Constructor from given details.
-     * <p/>
+     * <p>
      * All parameters can be combined.
      *
      * @param namingAuthorityId   ObjectIdentifier for naming authority.
@@ -210,9 +189,8 @@ public class NamingAuthority
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *             NamingAuthority ::= SEQUENCE
      *             {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java
index 0a64f8e..506f75a 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java
@@ -75,23 +75,22 @@ public class ProcurationSyntax
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
+     * <p>
      * The sequence is of type ProcurationSyntax:
-     * <p/>
      * <pre>
      *               ProcurationSyntax ::= SEQUENCE {
      *                 country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
      *                 typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
      *                 signingFor [3] EXPLICIT SigningFor
      *               }
-     * <p/>
+     *
      *               SigningFor ::= CHOICE
      *               {
      *                 thirdPerson GeneralName,
      *                 certRef IssuerSerial
      *               }
      * </pre>
-     *
+     * </p>
      * @param seq The ASN.1 sequence.
      */
     private ProcurationSyntax(ASN1Sequence seq)
@@ -132,8 +131,7 @@ public class ProcurationSyntax
 
     /**
      * Constructor from a given details.
-     * <p/>
-     * <p/>
+     * <p>
      * Either <code>generalName</code> or <code>certRef</code> MUST be
      * <code>null</code>.
      *
@@ -154,8 +152,7 @@ public class ProcurationSyntax
 
     /**
      * Constructor from a given details.
-     * <p/>
-     * <p/>
+     * <p>
      * Either <code>generalName</code> or <code>certRef</code> MUST be
      * <code>null</code>.
      *
@@ -196,16 +193,15 @@ public class ProcurationSyntax
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *               ProcurationSyntax ::= SEQUENCE {
      *                 country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
      *                 typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
      *                 signingFor [3] EXPLICIT SigningFor
      *               }
-     * <p/>
+     *
      *               SigningFor ::= CHOICE
      *               {
      *                 thirdPerson GeneralName,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java
index 081d9af..e0f94be 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java
@@ -178,8 +178,6 @@ public class ProfessionInfo
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
-     * <p/>
      * <pre>
      *               ProfessionInfo ::= SEQUENCE
      *               {
@@ -274,7 +272,7 @@ public class ProfessionInfo
 
     /**
      * Constructor from given details.
-     * <p/>
+     * <p>
      * <code>professionItems</code> is mandatory, all other parameters are
      * optional.
      *
@@ -311,9 +309,8 @@ public class ProfessionInfo
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *               ProfessionInfo ::= SEQUENCE
      *               {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java
index c2a2a41..1a72bea 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java
@@ -6,7 +6,7 @@ import org.bouncycastle.asn1.x500.DirectoryString;
 
 /**
  * Some other restriction regarding the usage of this certificate.
- * <p/>
+ *
  * <pre>
  *  RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
  * </pre>
@@ -33,13 +33,12 @@ public class Restriction
 
     /**
      * Constructor from DirectoryString.
-     * <p/>
+     * <p>
      * The DirectoryString is of type RestrictionSyntax:
-     * <p/>
      * <pre>
      *      RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
      * </pre>
-     *
+     * </p>
      * @param restriction A DirectoryString.
      */
     private Restriction(DirectoryString restriction)
@@ -64,12 +63,10 @@ public class Restriction
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *      RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-     * <p/>
      * </pre>
      *
      * @return a DERObject
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/package.html
new file mode 100644
index 0000000..fa411ec
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/isismtt/x509/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for the ISIS-MTT X.509 Certificate Extensions.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/kisa/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/kisa/package.html
new file mode 100644
index 0000000..48b5afd
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/kisa/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for the Korea Information Security Agency (KISA) standard - SEED algorithm.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.java
index 8ba2cf5..a7b651a 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.java
@@ -21,6 +21,8 @@ public interface MicrosoftObjectIdentifiers
     static final ASN1ObjectIdentifier    microsoftCaVersion      = microsoft.branch("21.1");
     /** OID: 1.3.6.1.4.1.311.21.2 */
     static final ASN1ObjectIdentifier    microsoftPrevCaCertHash = microsoft.branch("21.2");
+    /** OID: 1.3.6.1.4.1.311.21.4 */
+    static final ASN1ObjectIdentifier    microsoftCrlNextPublish = microsoft.branch("21.4");
     /** OID: 1.3.6.1.4.1.311.21.7 */
     static final ASN1ObjectIdentifier    microsoftCertTemplateV2 = microsoft.branch("21.7");
     /** OID: 1.3.6.1.4.1.311.21.10 */
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/microsoft/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/microsoft/package.html
new file mode 100644
index 0000000..35d1248
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/microsoft/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support for Microsoft specific ASN.1 classes and object identifiers.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
index 6aff988..098656c 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
@@ -35,9 +35,16 @@ public interface MiscObjectIdentifiers
     static final ASN1ObjectIdentifier   verisign                = new ASN1ObjectIdentifier("2.16.840.1.113733.1");
 
     /** Verisign CZAG (Country,Zip,Age,Gender) Extension OID: 2.16.840.1.113733.1.6.3 */
-    static final ASN1ObjectIdentifier    verisignCzagExtension   = verisign.branch("6.3");
-    /** Verisign D&B D-U-N-S number Extension OID: 2.16.840.1.113733.1.6.15 */
-    static final ASN1ObjectIdentifier    verisignDnbDunsNumber   = verisign.branch("6.15");
+    static final ASN1ObjectIdentifier   verisignCzagExtension   = verisign.branch("6.3");
+
+    static final ASN1ObjectIdentifier   verisignPrivate_6_9     = verisign.branch("6.9");
+    static final ASN1ObjectIdentifier   verisignOnSiteJurisdictionHash = verisign.branch("6.11");
+    static final ASN1ObjectIdentifier   verisignBitString_6_13   = verisign.branch("6.13");
+
+    /** Verisign D&amp;B D-U-N-S number Extension OID: 2.16.840.1.113733.1.6.15 */
+    static final ASN1ObjectIdentifier   verisignDnbDunsNumber   = verisign.branch("6.15");
+
+    static final ASN1ObjectIdentifier   verisignIssStrongCrypto = verisign.branch("8.1");
 
     //
     // Novell
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/misc/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/misc/package.html
new file mode 100644
index 0000000..e3bda64
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/misc/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Miscellaneous object identifiers and objects.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/mozilla/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/mozilla/package.html
new file mode 100644
index 0000000..40776b0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/mozilla/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding objects used by mozilla.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/nist/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/nist/package.html
new file mode 100644
index 0000000..1cdca76
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/nist/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for NIST related objects.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ntt/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/ntt/package.html
new file mode 100644
index 0000000..4b9d05d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ntt/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+ASN.1 classes relevant to the standards produced by Nippon Telegraph and Telephone.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java
index e14fe29..f5a3581 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java
@@ -9,7 +9,6 @@ import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DERIA5String;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
@@ -39,7 +38,7 @@ public class CrlID
                 crlNum = ASN1Integer.getInstance(o, true);
                 break;
             case 2:
-                crlTime = DERGeneralizedTime.getInstance(o, true);
+                crlTime = ASN1GeneralizedTime.getInstance(o, true);
                 break;
             default:
                 throw new IllegalArgumentException(
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java
index f8ea8f7..577e413 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java
@@ -3,7 +3,7 @@ package org.bouncycastle.asn1.ocsp;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 /**
- * OIDs for <a href="http://tools.ietf.org/html/rfc2560">RFC 2560</a>
+ * OIDs for <a href="http://tools.ietf.org/html/rfc2560">RFC 2560</a> and <a href="http://tools.ietf.org/html/rfc6960">RFC 6960</a>
  * Online Certificate Status Protocol - OCSP.
  */
 public interface OCSPObjectIdentifiers
@@ -26,4 +26,9 @@ public interface OCSPObjectIdentifiers
     static final ASN1ObjectIdentifier id_pkix_ocsp_archive_cutoff  = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.48.1.6");
     /** OID: 1.3.6.1.5.5.7.48.1.7 */
     static final ASN1ObjectIdentifier id_pkix_ocsp_service_locator = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.48.1.7");
+
+
+    static final ASN1ObjectIdentifier id_pkix_ocsp_pref_sig_algs = id_pkix_ocsp.branch("8");
+
+    static final ASN1ObjectIdentifier id_pkix_ocsp_extended_revoke = id_pkix_ocsp.branch("9");
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java
index e2a9f95..6874b22 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java
@@ -7,7 +7,6 @@ import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.x509.Extensions;
@@ -49,7 +48,7 @@ public class ResponseData
      */
     public ResponseData(
         ResponderID         responderID,
-        DERGeneralizedTime  producedAt,
+        ASN1GeneralizedTime  producedAt,
         ASN1Sequence        responses,
         X509Extensions responseExtensions)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java
index ca5a5c4..0dc2a91 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java
@@ -6,7 +6,6 @@ import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.x509.Extensions;
@@ -32,31 +31,13 @@ public class SingleResponse
     public SingleResponse(
         CertID              certID,
         CertStatus          certStatus,
-        DERGeneralizedTime  thisUpdate,
-        DERGeneralizedTime  nextUpdate,
+        ASN1GeneralizedTime thisUpdate,
+        ASN1GeneralizedTime nextUpdate,
         X509Extensions singleExtensions)
     {
         this(certID, certStatus, thisUpdate, nextUpdate, Extensions.getInstance(singleExtensions));
     }
 
-    /**
-     * @deprecated use method taking ASN1GeneralizedTime and Extensions
-     * @param certID
-     * @param certStatus
-     * @param thisUpdate
-     * @param nextUpdate
-     * @param singleExtensions
-     */
-    public SingleResponse(
-        CertID              certID,
-        CertStatus          certStatus,
-        DERGeneralizedTime thisUpdate,
-        DERGeneralizedTime nextUpdate,
-        Extensions          singleExtensions)
-    {
-        this(certID, certStatus, ASN1GeneralizedTime.getInstance(thisUpdate), ASN1GeneralizedTime.getInstance(nextUpdate), Extensions.getInstance(singleExtensions));
-    }
-
     public SingleResponse(
         CertID              certID,
         CertStatus          certStatus,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/package.html
new file mode 100644
index 0000000..22c560d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting OCSP objects.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java b/bcprov/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java
index c6a2965..d654d03 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java
@@ -23,7 +23,7 @@ public class ElGamalParameter
         this.g = new ASN1Integer(g);
     }
 
-    public ElGamalParameter(
+    private ElGamalParameter(
         ASN1Sequence  seq)
     {
         Enumeration     e = seq.getObjects();
@@ -32,6 +32,20 @@ public class ElGamalParameter
         g = (ASN1Integer)e.nextElement();
     }
 
+    public static ElGamalParameter getInstance(Object o)
+    {
+        if (o instanceof ElGamalParameter)
+        {
+            return (ElGamalParameter)o;
+        }
+        else if (o != null)
+        {
+            return new ElGamalParameter(ASN1Sequence.getInstance(o));
+        }
+
+        return null;
+    }
+
     public BigInteger getP()
     {
         return p.getPositiveValue();
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/oiw/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/oiw/package.html
new file mode 100644
index 0000000..44eb2fe
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/oiw/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Objects and OID for the support of ISO OIW.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/package.html
new file mode 100644
index 0000000..1ac16a5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+A library for parsing and writing ASN.1 objects. Support is provided for DER and BER encoding.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java
index b91c1a5..0620873 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java
@@ -56,19 +56,19 @@ public class CRLBag
 
     /**
      * <pre>
-     CRLBag ::= SEQUENCE {
-     crlId  BAG-TYPE.&id ({CRLTypes}),
-     crlValue  [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId})
-     }
-
-     x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}
-     -- DER-encoded X.509 CRL stored in OCTET STRING
-
-     CRLTypes BAG-TYPE ::= {
-     x509CRL,
-     ... -- For future extensions
-     }
-       </pre>
+     * CRLBag ::= SEQUENCE {
+     * crlId  BAG-TYPE.&amp;id ({CRLTypes}),
+     * crlValue  [0] EXPLICIT BAG-TYPE.&amp;Type ({CRLTypes}{@crlId})
+     * }
+     *
+     * x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}
+     * -- DER-encoded X.509 CRL stored in OCTET STRING
+	 *
+     * CRLTypes BAG-TYPE ::= {
+     * x509CRL,
+     * ... -- For future extensions
+     * }
+     * </pre>
      */
     public ASN1Primitive toASN1Primitive()
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
index c9c14fe..fb418ae 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
@@ -25,8 +25,8 @@ import org.bouncycastle.asn1.x509.X509Name;
  *  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
  *
  *  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
- *    type    ATTRIBUTE.&id({IOSet}),
- *    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
+ *    type    ATTRIBUTE.&amp;id({IOSet}),
+ *    values  SET SIZE(1..MAX) OF ATTRIBUTE.&amp;Type({IOSet}{\@type})
  *  }
  * </pre>
  */
@@ -67,18 +67,18 @@ public class CertificationRequestInfo
      * @param attributes any attributes to be associated with the request.
      */
     public CertificationRequestInfo(
-        X500Name subject,
+        X500Name                subject,
         SubjectPublicKeyInfo    pkInfo,
         ASN1Set                 attributes)
     {
-        this.subject = subject;
-        this.subjectPKInfo = pkInfo;
-        this.attributes = attributes;
-
-        if ((subject == null) || (version == null) || (subjectPKInfo == null))
+        if ((subject == null) || (pkInfo == null))
         {
             throw new IllegalArgumentException("Not all mandatory fields set in CertificationRequestInfo generator.");
         }
+
+        this.subject = subject;
+        this.subjectPKInfo = pkInfo;
+        this.attributes = attributes;
     }
 
     /**
@@ -89,14 +89,14 @@ public class CertificationRequestInfo
         SubjectPublicKeyInfo    pkInfo,
         ASN1Set                 attributes)
     {
-        this.subject = X500Name.getInstance(subject.toASN1Primitive());
-        this.subjectPKInfo = pkInfo;
-        this.attributes = attributes;
-
-        if ((subject == null) || (version == null) || (subjectPKInfo == null))
+        if ((subject == null) || (pkInfo == null))
         {
             throw new IllegalArgumentException("Not all mandatory fields set in CertificationRequestInfo generator.");
         }
+        
+        this.subject = X500Name.getInstance(subject.toASN1Primitive());
+        this.subjectPKInfo = pkInfo;
+        this.attributes = attributes;
     }
 
     /**
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
index c885a6c..848f4fc 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
@@ -25,7 +25,7 @@ public class EncryptionScheme
         this.algId = AlgorithmIdentifier.getInstance(seq);
     }
 
-    public static final EncryptionScheme getInstance(Object obj)
+    public static EncryptionScheme getInstance(Object obj)
     {
         if (obj instanceof EncryptionScheme)
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
index 3b40836..83804f3 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
@@ -25,7 +25,7 @@ public class KeyDerivationFunc
         this.algId = AlgorithmIdentifier.getInstance(seq);
     }
 
-    public static final KeyDerivationFunc getInstance(Object obj)
+    public static KeyDerivationFunc getInstance(Object obj)
     {
         if (obj instanceof KeyDerivationFunc)
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
index dad8650..7f02e70 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
@@ -68,7 +68,7 @@ public class PrivateKeyInfo
     }
 
     /**
-     * @deprectaed use PrivateKeyInfo.getInstance()
+     * @deprecated use PrivateKeyInfo.getInstance()
      * @param seq
      */
     public PrivateKeyInfo(
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/package.html
new file mode 100644
index 0000000..ab800f4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting the various RSA PKCS documents.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKey.java
index df2238a..269466d 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKey.java
@@ -47,10 +47,26 @@ public class ECPrivateKey
         return null;
     }
 
+    /**
+     * @deprecated use constructor which takes orderBitLength to guarantee correct encoding.
+     */
     public ECPrivateKey(
         BigInteger key)
     {
-        byte[] bytes = BigIntegers.asUnsignedByteArray(key);
+        this(key.bitLength(), key);
+    }
+
+    /**
+     * Base constructor.
+     *
+     * @param orderBitLength the bitLength of the order of the curve.
+     * @param key the private key value.
+     */
+    public ECPrivateKey(
+        int        orderBitLength,
+        BigInteger key)
+    {
+        byte[] bytes = BigIntegers.asUnsignedByteArray((orderBitLength + 7) / 8, key);
 
         ASN1EncodableVector v = new ASN1EncodableVector();
 
@@ -60,6 +76,9 @@ public class ECPrivateKey
         seq = new DERSequence(v);
     }
 
+    /**
+     * @deprecated use constructor which takes orderBitLength to guarantee correct encoding.
+     */
     public ECPrivateKey(
         BigInteger key,
         ASN1Encodable parameters)
@@ -67,12 +86,32 @@ public class ECPrivateKey
         this(key, null, parameters);
     }
 
+    /**
+     * @deprecated use constructor which takes orderBitLength to guarantee correct encoding.
+     */
+    public ECPrivateKey(
+        BigInteger key,
+        DERBitString publicKey,
+        ASN1Encodable parameters)
+    {
+        this(key.bitLength(), key, publicKey, parameters);
+    }
+
+    public ECPrivateKey(
+        int orderBitLength,
+        BigInteger key,
+        ASN1Encodable parameters)
+    {
+        this(orderBitLength, key, null, parameters);
+    }
+
     public ECPrivateKey(
+        int orderBitLength,
         BigInteger key,
         DERBitString publicKey,
         ASN1Encodable parameters)
     {
-        byte[] bytes = BigIntegers.asUnsignedByteArray(key);
+        byte[] bytes = BigIntegers.asUnsignedByteArray((orderBitLength + 7) / 8, key);
 
         ASN1EncodableVector v = new ASN1EncodableVector();
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java
index 50a7a63..ed7a8d8 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java
@@ -10,6 +10,8 @@ import org.bouncycastle.asn1.x9.X9ECParametersHolder;
 import org.bouncycastle.math.ec.ECConstants;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.endo.GLVTypeBEndomorphism;
+import org.bouncycastle.math.ec.endo.GLVTypeBParameters;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.encoders.Hex;
 
@@ -17,19 +19,14 @@ public class SECNamedCurves
 {
     private static ECCurve configureCurve(ECCurve curve)
     {
-//        int coord = ECCurve.COORD_JACOBIAN_MODIFIED;
-//
-//        if (curve.getCoordinateSystem() != coord && curve.supportsCoordinateSystem(coord))
-//        {
-//            return curve.configure()
-//                .setCoordinateSystem(coord)
-////                .setMultiplier(new WNafL2RMultiplier())
-//                .create();
-//        }
-
         return curve;
     }
 
+    private static ECCurve configureCurveGLV(ECCurve c, GLVTypeBParameters p)
+    {
+        return c.configure().setEndomorphism(new GLVTypeBEndomorphism(c, p)).create();
+    }
+
     private static BigInteger fromHex(
         String hex)
     {
@@ -51,7 +48,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("DB7C2ABF62E35E7628DFAC6561C5");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("02"
             //+ "09487239995A5EE76B55F9C2F098"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -77,7 +74,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("36DF0AAFD8B8D7597CA10520D04B");
             BigInteger h = BigInteger.valueOf(4);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("03"
             //+ "4BA30AB5E892B4E1649DD0928643"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -103,7 +100,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("FFFFFFFE0000000075A30D1B9038A115");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("03"
             //+ "161FF7528B899B2D0C28607CA52C5B86"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -129,7 +126,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("3FFFFFFF7FFFFFFFBE0024720613B5A3");
             BigInteger h = BigInteger.valueOf(4);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("02"
             //+ "7B6AA5D85E572983E6FB32A7CDEBC140"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -155,7 +152,20 @@ public class SECNamedCurves
             BigInteger n = fromHex("0100000000000000000001B8FA16DFAB9ACA16B6B3");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            GLVTypeBParameters glv = new GLVTypeBParameters(
+                new BigInteger("9ba48cba5ebcb9b6bd33b92830b2a2e0e192f10a", 16),
+                new BigInteger("c39c6c3b3a36d7701b9c71a1f5804ae5d0003f4", 16),
+                new BigInteger[]{
+                    new BigInteger("9162fbe73984472a0a9e", 16),
+                    new BigInteger("-96341f1138933bc2f505", 16) },
+                new BigInteger[]{
+                    new BigInteger("127971af8721782ecffa3", 16),
+                    new BigInteger("9162fbe73984472a0a9e", 16) },
+                new BigInteger("9162fbe73984472a0a9d0590", 16),
+                new BigInteger("96341f1138933bc2f503fd44", 16),
+                176);
+
+            ECCurve curve = configureCurveGLV(new ECCurve.Fp(p, a, b, n, h), glv);
 //            ECPoint G = curve.decodePoint(Hex.decode("02"
 //                + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -181,7 +191,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("0100000000000000000001F4C8F927AED3CA752257");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("02"
                 //+ "4A96B5688EF573284664698968C38BB913CBFC82"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -207,7 +217,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("0100000000000000000000351EE786A818F3A1A16B");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("02"
             //+ "52DCB034293A117E1F4FF11B30F7199D3144CE6D"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -233,7 +243,20 @@ public class SECNamedCurves
             BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            GLVTypeBParameters glv = new GLVTypeBParameters(
+                new BigInteger("bb85691939b869c1d087f601554b96b80cb4f55b35f433c2", 16),
+                new BigInteger("3d84f26c12238d7b4f3d516613c1759033b1a5800175d0b1", 16),
+                new BigInteger[]{
+                    new BigInteger("71169be7330b3038edb025f1", 16),
+                    new BigInteger("-b3fb3400dec5c4adceb8655c", 16) },
+                new BigInteger[]{
+                    new BigInteger("12511cfe811d0f4e6bc688b4d", 16),
+                    new BigInteger("71169be7330b3038edb025f1", 16) },
+                new BigInteger("71169be7330b3038edb025f1d0f9", 16),
+                new BigInteger("b3fb3400dec5c4adceb8655d4c94", 16),
+                208);
+
+            ECCurve curve = configureCurveGLV(new ECCurve.Fp(p, a, b, n, h), glv);
             //ECPoint G = curve.decodePoint(Hex.decode("03"
             //+ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -259,7 +282,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("03"
             //+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -285,7 +308,20 @@ public class SECNamedCurves
             BigInteger n = fromHex("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            GLVTypeBParameters glv = new GLVTypeBParameters(
+                new BigInteger("fe0e87005b4e83761908c5131d552a850b3f58b749c37cf5b84d6768", 16),
+                new BigInteger("60dcd2104c4cbc0be6eeefc2bdd610739ec34e317f9b33046c9e4788", 16),
+                new BigInteger[]{
+                    new BigInteger("6b8cf07d4ca75c88957d9d670591", 16),
+                    new BigInteger("-b8adf1378a6eb73409fa6c9c637d", 16) },
+                new BigInteger[]{
+                    new BigInteger("1243ae1b4d71613bc9f780a03690e", 16),
+                    new BigInteger("6b8cf07d4ca75c88957d9d670591", 16) },
+                new BigInteger("6b8cf07d4ca75c88957d9d67059037a4", 16),
+                new BigInteger("b8adf1378a6eb73409fa6c9c637ba7f5", 16),
+                240);
+
+            ECCurve curve = configureCurveGLV(new ECCurve.Fp(p, a, b, n, h), glv);
             //ECPoint G = curve.decodePoint(Hex.decode("03"
             //+ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -311,7 +347,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("02"
             //+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -337,7 +373,20 @@ public class SECNamedCurves
             BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            GLVTypeBParameters glv = new GLVTypeBParameters(
+                new BigInteger("7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee", 16),
+                new BigInteger("5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72", 16),
+                new BigInteger[]{
+                    new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16),
+                    new BigInteger("-e4437ed6010e88286f547fa90abfe4c3", 16) },
+                new BigInteger[]{
+                    new BigInteger("114ca50f7a8e2f3f657c1108d9d44cfd8", 16),
+                    new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16) },
+                new BigInteger("3086d221a7d46bcde86c90e49284eb153dab", 16),
+                new BigInteger("e4437ed6010e88286f547fa90abfe4c42212", 16),
+                272);
+
+            ECCurve curve = configureCurveGLV(new ECCurve.Fp(p, a, b, n, h), glv);
             //ECPoint G = curve.decodePoint(Hex.decode("02"
             //+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -363,7 +412,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("03"
             //+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -389,7 +438,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
             //ECPoint G = curve.decodePoint(Hex.decode("03"
             //+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"));
             ECPoint G = curve.decodePoint(Hex.decode("04"
@@ -415,7 +464,7 @@ public class SECNamedCurves
             BigInteger n = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409");
             BigInteger h = BigInteger.valueOf(1);
 
-            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b));
+            ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h));
 
             //ECPoint G = curve.decodePoint(Hex.decode("02"
             //+ "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"));
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/sec/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/sec/package.html
new file mode 100644
index 0000000..5e34dec
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/sec/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Classes for support of the SEC standard for Elliptic Curve.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/smime/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/smime/package.html
new file mode 100644
index 0000000..d527aba
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/smime/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting S/MIME.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java
index ba2f19e..9420c3c 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java
@@ -26,16 +26,19 @@ public class TeleTrusTNamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("E95E4A5F737059DC60DF5991D45029409E60FC09", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 new BigInteger("E95E4A5F737059DC60DFC7AD95B3D8139515620F", 16), // q
                 new BigInteger("340E7BE2A280EB74E2BE61BADA745D97E8F7C300", 16), // a
-                new BigInteger("1E589A8595423412134FAA2DBDEC95C8D8675E58", 16))); // b
+                new BigInteger("1E589A8595423412134FAA2DBDEC95C8D8675E58", 16), // b
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("04BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC31667CB477A1A8EC338F94741669C976316DA6321")), // G
-                new BigInteger("E95E4A5F737059DC60DF5991D45029409E60FC09", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
 
@@ -43,17 +46,20 @@ public class TeleTrusTNamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("E95E4A5F737059DC60DF5991D45029409E60FC09", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 //   new BigInteger("24DBFF5DEC9B986BBFE5295A29BFBAE45E0F5D0B", 16), // Z
                 new BigInteger("E95E4A5F737059DC60DFC7AD95B3D8139515620F", 16), // q
                 new BigInteger("E95E4A5F737059DC60DFC7AD95B3D8139515620C", 16), // a'
-                new BigInteger("7A556B6DAE535B7B51ED2C4D7DAA7A0B5C55F380", 16))); // b'
+                new BigInteger("7A556B6DAE535B7B51ED2C4D7DAA7A0B5C55F380", 16), // b'
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("04B199B13B9B34EFC1397E64BAEB05ACC265FF2378ADD6718B7C7C1961F0991B842443772152C9E0AD")), // G
-                new BigInteger("E95E4A5F737059DC60DF5991D45029409E60FC09", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
 
@@ -61,16 +67,19 @@ public class TeleTrusTNamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 new BigInteger("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", 16), // q
                 new BigInteger("6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", 16), // a
-                new BigInteger("469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", 16))); // b
+                new BigInteger("469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", 16), // b
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("04C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD614B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F")), // G
-                new BigInteger("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
 
@@ -78,17 +87,20 @@ public class TeleTrusTNamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 //new BigInteger("1B6F5CC8DB4DC7AF19458A9CB80DC2295E5EB9C3732104CB") //Z
                 new BigInteger("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", 16), // q
                 new BigInteger("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86294", 16), // a'
-                new BigInteger("13D56FFAEC78681E68F9DEB43B35BEC2FB68542E27897B79", 16))); // b'
+                new BigInteger("13D56FFAEC78681E68F9DEB43B35BEC2FB68542E27897B79", 16), // b'
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("043AE9E58C82F63C30282E1FE7BBF43FA72C446AF6F4618129097E2C5667C2223A902AB5CA449D0084B7E5B3DE7CCC01C9")), // G'
-                new BigInteger("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
 
@@ -96,165 +108,195 @@ public class TeleTrusTNamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 new BigInteger("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", 16), // q
                 new BigInteger("68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", 16), // a
-                new BigInteger("2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", 16))); // b
+                new BigInteger("2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", 16), // b
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("040D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD")), // G
-                new BigInteger("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 16), //n
-                new BigInteger("01", 16)); // n
+                n, h);
         }
     };
     static X9ECParametersHolder brainpoolP224t1 = new X9ECParametersHolder()
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 //new BigInteger("2DF271E14427A346910CF7A2E6CFA7B3F484E5C2CCE1C8B730E28B3F") //Z
                 new BigInteger("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", 16), // q
                 new BigInteger("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FC", 16), // a'
-                new BigInteger("4B337D934104CD7BEF271BF60CED1ED20DA14C08B3BB64F18A60888D", 16))); // b'
+                new BigInteger("4B337D934104CD7BEF271BF60CED1ED20DA14C08B3BB64F18A60888D", 16), // b'
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("046AB1E344CE25FF3896424E7FFE14762ECB49F8928AC0C76029B4D5800374E9F5143E568CD23F3F4D7C0D4B1E41C8CC0D1C6ABD5F1A46DB4C")), // G'
-                new BigInteger("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
     static X9ECParametersHolder brainpoolP256r1 = new X9ECParametersHolder()
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16), // q
                 new BigInteger("7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", 16), // a
-                new BigInteger("26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 16))); // b
+                new BigInteger("26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 16), // b
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997")), // G
-                new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
     static X9ECParametersHolder brainpoolP256t1 = new X9ECParametersHolder()
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 //new BigInteger("3E2D4BD9597B58639AE7AA669CAB9837CF5CF20A2C852D10F655668DFC150EF0") //Z
                 new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16), // q
                 new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5374", 16), // a'
-                new BigInteger("662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04", 16))); // b'
+                new BigInteger("662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04", 16), // b'
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("04A3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F42D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE")), // G'
-                new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
     static X9ECParametersHolder brainpoolP320r1 = new X9ECParametersHolder()
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", 16), // q
                 new BigInteger("3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", 16), // a
-                new BigInteger("520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", 16))); // b
+                new BigInteger("520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", 16), // b
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("0443BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E2061114FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1")), // G
-                new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
     static X9ECParametersHolder brainpoolP320t1 = new X9ECParametersHolder()
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 //new BigInteger("15F75CAF668077F7E85B42EB01F0A81FF56ECD6191D55CB82B7D861458A18FEFC3E5AB7496F3C7B1") //Z
                 new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", 16), // q
                 new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E24", 16), // a'
-                new BigInteger("A7F561E038EB1ED560B3D147DB782013064C19F27ED27C6780AAF77FB8A547CEB5B4FEF422340353", 16))); // b'
+                new BigInteger("A7F561E038EB1ED560B3D147DB782013064C19F27ED27C6780AAF77FB8A547CEB5B4FEF422340353", 16), // b'
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("04925BE9FB01AFC6FB4D3E7D4990010F813408AB106C4F09CB7EE07868CC136FFF3357F624A21BED5263BA3A7A27483EBF6671DBEF7ABB30EBEE084E58A0B077AD42A5A0989D1EE71B1B9BC0455FB0D2C3")), // G'
-                new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
     static X9ECParametersHolder brainpoolP384r1 = new X9ECParametersHolder()
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 16), // q
                 new BigInteger("7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", 16), // a
-                new BigInteger("4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", 16))); // b
+                new BigInteger("4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", 16), // b
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("041D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315")), // G
-                new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
     static X9ECParametersHolder brainpoolP384t1 = new X9ECParametersHolder()
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 //new BigInteger("41DFE8DD399331F7166A66076734A89CD0D2BCDB7D068E44E1F378F41ECBAE97D2D63DBC87BCCDDCCC5DA39E8589291C") //Z
                 new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 16), // q
                 new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC50", 16), // a'
-                new BigInteger("7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B88805CED70355A33B471EE", 16))); // b'
+                new BigInteger("7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B88805CED70355A33B471EE", 16), // b'
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("0418DE98B02DB9A306F2AFCD7235F72A819B80AB12EBD653172476FECD462AABFFC4FF191B946A5F54D8D0AA2F418808CC25AB056962D30651A114AFD2755AD336747F93475B7A1FCA3B88F2B6A208CCFE469408584DC2B2912675BF5B9E582928")), // G'
-                new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
     static X9ECParametersHolder brainpoolP512r1 = new X9ECParametersHolder()
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 16), // q
                 new BigInteger("7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", 16), // a
-                new BigInteger("3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", 16))); // b
+                new BigInteger("3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", 16), // b
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("0481AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F8227DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892")), // G
-                new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
     static X9ECParametersHolder brainpoolP512t1 = new X9ECParametersHolder()
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16);
+            BigInteger h = new BigInteger("01", 16);
+
             ECCurve curve = configureCurve(new ECCurve.Fp(
                 //new BigInteger("12EE58E6764838B69782136F0F2D3BA06E27695716054092E60A80BEDB212B64E585D90BCE13761F85C3F1D2A64E3BE8FEA2220F01EBA5EEB0F35DBD29D922AB") //Z
                 new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 16), // q
                 new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F0", 16), // a'
-                new BigInteger("7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E", 16))); // b'
+                new BigInteger("7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E", 16), // b'
+                n, h));
 
             return new X9ECParameters(
                 curve,
                 curve.decodePoint(Hex.decode("04640ECE5C12788717B9C1BA06CBC2A6FEBA85842458C56DDE9DB1758D39C0313D82BA51735CDB3EA499AA77A7D6943A64F7A3F25FE26F06B51BAA2696FA9035DA5B534BD595F5AF0FA2C892376C84ACE1BB4E3019B71634C01131159CAE03CEE9D9932184BEEF216BD71DF2DADF86A627306ECFF96DBB8BACE198B61E00F8B332")), // G'
-                new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16), //n
-                new BigInteger("01", 16)); // h
+                n, h);
         }
     };
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java
index 895f5e8..2be7efe 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java
@@ -41,35 +41,35 @@ public interface TeleTrusTObjectIdentifiers
     static final ASN1ObjectIdentifier ecc_brainpool = teleTrusTAlgorithm.branch("3.2.8");
     /** 1.3.36.3.3.2.8.1 */
     static final ASN1ObjectIdentifier ellipticCurve = ecc_brainpool.branch("1");
-    /** 1.3.36.3.3.2.8.1 */
+    /** 1.3.36.3.3.2.8.1.1 */
     static final ASN1ObjectIdentifier versionOne = ellipticCurve.branch("1");
 
-    /** 1.3.36.3.3.2.8.1.1 */
+    /** 1.3.36.3.3.2.8.1.1.1 */
     static final ASN1ObjectIdentifier brainpoolP160r1 = versionOne.branch("1");
-    /** 1.3.36.3.3.2.8.1.2 */
+    /** 1.3.36.3.3.2.8.1.1.2 */
     static final ASN1ObjectIdentifier brainpoolP160t1 = versionOne.branch("2");
-    /** 1.3.36.3.3.2.8.1.3 */
+    /** 1.3.36.3.3.2.8.1.1.3 */
     static final ASN1ObjectIdentifier brainpoolP192r1 = versionOne.branch("3");
-    /** 1.3.36.3.3.2.8.1.4 */
+    /** 1.3.36.3.3.2.8.1.1.4 */
     static final ASN1ObjectIdentifier brainpoolP192t1 = versionOne.branch("4");
-    /** 1.3.36.3.3.2.8.1.5 */
+    /** 1.3.36.3.3.2.8.1.1.5 */
     static final ASN1ObjectIdentifier brainpoolP224r1 = versionOne.branch("5");
-    /** 1.3.36.3.3.2.8.1.6 */
+    /** 1.3.36.3.3.2.8.1.1.6 */
     static final ASN1ObjectIdentifier brainpoolP224t1 = versionOne.branch("6");
-    /** 1.3.36.3.3.2.8.1.7 */
+    /** 1.3.36.3.3.2.8.1.1.7 */
     static final ASN1ObjectIdentifier brainpoolP256r1 = versionOne.branch("7");
-    /** 1.3.36.3.3.2.8.1.8 */
+    /** 1.3.36.3.3.2.8.1.1.8 */
     static final ASN1ObjectIdentifier brainpoolP256t1 = versionOne.branch("8");
-    /** 1.3.36.3.3.2.8.1.9 */
+    /** 1.3.36.3.3.2.8.1.1.9 */
     static final ASN1ObjectIdentifier brainpoolP320r1 = versionOne.branch("9");
-    /** 1.3.36.3.3.2.8.1.10 */
+    /** 1.3.36.3.3.2.8.1.1.10 */
     static final ASN1ObjectIdentifier brainpoolP320t1 = versionOne.branch("10");
-    /** 1.3.36.3.3.2.8.1.11 */
+    /** 1.3.36.3.3.2.8.1.1.11 */
     static final ASN1ObjectIdentifier brainpoolP384r1 = versionOne.branch("11");
-    /** 1.3.36.3.3.2.8.1.12 */
+    /** 1.3.36.3.3.2.8.1.1.12 */
     static final ASN1ObjectIdentifier brainpoolP384t1 = versionOne.branch("12");
-    /** 1.3.36.3.3.2.8.1.13 */
+    /** 1.3.36.3.3.2.8.1.1.13 */
     static final ASN1ObjectIdentifier brainpoolP512r1 = versionOne.branch("13");
-    /** 1.3.36.3.3.2.8.1.14 */
+    /** 1.3.36.3.3.2.8.1.1.14 */
     static final ASN1ObjectIdentifier brainpoolP512t1 = versionOne.branch("14");
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/package.html
new file mode 100644
index 0000000..86606c3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for TeleTrust related objects.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ASN1SequenceParserTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ASN1SequenceParserTest.java
new file mode 100644
index 0000000..e0cd1af
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ASN1SequenceParserTest.java
@@ -0,0 +1,372 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Arrays;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Null;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1SequenceParser;
+import org.bouncycastle.asn1.ASN1StreamParser;
+import org.bouncycastle.asn1.BERSequenceGenerator;
+import org.bouncycastle.asn1.DERSequenceGenerator;
+import org.bouncycastle.util.encoders.Hex;
+
+public class ASN1SequenceParserTest 
+    extends TestCase 
+{
+    private static final byte[] seqData = Hex.decode("3006020100060129");
+    private static final byte[] nestedSeqData = Hex.decode("300b0201000601293003020101");
+    private static final byte[] expTagSeqData = Hex.decode("a1083006020100060129");
+    private static final byte[] implTagSeqData = Hex.decode("a106020100060129");
+    private static final byte[] nestedSeqExpTagData = Hex.decode("300d020100060129a1053003020101");
+    private static final byte[] nestedSeqImpTagData = Hex.decode("300b020100060129a103020101");
+    
+    private static final byte[] berSeqData = Hex.decode("30800201000601290000");
+    private static final byte[] berDERNestedSeqData = Hex.decode("308002010006012930030201010000");
+    private static final byte[] berNestedSeqData = Hex.decode("3080020100060129308002010100000000");
+    private static final byte[] berExpTagSeqData = Hex.decode("a180308002010006012900000000");
+
+    private static final byte[] berSeqWithDERNullData = Hex.decode("308005000201000601290000");
+
+    public void testDERWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       DERSequenceGenerator  seqGen = new DERSequenceGenerator(bOut);
+       
+       seqGen.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       seqGen.close();
+
+       assertTrue("basic DER writing test failed.", Arrays.equals(seqData, bOut.toByteArray()));
+    }
+ 
+    public void testNestedDERWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       DERSequenceGenerator seqGen1 = new DERSequenceGenerator(bOut);
+       
+       seqGen1.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen1.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       DERSequenceGenerator seqGen2 = new DERSequenceGenerator(seqGen1.getRawOutputStream());
+       
+       seqGen2.addObject(new ASN1Integer(BigInteger.valueOf(1)));
+       
+       seqGen2.close();
+       
+       seqGen1.close();
+
+       assertTrue("nested DER writing test failed.", Arrays.equals(nestedSeqData, bOut.toByteArray()));
+    }
+
+    public void testDERExplicitTaggedSequenceWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       DERSequenceGenerator  seqGen = new DERSequenceGenerator(bOut, 1, true);
+       
+       seqGen.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       seqGen.close();
+
+       assertTrue("explicit tag writing test failed.", Arrays.equals(expTagSeqData, bOut.toByteArray()));
+    }
+    
+    public void testDERImplicitTaggedSequenceWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       DERSequenceGenerator  seqGen = new DERSequenceGenerator(bOut, 1, false);
+       
+       seqGen.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       seqGen.close();
+
+       assertTrue("implicit tag writing test failed.", Arrays.equals(implTagSeqData, bOut.toByteArray()));
+    }
+    
+    public void testNestedExplicitTagDERWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       DERSequenceGenerator  seqGen1 = new DERSequenceGenerator(bOut);
+       
+       seqGen1.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen1.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       DERSequenceGenerator seqGen2 = new DERSequenceGenerator(seqGen1.getRawOutputStream(), 1, true);
+       
+       seqGen2.addObject(new ASN1Integer(BigInteger.valueOf(1)));
+       
+       seqGen2.close();
+       
+       seqGen1.close();
+
+       assertTrue("nested explicit tagged DER writing test failed.", Arrays.equals(nestedSeqExpTagData, bOut.toByteArray()));
+    }
+    
+    public void testNestedImplicitTagDERWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       DERSequenceGenerator  seqGen1 = new DERSequenceGenerator(bOut);
+       
+       seqGen1.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen1.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       DERSequenceGenerator seqGen2 = new DERSequenceGenerator(seqGen1.getRawOutputStream(), 1, false);
+       
+       seqGen2.addObject(new ASN1Integer(BigInteger.valueOf(1)));
+       
+       seqGen2.close();
+       
+       seqGen1.close();
+
+       assertTrue("nested implicit tagged DER writing test failed.", Arrays.equals(nestedSeqImpTagData, bOut.toByteArray()));
+    }
+    
+    public void testBERWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       BERSequenceGenerator  seqGen = new BERSequenceGenerator(bOut);
+       
+       seqGen.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       seqGen.close();
+       
+       assertTrue("basic BER writing test failed.", Arrays.equals(berSeqData, bOut.toByteArray()));
+    }
+
+    public void testNestedBERDERWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       BERSequenceGenerator seqGen1 = new BERSequenceGenerator(bOut);
+       
+       seqGen1.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen1.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       DERSequenceGenerator seqGen2 = new DERSequenceGenerator(seqGen1.getRawOutputStream());
+       
+       seqGen2.addObject(new ASN1Integer(BigInteger.valueOf(1)));
+       
+       seqGen2.close();
+       
+       seqGen1.close();
+
+       assertTrue("nested BER/DER writing test failed.", Arrays.equals(berDERNestedSeqData, bOut.toByteArray()));
+    }
+    
+    public void testNestedBERWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       BERSequenceGenerator  seqGen1 = new BERSequenceGenerator(bOut);
+       
+       seqGen1.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen1.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       BERSequenceGenerator seqGen2 = new BERSequenceGenerator(seqGen1.getRawOutputStream());
+       
+       seqGen2.addObject(new ASN1Integer(BigInteger.valueOf(1)));
+       
+       seqGen2.close();
+       
+       seqGen1.close();
+
+       assertTrue("nested BER writing test failed.", Arrays.equals(berNestedSeqData, bOut.toByteArray()));
+    }
+    
+    public void testDERReading()
+        throws Exception
+    {
+        ASN1StreamParser aIn = new ASN1StreamParser(seqData);
+        
+        ASN1SequenceParser    seq = (ASN1SequenceParser)aIn.readObject();
+        Object          o;
+        int             count = 0;
+        
+        assertNotNull("null sequence returned", seq);
+        
+        while ((o = seq.readObject()) != null)
+        {
+            switch (count)
+            {
+            case 0:
+                assertTrue(o instanceof ASN1Integer);
+                break;
+            case 1:
+                assertTrue(o instanceof ASN1ObjectIdentifier);
+                break;
+            }
+            count++;
+        }
+        
+        assertEquals("wrong number of objects in sequence", 2, count);
+    }
+
+    private void testNestedReading(
+        byte[] data)
+        throws Exception
+    {
+        ASN1StreamParser aIn = new ASN1StreamParser(data);
+        
+        ASN1SequenceParser seq = (ASN1SequenceParser)aIn.readObject();
+        Object          o;
+        int             count = 0;
+        
+        assertNotNull("null sequence returned", seq);
+        
+        while ((o = seq.readObject()) != null)
+        {
+            switch (count)
+            {
+            case 0:
+                assertTrue(o instanceof ASN1Integer);
+                break;
+            case 1:
+                assertTrue(o instanceof ASN1ObjectIdentifier);
+                break;
+            case 2:
+                assertTrue(o instanceof ASN1SequenceParser);
+                
+                ASN1SequenceParser s = (ASN1SequenceParser)o;
+
+                // NB: Must exhaust the nested parser
+                while (s.readObject() != null)
+                {
+                    // Nothing
+                }
+
+                break;
+            }
+            count++;
+        }
+        
+        assertEquals("wrong number of objects in sequence", 3, count);
+    }
+    
+    public void testNestedDERReading()
+        throws Exception
+    {
+        testNestedReading(nestedSeqData);
+    }
+    
+    public void testBERReading()
+        throws Exception
+    {
+        ASN1StreamParser aIn = new ASN1StreamParser(berSeqData);
+        
+        ASN1SequenceParser    seq = (ASN1SequenceParser)aIn.readObject();
+        Object          o;
+        int             count = 0;
+        
+        assertNotNull("null sequence returned", seq);
+        
+        while ((o = seq.readObject()) != null)
+        {
+            switch (count)
+            {
+            case 0:
+                assertTrue(o instanceof ASN1Integer);
+                break;
+            case 1:
+                assertTrue(o instanceof ASN1ObjectIdentifier);
+                break;
+            }
+            count++;
+        }
+        
+        assertEquals("wrong number of objects in sequence", 2, count);
+    }
+    
+    public void testNestedBERDERReading()
+        throws Exception
+    {
+        testNestedReading(berDERNestedSeqData);
+    }
+    
+    public void testNestedBERReading()
+        throws Exception
+    {
+        testNestedReading(berNestedSeqData);
+    }
+    
+    public void testBERExplicitTaggedSequenceWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       BERSequenceGenerator  seqGen = new BERSequenceGenerator(bOut, 1, true);
+       
+       seqGen.addObject(new ASN1Integer(BigInteger.valueOf(0)));
+       
+       seqGen.addObject(new ASN1ObjectIdentifier("1.1"));
+       
+       seqGen.close();
+      
+       assertTrue("explicit BER tag writing test failed.", Arrays.equals(berExpTagSeqData, bOut.toByteArray()));
+    }
+
+    public void testSequenceWithDERNullReading()
+        throws Exception
+    {
+        testParseWithNull(berSeqWithDERNullData);
+    }
+
+    private void testParseWithNull(byte[] data)
+        throws IOException
+    {
+        ASN1StreamParser aIn = new ASN1StreamParser(data);
+        ASN1SequenceParser seq = (ASN1SequenceParser)aIn.readObject();
+        Object          o;
+        int             count = 0;
+
+        assertNotNull("null sequence returned", seq);
+
+        while ((o = seq.readObject()) != null)
+        {
+            switch (count)
+            {
+            case 0:
+                assertTrue(o instanceof ASN1Null);
+                break;
+            case 1:
+                assertTrue(o instanceof ASN1Integer);
+                break;
+            case 2:
+                assertTrue(o instanceof ASN1ObjectIdentifier);
+                break;
+            }
+            count++;
+        }
+
+        assertEquals("wrong number of objects in sequence", 3, count);
+    }
+
+    public static Test suite()
+    {
+        return new TestSuite(ASN1SequenceParserTest.class);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ASN1UnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ASN1UnitTest.java
new file mode 100644
index 0000000..d51cc6a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ASN1UnitTest.java
@@ -0,0 +1,89 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.util.test.SimpleTest;
+
+import java.math.BigInteger;
+
+public abstract class ASN1UnitTest
+    extends SimpleTest
+{
+    protected void checkMandatoryField(String name, ASN1Encodable expected, ASN1Encodable present)
+    {
+        if (!expected.equals(present))
+        {
+            fail(name + " field doesn't match.");
+        }
+    }
+
+    protected void checkMandatoryField(String name, String expected, String present)
+    {
+        if (!expected.equals(present))
+        {
+            fail(name + " field doesn't match.");
+        }
+    }
+
+    protected void checkMandatoryField(String name, byte[] expected, byte[] present)
+    {
+        if (!areEqual(expected, present))
+        {
+            fail(name + " field doesn't match.");
+        }
+    }
+
+    protected void checkMandatoryField(String name, int expected, int present)
+    {
+        if (expected != present)
+        {
+            fail(name + " field doesn't match.");
+        }
+    }
+
+    protected void checkOptionalField(String name, ASN1Encodable expected, ASN1Encodable present)
+    {
+        if (expected != null)
+        {
+            if (!expected.equals(present))
+            {
+                fail(name + " field doesn't match.");
+            }
+        }
+        else if (present != null)
+        {
+            fail(name + " field found when none expected.");
+        }
+    }
+
+    protected void checkOptionalField(String name, String expected, String present)
+    {
+        if (expected != null)
+        {
+            if (!expected.equals(present))
+            {
+                fail(name + " field doesn't match.");
+            }
+        }
+        else if (present != null)
+        {
+            fail(name + " field found when none expected.");
+        }
+    }
+
+    protected void checkOptionalField(String name, BigInteger expected, BigInteger present)
+    {
+        if (expected != null)
+        {
+            if (!expected.equals(present))
+            {
+                fail(name + " field doesn't match.");
+            }
+        }
+        else if (present != null)
+        {
+            fail(name + " field found when none expected.");
+        }
+    }
+
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/AdditionalInformationSyntaxUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/AdditionalInformationSyntaxUnitTest.java
new file mode 100644
index 0000000..baf0750
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/AdditionalInformationSyntaxUnitTest.java
@@ -0,0 +1,69 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.isismtt.x509.AdditionalInformationSyntax;
+import org.bouncycastle.asn1.x500.DirectoryString;
+
+public class AdditionalInformationSyntaxUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "AdditionalInformationSyntax";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        AdditionalInformationSyntax syntax = new AdditionalInformationSyntax("hello world");
+
+        checkConstruction(syntax, new DirectoryString("hello world"));
+
+        try
+        {
+            AdditionalInformationSyntax.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        AdditionalInformationSyntax syntax,
+        DirectoryString information)
+        throws IOException
+    {
+        checkValues(syntax, information);
+
+        syntax = AdditionalInformationSyntax.getInstance(syntax);
+
+        checkValues(syntax, information);
+
+        ASN1InputStream aIn = new ASN1InputStream(syntax.toASN1Object().getEncoded());
+
+        ASN1String info = (ASN1String)aIn.readObject();
+
+        syntax = AdditionalInformationSyntax.getInstance(info);
+
+        checkValues(syntax, information);
+    }
+
+    private void checkValues(
+        AdditionalInformationSyntax syntax,
+        DirectoryString information)
+    {
+        checkMandatoryField("information", information, syntax.getInformation());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new AdditionalInformationSyntaxUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/AdmissionSyntaxUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/AdmissionSyntaxUnitTest.java
new file mode 100644
index 0000000..ad0e925
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/AdmissionSyntaxUnitTest.java
@@ -0,0 +1,97 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax;
+import org.bouncycastle.asn1.isismtt.x509.Admissions;
+import org.bouncycastle.asn1.isismtt.x509.NamingAuthority;
+import org.bouncycastle.asn1.isismtt.x509.ProfessionInfo;
+import org.bouncycastle.asn1.x500.DirectoryString;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.X509Name;
+
+public class AdmissionSyntaxUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "AdmissionSyntax";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        GeneralName     name = new GeneralName(new X509Name("CN=hello world"));
+        ASN1Sequence    admissions = new DERSequence(
+                                        new Admissions(name,
+                                          new NamingAuthority(new ASN1ObjectIdentifier("1.2.3"), "url", new DirectoryString("fred")),
+                                          new ProfessionInfo[0]));
+        AdmissionSyntax syntax = new AdmissionSyntax(name, admissions);
+
+        checkConstruction(syntax, name, admissions);
+
+        syntax = AdmissionSyntax.getInstance(null);
+
+        if (syntax != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            AdmissionSyntax.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        AdmissionSyntax syntax,
+        GeneralName     authority,
+        ASN1Sequence    admissions)
+        throws IOException
+    {
+        checkValues(syntax, authority, admissions);
+
+        syntax = AdmissionSyntax.getInstance(syntax);
+
+        checkValues(syntax, authority, admissions);
+
+        ASN1InputStream aIn = new ASN1InputStream(syntax.toASN1Object().getEncoded());
+
+        ASN1Sequence info = (ASN1Sequence)aIn.readObject();
+
+        syntax = AdmissionSyntax.getInstance(info);
+
+        checkValues(syntax, authority, admissions);
+    }
+
+    private void checkValues(
+        AdmissionSyntax syntax,
+        GeneralName     authority,
+        ASN1Sequence    admissions)
+    {
+        checkMandatoryField("admissionAuthority", authority, syntax.getAdmissionAuthority());
+
+        Admissions[] adm = syntax.getContentsOfAdmissions();
+
+        if (adm.length != 1 || !adm[0].equals(admissions.getObjectAt(0)))
+        {
+            fail("admissions check failed");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new AdmissionSyntaxUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/AdmissionsUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/AdmissionsUnitTest.java
new file mode 100644
index 0000000..171faec
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/AdmissionsUnitTest.java
@@ -0,0 +1,86 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.isismtt.x509.Admissions;
+import org.bouncycastle.asn1.isismtt.x509.NamingAuthority;
+import org.bouncycastle.asn1.isismtt.x509.ProfessionInfo;
+import org.bouncycastle.asn1.x500.DirectoryString;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.X509Name;
+
+public class AdmissionsUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "Admissions";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        GeneralName name = new GeneralName(new X509Name("CN=hello world"));
+        NamingAuthority auth =  new NamingAuthority(new ASN1ObjectIdentifier("1.2.3"), "url", new DirectoryString("fred"));
+        Admissions  admissions = new Admissions(name, auth, new ProfessionInfo[0]);
+
+        checkConstruction(admissions, name, auth);
+
+        admissions = Admissions.getInstance(null);
+
+        if (admissions != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            Admissions.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        Admissions      admissions,
+        GeneralName     name,
+        NamingAuthority auth)
+        throws IOException
+    {
+        checkValues(admissions, name, auth);
+
+        admissions = Admissions.getInstance(admissions);
+
+        checkValues(admissions, name, auth);
+
+        ASN1InputStream aIn = new ASN1InputStream(admissions.toASN1Object().getEncoded());
+
+        ASN1Sequence info = (ASN1Sequence)aIn.readObject();
+
+        admissions = Admissions.getInstance(info);
+
+        checkValues(admissions, name, auth);
+    }
+
+    private void checkValues(
+        Admissions      admissions,
+        GeneralName     name,
+        NamingAuthority auth)
+    {
+        checkMandatoryField("admissionAuthority", name, admissions.getAdmissionAuthority());
+        checkMandatoryField("namingAuthority", auth, admissions.getNamingAuthority());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new AdmissionsUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/AllTests.java
index 024fe75..5b647b3 100644
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/test/AllTests.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/AllTests.java
@@ -1,22 +1,16 @@
-package org.bouncycastle.ocsp.test;
-
-import java.security.Security;
+package org.bouncycastle.asn1.test;
 
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
-
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.test.SimpleTestResult;
 
 public class AllTests
     extends TestCase
 {
-    public void testOCSP()
+    public void testASN1()
     {   
-        Security.addProvider(new BouncyCastleProvider());
-        
-        org.bouncycastle.util.test.Test[] tests = new org.bouncycastle.util.test.Test[] { new OCSPTest() };
+        org.bouncycastle.util.test.Test[] tests = RegressionTest.tests;
         
         for (int i = 0; i != tests.length; i++)
         {
@@ -36,9 +30,13 @@ public class AllTests
     
     public static Test suite()
     {
-        TestSuite suite = new TestSuite("OCSP Tests");
+        TestSuite suite = new TestSuite("ASN.1 Tests");
         
         suite.addTestSuite(AllTests.class);
+        suite.addTestSuite(GetInstanceTest.class);
+        suite.addTestSuite(ASN1SequenceParserTest.class);
+        suite.addTestSuite(OctetStringTest.class);
+        suite.addTestSuite(ParseTest.class);
         
         return suite;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/AttributeTableUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/AttributeTableUnitTest.java
new file mode 100644
index 0000000..337fb1a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/AttributeTableUnitTest.java
@@ -0,0 +1,144 @@
+package org.bouncycastle.asn1.test;
+
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERSet;
+import org.bouncycastle.asn1.cms.Attribute;
+import org.bouncycastle.asn1.cms.AttributeTable;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class AttributeTableUnitTest 
+    extends SimpleTest
+{
+    private static final ASN1ObjectIdentifier type1 = new ASN1ObjectIdentifier("1.1.1");
+    private static final ASN1ObjectIdentifier type2 = new ASN1ObjectIdentifier("1.1.2");
+    private static final ASN1ObjectIdentifier type3 = new ASN1ObjectIdentifier("1.1.3");
+    
+    public String getName()
+    {
+        return "AttributeTable";
+    }
+    
+    public void performTest() 
+        throws Exception
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+        
+        v.add(new Attribute(type1, new DERSet(type1)));
+        v.add(new Attribute(type2, new DERSet(type2)));
+        
+        AttributeTable table = new AttributeTable(v);
+        
+        Attribute a = table.get(type1);
+        if (a == null)
+        {
+            fail("type1 attribute not found.");
+        }
+        if (!a.getAttrValues().equals(new DERSet(type1)))
+        {
+            fail("wrong value retrieved for type1!");
+        }
+        
+        a = table.get(type2);
+        if (a == null)
+        {
+            fail("type2 attribute not found.");
+        }
+        if (!a.getAttrValues().equals(new DERSet(type2)))
+        {
+            fail("wrong value retrieved for type2!");
+        }
+        
+        a = table.get(type3);
+        if (a != null)
+        {
+            fail("type3 attribute found when none expected.");
+        }
+        
+        ASN1EncodableVector vec = table.getAll(type1);
+        if (vec.size() != 1)
+        {
+            fail("wrong vector size for type1.");
+        }
+        
+        vec = table.getAll(type3);
+        if (vec.size() != 0)
+        {
+            fail("wrong vector size for type3.");
+        }
+        
+        vec = table.toASN1EncodableVector();
+        if (vec.size() != 2)
+        {
+            fail("wrong vector size for single.");
+        }
+        
+        Hashtable t = table.toHashtable();
+        
+        if (t.size() != 2)
+        {
+            fail("hashtable wrong size.");
+        }
+        
+        // multiple
+        
+        v = new ASN1EncodableVector();
+        
+        v.add(new Attribute(type1, new DERSet(type1)));
+        v.add(new Attribute(type1, new DERSet(type2)));
+        v.add(new Attribute(type1, new DERSet(type3)));
+        v.add(new Attribute(type2, new DERSet(type2)));
+        
+        table = new AttributeTable(v);
+        
+        a = table.get(type1);
+        if (!a.getAttrValues().equals(new DERSet(type1)))
+        {
+            fail("wrong value retrieved for type1 multi get!");
+        }
+        
+        vec = table.getAll(type1);
+        if (vec.size() != 3)
+        {
+            fail("wrong vector size for multiple type1.");
+        }
+        
+        a = (Attribute)vec.get(0);
+        if (!a.getAttrValues().equals(new DERSet(type1)))
+        {
+            fail("wrong value retrieved for type1(0)!");
+        }
+        
+        a = (Attribute)vec.get(1);
+        if (!a.getAttrValues().equals(new DERSet(type2)))
+        {
+            fail("wrong value retrieved for type1(1)!");
+        }
+        
+        a = (Attribute)vec.get(2);
+        if (!a.getAttrValues().equals(new DERSet(type3)))
+        {
+            fail("wrong value retrieved for type1(2)!");
+        }
+        
+        vec = table.getAll(type2);
+        if (vec.size() != 1)
+        {
+            fail("wrong vector size for multiple type2.");
+        }
+        
+        vec = table.toASN1EncodableVector();
+        if (vec.size() != 4)
+        {
+            fail("wrong vector size for multiple.");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new AttributeTableUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/BiometricDataUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/BiometricDataUnitTest.java
new file mode 100644
index 0000000..b4c2ea4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/BiometricDataUnitTest.java
@@ -0,0 +1,133 @@
+package org.bouncycastle.asn1.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.qualified.BiometricData;
+import org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class BiometricDataUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "BiometricData";
+    }
+
+    private byte[] generateHash()
+    {
+        SecureRandom rand = new SecureRandom();
+        byte[] bytes = new byte[20];
+        
+        rand.nextBytes(bytes);
+        
+        return bytes;
+    }
+    
+    public void performTest() 
+        throws Exception
+    {
+        TypeOfBiometricData dataType = new TypeOfBiometricData(TypeOfBiometricData.HANDWRITTEN_SIGNATURE);
+        AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
+        ASN1OctetString     dataHash = new DEROctetString(generateHash());
+        BiometricData       bd = new BiometricData(dataType, hashAlgorithm, dataHash);
+
+        checkConstruction(bd, dataType, hashAlgorithm, dataHash, null);
+        
+        DERIA5String dataUri = new DERIA5String("http://test");
+        
+        bd = new BiometricData(dataType, hashAlgorithm, dataHash, dataUri);
+        
+        checkConstruction(bd, dataType, hashAlgorithm, dataHash, dataUri);
+        
+        bd = BiometricData.getInstance(null);
+        
+        if (bd != null)
+        {
+            fail("null getInstance() failed.");
+        }
+        
+        try
+        {
+            BiometricData.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        BiometricData bd,
+        TypeOfBiometricData dataType, 
+        AlgorithmIdentifier hashAlgorithm,
+        ASN1OctetString dataHash, 
+        DERIA5String dataUri)
+        throws Exception
+    {
+        checkValues(bd, dataType, hashAlgorithm, dataHash, dataUri);
+
+        bd = BiometricData.getInstance(bd);
+
+        checkValues(bd, dataType, hashAlgorithm, dataHash, dataUri);
+
+        ASN1InputStream aIn = new ASN1InputStream(bd.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        bd = BiometricData.getInstance(seq);
+
+        checkValues(bd, dataType, hashAlgorithm, dataHash, dataUri);
+    }
+
+    private void checkValues(
+        BiometricData       bd,
+        TypeOfBiometricData dataType,
+        AlgorithmIdentifier algID,
+        ASN1OctetString     dataHash,
+        DERIA5String        sourceDataURI)
+    {
+        if (!bd.getTypeOfBiometricData().equals(dataType))
+        {
+            fail("types don't match.");
+        }
+        
+        if (!bd.getHashAlgorithm().equals(algID))
+        {
+            fail("hash algorithms don't match.");
+        }
+        
+        if (!bd.getBiometricDataHash().equals(dataHash))
+        {
+            fail("hash algorithms don't match.");
+        }
+        
+        if (sourceDataURI != null)
+        {
+            if (!bd.getSourceDataUri().equals(sourceDataURI))
+            {
+                fail("data uris don't match.");
+            }
+        }
+        else if (bd.getSourceDataUri() != null)
+        {
+            fail("data uri found when none expected.");
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new BiometricDataUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/BitStringConstantTester.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/BitStringConstantTester.java
new file mode 100644
index 0000000..bbea4a3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/BitStringConstantTester.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1.test;
+
+public class BitStringConstantTester
+{
+    private static final int[] bits =
+    { 
+        1 << 7, 1 << 6, 1 << 5, 1 << 4, 1 << 3, 1 << 2, 1 << 1, 1 << 0,
+        1 << 15, 1 << 14, 1 << 13, 1 << 12, 1 << 11, 1 << 10, 1 << 9, 1 << 8,
+        1 << 23, 1 << 22, 1 << 21, 1 << 20, 1 << 19, 1 << 18, 1 << 17, 1 << 16,
+        1 << 31, 1 << 30, 1 << 29, 1 << 28, 1 << 27, 1 << 26, 1 << 25, 1 << 24
+    };
+    
+    public static void testFlagValueCorrect(
+        int bitNo,
+        int value)
+    {
+        if (bits[bitNo] != value)
+        {
+            throw new IllegalArgumentException("bit value " + bitNo + " wrong");
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/BitStringTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/BitStringTest.java
new file mode 100644
index 0000000..1cd5bd3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/BitStringTest.java
@@ -0,0 +1,73 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class BitStringTest
+    implements Test
+{
+    public TestResult perform()
+    {
+        KeyUsage k = new KeyUsage(KeyUsage.digitalSignature);
+        if ((k.getBytes()[0] != (byte)KeyUsage.digitalSignature) || (k.getPadBits() != 7))
+        {
+            return new SimpleTestResult(false, getName() + ": failed digitalSignature");
+        }
+        
+        k = new KeyUsage(KeyUsage.nonRepudiation);
+        if ((k.getBytes()[0] != (byte)KeyUsage.nonRepudiation) || (k.getPadBits() != 6))
+        {
+            return new SimpleTestResult(false, getName() + ": failed nonRepudiation");
+        }
+        
+        k = new KeyUsage(KeyUsage.keyEncipherment);
+        if ((k.getBytes()[0] != (byte)KeyUsage.keyEncipherment) || (k.getPadBits() != 5))
+        {
+            return new SimpleTestResult(false, getName() + ": failed keyEncipherment");
+        }
+        
+        k = new KeyUsage(KeyUsage.cRLSign);
+        if ((k.getBytes()[0] != (byte)KeyUsage.cRLSign)  || (k.getPadBits() != 1))
+        {
+            return new SimpleTestResult(false, getName() + ": failed cRLSign");
+        }
+        
+        k = new KeyUsage(KeyUsage.decipherOnly);
+        if ((k.getBytes()[1] != (byte)(KeyUsage.decipherOnly >> 8))  || (k.getPadBits() != 7))
+        {
+            return new SimpleTestResult(false, getName() + ": failed decipherOnly");
+        }
+
+        // test for zero length bit string
+        try
+        {
+            ASN1Primitive.fromByteArray(new DERBitString(new byte[0], 0).getEncoded());
+        }
+        catch (IOException e)
+        {
+            return new SimpleTestResult(false, getName() + ": " + e);
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public String getName()
+    {
+        return "BitString";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        BitStringTest    test = new BitStringTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/CMSTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/CMSTest.java
new file mode 100644
index 0000000..873b27c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/CMSTest.java
@@ -0,0 +1,358 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OctetStringParser;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1SequenceParser;
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.ASN1SetParser;
+import org.bouncycastle.asn1.ASN1StreamParser;
+import org.bouncycastle.asn1.BERTags;
+import org.bouncycastle.asn1.DERSet;
+import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
+import org.bouncycastle.asn1.cms.CompressedData;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.asn1.cms.ContentInfoParser;
+import org.bouncycastle.asn1.cms.EncryptedContentInfoParser;
+import org.bouncycastle.asn1.cms.EnvelopedData;
+import org.bouncycastle.asn1.cms.EnvelopedDataParser;
+import org.bouncycastle.asn1.cms.KEKRecipientInfo;
+import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
+import org.bouncycastle.asn1.cms.RecipientInfo;
+import org.bouncycastle.asn1.cms.SignedData;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.io.Streams;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class CMSTest
+    implements Test
+{
+    //
+    // compressed data object
+    //
+    byte[]  compData = Base64.decode(
+            "MIAGCyqGSIb3DQEJEAEJoIAwgAIBADANBgsqhkiG9w0BCRADCDCABgkqhkiG9w0BBwGggCSABIIC"
+          + "Hnic7ZRdb9owFIbvK/k/5PqVYPFXGK12YYyboVFASSp1vQtZGiLRACZE49/XHoUW7S/0tXP8Efux"
+          + "fU5ivWnasml72XFb3gb5druui7ytN803M570nii7C5r8tfwR281hy/p/KSM3+jzH5s3+pbQ90xSb"
+          + "P3VT3QbLusnt8WPIuN5vN/vaA2+DulnXTXkXvNTr8j8ouZmkCmGI/UW+ZS/C8zP0bz2dz0zwLt+1"
+          + "UEk2M8mlaxjRMByAhZTj0RGYg4TvogiRASROsZgjpVcJCb1KV6QzQeDJ1XkoQ5Jm+C5PbOHZZGRi"
+          + "v+ORAcshOGeCcdFJyfgFxdtCdEcmOrbinc/+BBMzRThEYpwl+jEBpciSGWQkI0TSlREmD/eOHb2D"
+          + "SGLuESm/iKUFt1y4XHBO2a5oq0IKJKWLS9kUZTA7vC5LSxYmgVL46SIWxIfWBQd6AdrnjLmH94UT"
+          + "vGxVibLqRCtIpp4g2qpdtqK1LiOeolpVK5wVQ5P7+QjZAlrh0cePYTx/gNZuB9Vhndtgujl9T/tg"
+          + "W9ogK+3rnmg3YWygnTuF5GDS+Q/jIVLnCcYZFc6Kk/+c80wKwZjwdZIqDYWRH68MuBQSXLgXYXj2"
+          + "3CAaYOBNJMliTl0X7eV5DnoKIFSKYdj3cRpD/cK/JWTHJRe76MUXnfBW8m7Hd5zhQ4ri2NrVF/WL"
+          + "+kV1/3AGSlJ32bFPd2BsQD8uSzIx6lObkjdz95c0AAAAAAAAAAAAAAAA");
+    
+    //
+    // enveloped data
+    //
+    byte[]   envDataKeyTrns = Base64.decode(
+            "MIAGCSqGSIb3DQEHA6CAMIACAQAxgcQwgcECAQAwKjAlMRYwFAYDVQQKEw1Cb3Vu"
+          + "Y3kgQ2FzdGxlMQswCQYDVQQGEwJBVQIBCjANBgkqhkiG9w0BAQEFAASBgC5vdGrB"
+          + "itQSGwifLf3KwPILjaB4WEXgT/IIO1KDzrsbItCJsMA0Smq2y0zptxT0pSRL6JRg"
+          + "NMxLk1ySnrIrvGiEPLMR1zjxlT8yQ6VLX+kEoK43ztd1aaLw0oBfrcXcLN7BEpZ1"
+          + "TIdjlBfXIOx1S88WY1MiYqJJFc3LMwRUaTEDMIAGCSqGSIb3DQEHATAdBglghkgB"
+          + "ZQMEARYEEAfxLMWeaBOTTZQwUq0Y5FuggAQgwOJhL04rjSZCBCSOv5i5XpFfGsOd"
+          + "YSHSqwntGpFqCx4AAAAAAAAAAAAA");
+    
+    byte[]   envDataKEK = Base64.decode(
+            "MIAGCSqGSIb3DQEHA6CAMIACAQIxUqJQAgEEMAcEBQECAwQFMBAGCyqGSIb3DQEJE"
+          + "AMHAgE6BDC7G/HyUPilIrin2Yeajqmj795VoLWETRnZAAFcAiQdoQWyz+oCh6WY/H"
+          + "jHHi+0y+cwgAYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAiY3eDBBbF6naCABBiNdzJb"
+          + "/v6+UZB3XXKipxFDUpz9GyjzB+gAAAAAAAAAAAAA");
+
+    byte[] envDataNestedNDEF = Base64.decode(
+          "MIAGCSqGSIb3DQEHA6CAMIACAQAxge8wgewCAQAwgZUwgY8xKDAmBgNVBAoMH1RoZSBMZWdpb24g"
+        + "b2YgdGhlIEJvdW5jeSBDYXN0bGUxLzAtBgkqhkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3Vu"
+        + "Y3ljYXN0bGUub3JnMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVsYm91cm5lMQswCQYD"
+        + "VQQGEwJBVQIBATANBgkqhkiG9w0BAQEFAARABIXMd8xiTyWDKO/LQfvdGYTPW3I9oSQWwtm4OIaN"
+        + "VINpfY2lfwTvbmE6VXiLKeALC0dMBV8z7DEM9hE0HVmvLDCABgkqhkiG9w0BBwEwHQYJYIZIAWUD"
+        + "BAECBBB32ko6WrVxDTqwUYEpV6IUoIAEggKgS6RowrhNlmWWI13zxD/lryxkZ5oWXPUfNiUxYX/P"
+        + "r5iscW3s8VKJKUpJ4W5SNA7JGL4l/5LmSnJ4Qu/xzxcoH4r4vmt75EDE9p2Ob2Xi1NuSFAZubJFc"
+        + "Zlnp4e05UHKikmoaz0PbiAi277sLQlK2FcVsntTYVT00y8+IwuuQu0ATVqkXC+VhfjV/sK6vQZnw"
+        + "2rQKedZhLB7B4dUkmxCujb/UAq4lgSpLMXg2P6wMimTczXyQxRiZxPeI4ByCENjkafXbfcJft2eD"
+        + "gv1DEDdYM5WrW9Z75b4lmJiOJ/xxDniHCvum7KGXzpK1d1mqTlpzPC2xoz08/MO4lRf5Mb0bYdq6"
+        + "CjMaYqVwGsYryp/2ayX+d8H+JphEG+V9Eg8uPcDoibwhDI4KkoyGHstPw5bxcy7vVFt7LXUdNjJc"
+        + "K1wxaUKEXDGKt9Vj93FnBTLMX0Pc9HpueV5o1ipX34dn/P3HZB9XK8ScbrE38B1VnIgylStnhVFO"
+        + "Cj9s7qSVqI2L+xYHJRHsxaMumIRnmRuOqdXDfIo28EZAnFtQ/b9BziMGVvAW5+A8h8s2oazhSmK2"
+        + "23ftV7uv98ScgE8fCd3PwT1kKJM83ThTYyBzokvMfPYCCvsonMV+kTWXhWcwjYTS4ukrpR452ZdW"
+        + "l3aJqDnzobt5FK4T8OGciOj+1PxYFZyRmCuafm2Dx6o7Et2Tu/T5HYvhdY9jHyqtDl2PXH4CTnVi"
+        + "gA1YOAArjPVmsZVwAM3Ml46uyXXhcsXwQ1X0Tv4D+PSa/id4UQ2cObOw8Cj1eW2GB8iJIZVqkZaU"
+        + "XBexqgWYOIoxjqODSeoZKiBsTK3c+oOUBqBDueY1i55swE2o6dDt95FluX6iyr/q4w2wLt3upY1J"
+        + "YL+TuvZxAKviuAczMS1bAAAAAAAAAAAAAA==");
+
+    //
+    // signed data
+    //
+    byte[]   signedData = Base64.decode(
+            "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA"
+          + "JIAEDEhlbGxvIFdvcmxkIQAAAAAAAKCCBGIwggINMIIBdqADAgECAgEBMA0GCSqG"
+          + "SIb3DQEBBAUAMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYTAkFV"
+          + "MB4XDTA0MTAyNDA0MzA1OFoXDTA1MDIwMTA0MzA1OFowJTEWMBQGA1UEChMNQm91"
+          + "bmN5IENhc3RsZTELMAkGA1UEBhMCQVUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
+          + "AoGBAJj3OAshAOgDmPcYZ1jdNSuhOHRH9VhC/PG17FdiInVGc2ulJhEifEQga/uq"
+          + "ZCpSd1nHsJUZKm9k1bVneWzC0941i9Znfxgb2jnXXsa5kwB2KEVESrOWsRjSRtnY"
+          + "iLgqBG0rzpaMn5A5ntu7N0406EesBhe19cjZAageEHGZDbufAgMBAAGjTTBLMB0G"
+          + "A1UdDgQWBBR/iHNKOo6f4ByWFFywRNZ65XSr1jAfBgNVHSMEGDAWgBR/iHNKOo6f"
+          + "4ByWFFywRNZ65XSr1jAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFMJJ7QO"
+          + "pHo30bnlQ4Ny3PCnK+Se+Gw3TpaYGp84+a8fGD9Dme78G6NEsgvpFGTyoLxvJ4CB"
+          + "84Kzys+1p2HdXzoZiyXAer5S4IwptE3TxxFwKyj28cRrM6dK47DDyXUkV0qwBAMN"
+          + "luwnk/no4K7ilzN2MZk5l7wXyNa9yJ6CHW6dMIICTTCCAbagAwIBAgIBAjANBgkq"
+          + "hkiG9w0BAQQFADAlMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJB"
+          + "VTAeFw0wNDEwMjQwNDMwNTlaFw0wNTAyMDEwNDMwNTlaMGUxGDAWBgNVBAMTD0Vy"
+          + "aWMgSC4gRWNoaWRuYTEkMCIGCSqGSIb3DQEJARYVZXJpY0Bib3VuY3ljYXN0bGUu"
+          + "b3JnMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTCBnzANBgkq"
+          + "hkiG9w0BAQEFAAOBjQAwgYkCgYEAm+5CnGU6W45iUpCsaGkn5gDruZv3j/o7N6ag"
+          + "mRZhikaLG2JF6ECaX13iioVJfmzBsPKxAACWwuTXCoSSXG8viK/qpSHwJpfQHYEh"
+          + "tcC0CxIqlnltv3KQAGwh/PdwpSPvSNnkQBGvtFq++9gnXDBbynfP8b2L2Eis0X9U"
+          + "2y6gFiMCAwEAAaNNMEswHQYDVR0OBBYEFEAmOksnF66FoQm6IQBVN66vJo1TMB8G"
+          + "A1UdIwQYMBaAFH+Ic0o6jp/gHJYUXLBE1nrldKvWMAkGA1UdEwQCMAAwDQYJKoZI"
+          + "hvcNAQEEBQADgYEAEeIjvNkKMPU/ZYCu1TqjGZPEqi+glntg2hC/CF0oGyHFpMuG"
+          + "tMepF3puW+uzKM1s61ar3ahidp3XFhr/GEU/XxK24AolI3yFgxP8PRgUWmQizTQX"
+          + "pWUmhlsBe1uIKVEfNAzCgtYfJQ8HJIKsUCcdWeCKVKs4jRionsek1rozkPExggEv"
+          + "MIIBKwIBATAqMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYTAkFV"
+          + "AgECMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG"
+          + "SIb3DQEJBTEPFw0wNDEwMjQwNDMwNTlaMCMGCSqGSIb3DQEJBDEWBBQu973mCM5U"
+          + "BOl9XwQvlfifHCMocTANBgkqhkiG9w0BAQEFAASBgGHbe3/jcZu6b/erRhc3PEji"
+          + "MUO8mEIRiNYBr5/vFNhkry8TrGfOpI45m7gu1MS0/vdas7ykvidl/sNZfO0GphEI"
+          + "UaIjMRT3U6yuTWF4aLpatJbbRsIepJO/B2kdIAbV5SCbZgVDJIPOR2qnruHN2wLF"
+          + "a+fEv4J8wQ8Xwvk0C8iMAAAAAAAA");
+
+    private boolean isSameAs(
+        byte[]  a,
+        byte[]  b)
+    {
+        if (a.length != b.length)
+        {
+            return false;
+        }
+        
+        for (int i = 0; i != a.length; i++)
+        {
+            if (a[i] != b[i])
+            {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+    
+    private TestResult compressionTest()
+    {
+        try
+        {
+            ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(compData));
+            
+            ContentInfo     info = ContentInfo.getInstance(aIn.readObject());
+            CompressedData  data = CompressedData.getInstance(info.getContent());
+            
+            data = new CompressedData(data.getCompressionAlgorithmIdentifier(), data.getEncapContentInfo());
+            info = new ContentInfo(CMSObjectIdentifiers.compressedData, data);
+            
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+            
+            aOut.writeObject(info);
+            
+            if (!isSameAs(bOut.toByteArray(), compData))
+            {
+                return new SimpleTestResult(false, getName() + ": CMS compression failed to re-encode");
+            }
+            
+            return new SimpleTestResult(true, getName() + ": Okay");
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": CMS compression failed - " + e.toString(), e);
+        }
+    }
+    
+    private TestResult envelopedTest()
+    {
+        try
+        {
+            //
+            // Key trans
+            //
+            ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(envDataKeyTrns));
+            
+            ContentInfo     info = ContentInfo.getInstance(aIn.readObject());
+            EnvelopedData   envData = EnvelopedData.getInstance(info.getContent());
+            ASN1Set         s = envData.getRecipientInfos();
+            
+            if (s.size() != 1)
+            {
+                return new SimpleTestResult(false, getName() + ": CMS KeyTrans enveloped, wrong number of recipients");
+            }
+            
+            RecipientInfo   recip = RecipientInfo.getInstance(s.getObjectAt(0));
+
+            if (recip.getInfo() instanceof KeyTransRecipientInfo)
+            {
+                KeyTransRecipientInfo   inf = KeyTransRecipientInfo.getInstance(recip.getInfo());
+                
+                inf = new KeyTransRecipientInfo(inf.getRecipientIdentifier(), inf.getKeyEncryptionAlgorithm(), inf.getEncryptedKey());
+                
+                s = new DERSet(new RecipientInfo(inf));
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": CMS KeyTrans enveloped, wrong recipient type");
+            }
+
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+            
+            envData = new EnvelopedData(envData.getOriginatorInfo(), s, envData.getEncryptedContentInfo(), envData.getUnprotectedAttrs());
+            info = new ContentInfo(CMSObjectIdentifiers.envelopedData, envData);
+            
+            aOut.writeObject(info);
+            
+            if (!isSameAs(bOut.toByteArray(), envDataKeyTrns))
+            {
+                return new SimpleTestResult(false, getName() + ": CMS KeyTrans enveloped failed to re-encode");
+            }
+            
+            //
+            // KEK
+            //
+            aIn = new ASN1InputStream(new ByteArrayInputStream(envDataKEK));
+            
+            info = ContentInfo.getInstance(aIn.readObject());
+            envData = EnvelopedData.getInstance(info.getContent());
+            s = envData.getRecipientInfos();
+            
+            if (s.size() != 1)
+            {
+                return new SimpleTestResult(false, getName() + ": CMS KEK enveloped, wrong number of recipients");
+            }
+            
+            recip = RecipientInfo.getInstance(s.getObjectAt(0));
+
+            if (recip.getInfo() instanceof KEKRecipientInfo)
+            {
+                KEKRecipientInfo   inf = KEKRecipientInfo.getInstance(recip.getInfo());
+                
+                inf = new KEKRecipientInfo(inf.getKekid(), inf.getKeyEncryptionAlgorithm(), inf.getEncryptedKey());
+                
+                s = new DERSet(new RecipientInfo(inf));
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": CMS KEK enveloped, wrong recipient type");
+            }
+            
+            bOut = new ByteArrayOutputStream();
+            aOut = new ASN1OutputStream(bOut);
+            
+            envData = new EnvelopedData(envData.getOriginatorInfo(), s, envData.getEncryptedContentInfo(), envData.getUnprotectedAttrs());
+            info = new ContentInfo(CMSObjectIdentifiers.envelopedData, envData);
+            
+            aOut.writeObject(info);
+            
+            if (!isSameAs(bOut.toByteArray(), envDataKEK))
+            {                                                         System.out.println(new String(Base64.encode(bOut.toByteArray())));
+                return new SimpleTestResult(false, getName() + ": CMS KEK enveloped failed to re-encode");
+            }
+
+            // Nested NDEF problem
+            ASN1StreamParser asn1In = new ASN1StreamParser(new ByteArrayInputStream(envDataNestedNDEF));
+            ContentInfoParser ci = new ContentInfoParser((ASN1SequenceParser)asn1In.readObject());
+            EnvelopedDataParser ed = new EnvelopedDataParser((ASN1SequenceParser)ci
+                .getContent(BERTags.SEQUENCE));
+            ed.getVersion();
+            ed.getOriginatorInfo();
+            ed.getRecipientInfos().toASN1Primitive();
+            EncryptedContentInfoParser eci = ed.getEncryptedContentInfo();
+            eci.getContentType();
+            eci.getContentEncryptionAlgorithm();
+
+            InputStream dataIn = ((ASN1OctetStringParser)eci.getEncryptedContent(BERTags.OCTET_STRING))
+                .getOctetStream();
+            Streams.drain(dataIn);
+            dataIn.close();
+
+            // Test data doesn't have unprotected attrs, bug was being thrown by this call
+            ASN1SetParser upa = ed.getUnprotectedAttrs();
+            if (upa != null)
+            {
+                upa.toASN1Primitive();
+            }
+
+            return new SimpleTestResult(true, getName() + ": Okay");
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": CMS enveloped failed - " + e.toString(), e);
+        }
+    }
+    
+    private TestResult signedTest()
+    {
+        try
+        {
+            ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(signedData));
+            
+            ContentInfo     info = ContentInfo.getInstance(aIn.readObject());
+            SignedData      sData = SignedData.getInstance(info.getContent());
+            
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+            
+            sData = new SignedData(sData.getDigestAlgorithms(), sData.getEncapContentInfo(), sData.getCertificates(), sData.getCRLs(), sData.getSignerInfos());
+            info = new ContentInfo(CMSObjectIdentifiers.signedData, sData);
+            
+            aOut.writeObject(info);
+            
+            if (!isSameAs(bOut.toByteArray(), signedData))
+            {
+                return new SimpleTestResult(false, getName() + ": CMS signed failed to re-encode");
+            }
+            
+            return new SimpleTestResult(true, getName() + ": Okay");
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": CMS signed failed - " + e.toString(), e);
+        }
+    }
+    
+    public TestResult perform()
+    {
+        TestResult  res = compressionTest();
+        
+        if (!res.isSuccessful())
+        {
+            return res;
+        }
+        
+        res = envelopedTest();
+        if (!res.isSuccessful())
+        {
+            return res;
+        }
+        
+        return signedTest();
+    }
+
+    public String getName()
+    {
+        return "CMS";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        CMSTest    test = new CMSTest();
+        TestResult result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/CertHashUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/CertHashUnitTest.java
new file mode 100644
index 0000000..62c81d4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/CertHashUnitTest.java
@@ -0,0 +1,84 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.isismtt.ocsp.CertHash;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+
+public class CertHashUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "CertHash";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        AlgorithmIdentifier algId = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.2.3"));
+        byte[]              digest = new byte[20];
+        
+        CertHash certID = new CertHash(algId, digest);
+
+        checkConstruction(certID, algId, digest);
+
+        certID = CertHash.getInstance(null);
+
+        if (certID != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            CertHash.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        CertHash certHash,
+        AlgorithmIdentifier algId,
+        byte[] digest)
+        throws IOException
+    {
+        checkValues(certHash, algId, digest);
+
+        certHash = CertHash.getInstance(certHash);
+
+        checkValues(certHash, algId, digest);
+
+        ASN1InputStream aIn = new ASN1InputStream(certHash.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        certHash = CertHash.getInstance(seq);
+
+        checkValues(certHash, algId, digest);
+    }
+
+    private void checkValues(
+        CertHash certHash,
+        AlgorithmIdentifier algId,
+        byte[] digest)
+    {
+        checkMandatoryField("algorithmHash", algId, certHash.getHashAlgorithm());
+
+        checkMandatoryField("certificateHash", digest, certHash.getCertificateHash());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new CertHashUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/CertificateTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/CertificateTest.java
new file mode 100644
index 0000000..6aa8cef
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/CertificateTest.java
@@ -0,0 +1,602 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.util.Enumeration;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.AttCertIssuer;
+import org.bouncycastle.asn1.x509.AttCertValidityPeriod;
+import org.bouncycastle.asn1.x509.Attribute;
+import org.bouncycastle.asn1.x509.AttributeCertificate;
+import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
+import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.CRLDistPoint;
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.asn1.x509.DistributionPoint;
+import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.Extensions;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.Holder;
+import org.bouncycastle.asn1.x509.KeyPurposeId;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.PolicyInformation;
+import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
+import org.bouncycastle.asn1.x509.TBSCertificate;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class CertificateTest
+    extends SimpleTest
+{
+    //
+    // server.crt
+    //
+    byte[]  cert1 = Base64.decode(
+           "MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
+         + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
+         + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
+         + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
+         + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2"
+         + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
+         + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
+         + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l"
+         + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv"
+         + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re"
+         + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO"
+         + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE"
+         + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy"
+         + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0"
+         + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw"
+         + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL"
+         + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4"
+         + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF"
+         + "5/8=");
+
+    //
+    // ca.crt
+    //
+    byte[]  cert2 = Base64.decode(
+           "MIIDbDCCAtWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
+         + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
+         + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
+         + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
+         + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU1MzNaFw0wMTA2"
+         + "MDIwNzU1MzNaMIG3MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
+         + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
+         + "dGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMQ29u"
+         + "bmVjdCA0IENBMSgwJgYJKoZIhvcNAQkBFhl3ZWJtYXN0ZXJAY29ubmVjdDQuY29t"
+         + "LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgs5ptNG6Qv1ZpCDuUNGmv"
+         + "rhjqMDPd3ri8JzZNRiiFlBA4e6/ReaO1U8ASewDeQMH6i9R6degFdQRLngbuJP0s"
+         + "xcEE+SksEWNvygfzLwV9J/q+TQDyJYK52utb++lS0b48A1KPLwEsyL6kOAgelbur"
+         + "ukwxowprKUIV7Knf1ajetQIDAQABo4GFMIGCMCQGA1UdEQQdMBuBGXdlYm1hc3Rl"
+         + "ckBjb25uZWN0NC5jb20uYXUwDwYDVR0TBAgwBgEB/wIBADA2BglghkgBhvhCAQ0E"
+         + "KRYnbW9kX3NzbCBnZW5lcmF0ZWQgY3VzdG9tIENBIGNlcnRpZmljYXRlMBEGCWCG"
+         + "SAGG+EIBAQQEAwICBDANBgkqhkiG9w0BAQQFAAOBgQCsGvfdghH8pPhlwm1r3pQk"
+         + "msnLAVIBb01EhbXm2861iXZfWqGQjrGAaA0ZpXNk9oo110yxoqEoSJSzniZa7Xtz"
+         + "soTwNUpE0SLHvWf/SlKdFWlzXA+vOZbzEv4UmjeelekTm7lc01EEa5QRVzOxHFtQ"
+         + "DhkaJ8VqOMajkQFma2r9iA==");
+
+    //
+    // testx509.pem
+    //
+    byte[]  cert3 = Base64.decode(
+           "MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV"
+         + "BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz"
+         + "MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM"
+         + "RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF"
+         + "AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO"
+         + "/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE"
+         + "Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ"
+         + "zl9HYIMxATFyqSiD9jsx");
+
+    //
+    // v3-cert1.pem
+    //
+    byte[]  cert4 = Base64.decode(
+           "MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx"
+         + "NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz"
+         + "dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw"
+         + "ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu"
+         + "ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2"
+         + "ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp"
+         + "miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C"
+         + "AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK"
+         + "Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x"
+         + "DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR"
+         + "MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB"
+         + "AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21"
+         + "X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3"
+         + "WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO");
+
+    //
+    // v3-cert2.pem
+    //
+    byte[]  cert5 = Base64.decode(
+           "MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD"
+         + "YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0"
+         + "ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu"
+         + "dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1"
+         + "WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV"
+         + "BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx"
+         + "FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA"
+         + "6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT"
+         + "G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ"
+         + "YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm"
+         + "b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc"
+         + "F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz"
+         + "lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap"
+         + "jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=");
+
+   byte[] cert6 = Base64.decode(
+       "MIIEDjCCAvagAwIBAgIEFAAq2jANBgkqhkiG9w0BAQUFADBLMSowKAYDVQQDEyFT"
+    + "dW4gTWljcm9zeXN0ZW1zIEluYyBDQSAoQ2xhc3MgQikxHTAbBgNVBAoTFFN1biBN"
+    + "aWNyb3N5c3RlbXMgSW5jMB4XDTA0MDIyOTAwNDMzNFoXDTA5MDMwMTAwNDMzNFow"
+    + "NzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxFjAUBgNVBAMTDXN0b3Jl"
+    + "LnN1bi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAP9ErzFT7MPg2bVV"
+    + "LNmHTgN4kmiRNlPpuLGWS7EDIXYBbLeSSOCp/e1ANcOGnsuf0WIq9ejd/CPyEfh4"
+    + "sWoVvQzpOfHZ/Jyei29PEuxzWT+4kQmCx3+sLK25lAnDFsz1KiFmB6Y3GJ/JSjpp"
+    + "L0Yy1R9YlIc82I8gSw44y5JDABW5AgMBAAGjggGQMIIBjDAOBgNVHQ8BAf8EBAMC"
+    + "BaAwHQYDVR0OBBYEFG1WB3PApZM7OPPVWJ31UrERaoKWMEcGA1UdIARAMD4wPAYL"
+    + "YIZIAYb3AIN9k18wLTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5zdW4uY29tL3Br"
+    + "aS9jcHMuaHRtbDCBhQYDVR0fBH4wfDB6oCegJYYjaHR0cDovL3d3dy5zdW4uY29t"
+    + "L3BraS9wa2lzbWljYS5jcmyiT6RNMEsxKjAoBgNVBAMTIVN1biBNaWNyb3N5c3Rl"
+    + "bXMgSW5jIENBIChDbGFzcyBCKTEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJ"
+    + "bmMwHwYDVR0jBBgwFoAUT7ZnqR/EEBSgG6h1wdYMI5RiiWswVAYIKwYBBQUHAQEE"
+    + "SDBGMB0GCCsGAQUFBzABhhFodHRwOi8vdmEuc3VuLmNvbTAlBggrBgEFBQcwAYYZ"
+    + "aHR0cDovL3ZhLmNlbnRyYWwuc3VuLmNvbTATBgNVHSUEDDAKBggrBgEFBQcDATAN"
+    + "BgkqhkiG9w0BAQUFAAOCAQEAq3byQgyU24tBpR07iQK7agm1zQyzDQ6itdbji0ln"
+    + "T7fOd5Pnp99iig8ovwWliNtXKAmgtJY60jWz7nEuk38AioZJhS+RPWIWX/+2PRV7"
+    + "s2aWTzM3n43BypD+jU2qF9c9kDWP/NW9K9IcrS7SfU/2MZVmiCMD/9FEL+CWndwE"
+    + "JJQ/oenXm44BFISI/NjV7fMckN8EayPvgtzQkD5KnEiggOD6HOrwTDFR+tmAEJ0K"
+    + "ZttQNwOzCOcEdxXTg6qBHUbONdL7bjTT5NzV+JR/bnfiCqHzdnGwfbHzhmrnXw8j"
+    + "QCVXcfBfL9++nmpNNRlnJMRdYGeCY6OAfh/PRo8/fXak1Q==");
+   
+   byte[] cert7 = Base64.decode(
+     "MIIFJDCCBAygAwIBAgIKEcJZuwAAAAAABzANBgkqhkiG9w0BAQUFADAPMQ0wCwYD"
+    + "VQQDEwRNU0NBMB4XDTA0MDUyMjE2MTM1OFoXDTA1MDUyMjE2MjM1OFowaTEbMBkG"
+    + "CSqGSIb3DQEJCBMMMTkyLjE2OC4xLjMzMScwJQYJKoZIhvcNAQkCExhwaXhmaXJl"
+    + "d2FsbC5jaXNjb3BpeC5jb20xITAfBgNVBAMTGHBpeGZpcmV3YWxsLmNpc2NvcGl4"
+    + "LmNvbTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQCbcsY7vrjweXZiFQdhUafEjJV+"
+    + "HRy5UKmuCy0237ffmYrN+XNLw0h90cdCSK6KPZebd2E2Bc2UmTikc/FY8meBT3/E"
+    + "O/Osmywzi++Ur8/IrDvtuR1zd0c/xEPnV1ZRezkCAwEAAaOCAs4wggLKMAsGA1Ud"
+    + "DwQEAwIFoDAdBgNVHQ4EFgQUzJBSxkQiN9TKvhTMQ1/Aq4gZnHswHwYDVR0jBBgw"
+    + "FoAUMsxzXVh+5UKMNpwNHmqSfcRYfJ4wgfcGA1UdHwSB7zCB7DCB6aCB5qCB44aB"
+    + "r2xkYXA6Ly8vQ049TVNDQSxDTj1NQVVELENOPUNEUCxDTj1QdWJsaWMlMjBLZXkl"
+    + "MjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWludCxE"
+    + "Qz1wcmltZWtleSxEQz1zZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/"
+    + "b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGL2h0dHA6Ly9tYXVkLmlu"
+    + "dC5wcmltZWtleS5zZS9DZXJ0RW5yb2xsL01TQ0EuY3JsMIIBEAYIKwYBBQUHAQEE"
+    + "ggECMIH/MIGqBggrBgEFBQcwAoaBnWxkYXA6Ly8vQ049TVNDQSxDTj1BSUEsQ049"
+    + "UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJh"
+    + "dGlvbixEQz1pbnQsREM9cHJpbWVrZXksREM9c2U/Y0FDZXJ0aWZpY2F0ZT9iYXNl"
+    + "P29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwUAYIKwYBBQUHMAKG"
+    + "RGh0dHA6Ly9tYXVkLmludC5wcmltZWtleS5zZS9DZXJ0RW5yb2xsL01BVUQuaW50"
+    + "LnByaW1la2V5LnNlX01TQ0EuY3J0MCwGA1UdEQEB/wQiMCCCGHBpeGZpcmV3YWxs"
+    + "LmNpc2NvcGl4LmNvbYcEwKgBITA/BgkrBgEEAYI3FAIEMh4wAEkAUABTAEUAQwBJ"
+    + "AG4AdABlAHIAbQBlAGQAaQBhAHQAZQBPAGYAZgBsAGkAbgBlMA0GCSqGSIb3DQEB"
+    + "BQUAA4IBAQCa0asiPbObLJjpSz6ndJ7y4KOWMiuuBc/VQBnLr7RBCF3ZlZ6z1+e6"
+    + "dmv8se/z11NgateKfxw69IhLCriA960HEgX9Z61MiVG+DrCFpbQyp8+hPFHoqCZN"
+    + "b7upc8k2OtJW6KPaP9k0DW52YQDIky4Vb2rZeC4AMCorWN+KlndHhr1HFA14HxwA"
+    + "4Mka0FM6HNWnBV2UmTjBZMDr/OrGH1jLYIceAaZK0X2R+/DWXeeqIga8jwP5empq"
+    + "JetYnkXdtTbEh3xL0BX+mZl8vDI+/PGcwox/7YjFmyFWphRMxk9CZ3rF2/FQWMJP"
+    + "YqQpKiQOmQg5NAhcwffLAuVjVVibPYqi");
+
+   byte[] cert8 = Base64.decode(
+     "MIIB0zCCATwCAQEwbqBsMGekZTBjMQswCQYDVQQGEwJERTELMAkGA1UECBMCQlkx"
+    + "EzARBgNVBAcTClJlZ2Vuc2J1cmcxEDAOBgNVBAoTB0FDIFRlc3QxCzAJBgNVBAsT" 
+    + "AkNBMRMwEQYDVQQDEwpBQyBUZXN0IENBAgEBoHYwdKRyMHAxCzAJBgNVBAYTAkRF"
+    + "MQswCQYDVQQIEwJCWTETMBEGA1UEBxMKUmVnZW5zYnVyZzESMBAGA1UEChMJQUMg"
+    + "SXNzdWVyMRowGAYDVQQLExFBQyBJc3N1ZXIgc2VjdGlvbjEPMA0GA1UEAxMGQUMg"
+    + "TWFuMA0GCSqGSIb3DQEBBQUAAgEBMCIYDzIwMDQxMTI2MTI1MjUxWhgPMjAwNDEy"
+    + "MzEyMzAwMDBaMBkwFwYDVRhIMRAwDoEMREFVMTIzNDU2Nzg5MA0GCSqGSIb3DQEB"
+    + "BQUAA4GBABd4Odx3yEMGL/BvItuT1RafNR2uuWuZbajg0pD6bshUsl+WCIfRiEkq"
+    + "lHMkpI7WqAZikdnAEQ5jQsVWEuVejWxR6gjejKxc0fb9qpIui7/GoI5Eh6dmG20e"
+    + "xbwJL3+6YYFrZwxR8cC5rPvWrblUR5XKJy+Zp/H5+t9iANnL1L8J");
+
+    // V1 attribute certificate
+    private static final byte[] attrCertv1 = Base64.decode(
+        "MIIFdDCCBFygXTBbMFOkUTBPMQswCQYDVQQGEwJERTEcMBoGA1UECgwTRGV1"
+      + "dHNjaGUgVGVsZWtvbSBBRzEiMCAGA1UEAwwZVGVsZVNlYyBQS1MgU2lnRyBD"
+      + "QSAxNzpQTgIEG1toDjBTpFEwTzELMAkGA1UEBhMCREUxHDAaBgNVBAoME0Rl"
+      + "dXRzY2hlIFRlbGVrb20gQUcxIjAgBgNVBAMMGVRlbGVTZWMgUEtTIFNpZ0cg"
+      + "Q0EgMjU6UE4wDQYJKoZIhvcNAQELBQACBCep3f0wIhgPMjAxMDA0MTIxMTI5"
+      + "MTJaGA8yMDEyMDQxMjEwNTkyOFowggGmMIIBogYFKyQIAwgxggGXDIIBk1Ro"
+      + "ZSBxdWFsaWZpZWQgc2lnbmF0dXJlIGF0IGhhbmQgaXMgcmVzdHJpY3RlZCB0"
+      + "byBwcmVzZW50aW5nIGludm9pY2VzIG9yIGNyZWRpdHMgdG8gY3VzdG9tZXJz"
+      + "IGFjY29yZGluZyB0byBFVSBDb3VuY2lsIGRpcmVjdGl2ZSAyMDAxLzExNS9F"
+      + "QyAoMjB0aCBEZWNlbWJlciAyMDAxKSBhbmQgR2VybWFuIFZBVCB0YXggKMKn"
+      + "MTQgVVN0RykuICBEaWUgdm9ybGllZ2VuZGUgcXVhbGlmaXppZXJ0ZSBTaWdu"
+      + "YXR1ciBpc3QgYXVmIGRpZSAgUHJhZXNlbnRhdGlvbiB2b24gUmVjaG51bmdl"
+      + "biBvZGVyIEd1dHNjaHJpZnRlbiBnZW1hZXNzIEVVIERpcmVrdGl2ZSAyMDAx"
+      + "LzExNS9FQyAoMjAuIERlemVtYmVyIDIwMDEpIHVuZCBkZXV0c2NoZW0gVW1z"
+      + "YXR6c3RldWVyZ2VzZXR6ICAowqcxNCBVU3RHKSBiZXNjaHJhZW5rdC4wggHB"
+      + "MB8GA1UdIwQYMBaAFM6i1yR/z8IikpxpU/Fdh8BPxhq8MEMGA1UdIAQ8MDow"
+      + "OAYFKyQIAQEwLzAtBggrBgEFBQcCARYhaHR0cDovL3Brcy50ZWxlc2VjLmRl"
+      + "L2Nwcy9jcHMucGRmMIIBBAYDVR0fBIH8MIH5MIH2oG2ga4Y1bGRhcDovL3Br"
+      + "cy1sZGFwLnRlbGVzZWMuZGUvbz1EZXV0c2NoZSBUZWxla29tIEFHLGM9ZGWG"
+      + "Mmh0dHA6Ly9wa3MudGVsZXNlYy5kZS90ZWxlc2VjL3NlcnZsZXQvZG93bmxv"
+      + "YWRfY3JsooGEpIGBMH8xCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2No"
+      + "ZSBUZWxla29tIEFHMR8wHQYDVQQLFBZQcm9kdWt0emVudHJ1bSBUZWxlU2Vj"
+      + "MTEwDAYHAoIGAQoHFBMBMTAhBgNVBAMUGlRlbGVTZWMgUEtTIFNpZ0cgRElS"
+      + "IDM1OlBOMDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAYYbaHR0cDovL3Br"
+      + "cy50ZWxlc2VjLmRlL29jc3ByMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEw"
+      + "DQYJKoZIhvcNAQELBQADggEBAEz2OvU9YytJUKHMDQcND5njIyUXTkSrlWjV"
+      + "F28uwxVlveO4JPTAY7PvXy69HUuTPwlvqCfJIUF2RLPZFQx0wFto8ajC9v5X"
+      + "SqwQcINXRakpE6FPAdQFnH44TaIQWXW1hy9xr8GuD0uhQLTJGYqVzHfLoM8e"
+      + "llPNHUVhC7CEOxDb1PTHCUlQFNkFRmeeqzEVoj1F0pM6wI5zf8+w2WwrFPCD"
+      + "jrjEr/VoBRoEi/tKnsLq6oOkizUKT0KJEnSyYxoOa7euT1yX+Co94SPnMZi5"
+      + "qukHSj8Kiio6Jecl//qDPG/mHo1ro+8rH+rbze7EEfKMp5yeWCwXGthL9oYo"
+      + "RYl+UuI=");
+
+
+    // bad issuer certificate
+    private static final byte[] dudCert = Base64.decode(
+        "MIICLzCCAZgCBFp/9TowDQYJKoZIhvcNAQEFBQAwAjEAMB4XDTA4MDcyNTEzNTQ0" +
+        "MFoXDTEzMDgyNTA1MDAwMFowgboxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRJb3dh" +
+        "MRMwEQYDVQQHEwpEZXMgTW9pbmVzMT0wOwYDVQQKEzRTdGF0ZSBvZiBJb3dhLCBE" +
+        "ZXBhcnRtZW50IG9mIEFkbWluaXN0cmF0aXZlIFNlcnZpY2VzMSowKAYDVQQLEyFJ" +
+        "bmZvcm1hdGlvbiBUZWNobm9sb2d5IEVudGVycHJpc2UxHDAaBgNVBAMTE3d3dy5k" +
+        "b20uc3RhdGUuaWEudXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK0C7Jca" +
+        "C0RiD0hcBcPUdGc78y815yPuHGmF/A2K+3LbwfFXDhsY7ebRxHVfL7gt+nFBvJ2r" +
+        "MqDBIMHFB3vYdSnGbND41eso6cLnzkMVtSisG25Tat3F8BF/js54sa0mFEn4qMQ+" +
+        "6T6jxyPflsjKpmi6L7lfRdPNbBbKSmK9ik2lAgMBAAEwDQYJKoZIhvcNAQEFBQAD" +
+        "gYEAc9Rx95MiPzJiCn3nOoP+3PPQCGTyUcUWZfYKXuC7aOzMYUXes71Q3K1/W6Vy" +
+        "V2Tlrbj0KT8j2/kBmy8+7d5whnUklJNsH6VJMst3V4Uxvk3os+uaW0FHsW389sNY" +
+        "/5LdslDjfqV2nUc2GqDPn38PATL26SRJKlCvU2NagdID3WM="
+    );
+
+   String[] subjects = 
+   {
+       "C=AU,ST=Victoria,L=South Melbourne,O=Connect 4 Pty Ltd,OU=Webserver Team,CN=www2.connect4.com.au,E=webmaster@connect4.com.au",
+       "C=AU,ST=Victoria,L=South Melbourne,O=Connect 4 Pty Ltd,OU=Certificate Authority,CN=Connect 4 CA,E=webmaster@connect4.com.au",
+       "C=AU,ST=QLD,CN=SSLeay/rsa test cert",
+       "C=US,O=National Aeronautics and Space Administration,SERIALNUMBER=16+CN=Steve Schoch",
+       "E=cooke@issl.atl.hp.com,C=US,OU=Hewlett Packard Company (ISSL),CN=Paul A. Cooke",
+       "O=Sun Microsystems Inc,CN=store.sun.com",
+       "unstructuredAddress=192.168.1.33,unstructuredName=pixfirewall.ciscopix.com,CN=pixfirewall.ciscopix.com"
+    };
+
+    public String getName()
+    {
+        return "Certificate";
+    }
+
+    public void checkCertificate(
+        int     id,
+        byte[]  cert)
+        throws Exception
+    {
+        ByteArrayInputStream bIn = new ByteArrayInputStream(cert);
+        ASN1InputStream aIn = new ASN1InputStream(bIn);
+
+        ASN1Sequence      seq = (ASN1Sequence)aIn.readObject();
+//        String dump = ASN1Dump.dumpAsString(seq);
+
+        Certificate obj = Certificate.getInstance(seq);
+        TBSCertificate     tbsCert = obj.getTBSCertificate();
+        
+        if (!tbsCert.getSubject().toString().equals(subjects[id - 1]))
+        {
+            fail("failed subject test for certificate id " + id + " got " + tbsCert.getSubject().toString());
+        }
+        
+        if (tbsCert.getVersionNumber() == 3)
+        {
+            Extensions                ext = tbsCert.getExtensions();
+            if (ext != null)
+            {
+                Enumeration    en = ext.oids();
+                while (en.hasMoreElements())
+                {
+                    ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)en.nextElement();
+                    Extension            extVal = ext.getExtension(oid);
+                    
+                    ASN1OctetString        oct = extVal.getExtnValue();
+                    ASN1InputStream        extIn = new ASN1InputStream(new ByteArrayInputStream(oct.getOctets()));
+                    
+                    if (oid.equals(Extension.subjectKeyIdentifier))
+                    {
+                        SubjectKeyIdentifier si = SubjectKeyIdentifier.getInstance(extIn.readObject());
+
+                        if (!si.equals(SubjectKeyIdentifier.fromExtensions(ext)))
+                        {
+                            fail("SubjectKeyIdentifier not matched");
+                        }
+                    }
+                    else if (oid.equals(Extension.keyUsage))
+                    {
+                        KeyUsage ku = KeyUsage.getInstance(extIn.readObject());
+
+                        if (!ku.equals(KeyUsage.fromExtensions(ext)))
+                        {
+                            fail("KeyUsage not matched");
+                        }
+                    }
+                    else if (oid.equals(Extension.extendedKeyUsage))
+                    {
+                        ExtendedKeyUsage ku = ExtendedKeyUsage.getInstance(extIn.readObject());
+                        
+                        ASN1Sequence    sq = (ASN1Sequence)ku.toASN1Primitive();
+                        for (int i = 0; i != sq.size(); i++)
+                        {
+                            ASN1ObjectIdentifier    p = ASN1ObjectIdentifier.getInstance(KeyPurposeId.getInstance(sq.getObjectAt(i)));
+                        }
+
+                        if (!ku.equals(ExtendedKeyUsage.fromExtensions(ext)))
+                        {
+                            fail("ExtendedKeyUsage not matched");
+                        }
+                    }
+                    else if (oid.equals(Extension.subjectAlternativeName))
+                    {
+                        GeneralNames    gn = GeneralNames.getInstance(extIn.readObject());
+                        
+                        ASN1Sequence    sq = (ASN1Sequence)gn.toASN1Primitive();
+                        for (int i = 0; i != sq.size(); i++)
+                        {
+                            GeneralName    n = GeneralName.getInstance(sq.getObjectAt(i));
+                        }
+                    }
+                    else if (oid.equals(Extension.issuerAlternativeName))
+                    {
+                        GeneralNames    gn = GeneralNames.getInstance(extIn.readObject());
+                        
+                        ASN1Sequence    sq = (ASN1Sequence)gn.toASN1Primitive();
+                        for (int i = 0; i != sq.size(); i++)
+                        {
+                            GeneralName    n = GeneralName.getInstance(sq.getObjectAt(i));
+                        }
+                    }
+                    else if (oid.equals(Extension.cRLDistributionPoints))
+                    {
+                        CRLDistPoint    p = CRLDistPoint.getInstance(extIn.readObject());
+                        
+                        DistributionPoint[] points = p.getDistributionPoints();
+                        for (int i = 0; i != points.length; i++)
+                        {
+                            // do nothing
+                        }
+                    }
+                    else if (oid.equals(Extension.certificatePolicies))
+                    {
+                        ASN1Sequence    cp = (ASN1Sequence)extIn.readObject();
+                        
+                        for (int i = 0; i != cp.size(); i++)
+                        {
+                            PolicyInformation.getInstance(cp.getObjectAt(i));
+                        }
+                    }
+                    else if (oid.equals(Extension.authorityKeyIdentifier))
+                    {
+                        AuthorityKeyIdentifier    auth = AuthorityKeyIdentifier.getInstance(extIn.readObject());
+
+                        if (!auth.equals(AuthorityKeyIdentifier.fromExtensions(ext)))
+                        {
+                            fail("AuthorityKeyIdentifier not matched");
+                        }
+                    }
+                    else if (oid.equals(Extension.basicConstraints))
+                    {
+                        BasicConstraints    bc = BasicConstraints.getInstance(extIn.readObject());
+
+                        if (!bc.equals(BasicConstraints.fromExtensions(ext)))
+                        {
+                            fail("BasicConstraints not matched");
+                        }
+                    }
+                    else
+                    {
+                        //System.out.println(oid.getId());
+                    }
+                }
+            }
+        }
+    }
+
+
+    public void checkAttributeCertificate(
+        int     id,
+        byte[]  cert)
+        throws Exception
+    {
+        ByteArrayInputStream bIn;
+        ASN1InputStream aIn;
+
+        bIn = new ByteArrayInputStream(cert);
+        aIn = new ASN1InputStream(bIn);
+
+        ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
+//        String dump = ASN1Dump.dumpAsString(seq);
+
+        AttributeCertificate obj = AttributeCertificate.getInstance(seq);
+        AttributeCertificateInfo acInfo = obj.getAcinfo();
+
+        // Version
+        if (!(acInfo.getVersion().equals(new ASN1Integer(1)))
+                && (!(acInfo.getVersion().equals(new ASN1Integer(2)))))
+        {
+            fail(
+                    "failed AC Version test for id " + id);
+        }
+
+        // Holder
+        Holder h = acInfo.getHolder();
+        if (h == null)
+        {
+            fail(
+                    "failed AC Holder test, it's null, for id " + id);
+        }
+
+        // Issuer
+        AttCertIssuer aci = acInfo.getIssuer();
+        if (aci == null)
+        {
+            fail(
+                    "failed AC Issuer test, it's null, for id " + id);
+        }
+
+        // Signature
+        AlgorithmIdentifier sig = acInfo.getSignature();
+        if (sig == null)
+        {
+            fail(
+                    "failed AC Signature test for id " + id);
+        }
+
+        // Serial
+        ASN1Integer serial = acInfo.getSerialNumber();
+
+        // Validity
+        AttCertValidityPeriod validity = acInfo.getAttrCertValidityPeriod();
+        if (validity == null)
+        {
+            fail("failed AC AttCertValidityPeriod test for id " + id);
+        }
+
+        // Attributes
+        ASN1Sequence attribSeq = acInfo.getAttributes();
+        Attribute att[] = new Attribute[attribSeq.size()];
+        for (int i = 0; i < attribSeq.size(); i++)
+        {
+            att[i] = Attribute.getInstance(attribSeq.getObjectAt(i));
+        }
+
+        // IssuerUniqueId
+        // TODO, how to best test?
+
+        // X509 Extensions
+        Extensions ext = acInfo.getExtensions();
+        if (ext != null)
+        {
+            Enumeration en = ext.oids();
+            while (en.hasMoreElements())
+            {
+                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) en
+                        .nextElement();
+                Extension extVal = ext.getExtension(oid);
+            }
+        }
+    }
+
+    public void checkV1AttributeCertificate(
+        int     id,
+        byte[]  cert)
+        throws Exception
+    {
+        ByteArrayInputStream bIn;
+        ASN1InputStream aIn;
+
+        bIn = new ByteArrayInputStream(cert);
+        aIn = new ASN1InputStream(bIn);
+
+        ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
+        //String dump = ASN1Dump.dumpAsString(seq);
+
+        AttributeCertificate obj = AttributeCertificate.getInstance(seq);
+        AttributeCertificateInfo acInfo = obj.getAcinfo();
+
+        // Version
+        if (!(acInfo.getVersion().equals(new ASN1Integer(0))))
+        {
+            fail(
+                    "failed AC Version test for id " + id);
+        }
+
+        // Holder
+        Holder h = acInfo.getHolder();
+        if (h == null)
+        {
+            fail(
+                    "failed AC Holder test, it's null, for id " + id);
+        }
+
+        // Issuer
+        AttCertIssuer aci = acInfo.getIssuer();
+        if (aci == null)
+        {
+            fail(
+                    "failed AC Issuer test, it's null, for id " + id);
+        }
+
+        // Signature
+        AlgorithmIdentifier sig = acInfo.getSignature();
+        if (sig == null)
+        {
+            fail(
+                    "failed AC Signature test for id " + id);
+        }
+
+        // Serial
+        ASN1Integer serial = acInfo.getSerialNumber();
+
+        // Validity
+        AttCertValidityPeriod validity = acInfo.getAttrCertValidityPeriod();
+        if (validity == null)
+        {
+            fail("failed AC AttCertValidityPeriod test for id " + id);
+        }
+
+        // Attributes
+        ASN1Sequence attribSeq = acInfo.getAttributes();
+        Attribute att[] = new Attribute[attribSeq.size()];
+        for (int i = 0; i < attribSeq.size(); i++)
+        {
+            att[i] = Attribute.getInstance(attribSeq.getObjectAt(i));
+        }
+
+        // IssuerUniqueId
+        // TODO, how to best test?
+
+        // X509 Extensions
+        Extensions ext = acInfo.getExtensions();
+        if (ext != null)
+        {
+            Enumeration en = ext.oids();
+            while (en.hasMoreElements())
+            {
+                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) en
+                        .nextElement();
+                Extension extVal = ext.getExtension(oid);
+            }
+        }
+    }
+
+    private void checkDudCertificate()
+    {
+        Certificate cert = Certificate.getInstance(dudCert);
+
+        if (!"".equals(cert.getIssuer().toString()))
+        {
+            fail("empty issuer not recognised correctly");
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        checkCertificate(1, cert1);
+        checkCertificate(2, cert2);
+        checkCertificate(3, cert3);
+        checkCertificate(4, cert4);
+        checkCertificate(5, cert5);
+        checkCertificate(6, cert6);
+        checkCertificate(7, cert7);
+        checkAttributeCertificate(8,cert8);
+        checkV1AttributeCertificate(9, attrCertv1);
+        checkDudCertificate();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new CertificateTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/CommitmentTypeIndicationUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/CommitmentTypeIndicationUnitTest.java
new file mode 100644
index 0000000..0ce1c23
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/CommitmentTypeIndicationUnitTest.java
@@ -0,0 +1,103 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.esf.CommitmentTypeIdentifier;
+import org.bouncycastle.asn1.esf.CommitmentTypeIndication;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class CommitmentTypeIndicationUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "CommitmentTypeIndication";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        CommitmentTypeIndication cti = new CommitmentTypeIndication(CommitmentTypeIdentifier.proofOfOrigin);
+        
+        checkConstruction(cti, CommitmentTypeIdentifier.proofOfOrigin, null);
+        
+        ASN1Sequence qualifier = new DERSequence(new ASN1ObjectIdentifier("1.2"));
+        
+        cti = new CommitmentTypeIndication(CommitmentTypeIdentifier.proofOfOrigin, qualifier);
+
+        checkConstruction(cti, CommitmentTypeIdentifier.proofOfOrigin, qualifier);
+        
+        cti = CommitmentTypeIndication.getInstance(null);
+        
+        if (cti != null)
+        {
+            fail("null getInstance() failed.");
+        }
+        
+        try
+        {
+            CommitmentTypeIndication.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+         CommitmentTypeIndication mv,
+         ASN1ObjectIdentifier commitmenttTypeId,
+         ASN1Encodable qualifier) 
+         throws IOException
+    {
+        checkStatement(mv, commitmenttTypeId, qualifier);
+        
+        mv = CommitmentTypeIndication.getInstance(mv);
+        
+        checkStatement(mv, commitmenttTypeId, qualifier);
+        
+        ASN1InputStream aIn = new ASN1InputStream(mv.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+        
+        mv = CommitmentTypeIndication.getInstance(seq);
+        
+        checkStatement(mv, commitmenttTypeId, qualifier);
+    }
+
+    private void checkStatement(
+        CommitmentTypeIndication cti,
+        ASN1ObjectIdentifier     commitmentTypeId,
+        ASN1Encodable           qualifier)
+    {
+        if (!cti.getCommitmentTypeId().equals(commitmentTypeId))
+        {
+            fail("commitmentTypeIds don't match.");
+        }
+        
+        if (qualifier != null)
+        {
+            if (!cti.getCommitmentTypeQualifier().equals(qualifier))
+            {
+                fail("qualifiers don't match.");
+            }
+        }
+        else if (cti.getCommitmentTypeQualifier() != null)
+        {
+            fail("qualifier found when none expected.");
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new CommitmentTypeIndicationUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/CommitmentTypeQualifierUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/CommitmentTypeQualifierUnitTest.java
new file mode 100644
index 0000000..2d782ba
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/CommitmentTypeQualifierUnitTest.java
@@ -0,0 +1,102 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.esf.CommitmentTypeIdentifier;
+import org.bouncycastle.asn1.esf.CommitmentTypeQualifier;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class CommitmentTypeQualifierUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "CommitmentTypeQualifier";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        CommitmentTypeQualifier ctq = new CommitmentTypeQualifier(CommitmentTypeIdentifier.proofOfOrigin);
+        
+        checkConstruction(ctq, CommitmentTypeIdentifier.proofOfOrigin, null);
+        
+        ASN1Encodable info = new ASN1ObjectIdentifier("1.2");
+        
+        ctq = new CommitmentTypeQualifier(CommitmentTypeIdentifier.proofOfOrigin, info);
+
+        checkConstruction(ctq, CommitmentTypeIdentifier.proofOfOrigin, info);
+        
+        ctq = CommitmentTypeQualifier.getInstance(null);
+        
+        if (ctq != null)
+        {
+            fail("null getInstance() failed.");
+        }
+        
+        try
+        {
+            CommitmentTypeQualifier.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+         CommitmentTypeQualifier mv,
+         ASN1ObjectIdentifier commitmenttTypeId,
+         ASN1Encodable qualifier) 
+         throws IOException
+    {
+        checkStatement(mv, commitmenttTypeId, qualifier);
+        
+        mv = CommitmentTypeQualifier.getInstance(mv);
+        
+        checkStatement(mv, commitmenttTypeId, qualifier);
+        
+        ASN1InputStream aIn = new ASN1InputStream(mv.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+        
+        mv = CommitmentTypeQualifier.getInstance(seq);
+        
+        checkStatement(mv, commitmenttTypeId, qualifier);
+    }
+
+    private void checkStatement(
+        CommitmentTypeQualifier ctq,
+        ASN1ObjectIdentifier     commitmentTypeId,
+        ASN1Encodable           qualifier)
+    {
+        if (!ctq.getCommitmentTypeIdentifier().equals(commitmentTypeId))
+        {
+            fail("commitmentTypeIds don't match.");
+        }
+        
+        if (qualifier != null)
+        {
+            if (!ctq.getQualifier().equals(qualifier))
+            {
+                fail("qualifiers don't match.");
+            }
+        }
+        else if (ctq.getQualifier() != null)
+        {
+            fail("qualifier found when none expected.");
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new CommitmentTypeQualifierUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ContentHintsUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ContentHintsUnitTest.java
new file mode 100644
index 0000000..1ae15e7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ContentHintsUnitTest.java
@@ -0,0 +1,87 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.ess.ContentHints;
+
+public class ContentHintsUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "ContentHints";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        DERUTF8String contentDescription = new DERUTF8String("Description");
+        ASN1ObjectIdentifier contentType = new ASN1ObjectIdentifier("1.2.2.3");
+
+        ContentHints hints = new ContentHints(contentType);
+
+        checkConstruction(hints, contentType, null);
+
+        hints = new ContentHints(contentType, contentDescription);
+
+        checkConstruction(hints, contentType, contentDescription);
+
+        hints = ContentHints.getInstance(null);
+
+        if (hints != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            ContentHints.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        ContentHints hints,
+        ASN1ObjectIdentifier contentType,
+        DERUTF8String description)
+        throws IOException
+    {
+        checkValues(hints, contentType, description);
+
+        hints = ContentHints.getInstance(hints);
+
+        checkValues(hints, contentType, description);
+
+        ASN1InputStream aIn = new ASN1InputStream(hints.toASN1Primitive().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        hints = ContentHints.getInstance(seq);
+
+        checkValues(hints, contentType, description);
+    }
+
+    private void checkValues(
+        ContentHints hints,
+        ASN1ObjectIdentifier contentType,
+        DERUTF8String description)
+    {
+        checkMandatoryField("contentType", contentType, hints.getContentType());
+        checkOptionalField("description", description, hints.getContentDescription());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ContentHintsUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/CscaMasterListTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/CscaMasterListTest.java
new file mode 100644
index 0000000..c870069
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/CscaMasterListTest.java
@@ -0,0 +1,49 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.icao.CscaMasterList;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.io.Streams;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class CscaMasterListTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "CscaMasterList";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        byte[] input = getInput("masterlist-content.data");
+        CscaMasterList parsedList
+            = CscaMasterList.getInstance(ASN1Primitive.fromByteArray(input));
+
+        if (parsedList.getCertStructs().length != 3)
+        {
+            fail("Cert structure parsing failed: incorrect length");
+        }
+
+        byte[] output = parsedList.getEncoded();
+        if (!Arrays.areEqual(input, output))
+        {
+            fail("Encoding failed after parse");
+        }
+    }
+
+    private byte[] getInput(String name)
+        throws IOException
+    {
+        return Streams.readAll(getClass().getResourceAsStream(name));
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new CscaMasterListTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/DERApplicationSpecificTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/DERApplicationSpecificTest.java
new file mode 100644
index 0000000..2e047de
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/DERApplicationSpecificTest.java
@@ -0,0 +1,77 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.BERTags;
+import org.bouncycastle.asn1.DERApplicationSpecific;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class DERApplicationSpecificTest
+    extends SimpleTest
+{
+    private static final byte[] impData = Hex.decode("430109");
+
+    private static final byte[] certData = Hex.decode(
+        "7F218201897F4E8201495F290100420E44454356434145504153533030317F49"
+      + "81FD060A04007F00070202020202811CD7C134AA264366862A18302575D1D787"
+      + "B09F075797DA89F57EC8C0FF821C68A5E62CA9CE6C1C299803A6C1530B514E18"
+      + "2AD8B0042A59CAD29F43831C2580F63CCFE44138870713B1A92369E33E2135D2"
+      + "66DBB372386C400B8439040D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C"
+      + "1E6EFDEE12C07D58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D376"
+      + "1402CD851CD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A793"
+      + "9F863904393EE8E06DB6C7F528F8B4260B49AA93309824D92CDB1807E5437EE2"
+      + "E26E29B73A7111530FA86B350037CB9415E153704394463797139E148701015F"
+      + "200E44454356434145504153533030317F4C0E060904007F0007030102015301"
+      + "C15F25060007000400015F24060009000400015F37384CCF25C59F3612EEE188"
+      + "75F6C5F2E2D21F0395683B532A26E4C189B71EFE659C3F26E0EB9AEAE9986310"
+      + "7F9B0DADA16414FFA204516AEE2B");
+
+    public String getName()
+    {
+        return "DERApplicationSpecific";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        ASN1Integer value = new ASN1Integer(9);
+
+        DERApplicationSpecific tagged = new DERApplicationSpecific(false, 3, value);
+
+        if (!areEqual(impData, tagged.getEncoded()))
+        {
+            fail("implicit encoding failed");
+        }
+
+        ASN1Integer recVal = (ASN1Integer)tagged.getObject(BERTags.INTEGER);
+
+        if (!value.equals(recVal))
+        {
+            fail("implicit read back failed");
+        }
+
+        DERApplicationSpecific certObj = (DERApplicationSpecific)
+        ASN1Primitive.fromByteArray(certData);
+
+        if (!certObj.isConstructed() || certObj.getApplicationTag() != 33)
+        {
+            fail("parsing of certificate data failed");
+        }
+
+        byte[] encoded = certObj.getEncoded(ASN1Encoding.DER);
+    
+        if (!Arrays.areEqual(certData, encoded))
+        {
+            fail("re-encoding of certificate data failed");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new DERApplicationSpecificTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/DERUTF8StringTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/DERUTF8StringTest.java
new file mode 100644
index 0000000..7e38d7d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/DERUTF8StringTest.java
@@ -0,0 +1,101 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class DERUTF8StringTest 
+    implements Test
+{
+
+    /**
+     * Unicode code point U+10400 coded as surrogate in two native Java UTF-16
+     * code units
+     */
+    private final static char[] glyph1_utf16 = { 0xd801, 0xdc00 };
+
+    /**
+     * U+10400 coded in UTF-8
+     */
+    private final static byte[] glyph1_utf8 = { (byte)0xF0, (byte)0x90, (byte)0x90, (byte)0x80 };
+
+    /**
+     * Unicode code point U+6771 in native Java UTF-16
+     */
+    private final static char[] glyph2_utf16 = { 0x6771 };
+
+    /**
+     * U+6771 coded in UTF-8
+     */
+    private final static byte[] glyph2_utf8 = { (byte)0xE6, (byte)0x9D, (byte)0xB1 };
+
+    /**
+     * Unicode code point U+00DF in native Java UTF-16
+     */
+    private final static char[] glyph3_utf16 = { 0x00DF };
+
+    /**
+     * U+00DF coded in UTF-8
+     */
+    private final static byte[] glyph3_utf8 = { (byte)0xC3, (byte)0x9f };
+
+    /**
+     * Unicode code point U+0041 in native Java UTF-16
+     */
+    private final static char[] glyph4_utf16 = { 0x0041 };
+
+    /**
+     * U+0041 coded in UTF-8
+     */
+    private final static byte[] glyph4_utf8 = { 0x41 };
+
+    private final static byte[][] glyphs_utf8 = { glyph1_utf8, glyph2_utf8, glyph3_utf8, glyph4_utf8 };
+
+    private final static char[][] glyphs_utf16 = { glyph1_utf16, glyph2_utf16, glyph3_utf16, glyph4_utf16 };
+
+    public TestResult perform()
+    {
+        try
+        {
+            for (int i = 0; i < glyphs_utf16.length; i++)
+            {
+                String s = new String(glyphs_utf16[i]);
+                byte[] b1 = new DERUTF8String(s).getEncoded();
+                byte temp[] = new byte[b1.length - 2];
+                System.arraycopy(b1, 2, temp, 0, b1.length - 2);
+                byte[] b2 = new DERUTF8String(Strings.fromUTF8ByteArray(new DEROctetString(temp).getOctets())).getEncoded();
+                if (!Arrays.areEqual(b1, b2))
+                {
+                    return new SimpleTestResult(false, getName() + ": failed UTF-8 encoding and decoding");
+                }
+                if (!Arrays.areEqual(temp, glyphs_utf8[i]))
+                {
+                    return new SimpleTestResult(false, getName() + ": failed UTF-8 encoding and decoding");
+                }
+            }
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": failed with Exception " + e.getMessage());
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public String getName()
+    {
+        return "DERUTF8String";
+    }
+
+    public static void main(String[] args)
+    {
+        DERUTF8StringTest test = new DERUTF8StringTest();
+        TestResult result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/DataGroupHashUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/DataGroupHashUnitTest.java
new file mode 100644
index 0000000..85f01e9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/DataGroupHashUnitTest.java
@@ -0,0 +1,106 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+import java.util.Random;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.icao.DataGroupHash;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class DataGroupHashUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "DataGroupHash";
+    }
+
+    private byte[] generateHash()
+    {
+        Random rand = new Random();
+        byte[] bytes = new byte[20];
+        
+        for (int i = 0; i != bytes.length; i++)
+        {
+            bytes[i] = (byte)rand.nextInt();
+        }
+        
+        return bytes;
+    }
+    
+    public void performTest() 
+        throws Exception
+    {
+        int dataGroupNumber = 1;       
+        ASN1OctetString     dataHash = new DEROctetString(generateHash());
+        DataGroupHash       dg = new DataGroupHash(dataGroupNumber, dataHash);
+
+        checkConstruction(dg, dataGroupNumber, dataHash);
+
+        try
+        {
+            DataGroupHash.getInstance(null);
+        }
+        catch (Exception e)
+        {
+            fail("getInstance() failed to handle null.");
+        }
+
+        try
+        {
+            DataGroupHash.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        DataGroupHash dg,
+        int dataGroupNumber,        
+        ASN1OctetString     dataGroupHashValue) 
+        throws IOException
+    {
+        checkValues(dg, dataGroupNumber, dataGroupHashValue);
+
+        dg = DataGroupHash.getInstance(dg);
+
+        checkValues(dg, dataGroupNumber, dataGroupHashValue);
+
+        ASN1InputStream aIn = new ASN1InputStream(dg.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        dg = DataGroupHash.getInstance(seq);
+
+        checkValues(dg, dataGroupNumber, dataGroupHashValue);
+    }
+
+    private void checkValues(
+        DataGroupHash dg,
+        int dataGroupNumber,        
+        ASN1OctetString     dataGroupHashValue)
+    {
+        if (dg.getDataGroupNumber() != dataGroupNumber)
+        {
+            fail("group number don't match.");
+        }
+        
+        if (!dg.getDataGroupHashValue().equals(dataGroupHashValue))
+        {
+            fail("hash value don't match.");
+        }         
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new DataGroupHashUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/DeclarationOfMajorityUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/DeclarationOfMajorityUnitTest.java
new file mode 100644
index 0000000..cd42340
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/DeclarationOfMajorityUnitTest.java
@@ -0,0 +1,90 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.isismtt.x509.DeclarationOfMajority;
+
+public class DeclarationOfMajorityUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "DeclarationOfMajority";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        ASN1GeneralizedTime dateOfBirth = new ASN1GeneralizedTime("20070315173729Z");
+        DeclarationOfMajority decl = new DeclarationOfMajority(dateOfBirth);
+
+        checkConstruction(decl, DeclarationOfMajority.dateOfBirth, dateOfBirth, -1);
+
+        decl = new DeclarationOfMajority(6);
+
+        checkConstruction(decl, DeclarationOfMajority.notYoungerThan, null, 6);
+
+        decl = DeclarationOfMajority.getInstance(null);
+
+        if (decl != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            DeclarationOfMajority.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        DeclarationOfMajority decl,
+        int                   type,
+        ASN1GeneralizedTime   dateOfBirth,
+        int                   notYoungerThan)
+        throws IOException
+    {
+        checkValues(decl, type, dateOfBirth, notYoungerThan);
+
+        decl = DeclarationOfMajority.getInstance(decl);
+
+        checkValues(decl, type, dateOfBirth, notYoungerThan);
+
+        ASN1InputStream aIn = new ASN1InputStream(decl.toASN1Object().getEncoded());
+
+        DERTaggedObject info = (DERTaggedObject)aIn.readObject();
+
+        decl = DeclarationOfMajority.getInstance(info);
+
+        checkValues(decl, type, dateOfBirth, notYoungerThan);
+    }
+
+    private void checkValues(
+        DeclarationOfMajority decl,
+        int                   type,
+        ASN1GeneralizedTime   dateOfBirth,
+        int                   notYoungerThan)
+    {
+        checkMandatoryField("type", type, decl.getType());
+        checkOptionalField("dateOfBirth", dateOfBirth, decl.getDateOfBirth());
+        if (notYoungerThan != -1 && notYoungerThan != decl.notYoungerThan())
+        {
+            fail("notYoungerThan mismatch");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new DeclarationOfMajorityUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ESSCertIDv2UnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ESSCertIDv2UnitTest.java
new file mode 100644
index 0000000..e8978ca
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ESSCertIDv2UnitTest.java
@@ -0,0 +1,33 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ess.ESSCertIDv2;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+
+public class ESSCertIDv2UnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "ESSCertIDv2";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        // check getInstance on default algorithm.
+        byte[] digest = new byte [256];
+        ESSCertIDv2 essCertIdv2 = new ESSCertIDv2(new AlgorithmIdentifier(
+            NISTObjectIdentifiers.id_sha256), digest);
+        ASN1Primitive asn1Object = essCertIdv2.toASN1Primitive();
+
+        ESSCertIDv2.getInstance(asn1Object);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ESSCertIDv2UnitTest());
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/EncryptedPrivateKeyInfoTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/EncryptedPrivateKeyInfoTest.java
new file mode 100644
index 0000000..f4732cf
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/EncryptedPrivateKeyInfoTest.java
@@ -0,0 +1,135 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test the reading and writing of EncryptedPrivateKeyInfo objects using
+ * the test vectors provided at
+ * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
+ * RSA's PKCS5 Page</a>.
+ * <br>
+ * The vectors are Base 64 encoded and encrypted using the password "password"
+ * (without quotes). They should all yield the same PrivateKeyInfo object.
+ */
+public class EncryptedPrivateKeyInfoTest
+    extends SimpleTest
+{
+    static byte[] sample1 = Base64.decode(
+        "MIIBozA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIfWBDXwLp4K4CAggA"
+      + "MBEGBSsOAwIHBAiaCF/AvOgQ6QSCAWDWX4BdAzCRNSQSANSuNsT5X8mWYO27mr3Y"
+      + "9c9LoBVXGNmYWKA77MI4967f7SmjNcgXj3xNE/jmnVz6hhsjS8E5VPT3kfyVkpdZ"
+      + "0lr5e9Yk2m3JWpPU7++v5zBkZmC4V/MwV/XuIs6U+vykgzMgpxQg0oZKS9zgmiZo"
+      + "f/4dOCL0UtCDnyOSvqT7mCVIcMDIEKu8QbVlgZYBop08l60EuEU3gARUo8WsYQmO"
+      + "Dz/ldx0Z+znIT0SXVuOwc+RVItC5T/Qx+aijmmpt+9l14nmaGBrEkmuhmtdvU/4v"
+      + "aptewGRgmjOfD6cqK+zs0O5NrrJ3P/6ZSxXj91CQgrThGfOv72bUncXEMNtc8pks"
+      + "2jpHFjGMdKufnadAD7XuMgzkkaklEXZ4f5tU6heIIwr51g0GBEGF96gYPFnjnSQM"
+      + "75JE02Clo+DfcfXpcybPTwwFg2jd6JTTOfkdf6OdSlA/1XNK43FA");
+
+    static byte[] sample2 = Base64.decode(
+        "MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIeFeOWl1jywYCAggA"
+      + "MBQGCCqGSIb3DQMHBAjUJ5eGBhQGtQSCAWBrHrRgqO8UUMLcWzZEtpk1l3mjxiF/"
+      + "koCMkHsFwowgyWhEbgIkTgbSViK54LVK8PskekcGNLph+rB6bGZ7pPbL5pbXASJ8"
+      + "+MkQcG3FZdlS4Ek9tTJDApj3O1UubZGFG4uvTlJJFbF1BOJ3MkY3XQ9Gl1qwv7j5"
+      + "6e103Da7Cq9+oIDKmznza78XXQYrUsPo8mJGjUxPskEYlzwvHjKubRnYm/K6RKhi"
+      + "5f4zX4BQ/Dt3H812ZjRXrsjAJP0KrD/jyD/jCT7zNBVPH1izBds+RwizyQAHwfNJ"
+      + "BFR78TH4cgzB619X47FDVOnT0LqQNVd0O3cSwnPrXE9XR3tPayE+iOB15llFSmi8"
+      + "z0ByOXldEpkezCn92Umk++suzIVj1qfsK+bv2phZWJPbLEIWPDRHUbYf76q5ArAr"
+      + "u4xtxT/hoK3krEs/IN3d70qjlUJ36SEw1UaZ82PWhakQbdtu39ZraMJB");
+
+    static byte[] sample3 = Base64.decode(
+        "MIIBrjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIrHyQPBZqWLUCAggA"
+      + "AgEQMBkGCCqGSIb3DQMCMA0CAToECEhbh7YZKiPSBIIBYCT1zp6o5jpFlIkgwPop"
+      + "7bW1+8ACr4exqzkeb3WflQ8cWJ4cURxzVdvxUnXeW1VJdaQZtjS/QHs5GhPTG/0f"
+      + "wtvnaPfwrIJ3FeGaZfcg2CrYhalOFmEb4xrE4KyoEQmUN8tb/Cg94uzd16BOPw21"
+      + "RDnE8bnPdIGY7TyL95kbkqH23mK53pi7h+xWIgduW+atIqDyyt55f7WMZcvDvlj6"
+      + "VpN/V0h+qxBHL274WA4dj6GYgeyUFpi60HdGCK7By2TBy8h1ZvKGjmB9h8jZvkx1"
+      + "MkbRumXxyFsowTZawyYvO8Um6lbfEDP9zIEUq0IV8RqH2MRyblsPNSikyYhxX/cz"
+      + "tdDxRKhilySbSBg5Kr8OfcwKp9bpinN96nmG4xr3Tch1bnVvqJzOQ5+Vva2WwVvH"
+      + "2JkWvYm5WaANg4Q6bRxu9vz7DuhbJjQdZbxFezIAgrJdSe92B00jO/0Kny1WjiVO"
+      + "6DA=");
+
+    public String getName()
+    {
+        return "EncryptedPrivateKeyInfoTest";
+    }
+
+    private void test(
+        int     id,
+        byte[]  sample)
+    {
+        ByteArrayInputStream    bIn = new ByteArrayInputStream(sample);
+        ASN1InputStream         aIn = new ASN1InputStream(bIn);
+        EncryptedPrivateKeyInfo info = null;
+
+        try
+        {
+            info = EncryptedPrivateKeyInfo.getInstance(aIn.readObject());
+        }
+        catch (Exception e)
+        {
+            fail("test " + id + " failed construction - exception " + e.toString(), e);
+        }
+
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(info);
+        }
+        catch (Exception e)
+        {
+            fail("test " + id + " failed writing - exception " + e.toString(), e);
+        }
+
+        byte[]  bytes = bOut.toByteArray();
+
+        if (bytes.length != sample.length)
+        {
+            try
+            {
+                bIn = new ByteArrayInputStream(bytes);
+                aIn = new ASN1InputStream(bIn);
+
+                ASN1Primitive obj = aIn.readObject();
+    
+                fail("test " + id + " length mismatch - expected " + sample.length + System.getProperty("line.separator") + ASN1Dump.dumpAsString(info) + " got " + bytes.length + System.getProperty("line.separator") + ASN1Dump.dumpAsString(obj));
+            }
+            catch (Exception e)
+            {
+                fail("test " + id + " length mismatch - exception " + e.toString());
+            }
+        }
+
+        for (int i = 0; i != bytes.length; i++)
+        {
+            if (bytes[i] != sample[i])
+            {
+                fail("test " + id + " data mismatch");
+            }
+        }
+    }
+
+    public void performTest()
+    {
+        test(0, sample1);
+        test(1, sample2);
+        test(2, sample3);
+    }
+
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new EncryptedPrivateKeyInfoTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/EnumeratedTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/EnumeratedTest.java
new file mode 100644
index 0000000..c1c3b3b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/EnumeratedTest.java
@@ -0,0 +1,115 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import junit.framework.TestCase;
+
+import org.bouncycastle.asn1.ASN1Boolean;
+import org.bouncycastle.asn1.ASN1Enumerated;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.util.encoders.Hex;
+
+/**
+ * Tests used to verify correct decoding of the ENUMERATED type.
+ */
+public class EnumeratedTest
+    extends TestCase
+{
+    /**
+     * Test vector used to test decoding of multiple items. This sample uses an ENUMERATED and a BOOLEAN.
+     */
+    private static final byte[] MultipleSingleByteItems = Hex.decode("30060a01010101ff");
+
+    /**
+     * Test vector used to test decoding of multiple items. This sample uses two ENUMERATEDs.
+     */
+    private static final byte[] MultipleDoubleByteItems = Hex.decode("30080a0201010a020202");
+
+    /**
+     * Test vector used to test decoding of multiple items. This sample uses an ENUMERATED and an OBJECT IDENTIFIER.
+     */
+    private static final byte[] MultipleTripleByteItems = Hex.decode("300a0a0301010106032b0601");
+
+    /**
+     * Makes sure multiple identically sized values are parsed correctly.
+     */
+    public void testReadingMultipleSingleByteItems()
+        throws IOException
+    {
+        ASN1Primitive obj = ASN1Primitive.fromByteArray(MultipleSingleByteItems);
+
+        assertTrue("Null ASN.1 SEQUENCE", obj instanceof ASN1Sequence);
+
+        ASN1Sequence sequence = (ASN1Sequence)obj;
+
+        assertEquals("2 items expected", 2, sequence.size());
+
+        ASN1Enumerated enumerated = ASN1Enumerated.getInstance(sequence.getObjectAt(0));
+
+        assertNotNull("ENUMERATED expected", enumerated);
+
+        assertEquals("Unexpected ENUMERATED value", 1, enumerated.getValue().intValue());
+
+        ASN1Boolean b = ASN1Boolean.getInstance(sequence.getObjectAt(1));
+
+        assertNotNull("BOOLEAN expected", b);
+
+        assertTrue("Unexpected BOOLEAN value", b.isTrue());
+    }
+
+    /**
+     * Makes sure multiple identically sized values are parsed correctly.
+     */
+    public void testReadingMultipleDoubleByteItems()
+        throws IOException
+    {
+        ASN1Primitive obj = ASN1Primitive.fromByteArray(MultipleDoubleByteItems);
+
+        assertTrue("Null ASN.1 SEQUENCE", obj instanceof ASN1Sequence);
+
+        ASN1Sequence sequence = (ASN1Sequence)obj;
+
+        assertEquals("2 items expected", 2, sequence.size());
+
+        ASN1Enumerated enumerated1 = ASN1Enumerated.getInstance(sequence.getObjectAt(0));
+
+        assertNotNull("ENUMERATED expected", enumerated1);
+
+        assertEquals("Unexpected ENUMERATED value", 257, enumerated1.getValue().intValue());
+
+        ASN1Enumerated enumerated2 = ASN1Enumerated.getInstance(sequence.getObjectAt(1));
+
+        assertNotNull("ENUMERATED expected", enumerated2);
+
+        assertEquals("Unexpected ENUMERATED value", 514, enumerated2.getValue().intValue());
+    }
+
+    /**
+     * Makes sure multiple identically sized values are parsed correctly.
+     */
+    public void testReadingMultipleTripleByteItems()
+        throws IOException
+    {
+        ASN1Primitive obj = ASN1Primitive.fromByteArray(MultipleTripleByteItems);
+
+        assertTrue("Null ASN.1 SEQUENCE", obj instanceof ASN1Sequence);
+
+        ASN1Sequence sequence = (ASN1Sequence)obj;
+
+        assertEquals("2 items expected", 2, sequence.size());
+
+        ASN1Enumerated enumerated = ASN1Enumerated.getInstance(sequence.getObjectAt(0));
+
+        assertNotNull("ENUMERATED expected", enumerated);
+
+        assertEquals("Unexpected ENUMERATED value", 65793, enumerated.getValue().intValue());
+
+        ASN1ObjectIdentifier objectId = ASN1ObjectIdentifier.getInstance(sequence.getObjectAt(1));
+
+        assertNotNull("OBJECT IDENTIFIER expected", objectId);
+
+        assertEquals("Unexpected OBJECT IDENTIFIER value", "1.3.6.1", objectId.getId());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/EqualsAndHashCodeTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/EqualsAndHashCodeTest.java
new file mode 100644
index 0000000..3da4e6a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/EqualsAndHashCodeTest.java
@@ -0,0 +1,127 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.util.Date;
+
+import org.bouncycastle.asn1.ASN1Boolean;
+import org.bouncycastle.asn1.ASN1Enumerated;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.BERConstructedOctetString;
+import org.bouncycastle.asn1.BERSequence;
+import org.bouncycastle.asn1.BERSet;
+import org.bouncycastle.asn1.BERTaggedObject;
+import org.bouncycastle.asn1.DERApplicationSpecific;
+import org.bouncycastle.asn1.DERBMPString;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERGeneralString;
+import org.bouncycastle.asn1.DERGeneralizedTime;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERNumericString;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERSet;
+import org.bouncycastle.asn1.DERT61String;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.DERUTCTime;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.DERUniversalString;
+import org.bouncycastle.asn1.DERVisibleString;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class EqualsAndHashCodeTest
+    implements Test
+{
+    public TestResult perform()
+    {
+        byte[]    data = { 0, 1, 0, 1, 0, 0, 1 };
+        
+        ASN1Primitive    values[] = {
+                new BERConstructedOctetString(data),
+                new BERSequence(new DERPrintableString("hello world")),
+                new BERSet(new DERPrintableString("hello world")),
+                new BERTaggedObject(0, new DERPrintableString("hello world")),
+                new DERApplicationSpecific(0, data),
+                new DERBitString(data),
+                new DERBMPString("hello world"),
+                new ASN1Boolean(true),
+                new ASN1Boolean(false),
+                new ASN1Enumerated(100),
+                new DERGeneralizedTime("20070315173729Z"),
+                new DERGeneralString("hello world"),
+                new DERIA5String("hello"),
+                new ASN1Integer(1000),
+                new DERNull(),
+                new DERNumericString("123456"),
+                new ASN1ObjectIdentifier("1.1.1.10000.1"),
+                new DEROctetString(data),
+                new DERPrintableString("hello world"),
+                new DERSequence(new DERPrintableString("hello world")),
+                new DERSet(new DERPrintableString("hello world")),
+                new DERT61String("hello world"),
+                new DERTaggedObject(0, new DERPrintableString("hello world")),
+                new DERUniversalString(data),
+                new DERUTCTime(new Date()),
+                new DERUTF8String("hello world"),
+                new DERVisibleString("hello world")
+            };
+        
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+            
+            for (int i = 0; i != values.length; i++)
+            {
+                aOut.writeObject(values[i]);
+            }
+            
+            ASN1Primitive[] readValues = new ASN1Primitive[values.length];
+            
+            ByteArrayInputStream    bIn = new ByteArrayInputStream(bOut.toByteArray());
+            ASN1InputStream         aIn = new ASN1InputStream(bIn);
+            
+            for (int i = 0; i != values.length; i++)
+            {
+                ASN1Primitive o = aIn.readObject();
+                if (!o.equals(values[i]))
+                {
+                    return new SimpleTestResult(false, getName() + ": Failed equality test for " + o.getClass());
+                }
+                
+                if (o.hashCode() != values[i].hashCode())
+                {
+                    return new SimpleTestResult(false, getName() + ": Failed hashCode test for " + o.getClass());
+                }
+            }
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": Failed - exception " + e.toString(), e);
+        }
+        
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public String getName()
+    {
+        return "EqualsAndHashCode";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        EqualsAndHashCodeTest    test = new EqualsAndHashCodeTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/GeneralNameTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/GeneralNameTest.java
new file mode 100644
index 0000000..f88a83c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/GeneralNameTest.java
@@ -0,0 +1,143 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class GeneralNameTest
+    extends SimpleTest
+{
+    private static final byte[] ipv4 = Hex.decode("87040a090800");
+    private static final byte[] ipv4WithMask1 = Hex.decode("87080a090800ffffff00");
+    private static final byte[] ipv4WithMask2 = Hex.decode("87080a090800ffff8000");
+    private static final byte[] ipv4WithMask3 = Hex.decode("87080a090800ffffc000");
+
+    private static final byte[] ipv6a = Hex.decode("871020010db885a308d313198a2e03707334");
+    private static final byte[] ipv6b = Hex.decode("871020010db885a3000013198a2e03707334");
+    private static final byte[] ipv6c = Hex.decode("871000000000000000000000000000000001");
+    private static final byte[] ipv6d = Hex.decode("871020010db885a3000000008a2e03707334");
+    private static final byte[] ipv6e = Hex.decode("871020010db885a3000000008a2e0a090800");
+    private static final byte[] ipv6f = Hex.decode("872020010db885a3000000008a2e0a090800ffffffffffff00000000000000000000");
+    private static final byte[] ipv6g = Hex.decode("872020010db885a3000000008a2e0a090800ffffffffffffffffffffffffffffffff");
+    private static final byte[] ipv6h = Hex.decode("872020010db885a300000000000000000000ffffffffffff00000000000000000000");
+    private static final byte[] ipv6i = Hex.decode("872020010db885a300000000000000000000fffffffffffe00000000000000000000");
+    private static final byte[] ipv6j = Hex.decode("872020010db885a300000000000000000000ffffffffffff80000000000000000000");
+
+    public String getName()
+    {
+        return "GeneralName";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        GeneralName nm = new GeneralName(GeneralName.iPAddress, "10.9.8.0");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv4))
+        {
+            fail("ipv4 encoding failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "10.9.8.0/255.255.255.0");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv4WithMask1))
+        {
+            fail("ipv4 with netmask 1 encoding failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "10.9.8.0/24");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv4WithMask1))
+        {
+            fail("ipv4 with netmask 2 encoding failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "10.9.8.0/255.255.128.0");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv4WithMask2))
+        {
+            fail("ipv4 with netmask 3a encoding failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "10.9.8.0/17");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv4WithMask2))
+        {
+            fail("ipv4 with netmask 3b encoding failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "10.9.8.0/255.255.192.0");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv4WithMask3))
+        {
+            fail("ipv4 with netmask 3a encoding failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "10.9.8.0/18");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv4WithMask3))
+        {
+            fail("ipv4 with netmask 3b encoding failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "2001:0db8:85a3:08d3:1319:8a2e:0370:7334");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6a))
+        {
+            fail("ipv6 with netmask encoding failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "2001:0db8:85a3::1319:8a2e:0370:7334");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6b))
+        {
+            fail("ipv6b encoding failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "::1");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6c))
+        {
+            fail("ipv6c failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "2001:0db8:85a3::8a2e:0370:7334");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6d))
+        {
+            fail("ipv6d failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "2001:0db8:85a3::8a2e:10.9.8.0");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6e))
+        {
+            fail("ipv6e failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "2001:0db8:85a3::8a2e:10.9.8.0/ffff:ffff:ffff::0000");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6f))
+        {
+            fail("ipv6f failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "2001:0db8:85a3::8a2e:10.9.8.0/128");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6g))
+        {
+            fail("ipv6g failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "2001:0db8:85a3::/48");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6h))
+        {
+            fail("ipv6h failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "2001:0db8:85a3::/47");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6i))
+        {
+            fail("ipv6i failed");
+        }
+
+        nm = new GeneralName(GeneralName.iPAddress, "2001:0db8:85a3::/49");
+        if (!Arrays.areEqual(nm.getEncoded(), ipv6j))
+        {
+            fail("ipv6j failed");
+        }
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new GeneralNameTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/GeneralizedTimeTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/GeneralizedTimeTest.java
new file mode 100644
index 0000000..3a86370
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/GeneralizedTimeTest.java
@@ -0,0 +1,201 @@
+package org.bouncycastle.asn1.test;
+
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.SimpleTimeZone;
+import java.util.TimeZone;
+
+import org.bouncycastle.asn1.DERGeneralizedTime;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * X.690 test example
+ */
+public class GeneralizedTimeTest
+    extends SimpleTest
+{
+    String[] input =
+        {
+            "20020122122220",
+            "20020122122220Z",
+            "20020122122220-1000",
+            "20020122122220+00",
+            "20020122122220.1",
+            "20020122122220.1Z",
+            "20020122122220.1-1000",
+            "20020122122220.1+00",
+            "20020122122220.01",
+            "20020122122220.01Z",
+            "20020122122220.01-1000",
+            "20020122122220.01+00",
+            "20020122122220.001",
+            "20020122122220.001Z",
+            "20020122122220.001-1000",
+            "20020122122220.001+00",
+            "20020122122220.0001",
+            "20020122122220.0001Z",
+            "20020122122220.0001-1000",
+            "20020122122220.0001+00",
+            "20020122122220.0001+1000"
+        };
+
+    String[] output = {
+            "20020122122220",
+            "20020122122220GMT+00:00",
+            "20020122122220GMT-10:00",
+            "20020122122220GMT+00:00",
+            "20020122122220.1",
+            "20020122122220.1GMT+00:00",
+            "20020122122220.1GMT-10:00",
+            "20020122122220.1GMT+00:00",
+            "20020122122220.01",
+            "20020122122220.01GMT+00:00",
+            "20020122122220.01GMT-10:00",
+            "20020122122220.01GMT+00:00",
+            "20020122122220.001",
+            "20020122122220.001GMT+00:00",
+            "20020122122220.001GMT-10:00",
+            "20020122122220.001GMT+00:00",
+            "20020122122220.0001",
+            "20020122122220.0001GMT+00:00",
+            "20020122122220.0001GMT-10:00",
+            "20020122122220.0001GMT+00:00",
+            "20020122122220.0001GMT+10:00" };
+
+    String[] zOutput = {
+            "20020122122220Z",
+            "20020122122220Z",
+            "20020122222220Z",
+            "20020122122220Z",
+            "20020122122220Z",
+            "20020122122220Z",
+            "20020122222220Z",
+            "20020122122220Z",
+            "20020122122220Z",
+            "20020122122220Z",
+            "20020122222220Z",
+            "20020122122220Z",
+            "20020122122220Z",
+            "20020122122220Z",
+            "20020122222220Z",
+            "20020122122220Z",
+            "20020122122220Z",
+            "20020122122220Z",
+            "20020122222220Z",
+            "20020122122220Z",
+            "20020122022220Z"
+    };
+
+    String[] mzOutput = {
+        "20020122122220.000Z",
+        "20020122122220.000Z",
+        "20020122222220.000Z",
+        "20020122122220.000Z",
+        "20020122122220.100Z",
+        "20020122122220.100Z",
+        "20020122222220.100Z",
+        "20020122122220.100Z",
+        "20020122122220.010Z",
+        "20020122122220.010Z",
+        "20020122222220.010Z",
+        "20020122122220.010Z",
+        "20020122122220.001Z",
+        "20020122122220.001Z",
+        "20020122222220.001Z",
+        "20020122122220.001Z",
+        "20020122122220.000Z",
+        "20020122122220.000Z",
+        "20020122222220.000Z",
+        "20020122122220.000Z",
+        "20020122022220.000Z"
+    };
+
+    public String getName()
+    {
+        return "GeneralizedTime";
+    }
+    
+    public void performTest()
+        throws Exception
+    {
+        SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+
+        dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
+
+        for (int i = 0; i != input.length; i++)
+        {
+            DERGeneralizedTime    t = new DERGeneralizedTime(input[i]);
+
+            if (output[i].indexOf('G') > 0)   // don't check local time the same way
+            {
+                if (!t.getTime().equals(output[i]))
+                {
+                    fail("failed conversion test");
+                }
+                if (!dateF.format(t.getDate()).equals(zOutput[i]))
+                {
+                    fail("failed date conversion test");
+                }
+            }
+            else
+            {
+                String offset = calculateGMTOffset(t.getDate());
+                if (!t.getTime().equals(output[i] + offset))
+                {
+                    fail("failed conversion test");
+                }
+            }
+        }
+
+        dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
+
+        dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
+
+        for (int i = 0; i != input.length; i++)
+        {
+            DERGeneralizedTime    t = new DERGeneralizedTime(input[i]);
+
+            if (!dateF.format(t.getDate()).equals(mzOutput[i]))
+            {
+                fail("failed long date conversion test");
+            }
+        }
+    }
+
+    private String calculateGMTOffset(Date date)
+    {
+        String sign = "+";
+        TimeZone timeZone = TimeZone.getDefault();
+        int offset = timeZone.getRawOffset();
+        if (offset < 0)
+        {
+            sign = "-";
+            offset = -offset;
+        }
+        int hours = offset / (60 * 60 * 1000);
+        int minutes = (offset - (hours * 60 * 60 * 1000)) / (60 * 1000);
+
+        if (timeZone.useDaylightTime() && timeZone.inDaylightTime(date))
+        {
+            hours += sign.equals("+") ? 1 : -1;
+        }
+
+        return "GMT" + sign + convert(hours) + ":" + convert(minutes);
+    }
+
+    private String convert(int time)
+    {
+        if (time < 10)
+        {
+            return "0" + time;
+        }
+
+        return Integer.toString(time);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new GeneralizedTimeTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/GenerationTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/GenerationTest.java
new file mode 100644
index 0000000..aa5444f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/GenerationTest.java
@@ -0,0 +1,441 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.text.ParseException;
+import java.util.Date;
+import java.util.Hashtable;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.oiw.ElGamalParameter;
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
+import org.bouncycastle.asn1.x509.CRLReason;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.Extensions;
+import org.bouncycastle.asn1.x509.ExtensionsGenerator;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
+import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.TBSCertList;
+import org.bouncycastle.asn1.x509.TBSCertificate;
+import org.bouncycastle.asn1.x509.Time;
+import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
+import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
+import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class GenerationTest
+    extends SimpleTest
+{
+    private byte[] v1Cert = Base64.decode(
+          "MIGtAgEBMA0GCSqGSIb3DQEBBAUAMCUxCzAJBgNVBAMMAkFVMRYwFAYDVQQKDA1Cb"
+        + "3VuY3kgQ2FzdGxlMB4XDTcwMDEwMTAwMDAwMVoXDTcwMDEwMTAwMDAxMlowNjELMA"
+        + "kGA1UEAwwCQVUxFjAUBgNVBAoMDUJvdW5jeSBDYXN0bGUxDzANBgNVBAsMBlRlc3Q"
+        + "gMTAaMA0GCSqGSIb3DQEBAQUAAwkAMAYCAQECAQI=");
+
+    private byte[] v3Cert = Base64.decode(
+          "MIIBSKADAgECAgECMA0GCSqGSIb3DQEBBAUAMCUxCzAJBgNVBAMMAkFVMRYwFAYD"
+        + "VQQKDA1Cb3VuY3kgQ2FzdGxlMB4XDTcwMDEwMTAwMDAwMVoXDTcwMDEwMTAwMDAw"
+        + "MlowNjELMAkGA1UEAwwCQVUxFjAUBgNVBAoMDUJvdW5jeSBDYXN0bGUxDzANBgNV"
+        + "BAsMBlRlc3QgMjAYMBAGBisOBwIBATAGAgEBAgECAwQAAgEDo4GVMIGSMGEGA1Ud"
+        + "IwEB/wRXMFWAFDZPdpHPzKi7o8EJokkQU2uqCHRRoTqkODA2MQswCQYDVQQDDAJB"
+        + "VTEWMBQGA1UECgwNQm91bmN5IENhc3RsZTEPMA0GA1UECwwGVGVzdCAyggECMCAG"
+        + "A1UdDgEB/wQWBBQ2T3aRz8you6PBCaJJEFNrqgh0UTALBgNVHQ8EBAMCBBA=");
+
+    private byte[] v3CertNullSubject = Base64.decode(
+          "MIHGoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwJTELMAkGA1UEAwwCQVUxFjAUBgNVB"
+        + "AoMDUJvdW5jeSBDYXN0bGUwHhcNNzAwMTAxMDAwMDAxWhcNNzAwMTAxMDAwMDAyWj"
+        + "AAMBgwEAYGKw4HAgEBMAYCAQECAQIDBAACAQOjSjBIMEYGA1UdEQEB/wQ8MDqkODA"
+        + "2MQswCQYDVQQDDAJBVTEWMBQGA1UECgwNQm91bmN5IENhc3RsZTEPMA0GA1UECwwG"
+        + "VGVzdCAy");
+
+    private byte[] v2CertList = Base64.decode(
+          "MIIBQwIBATANBgkqhkiG9w0BAQUFADAlMQswCQYDVQQDDAJBVTEWMBQGA1UECgwN" +
+          "Qm91bmN5IENhc3RsZRcNNzAwMTAxMDAwMDAwWhcNNzAwMTAxMDAwMDAyWjAiMCAC" +
+          "AQEXDTcwMDEwMTAwMDAwMVowDDAKBgNVHRUEAwoBCqCBxTCBwjBhBgNVHSMBAf8E" +
+          "VzBVgBQ2T3aRz8you6PBCaJJEFNrqgh0UaE6pDgwNjELMAkGA1UEAwwCQVUxFjAU" +
+          "BgNVBAoMDUJvdW5jeSBDYXN0bGUxDzANBgNVBAsMBlRlc3QgMoIBAjBDBgNVHRIE" +
+          "PDA6pDgwNjELMAkGA1UEAwwCQVUxFjAUBgNVBAoMDUJvdW5jeSBDYXN0bGUxDzAN" +
+          "BgNVBAsMBlRlc3QgMzAKBgNVHRQEAwIBATAMBgNVHRwBAf8EAjAA");
+    
+    private void tbsV1CertGen()
+        throws IOException
+    {
+        V1TBSCertificateGenerator   gen = new V1TBSCertificateGenerator();
+        Date                        startDate = new Date(1000);
+        Date                        endDate = new Date(12000);
+
+        gen.setSerialNumber(new ASN1Integer(1));
+
+        gen.setStartDate(new Time(startDate));
+        gen.setEndDate(new Time(endDate));
+
+        gen.setIssuer(new X500Name("CN=AU,O=Bouncy Castle"));
+        gen.setSubject(new X500Name("CN=AU,O=Bouncy Castle,OU=Test 1"));
+
+        gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, DERNull.INSTANCE));
+
+        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE),
+                                                     new RSAPublicKeyStructure(BigInteger.valueOf(1), BigInteger.valueOf(2)));
+
+        gen.setSubjectPublicKeyInfo(info);
+
+        TBSCertificate              tbs = gen.generateTBSCertificate();
+        ByteArrayOutputStream       bOut = new ByteArrayOutputStream();
+        ASN1OutputStream            aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(tbs);
+
+        if (!Arrays.areEqual(bOut.toByteArray(), v1Cert))
+        {
+            fail("failed v1 cert generation");
+        }
+
+        //
+        // read back test
+        //
+        ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v1Cert));
+        ASN1Primitive       o = aIn.readObject();
+
+        bOut = new ByteArrayOutputStream();
+        aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(o);
+
+        if (!Arrays.areEqual(bOut.toByteArray(), v1Cert))
+        {
+            fail("failed v1 cert read back test");
+        }
+    }
+    
+    private AuthorityKeyIdentifier createAuthorityKeyId(
+        SubjectPublicKeyInfo    info,
+        X500Name                name,
+        int                     sNumber)
+    {
+        GeneralName             genName = new GeneralName(name);
+        ASN1EncodableVector     v = new ASN1EncodableVector();
+
+        v.add(genName);
+
+        return new AuthorityKeyIdentifier(
+            info, GeneralNames.getInstance(new DERSequence(v)), BigInteger.valueOf(sNumber));
+    }
+    
+    private void tbsV3CertGen()
+        throws IOException
+    {
+        V3TBSCertificateGenerator   gen = new V3TBSCertificateGenerator();
+        Date                        startDate = new Date(1000);
+        Date                        endDate = new Date(2000);
+
+        gen.setSerialNumber(new ASN1Integer(2));
+
+        gen.setStartDate(new Time(startDate));
+        gen.setEndDate(new Time(endDate));
+
+        gen.setIssuer(new X500Name("CN=AU,O=Bouncy Castle"));
+        gen.setSubject(new X500Name("CN=AU,O=Bouncy Castle,OU=Test 2"));
+
+        gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, DERNull.INSTANCE));
+
+        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1), BigInteger.valueOf(2))), new ASN1Integer(3));
+
+        gen.setSubjectPublicKeyInfo(info);
+
+        //
+        // add extensions
+        //
+        Vector          order = new Vector();
+        Hashtable       extensions = new Hashtable();
+
+        order.addElement(X509Extension.authorityKeyIdentifier);
+        order.addElement(X509Extension.subjectKeyIdentifier);
+        order.addElement(X509Extension.keyUsage);
+
+        extensions.put(X509Extension.authorityKeyIdentifier, new X509Extension(true, new DEROctetString(createAuthorityKeyId(info, new X500Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
+        extensions.put(X509Extension.subjectKeyIdentifier, new X509Extension(true, new DEROctetString(new SubjectKeyIdentifier(getDigest(info)))));
+        extensions.put(X509Extension.keyUsage, new X509Extension(false, new DEROctetString(new KeyUsage(KeyUsage.dataEncipherment))));
+
+        X509Extensions  ex = new X509Extensions(order, extensions);
+
+        gen.setExtensions(ex);
+
+        TBSCertificate              tbs = gen.generateTBSCertificate();
+        ByteArrayOutputStream       bOut = new ByteArrayOutputStream();
+        ASN1OutputStream            aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(tbs);
+
+        if (!Arrays.areEqual(bOut.toByteArray(), v3Cert))
+        {
+            fail("failed v3 cert generation");
+        }
+
+        //
+        // read back test
+        //
+        ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v3Cert));
+        ASN1Primitive       o = aIn.readObject();
+
+        bOut = new ByteArrayOutputStream();
+        aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(o);
+
+        if (!Arrays.areEqual(bOut.toByteArray(), v3Cert))
+        {
+            fail("failed v3 cert read back test");
+        }
+    }
+
+    private void tbsV3CertGenWithNullSubject()
+        throws IOException
+    {
+        V3TBSCertificateGenerator   gen = new V3TBSCertificateGenerator();
+        Date                        startDate = new Date(1000);
+        Date                        endDate = new Date(2000);
+
+        gen.setSerialNumber(new ASN1Integer(2));
+
+        gen.setStartDate(new Time(startDate));
+        gen.setEndDate(new Time(endDate));
+
+        gen.setIssuer(new X500Name("CN=AU,O=Bouncy Castle"));
+
+        gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, DERNull.INSTANCE));
+
+        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1), BigInteger.valueOf(2))), new ASN1Integer(3));
+
+        gen.setSubjectPublicKeyInfo(info);
+
+        try
+        {
+            gen.generateTBSCertificate();
+            fail("null subject not caught!");
+        }
+        catch (IllegalStateException e)
+        {
+            if (!e.getMessage().equals("not all mandatory fields set in V3 TBScertificate generator"))
+            {
+                fail("unexpected exception", e);
+            }
+        }
+
+        //
+        // add extensions
+        //
+        Vector          order = new Vector();
+        Hashtable       extensions = new Hashtable();
+
+        order.addElement(X509Extension.subjectAlternativeName);
+
+        extensions.put(X509Extension.subjectAlternativeName, new X509Extension(true, new DEROctetString(new GeneralNames(new GeneralName(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"))))));
+
+        X509Extensions  ex = new X509Extensions(order, extensions);
+
+        gen.setExtensions(ex);
+
+        TBSCertificate              tbs = gen.generateTBSCertificate();
+        ByteArrayOutputStream       bOut = new ByteArrayOutputStream();
+        ASN1OutputStream            aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(tbs);
+
+        if (!Arrays.areEqual(bOut.toByteArray(), v3CertNullSubject))
+        {
+            fail("failed v3 null sub cert generation");
+        }
+
+        //
+        // read back test
+        //
+        ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v3CertNullSubject));
+        ASN1Primitive       o = aIn.readObject();
+
+        bOut = new ByteArrayOutputStream();
+        aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(o);
+
+        if (!Arrays.areEqual(bOut.toByteArray(), v3CertNullSubject))
+        {
+            fail("failed v3 null sub cert read back test");
+        }
+    }
+
+    private void tbsV2CertListGen()
+        throws IOException
+    {
+        V2TBSCertListGenerator  gen = new V2TBSCertListGenerator();
+
+        gen.setIssuer(new X500Name("CN=AU,O=Bouncy Castle"));
+
+        gen.addCRLEntry(new ASN1Integer(1), new Time(new Date(1000)), CRLReason.aACompromise);
+
+        gen.setNextUpdate(new Time(new Date(2000)));
+
+        gen.setThisUpdate(new Time(new Date(500)));
+
+        gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE));
+
+        //
+        // extensions
+        //
+        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1), BigInteger.valueOf(2))), new ASN1Integer(3));
+
+        ExtensionsGenerator     extGen = new ExtensionsGenerator();
+
+        extGen.addExtension(Extension.authorityKeyIdentifier, true, createAuthorityKeyId(info, new X500Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2));
+        extGen.addExtension(Extension.issuerAlternativeName, false, new GeneralNames(new GeneralName(new X500Name("CN=AU,O=Bouncy Castle,OU=Test 3"))));
+        extGen.addExtension(Extension.cRLNumber, false, new ASN1Integer(1));
+        extGen.addExtension(Extension.issuingDistributionPoint, true, IssuingDistributionPoint.getInstance(new DERSequence()));
+
+        Extensions          ex = extGen.generate();
+
+        gen.setExtensions(ex);
+
+        TBSCertList                 tbs = gen.generateTBSCertList();
+        ByteArrayOutputStream       bOut = new ByteArrayOutputStream();
+        ASN1OutputStream            aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(tbs);
+
+        if (!Arrays.areEqual(bOut.toByteArray(), v2CertList))
+        {
+            System.out.println(new String(Base64.encode(bOut.toByteArray())));
+            fail("failed v2 cert list generation");
+        }
+
+        //
+        // read back test
+        //
+        ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v2CertList));
+        ASN1Primitive o = aIn.readObject();
+
+        bOut = new ByteArrayOutputStream();
+        aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(o);
+
+        if (!Arrays.areEqual(bOut.toByteArray(), v2CertList))
+        {
+            fail("failed v2 cert list read back test");
+        }
+
+        //
+        // check we can add a custom reason
+        //
+        gen.addCRLEntry(new ASN1Integer(1), new Time(new Date(1000)), CRLReason.aACompromise);
+
+        //
+        // check invalidity date
+        gen.addCRLEntry(new ASN1Integer(2), new Time(new Date(1000)), CRLReason.affiliationChanged, new ASN1GeneralizedTime(new Date(2000)));
+
+        TBSCertList crl = gen.generateTBSCertList();
+
+        TBSCertList.CRLEntry[] entries = crl.getRevokedCertificates();
+        for (int i = 0; i != entries.length; i++)
+        {
+            TBSCertList.CRLEntry entry = entries[i];
+
+            if (entry.getUserCertificate().equals(new ASN1Integer(1)))
+            {
+                Extensions extensions = entry.getExtensions();
+                Extension ext = extensions.getExtension(Extension.reasonCode);
+
+                CRLReason r = CRLReason.getInstance(ext.getParsedValue());
+
+                if (r.getValue().intValue() != CRLReason.aACompromise)
+                {
+                    fail("reason code mismatch");
+                }
+            }
+            else if (entry.getUserCertificate().equals(new ASN1Integer(2)))
+            {
+                Extensions extensions = entry.getExtensions();
+                Extension ext = extensions.getExtension(Extension.reasonCode);
+
+                CRLReason r = CRLReason.getInstance(ext.getParsedValue());
+
+                if (r.getValue().intValue() != CRLReason.affiliationChanged)
+                {
+                    fail("reason code mismatch");
+                }
+
+                ext = extensions.getExtension(Extension.invalidityDate);
+
+                ASN1GeneralizedTime t = ASN1GeneralizedTime.getInstance(ext.getParsedValue());
+
+                try
+                {
+                    if (!t.getDate().equals(new Date(2000)))
+                    {
+                        fail("invalidity date mismatch");
+                    }
+                }
+                catch (ParseException e)
+                {
+                    fail("can't parse date", e);
+                }
+            }
+        }
+    }
+    
+    public void performTest()
+        throws Exception
+    {
+        tbsV1CertGen();
+        tbsV3CertGen();
+        tbsV3CertGenWithNullSubject();
+        tbsV2CertListGen();
+    }
+
+    public String getName()
+    {
+        return "Generation";
+    }
+
+    private static byte[] getDigest(SubjectPublicKeyInfo spki)
+    {
+        Digest digest = new SHA1Digest();
+        byte[]  resBuf = new byte[digest.getDigestSize()];
+
+        byte[] bytes = spki.getPublicKeyData().getBytes();
+        digest.update(bytes, 0, bytes.length);
+        digest.doFinal(resBuf, 0);
+        return resBuf;
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new GenerationTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/GetInstanceTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/GetInstanceTest.java
new file mode 100644
index 0000000..cda7c50
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/GetInstanceTest.java
@@ -0,0 +1,888 @@
+package org.bouncycastle.asn1.test;
+
+import java.lang.reflect.Method;
+import java.math.BigInteger;
+import java.util.Date;
+import java.util.Vector;
+
+import junit.framework.TestCase;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Enumerated;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1UTCTime;
+import org.bouncycastle.asn1.DERBMPString;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERGeneralString;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERNumericString;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERSet;
+import org.bouncycastle.asn1.DERT61String;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.DERUniversalString;
+import org.bouncycastle.asn1.DERVisibleString;
+import org.bouncycastle.asn1.cmp.CAKeyUpdAnnContent;
+import org.bouncycastle.asn1.cmp.CMPCertificate;
+import org.bouncycastle.asn1.cmp.CRLAnnContent;
+import org.bouncycastle.asn1.cmp.CertConfirmContent;
+import org.bouncycastle.asn1.cmp.CertOrEncCert;
+import org.bouncycastle.asn1.cmp.CertRepMessage;
+import org.bouncycastle.asn1.cmp.CertResponse;
+import org.bouncycastle.asn1.cmp.CertifiedKeyPair;
+import org.bouncycastle.asn1.cmp.Challenge;
+import org.bouncycastle.asn1.cmp.ErrorMsgContent;
+import org.bouncycastle.asn1.cmp.GenMsgContent;
+import org.bouncycastle.asn1.cmp.GenRepContent;
+import org.bouncycastle.asn1.cmp.InfoTypeAndValue;
+import org.bouncycastle.asn1.cmp.KeyRecRepContent;
+import org.bouncycastle.asn1.cmp.OOBCertHash;
+import org.bouncycastle.asn1.cmp.PBMParameter;
+import org.bouncycastle.asn1.cmp.PKIBody;
+import org.bouncycastle.asn1.cmp.PKIConfirmContent;
+import org.bouncycastle.asn1.cmp.PKIFailureInfo;
+import org.bouncycastle.asn1.cmp.PKIFreeText;
+import org.bouncycastle.asn1.cmp.PKIHeader;
+import org.bouncycastle.asn1.cmp.PKIMessage;
+import org.bouncycastle.asn1.cmp.PKIMessages;
+import org.bouncycastle.asn1.cmp.PKIStatus;
+import org.bouncycastle.asn1.cmp.PKIStatusInfo;
+import org.bouncycastle.asn1.cmp.POPODecKeyChallContent;
+import org.bouncycastle.asn1.cmp.POPODecKeyRespContent;
+import org.bouncycastle.asn1.cmp.PollRepContent;
+import org.bouncycastle.asn1.cmp.PollReqContent;
+import org.bouncycastle.asn1.cmp.ProtectedPart;
+import org.bouncycastle.asn1.cmp.RevAnnContent;
+import org.bouncycastle.asn1.cmp.RevDetails;
+import org.bouncycastle.asn1.cmp.RevRepContent;
+import org.bouncycastle.asn1.cmp.RevReqContent;
+import org.bouncycastle.asn1.cms.Attribute;
+import org.bouncycastle.asn1.cms.Attributes;
+import org.bouncycastle.asn1.cms.AuthEnvelopedData;
+import org.bouncycastle.asn1.cms.AuthenticatedData;
+import org.bouncycastle.asn1.cms.CompressedData;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.asn1.cms.EncryptedContentInfo;
+import org.bouncycastle.asn1.cms.EncryptedData;
+import org.bouncycastle.asn1.cms.EnvelopedData;
+import org.bouncycastle.asn1.cms.Evidence;
+import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
+import org.bouncycastle.asn1.cms.KEKIdentifier;
+import org.bouncycastle.asn1.cms.KEKRecipientInfo;
+import org.bouncycastle.asn1.cms.KeyAgreeRecipientIdentifier;
+import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo;
+import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
+import org.bouncycastle.asn1.cms.MetaData;
+import org.bouncycastle.asn1.cms.OriginatorIdentifierOrKey;
+import org.bouncycastle.asn1.cms.OriginatorInfo;
+import org.bouncycastle.asn1.cms.OriginatorPublicKey;
+import org.bouncycastle.asn1.cms.OtherKeyAttribute;
+import org.bouncycastle.asn1.cms.OtherRecipientInfo;
+import org.bouncycastle.asn1.cms.PasswordRecipientInfo;
+import org.bouncycastle.asn1.cms.RecipientEncryptedKey;
+import org.bouncycastle.asn1.cms.RecipientIdentifier;
+import org.bouncycastle.asn1.cms.RecipientInfo;
+import org.bouncycastle.asn1.cms.RecipientKeyIdentifier;
+import org.bouncycastle.asn1.cms.SignerIdentifier;
+import org.bouncycastle.asn1.cms.SignerInfo;
+import org.bouncycastle.asn1.cms.TimeStampAndCRL;
+import org.bouncycastle.asn1.cms.TimeStampTokenEvidence;
+import org.bouncycastle.asn1.cms.TimeStampedData;
+import org.bouncycastle.asn1.cms.ecc.MQVuserKeyingMaterial;
+import org.bouncycastle.asn1.crmf.AttributeTypeAndValue;
+import org.bouncycastle.asn1.crmf.CertId;
+import org.bouncycastle.asn1.crmf.CertReqMessages;
+import org.bouncycastle.asn1.crmf.CertReqMsg;
+import org.bouncycastle.asn1.crmf.CertRequest;
+import org.bouncycastle.asn1.crmf.CertTemplate;
+import org.bouncycastle.asn1.crmf.Controls;
+import org.bouncycastle.asn1.crmf.EncKeyWithID;
+import org.bouncycastle.asn1.crmf.EncryptedKey;
+import org.bouncycastle.asn1.crmf.EncryptedValue;
+import org.bouncycastle.asn1.crmf.OptionalValidity;
+import org.bouncycastle.asn1.crmf.PKIArchiveOptions;
+import org.bouncycastle.asn1.crmf.PKIPublicationInfo;
+import org.bouncycastle.asn1.crmf.PKMACValue;
+import org.bouncycastle.asn1.crmf.POPOPrivKey;
+import org.bouncycastle.asn1.crmf.POPOSigningKey;
+import org.bouncycastle.asn1.crmf.POPOSigningKeyInput;
+import org.bouncycastle.asn1.crmf.ProofOfPossession;
+import org.bouncycastle.asn1.crmf.SinglePubInfo;
+import org.bouncycastle.asn1.cryptopro.ECGOST3410ParamSetParameters;
+import org.bouncycastle.asn1.cryptopro.GOST28147Parameters;
+import org.bouncycastle.asn1.cryptopro.GOST3410ParamSetParameters;
+import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
+import org.bouncycastle.asn1.eac.CVCertificate;
+import org.bouncycastle.asn1.eac.CVCertificateRequest;
+import org.bouncycastle.asn1.eac.CertificateBody;
+import org.bouncycastle.asn1.eac.PublicKeyDataObject;
+import org.bouncycastle.asn1.eac.RSAPublicKey;
+import org.bouncycastle.asn1.eac.UnsignedInteger;
+import org.bouncycastle.asn1.esf.CommitmentTypeIndication;
+import org.bouncycastle.asn1.esf.CommitmentTypeQualifier;
+import org.bouncycastle.asn1.esf.CompleteRevocationRefs;
+import org.bouncycastle.asn1.esf.CrlIdentifier;
+import org.bouncycastle.asn1.esf.CrlListID;
+import org.bouncycastle.asn1.esf.CrlOcspRef;
+import org.bouncycastle.asn1.esf.CrlValidatedID;
+import org.bouncycastle.asn1.esf.OcspIdentifier;
+import org.bouncycastle.asn1.esf.OcspListID;
+import org.bouncycastle.asn1.esf.OcspResponsesID;
+import org.bouncycastle.asn1.esf.OtherHash;
+import org.bouncycastle.asn1.esf.OtherHashAlgAndValue;
+import org.bouncycastle.asn1.esf.OtherRevRefs;
+import org.bouncycastle.asn1.esf.OtherRevVals;
+import org.bouncycastle.asn1.esf.RevocationValues;
+import org.bouncycastle.asn1.esf.SPUserNotice;
+import org.bouncycastle.asn1.esf.SPuri;
+import org.bouncycastle.asn1.esf.SigPolicyQualifierInfo;
+import org.bouncycastle.asn1.esf.SigPolicyQualifiers;
+import org.bouncycastle.asn1.esf.SignaturePolicyId;
+import org.bouncycastle.asn1.esf.SignaturePolicyIdentifier;
+import org.bouncycastle.asn1.esf.SignerAttribute;
+import org.bouncycastle.asn1.esf.SignerLocation;
+import org.bouncycastle.asn1.ess.ContentHints;
+import org.bouncycastle.asn1.ess.ContentIdentifier;
+import org.bouncycastle.asn1.ess.ESSCertID;
+import org.bouncycastle.asn1.ess.ESSCertIDv2;
+import org.bouncycastle.asn1.ess.OtherCertID;
+import org.bouncycastle.asn1.ess.OtherSigningCertificate;
+import org.bouncycastle.asn1.ess.SigningCertificate;
+import org.bouncycastle.asn1.ess.SigningCertificateV2;
+import org.bouncycastle.asn1.icao.CscaMasterList;
+import org.bouncycastle.asn1.icao.DataGroupHash;
+import org.bouncycastle.asn1.icao.LDSSecurityObject;
+import org.bouncycastle.asn1.icao.LDSVersionInfo;
+import org.bouncycastle.asn1.isismtt.ocsp.CertHash;
+import org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate;
+import org.bouncycastle.asn1.isismtt.x509.AdditionalInformationSyntax;
+import org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax;
+import org.bouncycastle.asn1.isismtt.x509.Admissions;
+import org.bouncycastle.asn1.isismtt.x509.DeclarationOfMajority;
+import org.bouncycastle.asn1.isismtt.x509.MonetaryLimit;
+import org.bouncycastle.asn1.isismtt.x509.NamingAuthority;
+import org.bouncycastle.asn1.isismtt.x509.ProcurationSyntax;
+import org.bouncycastle.asn1.isismtt.x509.ProfessionInfo;
+import org.bouncycastle.asn1.isismtt.x509.Restriction;
+import org.bouncycastle.asn1.misc.CAST5CBCParameters;
+import org.bouncycastle.asn1.misc.IDEACBCPar;
+import org.bouncycastle.asn1.mozilla.PublicKeyAndChallenge;
+import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
+import org.bouncycastle.asn1.ocsp.CertID;
+import org.bouncycastle.asn1.ocsp.CertStatus;
+import org.bouncycastle.asn1.ocsp.CrlID;
+import org.bouncycastle.asn1.ocsp.OCSPRequest;
+import org.bouncycastle.asn1.ocsp.OCSPResponse;
+import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
+import org.bouncycastle.asn1.ocsp.Request;
+import org.bouncycastle.asn1.ocsp.ResponderID;
+import org.bouncycastle.asn1.ocsp.ResponseBytes;
+import org.bouncycastle.asn1.ocsp.ResponseData;
+import org.bouncycastle.asn1.ocsp.RevokedInfo;
+import org.bouncycastle.asn1.ocsp.Signature;
+import org.bouncycastle.asn1.ocsp.SingleResponse;
+import org.bouncycastle.asn1.ocsp.TBSRequest;
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
+import org.bouncycastle.asn1.pkcs.CertificationRequest;
+import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
+import org.bouncycastle.asn1.pkcs.DHParameter;
+import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.MacData;
+import org.bouncycastle.asn1.pkcs.PBEParameter;
+import org.bouncycastle.asn1.pkcs.PBES2Parameters;
+import org.bouncycastle.asn1.pkcs.PBKDF2Params;
+import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
+import org.bouncycastle.asn1.pkcs.Pfx;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
+import org.bouncycastle.asn1.pkcs.RSAESOAEPparams;
+import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
+import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
+import org.bouncycastle.asn1.pkcs.SafeBag;
+import org.bouncycastle.asn1.pkcs.SignedData;
+import org.bouncycastle.asn1.sec.ECPrivateKey;
+import org.bouncycastle.asn1.smime.SMIMECapabilities;
+import org.bouncycastle.asn1.smime.SMIMECapability;
+import org.bouncycastle.asn1.tsp.Accuracy;
+import org.bouncycastle.asn1.tsp.MessageImprint;
+import org.bouncycastle.asn1.tsp.TSTInfo;
+import org.bouncycastle.asn1.tsp.TimeStampReq;
+import org.bouncycastle.asn1.tsp.TimeStampResp;
+import org.bouncycastle.asn1.x500.DirectoryString;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.AccessDescription;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.AttCertIssuer;
+import org.bouncycastle.asn1.x509.AttCertValidityPeriod;
+import org.bouncycastle.asn1.x509.AttributeCertificate;
+import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
+import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
+import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.CRLDistPoint;
+import org.bouncycastle.asn1.x509.CRLNumber;
+import org.bouncycastle.asn1.x509.CRLReason;
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.asn1.x509.CertificateList;
+import org.bouncycastle.asn1.x509.CertificatePair;
+import org.bouncycastle.asn1.x509.CertificatePolicies;
+import org.bouncycastle.asn1.x509.DSAParameter;
+import org.bouncycastle.asn1.x509.DigestInfo;
+import org.bouncycastle.asn1.x509.DisplayText;
+import org.bouncycastle.asn1.x509.DistributionPoint;
+import org.bouncycastle.asn1.x509.DistributionPointName;
+import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
+import org.bouncycastle.asn1.x509.Extensions;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.GeneralSubtree;
+import org.bouncycastle.asn1.x509.Holder;
+import org.bouncycastle.asn1.x509.IetfAttrSyntax;
+import org.bouncycastle.asn1.x509.IssuerSerial;
+import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
+import org.bouncycastle.asn1.x509.NameConstraints;
+import org.bouncycastle.asn1.x509.NoticeReference;
+import org.bouncycastle.asn1.x509.ObjectDigestInfo;
+import org.bouncycastle.asn1.x509.PolicyInformation;
+import org.bouncycastle.asn1.x509.PolicyMappings;
+import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
+import org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod;
+import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
+import org.bouncycastle.asn1.x509.RoleSyntax;
+import org.bouncycastle.asn1.x509.SubjectDirectoryAttributes;
+import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.TBSCertList;
+import org.bouncycastle.asn1.x509.TBSCertificate;
+import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+import org.bouncycastle.asn1.x509.Target;
+import org.bouncycastle.asn1.x509.TargetInformation;
+import org.bouncycastle.asn1.x509.Targets;
+import org.bouncycastle.asn1.x509.Time;
+import org.bouncycastle.asn1.x509.UserNotice;
+import org.bouncycastle.asn1.x509.V2Form;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.asn1.x509.qualified.BiometricData;
+import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode;
+import org.bouncycastle.asn1.x509.qualified.MonetaryValue;
+import org.bouncycastle.asn1.x509.qualified.QCStatement;
+import org.bouncycastle.asn1.x509.qualified.SemanticsInformation;
+import org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData;
+import org.bouncycastle.asn1.x509.sigi.NameOrPseudonym;
+import org.bouncycastle.asn1.x509.sigi.PersonalData;
+import org.bouncycastle.asn1.x9.DHDomainParameters;
+import org.bouncycastle.asn1.x9.DHPublicKey;
+import org.bouncycastle.asn1.x9.DHValidationParms;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.util.Integers;
+import org.bouncycastle.util.encoders.Base64;
+
+public class GetInstanceTest
+    extends TestCase
+{
+    public static byte[]  attrCert = Base64.decode(
+            "MIIHQDCCBqkCAQEwgZChgY2kgYowgYcxHDAaBgkqhkiG9w0BCQEWDW1sb3JjaEB2"
+          + "dC5lZHUxHjAcBgNVBAMTFU1hcmt1cyBMb3JjaCAobWxvcmNoKTEbMBkGA1UECxMS"
+          + "VmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAyMQswCQYDVQQKEwJ2"
+          + "dDELMAkGA1UEBhMCVVMwgYmkgYYwgYMxGzAZBgkqhkiG9w0BCQEWDHNzaGFoQHZ0"
+          + "LmVkdTEbMBkGA1UEAxMSU3VtaXQgU2hhaCAoc3NoYWgpMRswGQYDVQQLExJWaXJn"
+          + "aW5pYSBUZWNoIFVzZXIxEDAOBgNVBAsTB0NsYXNzIDExCzAJBgNVBAoTAnZ0MQsw"
+          + "CQYDVQQGEwJVUzANBgkqhkiG9w0BAQQFAAIBBTAiGA8yMDAzMDcxODE2MDgwMloY"
+          + "DzIwMDMwNzI1MTYwODAyWjCCBU0wggVJBgorBgEEAbRoCAEBMYIFORaCBTU8UnVs"
+          + "ZSBSdWxlSWQ9IkZpbGUtUHJpdmlsZWdlLVJ1bGUiIEVmZmVjdD0iUGVybWl0Ij4K"
+          + "IDxUYXJnZXQ+CiAgPFN1YmplY3RzPgogICA8U3ViamVjdD4KICAgIDxTdWJqZWN0"
+          + "TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5j"
+          + "dGlvbjpzdHJpbmctZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlw"
+          + "ZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIj4KICAg"
+          + "ICAgIENOPU1hcmt1cyBMb3JjaDwvQXR0cmlidXRlVmFsdWU+CiAgICAgPFN1Ympl"
+          + "Y3RBdHRyaWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFt"
+          + "ZXM6dGM6eGFjbWw6MS4wOnN1YmplY3Q6c3ViamVjdC1pZCIgRGF0YVR5cGU9Imh0"
+          + "dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI3N0cmluZyIgLz4gCiAgICA8"
+          + "L1N1YmplY3RNYXRjaD4KICAgPC9TdWJqZWN0PgogIDwvU3ViamVjdHM+CiAgPFJl"
+          + "c291cmNlcz4KICAgPFJlc291cmNlPgogICAgPFJlc291cmNlTWF0Y2ggTWF0Y2hJ"
+          + "ZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjpzdHJpbmct"
+          + "ZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlwZT0iaHR0cDovL3d3"
+          + "dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIj4KICAgICAgaHR0cDovL3p1"
+          + "bmkuY3MudnQuZWR1PC9BdHRyaWJ1dGVWYWx1ZT4KICAgICA8UmVzb3VyY2VBdHRy"
+          + "aWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6"
+          + "eGFjbWw6MS4wOnJlc291cmNlOnJlc291cmNlLWlkIiBEYXRhVHlwZT0iaHR0cDov"
+          + "L3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIiAvPiAKICAgIDwvUmVz"
+          + "b3VyY2VNYXRjaD4KICAgPC9SZXNvdXJjZT4KICA8L1Jlc291cmNlcz4KICA8QWN0"
+          + "aW9ucz4KICAgPEFjdGlvbj4KICAgIDxBY3Rpb25NYXRjaCBNYXRjaElkPSJ1cm46"
+          + "b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmZ1bmN0aW9uOnN0cmluZy1lcXVhbCI+"
+          + "CiAgICAgPEF0dHJpYnV0ZVZhbHVlIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9y"
+          + "Zy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciPgpEZWxlZ2F0ZSBBY2Nlc3MgICAgIDwv"
+          + "QXR0cmlidXRlVmFsdWU+CgkgIDxBY3Rpb25BdHRyaWJ1dGVEZXNpZ25hdG9yIEF0"
+          + "dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmFjdGlvbjph"
+          + "Y3Rpb24taWQiIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj"
+          + "aGVtYSNzdHJpbmciIC8+IAogICAgPC9BY3Rpb25NYXRjaD4KICAgPC9BY3Rpb24+"
+          + "CiAgPC9BY3Rpb25zPgogPC9UYXJnZXQ+CjwvUnVsZT4KMA0GCSqGSIb3DQEBBAUA"
+          + "A4GBAGiJSM48XsY90HlYxGmGVSmNR6ZW2As+bot3KAfiCIkUIOAqhcphBS23egTr"
+          + "6asYwy151HshbPNYz+Cgeqs45KkVzh7bL/0e1r8sDVIaaGIkjHK3CqBABnfSayr3"
+          + "Rd1yBoDdEv8Qb+3eEPH6ab9021AsLEnJ6LWTmybbOpMNZ3tv");
+
+    byte[]  cert1 = Base64.decode(
+        "MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
+            + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
+            + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
+            + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
+            + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2"
+            + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
+            + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
+            + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l"
+            + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv"
+            + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re"
+            + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO"
+            + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE"
+            + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy"
+            + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0"
+            + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw"
+            + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL"
+            + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4"
+            + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF"
+            + "5/8=");
+
+    private byte[] v2CertList = Base64.decode(
+          "MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT"
+        + "F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy"
+        + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw"
+        + "MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw"
+        + "MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw"
+        + "MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw"
+        + "MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw"
+        + "MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw"
+        + "MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw"
+        + "NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw"
+        + "NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF"
+        + "AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ"
+        + "wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt"
+        + "JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v");
+
+    private static final Object[] NULL_ARGS = new Object[] { null };
+
+    private void doFullGetInstanceTest(Class clazz, ASN1Object o1)
+        throws Exception
+    {
+        Method m;
+
+        try
+        {
+            m = clazz.getMethod("getInstance", Object.class);
+        }
+        catch (NoSuchMethodException e)
+        {
+            fail("no getInstance method found");
+            return;
+        }
+
+        ASN1Object o2 = (ASN1Object)m.invoke(clazz, NULL_ARGS);
+        if (o2 != null)
+        {
+            fail(clazz.getName() + " null failed");
+        }
+
+        o2 = (ASN1Object)m.invoke(clazz, o1);
+
+        if (!o1.equals(o2) || !clazz.isInstance(o2))
+        {
+            fail(clazz.getName() + " equality failed");
+        }
+
+        o2 = (ASN1Object)m.invoke(clazz, o1.getEncoded());
+        if (!o1.equals(o2) || !clazz.isInstance(o2))
+        {
+            fail(clazz.getName() + " encoded equality failed");
+        }
+
+        o2 = (ASN1Object)m.invoke(clazz, o1.toASN1Primitive());
+        if (!o1.equals(o2) || !clazz.isInstance(o2))
+        {
+            fail(clazz.getName() + " sequence equality failed");
+        }
+
+        try
+        {
+            m = clazz.getMethod("getInstance", ASN1TaggedObject.class, Boolean.TYPE);
+        }
+        catch (NoSuchMethodException e)
+        {
+            return;
+        }
+
+        ASN1TaggedObject t = new DERTaggedObject(true, 0, o1);
+        o2 = (ASN1Object)m.invoke(clazz, t, true);
+        if (!o1.equals(o2) || !clazz.isInstance(o2))
+        {
+            fail(clazz.getName() + " tag equality failed");
+        }
+
+        t = new DERTaggedObject(true, 0, o1.toASN1Primitive());
+        o2 = (ASN1Object)m.invoke(clazz, t, true);
+        if (!o1.equals(o2) || !clazz.isInstance(o2))
+        {
+            fail(clazz.getName() + " tag equality failed");
+        }
+
+        t = ASN1TaggedObject.getInstance(t.getEncoded());
+        o2 = (ASN1Object)m.invoke(clazz, t, true);
+        if (!o1.equals(o2) || !clazz.isInstance(o2))
+        {
+            fail(clazz.getName() + " tag equality failed");
+        }
+
+        t = new DERTaggedObject(false, 0, o1);
+        o2 = (ASN1Object)m.invoke(clazz, t, false);
+        if (!o1.equals(o2) || !clazz.isInstance(o2))
+        {
+            fail(clazz.getName() + " tag equality failed");
+        }
+
+        t = new DERTaggedObject(false, 0, o1.toASN1Primitive());
+        o2 = (ASN1Object)m.invoke(clazz, t, false);
+        if (!o1.equals(o2) || !clazz.isInstance(o2))
+        {
+            fail(clazz.getName() + " tag equality failed");
+        }
+
+        t = ASN1TaggedObject.getInstance(t.getEncoded());
+        o2 = (ASN1Object)m.invoke(clazz, t, false);
+        if (!o1.equals(o2) || !clazz.isInstance(o2))
+        {
+            fail(clazz.getName() + " tag equality failed");
+        }
+    }
+
+    public void testGetInstance()
+        throws Exception
+    {
+        doFullGetInstanceTest(DERPrintableString.class, new DERPrintableString("hello world"));
+        doFullGetInstanceTest(DERBMPString.class, new DERBMPString("hello world"));
+        doFullGetInstanceTest(DERUTF8String.class, new DERUTF8String("hello world"));
+        doFullGetInstanceTest(DERUniversalString.class, new DERUniversalString(new byte[20]));
+        doFullGetInstanceTest(DERIA5String.class, new DERIA5String("hello world"));
+        doFullGetInstanceTest(DERGeneralString.class, new DERGeneralString("hello world"));
+        doFullGetInstanceTest(DERNumericString.class, new DERNumericString("hello world"));
+        doFullGetInstanceTest(DERNumericString.class, new DERNumericString("99999", true));
+        doFullGetInstanceTest(DERT61String.class, new DERT61String("hello world"));
+        doFullGetInstanceTest(DERVisibleString.class, new DERVisibleString("hello world"));
+
+        doFullGetInstanceTest(ASN1Integer.class, new ASN1Integer(1));
+        doFullGetInstanceTest(ASN1GeneralizedTime.class, new ASN1GeneralizedTime(new Date()));
+        doFullGetInstanceTest(ASN1UTCTime.class, new ASN1UTCTime(new Date()));
+        doFullGetInstanceTest(ASN1Enumerated.class, new ASN1Enumerated(1));
+
+        CMPCertificate cmpCert = new CMPCertificate(Certificate.getInstance(cert1));
+        CertificateList crl = CertificateList.getInstance(v2CertList);
+        AttributeCertificate attributeCert = AttributeCertificate.getInstance(attrCert);
+
+        doFullGetInstanceTest(CAKeyUpdAnnContent.class, new CAKeyUpdAnnContent(cmpCert, cmpCert, cmpCert));
+
+        CertConfirmContent.getInstance(null);
+        CertifiedKeyPair.getInstance(null);
+        CertOrEncCert.getInstance(null);
+        CertRepMessage.getInstance(null);
+        doFullGetInstanceTest(CertResponse.class, new CertResponse(new ASN1Integer(1), new PKIStatusInfo(PKIStatus.granted)));
+        doFullGetInstanceTest(org.bouncycastle.asn1.cmp.CertStatus.class, new org.bouncycastle.asn1.cmp.CertStatus(new byte[10], BigInteger.valueOf(1), new PKIStatusInfo(PKIStatus.granted)));
+        doFullGetInstanceTest(Challenge.class, new Challenge(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE), new byte[10], new byte[10]));
+
+        doFullGetInstanceTest(CMPCertificate.class, cmpCert);
+        doFullGetInstanceTest(CRLAnnContent.class, new CRLAnnContent(crl));
+        doFullGetInstanceTest(ErrorMsgContent.class, new ErrorMsgContent(new PKIStatusInfo(PKIStatus.granted), new ASN1Integer(1), new PKIFreeText("fred")));
+        GenMsgContent.getInstance(null);
+        GenRepContent.getInstance(null);
+        InfoTypeAndValue.getInstance(null);
+        KeyRecRepContent.getInstance(null);
+        OOBCertHash.getInstance(null);
+        PBMParameter.getInstance(null);
+        PKIBody.getInstance(null);
+        PKIConfirmContent.getInstance(null);
+        PKIFreeText.getInstance(null);
+        doFullGetInstanceTest(PKIFreeText.class, new PKIFreeText("hello world"));
+        doFullGetInstanceTest(PKIFreeText.class, new PKIFreeText(new String[]{"hello", "world"}));
+        doFullGetInstanceTest(PKIFreeText.class, new PKIFreeText(new DERUTF8String[]{new DERUTF8String("hello"), new DERUTF8String("world")}));
+        PKIHeader.getInstance(null);
+        PKIMessage.getInstance(null);
+        PKIMessages.getInstance(null);
+        doFullGetInstanceTest(PKIStatusInfo.class, new PKIStatusInfo(PKIStatus.rejection, new PKIFreeText("hello world"), new PKIFailureInfo(PKIFailureInfo.badAlg)));
+        doFullGetInstanceTest(PKIStatusInfo.class, new PKIStatusInfo(PKIStatus.granted, new PKIFreeText("hello world")));
+        PKIStatus.getInstance(null);
+        PollRepContent.getInstance(null);
+        PollReqContent.getInstance(null);
+        POPODecKeyChallContent.getInstance(null);
+        POPODecKeyRespContent.getInstance(null);
+        ProtectedPart.getInstance(null);
+        RevAnnContent.getInstance(null);
+        RevDetails.getInstance(null);
+        RevRepContent.getInstance(null);
+        RevReqContent.getInstance(null);
+        Attribute.getInstance(null);
+        Attributes.getInstance(null);
+        AuthenticatedData.getInstance(null);
+        AuthenticatedData.getInstance(null);
+        AuthEnvelopedData.getInstance(null);
+        AuthEnvelopedData.getInstance(null);
+        CompressedData.getInstance(null);
+        CompressedData.getInstance(null);
+        ContentInfo.getInstance(null);
+        EncryptedContentInfo.getInstance(null);
+        EncryptedData.getInstance(null);
+        EnvelopedData.getInstance(null);
+        EnvelopedData.getInstance(null);
+        Evidence.getInstance(null);
+        IssuerAndSerialNumber.getInstance(null);
+        KEKIdentifier.getInstance(null);
+        KEKIdentifier.getInstance(null);
+        KEKRecipientInfo.getInstance(null);
+        KEKRecipientInfo.getInstance(null);
+        KeyAgreeRecipientIdentifier.getInstance(null);
+        KeyAgreeRecipientIdentifier.getInstance(null);
+        KeyAgreeRecipientInfo.getInstance(null);
+        KeyAgreeRecipientInfo.getInstance(null);
+        KeyTransRecipientInfo.getInstance(null);
+        MetaData.getInstance(null);
+        OriginatorIdentifierOrKey.getInstance(null);
+        OriginatorIdentifierOrKey.getInstance(null);
+        OriginatorInfo.getInstance(null);
+        OriginatorInfo.getInstance(null);
+        OriginatorPublicKey.getInstance(null);
+        OriginatorPublicKey.getInstance(null);
+        OtherKeyAttribute.getInstance(null);
+        OtherRecipientInfo.getInstance(null);
+        OtherRecipientInfo.getInstance(null);
+        PasswordRecipientInfo.getInstance(null);
+        PasswordRecipientInfo.getInstance(null);
+        RecipientEncryptedKey.getInstance(null);
+        RecipientIdentifier.getInstance(null);
+        RecipientInfo.getInstance(null);
+        RecipientKeyIdentifier.getInstance(null);
+        RecipientKeyIdentifier.getInstance(null);
+        SignedData.getInstance(null);
+        SignerIdentifier.getInstance(null);
+        SignerInfo.getInstance(null);
+        Time.getInstance(null);
+        Time.getInstance(null);
+        TimeStampAndCRL.getInstance(null);
+        TimeStampedData.getInstance(null);
+        TimeStampTokenEvidence.getInstance(null);
+        AttributeTypeAndValue.getInstance(null);
+
+        doFullGetInstanceTest(CertId.class, new CertId(new GeneralName(new X500Name("CN=Test")), BigInteger.valueOf(1)));
+
+
+        CertReqMessages.getInstance(null);
+        CertReqMsg.getInstance(null);
+        CertRequest.getInstance(null);
+        CertTemplate.getInstance(null);
+        Controls.getInstance(null);
+        EncKeyWithID.getInstance(null);
+        EncryptedKey.getInstance(null);
+        EncryptedValue.getInstance(null);
+        OptionalValidity.getInstance(null);
+        PKIArchiveOptions.getInstance(null);
+        PKIPublicationInfo.getInstance(null);
+        PKMACValue.getInstance(null);
+        PKMACValue.getInstance(null);
+        POPOPrivKey.getInstance(null);
+        POPOSigningKeyInput.getInstance(null);
+        POPOSigningKey.getInstance(null);
+        POPOSigningKey.getInstance(null);
+        ProofOfPossession.getInstance(null);
+        SinglePubInfo.getInstance(null);
+        ECGOST3410ParamSetParameters.getInstance(null);
+        ECGOST3410ParamSetParameters.getInstance(null);
+        GOST28147Parameters.getInstance(null);
+        GOST28147Parameters.getInstance(null);
+        GOST3410ParamSetParameters.getInstance(null);
+        GOST3410ParamSetParameters.getInstance(null);
+        GOST3410PublicKeyAlgParameters.getInstance(null);
+        GOST3410PublicKeyAlgParameters.getInstance(null);
+        CertificateBody.getInstance(null);
+        CVCertificate.getInstance(null);
+        CVCertificateRequest.getInstance(null);
+        PublicKeyDataObject.getInstance(null);
+        UnsignedInteger.getInstance(null);
+        CommitmentTypeIndication.getInstance(null);
+        CommitmentTypeQualifier.getInstance(null);
+
+        OcspIdentifier ocspIdentifier = new OcspIdentifier(new ResponderID(new X500Name("CN=Test")), new ASN1GeneralizedTime(new Date()));
+        CrlListID crlListID = new CrlListID(new CrlValidatedID[]{new CrlValidatedID(new OtherHash(new byte[20]))});
+        OcspListID ocspListID = new OcspListID(new OcspResponsesID[] { new OcspResponsesID(ocspIdentifier) });
+        OtherRevRefs otherRevRefs = new OtherRevRefs(new ASN1ObjectIdentifier("1.2.1"), new DERSequence());
+        OtherRevVals otherRevVals = new OtherRevVals(new ASN1ObjectIdentifier("1.2.1"), new DERSequence());
+        CrlOcspRef crlOcspRef = new CrlOcspRef(crlListID, ocspListID, otherRevRefs);
+        doFullGetInstanceTest(CompleteRevocationRefs.class, new CompleteRevocationRefs(new CrlOcspRef[]{crlOcspRef, crlOcspRef}));
+
+        doFullGetInstanceTest(CrlIdentifier.class, new CrlIdentifier(new X500Name("CN=Test"), new ASN1UTCTime(new Date()), BigInteger.valueOf(1)));
+
+
+        doFullGetInstanceTest(CrlListID.class, crlListID);
+        doFullGetInstanceTest(CrlOcspRef.class, crlOcspRef);
+        doFullGetInstanceTest(CrlValidatedID.class, new CrlValidatedID(new OtherHash(new byte[20])));
+        doFullGetInstanceTest(OcspIdentifier.class, ocspIdentifier);
+        doFullGetInstanceTest(OcspListID.class, ocspListID);
+        doFullGetInstanceTest(OcspResponsesID.class, new OcspResponsesID(ocspIdentifier));
+
+        OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE), new DEROctetString(new byte[10]));
+        doFullGetInstanceTest(OtherHashAlgAndValue.class, otherHashAlgAndValue);
+        OtherHash.getInstance(null);
+        doFullGetInstanceTest(OtherRevRefs.class, otherRevRefs);
+        doFullGetInstanceTest(OtherRevVals.class, otherRevVals);
+        doFullGetInstanceTest(RevocationValues.class, new RevocationValues(new CertificateList[]{crl}, null, otherRevVals));
+
+        SignaturePolicyId signaturePolicyId = new SignaturePolicyId(new ASN1ObjectIdentifier("1.2.1"), otherHashAlgAndValue);
+        doFullGetInstanceTest(SignaturePolicyIdentifier.class, new SignaturePolicyIdentifier());
+        doFullGetInstanceTest(SignaturePolicyIdentifier.class, new SignaturePolicyIdentifier(signaturePolicyId));
+        doFullGetInstanceTest(SignaturePolicyId.class, signaturePolicyId);
+        doFullGetInstanceTest(SignerAttribute.class, new SignerAttribute(new org.bouncycastle.asn1.x509.Attribute[]{new org.bouncycastle.asn1.x509.Attribute(new ASN1ObjectIdentifier("1.2.1"), new DERSet())}));
+        doFullGetInstanceTest(SignerAttribute.class, new SignerAttribute(attributeCert));
+
+        ASN1EncodableVector postalAddr = new ASN1EncodableVector();
+
+        postalAddr.add(new DERUTF8String("line 1"));
+        postalAddr.add(new DERUTF8String("line 2"));
+
+        doFullGetInstanceTest(SignerLocation.class, new SignerLocation(new DERUTF8String("AU"), new DERUTF8String("Melbourne"), new DERSequence(postalAddr)));
+        doFullGetInstanceTest(SigPolicyQualifierInfo.class, new SigPolicyQualifierInfo(new ASN1ObjectIdentifier("1.2.1"), new DERSequence()));
+        SigPolicyQualifiers.getInstance(null);
+        SPuri.getInstance(null);
+        Vector v = new Vector();
+
+        v.add(Integers.valueOf(1));
+        v.add(BigInteger.valueOf(2));
+        NoticeReference noticeReference = new NoticeReference("BC", v);
+        doFullGetInstanceTest(SPUserNotice.class, new SPUserNotice(noticeReference, new DisplayText("hello world")));
+        ContentHints.getInstance(null);
+        ContentIdentifier.getInstance(null);
+        ESSCertID.getInstance(null);
+        ESSCertIDv2.getInstance(null);
+        OtherCertID.getInstance(null);
+        OtherSigningCertificate.getInstance(null);
+        SigningCertificate.getInstance(null);
+        SigningCertificateV2.getInstance(null);
+        CscaMasterList.getInstance(null);
+        DataGroupHash.getInstance(null);
+        LDSSecurityObject.getInstance(null);
+        LDSVersionInfo.getInstance(null);
+        CAST5CBCParameters.getInstance(null);
+        IDEACBCPar.getInstance(null);
+        PublicKeyAndChallenge.getInstance(null);
+        BasicOCSPResponse.getInstance(null);
+        BasicOCSPResponse.getInstance(null);
+
+        doFullGetInstanceTest(CertID.class, new CertID(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE), new DEROctetString(new byte[1]), new DEROctetString(new byte[1]), new ASN1Integer(1)));
+
+        CertStatus.getInstance(null);
+        CertStatus.getInstance(null);
+        CrlID.getInstance(null);
+        OCSPRequest.getInstance(null);
+        OCSPRequest.getInstance(null);
+        OCSPResponse.getInstance(null);
+        OCSPResponse.getInstance(null);
+        OCSPResponseStatus.getInstance(null);
+        Request.getInstance(null);
+        Request.getInstance(null);
+        ResponderID.getInstance(null);
+        ResponderID.getInstance(null);
+        ResponseBytes.getInstance(null);
+        ResponseBytes.getInstance(null);
+        ResponseData.getInstance(null);
+        ResponseData.getInstance(null);
+        RevokedInfo.getInstance(null);
+        RevokedInfo.getInstance(null);
+        Signature.getInstance(null);
+        Signature.getInstance(null);
+        SingleResponse.getInstance(null);
+        SingleResponse.getInstance(null);
+        TBSRequest.getInstance(null);
+        TBSRequest.getInstance(null);
+        Attribute.getInstance(null);
+        AuthenticatedSafe.getInstance(null);
+        CertificationRequestInfo.getInstance(null);
+        CertificationRequest.getInstance(null);
+        ContentInfo.getInstance(null);
+        DHParameter.getInstance(null);
+        EncryptedData.getInstance(null);
+        EncryptedPrivateKeyInfo.getInstance(null);
+        AlgorithmIdentifier.getInstance(null);
+        IssuerAndSerialNumber.getInstance(null);
+        MacData.getInstance(null);
+        PBEParameter.getInstance(null);
+        PBES2Parameters.getInstance(null);
+        PBKDF2Params.getInstance(null);
+        Pfx.getInstance(null);
+        PKCS12PBEParams.getInstance(null);
+        PrivateKeyInfo.getInstance(null);
+        PrivateKeyInfo.getInstance(null);
+        RC2CBCParameter.getInstance(null);
+        RSAESOAEPparams.getInstance(null);
+        RSAPrivateKey.getInstance(null);
+        RSAPrivateKey.getInstance(null);
+        RSAPublicKey.getInstance(null);
+        RSAPublicKey.getInstance(null);
+        RSASSAPSSparams.getInstance(null);
+        SafeBag.getInstance(null);
+        SignedData.getInstance(null);
+        SignerInfo.getInstance(null);
+        ECPrivateKey.getInstance(null);
+        SMIMECapabilities.getInstance(null);
+        SMIMECapability.getInstance(null);
+        Accuracy.getInstance(null);
+        MessageImprint.getInstance(null);
+        TimeStampReq.getInstance(null);
+        TimeStampResp.getInstance(null);
+        TSTInfo.getInstance(null);
+        AttributeTypeAndValue.getInstance(null);
+        DirectoryString.getInstance(null);
+        DirectoryString.getInstance(null);
+        RDN.getInstance(null);
+        X500Name.getInstance(null);
+        X500Name.getInstance(null);
+        AccessDescription.getInstance(null);
+        AlgorithmIdentifier.getInstance(null);
+        AlgorithmIdentifier.getInstance(null);
+        AttCertIssuer.getInstance(null);
+        AttCertIssuer.getInstance(null);
+        AttCertValidityPeriod.getInstance(null);
+        AttributeCertificateInfo.getInstance(null);
+        AttributeCertificateInfo.getInstance(null);
+        AttributeCertificate.getInstance(null);
+        Attribute.getInstance(null);
+        AuthorityInformationAccess.getInstance(null);
+        AuthorityKeyIdentifier.getInstance(null);
+        AuthorityKeyIdentifier.getInstance(null);
+        BasicConstraints.getInstance(null);
+        BasicConstraints.getInstance(null);
+        Certificate.getInstance(null);
+        Certificate.getInstance(null);
+        CertificateList.getInstance(null);
+        CertificateList.getInstance(null);
+        CertificatePair.getInstance(null);
+        CertificatePolicies.getInstance(null);
+        CertificatePolicies.getInstance(null);
+        CRLDistPoint.getInstance(null);
+        CRLDistPoint.getInstance(null);
+        CRLNumber.getInstance(null);
+        CRLReason.getInstance(null);
+        DigestInfo.getInstance(null);
+        DigestInfo.getInstance(null);
+        DisplayText.getInstance(null);
+        DisplayText.getInstance(null);
+        DistributionPoint.getInstance(null);
+        DistributionPoint.getInstance(null);
+        DistributionPointName.getInstance(null);
+        DistributionPointName.getInstance(null);
+        DSAParameter.getInstance(null);
+        DSAParameter.getInstance(null);
+        ExtendedKeyUsage.getInstance(null);
+        ExtendedKeyUsage.getInstance(null);
+        Extensions.getInstance(null);
+        Extensions.getInstance(null);
+        GeneralName.getInstance(null);
+        GeneralName.getInstance(null);
+        GeneralNames.getInstance(null);
+        GeneralNames.getInstance(null);
+
+        GeneralSubtree generalSubtree = new GeneralSubtree(new GeneralName(new X500Name("CN=Test")));
+        ASN1ObjectIdentifier algOid = new ASN1ObjectIdentifier("1.2.1");
+        ObjectDigestInfo objectDigestInfo = new ObjectDigestInfo(ObjectDigestInfo.otherObjectDigest, algOid, new AlgorithmIdentifier(algOid), new byte[20]);
+
+        doFullGetInstanceTest(GeneralSubtree.class, generalSubtree);
+        doFullGetInstanceTest(Holder.class, new Holder(objectDigestInfo));
+        IetfAttrSyntax.getInstance(null);
+        IssuerSerial.getInstance(null);
+        IssuerSerial.getInstance(null);
+        IssuingDistributionPoint.getInstance(null);
+        IssuingDistributionPoint.getInstance(null);
+        DERBitString.getInstance(null);
+
+        v.clear();
+        v.add(generalSubtree);
+
+        doFullGetInstanceTest(NameConstraints.class, new NameConstraints(null, null));
+        doFullGetInstanceTest(NoticeReference.class, noticeReference);
+        doFullGetInstanceTest(ObjectDigestInfo.class, objectDigestInfo);
+
+        PolicyInformation.getInstance(null);
+        PolicyMappings.getInstance(null);
+        PolicyQualifierInfo.getInstance(null);
+        PrivateKeyUsagePeriod.getInstance(null);
+        doFullGetInstanceTest(RoleSyntax.class, new RoleSyntax(new GeneralNames(new GeneralName(new X500Name("CN=Test"))), new GeneralName(GeneralName.uniformResourceIdentifier, "http://bc")));
+        RSAPublicKeyStructure.getInstance(null);
+        RSAPublicKeyStructure.getInstance(null);
+        SubjectDirectoryAttributes.getInstance(null);
+        SubjectKeyIdentifier.getInstance(null);
+        SubjectKeyIdentifier.getInstance(null);
+        SubjectPublicKeyInfo.getInstance(null);
+        SubjectPublicKeyInfo.getInstance(null);
+        TargetInformation.getInstance(null);
+        Target.getInstance(null);
+        Targets.getInstance(null);
+        TBSCertificate.getInstance(null);
+        TBSCertificate.getInstance(null);
+        TBSCertificateStructure.getInstance(null);
+        TBSCertificateStructure.getInstance(null);
+        TBSCertList.CRLEntry.getInstance(null);
+        TBSCertList.getInstance(null);
+        TBSCertList.getInstance(null);
+        Time.getInstance(null);
+        Time.getInstance(null);
+        doFullGetInstanceTest(UserNotice.class, new UserNotice(noticeReference, "hello world"));
+        V2Form.getInstance(null);
+        V2Form.getInstance(null);
+        X509CertificateStructure.getInstance(null);
+        X509CertificateStructure.getInstance(null);
+        X509Extensions.getInstance(null);
+        X509Extensions.getInstance(null);
+        X509Name.getInstance(null);
+        X509Name.getInstance(null);
+        DHDomainParameters.getInstance(null);
+        DHDomainParameters.getInstance(null);
+        DHPublicKey.getInstance(null);
+        DHPublicKey.getInstance(null);
+        DHValidationParms.getInstance(null);
+        DHValidationParms.getInstance(null);
+        X962Parameters.getInstance(null);
+        X962Parameters.getInstance(null);
+        X9ECParameters.getInstance(null);
+        MQVuserKeyingMaterial.getInstance(null);
+        MQVuserKeyingMaterial.getInstance(null);
+        CertHash.getInstance(null);
+        RequestedCertificate.getInstance(null);
+        RequestedCertificate.getInstance(null);
+        AdditionalInformationSyntax.getInstance(null);
+        Admissions.getInstance(null);
+        AdmissionSyntax.getInstance(null);
+        DeclarationOfMajority.getInstance(null);
+        MonetaryLimit.getInstance(null);
+        NamingAuthority.getInstance(null);
+        NamingAuthority.getInstance(null);
+        ProcurationSyntax.getInstance(null);
+        ProfessionInfo.getInstance(null);
+        Restriction.getInstance(null);
+        BiometricData.getInstance(null);
+        Iso4217CurrencyCode.getInstance(null);
+        MonetaryValue.getInstance(null);
+        QCStatement.getInstance(null);
+        SemanticsInformation.getInstance(null);
+        TypeOfBiometricData.getInstance(null);
+        NameOrPseudonym.getInstance(null);
+        PersonalData.getInstance(null);
+    }
+
+    public String getName()
+    {
+        return "GetInstanceNullTest";
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/InputStreamTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/InputStreamTest.java
new file mode 100644
index 0000000..819d285
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/InputStreamTest.java
@@ -0,0 +1,75 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class InputStreamTest 
+    extends SimpleTest
+{
+    private static final byte[] outOfBoundsLength = new byte[] { (byte)0x30, (byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff };
+    private static final byte[] negativeLength = new byte[] { (byte)0x30, (byte)0x84, (byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff };
+    private static final byte[] outsideLimitLength = new byte[] { (byte)0x30, (byte)0x83, (byte)0x0f, (byte)0xff, (byte)0xff };
+    
+    
+    public String getName()
+    {
+        return "InputStream";
+    }
+    
+    public void performTest() 
+        throws Exception
+    {
+        ASN1InputStream aIn = new ASN1InputStream(outOfBoundsLength);
+        
+        try
+        {
+            aIn.readObject();
+            fail("out of bounds length not detected.");
+        }
+        catch (IOException e)
+        {
+            if (!e.getMessage().startsWith("DER length more than 4 bytes"))
+            {
+                fail("wrong exception: " + e.getMessage());
+            }
+        }
+        
+        aIn = new ASN1InputStream(negativeLength);
+        
+        try
+        {
+            aIn.readObject();
+            fail("negative length not detected.");
+        }
+        catch (IOException e)
+        {
+            if (!e.getMessage().equals("corrupted stream - negative length found"))
+            {
+                fail("wrong exception: " + e.getMessage());
+            }
+        }
+        
+        aIn = new ASN1InputStream(outsideLimitLength);
+        
+        try
+        {
+            aIn.readObject();
+            fail("outside limit length not detected.");
+        }
+        catch (IOException e)
+        {
+            if (!e.getMessage().equals("corrupted stream - out of bounds length found"))
+            {
+                fail("wrong exception: " + e.getMessage());
+            }
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new InputStreamTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/Iso4217CurrencyCodeUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/Iso4217CurrencyCodeUnitTest.java
new file mode 100644
index 0000000..9a1d6a8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/Iso4217CurrencyCodeUnitTest.java
@@ -0,0 +1,142 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class Iso4217CurrencyCodeUnitTest 
+    extends SimpleTest
+{
+    private static final String ALPHABETIC_CURRENCY_CODE = "AUD";
+    private static final int    NUMERIC_CURRENCY_CODE = 1;
+
+    public String getName()
+    {
+        return "Iso4217CurrencyCode";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        //
+        // alphabetic
+        //
+        Iso4217CurrencyCode cc = new Iso4217CurrencyCode(ALPHABETIC_CURRENCY_CODE);
+
+        checkNumeric(cc, ALPHABETIC_CURRENCY_CODE);
+        
+        cc = Iso4217CurrencyCode.getInstance(cc);
+        
+        checkNumeric(cc, ALPHABETIC_CURRENCY_CODE);
+        
+        ASN1Primitive obj = cc.toASN1Object();
+        
+        cc = Iso4217CurrencyCode.getInstance(obj);
+        
+        checkNumeric(cc, ALPHABETIC_CURRENCY_CODE);
+        
+        //
+        // numeric
+        //
+        cc = new Iso4217CurrencyCode(NUMERIC_CURRENCY_CODE);
+
+        checkNumeric(cc, NUMERIC_CURRENCY_CODE);
+        
+        cc = Iso4217CurrencyCode.getInstance(cc);
+        
+        checkNumeric(cc, NUMERIC_CURRENCY_CODE);
+        
+        obj = cc.toASN1Object();
+        
+        cc = Iso4217CurrencyCode.getInstance(obj);
+        
+        checkNumeric(cc, NUMERIC_CURRENCY_CODE);
+        
+        cc = Iso4217CurrencyCode.getInstance(null);
+        
+        if (cc != null)
+        {
+            fail("null getInstance() failed.");
+        }
+        
+        try
+        {
+            Iso4217CurrencyCode.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            new Iso4217CurrencyCode("ABCD");
+            
+            fail("constructor failed to detect out of range currencycode.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            new Iso4217CurrencyCode(0);
+            
+            fail("constructor failed to detect out of range small numeric code.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            new Iso4217CurrencyCode(1000);
+            
+            fail("constructor failed to detect out of range large numeric code.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkNumeric(
+        Iso4217CurrencyCode cc,
+        String              code)
+    {
+        if (!cc.isAlphabetic())
+        {
+            fail("non-alphabetic code found when one expected.");
+        }
+        
+        if (!cc.getAlphabetic().equals(code))
+        {
+            fail("string codes don't match.");
+        }
+    }
+    
+    private void checkNumeric(
+        Iso4217CurrencyCode cc,
+        int                 code)
+    {
+        if (cc.isAlphabetic())
+        {
+            fail("alphabetic code found when one not expected.");
+        }
+        
+        if (cc.getNumeric() != code)
+        {
+            fail("numeric codes don't match.");
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new Iso4217CurrencyCodeUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/IssuingDistributionPointUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/IssuingDistributionPointUnitTest.java
new file mode 100644
index 0000000..3f27f19
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/IssuingDistributionPointUnitTest.java
@@ -0,0 +1,122 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.x509.DistributionPointName;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
+import org.bouncycastle.asn1.x509.ReasonFlags;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class IssuingDistributionPointUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "IssuingDistributionPoint";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        DistributionPointName    name = new DistributionPointName(
+                                              new GeneralNames(new GeneralName(new X509Name("cn=test"))));
+        ReasonFlags reasonFlags = new ReasonFlags(ReasonFlags.cACompromise);
+
+        checkPoint(6, name, true, true, reasonFlags, true, true);
+
+        checkPoint(2, name, false, false, reasonFlags, false, false);
+
+        checkPoint(0, null, false, false, null, false, false);
+
+        try
+        {
+            IssuingDistributionPoint.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkPoint(
+        int size,
+        DistributionPointName distributionPoint,
+        boolean onlyContainsUserCerts,
+        boolean onlyContainsCACerts,
+        ReasonFlags onlySomeReasons,
+        boolean indirectCRL,
+        boolean onlyContainsAttributeCerts)
+        throws IOException
+    {
+        IssuingDistributionPoint point = new IssuingDistributionPoint(distributionPoint, onlyContainsUserCerts, onlyContainsCACerts, onlySomeReasons, indirectCRL, onlyContainsAttributeCerts);
+
+        checkValues(point, distributionPoint, onlyContainsUserCerts, onlyContainsCACerts, onlySomeReasons, indirectCRL, onlyContainsAttributeCerts);
+
+        ASN1Sequence seq = ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(point.getEncoded()));
+
+        if (seq.size() != size)
+        {
+            fail("size mismatch");
+        }
+
+        point = IssuingDistributionPoint.getInstance(seq);
+
+        checkValues(point, distributionPoint, onlyContainsUserCerts, onlyContainsCACerts, onlySomeReasons, indirectCRL, onlyContainsAttributeCerts);
+    }
+
+    private void checkValues(IssuingDistributionPoint point, DistributionPointName distributionPoint, boolean onlyContainsUserCerts, boolean onlyContainsCACerts, ReasonFlags onlySomeReasons, boolean indirectCRL, boolean onlyContainsAttributeCerts)
+    {
+        if (point.onlyContainsUserCerts() != onlyContainsUserCerts)
+        {
+            fail("mismatch on onlyContainsUserCerts");
+        }
+
+        if (point.onlyContainsCACerts() != onlyContainsCACerts)
+        {
+            fail("mismatch on onlyContainsCACerts");
+        }
+
+        if (point.isIndirectCRL() != indirectCRL)
+        {
+            fail("mismatch on indirectCRL");
+        }
+
+        if (point.onlyContainsAttributeCerts() != onlyContainsAttributeCerts)
+        {
+            fail("mismatch on onlyContainsAttributeCerts");
+        }
+
+        if (!isEquiv(onlySomeReasons, point.getOnlySomeReasons()))
+        {
+            fail("mismatch on onlySomeReasons");
+        }
+
+        if (!isEquiv(distributionPoint, point.getDistributionPoint()))
+        {
+            fail("mismatch on distributionPoint");
+        }
+    }
+
+    private boolean isEquiv(Object o1, Object o2)
+    {
+        if (o1 == null)
+        {
+            return o2 == null;
+        }
+
+        return o1.equals(o2);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new IssuingDistributionPointUnitTest());
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/KeyUsageTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/KeyUsageTest.java
new file mode 100644
index 0000000..f5c90cd
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/KeyUsageTest.java
@@ -0,0 +1,55 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class KeyUsageTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "KeyUsage";
+    }
+
+    public void performTest()
+        throws IOException
+    {
+        BitStringConstantTester.testFlagValueCorrect(0, KeyUsage.digitalSignature); 
+        BitStringConstantTester.testFlagValueCorrect(1, KeyUsage.nonRepudiation);
+        BitStringConstantTester.testFlagValueCorrect(2, KeyUsage.keyEncipherment);
+        BitStringConstantTester.testFlagValueCorrect(3, KeyUsage.dataEncipherment);
+        BitStringConstantTester.testFlagValueCorrect(4, KeyUsage.keyAgreement);
+        BitStringConstantTester.testFlagValueCorrect(5, KeyUsage.keyCertSign);
+        BitStringConstantTester.testFlagValueCorrect(6, KeyUsage.cRLSign);
+        BitStringConstantTester.testFlagValueCorrect(7, KeyUsage.encipherOnly);
+        BitStringConstantTester.testFlagValueCorrect(8, KeyUsage.decipherOnly);
+
+        if (!new KeyUsage(KeyUsage.keyCertSign).hasUsages(KeyUsage.keyCertSign))
+        {
+            fail("usages bit test failed 1");
+        }
+
+        if (new KeyUsage(KeyUsage.cRLSign).hasUsages(KeyUsage.keyCertSign))
+        {
+            fail("usages bit test failed 2");
+        }
+
+        if (!new KeyUsage(KeyUsage.cRLSign | KeyUsage.decipherOnly).hasUsages(KeyUsage.cRLSign | KeyUsage.decipherOnly))
+        {
+            fail("usages bit test failed 3");
+        }
+
+        if (new KeyUsage(KeyUsage.cRLSign | KeyUsage.decipherOnly).hasUsages(KeyUsage.cRLSign | KeyUsage.decipherOnly | KeyUsage.keyCertSign))
+        {
+            fail("usages bit test failed 4");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new KeyUsageTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/LDSSecurityObjectUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/LDSSecurityObjectUnitTest.java
new file mode 100644
index 0000000..3c7cd5f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/LDSSecurityObjectUnitTest.java
@@ -0,0 +1,214 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+import java.util.Random;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.icao.DataGroupHash;
+import org.bouncycastle.asn1.icao.LDSSecurityObject;
+import org.bouncycastle.asn1.icao.LDSVersionInfo;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class LDSSecurityObjectUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "LDSSecurityObject";
+    }
+    
+    private byte[] generateHash()
+    {
+        Random rand = new Random();
+        byte[] bytes = new byte[20];
+        
+        for (int i = 0; i != bytes.length; i++)
+        {
+            bytes[i] = (byte)rand.nextInt();
+        }
+        
+        return bytes;
+    }
+    
+    public void performTest() 
+        throws Exception
+    {
+        AlgorithmIdentifier  algoId = new AlgorithmIdentifier("1.3.14.3.2.26");
+        DataGroupHash[] datas = new DataGroupHash[2];
+      
+        datas[0] = new DataGroupHash(1, new DEROctetString(generateHash()));
+        datas[1] = new DataGroupHash(2, new DEROctetString(generateHash()));
+        
+        LDSSecurityObject so = new LDSSecurityObject(algoId, datas);
+
+        checkConstruction(so, algoId, datas);
+
+        LDSVersionInfo versionInfo = new LDSVersionInfo("Hello", "world");
+
+        so = new LDSSecurityObject(algoId, datas, versionInfo);
+
+        checkConstruction(so, algoId, datas, versionInfo);
+
+        try
+        {
+            LDSSecurityObject.getInstance(null);
+        }
+        catch (Exception e)
+        {
+            fail("getInstance() failed to handle null.");
+        }
+        
+        try
+        {
+            LDSSecurityObject.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            ASN1EncodableVector v = new ASN1EncodableVector();
+            
+            LDSSecurityObject.getInstance(new DERSequence(v));
+            
+            fail("constructor failed to detect empty sequence.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            new LDSSecurityObject(algoId, new DataGroupHash[1]);
+            
+            fail("constructor failed to detect small DataGroupHash array.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            new LDSSecurityObject(algoId, new DataGroupHash[LDSSecurityObject.ub_DataGroups + 1]);
+            
+            fail("constructor failed to out of bounds DataGroupHash array.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        LDSSecurityObject so,
+        AlgorithmIdentifier digestAlgorithmIdentifier, 
+        DataGroupHash[]       datagroupHash) 
+        throws IOException
+    {
+        checkStatement(so, digestAlgorithmIdentifier, datagroupHash, null);
+        
+        so = LDSSecurityObject.getInstance(so);
+        
+        checkStatement(so, digestAlgorithmIdentifier, datagroupHash, null);
+        
+        ASN1InputStream aIn = new ASN1InputStream(so.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+        
+        so = LDSSecurityObject.getInstance(seq);
+        
+        checkStatement(so, digestAlgorithmIdentifier, datagroupHash, null);
+    }
+
+    private void checkConstruction(
+        LDSSecurityObject   so,
+        AlgorithmIdentifier digestAlgorithmIdentifier,
+        DataGroupHash[]     datagroupHash,
+        LDSVersionInfo      versionInfo)
+        throws IOException
+    {
+        if (so.getVersion() != 1)
+        {
+            fail("version number not 1");
+        }
+
+        checkStatement(so, digestAlgorithmIdentifier, datagroupHash, versionInfo);
+
+        so = LDSSecurityObject.getInstance(so);
+
+        checkStatement(so, digestAlgorithmIdentifier, datagroupHash, versionInfo);
+
+        ASN1InputStream aIn = new ASN1InputStream(so.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        so = LDSSecurityObject.getInstance(seq);
+
+        checkStatement(so, digestAlgorithmIdentifier, datagroupHash, versionInfo);
+    }
+
+    private void checkStatement(
+        LDSSecurityObject   so,
+        AlgorithmIdentifier digestAlgorithmIdentifier, 
+        DataGroupHash[]     datagroupHash,
+        LDSVersionInfo      versionInfo)
+    {
+        if (digestAlgorithmIdentifier != null)
+        {
+            if (!so.getDigestAlgorithmIdentifier().equals(digestAlgorithmIdentifier))
+            {
+                fail("ids don't match.");
+            }
+        }
+        else if (so.getDigestAlgorithmIdentifier() != null)
+        {
+            fail("digest algorithm Id found when none expected.");
+        }
+        
+        if (datagroupHash != null)
+        {
+            DataGroupHash[] datas = so.getDatagroupHash();
+            
+            for (int i = 0; i != datas.length; i++)
+            {
+                if (!datagroupHash[i].equals(datas[i]))
+                {
+                    fail("name registration authorities don't match.");
+                }
+            }
+        }
+        else if (so.getDatagroupHash() != null)
+        {
+            fail("data hash groups found when none expected.");
+        }
+
+        if (versionInfo != null)
+        {
+            if (!versionInfo.equals(so.getVersionInfo()))
+            {
+                fail("versionInfo doesn't match");
+            }
+        }
+        else if (so.getVersionInfo() != null)
+        {
+            fail("version info found when none expected.");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new LDSSecurityObjectUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/MiscTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/MiscTest.java
new file mode 100644
index 0000000..2a5f09a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/MiscTest.java
@@ -0,0 +1,113 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.misc.CAST5CBCParameters;
+import org.bouncycastle.asn1.misc.IDEACBCPar;
+import org.bouncycastle.asn1.misc.NetscapeCertType;
+import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
+import org.bouncycastle.asn1.misc.VerisignCzagExtension;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class MiscTest
+    implements Test
+{
+    private boolean isSameAs(
+        byte[]  a,
+        byte[]  b)
+    {
+        if (a.length != b.length)
+        {
+            return false;
+        }
+        
+        for (int i = 0; i != a.length; i++)
+        {
+            if (a[i] != b[i])
+            {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+    
+    public TestResult perform()
+    {
+        byte[]  testIv = { 1, 2, 3, 4, 5, 6, 7, 8 };
+        
+        ASN1Encodable[]     values = {
+            new CAST5CBCParameters(testIv, 128), 
+            new NetscapeCertType(NetscapeCertType.smime),    
+            new VerisignCzagExtension(new DERIA5String("hello")),
+            new IDEACBCPar(testIv),        
+            new NetscapeRevocationURL(new DERIA5String("http://test"))
+        };
+        
+        byte[] data = Base64.decode("MA4ECAECAwQFBgcIAgIAgAMCBSAWBWhlbGxvMAoECAECAwQFBgcIFgtodHRwOi8vdGVzdA==");
+        
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+            
+            for (int i = 0; i != values.length; i++)
+            {
+                aOut.writeObject(values[i]);
+            }
+            
+            ASN1Primitive[] readValues = new ASN1Primitive[values.length];
+            
+            if (!isSameAs(bOut.toByteArray(), data))
+            {
+                return new SimpleTestResult(false, getName() + ": Failed data check");
+            }
+            
+            ByteArrayInputStream    bIn = new ByteArrayInputStream(bOut.toByteArray());
+            ASN1InputStream         aIn = new ASN1InputStream(bIn);
+            
+            for (int i = 0; i != values.length; i++)
+            {
+                ASN1Primitive   o = aIn.readObject();
+                if (!values[i].equals(o))
+                {
+                    return new SimpleTestResult(false, getName() + ": Failed equality test for " + o);
+                }
+                
+                if (o.hashCode() != values[i].hashCode())
+                {
+                    return new SimpleTestResult(false, getName() + ": Failed hashCode test for " + o);
+                }
+            }
+            
+            return new SimpleTestResult(true, getName() + ": Okay");
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": Failed - exception " + e.toString(), e);
+        }
+    }
+
+    public String getName()
+    {
+        return "Misc";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        MiscTest    test = new MiscTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/MonetaryLimitUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/MonetaryLimitUnitTest.java
new file mode 100644
index 0000000..8456661
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/MonetaryLimitUnitTest.java
@@ -0,0 +1,85 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.isismtt.x509.MonetaryLimit;
+
+import java.io.IOException;
+
+public class MonetaryLimitUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "MonetaryLimit";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        String currency = "AUD";
+        int    amount = 1;
+        int    exponent = 2;
+
+        MonetaryLimit limit = new MonetaryLimit(currency, amount, exponent);
+
+        checkConstruction(limit, currency, amount, exponent);
+
+        limit = MonetaryLimit.getInstance(null);
+
+        if (limit != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            MonetaryLimit.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        MonetaryLimit limit,
+        String currency,
+        int    amount,
+        int    exponent)
+        throws IOException
+    {
+        checkValues(limit, currency, amount, exponent);
+
+        limit = MonetaryLimit.getInstance(limit);
+
+        checkValues(limit, currency, amount, exponent);
+
+        ASN1InputStream aIn = new ASN1InputStream(limit.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        limit = MonetaryLimit.getInstance(seq);
+
+        checkValues(limit, currency, amount, exponent);
+    }
+
+    private void checkValues(
+        MonetaryLimit limit,
+        String currency,
+        int    amount,
+        int    exponent)
+    {
+        checkMandatoryField("currency", currency, limit.getCurrency());
+        checkMandatoryField("amount", amount, limit.getAmount().intValue());
+        checkMandatoryField("exponent", exponent, limit.getExponent().intValue());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new MonetaryLimitUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/MonetaryValueUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/MonetaryValueUnitTest.java
new file mode 100644
index 0000000..dd56469
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/MonetaryValueUnitTest.java
@@ -0,0 +1,88 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode;
+import org.bouncycastle.asn1.x509.qualified.MonetaryValue;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class MonetaryValueUnitTest 
+    extends SimpleTest
+{
+    private static final int TEST_AMOUNT = 100;
+    private static final int ZERO_EXPONENT = 0;
+    
+    private static final String CURRENCY_CODE = "AUD";
+
+    public String getName()
+    {
+        return "MonetaryValue";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        MonetaryValue mv = new MonetaryValue(new Iso4217CurrencyCode(CURRENCY_CODE), TEST_AMOUNT, ZERO_EXPONENT);
+
+        checkValues(mv, TEST_AMOUNT, ZERO_EXPONENT);
+        
+        mv = MonetaryValue.getInstance(mv);
+        
+        checkValues(mv, TEST_AMOUNT, ZERO_EXPONENT);
+        
+        ASN1InputStream aIn = new ASN1InputStream(mv.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+        
+        mv = MonetaryValue.getInstance(seq);
+        
+        checkValues(mv, TEST_AMOUNT, ZERO_EXPONENT);
+        
+        mv = MonetaryValue.getInstance(null);
+        
+        if (mv != null)
+        {
+            fail("null getInstance() failed.");
+        }
+        
+        try
+        {
+            MonetaryValue.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkValues(
+        MonetaryValue mv,
+        int           amount,
+        int           exponent)
+    {
+        if (mv.getAmount().intValue() != amount)
+        {
+            fail("amounts don't match.");
+        }
+        
+        if (mv.getExponent().intValue() != exponent)
+        {
+            fail("exponents don't match.");
+        }
+        
+        Iso4217CurrencyCode cc = mv.getCurrency();
+        
+        if (!cc.getAlphabetic().equals(CURRENCY_CODE))
+        {
+            fail("currency code wrong");
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new MonetaryValueUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/NameOrPseudonymUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/NameOrPseudonymUnitTest.java
new file mode 100644
index 0000000..3fbaa10
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/NameOrPseudonymUnitTest.java
@@ -0,0 +1,108 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x500.DirectoryString;
+import org.bouncycastle.asn1.x509.sigi.NameOrPseudonym;
+
+public class NameOrPseudonymUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "NameOrPseudonym";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        String          pseudonym = "pseudonym";
+        DirectoryString surname = new DirectoryString("surname");
+        ASN1Sequence    givenName = new DERSequence(new DirectoryString("givenName"));
+
+        NameOrPseudonym id = new NameOrPseudonym(pseudonym);
+
+        checkConstruction(id, pseudonym, null, null);
+
+        id = new NameOrPseudonym(surname, givenName);
+
+        checkConstruction(id, null, surname, givenName);
+
+        id = NameOrPseudonym.getInstance(null);
+
+        if (id != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            NameOrPseudonym.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        NameOrPseudonym id,
+        String          pseudonym,
+        DirectoryString surname,
+        ASN1Sequence    givenName)
+        throws IOException
+    {
+        checkValues(id, pseudonym, surname, givenName);
+
+        id = NameOrPseudonym.getInstance(id);
+
+        checkValues(id, pseudonym, surname, givenName);
+
+        ASN1InputStream aIn = new ASN1InputStream(id.toASN1Object().getEncoded());
+
+        if (surname != null)
+        {
+            ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+            id = NameOrPseudonym.getInstance(seq);
+        }
+        else
+        {
+            ASN1String s = (ASN1String)aIn.readObject();
+
+            id = NameOrPseudonym.getInstance(s);
+        }
+
+        checkValues(id, pseudonym, surname, givenName);
+    }
+
+    private void checkValues(
+        NameOrPseudonym id,
+        String          pseudonym,
+        DirectoryString surname,
+        ASN1Sequence    givenName)
+    {
+
+        if (surname != null)
+        {
+            checkMandatoryField("surname", surname, id.getSurname());
+            checkMandatoryField("givenName", givenName, new DERSequence(id.getGivenName()[0]));
+        }
+        else
+        {
+            checkOptionalField("pseudonym", new DirectoryString(pseudonym), id.getPseudonym());
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new NameOrPseudonymUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/NamingAuthorityUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/NamingAuthorityUnitTest.java
new file mode 100644
index 0000000..8dfcf8c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/NamingAuthorityUnitTest.java
@@ -0,0 +1,99 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.isismtt.x509.NamingAuthority;
+import org.bouncycastle.asn1.x500.DirectoryString;
+
+public class NamingAuthorityUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "NamingAuthority";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        ASN1ObjectIdentifier namingAuthorityID = new ASN1ObjectIdentifier("1.2.3");
+        String              namingAuthorityURL = "url";
+        DirectoryString     namingAuthorityText = new DirectoryString("text");
+
+        NamingAuthority auth =  new NamingAuthority(namingAuthorityID, namingAuthorityURL, namingAuthorityText);
+
+        checkConstruction(auth, namingAuthorityID, namingAuthorityURL, namingAuthorityText);
+
+        auth =  new NamingAuthority(null, namingAuthorityURL, namingAuthorityText);
+
+        checkConstruction(auth, null, namingAuthorityURL, namingAuthorityText);
+
+        auth =  new NamingAuthority(namingAuthorityID, null, namingAuthorityText);
+
+        checkConstruction(auth, namingAuthorityID, null, namingAuthorityText);
+
+        auth =  new NamingAuthority(namingAuthorityID, namingAuthorityURL, null);
+
+        checkConstruction(auth, namingAuthorityID, namingAuthorityURL, null);
+
+        auth = NamingAuthority.getInstance(null);
+
+        if (auth != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            NamingAuthority.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        NamingAuthority auth,
+        ASN1ObjectIdentifier namingAuthorityID,
+        String              namingAuthorityURL,
+        DirectoryString     namingAuthorityText)
+        throws IOException
+    {
+        checkValues(auth, namingAuthorityID, namingAuthorityURL, namingAuthorityText);
+
+        auth = NamingAuthority.getInstance(auth);
+
+        checkValues(auth, namingAuthorityID, namingAuthorityURL, namingAuthorityText);
+
+        ASN1InputStream aIn = new ASN1InputStream(auth.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        auth = NamingAuthority.getInstance(seq);
+
+        checkValues(auth, namingAuthorityID, namingAuthorityURL, namingAuthorityText);
+    }
+
+    private void checkValues(
+        NamingAuthority auth,
+        ASN1ObjectIdentifier namingAuthorityId,
+        String              namingAuthorityURL,
+        DirectoryString     namingAuthorityText)
+    {
+        checkOptionalField("namingAuthorityId", namingAuthorityId, auth.getNamingAuthorityId());
+        checkOptionalField("namingAuthorityURL", namingAuthorityURL, auth.getNamingAuthorityUrl());
+        checkOptionalField("namingAuthorityText", namingAuthorityText, auth.getNamingAuthorityText());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new NamingAuthorityUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/NetscapeCertTypeTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/NetscapeCertTypeTest.java
new file mode 100644
index 0000000..e5aa96e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/NetscapeCertTypeTest.java
@@ -0,0 +1,34 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.misc.NetscapeCertType;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class NetscapeCertTypeTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "NetscapeCertType";
+    }
+
+    public void performTest()
+        throws IOException
+    {
+        BitStringConstantTester.testFlagValueCorrect(0, NetscapeCertType.sslClient);
+        BitStringConstantTester.testFlagValueCorrect(1, NetscapeCertType.sslServer);
+        BitStringConstantTester.testFlagValueCorrect(2, NetscapeCertType.smime);
+        BitStringConstantTester.testFlagValueCorrect(3, NetscapeCertType.objectSigning);
+        BitStringConstantTester.testFlagValueCorrect(4, NetscapeCertType.reserved);
+        BitStringConstantTester.testFlagValueCorrect(5, NetscapeCertType.sslCA);
+        BitStringConstantTester.testFlagValueCorrect(6, NetscapeCertType.smimeCA);
+        BitStringConstantTester.testFlagValueCorrect(7, NetscapeCertType.objectSigningCA);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new NetscapeCertTypeTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/OCSPTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/OCSPTest.java
new file mode 100644
index 0000000..ae1b035
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/OCSPTest.java
@@ -0,0 +1,193 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
+import org.bouncycastle.asn1.ocsp.OCSPRequest;
+import org.bouncycastle.asn1.ocsp.OCSPResponse;
+import org.bouncycastle.asn1.ocsp.ResponseBytes;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+import org.bouncycastle.util.test.SimpleTestResult;
+
+public class OCSPTest
+    implements Test
+{
+    private byte[] unsignedReq = Base64.decode(
+        "MEIwQDA+MDwwOjAJBgUrDgMCGgUABBRDb9GODnq7lRhSkEqw4XX24huERwQUkY4j"
+      + "a6eKuDlkVP9hRgkEvIWqHPECAQE=");
+    
+    private byte[] signedReq = Base64.decode(
+        "MIIC9jBAMD4wPDA6MAkGBSsOAwIaBQAEFENv0Y4OeruVGFKQSrDhdfbiG4RHBBTc"
+      + "Mr1fP+mZAxbF2ZdehWxn6mtAngIBAaCCArAwggKsMA0GCSqGSIb3DQEBBQUAA4GB"
+      + "AAzHBm4nL5AcRQB3Jkz7ScNeZF+GbRZ0p4kBDTnqi3IeESuso12yJhpqqyijdnj5"
+      + "gd4/GsSAgdluLHyYZ6wgozV7G9MDXCnFnG4PBUW05HaVX81JYAp+amVyU0NOgNrG"
+      + "90npVBsHb0o+UlkxNgMiEbSkp/TeGb6YURsYKhmwp7BgoIICFTCCAhEwggINMIIB"
+      + "dqADAgECAgEBMA0GCSqGSIb3DQEBBAUAMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0"
+      + "bGUxCzAJBgNVBAYTAkFVMB4XDTA0MTAyNDEzNDc0M1oXDTA1MDIwMTEzNDc0M1ow"
+      + "JTEWMBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUwgZ8wDQYJKoZI"
+      + "hvcNAQEBBQADgY0AMIGJAoGBAJBmLeIzthMHUeTkOeJ76iBxcMHY31o/i3a9VT12"
+      + "y2FcS/ejJmeUCMTdtwl5alOwXY66vF4DyT1VU/nJG3mHpSoqq7qrMXOIFGcXg1Wf"
+      + "oJRrQgTOLdQ6bod7i9ME/EjEJy70orh0nVS7NGcu0R5TjcbLde2J5zxjb/W9wqfy"
+      + "RovJAgMBAAGjTTBLMB0GA1UdDgQWBBTcMr1fP+mZAxbF2ZdehWxn6mtAnjAfBgNV"
+      + "HSMEGDAWgBTcMr1fP+mZAxbF2ZdehWxn6mtAnjAJBgNVHRMEAjAAMA0GCSqGSIb3"
+      + "DQEBBAUAA4GBAF/4EH1KkNrNxocJPIp7lThmG1KIVYESIadowMowrbok46ESofRF"
+      + "OIPku07W+e1Y1Y1KXLIiPMG3IGwrBrn04iLsbbBUiN37BcC/VyT4xKJ2MYscGjKL"
+      + "ua/9bU0lOyeTRAwqb8towWRd5lLYAI3RQ7dhStUTFp3Vqd803PJ/cpR6");
+
+    private byte[] response = Base64.decode(
+            "MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx"
+          + "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE"
+          + "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG"
+          + "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv"
+          + "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ"
+          + "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF"
+          + "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1"
+          + "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/"
+          + "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt"
+          + "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk"
+          + "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI"
+          + "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN"
+          + "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww"
+          + "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k"
+          + "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz"
+          + "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg"
+          + "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK"
+          + "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw"
+          + "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI"
+          + "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF"
+          + "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH"
+          + "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm"
+          + "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E"
+          + "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG"
+          + "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E"
+          + "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG"
+          + "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4"
+          + "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc"
+          + "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V"
+          + "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I"
+          + "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq"
+          + "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ");
+    
+    private boolean isSameAs(
+        byte[]  a,
+        byte[]  b)
+    {
+        if (a.length != b.length)
+        {
+            return false;
+        }
+        
+        for (int i = 0; i != a.length; i++)
+        {
+            if (a[i] != b[i])
+            {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+    
+    private TestResult unsignedRequest()
+    {
+        try
+        {
+            ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(unsignedReq));
+            OCSPRequest     req = OCSPRequest.getInstance(aIn.readObject());
+            
+            if (!isSameAs(req.getEncoded(), unsignedReq))
+            {
+                return new SimpleTestResult(false, getName() + ": OCSP unsigned request failed to re-encode");
+            }
+            
+            return new SimpleTestResult(true, getName() + ": Okay");
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": failed unsigned exception - " + e.toString(), e);
+        }
+    }
+    
+    private TestResult signedRequest()
+    {
+        try
+        {
+            ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(signedReq));
+            OCSPRequest     req = OCSPRequest.getInstance(aIn.readObject());
+            
+            if (!isSameAs(req.getEncoded(), signedReq))
+            {
+                return new SimpleTestResult(false, getName() + ": OCSP signed request failed to re-encode");
+            }
+            
+            return new SimpleTestResult(true, getName() + ": Okay");
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": failed signed exception - " + e.toString(), e);
+        }
+    }
+    
+    private TestResult response()
+    {
+        try
+        {
+            ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(response));
+            OCSPResponse    resp = OCSPResponse.getInstance(aIn.readObject());
+            ResponseBytes   rBytes = ResponseBytes.getInstance(resp.getResponseBytes());
+            
+            aIn = new ASN1InputStream(new ByteArrayInputStream(rBytes.getResponse().getOctets()));
+            
+            BasicOCSPResponse   bResp = BasicOCSPResponse.getInstance(aIn.readObject());
+            
+            resp = new OCSPResponse(resp.getResponseStatus(), new ResponseBytes(rBytes.getResponseType(), new DEROctetString(bResp.getEncoded())));
+            
+            if (!isSameAs(resp.getEncoded(), response))
+            {
+                return new SimpleTestResult(false, getName() + ": OCSP response failed to re-encode");
+            }
+            
+            return new SimpleTestResult(true, getName() + ": Okay");
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": failed response exception - " + e.toString(), e);
+        }
+    }
+
+    public TestResult perform()
+    {
+        TestResult  res = unsignedRequest();
+        
+        if (!res.isSuccessful())
+        {
+            return res;
+        }
+        
+        res = signedRequest();
+        if (!res.isSuccessful())
+        {
+            return res;
+        }
+        
+        return response();
+    }
+
+    public String getName()
+    {
+        return "OCSP";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        OCSPTest    test = new OCSPTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/OIDTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/OIDTest.java
new file mode 100644
index 0000000..fa5aa61
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/OIDTest.java
@@ -0,0 +1,165 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+
+/**
+ * X.690 test example
+ */
+public class OIDTest
+    extends SimpleTest
+{
+    byte[]    req1 = Hex.decode("0603813403");
+    byte[]    req2 = Hex.decode("06082A36FFFFFFDD6311");
+
+    public String getName()
+    {
+        return "OID";
+    }
+    
+    private void recodeCheck(
+        String oid, 
+        byte[] enc) 
+        throws IOException
+    {
+        ByteArrayInputStream     bIn = new ByteArrayInputStream(enc);
+        ASN1InputStream          aIn = new ASN1InputStream(bIn);
+
+        ASN1ObjectIdentifier      o = new ASN1ObjectIdentifier(oid);
+        ASN1ObjectIdentifier      encO = (ASN1ObjectIdentifier)aIn.readObject();
+        
+        if (!o.equals(encO))
+        {
+            fail("oid ID didn't match", o, encO);
+        }
+        
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream          dOut = new DEROutputStream(bOut);
+
+        dOut.writeObject(o);
+
+        byte[]                    bytes = bOut.toByteArray();
+
+        if (bytes.length != enc.length)
+        {
+            fail("failed length test");
+        }
+
+        for (int i = 0; i != enc.length; i++)
+        {
+            if (bytes[i] != enc[i])
+            {
+                fail("failed comparison test", new String(Hex.encode(enc)), new String(Hex.encode(bytes)));
+            }
+        }
+    }
+    
+    private void validOidCheck(
+        String  oid)
+        throws IOException
+    {
+        ASN1ObjectIdentifier     o = new ASN1ObjectIdentifier(oid);
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+        
+        aOut.writeObject(o);
+        
+        ByteArrayInputStream    bIn = new ByteArrayInputStream(bOut.toByteArray());
+        ASN1InputStream         aIn = new ASN1InputStream(bIn);
+        
+        o = (ASN1ObjectIdentifier)aIn.readObject();
+        
+        if (!o.getId().equals(oid))
+        {
+            fail("failed oid check for " + oid);
+        }
+    }
+
+    private void invalidOidCheck(
+        String oid)
+    {
+        try
+        {
+            new ASN1ObjectIdentifier(oid);
+            fail("failed to catch bad oid: " + oid);
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void branchCheck(String stem, String branch)
+    {
+        String expected = stem + "." + branch;
+        String actual = new ASN1ObjectIdentifier(stem).branch(branch).getId();
+
+        if (!expected.equals(actual))
+        {
+            fail("failed 'branch' check for " + stem + "/" + branch);
+        }
+    }
+
+    private void onCheck(String stem, String test, boolean expected)
+    {
+        if (expected != new ASN1ObjectIdentifier(test).on(new ASN1ObjectIdentifier(stem)))
+        {
+            fail("failed 'on' check for " + stem + "/" + test);
+        }
+    }
+
+    public void performTest()
+        throws IOException
+    {
+        recodeCheck("2.100.3", req1);
+        recodeCheck("1.2.54.34359733987.17", req2);
+        
+        validOidCheck(PKCSObjectIdentifiers.pkcs_9_at_contentType.getId());
+        validOidCheck("0.1");
+        validOidCheck("1.1.127.32512.8323072.2130706432.545460846592.139637976727552.35747322042253312.9151314442816847872");
+        validOidCheck("1.2.123.12345678901.1.1.1");
+        validOidCheck("2.25.196556539987194312349856245628873852187.1");
+
+        invalidOidCheck("0");
+        invalidOidCheck("1");
+        invalidOidCheck("2");
+        invalidOidCheck("3.1");
+        invalidOidCheck("..1");
+        invalidOidCheck("192.168.1.1");
+        invalidOidCheck(".123452");
+        invalidOidCheck("1.");
+        invalidOidCheck("1.345.23.34..234");
+        invalidOidCheck("1.345.23.34.234.");
+        invalidOidCheck(".12.345.77.234");
+        invalidOidCheck(".12.345.77.234.");
+        invalidOidCheck("1.2.3.4.A.5");
+        invalidOidCheck("1,2");
+
+        branchCheck("1.1", "2.2");
+
+        onCheck("1.1", "1.1", false);
+        onCheck("1.1", "1.2", false);
+        onCheck("1.1", "1.2.1", false);
+        onCheck("1.1", "2.1", false);
+        onCheck("1.1", "1.11", false);
+        onCheck("1.12", "1.1.2", false);
+        onCheck("1.1", "1.1.1", true);
+        onCheck("1.1", "1.1.2", true);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new OIDTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ObjectIdentifierTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ObjectIdentifierTest.java
new file mode 100644
index 0000000..bd665ec
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ObjectIdentifierTest.java
@@ -0,0 +1,38 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.util.test.SimpleTest;
+import org.bouncycastle.util.test.TestResult;
+
+public class ObjectIdentifierTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "ObjectIdentifier";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        // exercise the object cache
+        for (int i = 0; i < 1024; i++)
+        {
+            for (int j = 0; j != 17000; j++)
+            {
+                byte[] encoded = new ASN1ObjectIdentifier("1.1." + i + "." + j).getEncoded();
+
+                ASN1ObjectIdentifier.getInstance(encoded);
+            }
+        }
+    }
+
+    public static void main(
+        String[] args)
+    {
+        ObjectIdentifierTest    test = new ObjectIdentifierTest();
+        TestResult result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/OctetStringTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/OctetStringTest.java
new file mode 100644
index 0000000..68ed5da
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/OctetStringTest.java
@@ -0,0 +1,203 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OctetStringParser;
+import org.bouncycastle.asn1.ASN1SequenceParser;
+import org.bouncycastle.asn1.ASN1StreamParser;
+import org.bouncycastle.asn1.BEROctetStringGenerator;
+import org.bouncycastle.asn1.BERSequenceGenerator;
+import org.bouncycastle.asn1.BERTags;
+import org.bouncycastle.asn1.DERSequenceGenerator;
+import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
+import org.bouncycastle.asn1.cms.CompressedDataParser;
+import org.bouncycastle.asn1.cms.ContentInfoParser;
+
+public class OctetStringTest 
+    extends TestCase 
+{
+    public void testReadingWriting()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       BEROctetStringGenerator octGen = new BEROctetStringGenerator(bOut);
+       
+       OutputStream out = octGen.getOctetOutputStream();
+       
+       out.write(new byte[] { 1, 2, 3, 4 });
+       out.write(new byte[4]);
+       
+       out.close();
+       
+       ASN1StreamParser aIn = new ASN1StreamParser(bOut.toByteArray());
+       
+       ASN1OctetStringParser s = (ASN1OctetStringParser)aIn.readObject();
+       
+       InputStream in = s.getOctetStream();
+       int         count = 0;
+       
+       while (in.read() >= 0)
+       {
+           count++;
+       }
+
+       assertEquals(8, count);
+    }
+    
+    public void testReadingWritingZeroInLength()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       BEROctetStringGenerator octGen = new BEROctetStringGenerator(bOut);
+       
+       OutputStream out = octGen.getOctetOutputStream();
+       
+       out.write(new byte[] { 1, 2, 3, 4 });
+       out.write(new byte[512]);  // forces a zero to appear in length
+       
+       out.close();
+       
+       ASN1StreamParser aIn = new ASN1StreamParser(bOut.toByteArray());
+       
+       ASN1OctetStringParser s = (ASN1OctetStringParser)aIn.readObject();
+       
+       InputStream in = s.getOctetStream();
+       int         count = 0;
+       
+       while (in.read() >= 0)
+       {
+           count++;
+       }
+    
+       assertEquals(516, count);
+    }
+    
+    public void testReadingWritingNested()
+        throws Exception
+    {
+       ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+       BERSequenceGenerator sGen = new BERSequenceGenerator(bOut);
+       BEROctetStringGenerator octGen = new BEROctetStringGenerator(sGen.getRawOutputStream());
+       
+       OutputStream out = octGen.getOctetOutputStream();
+       
+       BERSequenceGenerator inSGen = new BERSequenceGenerator(out);
+       
+       BEROctetStringGenerator inOctGen = new BEROctetStringGenerator(inSGen.getRawOutputStream());
+       
+       OutputStream inOut = inOctGen.getOctetOutputStream();
+       
+       inOut.write(new byte[] { 1, 2, 3, 4 });
+       inOut.write(new byte[10]);
+       
+       inOut.close();
+       
+       inSGen.close();
+       
+       out.close();
+       
+       sGen.close();
+       
+       ASN1StreamParser aIn = new ASN1StreamParser(bOut.toByteArray());
+       
+       ASN1SequenceParser sq = (ASN1SequenceParser)aIn.readObject();
+       
+       ASN1OctetStringParser s = (ASN1OctetStringParser)sq.readObject();
+       
+       ASN1StreamParser aIn2 = new ASN1StreamParser(s.getOctetStream());
+       
+       ASN1SequenceParser sq2 = (ASN1SequenceParser)aIn2.readObject();
+       
+       ASN1OctetStringParser inS = (ASN1OctetStringParser)sq2.readObject();
+       
+       InputStream in = inS.getOctetStream();
+       int         count = 0;
+       
+       while (in.read() >= 0)
+       {
+           count++;
+       }
+    
+       assertEquals(14, count);
+    }
+    
+    public void testNestedStructure()
+        throws Exception
+    {
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+        
+        BERSequenceGenerator sGen = new BERSequenceGenerator(bOut);
+        
+        sGen.addObject(new ASN1ObjectIdentifier(CMSObjectIdentifiers.compressedData.getId()));
+        
+        BERSequenceGenerator cGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
+        
+        cGen.addObject(new ASN1Integer(0));
+        
+        //
+        // AlgorithmIdentifier
+        //
+        DERSequenceGenerator algGen = new DERSequenceGenerator(cGen.getRawOutputStream());
+        
+        algGen.addObject(new ASN1ObjectIdentifier("1.2"));
+
+        algGen.close();
+        
+        //
+        // Encapsulated ContentInfo
+        //
+        BERSequenceGenerator eiGen = new BERSequenceGenerator(cGen.getRawOutputStream());
+        
+        eiGen.addObject(new ASN1ObjectIdentifier("1.1"));
+        
+        BEROctetStringGenerator octGen = new BEROctetStringGenerator(eiGen.getRawOutputStream(), 0, true);
+        
+        //
+        // output containing zeroes
+        //
+        OutputStream out = octGen.getOctetOutputStream();
+        
+        out.write(new byte[] { 1, 2, 3, 4 });
+        out.write(new byte[4]);
+        out.write(new byte[20]);
+        
+        out.close();
+        eiGen.close();
+        cGen.close();
+        sGen.close();
+        
+        //
+        // reading back
+        //
+        ASN1StreamParser aIn = new ASN1StreamParser(bOut.toByteArray());
+
+        ContentInfoParser cp = new ContentInfoParser((ASN1SequenceParser)aIn.readObject());
+        
+        CompressedDataParser comData = new CompressedDataParser((ASN1SequenceParser)cp.getContent(BERTags.SEQUENCE));
+        ContentInfoParser     content = comData.getEncapContentInfo();
+
+        ASN1OctetStringParser bytes = (ASN1OctetStringParser)content.getContent(BERTags.OCTET_STRING);
+
+        InputStream in = bytes.getOctetStream();
+        int         count = 0;
+        
+        while (in.read() >= 0)
+        {
+            count++;
+        }
+
+        assertEquals(28, count);
+    }
+    
+    public static Test suite()
+    {
+        return new TestSuite(OctetStringTest.class);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/OtherCertIDUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/OtherCertIDUnitTest.java
new file mode 100644
index 0000000..9a85cea
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/OtherCertIDUnitTest.java
@@ -0,0 +1,97 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ess.OtherCertID;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.IssuerSerial;
+import org.bouncycastle.asn1.x509.X509Name;
+
+public class OtherCertIDUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "OtherCertID";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        AlgorithmIdentifier algId = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.2.3"));
+        byte[]              digest = new byte[20];
+        IssuerSerial        issuerSerial = new IssuerSerial(new GeneralNames(new GeneralName(new X509Name("CN=test"))), new ASN1Integer(1));
+
+        OtherCertID certID = new OtherCertID(algId, digest);
+
+        checkConstruction(certID, algId, digest, null);
+
+        certID = new OtherCertID(algId, digest, issuerSerial);
+
+        checkConstruction(certID, algId, digest, issuerSerial);
+
+        certID = OtherCertID.getInstance(null);
+
+        if (certID != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            OtherCertID.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        OtherCertID certID,
+        AlgorithmIdentifier algId,
+        byte[] digest,
+        IssuerSerial issuerSerial)
+        throws IOException
+    {
+        checkValues(certID, algId, digest, issuerSerial);
+
+        certID = OtherCertID.getInstance(certID);
+
+        checkValues(certID, algId, digest, issuerSerial);
+
+        ASN1InputStream aIn = new ASN1InputStream(certID.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        certID = OtherCertID.getInstance(seq);
+
+        checkValues(certID, algId, digest, issuerSerial);
+    }
+
+    private void checkValues(
+        OtherCertID certID,
+        AlgorithmIdentifier algId,
+        byte[] digest,
+        IssuerSerial issuerSerial)
+    {
+        checkMandatoryField("algorithmHash", algId, certID.getAlgorithmHash());
+        checkMandatoryField("certHash", digest, certID.getCertHash());
+
+        checkOptionalField("issuerSerial", issuerSerial, certID.getIssuerSerial());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new OtherCertIDUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/OtherSigningCertificateUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/OtherSigningCertificateUnitTest.java
new file mode 100644
index 0000000..9de12ee
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/OtherSigningCertificateUnitTest.java
@@ -0,0 +1,86 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ess.OtherCertID;
+import org.bouncycastle.asn1.ess.OtherSigningCertificate;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+
+public class OtherSigningCertificateUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "OtherSigningCertificate";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        AlgorithmIdentifier algId = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.2.3"));
+        byte[]              digest = new byte[20];
+        OtherCertID         otherCertID = new OtherCertID(algId, digest);
+
+        OtherSigningCertificate otherCert = new OtherSigningCertificate(otherCertID);
+
+        checkConstruction(otherCert, otherCertID);
+
+        otherCert = OtherSigningCertificate.getInstance(null);
+
+        if (otherCert != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            OtherCertID.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        OtherSigningCertificate otherCert,
+        OtherCertID otherCertID)
+        throws IOException
+    {
+        checkValues(otherCert, otherCertID);
+
+        otherCert = OtherSigningCertificate.getInstance(otherCert);
+
+        checkValues(otherCert, otherCertID);
+
+        ASN1InputStream aIn = new ASN1InputStream(otherCert.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        otherCert = OtherSigningCertificate.getInstance(seq);
+
+        checkValues(otherCert, otherCertID);
+    }
+
+    private void checkValues(
+        OtherSigningCertificate otherCert,
+        OtherCertID otherCertID)
+    {
+        if (otherCert.getCerts().length != 1)
+        {
+            fail("getCerts() length wrong");
+        }
+        checkMandatoryField("getCerts()[0]", otherCertID, otherCert.getCerts()[0]);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new OtherSigningCertificateUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/PKCS10Test.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/PKCS10Test.java
new file mode 100644
index 0000000..da6571d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/PKCS10Test.java
@@ -0,0 +1,101 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.pkcs.CertificationRequest;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class PKCS10Test
+    implements Test
+{
+    byte[]    req1 = Base64.decode(
+                "MIHoMIGTAgEAMC4xDjAMBgNVBAMTBVRlc3QyMQ8wDQYDVQQKEwZBbmFUb20xCzAJBgNVBAYTAlNF"
+            +   "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALlEt31Tzt2MlcOljvacJgzQVhmlMoqAOgqJ9Pgd3Gux"
+            +   "Z7/WcIlgW4QCB7WZT21O1YoghwBhPDMcNGrHei9kHQkCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA0EA"
+            +   "NDEI4ecNtJ3uHwGGlitNFq9WxcoZ0djbQJ5hABMotav6gtqlrwKXY2evaIrsNwkJtNdwwH18aQDU"
+            +   "KCjOuBL38Q==");
+
+    byte[]    req2 = Base64.decode(
+               "MIIB6TCCAVICAQAwgagxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQH"
+            +  "EwtTYW50YSBDbGFyYTEMMAoGA1UEChMDQUJCMVEwTwYDVQQLHEhQAAAAAAAAAG8AAAAAAAAAdwAA"
+            +  "AAAAAABlAAAAAAAAAHIAAAAAAAAAIAAAAAAAAABUAAAAAAAAABxIAAAAAAAARAAAAAAAAAAxDTAL"
+            +  "BgNVBAMTBGJsdWUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANETRZ+6occCOrFxNhfKIp4C"
+            +  "mMkxwhBNb7TnnahpbM9O0r4hrBPcfYuL7u9YX/jN0YNUP+/CiT39HhSe/bikaBPDEyNsl988I8vX"
+            +  "piEdgxYq/+LTgGHbjRsRYCkPtmzwBbuBldNF8bV7pu0v4UScSsExmGqqDlX1TbPU8KkPU1iTAgMB"
+            +  "AAGgADANBgkqhkiG9w0BAQQFAAOBgQAFbrs9qUwh93CtETk7DeUD5HcdCnxauo1bck44snSV6MZV"
+            +  "OCIGaYu1501kmhEvAtVVRr6SEHwimfQDDIjnrWwYsEr/DT6tkTZAbfRd3qUu3iKjT0H0vlUZp0hJ"
+            +  "66mINtBM84uZFBfoXiWY8M3FuAnGmvy6ah/dYtJorTxLKiGkew==");
+
+    public String getName()
+    {
+        return "PKCS10";
+    }
+    
+    public TestResult pkcs10Test(
+        String  testName,
+        byte[]  req)
+    {
+        try
+        {
+            ByteArrayInputStream    bIn = new ByteArrayInputStream(req);
+            ASN1InputStream         aIn = new ASN1InputStream(bIn);
+
+            CertificationRequest    r = new CertificationRequest((ASN1Sequence)aIn.readObject());
+
+            ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+            DEROutputStream            dOut = new DEROutputStream(bOut);
+
+            dOut.writeObject(r.toASN1Primitive());
+
+            byte[]                    bytes = bOut.toByteArray();
+
+            if (bytes.length != req.length)
+            {
+                return new SimpleTestResult(false, getName() + ": " + testName + " failed length test");
+            }
+
+            for (int i = 0; i != req.length; i++)
+            {
+                if (bytes[i] != req[i])
+                {
+                    return new SimpleTestResult(false, getName() + ": " + testName + " failed comparison test");
+                }
+            }
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": Exception - " + testName + " " + e.toString());
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public TestResult perform()
+    {
+        TestResult  res = pkcs10Test("basic CR", req1);
+
+        if (!res.isSuccessful())
+        {
+            return res;
+        }
+
+        return pkcs10Test("Universal CR", req2);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        Test    test = new PKCS10Test();
+
+        TestResult  result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/PKCS12Test.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/PKCS12Test.java
new file mode 100644
index 0000000..f533a65
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/PKCS12Test.java
@@ -0,0 +1,227 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.BEROctetString;
+import org.bouncycastle.asn1.DLSequence;
+import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
+import org.bouncycastle.asn1.pkcs.ContentInfo;
+import org.bouncycastle.asn1.pkcs.EncryptedData;
+import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.MacData;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.Pfx;
+import org.bouncycastle.asn1.pkcs.SafeBag;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.DigestInfo;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class PKCS12Test
+    extends SimpleTest
+{
+    byte[] pkcs12 = Base64.decode(
+          "MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA+gwgDCABgkqhkiG9w0BBwGggCSA"
+        + "BIIDRDCCA0AwggM8BgsqhkiG9w0BDAoBAqCCArEwggKtMCcGCiqGSIb3DQEM"
+        + "AQMwGQQUFlnNVpQoEHc+J3UEGxARipkHu5kCAWQEggKAAH9tmy40lly6QDoc"
+        + "1TfmY9y2qysD+lrgk+dnxP04RfoJfycTRDeaz2sPLImZtio9nsqCFqtzU/sl"
+        + "eWigbH34BpKU1sC0Gq1cyik0GO65sW95S6YjKtGcGOBfQCPk1oQjfiqnfU3G"
+        + "oeOaG3COQJukMFj8unv55u0xbX1hwO8SsZmr9RjPzLrVaeY6BP5+CCzOKBaj"
+        + "GxneIDqnQW7/kBIVWK7M+JXGdgQyiKhD6NvXL/zD8oKEne0nIX7IokQuWEn6"
+        + "8Sglv5OSclsSdvHTk57bCuV5lVzoIzczA4J/LZWdrtITeVefBLQSalBzpRde"
+        + "rSTMj485z2x5ChizhjE627/KQ5vkKQkQVqXYYXVyeTvKZRpL7vz13C4DUCwN"
+        + "im1XvNSCNebXS1yHJRtcONDhGJN3UsrVjHr+2kCfE5SCEeSU/dqgNLuLa1tk"
+        + "5+jwZFNj/HjO88wlOwPCol1uuJjDpaEW7dxu5qsVSfZhEXWHs8rZAMttFMzi"
+        + "yxsEkZe8kqngRbNJOY6KpppYedsMWDusUJGfIHo+8zymiw3gv/z+lmFOlDGt"
+        + "CKMk9Es/MgfjpbfhbTVYHOBKS6Qyrz7LdTuBMI8XdsZMuN+Uf73690ggLmKW"
+        + "IELUg8h1RX0ra2n6jOc/1rnebAifMhiMkL1ABQvqOobfOrG/9h9XcXoi64Qr"
+        + "htc3T7yMAHafBX5KUcNkbcn6kssYhpvd8bPADoLBnbx3GxGh/uziB0zKQEI0"
+        + "GnaY4SL7aR4C5xNNi41lYtsR6ohKyfPEGslhrhd4axx0cKxC2sHgVl0k+r8B"
+        + "8Vu44XHbW8LqdspjOHN9qg2erES1Dvgj05SfHDup+V6a3ogJo2YKXOiu3DF4"
+        + "MFEGCSqGSIb3DQEJFDFEHkIARABhAHYAaQBkACAARwAuACAASABvAG8AawAn"
+        + "AHMAIABWAGUAcgBpAFMAaQBnAG4ALAAgAEkAbgBjAC4AIABJAEQwIwYJKoZI"
+        + "hvcNAQkVMRYEFKEcMJ798oZLFkH0OnpbUBnrTLgWAAAAAAAAMIAGCSqGSIb3"
+        + "DQEHBqCAMIACAQAwgAYJKoZIhvcNAQcBMCcGCiqGSIb3DQEMAQYwGQQUTErH"
+        + "kWZ8nBXZYWO53FH4yqRZZsECAWSggASCDGCreuCr6/azcOv5w04bN3jkg4G2"
+        + "dsvTPAjL8bichaEOQCykhuNPt1dv3FsjUsdFC550K0+Y48RyBIID6JTiN9Gj"
+        + "K+a5aLPaXgTRdY74Toof1hYtZ4DIcVyq25LezVQHoe/++pAgEpWjqHTxVDIv"
+        + "YFAgT2oDB+2vkeXM61XnNWOjwCY3pXpk/VGjyN4USkD7Q/Y6tPjQOywvQE7c"
+        + "Ab1z62k9iMia7Yk/qmh+zJu4SSneo0/RLLdMZOlGZv89MResVG038TC8MTA9"
+        + "Uf+wDRcS20d7XDbTaBAgju8TpFIw5/lbDi0feUVlk6L+jkT1ktaTc1Pwtxn7"
+        + "psXMFW6HAWB4exOi09297R9BCOQX6vcetK/iA/3jIC6NuTdizYof0DWetdGy"
+        + "haIkMiEnERYE3unJocH4fq585Rw6mE+BYssPVPkVWZZInF3l69bKduuxsQt+"
+        + "pcApgBVsTjsU+1FOiUxuW2wWKi70RcQprPv5Ef1A5FRNxPFp+7IzLNlE4qCo"
+        + "wvC6NTpeuRw3aGsXSfqHmSddrHugNPmghNgG5lv1Ef7A8MUuyp8fyjAgxCDk"
+        + "4Hpb8PCHGj5t//Fr6Cd0MygJMIFQmv4kUd2LVHxQ9A9WFNCqTz/nBe+ZRLJL"
+        + "NghTv6gGpjGJiBnXYv6Sod2fs+5J2GIvex4qbdh6gzZIU2YTAwpj6Aca3SjA"
+        + "X8+m8AXt2SC3Z6T5+m8SxyiNp2P511paV/TZKtLWXQGKeEX1JXhQkaM6Q5W/"
+        + "IhSgC8/gppk1gbIraBqrW8bEnGBnC03wi0OnMz3ohM4CVHyaW3dQquT2+u6F"
+        + "8VeGXAYHU022NkrpPl/VlfNNEAyisU2+oJqpPZkqL6FsDWF3k6Fq2jXBLL+/"
+        + "a0WA82jIpgjNeXze/cgoHtU023V9E9Qcu+5nPBYdCTR4sRxvHLANii0W8lPv"
+        + "tvU5XO1UsEjHDfKL4E1bhGzGpb/OU5yg/98EN95r/xdFL5G+XVyHeR0UtkcB"
+        + "IuvyBdhkwoprCjkcgLZe8FPIBNw84HRe7Ye6f2gDW/F5uej6rBehJS1VFvCh"
+        + "DXzkajGmK40Gc2APS1/1vZqPu68polgw9dT84rem36PLEOq4KuU7n4QE0g7T"
+        + "YR2G8+4FNgQTjjg/qw3lX+sj6yLn1lYt1dOVvkiM8i8tdZg/3pCKKAW1uV7a"
+        + "astlBxVSkFfn1BrFTc2oFGkTrlUg90a+parOfGHTfDiaHX8ouEg63fk0+Xdi"
+        + "FCarXsqHNPDbpmWLKw8TAmdeneGipyScntJJk4ajy+jROQBgGew3ofOmfkqm"
+        + "oJFNwUvKOXN2ucViLZgsdK/7YgV1OR7oiTh8knQNPk3d5fRYSMFf9GJTjQRV"
+        + "y2CLdICAVzvrUXf9k7miWYkjIp2/HGD7pOH018sX9MrpfJKqvdPFOssZiFd0"
+        + "I2FUbgcEggPotvnT0XoabEiurTm8EPPpw66NKmK/H1kQL0hEtdIazPxfLmm/"
+        + "ZUDokwa7d4bE3BwFh0weQfEvMzJu6Y5E7ir2MqD33XaGMOGys1nst1SPPyDB"
+        + "WpOWD9w7Ng3yU1JVzqFWuVXaXDYbfnlG7AGevKF5PYNZj/RIQBBf5Xle9hTd"
+        + "c9CtxPkrsJwA8DeAwKl2WIfbXGzAYLSnXoYUcoTkWn/O81BlUFgAXv80gLe8"
+        + "NUrH7bhsnyGaPY953NyDk8IWUYrsn/sXvxTy5B0/7/WGMh3CSZrLX3p7TcFY"
+        + "yBrL6SRas4q9rrcwuhBq0tUUbbgWi92nhZl4bOGmx7ehHnwuUId2HWXyVGoB"
+        + "qToee/2E4PZFxSZwKCY6dahswFq5QGDrQKN2/qpOLZcJib6SvSGyEZl2pqr0"
+        + "lqk7tVPzBkN/4uP0qrcbZCDbGW6IXwu3RGMRehqj/HEJcs92lZKfVrk/U07X"
+        + "MBAiQHqV+kLw7kStECR/MGJG1c0xhqqBrf0W74+LpJiv/Q9iFNdWbXvE/cAk"
+        + "G7+OTUABd2kI88uA43T0UoRuPOi5KnLuD3AG+7IuyGyP69Xncd4u0srMg2fn"
+        + "DiLLZUy6vWmxwRFsSMCEfQNLtZaggukoPIihQvbX3mQS9izwLs6D89WtEcZ5"
+        + "6DVbIlUqUinnNKsT8vW1DZo5FMJkUxB666YIPVmkQbbJOEUU89dZg5Gw0og6"
+        + "rn4irEr4xHFdx+S7iqJXhzs9THg/9e4/k8KQ136z7LALOqDookcSdBzW6H8c"
+        + "STjs4qKQyNimsLB90mEuIEApzhseAaLFl+kgORGJv/2a+uoukZchMsJ98MVo"
+        + "sEPS1oBXJl2m9AshkWfON2GDeJatgcw6CyC1mSx++Gg602ZKUZZUaWxkz1Sw"
+        + "zTj3nhiJe+SZsdfxhsojNq7zfxqgY/Rq7BwvphU3StjnxvkB4rTkbmbiGOBO"
+        + "cvTFg4yOtQGRcifk2/XH/bgYiPqQrYSXpO3WRASV005RaSGufcpTtj3YlHGe"
+        + "8FUgZfDtfiGezhNET9KO3/Q0i34bGEpoIb/9uOWH4ZHULIlfdSm1ynV50nE4"
+        + "mJTXccrF6BE80KZI5GWGhqXdfPFaHTK1S20+XCw7bRJCGeiwVxvGfB+C0SZ4"
+        + "ndtqx165dKG5JwFukcygiIZN6foh0/PhwzmFxmPtZuPQt9dtuIQ35Y7PSDsy"
+        + "IH2Ot0Hh0YIN99lHJ6n9HomSjpwcgDXGssEuevbpz27u/MI/Uhq4Gfx0k5RF"
+        + "0pcRYtk1dYSx44a+8WgqZLF8DUNtyjSE/H8P5iGa6tqOl7kNyeeEkfoTtKst"
+        + "asGFwL4Qxxus4GC7repyVi7IJgSCA+iopiqKQJ2IqUHvoIEuD//sZooDx0Je"
+        + "oFRO5VakkTO6WHd8JpOOEU2f6Zjg++HdIl0QK7xcUaRH075LzEfqgn1vyw6J"
+        + "N6ex8D76sf/nAy01NvDPij48Z50XDwXu4kJGJvv0AJwId8BpjziBF0j3K/DI"
+        + "YOOpd6nW4EvdivCgaCnxqlIU/u1OP4BwpO+AUjJh6RKlKviGihQpi103DFhR"
+        + "yXNDhh55pqgCCCuNeEB+ovRt7UxzlGAVRSxJh1Zbjp/+iQun0E32RlSR4Diz"
+        + "p5vDk8NBZpIiKRqI+8GWZc3G1igp7dvViTLw4OdWMKwhccV5+3Ll/W72aNVm"
+        + "azYUoYOVn+OYS1NJkER0tjFOCozRGm5hfkxGlP+02wbH5uu/AQoJMqWIxT6l"
+        + "46IWC24lmAnDCXuM+gWmwUvyXLwuBdejVK8iG1Lnfg1qztoLpYRbBROgRdpt"
+        + "2cbPRm+9seqrth3eJbtmxCvuh3bZ3pR2e0/r5Tob/fDcOc5Kp+j4ndXWkwpa"
+        + "OuH1yxam7zNJR+mcYp1Wiujia5qIeY1QCAEY5QgAWaSHtjlEprwUuootA2Xm"
+        + "V7D8Vsr9BValhm9zMKj6IzsPmM+HZJWlhHcoucuAmPK6Lnys3Kv/mbkSgNOq"
+        + "fJDY901veFfKeqiCbAm6hZjNWoQDNJKFhjXUALrcOv9VCFPA3bMW3Xul/sB4"
+        + "Mq595e+x/1HkNOgZorBv97C6X7ENVDaAFcyZvrRU/ZeDnvFhisfxS4EJhzxl"
+        + "cWWnQhzD+ur1FTTlkmUFzgoB/rW+i3XigiHOuRRnkcoMy1uV17rwH8eELHJu"
+        + "Yni5vu2QUaD4jNEhliE2XCsn8Sm6bcXnfzBa7FXC39QvAcdJHzqcD6iIwjIz"
+        + "hKLu+/XoWFMFFNsgV78AwzPAn6TRya8LLCYPoIZkEP4qBoeZtUZ8PIS/Y7M9"
+        + "QStMwa/NI9SPswb3iScTGvor/obUEQS4QM6mVxFMpQWfwJfyU6jingX4EHRE"
+        + "mqvZ3ehzU8ZLOdKzRKuk022YDT7hwEQ+VL0Fg0Ld9oexqT96nQpUTHZtDRMV"
+        + "iTuJoUYTneDs2c9tsY4mWBqamZQSfTegj4sLMZagkuSUp/SpPM2zSGuD3nY6"
+        + "u3553gIM9jYhvLBEXwjGudVCwMd3bqo/4EhnKb2PcwUzdaMkipQlNteHZjBT"
+        + "1ici63xjJva+di0qTV+W9cyYyHwg1927X2qcMh06BhbHlcXQKbgmbL18KJEt"
+        + "K+GGhGNkP7mtPyHHgBb6vref/z8p7oxT2CG+oBuN/z+xQoYfe9c4IC3e/kNN"
+        + "DIoyYvPyEzAdfMS2aL8qDxzc5GH9UE9kcusJ/2dNEFTzBH2GK1CItL3IACv/"
+        + "LwX1SkI0w7oIQTL127CSnuTrUUkvJ/+rOYScQTMD/ntZPdLdu2ffszg3SzhN"
+        + "ELgojK8ss1OBlruWRHw/fP736Nx8MNsuOvXMnO8lruz+uyuEhF3BLv96oTcg"
+        + "XVHdWhPmOoqNdBQdRgAAAAAAAAAAAAAAAAAAAAAAADA8MCEwCQYFKw4DAhoF"
+        + "AAQUJMZn7MEKv4vW/+voCVyHBa6B0EMEFJOzH/BEjRtNNsZWlo/4L840aE5r"
+        + "AgFkAAA=");
+    
+    public void performTest()
+        throws Exception
+    {
+        ASN1InputStream     aIn = new ASN1InputStream(new ByteArrayInputStream(pkcs12));
+        ASN1Sequence        obj = (ASN1Sequence)aIn.readObject();
+        Pfx                 bag = Pfx.getInstance(obj);
+        ContentInfo         info = bag.getAuthSafe();
+        MacData             mData = bag.getMacData();
+        DigestInfo          dInfo = mData.getMac();
+        AlgorithmIdentifier algId = dInfo.getAlgorithmId();
+        byte[]              salt = mData.getSalt();
+        int                 itCount = mData.getIterationCount().intValue();
+
+        aIn = new ASN1InputStream(new ByteArrayInputStream(((ASN1OctetString)info.getContent()).getOctets()));
+
+        AuthenticatedSafe   authSafe = AuthenticatedSafe.getInstance(aIn.readObject());
+        ContentInfo[]       c = authSafe.getContentInfo();
+
+        //
+        // private key section
+        //
+        if (!c[0].getContentType().equals(PKCSObjectIdentifiers.data))
+        {
+            fail("failed comparison data test");
+        }
+
+        aIn = new ASN1InputStream(new ByteArrayInputStream(((ASN1OctetString)c[0].getContent()).getOctets()));
+        ASN1Sequence    seq = (ASN1Sequence)aIn.readObject();
+
+        SafeBag b = SafeBag.getInstance(seq.getObjectAt(0));
+        if (!b.getBagId().equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
+        {
+            fail("failed comparison shroudedKeyBag test");
+        }
+
+        EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
+
+        encInfo = new EncryptedPrivateKeyInfo(encInfo.getEncryptionAlgorithm(), encInfo.getEncryptedData());
+
+        b = new SafeBag(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, encInfo.toASN1Primitive(), b.getBagAttributes());
+
+        ByteArrayOutputStream abOut = new ByteArrayOutputStream();
+        ASN1OutputStream      berOut = new ASN1OutputStream(abOut);
+
+        berOut.writeObject(new DLSequence(b));
+
+        c[0] = new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(abOut.toByteArray()));
+
+        //
+        // certificates
+        //
+        if (!c[1].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
+        {
+            fail("failed comparison encryptedData test");
+        }
+
+        EncryptedData   eData = EncryptedData.getInstance(c[1].getContent());
+
+        c[1] = new ContentInfo(PKCSObjectIdentifiers.encryptedData, eData);
+
+        //
+        // create an octet stream represent the BER encoding of authSafe
+        //
+        authSafe = new AuthenticatedSafe(c);
+
+        abOut = new ByteArrayOutputStream();
+        berOut = new ASN1OutputStream(abOut);
+
+        berOut.writeObject(authSafe);
+
+        info = new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(abOut.toByteArray()));
+
+        mData = new MacData(new DigestInfo(algId, dInfo.getDigest()), salt, itCount);
+
+        bag = new Pfx(info, mData);
+
+        //
+        // comparison test
+        //
+
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(bag);
+
+        if (!Arrays.areEqual(bOut.toByteArray(), pkcs12))
+        {
+            fail("failed comparison test");
+        }
+    }
+
+    public String getName()
+    {
+        return "PKCS12";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new PKCS12Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/PKIFailureInfoTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/PKIFailureInfoTest.java
new file mode 100644
index 0000000..164f5a6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/PKIFailureInfoTest.java
@@ -0,0 +1,68 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.cmp.PKIFailureInfo;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTest;
+
+
+/**
+ * PKIFailureInfoTest
+ */
+public class PKIFailureInfoTest
+    extends SimpleTest
+{
+    // A correct hex encoded BAD_DATA_FORMAT PKIFailureInfo 
+    private static final byte[] CORRECT_FAILURE_INFO = Base64.decode("AwIANQ==");
+    
+    public String getName()
+    {
+        return "PKIFailureInfo";
+    }
+    
+    private void testEncoding()
+        throws IOException
+    {
+        DERBitString bitString = (DERBitString)new ASN1InputStream(CORRECT_FAILURE_INFO).readObject();
+        PKIFailureInfo correct = new PKIFailureInfo(bitString);
+                        
+        PKIFailureInfo bug = new PKIFailureInfo(PKIFailureInfo.badRequest | PKIFailureInfo.badTime |PKIFailureInfo.badDataFormat | PKIFailureInfo.incorrectData);
+
+        if (!areEqual(correct.getEncoded(ASN1Encoding.DER),bug.getEncoded(ASN1Encoding.DER)))
+        {
+            fail("encoding doesn't match");
+        }
+    }
+    
+    public void performTest()
+        throws IOException
+    {
+        BitStringConstantTester.testFlagValueCorrect(0, PKIFailureInfo.badAlg);
+        BitStringConstantTester.testFlagValueCorrect(1, PKIFailureInfo.badMessageCheck);
+        BitStringConstantTester.testFlagValueCorrect(2, PKIFailureInfo.badRequest);
+        BitStringConstantTester.testFlagValueCorrect(3, PKIFailureInfo.badTime);
+        BitStringConstantTester.testFlagValueCorrect(4, PKIFailureInfo.badCertId);
+        BitStringConstantTester.testFlagValueCorrect(5, PKIFailureInfo.badDataFormat);
+        BitStringConstantTester.testFlagValueCorrect(6, PKIFailureInfo.wrongAuthority);
+        BitStringConstantTester.testFlagValueCorrect(7, PKIFailureInfo.incorrectData);
+        BitStringConstantTester.testFlagValueCorrect(8, PKIFailureInfo.missingTimeStamp);
+        BitStringConstantTester.testFlagValueCorrect(9, PKIFailureInfo.badPOP);
+        BitStringConstantTester.testFlagValueCorrect(14, PKIFailureInfo.timeNotAvailable);
+        BitStringConstantTester.testFlagValueCorrect(15, PKIFailureInfo.unacceptedPolicy);
+        BitStringConstantTester.testFlagValueCorrect(16, PKIFailureInfo.unacceptedExtension);
+        BitStringConstantTester.testFlagValueCorrect(17, PKIFailureInfo.addInfoNotAvailable);
+        BitStringConstantTester.testFlagValueCorrect(25, PKIFailureInfo.systemFailure);
+
+        testEncoding();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new PKIFailureInfoTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ParseTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ParseTest.java
new file mode 100644
index 0000000..2e5112a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ParseTest.java
@@ -0,0 +1,308 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import junit.framework.TestCase;
+import org.bouncycastle.asn1.ASN1OctetStringParser;
+import org.bouncycastle.asn1.ASN1SequenceParser;
+import org.bouncycastle.asn1.ASN1StreamParser;
+import org.bouncycastle.asn1.ASN1TaggedObjectParser;
+import org.bouncycastle.asn1.BERTags;
+import org.bouncycastle.asn1.cms.ContentInfoParser;
+import org.bouncycastle.asn1.cms.EncryptedContentInfoParser;
+import org.bouncycastle.asn1.cms.EnvelopedDataParser;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.io.Streams;
+
+public class ParseTest
+    extends TestCase
+{
+    private static byte[] classCastTest = Base64.decode(
+      "MIIXqAYJKoZIhvcNAQcDoIIXmTCCF5UCAQAxggG1MIIBsQIBADCBmDCBkDEL"
+    + "MAkGA1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMQ0wCwYDVQQHEwRUcm95"
+    + "MQwwCgYDVQQKEwNFRFMxGTAXBgNVBAsTEEVMSVQgRW5naW5lZXJpbmcxJDAi"
+    + "BgkqhkiG9w0BCQEWFUVsaXQuU2VydmljZXNAZWRzLmNvbTEQMA4GA1UEAxMH"
+    + "RURTRUxJVAIDD6FBMA0GCSqGSIb3DQEBAQUABIIBAGh04C2SyEnH9J2Va18w"
+    + "3vdp5L7immD5h5CDZFgdgHln5QBzT7hodXMVHmyGnycsWnAjYqpsil96H3xQ"
+    + "A6+9a7yB6TYSLTNv8zhL2qU3IrfdmUJyxxfsFJlWFO1MlRmu9xEAW5CeauXs"
+    + "RurQCT+C5tLc5uytbvw0Jqbz+Qp1+eaRbfvyhWFGkO/BYZ89hVL9Yl1sg/Ls"
+    + "mA5jwTj2AvHkAwis+F33ZhYlto2QDvbPsUa0cldnX8+1Pz4QzKMHmfUbFD2D"
+    + "ngaYN1tDlmezCsYFQmNx1th1SaQtTefvPr+qaqRsm8KEXlWbJQXmIfdyi0zY"
+    + "qiwztEtO81hXZYkKqc5fKMMwghXVBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcE"
+    + "CEq3cLLWVds9gIIVsAAik3al6Nn5pr7r0mSy9Ki3vEeCBcV9EzEG44BvNHNA"
+    + "WyEsqQsdSxuF7h1/DJAMuZFwCbGflaRGx/1L94zrmtpeuH501lzPMvvZCmpj"
+    + "KrOF8e1B4MVQ5TfQTdUVyRnbcDa6E4V1ZZIdAI7BgDeJttS4+L6btquXfxUg"
+    + "ttPYQkevF7MdShYNnfLkY4vUMDOp3+iVzrOlq0elM95dfSA7OdBavgDJbz/7"
+    + "mro3AFTytnWjGz8TUos+oUujTk9/kHOn4cEAIm0hHrNhPS5qoj3QnNduNrad"
+    + "rLpGtcYyNlHIsYCsvPMxwoHmIw+r9xQQRjjzmVYzidn+cNOt0FmLs6YE8ds4"
+    + "wvHRO9S69TgKPHRgk2bihgHqII9lF9qIzfG40YwJLHzGoEwVO1O0+wn8j2EP"
+    + "O9I/Q3vreCH+5VbpUD2NGTwsMwZ3YlUesurLwse/YICxmgdN5Ro4DeQJSa9M"
+    + "iJnRFYWRq+58cKgr+L11mNc9nApZBShlpPP7pdNqWOafStIEjo+dsY/J+iyS"
+    + "6WLlUvNt/12qF4NAgZMb3FvRQ9PrMe87lqSRnHcpLWHcFjuKbMKCBvcdWGWI"
+    + "R7JR8UNzUvoLGGAUI9Ck+yTq4QtfgtL5MLmdBGxSKzgs44Mmek+LnrFx+e9n"
+    + "pkrdDf2gM/m7E50FnLYqzUjctKYGLNYpXQorq9MJx6TB20CHXcqOOoQqesXa"
+    + "9jL9PIOtBQy1Ow5Bh4SP07nTFWFSMI/Wt4ZvNvWJj3ecA9KjMOA9EXWUDS/H"
+    + "k9iCb2EEMo7fe5mhoyxMxPO+EIa1sEC9A1+rDACKPQCHOLI0uPmsdo0AEECC"
+    + "QLgOQkcwQlkHexOyHiOOtBxehtGZ1eBQQZ+31DF+RRU6WvS6grg58eS4gGOQ"
+    + "bd7CS9yYebvAQkz61J8KprWdtZuG1gBGma12wKMuQuC6RuWlKsj+rPMvaQCt"
+    + "8mucGbkElPGZVhdyD8/BvpSCNbgRwb6iSiw4EECovu4P4GFJaMGUYEuCA711"
+    + "itEieYc1QqS6ULjb3LFL/RcwSw0fGdjnt6B2nHckC2VsYKU1NwU7j0R1Omb4"
+    + "y5AvSgpuWjTXWnHnE9Ey0B+KP5ERZA+jJGiwYz48ynYlvQFSbBm4I6nh/DuI"
+    + "dWB2dLNxWuhdfzafBGtEHhLHzjW3WQwwRZsKesgHLrrj9hBUObodl1uvqvZN"
+    + "AjMOj8DrqbGOhAClj1t4S1Zk1ZekuMjsuoxEL+/lgtbT+056ES0k3A/LnpRb"
+    + "uxA1ZBr26Im+GVFzEcsV0hB4vNujSwStTTZH5jX5rMyi085yJfnikcLYUn9N"
+    + "apl+srhpIZlDJPw7IHaw8tsqXKDxF7MozIXo8B45CKv5Am+BMrIemCMX/ehu"
+    + "PODICl98Ur8tNAn1L+m0nj7H3c8HW2vNuBLEI3SEHHgm2Ij3IY5pyyeVUaWC"
+    + "pumhy8Ru5dj3fZcfKgYuJBQxWMf+UqPsf4iUK3923pouJ1cQ8XU8gOXIRrtX"
+    + "e41d/yR+UAZXSig6SITLw+wLtvitSvtxvjcUSUOI9CYTovKyuz1PQKiaLsV5"
+    + "4CoJhMQ5uRlVFS3H829I2d2gLRpSp6pNWeIZO2NMBxPYf2qcSHyHqQjR7xP2"
+    + "ZTg7U3OO6dZHORfXxzAnW2ExavBIYQmZh1gLn5jSS4wXFPXyvnJAsF4s5wed"
+    + "YHsyAqM/ek0n2Oo/zAh7UcP2vcb9FOoeRK8qC9HjTciS6WbjskRN0ft4T69G"
+    + "+1RsH8/edBxo2LZeA48BSCXDXOlBZJBsOptzYJD8HSZONPnef0jn23lk0fkU"
+    + "C3BjJu2ubFChctRvJniTko4klpidkHwuJgrTnL4er8rG3RfiiEHn/d5era15"
+    + "E1cekdVYWqwQOObOd4v+0gZSJgI48TBc5Qdy8F6wIU38DR2pn/5uNthNDgXk"
+    + "NcV9a2gOE3DoLe8CEIPMihqYMPY8NuSp97eHB2YhKpjP7qX9TUMoOdE2Iat2"
+    + "klNxadJt6JTFeiBPL6R9RHAD5sVBrkrl0S+oYtgF92f9WHVwAXU7zP6IgM4x"
+    + "hhzeJT07yyIp44mKd//F+7ntbgQjZ/iLbHh0mtOlUmzkFsDR0UNSXEQoourZ"
+    + "EY4A62HXj0DMqEQbik6QwEF7FKuwZX2opdOyVKH9MzJxNfDLd5dc8wAc8bCX"
+    + "jcCx5/GzHx2S5DndWQEVhp2hOQYuoJS3r6QCYFaHtDPKnFHS2PBFyFWL+2UK"
+    + "c0WsvVaHYqYKnksmxse9I9oU75kx5O05DZCThPX6h8J8MHRuxU9tcuuleIUQ"
+    + "XY8On+JeEtLSUZgp+Z7ITLuagf6yuKQpaR396MlDii/449/dvBiXAXeduyO1"
+    + "QzSkQCh37fdasqGL3mP0ssMcxM/qpOwQsx3gMtwiHQRi1oQE1QHb8qZHDE4m"
+    + "I5afQJ9O/H/m/EVlGUSn2yYOsPlZrWuI3BBZKoRzRq1lZOQDtOh18BE3tWmX"
+    + "viGIAxajam0i2Ce3h2U7vNwtiePRNEgPmQ7RwTTv0U6X8qqkjeYskiF4Cv9G"
+    + "nrB0WreC19ih5psEWLIkCYKTr+OhQuRrtv7RcyUi9QSneh7BjcvRjlGB6joA"
+    + "F6J4Y6ENAA/nzOZJ699VkljTi59bbNJYlONpQhOeRTu8M/wExkIJz7yR9DTY"
+    + "bY4/JdbdHNFf5DSDmYAHaFLmdnnfuRy+tC9CGGJvlcLVv5LMFJQGt2Wi15p8"
+    + "lctx7sL6yNCi7OakWbEOCvGPOxY7ejnvOjVK/Krx1T+dAXNUqrsDZmvmakOP"
+    + "We+P4Di1GqcyLVOTP8wNCkuAUoN0JFoBHy336/Xnae91KlY4DciPMpEOIpPN"
+    + "oB+3h6CozV7IWX5Wh3rhfC25nyGJshIBUS6cMXAsswQI8rOylMlGaekNcSU4"
+    + "gNKNDZAK5jNkS0Z/ziIrElSvMNTfYbnx3gCkY0pV18uadmchXihVT11Bt77O"
+    + "8KCKHycR39WYFIRO09wvGv6P42CRBFTdQbWFtkSwRiH8l6x39Z7pIkDFxokT"
+    + "Dp6Htkj3ywfQXNbFgRXZUXqgD1gZVFDFx920hcJnuu65CKz6pEL6X0XUwNPg"
+    + "vtraA2nj4wjVB/y+Cxc+1FgzeELB4CAmWO1OfRVLjYe7WEe/X5DPT6p8HBkB"
+    + "5mWuv+iQ3e37e1Lrsjt2frRYQWoOSP5Lv7c8tZiNfuIp07IYnJKBWZLTqNf9"
+    + "60uiY93ssE0gr3mfYOj+fSbbjy6NgAenT7NRZmFCjFwAfmapIV0hJoqnquaN"
+    + "jj5KKOP72hp+Zr9l8cEcvIhG/BbkY3kYbx3JJ9lnujBVr69PphHQTdw67CNB"
+    + "mDkH7y3bvZ+YaDY0vdKOJif9YwW2qoALXKgVBu1T2BONbCTIUTOzrKhWEvW8"
+    + "D6x03JsWrMMqOKeoyomf1iMt4dIOjp7yGl/lQ3iserzzLsAzR699W2+PWrAT"
+    + "5vLgklJPX/Fb3Tojbsc074lBq669WZe3xzlj85hFcBmoLPPyBE91BLhEwlGC"
+    + "+lWmwFOENLFGZE0mGoRN+KYxwqfA2N6H8TWoz6m0oPUW4uQvy9sGtYTSyQO9"
+    + "6ZwVNT3ndlFrP5p2atdEFVc5aO5FsK8/Fenwez06B2wv9cE9QTVpFrnJkKtF"
+    + "SaPCZkignj64XN7cHbk7Ys6nC3WIrTCcj1UOyp5ihuMS9eL9vosYADsmrR6M"
+    + "uqqeqHsf2+6U1sO1JBkDYtLzoaILTJoqg9/eH7cTA0T0mEfxVos9kAzk5nVN"
+    + "nVOKFrCGVIbOStpYlWP6wyykIKVkssfO6D42D5Im0zmgUwgNEkB+Vxvs8bEs"
+    + "l1wPuB2YPRDCEvwM3A5d5vTKhPtKMECIcDxpdwkD5RmLt+iaYN6oSFzyeeU0"
+    + "YvXBQzq8gfpqJu/lP8cFsjEJ0qCKdDHVTAAeWE6s5XpIzXt5cEWa5JK7Us+I"
+    + "VbSmri4z0sVwSpuopXmhLqLlNWLGXRDyTjZSGGJbguczXCq5XJ2E3E4WGYd6"
+    + "mUWhnP5H7gfW7ILOUN8HLbwOWon8A6xZlMQssL/1PaP3nL8ukvOqzbIBCZQY"
+    + "nrIYGowGKDU83zhO6IOgO8RIVQBJsdjXbN0FyV/sFCs5Sf5WyPlXw/dUAXIA"
+    + "cQiVKM3GiVeAg/q8f5nfrr8+OD4TGMVtUVYujfJocDEtdjxBuyFz3aUaKj0F"
+    + "r9DM3ozAxgWcEvl2CUqJLPHH+AWn5kM7bDyQ2sTIUf5M6hdeick09hwrmXRF"
+    + "NdIoUpn7rZORh0h2VX3XytLj2ERmvv/jPVC97VKU916n1QeMJLprjIsp7GsH"
+    + "KieC1RCKEfg4i9uHoIyHo/VgnKrnTOGX/ksj2ArMhviUJ0yjDDx5jo/k5wLn"
+    + "Rew2+bhiQdghRSriUMkubFh7TN901yl1kF2BBP5PHbpgfTP6R7qfl8ZEwzzO"
+    + "elHe7t7SvI7ff5LkwDvUXSEIrHPGajYvBNZsgro+4Sx5rmaE0QSXACG228OQ"
+    + "Qaju8qWqA2UaPhcHSPHO/u7ad/r8kHceu0dYnSFNe1p5v9Tjux0Yn6y1c+xf"
+    + "V1cu3plCwzW3Byw14PH9ATmi8KJpZQaJOqTxn+zD9TvOa93blK/9b5KDY1QM"
+    + "1s70+VOq0lEMI6Ch3QhFbXaslpgMUJLgvEa5fz3GhmD6+BRHkqjjwlLdwmyR"
+    + "qbr4v6o+vnJKucoUmzvDT8ZH9nH2WCtiiEtQaLNU2vsJ4kZvEy0CEajOrqUF"
+    + "d8qgEAHgh9it5oiyGBB2X/52notXWOi6OMKgWlxxKHPTJDvEVcQ4zZUverII"
+    + "4vYrveRXdiDodggfrafziDrA/0eEKWpcZj7fDBYjUBazwjrsn5VIWfwP2AUE"
+    + "wNn+xR81/so8Nl7EDBeoRXttyH7stbZYdRnkPK025CQug9RLzfhEAgjdgQYw"
+    + "uG+z0IuyctJW1Q1E8YSOpWEFcOK5okQkLFUfB63sO1M2LS0dDHzmdZriCfIE"
+    + "F+9aPMzojaHg3OQmZD7MiIjioV6w43bzVmtMRG22weZIYH/Sh3lDRZn13AS9"
+    + "YV6L7hbFtKKYrie79SldtYazYT8FTSNml/+Qv2TvYTjVwYwHpm7t479u+MLh"
+    + "LxMRVsVeJeSxjgufHmiLk7yYJajNyS2j9Kx/fmXmJbWZNcerrfLP+q+b594Y"
+    + "1TGWr8E6ZTh9I1gU2JR7WYl/hB2/eT6sgSYHTPyGSxTEvEHP242lmjkiHY94"
+    + "CfiTMDu281gIsnAskl05aeCBkj2M5S0BWCxy7bpVAVFf5nhf74EFIBOtHaJl"
+    + "/8psz1kGVF3TzgYHkZXpUjVX/mJX8FG0R8HN7g/xK73HSvqeamr4qVz3Kmm/"
+    + "kMtYRbZre7E1D10qh/ksNYnOkYBcG4P2JyjZ5q+8CQNungz2/b0Glg5LztNz"
+    + "hUgG27xDOUraJXjkkZl/GOh0eTqhfLHXC/TfyoEAQOPcA59MKqvroFC5Js0Q"
+    + "sTgqm2lWzaLNz+PEXpJHuSifHFXaYIkLUJs+8X5711+0M03y8iP4jZeEOrjI"
+    + "l9t3ZYbazwsI3hBIke2hGprw4m3ZmSvQ22g+N6+hnitnDALMsZThesjb6aJd"
+    + "XOwhjLkWRD4nQN594o6ZRrfv4bFEPTp4ev8l6diouKlXSFFnVqz7AZw3Pe53"
+    + "BvIsoh66zHBpZhauPV/s/uLb5x6Z8sU2OK6AoJ7b8R9V/AT7zvonBi/XQNw3"
+    + "nwkwGnTS9Mh7PFnGHLJWTKKlYXrSpNviR1vPxqHMO6b+Lki10d/YMY0vHQrY"
+    + "P6oSVkA6RIKsepHWo11+rV838+2NRrdedCe91foUmOs+eoWQnwmTy2CTZmQ5"
+    + "b7/TTcau9ewimZAqI+MtDWcmWoZfgibZmnIITGcduNOJDRn+aLt9dz+zr1qA"
+    + "HxlLXCOyBPdtfx6eo4Jon+fVte37i3HmxHk+8ZGMMSS9hJbLQEkA59b4E+7L"
+    + "GI3JZjvEkhizB4n/aFeG7KT7K3x072DMbHLZ7VgsXQ1VDDmcZmizFwgyNqKy"
+    + "hKCKxU+I2O10IMtiZUpEzV1Pw7hD5Kv/eFCsJFPXOJ2j3KP6qPtX5IYki1qH"
+    + "Juo5C5uGKtqNc6OzkXsvNUfBz5sJkEYl0WfitSSo4ARyshFUNh2hGxNxUVKM"
+    + "2opOcuHSxBgwUSmVprym50C305zdHulBXv3mLzGjvRstE9qfkQ8qVJYLQEkL"
+    + "1Yn7E92ex71YsC8JhNNMy0/YZwMkiFrqyaFd/LrblWpBbGumhe4reCJ4K3mk"
+    + "lFGEsICcMoe+zU1+QuLlz/bQ+UtvClHUe8hTyIjfY04Fwo2vbdSc1U/SHho5"
+    + "thQy+lOZ/HijzCmfWK3aTqYMdwCUTCsoxri2N8vyD/K2kbMLQWUfUlBQfDOK"
+    + "VrksBoSfcluNVaO56uEUw3enPhhJghfNlJnpr5gUcrAMES53DfkjNr0dCsfM"
+    + "JOY2ZfQEwwYey1c4W1MNNMoegSTg4aXzjVc0xDgKa7RGbtRmVNbOxIhUNAVi"
+    + "thQV3Qujoz1ehDt2GyLpjGjHSpQo3WlIU4OUqJaQfF6EH+3khFqUmp1LT7Iq"
+    + "zH3ydYsoCDjvdXSSEY3hLcZVijUJqoaNWBLb/LF8OG5qTjsM2gLgy2vgO/lM"
+    + "NsqkHnWTtDimoaRRjZBlYLhdzf6QlfLi7RPmmRriiAOM0nXmylF5xBPHQLoz"
+    + "LO9lXYIfNbVJVqQsV43z52MvEQCqPNpGqjB+Au/PZalYHbosiVOQLgTB9hTI"
+    + "sGutSXXeLnf5rftCFvWyL3n5DgURzDFLibrbyVGGKAk166bK1RyVP9XZJonr"
+    + "hPYELk4KawCysJJSmC0E8sSsuXpfd6PPDru6nCV1EdXKR7DybS7NVHCktiPR"
+    + "4B4y8O/AgfJX8sb6LuxmjaINtUKEJ1+O88Gb69uy6b/Kpu2ri/SUBaNNw4Sn"
+    + "/tuaD+jxroL7RlZmt9ME/saNKn9OmLuggd6IUKAL4Ifsx9i7+JKcYuP8Cjdf"
+    + "Rx6U6H4qkEwwYGXnZYqF3jxplyOfqA2Vpvp4rnf8mST6dRLKk49IhKGTzwZr"
+    + "4za/RZhyl6lyoRAFDrVs1b+tj6RYZk0QnK3dLiN1MFYojLyz5Uvi5KlSyFw9"
+    + "trsvXyfyWdyRmJqo1fT7OUe0ImJW2RN3v/qs1k+EXizgb7DW4Rc2goDsCGrZ"
+    + "ZdMwuAdpRnyg9WNtmWwp4XXeb66u3hJHr4RwMd5oyKFB1GsmzZF7aOhSIb2B"
+    + "t3coNXo/Y+WpEj9fD7/snq7I1lS2+3Jrnna1048O7N4b5S4b5TtEcCBILP1C"
+    + "SRvaHyZhBtJpoH6UyimKfabXi08ksrcHmbs1+HRvn+3pl0bHcdeBIQS/wjk1"
+    + "TVEDtaP+K9zkJxaExtoa45QvqowxtcKtMftNoznF45LvwriXEDV9jCXvKMcO"
+    + "nxG5aQ//fbnn4j4q1wsKXxn61wuLUW5Nrg9fIhX7nTNAAooETO7bMUeOWjig"
+    + "2S1nscmtwaV+Sumyz/XUhvWynwE0AXveLrA8Gxfx");
+    
+    private static byte[] derExpTest = Base64.decode(
+      "MIIS6AYJKoZIhvcNAQcDoIIS2TCCEtUCAQAxggG1MIIBsQIBADCBmDCBkDEL"
+    + "MAkGA1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMQ0wCwYDVQQHEwRUcm95"
+    + "MQwwCgYDVQQKEwNFRFMxGTAXBgNVBAsTEEVMSVQgRW5naW5lZXJpbmcxJDAi"
+    + "BgkqhkiG9w0BCQEWFUVsaXQuU2VydmljZXNAZWRzLmNvbTEQMA4GA1UEAxMH"
+    + "RURTRUxJVAIDD6FBMA0GCSqGSIb3DQEBAQUABIIBAGsRYK/jP1YujirddAMl"
+    + "ATysfLCwd0eZhENohVqLiMleH25Dnwf+tBaH4a9hyW+7VrWw/LC6ILPVbKpo"
+    + "oLBAOical40cw6C3zulajc4gM3AlE2KEeAWtI+bgPMXhumqiWDb4byX/APYk"
+    + "53Gk7WXF6Xs4hj3tmrHSJxCUOsTdHKUJYvOqjwKGARPQDjP0EUbVJezeAwBA"
+    + "RMlJ/qBVLBj2UW28n5oJZm3oaSaU93Uc6GPVIk43IWrmEUcWVPiMfUtUCwcX"
+    + "tRNtHuQ9os++rmdNBiuB5p+vtUeA45KWnTUtkwJXvrzE6Sf9AUH/p8uOvvZJ"
+    + "3yt9LhPxcZukGIVvcQnBxLswghEVBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcE"
+    + "CGObmTycubs2gIIQ8AKUC8ciGPxa3sFJ1EPeX/nRwYGNAarlpVnG+07NITL2"
+    + "pUzqZSgsYh5JiKd8TptQBZNdebzNmCvjrVv5s9PaescGcypL7FNVPEubh0w/"
+    + "8h9rTACqUpF5yRgfcgpAGeK29F1hyZ1WaIH43avUCaDnrZcOKB7wc1ats1aQ"
+    + "TSDLImyFn4KjSo5k0Ec/xSoWnfg391vebp8eOsyHZhFMffFtKQMaayZNHJ7Q"
+    + "BzG3r/ysUbkgI5x+0bX0QfZjEIs7yuV5Wt8DxMTueCm3RQ+HkR4lNdTBkM4V"
+    + "qozCqC1SjcAF5YHB0WFkGouEPGgTlmyvLqR2xerEXVZn9YwSnT48kOde3oGt"
+    + "EAYyg0yHbNbL0sp6LDM7upRmrgWwxf0BR6lP4wyWdv/XSLatEB7twSNiPBJ4"
+    + "PJ+QagK08yQJ84UB7YpMTudKsaUs7zW76eA7KkW3TndfDYGdhbmZ5wxNl+5x"
+    + "yPZc/jcQHW7vplMfWglUVxnzibNW12th0QXSB57Mzk8v1Rvc/HLGvAOJZG/S"
+    + "N12FZOxbUrMIHGi3kXsmfWznVyq92X4P9tuDDD7sxkSGsyUAm/UJIZ3KsXhV"
+    + "QeaRHVTVDxtJtnbYxBupy1FDBO6AhVrp16Blvnip9cPn/aLfxDoFHzmsZmEg"
+    + "IcOFqpT1fW+KN6i/JxLD3mn3gKzzdL1/8F36A2GxhCbefQFp0MfIovlnMLFv"
+    + "mrINwMP8a9VnP8gIV5oW5CxmmMUPHuGkXrfg+69iVACaC2sTq6KGebhtg9OC"
+    + "8vZhmu7+Eescst694pYa3b8Sbr5bTFXV68mMMjuRnhvF2NZgF+O0jzU+sFps"
+    + "o7s1rUloCBk1clJUJ/r+j9vbhVahCeJQw62JAqjZu4R1JYAzON3S7jWU5zJ7"
+    + "pWYPSAQkLYUz3FmRRS2Yv65mXDNHqR9vqkHTIphwA9CLMKC2rIONxSVB57q1"
+    + "Npa/TFkVdXnw+cmYjyFWiWeDP7Mw0Kwy7tO008UrBY0rKQU466RI5ezDqYPc"
+    + "Lm73dUH2EjUYmKUi8zCtXpzgfTYVa/DmkbVUL9ThHMVRq1OpT2nctE7kpXZk"
+    + "OsZjEZHZX4MCrSOlc10ZW7MJIRreWMs70n7JX7MISU+8fK6JKOuaQNG8XcQp"
+    + "5IrCTIH8vmN2rVt4UT8zgm640FtO3jWUxScvxCtUJJ49hGCwK+HwDDpO6fLw"
+    + "LFuybey+6hnAbtaDyqgsgDh2KN8GSkQT9wixqwQPWsMQ4h0xQixf4IMdFOjP"
+    + "ciwp3ul8KAp/q70i0xldWGqcDjUasx6WHKc++rFjVJjoVvijKgEhlod5wJIw"
+    + "BqQVMKRsXle07NS1MOB+CRTVW6mwBEhDDERL+ym2GT2Q4uSDzoolmLq2y5vL"
+    + "+RfDHuh3W0UeC3Q5D2bJclgMsVjgfQUN19iD+lPFp2xvLTaNWi5fYDn4uuJL"
+    + "lgVDXIMmM8I+Z2hlTXTM1Pldz2/UFe3QXTbYnjP6kfd7Bo2Webhhgs/YmSR2"
+    + "XPuA42tWNAAjlK77lETWodxi3UC7XELjZ9xoGPRbxjOklXXvev9v5Vo+vcmN"
+    + "0KrLXhLdkyHRSm81SRsWoadCTSyT8ibv66P00GOt+OlIUOt0YKSUkULQfPvC"
+    + "EgMpeTm1/9l8n9bJ6td5fpJFDqLDm+FpJX6T2sWevV/Tyt6aoDPuET5iHBHW"
+    + "PoHxKl8YPRHBf+nRWoh45QMGQWNSrJRDlO8oYOhdznh4wxLn3DXEfDr0Z7Kd"
+    + "gEg6xr1XCobBn6Gi7wWXp5FDTaRF41t7fH8VxPwwDa8Yfu3vsgB6q426kjAj"
+    + "Q77wx1QFIg8gOYopTOgqze1i4h1U8ehP9btznDD6OR8+hPsVKoXYGp8Ukkc7"
+    + "JBA0o8l9O2DSGh0StsD94UhdYzn+ri7ozkXFy2SHFT2/saC34NHLoIF0v/aw"
+    + "L9G506Dtz6xXOACZ4brCG+NNnPLIcGblXIrYTy4+sm0KSdsl6BGzYh9uc8tu"
+    + "tfCh+iDuhT0n+nfnvdCmPwonONFb53Is1+dz5sisILfjB7OPRW4ngyfjgfHm"
+    + "oxxHDC/N01uoJIdmQRIisLi2nLhG+si8+Puz0SyPaB820VuV2mp77Y2osTAB"
+    + "0hTDv/sU0DQjqcuepYPUMvMs3SlkEmaEzNSiu7xOOBQYB8FoK4PeOXDIW6n2"
+    + "0hv6iS17hcZ+8GdhwC4x2Swkxt99ikRM0AxWrh1lCk5BagVN5xG79c/ZQ1M7"
+    + "a0k3WTzYF1Y4d6QPNOYeOBP9+G7/a2o3hGXDRRXnFpO7gQtlXy9A15RfvsWH"
+    + "O+UuFsOTtuiiZk1qRgWW5nkSCPCl2rP1Z7bwr3VD7o6VYhNCSdjuFfxwgNbW"
+    + "x8t35dBn6xLkc6QcBs2SZaRxvPTSAfjON++Ke0iK5w3mec0Br4QSNB1B0Aza"
+    + "w3t3AleqPyJC6IP1OQl5bi+PA+h3YZthwQmcwgXgW9bWxNDqUjUPZfsnNNDX"
+    + "MU9ANDLjITxvwr3F3ZSfJyeeDdbhr3EJUTtnzzWC6157EL9dt0jdPO35V0w4"
+    + "iUyZIW1FcYlCJp6t6Sy9n3TmxeLbq2xML4hncJBClaDMOp2QfabJ0XEYrD8F"
+    + "jq+aDM0NEUHng+Gt9WNqnjc8GzNlhxTNm3eQ6gyM/9Ip154GhH6c9hsmkMy5"
+    + "DlMjGFpFnsSTNFka2+DOzumWUiXLGbe4M3RePl1N4MLwXrkR2llguQynyoqF"
+    + "Ptat2Ky5yW2q9+IQHY49NJTlsCpunE5HFkAK9rY/4lM4/Q7hVunP6U4a0Kbu"
+    + "beFuOQMKQlBZvcplnYBefXD79uarY/q7ui6nFHlqND5mlXMknMrsQk3papfp"
+    + "OpMS4T07rCTLek0ODtb5KsHdIF76NZXevko4+d/xbv7HLCUYd8xuOuqf+y4I"
+    + "VJiT1FmYtZd9w+ubfHrOfHxY+SBtN6fs02WAccZqBXUYzZEijRbN2YUv1OnG"
+    + "rfYe4EcfOu/Sa+wLbB7msYpLfvUfEO3iseKf4LXZkgtF5P610PBZR8edeSgr"
+    + "YZW+J0K78PRAl5nEi1mvzBxi9DyNf6iQ9mWLyyCmr9p9HGE+aCMKVCn9jfZH"
+    + "WeBDAJNYDcUh5NEckqJtbEc2S1FJM7yZBWLQUt3NCQvj+nvQT45osZ3BJvFg"
+    + "IcGJ0CysoblVz4fCLybrYxby9HP89WMLHqdqsIeVX8IJ3x84SqLPuzrqf9FT"
+    + "ZVYLo0F2oBjAzjT7obt9+NJc/psOMCg+OGQkAfwj3VNvaqkkQsVxSiozgxrC"
+    + "7KaTXuAL6eKKspman96kz4QVk9P0usUPii+LFnW4XYc0RNfgJVO6BgJT7pLX"
+    + "NWwv/izMIMNAqSiWfzHHRVkhq4f1TMSF91auXOSICpJb3QQ4XFh52Mgl8+zs"
+    + "fobsb0geyb49WqFrZhUu+X+8LfQztppGmiUpFL+8EW0aPHbfaf4y9J1/Wthy"
+    + "c28Yqu62j/ljXq4Qa21uaEkoxzH1wPKCoKM9TXJtZJ39Yl9cf119Qy4M6QsB"
+    + "6oMXExlMjqIMCCWaLXLRiqbc2Y7rZHgEr08msibdoYHbSkEl8U+Kii2p6Vdx"
+    + "zyiEIz4CadrFbrAzxmrR/+3u8JuBdq0K3KNR0WWx73BU+G0rgBX56GnP7Ixy"
+    + "fuvkRb4YfJUF4PkDa50BGVhybPrIhoFteT6bSh6LQtBm9c4Kop8Svx3ZbqOT"
+    + "kgQDa0n+O0iR7x3fvNZ0Wz4YJrKGnVOPCqJSlSsnX6v2JScmaNdrSwkMTnUf"
+    + "F9450Hasd88+skC4jVAv3WAB03Gz1MtiGDhdUKFnHnU9HeHUnh38peCFEfnK"
+    + "WihakVQNfc72YoFVZHeJI5fJAW8P7xGTZ95ysyirtirxt2zkRVJa5p7semOw"
+    + "bL/lBC1bp4J6xHF/NHY8NQjvuhqkDyNlh3dRpIBVBu6Z04hRhLFW6IBxcCCv"
+    + "pjfoxJoox9yxKQKpr3J6MiZKBlndZRbSogO/wYwFeh7HhUzMNM1xIy3jWVVC"
+    + "CrzWp+Q1uxnL74SwrMP/EcZh+jZO4CYWk6guUMhTo1kbW03BZfyAqbPM+X+e"
+    + "ZqMZljydH8AWgl0MZd2IAfajDxI03/6XZSgzq24n+J7wKMYWS3WzB98OIwr+"
+    + "oKoQ7aKwaaT/KtR8ggUVYsCLs4ScFY24MnjUvMm+gQcVyeX74UlqR30Aipnf"
+    + "qzDRVcAUMMNcs0fuqePcrZ/yxPo+P135YClPDo9J8bwNpioUY8g+BQxjEQTj"
+    + "py3i2rAoX+Z5fcGjnZQVPMog0niIvLPRJ1Xl7yzPW0SevhlnMo6uDYDjWgQ2"
+    + "TLeTehRCiSd3z7ZunYR3kvJIw1Kzo4YjdO3l3WNf3RQvxPmJcSKzeqKVxWxU"
+    + "QBMIC/dIzmRDcY787qjAlKDZOdDp7qBKIqnfodWolxBA0KhvE61eYabZqUCT"
+    + "G2HJaQE1SvOdL9KM4ORFlxE3/dqv8ttBJ6N1qKk423CJjajZHYTwf1dCfj8T"
+    + "VAE/A3INTc6vg02tfkig+7ebmbeXJRH93KveEo2Wi1xQDsWNA+3DVzsMyTqV"
+    + "+AgfSjjwKouXAznhpgNc5QjmD2I6RyTf+hngftve18ZmVhtlW5+K6qi62M7o"
+    + "aM83KweH1QgCS12/p2tMEAfz//pPbod2NrFDxnmozhp2ZnD04wC+6HGz6bX/"
+    + "h8x2PDaXrpuqnZREFEYzUDKQqxdglXj5oE/chBR8+eBfYSS4JW3TBkW6RfwM"
+    + "KOBBOOv8pe3Sfq/bg7OLq5bn0jKwulqP50bysZJNlQUG/KqJagKRx60fnTqB"
+    + "7gZRebvtqgn3JQU3fRCm8ikmGz9XHruoPlrUQJitWIt4AWFxjyl3oj+suLJn"
+    + "7sK62KwsqAztLV7ztoC9dxldJF34ykok1XQ2cMT+uSrD6ghYZrmrG5QDkiKW"
+    + "tOQCUvVh/CorZNlON2rt67UvueMoW+ua25K4pLKDW316c2hGZRf/jmCpRSdb"
+    + "Xr3RDaRFIK6JpmEiFMMOEnk9yf4rChnS6MHrun7vPkf82w6Q0VxoR8NRdFyW"
+    + "3mETtm2mmG5zPFMMD8uM0BYJ/mlJ2zUcD4P3hWZ8NRiU5y1kazvrC6v7NijV"
+    + "o459AKOasZUj1rDMlXDLPloTHT2ViURHh/8GKqFHi2PDhIjPYUlLR5IrPRAl"
+    + "3m6DLZ7/tvZ1hHEu9lUMMcjrt7EJ3ujS/RRkuxhrM9BFlwzpa2VK8eckuCHm"
+    + "j89UH5Nn7TvH964K67hp3TeV5DKV6WTJmtIoZKCxSi6FFzMlky73gHZM4Vur"
+    + "eccwycFHu+8o+tQqbIAVXaJvdDstHpluUCMtb2SzVmI0bxABXp5XrkOOCg8g"
+    + "EDZz1I7rKLFcyERSifhsnXaC5E99BY0DJ/7v668ZR3bE5cU7Pmo/YmJctK3n"
+    + "m8cThrYDXJNbUi0c5vrAs36ZQECn7BY/bdDDk2NPgi36UfePI8XsbezcyrUR"
+    + "ZZwT+uQ5LOB931NjD5GOMEb96cjmECONcRjB0uD7DoTiVeS3QoWmf7Yz4g0p"
+    + "v9894YWQgOl+CvmTERO4dxd7X5wJsM3Y0acGPwneDF+HtQrIpJlslm2DivEv"
+    + "sikc6DtAQrnVRSNDr67HPPeIpgzThbxH3bm5UjvnP/zcGV1W8Nzk/OBQWi0l"
+    + "fQM9DccS6P/DW3XPSD1+fDtUK5dfH8DFf8wwgnxeVwi/1hCBq9+33XPwiVpz"
+    + "489DnjGhHqq7BdHjTIqAZvNm8UPQfXRpeexbkFZx1mJvS7so54Cs58/hHgQN"
+    + "GHJh4AUCLEt0v7Hc3CMy38ovLr3Q8eZsyNGKO5GvGNa7EffGjzOKxgqtMwT2"
+    + "yv8TOTFCWnZEUTtVA9+2CpwfmuEjD2UQ4vxoM+o=");
+
+    byte[] longTagged = Hex.decode("9f1f023330");
+    
+    public void testClassCast()
+        throws IOException
+    {
+        parseEnveloped(classCastTest);
+    }
+
+    public void testDerExp()
+        throws IOException
+    {
+        parseEnveloped(derExpTest);
+    }
+    
+    public void testLongTag()
+        throws IOException
+    {
+        ASN1StreamParser aIn = new ASN1StreamParser(longTagged);
+        
+        ASN1TaggedObjectParser tagged = (ASN1TaggedObjectParser)aIn.readObject();
+        
+        assertEquals(31, tagged.getTagNo());
+    }
+    
+    private void parseEnveloped(byte[] data) throws IOException
+    {
+        ASN1StreamParser aIn = new ASN1StreamParser(data);
+        
+        ContentInfoParser cP = new ContentInfoParser((ASN1SequenceParser)aIn.readObject());
+        
+        EnvelopedDataParser eP = new EnvelopedDataParser((ASN1SequenceParser)cP.getContent(BERTags.SEQUENCE));
+        
+        eP.getRecipientInfos().toASN1Primitive(); // Must drain the parser!
+        
+        EncryptedContentInfoParser ecP = eP.getEncryptedContentInfo();
+        
+        ASN1OctetStringParser content = (ASN1OctetStringParser)ecP.getEncryptedContent(BERTags.OCTET_STRING);
+
+        Streams.drain(content.getOctetStream());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ParsingTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ParsingTest.java
new file mode 100644
index 0000000..c5a3353
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ParsingTest.java
@@ -0,0 +1,99 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1StreamParser;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class ParsingTest
+    extends SimpleTest
+{
+     String[] streams = {
+        "oRNphCO0F+jcMQKC1uMO8qFBPikDDYmtfVGeB45xvbfj1qu696YGjdW2igRnePYM/KkQtADG7gMHIhqBRcl7dBtkejNeolOklPNA3NgsACTiVN9JFUsYq0a5842+TU+U2/6Kt/D0kvz0WmwWFRPHWEWVM9PYOWabGsh28Iucc6s7eEqmr8NEzWUx/jM3dmjpFYVpSpxt2KbbT+yUO0EqFQyy8hQ7JvKRgv1AoWQfPjMsfjkKgxnA8DjenmwXaZnDaKEvQIKQl46L1Yyu3boN082SQliSJMJVgNuNNLFIt5QSUdG1ant5O6f9Yr0niAkAoqGzmqz+LZE1S7RrGHWiQ3DowE9NzviBuaAoI4WdCn1ClMwb9fdEmBMU4C7DJSgs3qaJzPUuaAT9vU3GhZqZ0wcTV5DHxSRzGLqg9JEJRi4qyeuG3Qkg3YBtathl+FiLJ7mVoO3dFIccRuuqp2MpMhfuP1DxHLNLNiUZEhLMQ0CLTGabUISBuyQudVFlKBZIpcLD0k7fKpMPuywrYiDrTinMc2ZP3fOGevoR5fnZ6kZAE5oMTtMNokzBuctGqVapblXNrVMLYbriT538oYz5",
+        "KEKVhHxtyUR9D3v5K4IJbVQLAMiVKoK9z7wFWUjzvLFNLg9C/r8zKfBa3YgZrt0Nq64+MxBePMbiNLCnfditc2qUcQZUHnvNnhwT6uGK37JmXg7MvQiKwvi31EIYt6ghqBZVs1iaqc0ep7wuQ16uwSQMlaDdXc9Qf1L0dGO/6eLyREz+p4UR4NOXK+GooQLfMxYL40zJlYcwNyR0rigvIr84WP2IMS2hZjqXtyS6HMM4yUv70hkIorjr7+JC4GtU1MyWuPuNSAGen0AZTaEEXd5sMbqXMqWg3jeM4mzRH1Kb3WdAChO5vMJZPBj9jZZKgXzmxkUh5GlIhUdYgztoNceBzQ3PIc7slCDUw9I2PjB87xsfy7jA5tFtFADs2EUyxUTMCuhilP664jSHgwbrr80k9Xc4sU+MCwCq2nQmcZYcPgKb4M31VJMlKwnZF3JUU2Jtqgg4gbErw58YoBwSkEcMJ2Juhiyx9U36MzxHs9OcTURfpsilMy+mDL8arCDx1knM1KkAHCLjWuJI+p1PvuIypgCwVc+MtGfd7wW8iR1JPJLBiuoZyNJ+xx9htd/HVB+rLtB57H8Gz8W+R00f",
+        "Ol9I/rXMwbLpxTY97v70B+HCl2+cojz2574x/cC56A7KGVF13La8RdzOOvSkl338ct9T/blEFa6QwNz3GmF+MoPdH9lncwz+tqixIqGU02Bp5swH0qjbp/Yjaeq91eR6B+9fl+KKrpglBr8S1BrI4Ey5v3AxxJdCWP8Gd+6Sp15/HMYanwlHBpCsW4+Kq8sGJoJXUXpQ/GBUJKs+WjX1zE6PsvF7/B8cByuqE3NJt7x4Oa+qZtF8qNc0CFDNj31Yhdt7JkAoD30IAd+ue9OhImQMCWwFwySRIRJXU3865K2dBR+VhLuI2aKzLh7MlgVKJk6b2P/ZIkc86ksR1sOUiHrs9EdoYuIssAgMc8QGzn4VN8lxopdzQYVG6pbXGS/VQlHkGdyLd+OHt4srz/NTUWiOquVTRxa6GgtlBFfIXikPTb+iT2pZKyKUlBvpgo0BY9vVUadsteHAI5qrFZBrL5ecK/Qtl9hf/M8qEjyjt2aCXe9B96Hg2QR5A53qW2PJW5VzS0AeB3g+zJSPCTpygrBs20q5Xrna0ux2l17r6HT9Q/AXIOkwPZUXXn0d02igS4D6Hxrg3Fhdp+OTXL8G",
+        "o3eXWpwAGmUkxHEKm/pGkDb1ZQQctCQ06lltZjeMXDp9AkowmA0KXjPQCQwyWE/nqEvk2g/58AxNU0TWSujo5uU0h4/hdMZ7Mrj33NSskWvDpKe7lE5tUjPi74Rmc5RRS+1T/EQobpNxoic3+tTO7NBbZfJtcUYeZ3jqxL+3YQL3PrGe/Zpno9TnQW8mWbbhKhDRtKY4p3Pgk9hPSpJCM9xYo3EMAOAIiH2P6RKH6uX/gSaUY2b6DE/TT0V6v/jdSmYM4+cnYiTyJCi5txI35jfCqIlVCXJd7klirvUMg9SXBhGR25AgQ5Z8yjd7lbB8FvD8JQAXZrp6xiHxbLIW7G11fWEo7RGLFtALI6H38Ud0vKjsEN7N5AibJcxS2A/CWk9R00sTHRBHFUP8o5mz8nE7FeCiwJPs/+tCt04nGb9wxBFMsmWcPEDfIzphCaO6U/D/tQHlA846gbKoikv/6LI0ussSR/i85XBclNcvzTctxylSbCR02lZ+go6fe5rmMouiel/0Tndz8t1YpQGilVeOQ3mqAFyAJk3dgfTNKZuOhNzVIZ5GWScKQ5ZtNcWrg6siR+6YwKvLiRb/TJZk",
+        "PwRUnW4yU8PI7ggbI1BIO9fcTup8optkqCirodyHCiqsPOMZ4g28bJ2+kpfQRujWGlKFYQzA1ZT32s9hdci+fvXPX0KAjcUgcxsGzMABFbEm04BwDF2WLgg9s4/x71r5JrgME1S08I3mCo4N0eFHWDeLJL1b5YNNo6tfO5V2WpIE867N9zdAgvp1gijVjUNWqEB3A/NLb3reLMu2hYgqRFTCVBfcFclD46k0XEfUJqwWdQhOz92WNl/3g53bjKX1hDZgjLIzK6m+SU6+J/h4NidrS7E0gOBevZW8gRYdKMVqNWxzUfxv6kgG+kIeF9JqMcO6jdh/Zu/0tpZoHFeCweZ1jT1eEtltFu1FcTTPc1UT0pT+ZNVgefrBONoGnvn8+dBjPese6F2TmRCExJq9taKlIh/kHdkbpaa7vwrBpYRgVGfARPyM9SSCaE7pVBDuwkFeYiGU4tamm5Gq10ojRQgetJ3UOg/PGTJcxo97GBiG5zAST9NdHdgK3eI4FAbWpGwmWxNpPWOst0a7zuGKAzYU+1IQh8XA3IgJ2vy3+w0JihU6G+12LUzsL2aQtpG7d1PqLhwOqHq3Qqv3SDsB",
+        "ZIAKizvGzbvqvqOlxOeVgHGHV9TfKNjjqyzbCj8tggv2yp7kkq1D3yRlC349tuul3zN9g4u83Ctio9Gg3HiLzMULxoOImF/hKRDhJpPLbLm0jSq1fyF+N7/YvyLeFhGoPhYEBUihDcxo1NIcWy66aBt3EuOlTyDQWrDe0Za3mrTrrl10uLHVKcQMgeD+UMgjQqmHzQJR8wdNjHPKHWVvZEdiwI031nV2giHJHXv08Jvf4vmw4dAlH2drCl6cBgg33jy7ohK8IiXz6eCw6iY9Ri8YaMzxOhgE2BOHzEz5ZC2hilL4xO/ambTER4bhb4+9VTUIehHP18FcXm8TKPQRMqyKP2fMlzWW3/uelYfPP5SHlyLAULa1KjDCkLIDunEKZDpv2ljGB6JPrTlNwFsvlZcihfOAwjbr2jW3MwP704OA8xzd/dynBU47unIZEu0LAvQ3TUz3PLga0GGO1LZGtg0Foo9zFG2wuVCdgYHmozOQ+8I3gRguW1CjGy7ZCTBuN1GZ510ERhae+bRQtldHsLeiHTghnkU1xEX1+W0iEf3csDYrgpuq3NaBYRGirovDiPBYFHmru0AMclhFnpcX",
+        "uG0wQ55kMlfZtJFAqTl0bnYW/oy9NFOi0e4FqAYwsvMxGO4JtGzXgkVwEUAC0AUDItRUjxBl+TkoPTYaprgn0M/NQvKPpXJ+yzI7Ssi+F2alLR0T6eF/4rQ32AVjnANJaghXZm0ZKduckbhSxk5lilJVJRuzXKchZRtlPluvlj448bq+iThktsEQoNP8NMpi7n/EVxovp+dow4Q6t7msSRP4cGXtyYoWKbf/7e5XzBKOZZ1/f3s86uJke4dcKIaljpJfBrtuFxZC6NYXzX6PkoDoBgqQ8RBrxsX54S9cBDAPxxmkq8zviAOW3oqPMULGGmQzHBiRwE8oeDFoMnzF5aR/lkbNuTLOxhbIkosgLWlDNVEFYx9bVhdLzO7VwaAK829dimlPOo5loKB7Pd2G7ekRKXwu7wNvJBq8KRkhtLKbKoS8D6TaRWUMb9VBJ1CMy4mrw+YwTmAKURQ6Dko9J/RgzRg5Y/sUlwdMYS9HOnvKiTVu5I/ha35wwkhIPVm+FCn05tstntZaXXXu4xExHeugAKNBhkcc/SQt+GFdxXDd+R4C2LfKxGDSyZKVTFYojHTdZUo8Gx6SZLY6b2SZ",
+        "sH0kIwIq1THAfTLfqUKJfG1YauCQKPc9/mk3l39yK6zgxSpCH2IjZIwhhJtGm3F+8PTneT725OuyR617nxqrgqMGkkZkyY4DA5CjsikpBo5mo8TspX1g+vtXXtxymJMTMo8JwX3nSH4gSb3vPia+gwOW2TcJmxVdp3ITPA4gJpMfqoMBqRM+eDWO6QXW5ijVL4+wnp40u5bU4fQLVzpg25+QGLqBHD6PZTQaN6F9Vy5XpsAGDlncCklVuX3Lkp3Xb9cTiNa/4ii04uwZqx0juszjwFAMPPb6u56crvN1x4FXfXzabWECHbdQLlKazowvU9bEnqG2i4H44Ae+v8Iw8HK5mbZ6ercLTD9oPgs7Ogal037l2WwLApUz/fmD5fV8SxHh+vKDpfOzv6xcQxynS82jAJw9AdUwE/4ndGzzHPIu2M81gbAgZQ02EurMMU62hYgiXeridrtyh+H5R+CiwQdEyX7/op6WVihsYj2O3O/1hgjhGQRFD6sGwnko50jgWRxaMMfJGNlyGoT8WT5k931jU7547u7Ovr7XP/t8r3G7ceCiCcYjQgdwXdvIStzPvvV7Yy02isZjiJF8TLJQ",
+        "tycxf1mOz1yLE6cT/ZlCxMeTxlEEHFeIdw0+nF/40Tsw4vLco+4kR2A6cVml611CSpN6l/RMKk2LnAkprrbJ/Uam902WBnQ+I6Vsl6GkFFq7362bdixojqMFVKYytXLCT8I78f6s8M6a3jSALQloD6Ftvn+cc+cctO3weaaaPgAlrz+f2MFs8bqpnLQYbbY/JS9IAYJFH+yVtLz7eKcedEp9JMlJ3/43szU2fDN9ZMxBoQnxEmF3WZv6GF0WRc8VhTblXRgk4mlz6Fu3IXvwW/rbn+VCYYIk/XaVLrxFAnnw6mBozAF7vmV0OrIYBlSDU8rMb+F7AvE7pwErO9TJtCE8IUvQf8TsJYRoYv21/X57pzcBedtqVeU3DnTlmESHxG6H1uJbadSFLWSxKS4svfp8T9FWqX5815yD/UplAKEIeorLTAlPIC2ASKDU6SQW260biNAfY8FYQCWa8btaTwFuY8NMwSHzyqgU0aoPKnagi/4hOIWNO5rZ8Xcnzx+ELtEl33hQnzc4OUlT5eeVYQWkz2IWVQ6Re4JWF3L4OXzNZWgefKGMzZU6IHoBeCgfi+popLRJpaOx0dcvwGjk",
+        "oDsoFvUA+sGOoMyZY6w1UhY3NBkeoozzjEkDSRN1golyXJ1dC5CtYNEjvAJYKj+sqNwg9mBlYyybYpnI3GSP125zMeBHPCoy5CoNOkJW4OH/oLyjVeQbFNic/b2Jcz6lTguYhep8hq9EM2XuFV8T1rm5+4ucI7fH1UiOqRZyuHBAJ0Cna5kv6D3efsa9rd+swybiMIUjmPWpyxzNOOihCYuf4JqRh/D5eZKm6x0Zj2uRhTAYYxI7Q3czd0R9490ufG8VbF8ASBMireMONNNAA/OZCpxJh6xnIANBqV6YDeysws3NBWY2QuNumvg5Kr3/g+VMzJHi4wGuJjraKWi9+ylMfelHF5h/h+pAQVxCotq8JU3OTnMUW4rQp2a8BR5S+mZqPSPlb87tDG9r0+yqb1uO4UIo71C7Xxwoq4M0tXjk6mSmtP/sm+Lh14qfUzKRhTHVdz91TK104mbTJNXbK+jGPD/2BJO9fiaXY8IYanpfDLBfJo06VYbm6HehRZTwnDHnN50j7ki4aMS3COZvffjRInXD8dS5h9zmtKNpoqg//lPg4gpS+4Th2sJ3SGtBV0Ne89r7AfZMAVa26PMK",
+        "MIDLuZTrtZnEBOB6l14iSEyokAg5Wf5JviumhfPeL7WSFTHfOodU2hrvhyvM6oAlRHY1blTj7mw+Tcf9Tmc+/FHT6PGu0NT5UAqaqChX0gS9jizgAE2Yfhd4X/DoeQySMAixKuhu8TbvDxb54jeW9+7LVkmlntJ/0SkMgsT+WQ31OfpwDmEGDczYc+Ol14aJS+EW+rnGv9d38bo/cy+EnpNh8iV2rGGoC8fDzFHKU4gqGFSZF/tnD2OfCne0Vjr/GD6kyp2MVcHig19DBg2toGRkHnuY5kLkwOanztXA80IaAmv8e6s62U8CE8ozUZeDBcvBigEkSGx79Vsyiks8+9Kq9xLHLeS5kRT6zSl8whe8U1fIfrgic34KPlozcQVahwCru1XWyQ+9uevih8x4zMftkJ3JBZhPrnlgtx9McntH/Ss9fdUEkNwWpDnq8Xby8/5gMMMwQ13XDB73vqqteDiltMq8i7LRez4iIHfSBBfIkZIzMZAblQXaSm029iBcAAUes7wcGHUl7KOpRy18jNtI3+h7e1Ri6sT2vJYQaove0nzZ5xAjpBKnbJX+lpGVlI00fC2YSTfyNqFA0jkL",
+        "MG4QbKLbQR3enPn6Z/kEUtHrzWBIqYKR7Gvs5QHLPF6417p1O58suZq38Bb8dO5udtgOqNEVAPGmOuidYygWWfWOP5ReggTUk5XlrkvRxCU0MHWbkSKkJ+T4nLjozreqTJ0io41sFVrpxuOugAvXJ6QtMmixSABUaNgU9SkkWf9pOEiJI8dfND51HxJCbXHwsMCMBp5FbaMZmlWPwirRdAox4wbLk9ZLmoWUcorUjdaWhKvT/LnjMgPmwnwwKpN/4MOnRDdAPdzXX3aWHdkzpfsQnqt3UJsTsSaJlzeUja5C5L4CXGyt99qmfcwB8OB9TL4EYTIl3maD/gUWBfckOsji8x2E2c2iuKKrcmMmcChYr4wCjtTjEeVKOAZ2m9mU2MKc2z2hDw3AuZxsY6aOtdAjnrwl5QXGRg9I5LVl5SI5RwnLwk90pJzDGuSSCtSmzh9DUZ4WpfN+1393aTGRqCMOsB4KxbXjspUbVMFJbnXXlsSNWaoFTpHjK6b6Ghi2/re7KJpoKElM3nGs3qvxdvGTKu7LKr/sgKDL6uQLRKoyk8AHSIGX9c8ZUTk7Sq9jV9p4QfV1WFVpaBxSsEmw",
+        "MR0BACgWKis9/AKwG9/ARgGWJn1aM3nU8YXzWG+b7aeRUkVCjl4WxeL38E3FAMLW4UcyLzxeb+CskOqhPPTglmxhK7jQcrNILsWcZvdZfApYIvk5uKqA5FKuUuL48uvD0aKGRENe/VEUFlkQru5YX4Xnp+ZThrJJlgn7ANat/qAdP6ULEcLaOQlLYcGRh5ttsJTRT4+cZQggTJjWt+9idUQ66HfC6zQ1qHcMuochy7GHiUmNXAs0AgwOF9Jwet/Qh74KGMtmppJ9gkEqiYECFQA2gVgKc1AufHJS6S6Re72FfH/UkL41L2hvlwktkD5/hZrUZ1R+RG12Eip2zKgus4g/aGl0V8B/JvkcnFUsZJ6uxs24arOBDJOuzzxky5F5B/hwVGPEdcfHunqndUcx26/KCK72hOljlqTXl8yEbXlcMqVFNByZLr7TnGzGGUlO7kuHPW/ItZUJvrHokpsLLrb3ZhEZ8pTQd75gFcf0Ve8CYzEtk2ISHtNJQV6Iz4AZHWssU6F6YWM/OlJz5JGTtPHfGMJXgl4oxbBjeenS3JQ0X7vWXYMwPe3U1dat6m5hrRC1KzI6e6w+gPDtF8GQ",
+        "DH2WX6XoIseX6lHIey3seUr3DAz82fyk0jL7xc5IDTrDfqS64QBhHDpqHETF/81MrPXsM3IANBfjDOl9g/gua8wWPpPNxuWZMNh0GLcAr6PJ939TCbjE3soZHF2wiA82nZEO8jIZosDVRWFUfJS6Y3nrJz63SExqB6OUdBfvSfz1Y1M/90ofBxkfeuS85deMdn+1rZdsnZJYwz2Z6lCDvYjUTfrSwfVFJBP8Y2BXr8WClUYkfGG4eNG7IPNBRuMmhrhHj5y9z+5Jor+EbbTi5F5Jvdu2/bDM7s32XsaMNLYuVtNYONrbQ+3QZ746/yKZM4hDREvxyGLgDx3Apz7pyvwKm0//iTCY3yJLxZifGLh2uc28cFBln7IH1x8oui4Xq9vF+Z2EH4Ow48Ln5pzggBKMGy4dsfW6266TNYd/Z3SZUi28sxondqhGCSGUo7ZVPAOoYDcYKvjdI/cJ688PHliyZSYBYVmR5HBxZ57sqWwgZQ7zVvwv4CHHysvb92sPrXijHxBIkwpNuK56UMyQCcywlTRLDCMAMNAEGi4fWbDQIoPfn+NixMhEieg3Zh7GXPwHxW8morlgBW5aF76P",
+        "AwClK6Tq9R2DYGf8RAHu9dEttLeOfUVmS4WPwX0NehsnyM7y7n2sgGnXsiva3yFqK1hKZICkVukvHF7/bpgEEm/jRwcAhQUoG+c1qVde38eHJXj58YOBGTveruc+021or9/tHBtenmYPO6+arLQtONi43NKm7+I6ugkgQlp6iBr4haa0XMDTzMX9c8Qm/O+MrVo3qESYKkVtoSSK7SGZTBaRWNF/dOM0NQxeMP+XTVOuroqE23ZNsubBTEZnd4vUilFb/iKnhyT9XnIo7gM/Yz7HLVU5yc3yIj2sFUE+DcwpvcNO5EnPhj3bHsJvf3N4r72+5my2KjoR3KAJE1Imabd54o4xZ/9UaR93qLkVuXMkLRCCU/zlZDtfbJDsRR0C5rSYd2k6IPlNcl7PgmUpsNPUyoDYqvhuRUZxgoUAfKbogzJX8FU/QpllsKVtt68ucBi0bqC5pVKu23j79nDvYQsSlYY3JwJQaM5M558J5qpP1yEF2p4kSRphnB9UR29wWgch5eWZ4a02LlHVM5Msl6W5PdmHt+eFARBRv6edIyYDFzxm4WZroH5F/GxBhM0KObgawkxa5VWsYm0VhhXb",
+        "KACwq8rZuOLHuNnZJA07WzI7kppCwptbcYU2B7t86QcZrnadCtxoM5QNcl9rsbMA26iWCPV3VlDAmLSWcxtMoSKWuo4edJpk8K915xkFU5U6I/901vx5hqAECQDy/Q+QDWmWTXDoVHqFV9wvIj3wCJPpJL/Ewpl0NZd+68jjOjUhjIdNebLrWNK2nhTPiIjFjkcVqEgashpOmnbHT+2MV/CHoixmUEiuRI1B0dvSf7FHGRgbXGBubisuu60g8XTens5zyRo4Qn/LTxIu2aj4LTtyLonV3sXr+y35A1zq5mCrE1f1nOINVzwYYY76iJGIaBkZuMU3366FPIbYkmXwla6RQU1FA0Y7n05qczw7Ie5TveRTByKFtUqW8OAb9vH+H2ezJ4CXE3AGbu/nTj64KClO/zL499GA+97g+X6tTN6xOJdNknlqw6ZnFNtCL8+A3hL4OyOgWD0IGC+xFvcKjDUaaJenCtQvprCJaFrvoOS+yYmixnFqglnPYL/64/Lca8NmDVpPzlHI8HNwUDzKiXTw3q7GnQZWmUYzu1vLIEi6/hyqrULRN1vLdd/8HCMNQFj4ot61UftHtOG8MCKa",
+        "rUABPQ3SEWE5rY16pM+o+7EObLNM1jEa5YCMQM/aen0PWajWNax3Pyo6TZL8aGDXZF0yWqDM3b2m6UHOr6yqsUSrD+0jXPT48QN1VdBmh+AFRK+UcaYO383a0nvtv0c9uHt4yfceXLPGWrNjW+uTnS/lKpCdpE4GfLF1SFHIUcMxT+3At7hwDHNkLXllEXqbgDP8LyQSlYwT5jQUDCOzwc8CSxAryUOj6fN+iLKAiw4haPV/WZDG+JOmDMG2azo8SoBMi3y6Z2Le2fz2dMuvn5DUvCUvazrUmWYx4NEdSzc9GfBc6cXkduMqCs+lT2Ik2GHO0WjhrEB6j5NULOaCtbrislM85P6QutN4Pj9l18pcD6vZCcDTOwMj/BznclH342jeMn7rBgpW1YSzbNGP6KC4NeNW1H2xqNtuyhcJvasx4dwhzO18A36H6HtkiQyJNnfnVHh1oviO6mi3atmnh9B/55ugXM1Wf/6Kv8kJyaKtK8cWo+jCAR0/P/EsPtzToJM9Yk2+qxaPFd3k7T2KXvCQ9D1jLeECxL59L+WDvdBtxOEBD7W0a/Mn/9LuQPOiwARKJSTU+blJ6ezTeo83",
+        "poA1hF4zRh7HF0xVglYoLFqkUR7Pru/qYFnfMKBPuEOOGdgO3MMcAvIZ+w+Ug4THr/6+Vux0TN3wdOB+beObOboLgNE2zaD65lyMFbaulzrEnWjUgIg63CdpQJ2ESaimHGg/GmsipUCndRJ37TbUtn8W112SehsAgrsjiBcuJhw61i4bVfAZEcycq4Y/FlEDxtzoH8WzDoESNbl+r5agLcHGr37BFi81IXS8TLihC1T8b7d6tLb6lpXT+9IR4xAyZTw1IFMDZZEzVmHgYE/Et20/WhkX/oGghkWSpCxR0kynDplk+BEK2oyGKnl+rf4vymhsse2iQ/C99PhaodZjDfuGVSwPLoU0AYyAKaEwmgHPOFbDlrAmNk4iBp+IZYm9guZM2hcQ4GeA5WQyZzw4C1yMywWbdjtL9ZhpClmmPZ28nmwNORAat7tXPJoBBdXFB0gNT/wU7UYIKU5GnAiDIFJ0o8ijnuAMat3AsBki2vxwdypuBq5M6OF9DVA0HRUjOA0l4JHjK8Y282mz3U34PDPQvwCT342uD9cO3uXoSr3T2FnDmsVHz4Q9zYpSjioLmZk9ZTnQWgN5V5Oyat6m"
+     };
+
+    public String getName()
+    {
+        return "ParsingTest";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        inputStreamTest();
+        parserTest();
+    }
+
+    private void parserTest()
+    {
+        for (int i = 0; i != streams.length; i++)
+        {
+            ASN1StreamParser aIn = new ASN1StreamParser(Base64.decode(streams[i]));
+
+            try
+            {
+                Object obj;
+
+                while ((obj = aIn.readObject()) != null)
+                {
+
+                }
+
+                fail("bad stream parsed successfully!");
+            }
+            catch (IOException e)
+            {
+                // ignore
+            }
+        }
+    }
+
+    private void inputStreamTest()
+    {
+        for (int i = 0; i != streams.length; i++)
+        {
+            ASN1InputStream aIn = new ASN1InputStream(Base64.decode(streams[i]));
+
+            try
+            {
+                Object obj;
+
+                while ((obj = aIn.readObject()) != null)
+                {
+
+                }
+
+                fail("bad stream parsed successfully!");
+            }
+            catch (IOException e)
+            {
+                // ignore
+            }
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ParsingTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/PersonalDataUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/PersonalDataUnitTest.java
new file mode 100644
index 0000000..95a3120
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/PersonalDataUnitTest.java
@@ -0,0 +1,121 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.x500.DirectoryString;
+import org.bouncycastle.asn1.x509.sigi.NameOrPseudonym;
+import org.bouncycastle.asn1.x509.sigi.PersonalData;
+
+public class PersonalDataUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "PersonalData";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        NameOrPseudonym nameOrPseudonym = new NameOrPseudonym("pseudonym");
+        BigInteger nameDistinguisher = BigInteger.valueOf(10);
+        ASN1GeneralizedTime dateOfBirth= new ASN1GeneralizedTime("20070315173729Z");
+        DirectoryString placeOfBirth = new DirectoryString("placeOfBirth");
+        String gender = "M";
+        DirectoryString postalAddress = new DirectoryString("address");
+
+        PersonalData data = new PersonalData(nameOrPseudonym, nameDistinguisher, dateOfBirth, placeOfBirth, gender, postalAddress);
+
+        checkConstruction(data, nameOrPseudonym, nameDistinguisher, dateOfBirth, placeOfBirth, gender, postalAddress);
+
+        data = new PersonalData(nameOrPseudonym, null, dateOfBirth, placeOfBirth, gender, postalAddress);
+
+        checkConstruction(data, nameOrPseudonym, null, dateOfBirth, placeOfBirth, gender, postalAddress);
+
+        data = new PersonalData(nameOrPseudonym, nameDistinguisher, null, placeOfBirth, gender, postalAddress);
+
+        checkConstruction(data, nameOrPseudonym, nameDistinguisher, null, placeOfBirth, gender, postalAddress);
+
+        data = new PersonalData(nameOrPseudonym, nameDistinguisher, dateOfBirth, null, gender, postalAddress);
+
+        checkConstruction(data, nameOrPseudonym, nameDistinguisher, dateOfBirth, null, gender, postalAddress);
+
+        data = new PersonalData(nameOrPseudonym, nameDistinguisher, dateOfBirth, placeOfBirth, null, postalAddress);
+
+        checkConstruction(data, nameOrPseudonym, nameDistinguisher, dateOfBirth, placeOfBirth, null, postalAddress);
+
+        data = new PersonalData(nameOrPseudonym, nameDistinguisher, dateOfBirth, placeOfBirth, gender, null);
+
+        checkConstruction(data, nameOrPseudonym, nameDistinguisher, dateOfBirth, placeOfBirth, gender, null);
+
+        data = PersonalData.getInstance(null);
+
+        if (data != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            PersonalData.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        PersonalData data,
+        NameOrPseudonym nameOrPseudonym,
+        BigInteger nameDistinguisher,
+        ASN1GeneralizedTime dateOfBirth,
+        DirectoryString placeOfBirth,
+        String gender,
+        DirectoryString postalAddress)
+        throws IOException
+    {
+        checkValues(data, nameOrPseudonym, nameDistinguisher, dateOfBirth, placeOfBirth, gender, postalAddress);
+
+        data = PersonalData.getInstance(data);
+
+        checkValues(data, nameOrPseudonym, nameDistinguisher, dateOfBirth, placeOfBirth, gender, postalAddress);
+
+        ASN1InputStream aIn = new ASN1InputStream(data.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        data = PersonalData.getInstance(seq);
+
+        checkValues(data, nameOrPseudonym, nameDistinguisher, dateOfBirth, placeOfBirth, gender, postalAddress);
+    }
+
+    private void checkValues(
+        PersonalData data,
+        NameOrPseudonym nameOrPseudonym,
+        BigInteger nameDistinguisher,
+        ASN1GeneralizedTime dateOfBirth,
+        DirectoryString placeOfBirth,
+        String gender,
+        DirectoryString postalAddress)
+    {
+        checkMandatoryField("nameOrPseudonym", nameOrPseudonym, data.getNameOrPseudonym());
+        checkOptionalField("nameDistinguisher", nameDistinguisher, data.getNameDistinguisher());
+        checkOptionalField("dateOfBirth", dateOfBirth, data.getDateOfBirth());
+        checkOptionalField("placeOfBirth", placeOfBirth, data.getPlaceOfBirth());
+        checkOptionalField("gender", gender, data.getGender());
+        checkOptionalField("postalAddress", postalAddress, data.getPostalAddress());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new PersonalDataUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ProcurationSyntaxUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ProcurationSyntaxUnitTest.java
new file mode 100644
index 0000000..32120bb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ProcurationSyntaxUnitTest.java
@@ -0,0 +1,107 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.isismtt.x509.ProcurationSyntax;
+import org.bouncycastle.asn1.x500.DirectoryString;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.IssuerSerial;
+import org.bouncycastle.asn1.x509.X509Name;
+
+public class ProcurationSyntaxUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "ProcurationSyntax";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        String country = "AU";
+        DirectoryString  typeOfSubstitution = new DirectoryString("substitution");
+        GeneralName thirdPerson = new GeneralName(new X509Name("CN=thirdPerson"));
+        IssuerSerial certRef = new IssuerSerial(new GeneralNames(new GeneralName(new X509Name("CN=test"))), new ASN1Integer(1));
+
+        ProcurationSyntax procuration = new ProcurationSyntax(country, typeOfSubstitution, thirdPerson);
+
+        checkConstruction(procuration, country, typeOfSubstitution, thirdPerson, null);
+
+        procuration = new ProcurationSyntax(country, typeOfSubstitution, certRef);
+
+        checkConstruction(procuration, country, typeOfSubstitution, null, certRef);
+
+        procuration = new ProcurationSyntax(null, typeOfSubstitution, certRef);
+
+        checkConstruction(procuration, null, typeOfSubstitution, null, certRef);
+
+        procuration = new ProcurationSyntax(country, null, certRef);
+
+        checkConstruction(procuration, country, null, null, certRef);
+
+        procuration = ProcurationSyntax.getInstance(null);
+
+        if (procuration != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            ProcurationSyntax.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        ProcurationSyntax procuration,
+        String country,
+        DirectoryString  typeOfSubstitution,
+        GeneralName thirdPerson,
+        IssuerSerial certRef)
+        throws IOException
+    {
+        checkValues(procuration, country, typeOfSubstitution, thirdPerson, certRef);
+
+        procuration = ProcurationSyntax.getInstance(procuration);
+
+        checkValues(procuration, country, typeOfSubstitution, thirdPerson, certRef);
+
+        ASN1InputStream aIn = new ASN1InputStream(procuration.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        procuration = ProcurationSyntax.getInstance(seq);
+
+        checkValues(procuration, country, typeOfSubstitution, thirdPerson, certRef);
+    }
+
+    private void checkValues(
+        ProcurationSyntax procuration,
+        String country,
+        DirectoryString  typeOfSubstitution,
+        GeneralName thirdPerson,
+        IssuerSerial certRef)
+    {
+        checkOptionalField("country", country, procuration.getCountry());
+        checkOptionalField("typeOfSubstitution", typeOfSubstitution, procuration.getTypeOfSubstitution());
+        checkOptionalField("thirdPerson", thirdPerson, procuration.getThirdPerson());
+        checkOptionalField("certRef", certRef, procuration.getCertRef());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ProcurationSyntaxUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ProfessionInfoUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ProfessionInfoUnitTest.java
new file mode 100644
index 0000000..34b3307
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ProfessionInfoUnitTest.java
@@ -0,0 +1,117 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.isismtt.x509.NamingAuthority;
+import org.bouncycastle.asn1.isismtt.x509.ProcurationSyntax;
+import org.bouncycastle.asn1.isismtt.x509.ProfessionInfo;
+import org.bouncycastle.asn1.x500.DirectoryString;
+
+public class ProfessionInfoUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "ProfessionInfo";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        NamingAuthority auth =  new NamingAuthority(new ASN1ObjectIdentifier("1.2.3"), "url", new DirectoryString("fred"));
+        DirectoryString[] professionItems = { new DirectoryString("substitution") };
+        ASN1ObjectIdentifier[] professionOids = { new ASN1ObjectIdentifier("1.2.3") };
+        String registrationNumber = "12345";
+        DEROctetString addProfInfo = new DEROctetString(new byte[20]);
+
+        ProfessionInfo info = new ProfessionInfo(auth, professionItems, professionOids, registrationNumber, addProfInfo);
+
+        checkConstruction(info, auth, professionItems, professionOids, registrationNumber, addProfInfo);
+
+        info = new ProfessionInfo(null, professionItems, professionOids, registrationNumber, addProfInfo);
+
+        checkConstruction(info, null, professionItems, professionOids, registrationNumber, addProfInfo);
+
+        info = new ProfessionInfo(auth, professionItems, null, registrationNumber, addProfInfo);
+
+        checkConstruction(info, auth, professionItems, null, registrationNumber, addProfInfo);
+
+        info = new ProfessionInfo(auth, professionItems, professionOids, null, addProfInfo);
+
+        checkConstruction(info, auth, professionItems, professionOids, null, addProfInfo);
+
+        info = new ProfessionInfo(auth, professionItems, professionOids, registrationNumber, null);
+
+        checkConstruction(info, auth, professionItems, professionOids, registrationNumber, null);
+
+        info = ProfessionInfo.getInstance(null);
+
+        if (info != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            ProcurationSyntax.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        ProfessionInfo profInfo,
+        NamingAuthority auth,
+        DirectoryString[] professionItems,
+        ASN1ObjectIdentifier[] professionOids,
+        String registrationNumber,
+        DEROctetString addProfInfo)
+        throws IOException
+    {
+        checkValues(profInfo, auth, professionItems, professionOids, registrationNumber, addProfInfo);
+
+        profInfo = ProfessionInfo.getInstance(profInfo);
+
+        checkValues(profInfo, auth, professionItems, professionOids, registrationNumber, addProfInfo);
+
+        ASN1InputStream aIn = new ASN1InputStream(profInfo.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        profInfo = ProfessionInfo.getInstance(seq);
+
+        checkValues(profInfo, auth, professionItems, professionOids, registrationNumber, addProfInfo);
+    }
+
+    private void checkValues(
+        ProfessionInfo profInfo,
+        NamingAuthority auth,
+        DirectoryString[] professionItems,
+        ASN1ObjectIdentifier[] professionOids,
+        String registrationNumber,
+        DEROctetString addProfInfo)
+    {
+        checkOptionalField("auth", auth, profInfo.getNamingAuthority());
+        checkMandatoryField("professionItems", professionItems[0], profInfo.getProfessionItems()[0]);
+        if (professionOids != null)
+        {
+            checkOptionalField("professionOids", professionOids[0], profInfo.getProfessionOIDs()[0]);
+        }
+        checkOptionalField("registrationNumber", registrationNumber, profInfo.getRegistrationNumber());
+        checkOptionalField("addProfessionInfo", addProfInfo, profInfo.getAddProfessionInfo());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ProfessionInfoUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/QCStatementUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/QCStatementUnitTest.java
new file mode 100644
index 0000000..d7a84a5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/QCStatementUnitTest.java
@@ -0,0 +1,104 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.x509.qualified.QCStatement;
+import org.bouncycastle.asn1.x509.qualified.RFC3739QCObjectIdentifiers;
+import org.bouncycastle.asn1.x509.qualified.SemanticsInformation;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class QCStatementUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "QCStatement";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        QCStatement mv = new QCStatement(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1);
+
+        checkConstruction(mv, RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1, null);
+        
+        ASN1Encodable info = new SemanticsInformation(new ASN1ObjectIdentifier("1.2"));
+        
+        mv = new QCStatement(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1, info);
+
+        checkConstruction(mv, RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1, info);
+        
+        mv = QCStatement.getInstance(null);
+        
+        if (mv != null)
+        {
+            fail("null getInstance() failed.");
+        }
+        
+        try
+        {
+            QCStatement.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+         QCStatement mv,
+         ASN1ObjectIdentifier statementId,
+         ASN1Encodable statementInfo) 
+         throws IOException
+    {
+        checkStatement(mv, statementId, statementInfo);
+        
+        mv = QCStatement.getInstance(mv);
+        
+        checkStatement(mv, statementId, statementInfo);
+        
+        ASN1InputStream aIn = new ASN1InputStream(mv.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+        
+        mv = QCStatement.getInstance(seq);
+        
+        checkStatement(mv, statementId, statementInfo);
+    }
+
+    private void checkStatement(
+        QCStatement         qcs,
+        ASN1ObjectIdentifier statementId,
+        ASN1Encodable       statementInfo)
+        throws IOException
+    {
+        if (!qcs.getStatementId().equals(statementId))
+        {
+            fail("statementIds don't match.");
+        }
+        
+        if (statementInfo != null)
+        {
+            if (!qcs.getStatementInfo().equals(statementInfo))
+            {
+                fail("statementInfos don't match.");
+            }
+        }
+        else if (qcs.getStatementInfo() != null)
+        {
+            fail("statementInfo found when none expected.");
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new QCStatementUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/RFC4519Test.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/RFC4519Test.java
new file mode 100644
index 0000000..8d7e175
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/RFC4519Test.java
@@ -0,0 +1,149 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameStyle;
+import org.bouncycastle.asn1.x500.style.RFC4519Style;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class RFC4519Test
+    extends SimpleTest
+{
+    static String[] attributeTypes =
+        {
+            "businessCategory",
+            "c",
+            "cn",
+            "dc",
+            "description",
+            "destinationIndicator",
+            "distinguishedName",
+            "dnQualifier",
+            "enhancedSearchGuide",
+            "facsimileTelephoneNumber",
+            "generationQualifier",
+            "givenName",
+            "houseIdentifier",
+            "initials",
+            "internationalISDNNumber",
+            "l",
+            "member",
+            "name",
+            "o",
+            "ou",
+            "owner",
+            "physicalDeliveryOfficeName",
+            "postalAddress",
+            "postalCode",
+            "postOfficeBox",
+            "preferredDeliveryMethod",
+            "registeredAddress",
+            "roleOccupant",
+            "searchGuide",
+            "seeAlso",
+            "serialNumber",
+            "sn",
+            "st",
+            "street",
+            "telephoneNumber",
+            "teletexTerminalIdentifier",
+            "telexNumber",
+            "title",
+            "uid",
+            "uniqueMember",
+            "userPassword",
+            "x121Address",
+            "x500UniqueIdentifier"
+        };
+
+    static ASN1ObjectIdentifier[] attributeTypeOIDs =
+        {
+            new ASN1ObjectIdentifier("2.5.4.15"),
+            new ASN1ObjectIdentifier("2.5.4.6"),
+            new ASN1ObjectIdentifier("2.5.4.3"),
+            new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25"),
+            new ASN1ObjectIdentifier("2.5.4.13"),
+            new ASN1ObjectIdentifier("2.5.4.27"),
+            new ASN1ObjectIdentifier("2.5.4.49"),
+            new ASN1ObjectIdentifier("2.5.4.46"),
+            new ASN1ObjectIdentifier("2.5.4.47"),
+            new ASN1ObjectIdentifier("2.5.4.23"),
+            new ASN1ObjectIdentifier("2.5.4.44"),
+            new ASN1ObjectIdentifier("2.5.4.42"),
+            new ASN1ObjectIdentifier("2.5.4.51"),
+            new ASN1ObjectIdentifier("2.5.4.43"),
+            new ASN1ObjectIdentifier("2.5.4.25"),
+            new ASN1ObjectIdentifier("2.5.4.7"),
+            new ASN1ObjectIdentifier("2.5.4.31"),
+            new ASN1ObjectIdentifier("2.5.4.41"),
+            new ASN1ObjectIdentifier("2.5.4.10"),
+            new ASN1ObjectIdentifier("2.5.4.11"),
+            new ASN1ObjectIdentifier("2.5.4.32"),
+            new ASN1ObjectIdentifier("2.5.4.19"),
+            new ASN1ObjectIdentifier("2.5.4.16"),
+            new ASN1ObjectIdentifier("2.5.4.17"),
+            new ASN1ObjectIdentifier("2.5.4.18"),
+            new ASN1ObjectIdentifier("2.5.4.28"),
+            new ASN1ObjectIdentifier("2.5.4.26"),
+            new ASN1ObjectIdentifier("2.5.4.33"),
+            new ASN1ObjectIdentifier("2.5.4.14"),
+            new ASN1ObjectIdentifier("2.5.4.34"),
+            new ASN1ObjectIdentifier("2.5.4.5"),
+            new ASN1ObjectIdentifier("2.5.4.4"),
+            new ASN1ObjectIdentifier("2.5.4.8"),
+            new ASN1ObjectIdentifier("2.5.4.9"),
+            new ASN1ObjectIdentifier("2.5.4.20"),
+            new ASN1ObjectIdentifier("2.5.4.22"),
+            new ASN1ObjectIdentifier("2.5.4.21"),
+            new ASN1ObjectIdentifier("2.5.4.12"),
+            new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1"),
+            new ASN1ObjectIdentifier("2.5.4.50"),
+            new ASN1ObjectIdentifier("2.5.4.35"),
+            new ASN1ObjectIdentifier("2.5.4.24"),
+            new ASN1ObjectIdentifier("2.5.4.45")
+        };
+
+    public String getName()
+    {
+        return "RFC4519Test";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        X500NameStyle style = RFC4519Style.INSTANCE;
+
+        for (int i = 0; i != attributeTypes.length; i++)
+        {
+            if (!attributeTypeOIDs[i].equals(style.attrNameToOID(attributeTypes[i])))
+            {
+                fail("mismatch for " + attributeTypes[i]);
+            }
+        }
+
+        byte[] enc = Hex.decode("305e310b300906035504061302415531283026060355040a0c1f546865204c6567696f6e206f662074686520426f756e637920436173746c653125301006035504070c094d656c626f75726e653011060355040b0c0a4173636f742056616c65");
+
+        X500Name n = new X500Name(style, X500Name.getInstance(enc));
+
+        if (!n.toString().equals("l=Melbourne+ou=Ascot Vale,o=The Legion of the Bouncy Castle,c=AU"))
+        {
+            fail("Failed composite to string test got: " + n.toString());
+        }
+
+        n = new X500Name(style, "l=Melbourne+ou=Ascot Vale,o=The Legion of the Bouncy Castle,c=AU");
+
+        if (!Arrays.areEqual(n.getEncoded(), enc))
+        {
+            fail("re-encoding test after parse failed");
+        }
+    }
+
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new RFC4519Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/ReasonFlagsTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/ReasonFlagsTest.java
new file mode 100644
index 0000000..ebfd126
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/ReasonFlagsTest.java
@@ -0,0 +1,35 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.x509.ReasonFlags;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class ReasonFlagsTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "ReasonFlags";
+    }
+
+    public void performTest()
+        throws IOException
+    {
+        BitStringConstantTester.testFlagValueCorrect(0, ReasonFlags.unused);
+        BitStringConstantTester.testFlagValueCorrect(1, ReasonFlags.keyCompromise);
+        BitStringConstantTester.testFlagValueCorrect(2, ReasonFlags.cACompromise);
+        BitStringConstantTester.testFlagValueCorrect(3, ReasonFlags.affiliationChanged);
+        BitStringConstantTester.testFlagValueCorrect(4, ReasonFlags.superseded);
+        BitStringConstantTester.testFlagValueCorrect(5, ReasonFlags.cessationOfOperation);
+        BitStringConstantTester.testFlagValueCorrect(6, ReasonFlags.certificateHold);
+        BitStringConstantTester.testFlagValueCorrect(7, ReasonFlags.privilegeWithdrawn);
+        BitStringConstantTester.testFlagValueCorrect(8, ReasonFlags.aACompromise);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ReasonFlagsTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/RegressionTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/RegressionTest.java
new file mode 100644
index 0000000..e442729
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/RegressionTest.java
@@ -0,0 +1,92 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class RegressionTest
+{
+    public static Test[]    tests = {
+        new InputStreamTest(),
+        new EqualsAndHashCodeTest(),
+        new TagTest(),
+        new SetTest(),
+        new DERUTF8StringTest(),
+        new CertificateTest(),
+        new GenerationTest(),
+        new CMSTest(),
+        new OCSPTest(),
+        new OIDTest(),
+        new PKCS10Test(),
+        new PKCS12Test(),
+        new X509NameTest(),
+        new X500NameTest(),
+        new X509ExtensionsTest(),
+        new GeneralizedTimeTest(),
+        new BitStringTest(),
+        new MiscTest(),
+        new SMIMETest(),
+        new X9Test(),
+        new MonetaryValueUnitTest(),
+        new BiometricDataUnitTest(),
+        new Iso4217CurrencyCodeUnitTest(),
+        new SemanticsInformationUnitTest(),
+        new QCStatementUnitTest(),
+        new TypeOfBiometricDataUnitTest(),
+        new SignerLocationUnitTest(),
+        new CommitmentTypeQualifierUnitTest(),
+        new CommitmentTypeIndicationUnitTest(),
+        new EncryptedPrivateKeyInfoTest(),
+        new DataGroupHashUnitTest(),
+        new LDSSecurityObjectUnitTest(),
+        new CscaMasterListTest(),
+        new AttributeTableUnitTest(),
+        new ReasonFlagsTest(),
+        new NetscapeCertTypeTest(),
+        new PKIFailureInfoTest(),
+        new KeyUsageTest(),
+        new StringTest(),
+        new UTCTimeTest(),
+        new RequestedCertificateUnitTest(),
+        new OtherCertIDUnitTest(),
+        new OtherSigningCertificateUnitTest(),
+        new ContentHintsUnitTest(),
+        new CertHashUnitTest(),
+        new AdditionalInformationSyntaxUnitTest(),
+        new AdmissionSyntaxUnitTest(),
+        new AdmissionsUnitTest(),
+        new DeclarationOfMajorityUnitTest(),
+        new ProcurationSyntaxUnitTest(),
+        new ProfessionInfoUnitTest(),
+        new RestrictionUnitTest(),
+        new NamingAuthorityUnitTest(),
+        new MonetaryLimitUnitTest(),
+        new NameOrPseudonymUnitTest(),
+        new PersonalDataUnitTest(),
+        new DERApplicationSpecificTest(),
+        new IssuingDistributionPointUnitTest(),
+        new TargetInformationTest(),
+        new SubjectKeyIdentifierTest(),
+        new ESSCertIDv2UnitTest(),
+        new ParsingTest(),
+        new GeneralNameTest(),
+        new ObjectIdentifierTest(),
+        new RFC4519Test()
+    };
+
+    public static void main(
+        String[]    args)
+    {
+        for (int i = 0; i != tests.length; i++)
+        {
+            TestResult  result = tests[i].perform();
+            
+            if (result.getException() != null)
+            {
+                result.getException().printStackTrace();
+            }
+            
+            System.out.println(result);
+        }
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/RequestedCertificateUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/RequestedCertificateUnitTest.java
new file mode 100644
index 0000000..b167e4e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/RequestedCertificateUnitTest.java
@@ -0,0 +1,108 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate;
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.util.encoders.Base64;
+
+public class RequestedCertificateUnitTest
+    extends ASN1UnitTest
+{
+   byte[]  certBytes = Base64.decode(
+           "MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV"
+         + "BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz"
+         + "MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM"
+         + "RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF"
+         + "AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO"
+         + "/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE"
+         + "Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ"
+         + "zl9HYIMxATFyqSiD9jsx");
+
+    public String getName()
+    {
+        return "RequestedCertificate";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        int type = 1;
+        byte[] certOctets = new byte[20];
+        Certificate cert = Certificate.getInstance(certBytes);
+
+        RequestedCertificate requested = new RequestedCertificate(type, certOctets);
+
+        checkConstruction(requested, type, certOctets, null);
+
+        requested = new RequestedCertificate(cert);
+
+        checkConstruction(requested, RequestedCertificate.certificate, null, cert);
+
+        requested = RequestedCertificate.getInstance(null);
+
+        if (requested != null)
+        {
+            fail("null getInstance() failed.");
+        }
+
+        try
+        {
+            RequestedCertificate.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        RequestedCertificate requested,
+        int type,
+        byte[] certOctets,
+        Certificate cert)
+        throws IOException
+    {
+        checkValues(requested, type, certOctets, cert);
+
+        requested = RequestedCertificate.getInstance(requested);
+
+        checkValues(requested, type, certOctets, cert);
+
+        ASN1InputStream aIn = new ASN1InputStream(requested.toASN1Object().getEncoded());
+
+        Object obj = aIn.readObject();
+
+        requested = RequestedCertificate.getInstance(obj);
+
+        checkValues(requested, type, certOctets, cert);
+    }
+
+    private void checkValues(
+        RequestedCertificate requested,
+        int type,
+        byte[] certOctets,
+        Certificate cert)
+        throws IOException
+    {
+        checkMandatoryField("certType", type, requested.getType());
+
+        if (requested.getType() == RequestedCertificate.certificate)
+        {
+            checkMandatoryField("certificate", cert.getEncoded(), requested.getCertificateBytes());
+        }
+        else
+        {
+            checkMandatoryField("certificateOctets", certOctets, requested.getCertificateBytes());
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RequestedCertificateUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/RestrictionUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/RestrictionUnitTest.java
new file mode 100644
index 0000000..3b11305
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/RestrictionUnitTest.java
@@ -0,0 +1,70 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.isismtt.x509.Restriction;
+import org.bouncycastle.asn1.x500.DirectoryString;
+
+public class RestrictionUnitTest
+    extends ASN1UnitTest
+{
+    public String getName()
+    {
+        return "Restriction";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        DirectoryString res = new DirectoryString("test");
+        Restriction restriction = new Restriction(res.getString());
+
+        checkConstruction(restriction, res);
+
+        try
+        {
+            Restriction.getInstance(new Object());
+
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        Restriction restriction,
+        DirectoryString res)
+        throws IOException
+    {
+        checkValues(restriction, res);
+
+        restriction = Restriction.getInstance(restriction);
+
+        checkValues(restriction, res);
+
+        ASN1InputStream aIn = new ASN1InputStream(restriction.toASN1Object().getEncoded());
+
+        ASN1String str = (ASN1String)aIn.readObject();
+
+        restriction = Restriction.getInstance(str);
+
+        checkValues(restriction, res);
+    }
+
+    private void checkValues(
+        Restriction restriction,
+        DirectoryString res)
+    {
+        checkMandatoryField("restriction", res, restriction.getRestriction());
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RestrictionUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/SMIMETest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/SMIMETest.java
new file mode 100644
index 0000000..44d6b1c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/SMIMETest.java
@@ -0,0 +1,109 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.DERGeneralizedTime;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.cms.RecipientKeyIdentifier;
+import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
+import org.bouncycastle.asn1.smime.SMIMECapability;
+import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
+import org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class SMIMETest
+    implements Test
+{
+    byte[] attrBytes = Base64.decode("MDQGCSqGSIb3DQEJDzEnMCUwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsOAwIH");
+    byte[] prefBytes = Base64.decode("MCwGCyqGSIb3DQEJEAILMR2hGwQIAAAAAAAAAAAYDzIwMDcwMzE1MTczNzI5Wg==");
+
+    private boolean isSameAs(
+        byte[]  a,
+        byte[]  b)
+    {
+        if (a.length != b.length)
+        {
+            return false;
+        }
+        
+        for (int i = 0; i != a.length; i++)
+        {
+            if (a[i] != b[i])
+            {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+    
+    public TestResult perform()
+    {
+        SMIMECapabilityVector       caps = new SMIMECapabilityVector();
+                
+        caps.addCapability(SMIMECapability.dES_EDE3_CBC);
+        caps.addCapability(SMIMECapability.rC2_CBC, 128);
+        caps.addCapability(SMIMECapability.dES_CBC);
+                
+        SMIMECapabilitiesAttribute attr = new SMIMECapabilitiesAttribute(caps);
+        
+        SMIMEEncryptionKeyPreferenceAttribute   pref = new SMIMEEncryptionKeyPreferenceAttribute(
+                                                  new RecipientKeyIdentifier(new DEROctetString(new byte[8]), new DERGeneralizedTime("20070315173729Z"), null));
+        
+        try
+        {
+            if (!isSameAs(attr.getEncoded(), attrBytes))
+            {
+                return new SimpleTestResult(false, getName() + ": Failed attr data check");
+            }
+            
+            ByteArrayInputStream    bIn = new ByteArrayInputStream(attrBytes);
+            ASN1InputStream         aIn = new ASN1InputStream(bIn);
+            
+            ASN1Primitive o = aIn.readObject();
+            if (!attr.equals(o))
+            {
+                return new SimpleTestResult(false, getName() + ": Failed equality test for attr");
+            }
+            
+            if (!isSameAs(pref.getEncoded(), prefBytes))
+            {
+                return new SimpleTestResult(false, getName() + ": Failed attr data check");
+            }
+            
+            bIn = new ByteArrayInputStream(prefBytes);
+            aIn = new ASN1InputStream(bIn);
+            
+            o = aIn.readObject();
+            if (!pref.equals(o))
+            {
+                return new SimpleTestResult(false, getName() + ": Failed equality test for pref");
+            }
+            
+            return new SimpleTestResult(true, getName() + ": Okay");
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": Failed - exception " + e.toString(), e);
+        }
+    }
+
+    public String getName()
+    {
+        return "SMIME";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        SMIMETest    test = new SMIMETest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/SemanticsInformationUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/SemanticsInformationUnitTest.java
new file mode 100644
index 0000000..3fd26db
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/SemanticsInformationUnitTest.java
@@ -0,0 +1,135 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.asn1.x509.qualified.SemanticsInformation;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class SemanticsInformationUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "SemanticsInformation";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        ASN1ObjectIdentifier statementId = new ASN1ObjectIdentifier("1.1");
+        SemanticsInformation mv = new SemanticsInformation(statementId);
+
+        checkConstruction(mv, statementId, null);
+        
+        GeneralName[] names = new GeneralName[2];
+        
+        names[0] = new GeneralName(GeneralName.rfc822Name, "test@test.org");
+        names[1] = new GeneralName(new X509Name("cn=test"));
+        
+        mv = new SemanticsInformation(statementId, names);
+
+        checkConstruction(mv, statementId, names);
+        
+        mv = new SemanticsInformation(names);
+
+        checkConstruction(mv, null, names);
+        
+        mv = SemanticsInformation.getInstance(null);
+        
+        if (mv != null)
+        {
+            fail("null getInstance() failed.");
+        }
+        
+        try
+        {
+            SemanticsInformation.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            ASN1EncodableVector v = new ASN1EncodableVector();
+            
+            SemanticsInformation.getInstance(new DERSequence(v));
+            
+            fail("constructor failed to detect empty sequence.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        SemanticsInformation mv,
+        ASN1ObjectIdentifier  semanticsIdentifier,
+        GeneralName[]        names)
+        throws Exception
+    {
+        checkStatement(mv, semanticsIdentifier, names);
+        
+        mv = SemanticsInformation.getInstance(mv);
+        
+        checkStatement(mv, semanticsIdentifier, names);
+        
+        ASN1InputStream aIn = new ASN1InputStream(mv.toASN1Object().getEncoded());
+        
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+
+        mv = SemanticsInformation.getInstance(seq);
+        
+        checkStatement(mv, semanticsIdentifier, names);
+    }
+
+    private void checkStatement(
+        SemanticsInformation si,
+        ASN1ObjectIdentifier  id,
+        GeneralName[]        names)
+    {
+        if (id != null)
+        {
+            if (!si.getSemanticsIdentifier().equals(id))
+            {
+                fail("ids don't match.");
+            }
+        }
+        else if (si.getSemanticsIdentifier() != null)
+        {
+            fail("statementId found when none expected.");
+        }
+        
+        if (names != null)
+        {
+            GeneralName[] siNames = si.getNameRegistrationAuthorities();
+            
+            for (int i = 0; i != siNames.length; i++)
+            {
+                if (!names[i].equals(siNames[i]))
+                {
+                    fail("name registration authorities don't match.");
+                }
+            }
+        }
+        else if (si.getNameRegistrationAuthorities() != null)
+        {
+            fail("name registration authorities found when none expected.");
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SemanticsInformationUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/SetTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/SetTest.java
new file mode 100644
index 0000000..9e568a9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/SetTest.java
@@ -0,0 +1,115 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1Boolean;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.BERSet;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERSet;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Set sorting test example
+ */
+public class SetTest
+    extends SimpleTest
+{
+
+    public String getName()
+    {
+        return "Set";
+    }
+
+    private void checkedSortedSet(int attempt, ASN1Set s)
+    {
+        if (s.getObjectAt(0) instanceof ASN1Boolean
+            && s.getObjectAt(1) instanceof ASN1Integer
+            && s.getObjectAt(2) instanceof DERBitString
+            && s.getObjectAt(3) instanceof DEROctetString)
+        {
+            return;
+        }
+
+        fail("sorting failed on attempt: " + attempt);
+    }
+
+    public void performTest()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+        byte[] data = new byte[10];
+
+        v.add(new DEROctetString(data));
+        v.add(new DERBitString(data));
+        v.add(new ASN1Integer(100));
+        v.add(ASN1Boolean.getInstance(true));
+
+        checkedSortedSet(0, new DERSet(v));
+
+        v = new ASN1EncodableVector();
+        v.add(new ASN1Integer(100));
+        v.add(ASN1Boolean.getInstance(true));
+        v.add(new DEROctetString(data));
+        v.add(new DERBitString(data));
+
+        checkedSortedSet(1, new DERSet(v));
+
+        v = new ASN1EncodableVector();
+        v.add(ASN1Boolean.getInstance(true));
+        v.add(new DEROctetString(data));
+        v.add(new DERBitString(data));
+        v.add(new ASN1Integer(100));
+
+
+        checkedSortedSet(2, new DERSet(v));
+
+        v = new ASN1EncodableVector();
+        v.add(new DERBitString(data));
+        v.add(new DEROctetString(data));
+        v.add(new ASN1Integer(100));
+        v.add(ASN1Boolean.getInstance(true));
+
+        checkedSortedSet(3, new DERSet(v));
+
+        v = new ASN1EncodableVector();
+        v.add(new DEROctetString(data));
+        v.add(new DERBitString(data));
+        v.add(new ASN1Integer(100));
+        v.add(ASN1Boolean.getInstance(true));
+
+        ASN1Set s = new BERSet(v);
+
+        if (!(s.getObjectAt(0) instanceof DEROctetString))
+        {
+            fail("BER set sort order changed.");
+        }
+
+        // create an implicitly tagged "set" without sorting
+        ASN1TaggedObject tag = new DERTaggedObject(false, 1, new DERSequence(v));
+        s = ASN1Set.getInstance(tag, false);
+
+        if (s.getObjectAt(0) instanceof ASN1Boolean)
+        {
+            fail("sorted when shouldn't be.");
+        }
+
+        // equality test
+        v = new ASN1EncodableVector();
+
+        v.add(ASN1Boolean.getInstance(true));
+        v.add(ASN1Boolean.getInstance(true));
+        v.add(ASN1Boolean.getInstance(true));
+
+        s = new DERSet(v);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SetTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/SignerLocationUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/SignerLocationUnitTest.java
new file mode 100644
index 0000000..8d2c2c0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/SignerLocationUnitTest.java
@@ -0,0 +1,197 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.esf.SignerLocation;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class SignerLocationUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "SignerLocation";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        DERUTF8String countryName = new DERUTF8String("Australia");
+        
+        SignerLocation sl = new SignerLocation(countryName, null, null);
+
+        checkConstruction(sl, countryName, null, null);
+
+        DERUTF8String localityName = new DERUTF8String("Melbourne");
+        
+        sl = new SignerLocation(null, localityName, null);
+
+        checkConstruction(sl, null, localityName, null);
+        
+        sl = new SignerLocation(countryName, localityName, null);
+
+        checkConstruction(sl, countryName, localityName, null);
+        
+        ASN1EncodableVector v = new ASN1EncodableVector();
+        
+        v.add(new DERUTF8String("line 1"));
+        v.add(new DERUTF8String("line 2"));
+        
+        ASN1Sequence postalAddress = new DERSequence(v);
+        
+        sl = new SignerLocation(null, null, postalAddress);
+        
+        checkConstruction(sl, null, null, postalAddress);
+        
+        sl = new SignerLocation(countryName, null, postalAddress);
+        
+        checkConstruction(sl, countryName, null, postalAddress);
+        
+        sl = new SignerLocation(countryName, localityName, postalAddress);
+        
+        checkConstruction(sl, countryName, localityName, postalAddress);
+        
+        sl = SignerLocation.getInstance(null);
+        
+        if (sl != null)
+        {
+            fail("null getInstance() failed.");
+        }
+        
+        try
+        {
+            SignerLocation.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+      
+        //
+        // out of range postal address
+        //
+        v = new ASN1EncodableVector();
+        
+        v.add(new DERUTF8String("line 1"));
+        v.add(new DERUTF8String("line 2"));
+        v.add(new DERUTF8String("line 3"));
+        v.add(new DERUTF8String("line 4"));
+        v.add(new DERUTF8String("line 5"));
+        v.add(new DERUTF8String("line 6"));
+        v.add(new DERUTF8String("line 7"));
+        
+        postalAddress = new DERSequence(v);
+        
+        try
+        {
+            new SignerLocation(null, null, postalAddress);
+            
+            fail("constructor failed to detect bad postalAddress.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            SignerLocation.getInstance(new DERSequence(new DERTaggedObject(2, postalAddress)));
+            
+            fail("sequence constructor failed to detect bad postalAddress.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            SignerLocation.getInstance(new DERSequence(new DERTaggedObject(5, postalAddress)));
+            
+            fail("sequence constructor failed to detect bad tag.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    private void checkConstruction(
+        SignerLocation sl,
+        DERUTF8String  countryName,
+        DERUTF8String  localityName,
+        ASN1Sequence   postalAddress) 
+        throws IOException
+    {
+        checkValues(sl, countryName, localityName, postalAddress);
+        
+        sl = SignerLocation.getInstance(sl);
+        
+        checkValues(sl, countryName, localityName, postalAddress);
+        
+        ASN1InputStream aIn = new ASN1InputStream(sl.toASN1Object().getEncoded());
+
+        ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+        
+        sl = SignerLocation.getInstance(seq);
+        
+        checkValues(sl, countryName, localityName, postalAddress);
+    }
+    
+    private void checkValues(
+        SignerLocation sl,
+        DERUTF8String  countryName,
+        DERUTF8String  localityName,
+        ASN1Sequence   postalAddress)
+    {
+        if (countryName != null)
+        {
+            if (!countryName.equals(sl.getCountryName()))
+            {
+                fail("countryNames don't match.");
+            }
+        }
+        else if (sl.getCountryName() != null)
+        {
+            fail("countryName found when none expected.");
+        }
+        
+        if (localityName != null)
+        {
+            if (!localityName.equals(sl.getLocalityName()))
+            {
+                fail("localityNames don't match.");
+            }
+        }
+        else if (sl.getLocalityName() != null)
+        {
+            fail("localityName found when none expected.");
+        }
+        
+        if (postalAddress != null)
+        {
+            if (!postalAddress.equals(sl.getPostalAddress()))
+            {
+                fail("postalAddresses don't match.");
+            }
+        }
+        else if (sl.getPostalAddress() != null)
+        {
+            fail("postalAddress found when none expected.");
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SignerLocationUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/StringTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/StringTest.java
new file mode 100644
index 0000000..426c06a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/StringTest.java
@@ -0,0 +1,161 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.DERBMPString;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERGeneralString;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERNumericString;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERT61String;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.DERUniversalString;
+import org.bouncycastle.asn1.DERVisibleString;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * X.690 test example
+ */
+public class StringTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "String";
+    }
+
+    public void performTest()
+        throws IOException
+    {
+        DERBitString bs = new DERBitString(
+            new byte[] { (byte)0x01,(byte)0x23,(byte)0x45,(byte)0x67,(byte)0x89,(byte)0xab,(byte)0xcd,(byte)0xef });
+
+        if (!bs.getString().equals("#0309000123456789ABCDEF"))
+        {
+            fail("DERBitString.getString() result incorrect");
+        }
+
+        if (!bs.toString().equals("#0309000123456789ABCDEF"))
+        {
+            fail("DERBitString.toString() result incorrect");
+        }
+
+        bs = new DERBitString(
+            new byte[] { (byte)0xfe,(byte)0xdc,(byte)0xba,(byte)0x98,(byte)0x76,(byte)0x54,(byte)0x32,(byte)0x10 });
+
+        if (!bs.getString().equals("#030900FEDCBA9876543210"))
+        {
+            fail("DERBitString.getString() result incorrect");
+        }
+
+        if (!bs.toString().equals("#030900FEDCBA9876543210"))
+        {
+            fail("DERBitString.toString() result incorrect");
+        }
+
+        DERUniversalString us = new DERUniversalString(
+            new byte[] { (byte)0x01,(byte)0x23,(byte)0x45,(byte)0x67,(byte)0x89,(byte)0xab,(byte)0xcd,(byte)0xef });
+
+        if (!us.getString().equals("#1C080123456789ABCDEF"))
+        {
+            fail("DERUniversalString.getString() result incorrect");
+        }
+
+        if (!us.toString().equals("#1C080123456789ABCDEF"))
+        {
+            fail("DERUniversalString.toString() result incorrect");
+        }
+
+        us = new DERUniversalString(
+            new byte[] { (byte)0xfe,(byte)0xdc,(byte)0xba,(byte)0x98,(byte)0x76,(byte)0x54,(byte)0x32,(byte)0x10 });
+
+        if (!us.getString().equals("#1C08FEDCBA9876543210"))
+        {
+            fail("DERUniversalString.getString() result incorrect");
+        }
+
+        if (!us.toString().equals("#1C08FEDCBA9876543210"))
+        {
+            fail("DERUniversalString.toString() result incorrect");
+        }
+
+        byte[] t61Bytes = new byte[] { -1, -2, -3, -4, -5, -6, -7, -8 };
+        String t61String = new String(t61Bytes, "iso-8859-1");
+        DERT61String t61 = new DERT61String(Strings.fromByteArray(t61Bytes));
+
+        if (!t61.getString().equals(t61String))
+        {
+            fail("DERT61String.getString() result incorrect");
+        }
+
+        if (!t61.toString().equals(t61String))
+        {
+            fail("DERT61String.toString() result incorrect");
+        }
+
+        char[] shortChars = new char[] { 'a', 'b', 'c', 'd', 'e'};
+        char[] longChars = new char[1000];
+
+        for (int i = 0; i != longChars.length; i++)
+        {
+            longChars[i] = 'X';
+        }
+
+        checkString(new DERBMPString(new String(shortChars)), new DERBMPString(new String(longChars)));
+        checkString(new DERUTF8String(new String(shortChars)), new DERUTF8String(new String(longChars)));
+        checkString(new DERIA5String(new String(shortChars)), new DERIA5String(new String(longChars)));
+        checkString(new DERPrintableString(new String(shortChars)), new DERPrintableString(new String(longChars)));
+        checkString(new DERVisibleString(new String(shortChars)), new DERVisibleString(new String(longChars)));
+        checkString(new DERGeneralString(new String(shortChars)), new DERGeneralString(new String(longChars)));
+        checkString(new DERT61String(new String(shortChars)), new DERT61String(new String(longChars)));
+
+        shortChars = new char[] { '1', '2', '3', '4', '5'};
+        longChars = new char[1000];
+
+        for (int i = 0; i != longChars.length; i++)
+        {
+            longChars[i] = '1';
+        }
+
+        checkString(new DERNumericString(new String(shortChars)), new DERNumericString(new String(longChars)));
+
+        byte[] shortBytes = new byte[] { (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e'};
+        byte[] longBytes = new byte[1000];
+
+        for (int i = 0; i != longChars.length; i++)
+        {
+            longBytes[i] = (byte)'X';
+        }
+
+        checkString(new DERUniversalString(shortBytes), new DERUniversalString(longBytes));
+
+    }
+
+    private void checkString(ASN1String shortString, ASN1String longString)
+        throws IOException
+    {
+        ASN1String short2 = (ASN1String)ASN1Primitive.fromByteArray(((ASN1Primitive)shortString).getEncoded());
+
+        if (!shortString.toString().equals(short2.toString()))
+        {
+            fail(short2.getClass().getName() + " shortBytes result incorrect");
+        }
+
+        ASN1String long2 = (ASN1String)ASN1Primitive.fromByteArray(((ASN1Primitive)longString).getEncoded());
+
+        if (!longString.toString().equals(long2.toString()))
+        {
+            fail(long2.getClass().getName() + " longBytes result incorrect");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new StringTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/SubjectKeyIdentifierTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/SubjectKeyIdentifierTest.java
new file mode 100644
index 0000000..9887a31
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/SubjectKeyIdentifierTest.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class SubjectKeyIdentifierTest
+    extends SimpleTest
+{
+    private static byte[] pubKeyInfo = Base64.decode(
+        "MFgwCwYJKoZIhvcNAQEBA0kAMEYCQQC6wMMmHYMZszT/7bNFMn+gaZoiWJLVP8ODRuu1C2jeAe" +
+        "QpxM+5Oe7PaN2GNy3nBE4EOYkB5pMJWA0y9n04FX8NAgED");
+
+    private static byte[] shaID = Hex.decode("d8128a06d6c2feb0865994a2936e7b75b836a021");
+    private static byte[] shaTruncID = Hex.decode("436e7b75b836a021");
+
+    public String getName()
+    {
+        return "SubjectKeyIdentifier";
+    }
+
+    public void performTest()
+        throws IOException
+    {
+//        SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pubKeyInfo));
+//        SubjectKeyIdentifier ski = SubjectKeyIdentifier.createSHA1KeyIdentifier(pubInfo);
+//
+//        if (!Arrays.areEqual(shaID, ski.getKeyIdentifier()))
+//        {
+//            fail("SHA-1 ID does not match");
+//        }
+//
+//        ski = SubjectKeyIdentifier.createTruncatedSHA1KeyIdentifier(pubInfo);
+//
+//        if (!Arrays.areEqual(shaTruncID, ski.getKeyIdentifier()))
+//        {
+//            fail("truncated SHA-1 ID does not match");
+//        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SubjectKeyIdentifierTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/TagTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/TagTest.java
new file mode 100644
index 0000000..90489a7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/TagTest.java
@@ -0,0 +1,113 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERApplicationSpecific;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+
+/**
+ * X.690 test example
+ */
+public class TagTest
+    extends SimpleTest
+{
+    byte[] longTagged = Base64.decode(
+                  "ZSRzIp8gEEZFRENCQTk4NzY1NDMyMTCfIQwyMDA2MDQwMTEyMzSUCCAFERVz"
+                + "A4kCAHEXGBkalAggBRcYGRqUCCAFZS6QAkRFkQlURUNITklLRVKSBQECAwQF"
+                + "kxAREhMUFRYXGBkalAggBREVcwOJAgBxFxgZGpQIIAUXGBkalAggBWUukAJE"
+                + "RZEJVEVDSE5JS0VSkgUBAgMEBZMQERITFBUWFxgZGpQIIAURFXMDiQIAcRcY"
+                + "GRqUCCAFFxgZGpQIIAVlLpACREWRCVRFQ0hOSUtFUpIFAQIDBAWTEBESExQV"
+                + "FhcYGRqUCCAFERVzA4kCAHEXGBkalAggBRcYGRqUCCAFFxgZGpQIIAUXGBka"
+                + "lAg=");
+
+    byte[] longAppSpecificTag = Hex.decode("5F610101");
+
+    public String getName()
+    {
+        return "Tag";
+    }
+    
+    public void performTest()
+        throws IOException
+    {
+        ASN1InputStream aIn = new ASN1InputStream(longTagged);
+
+        DERApplicationSpecific app = (DERApplicationSpecific)aIn.readObject();
+        
+        aIn = new ASN1InputStream(app.getContents());
+
+        app = (DERApplicationSpecific)aIn.readObject();
+
+        aIn = new ASN1InputStream(app.getContents());
+
+        ASN1TaggedObject tagged = (ASN1TaggedObject)aIn.readObject();
+
+        if (tagged.getTagNo() != 32)
+        {
+            fail("unexpected tag value found - not 32");
+        }
+
+        tagged = (ASN1TaggedObject)ASN1Primitive.fromByteArray(tagged.getEncoded());
+
+        if (tagged.getTagNo() != 32)
+        {
+            fail("unexpected tag value found on recode - not 32");
+        }
+
+        tagged = (ASN1TaggedObject)aIn.readObject();
+
+        if (tagged.getTagNo() != 33)
+        {
+            fail("unexpected tag value found - not 33");
+        }
+
+        tagged = (ASN1TaggedObject)ASN1Primitive.fromByteArray(tagged.getEncoded());
+
+        if (tagged.getTagNo() != 33)
+        {
+            fail("unexpected tag value found on recode - not 33");
+        }
+
+        aIn = new ASN1InputStream(longAppSpecificTag);
+
+        app = (DERApplicationSpecific)aIn.readObject();
+
+        if (app.getApplicationTag() != 97)
+        {
+            fail("incorrect tag number read");
+        }
+
+        app = (DERApplicationSpecific)ASN1Primitive.fromByteArray(app.getEncoded());
+
+        if (app.getApplicationTag() != 97)
+        {
+            fail("incorrect tag number read on recode");
+        }
+
+        SecureRandom sr = new SecureRandom();
+        for (int i = 0; i < 100; ++i)
+        {
+            int testTag = sr.nextInt() >>> (1 + (sr.nextInt() >>> 1) % 26);
+            app = new DERApplicationSpecific(testTag, new byte[]{ 1 });
+            app = (DERApplicationSpecific)ASN1Primitive.fromByteArray(app.getEncoded());
+
+            if (app.getApplicationTag() != testTag)
+            {
+                fail("incorrect tag number read on recode (random test value: " + testTag + ")");
+            }
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new TagTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/TargetInformationTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/TargetInformationTest.java
new file mode 100644
index 0000000..34dc70f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/TargetInformationTest.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.Target;
+import org.bouncycastle.asn1.x509.TargetInformation;
+import org.bouncycastle.asn1.x509.Targets;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class TargetInformationTest
+    extends SimpleTest
+{
+
+    public String getName()
+    {
+        return "TargetInformation";
+    }
+
+    public void performTest() throws Exception
+    {
+        Target[] targets = new Target[2];
+        Target targetName = new Target(Target.targetName, new GeneralName(GeneralName.dNSName, "www.test.com"));
+        Target targetGroup = new Target(Target.targetGroup, new GeneralName(GeneralName.directoryName, "o=Test, ou=Test"));
+        targets[0] = targetName;
+        targets[1] = targetGroup;
+        Targets targetss = new Targets(targets);
+        TargetInformation targetInformation1 = new TargetInformation(targetss);
+        // use an Target array
+        TargetInformation targetInformation2 = new TargetInformation(targets);
+        // targetInformation1 and targetInformation2 must have same
+        // encoding.
+        if (!targetInformation1.equals(targetInformation2))
+        {
+            fail("targetInformation1 and targetInformation2 should have the same encoding.");
+        }
+        TargetInformation targetInformation3 = TargetInformation.getInstance(targetInformation1);
+        TargetInformation targetInformation4 = TargetInformation.getInstance(targetInformation2);
+        if (!targetInformation3.equals(targetInformation4))
+        {
+            fail("targetInformation3 and targetInformation4 should have the same encoding.");
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new TargetInformationTest());
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/TypeOfBiometricDataUnitTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/TypeOfBiometricDataUnitTest.java
new file mode 100644
index 0000000..add21ce
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/TypeOfBiometricDataUnitTest.java
@@ -0,0 +1,144 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class TypeOfBiometricDataUnitTest 
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "TypeOfBiometricData";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        //
+        // predefined
+        //
+        checkPredefinedType(TypeOfBiometricData.PICTURE);
+        
+        checkPredefinedType(TypeOfBiometricData.HANDWRITTEN_SIGNATURE);
+        
+        //
+        // non-predefined
+        //
+        ASN1ObjectIdentifier localType = new ASN1ObjectIdentifier("1.1");
+        
+        TypeOfBiometricData type = new TypeOfBiometricData(localType);
+
+        checkNonPredefined(type, localType);
+        
+        type = TypeOfBiometricData.getInstance(type);
+        
+        checkNonPredefined(type, localType);
+        
+        ASN1Primitive obj = type.toASN1Primitive();
+        
+        type = TypeOfBiometricData.getInstance(obj);
+        
+        checkNonPredefined(type, localType);
+        
+        type = TypeOfBiometricData.getInstance(null);
+        
+        if (type != null)
+        {
+            fail("null getInstance() failed.");
+        }
+        
+        try
+        {
+            TypeOfBiometricData.getInstance(new Object());
+            
+            fail("getInstance() failed to detect bad object.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            new TypeOfBiometricData(100);
+            
+            fail("constructor failed to detect bad predefined type.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        if (TypeOfBiometricData.PICTURE != 0)
+        {
+            fail("predefined picture should be 0");
+        }
+        
+        if (TypeOfBiometricData.HANDWRITTEN_SIGNATURE != 1)
+        {
+            fail("predefined handwritten signature should be 1");
+        }
+    }
+
+    private void checkPredefinedType(
+        int predefinedType)
+        throws IOException
+    {
+        TypeOfBiometricData type = new TypeOfBiometricData(predefinedType);
+
+        checkPredefined(type, predefinedType);
+        
+        type = TypeOfBiometricData.getInstance(type);
+        
+        checkPredefined(type, predefinedType);
+        
+        ASN1InputStream aIn = new ASN1InputStream(type.toASN1Object().getEncoded());
+
+        ASN1Primitive obj = aIn.readObject();
+
+        type = TypeOfBiometricData.getInstance(obj);
+        
+        checkPredefined(type, predefinedType);
+    }
+
+    private void checkPredefined(
+        TypeOfBiometricData type,
+        int                 value)
+    {
+        if (!type.isPredefined())
+        {
+            fail("predefined type expected but not found.");
+        }
+        
+        if (type.getPredefinedBiometricType() != value)
+        {
+            fail("predefined type does not match.");
+        }
+    }
+    
+    private void checkNonPredefined(
+        TypeOfBiometricData type,
+        ASN1ObjectIdentifier value)
+    {
+        if (type.isPredefined())
+        {
+            fail("predefined type found when not expected.");
+        }
+        
+        if (!type.getBiometricDataOid().equals(value))
+        {
+            fail("data oid does not match.");
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new TypeOfBiometricDataUnitTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/UTCTimeTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/UTCTimeTest.java
new file mode 100644
index 0000000..8067e78
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/UTCTimeTest.java
@@ -0,0 +1,108 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.DERUTCTime;
+import org.bouncycastle.util.test.SimpleTest;
+
+import java.text.SimpleDateFormat;
+import java.util.SimpleTimeZone;
+
+/**
+ * X.690 test example
+ */
+public class UTCTimeTest
+    extends SimpleTest
+{
+    String[] input =
+        {
+            "020122122220Z",
+            "020122122220-1000",
+            "020122122220+1000",
+            "020122122220+00",
+            "0201221222Z",
+            "0201221222-1000",
+            "0201221222+1000",
+            "0201221222+00",
+            "550122122220Z",
+            "5501221222Z"
+        };
+
+    String[] output = {
+            "20020122122220GMT+00:00",
+            "20020122122220GMT-10:00",
+            "20020122122220GMT+10:00",
+            "20020122122220GMT+00:00",
+            "20020122122200GMT+00:00",
+            "20020122122200GMT-10:00",
+            "20020122122200GMT+10:00",
+            "20020122122200GMT+00:00",
+            "19550122122220GMT+00:00",
+            "19550122122200GMT+00:00"
+             };
+
+    String[] zOutput1 = {
+            "20020122122220Z",
+            "20020122222220Z",
+            "20020122022220Z",
+            "20020122122220Z",
+            "20020122122200Z",
+            "20020122222200Z",
+            "20020122022200Z",
+            "20020122122200Z",
+            "19550122122220Z",
+            "19550122122200Z"
+    };
+
+    String[] zOutput2 = {
+            "20020122122220Z",
+            "20020122222220Z",
+            "20020122022220Z",
+            "20020122122220Z",
+            "20020122122200Z",
+            "20020122222200Z",
+            "20020122022200Z",
+            "20020122122200Z",
+            "19550122122220Z",
+            "19550122122200Z"
+    };
+
+    public String getName()
+    {
+        return "UTCTime";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        SimpleDateFormat yyyyF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+        SimpleDateFormat yyF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+
+        yyyyF.setTimeZone(new SimpleTimeZone(0,"Z"));
+        yyF.setTimeZone(new SimpleTimeZone(0,"Z"));
+
+        for (int i = 0; i != input.length; i++)
+        {
+            DERUTCTime t = new DERUTCTime(input[i]);
+
+            if (!t.getAdjustedTime().equals(output[i]))
+            {
+                fail("failed conversion test " + i);
+            }
+
+            if (!yyyyF.format(t.getAdjustedDate()).equals(zOutput1[i]))
+            {
+                fail("failed date conversion test " + i);
+            }
+
+            if (!yyF.format(t.getDate()).equals(zOutput2[i]))
+            {
+                fail("failed date shortened conversion test " + i);
+            }
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new UTCTimeTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/X500NameTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/X500NameTest.java
new file mode 100644
index 0000000..2822f8c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/X500NameTest.java
@@ -0,0 +1,777 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERSet;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.style.BCStrictStyle;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x500.style.IETFUtils;
+import org.bouncycastle.asn1.x509.X509DefaultEntryConverter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class X500NameTest
+    extends SimpleTest
+{
+   String[] subjects =
+   {
+       "C=AU,ST=Victoria,L=South Melbourne,O=Connect 4 Pty Ltd,OU=Webserver Team,CN=www2.connect4.com.au,E=webmaster@connect4.com.au",
+       "C=AU,ST=Victoria,L=South Melbourne,O=Connect 4 Pty Ltd,OU=Certificate Authority,CN=Connect 4 CA,E=webmaster@connect4.com.au",
+       "C=AU,ST=QLD,CN=SSLeay/rsa test cert",
+       "C=US,O=National Aeronautics and Space Administration,SERIALNUMBER=16+CN=Steve Schoch",
+       "E=cooke@issl.atl.hp.com,C=US,OU=Hewlett Packard Company (ISSL),CN=Paul A. Cooke",
+       "O=Sun Microsystems Inc,CN=store.sun.com",
+       "unstructuredAddress=192.168.1.33,unstructuredName=pixfirewall.ciscopix.com,CN=pixfirewall.ciscopix.com",
+       "CN=*.canal-plus.com,OU=Provided by TBS INTERNET http://www.tbs-certificats.com/,OU=\\ CANAL \\+,O=CANAL\\+DISTRIBUTION,L=issy les moulineaux,ST=Hauts de Seine,C=FR",
+       "O=Bouncy Castle,CN=www.bouncycastle.org\\ ",
+       "O=Bouncy Castle,CN=c:\\\\fred\\\\bob",
+    };
+
+    String[] hexSubjects =
+    {
+        "CN=\\20Test\\20X,O=\\20Test,C=GB",    // input
+        "CN=\\ Test X,O=\\ Test,C=GB",          // expected
+        "CN=\\20Test\\20X\\20,O=\\20Test,C=GB",    // input
+        "CN=\\ Test X\\ ,O=\\ Test,C=GB"          // expected
+    };
+
+    public String getName()
+    {
+        return "X500Name";
+    }
+    
+    private static X500Name fromBytes(
+        byte[]  bytes) 
+        throws IOException
+    {
+        return X500Name.getInstance(new ASN1InputStream(new ByteArrayInputStream(bytes)).readObject());
+    }
+
+    private ASN1Encodable createEntryValue(ASN1ObjectIdentifier oid, String value)
+    {
+        X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
+
+        builder.addRDN(oid, value);
+        
+        X500Name name = builder.build();
+
+        ASN1Sequence seq = (ASN1Sequence)name.toASN1Primitive();
+        ASN1Set set = ASN1Set.getInstance(seq.getObjectAt(0).toASN1Primitive());
+        seq = (ASN1Sequence)set.getObjectAt(0);
+
+        return seq.getObjectAt(1);
+    }
+
+    private ASN1Encodable createEntryValueFromString(ASN1ObjectIdentifier oid, String value)
+    {
+        X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
+
+        builder.addRDN(oid, value);
+
+        X500Name name = new X500Name(builder.build().toString());
+
+        ASN1Sequence seq = (ASN1Sequence)name.toASN1Primitive();
+        ASN1Set set = ASN1Set.getInstance(seq.getObjectAt(0).toASN1Primitive());
+        seq = (ASN1Sequence)set.getObjectAt(0);
+
+        return seq.getObjectAt(1);
+    }
+
+    private void testEncodingPrintableString(ASN1ObjectIdentifier oid, String value)
+    {
+        ASN1Encodable converted = createEntryValue(oid, value);
+        if (!(converted instanceof DERPrintableString))
+        {
+            fail("encoding for " + oid + " not printable string");
+        }
+    }
+
+    private void testEncodingIA5String(ASN1ObjectIdentifier oid, String value)
+    {
+        ASN1Encodable converted = createEntryValue(oid, value);
+        if (!(converted instanceof DERIA5String))
+        {
+            fail("encoding for " + oid + " not IA5String");
+        }
+    }
+
+    private void testEncodingUTF8String(ASN1ObjectIdentifier oid, String value)
+        throws IOException
+    {
+        ASN1Encodable converted = createEntryValue(oid, value);
+        if (!(converted instanceof DERUTF8String))
+        {
+            fail("encoding for " + oid + " not IA5String");
+        }
+        if (!value.equals((DERUTF8String.getInstance(converted.toASN1Primitive().getEncoded()).getString())))
+        {
+            fail("decoding not correct");
+        }
+    }
+
+    private void testEncodingGeneralizedTime(ASN1ObjectIdentifier oid, String value)
+    {
+        ASN1Encodable converted = createEntryValue(oid, value);
+        if (!(converted instanceof ASN1GeneralizedTime))
+        {
+            fail("encoding for " + oid + " not GeneralizedTime");
+        }
+        converted = createEntryValueFromString(oid, value);
+        if (!(converted instanceof ASN1GeneralizedTime))
+        {
+            fail("encoding for " + oid + " not GeneralizedTime");
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        ietfUtilsTest();
+
+        testEncodingPrintableString(BCStyle.C, "AU");
+        testEncodingPrintableString(BCStyle.SERIALNUMBER, "123456");
+        testEncodingPrintableString(BCStyle.DN_QUALIFIER, "123456");
+        testEncodingIA5String(BCStyle.EmailAddress, "test@test.com");
+        testEncodingIA5String(BCStyle.DC, "test");
+        // correct encoding
+        testEncodingGeneralizedTime(BCStyle.DATE_OF_BIRTH, "#180F32303032303132323132323232305A");
+        // compatibility encoding
+        testEncodingGeneralizedTime(BCStyle.DATE_OF_BIRTH, "20020122122220Z");
+        testEncodingUTF8String(BCStyle.CN, "Mörsky");
+
+        //
+        // composite
+        //
+        X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
+
+        builder.addRDN(BCStyle.C, "AU");
+        builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
+        builder.addRDN(BCStyle.L, "Melbourne");
+        builder.addRDN(BCStyle.ST, "Victoria");
+        builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
+
+        X500Name    name1 = builder.build();
+
+        if (!name1.equals(name1))
+        {
+            fail("Failed same object test");
+        }
+
+//        if (!name1.equals(name1, true))
+//        {
+//            fail("Failed same object test - in Order");
+//        }
+
+        builder = new X500NameBuilder(BCStyle.INSTANCE);
+
+        builder.addRDN(BCStyle.C, "AU");
+        builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
+        builder.addRDN(BCStyle.L, "Melbourne");
+        builder.addRDN(BCStyle.ST, "Victoria");
+        builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
+
+        X500Name    name2 = builder.build();
+
+        if (!name1.equals(name2))
+        {
+            fail("Failed same name test");
+        }
+
+//        if (!name1.equals(name2, true))
+//        {
+//            fail("Failed same name test - in Order");
+//        }
+
+        if (name1.hashCode() != name2.hashCode())
+        {
+            fail("Failed same name test - in Order");
+        }
+
+        X500NameBuilder builder1 = new X500NameBuilder(BCStyle.INSTANCE);
+
+        builder.addRDN(BCStyle.C, "AU");
+        builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
+        builder.addRDN(BCStyle.L, "Melbourne");
+        builder.addRDN(BCStyle.ST, "Victoria");
+        builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
+
+        X500NameBuilder builder2 = new X500NameBuilder(BCStyle.INSTANCE);
+
+        builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
+        builder.addRDN(BCStyle.C, "AU");
+        builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
+        builder.addRDN(BCStyle.L, "Melbourne");
+        builder.addRDN(BCStyle.ST, "Victoria");
+
+        name1 = builder1.build();
+        name2 = builder2.build();
+
+        if (!name1.equals(name2))
+        {
+            fail("Failed reverse name test");
+        }
+
+        if (name1.hashCode() != name2.hashCode())
+        {
+            fail("Failed reverse name test hashCode");
+        }
+
+//        if (name1.equals(name2, true))
+//        {
+//            fail("Failed reverse name test - in Order");
+//        }
+//
+//        if (!name1.equals(name2, false))
+//        {
+//            fail("Failed reverse name test - in Order false");
+//        }
+
+//        Vector oids = name1.getOIDs();
+//        if (!compareVectors(oids, ord1))
+//        {
+//            fail("oid comparison test");
+//        }
+       /*
+        Vector val1 = new Vector();
+
+        val1.addElement("AU");
+        val1.addElement("The Legion of the Bouncy Castle");
+        val1.addElement("Melbourne");
+        val1.addElement("Victoria");
+        val1.addElement("feedback-crypto@bouncycastle.org");
+
+        name1 = new X500Name(ord1, val1);
+
+        Vector values = name1.getValues();
+        if (!compareVectors(values, val1))
+        {
+            fail("value comparison test");
+        }
+
+        ord2 = new Vector();
+
+        ord2.addElement(X500Name.ST);
+        ord2.addElement(X500Name.ST);
+        ord2.addElement(X500Name.L);
+        ord2.addElement(X500Name.O);
+        ord2.addElement(X500Name.C);
+
+        name1 = new X500Name(ord1, attrs);
+        name2 = new X500Name(ord2, attrs);
+
+        if (name1.equals(name2))
+        {
+            fail("Failed different name test");
+        }
+
+        ord2 = new Vector();
+
+        ord2.addElement(X500Name.ST);
+        ord2.addElement(X500Name.L);
+        ord2.addElement(X500Name.O);
+        ord2.addElement(X500Name.C);
+
+        name1 = new X500Name(ord1, attrs);
+        name2 = new X500Name(ord2, attrs);
+
+        if (name1.equals(name2))
+        {
+            fail("Failed subset name test");
+        }
+
+        compositeTest();
+         */
+        ByteArrayOutputStream bOut;
+        ASN1OutputStream aOut;
+        ASN1InputStream aIn;
+       /*
+        //
+        // getValues test
+        //
+        Vector v1 = name1.getValues(X500Name.O);
+
+        if (v1.size() != 1 || !v1.elementAt(0).equals("The Legion of the Bouncy Castle"))
+        {
+            fail("O test failed");
+        }
+
+        Vector v2 = name1.getValues(X500Name.L);
+
+        if (v2.size() != 1 || !v2.elementAt(0).equals("Melbourne"))
+        {
+            fail("L test failed");
+        }
+       */
+        //
+        // general subjects test
+        //
+        for (int i = 0; i != subjects.length; i++)
+        {
+            X500Name    name = new X500Name(subjects[i]);
+
+            bOut = new ByteArrayOutputStream();
+            aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(name);
+
+            aIn = new ASN1InputStream(new ByteArrayInputStream(bOut.toByteArray()));
+
+            name = X500Name.getInstance(aIn.readObject());
+            if (!name.toString().equals(subjects[i]))
+            {
+                fail("failed regeneration test " + i + " got: " + name.toString() + " expected " + subjects[i]);
+            }
+        }
+
+        for (int i = 0; i < hexSubjects.length; i += 2)
+        {
+            X500Name    name = new X500Name(hexSubjects[i]);
+
+            bOut = new ByteArrayOutputStream();
+            aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(name);
+
+            aIn = new ASN1InputStream(new ByteArrayInputStream(bOut.toByteArray()));
+
+            name = X500Name.getInstance(aIn.readObject());
+            if (!name.toString().equals(hexSubjects[i + 1]))
+            {
+                fail("failed hex regeneration test " + i + " got: " + name.toString() + " expected " + subjects[i]);
+            }
+        }
+
+        //
+        // sort test
+        //
+        X500Name unsorted = new X500Name("SERIALNUMBER=BBB + CN=AA");
+
+        if (!fromBytes(unsorted.getEncoded()).toString().equals("CN=AA+SERIALNUMBER=BBB"))
+        {
+            fail("failed sort test 1");
+        }
+
+        unsorted = new X500Name("CN=AA + SERIALNUMBER=BBB");
+
+        if (!fromBytes(unsorted.getEncoded()).toString().equals("CN=AA+SERIALNUMBER=BBB"))
+        {
+            fail("failed sort test 2");
+        }
+
+        unsorted = new X500Name("SERIALNUMBER=B + CN=AA");
+
+        if (!fromBytes(unsorted.getEncoded()).toString().equals("SERIALNUMBER=B+CN=AA"))
+        {
+            fail("failed sort test 3");
+        }
+
+        unsorted = new X500Name("CN=AA + SERIALNUMBER=B");
+
+        if (!fromBytes(unsorted.getEncoded()).toString().equals("SERIALNUMBER=B+CN=AA"))
+        {
+            fail("failed sort test 4");
+        }
+
+        //
+        // equality tests
+        //
+        equalityTest(new X500Name("CN=The     Legion"), new X500Name("CN=The Legion"));
+        equalityTest(new X500Name("CN=   The Legion"), new X500Name("CN=The Legion"));
+        equalityTest(new X500Name("CN=The Legion   "), new X500Name("CN=The Legion"));
+        equalityTest(new X500Name("CN=  The     Legion "), new X500Name("CN=The Legion"));
+        equalityTest(new X500Name("CN=  the     legion "), new X500Name("CN=The Legion"));
+
+        equalityTest(new X500Name("CN=  the     legion+C=AU, O=Legion "), new X500Name("CN=The Legion+C=AU, O=Legion"));
+        // # test
+
+        X500Name n1 = new X500Name("SERIALNUMBER=8,O=ABC,CN=ABC Class 3 CA,C=LT");
+        X500Name n2 = new X500Name("2.5.4.5=8,O=ABC,CN=ABC Class 3 CA,C=LT");
+        X500Name n3 = new X500Name("2.5.4.5=#130138,O=ABC,CN=ABC Class 3 CA,C=LT");
+
+        equalityTest(n1, n2);
+        equalityTest(n2, n3);
+        equalityTest(n3, n1);
+
+        n1 = new X500Name("2.5.4.5=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT");
+        n2 = new X500Name("SERIALNUMBER=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT");
+        n3 = X500Name.getInstance(ASN1Primitive.fromByteArray(Hex.decode("3063310b3009060355040613024c54312f302d060355040a1326"
+            + "55414220536b6169746d656e696e696f20736572746966696b6176696d6f2063656e74726173311730150603550403130e53534320436c6173732033204341310a30080603550405130138")));
+
+        equalityTest(n1, n2);
+        equalityTest(n2, n3);
+        equalityTest(n3, n1);
+
+        n1 = new X500Name("SERIALNUMBER=8,O=XX,CN=ABC Class 3 CA,C=LT");
+        n2 = new X500Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT");
+
+//        if (n1.equals(n2))
+//        {
+//            fail("empty inequality check failed");
+//        }
+
+        n1 = new X500Name("SERIALNUMBER=8,O=,CN=ABC Class 3 CA,C=LT");
+        n2 = new X500Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT");
+
+        equalityTest(n1, n2);
+
+        equalityTest(X500Name.getInstance(BCStrictStyle.INSTANCE, n1), X500Name.getInstance(BCStrictStyle.INSTANCE, n2));
+
+        n2 = new X500Name("C=LT,2.5.4.5=8,O=,CN=ABC Class 3 CA");
+
+        equalityTest(n1, n2);
+
+        if (X500Name.getInstance(BCStrictStyle.INSTANCE, n1).equals(X500Name.getInstance(BCStrictStyle.INSTANCE, n2)))
+        {
+            fail("strict comparison failed");
+        }
+
+        //
+        // inequality to sequences
+        //
+        name1 = new X500Name("CN=The Legion");
+
+        if (name1.equals(new DERSequence()))
+        {
+            fail("inequality test with sequence");
+        }
+
+        if (name1.equals(new DERSequence(new DERSet())))
+        {
+            fail("inequality test with sequence and set");
+        }
+
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        v.add(new ASN1ObjectIdentifier("1.1"));
+        v.add(new ASN1ObjectIdentifier("1.1"));
+        if (name1.equals(new DERSequence(new DERSet(new DERSet(v)))))
+        {
+            fail("inequality test with sequence and bad set");
+        }
+
+        if (name1.equals(new DERSequence(new DERSet(new DERSet(v)))))
+        {
+            fail("inequality test with sequence and bad set");
+        }
+
+        if (name1.equals(new DERSequence(new DERSet(new DERSequence()))))
+        {
+            fail("inequality test with sequence and short sequence");
+        }
+
+        if (name1.equals(new DERSequence(new DERSet(new DERSequence()))))
+        {
+            fail("inequality test with sequence and short sequence");
+        }
+
+        v = new ASN1EncodableVector();
+
+        v.add(new ASN1ObjectIdentifier("1.1"));
+        v.add(new DERSequence());
+
+        if (name1.equals(new DERSequence(new DERSet(new DERSequence(v)))))
+        {
+            fail("inequality test with sequence and bad sequence");
+        }
+
+        if (name1.equals(null))
+        {
+            fail("inequality test with null");
+        }
+
+//        if (name1.equals(null, true))
+//        {
+//            fail("inequality test with null");
+//        }
+
+        //
+        // this is contrived but it checks sorting of sets with equal elements
+        //
+        unsorted = new X500Name("CN=AA + CN=AA + CN=AA");
+
+        ASN1ObjectIdentifier[] types = unsorted.getAttributeTypes();
+        if (types.length != 3 || !types[0].equals(BCStyle.CN) || !types[1].equals(BCStyle.CN) || !types[2].equals(BCStyle.CN))
+        {
+            fail("types not matched correctly");
+        }
+
+        // general type test
+        X500Name nested = new X500Name("CN=AA + CN=AA, C=AU");
+
+        types = nested.getAttributeTypes();
+        if (types.length != 3 || !types[0].equals(BCStyle.CN) || !types[1].equals(BCStyle.CN) || !types[2].equals(BCStyle.C))
+        {
+            fail("nested types not matched correctly");
+        }
+        //
+        // tagging test - only works if CHOICE implemented
+        //
+        ASN1TaggedObject tag = new DERTaggedObject(false, 1, new X500Name("CN=AA"));
+
+        if (!tag.isExplicit())
+        {
+            fail("failed to explicitly tag CHOICE object");
+        }
+
+        X500Name name = X500Name.getInstance(tag, false);
+
+        if (!name.equals(new X500Name("CN=AA")))
+        {
+            fail("failed to recover tagged name");
+        }
+
+        DERUTF8String testString = new DERUTF8String("The Legion of the Bouncy Castle");
+        byte[] encodedBytes = testString.getEncoded();
+        byte[] hexEncodedBytes = Hex.encode(encodedBytes);
+        String hexEncodedString = "#" + new String(hexEncodedBytes);
+
+        DERUTF8String converted = (DERUTF8String)
+            new X509DefaultEntryConverter().getConvertedValue(
+                BCStyle.L , hexEncodedString);
+
+        if (!converted.equals(testString))
+        {
+            fail("failed X509DefaultEntryConverter test");
+        }
+
+        //
+        // try escaped.
+        //
+        converted = (DERUTF8String)
+            new X509DefaultEntryConverter().getConvertedValue(
+                BCStyle.L , "\\" + hexEncodedString);
+
+        if (!converted.equals(new DERUTF8String(hexEncodedString)))
+        {
+            fail("failed X509DefaultEntryConverter test got " + converted + " expected: " + hexEncodedString);
+        }
+
+        //
+        // try a weird value
+        //
+        X500Name n = new X500Name("CN=\\#nothex#string");
+
+        if (!n.toString().equals("CN=\\#nothex#string"))
+        {
+            fail("# string not properly escaped.");
+        }
+
+        RDN[] vls = n.getRDNs(BCStyle.CN);
+        if (vls.length != 1 || !getValue(vls[0]).equals("#nothex#string"))
+        {
+            fail("escaped # not reduced properly");
+        }
+
+        types = n.getAttributeTypes();
+        if (types.length != 1 || !types[0].equals(BCStyle.CN))
+        {
+            fail("type not matched correctly");
+        }
+
+        n = new X500Name("CN=\"a+b\"");
+
+        vls = n.getRDNs(BCStyle.CN);
+        if (vls.length != 1 || !getValue(vls[0]).equals("a+b"))
+        {
+            fail("escaped + not reduced properly");
+        }
+
+        n = new X500Name("CN=a\\+b");
+
+        vls = n.getRDNs(BCStyle.CN);
+        if (vls.length != 1 || !getValue(vls[0]).equals("a+b"))
+        {
+            fail("escaped + not reduced properly");
+        }
+
+        if (!n.toString().equals("CN=a\\+b"))
+        {
+            fail("+ in string not properly escaped.");
+        }
+
+        n = new X500Name("CN=a\\=b");
+
+        vls = n.getRDNs(BCStyle.CN);
+        if (vls.length != 1 || !getValue(vls[0]).equals("a=b"))
+        {
+            fail("escaped = not reduced properly");
+        }
+
+        if (!n.toString().equals("CN=a\\=b"))
+        {
+            fail("= in string not properly escaped.");
+        }
+
+        n = new X500Name("TELEPHONENUMBER=\"+61999999999\"");
+
+        vls = n.getRDNs(BCStyle.TELEPHONE_NUMBER);
+        if (vls.length != 1 || !getValue(vls[0]).equals("+61999999999"))
+        {
+            fail("telephonenumber escaped + not reduced properly");
+        }
+
+        n = new X500Name("TELEPHONENUMBER=\\+61999999999");
+
+        vls = n.getRDNs(BCStyle.TELEPHONE_NUMBER);
+        if (vls.length != 1 || !getValue(vls[0]).equals("+61999999999"))
+        {
+            fail("telephonenumber escaped + not reduced properly");
+        }
+
+        // test query methods
+        if (!"E".equals(BCStyle.INSTANCE.oidToDisplayName(BCStyle.EmailAddress)))
+        {
+            fail("display name for E incorrect");
+        }
+
+        String[] aliases = BCStyle.INSTANCE.oidToAttrNames(BCStyle.EmailAddress);
+        if (aliases.length != 2)
+        {
+            fail("no aliases found");
+        }
+        if (!("e".equals(aliases[0]) || "e".equals(aliases[1])))
+        {
+            fail("first alias name for E incorrect");
+        }
+        if (!("emailaddress".equals(aliases[0]) || "emailaddress".equals(aliases[1])))
+        {
+            fail("second alias name for E incorrect");
+        }
+
+        if (BCStyle.INSTANCE.oidToDisplayName(new ASN1ObjectIdentifier("1.2.1")) != null)
+        {
+            fail("unknown oid matched!");
+        }
+
+        if (BCStyle.INSTANCE.oidToAttrNames(new ASN1ObjectIdentifier("1.2.1")).length != 0)
+        {
+            fail("unknown oid matched aliases!");
+        }
+
+        if (!new X500Name("CN=\"  CA1 -   CP.04.03\", OU=Testing, OU=Dod, O=U.S. Government, C=US")
+            .equals(new X500Name("CN=\"ca1 - CP.04.03  \", OU=Testing, OU=Dod, O=U.S. Government, C=US")))
+        {
+            fail("padded equality test failed");
+        }
+    }
+
+    private String getValue(RDN vl)
+    {
+        return ((ASN1String)vl.getFirst().getValue()).getString();
+    }
+
+    private void ietfUtilsTest()
+        throws Exception
+    {
+        IETFUtils.valueToString(new DERUTF8String(" "));
+    }
+
+    /*
+  private boolean compareVectors(Vector a, Vector b)    // for compatibility with early JDKs
+  {
+      if (a.size() != b.size())
+      {
+          return false;
+      }
+
+      for (int i = 0; i != a.size(); i++)
+      {
+          if (!a.elementAt(i).equals(b.elementAt(i)))
+          {
+              return false;
+          }
+      }
+
+      return true;
+  }
+
+  private void compositeTest()
+      throws IOException
+  {
+      //
+      // composite test
+      //
+      byte[]  enc = Hex.decode("305e310b300906035504061302415531283026060355040a0c1f546865204c6567696f6e206f662074686520426f756e637920436173746c653125301006035504070c094d656c626f75726e653011060355040b0c0a4173636f742056616c65");
+      ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(enc));
+
+      X500Name    n = X500Name.getInstance(aIn.readObject());
+
+      if (!n.toString().equals("C=AU,O=The Legion of the Bouncy Castle,L=Melbourne+OU=Ascot Vale"))
+      {
+          fail("Failed composite to string test got: " + n.toString());
+      }
+
+      if (!n.toString(true, X500Name.DefaultSymbols).equals("L=Melbourne+OU=Ascot Vale,O=The Legion of the Bouncy Castle,C=AU"))
+      {
+          fail("Failed composite to string test got: " + n.toString(true, X500Name.DefaultSymbols));
+      }
+
+      n = new X500Name(true, "L=Melbourne+OU=Ascot Vale,O=The Legion of the Bouncy Castle,C=AU");
+      if (!n.toString().equals("C=AU,O=The Legion of the Bouncy Castle,L=Melbourne+OU=Ascot Vale"))
+      {
+          fail("Failed composite to string reversal test got: " + n.toString());
+      }
+
+      n = new X500Name("C=AU, O=The Legion of the Bouncy Castle, L=Melbourne + OU=Ascot Vale");
+
+      ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+      ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+      aOut.writeObject(n);
+
+      byte[]  enc2 = bOut.toByteArray();
+
+      if (!Arrays.areEqual(enc, enc2))
+      {
+          fail("Failed composite string to encoding test");
+      }
+
+      //
+      // dud name test - handle empty DN without barfing.
+      //
+      n = new X500Name("C=CH,O=,OU=dummy,CN=mail@dummy.com");
+
+      n = X500Name.getInstance(ASN1Object.fromByteArray(n.getEncoded()));
+  }
+    */
+    private void equalityTest(X500Name name1, X500Name name2)
+    {
+        if (!name1.equals(name2))
+        {
+            fail("equality test failed for " + name1 + " : " + name2);
+        }
+
+        if (name1.hashCode() != name2.hashCode())
+        {
+            fail("hashCodeTest test failed for " + name1 + " : " + name2);
+        }
+    }
+
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new X500NameTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/X509ExtensionsTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/X509ExtensionsTest.java
new file mode 100644
index 0000000..008d4d8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/X509ExtensionsTest.java
@@ -0,0 +1,105 @@
+package org.bouncycastle.asn1.test;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class X509ExtensionsTest
+    extends SimpleTest
+{
+    private static final ASN1ObjectIdentifier OID_2 = new ASN1ObjectIdentifier("1.2.2");
+    private static final ASN1ObjectIdentifier OID_3 = new ASN1ObjectIdentifier("1.2.3");
+    private static final ASN1ObjectIdentifier OID_1 = new ASN1ObjectIdentifier("1.2.1");
+
+    public String getName()
+    {
+        return "X509Extensions";
+    }
+
+    public void performTest() throws Exception
+    {
+        X509ExtensionsGenerator gen = new X509ExtensionsGenerator();
+
+        gen.addExtension(OID_1, true, new byte[20]);
+        gen.addExtension(OID_2, true, new byte[20]);
+
+        X509Extensions ext1 = gen.generate();
+        X509Extensions ext2 = gen.generate();
+
+        if (!ext1.equals(ext2))
+        {
+            fail("equals test failed");
+        }
+
+        gen.reset();
+
+        gen.addExtension(OID_2, true, new byte[20]);
+        gen.addExtension(OID_1, true, new byte[20]);
+
+        ext2 = gen.generate();
+
+        if (ext1.equals(ext2))
+        {
+            fail("inequality test failed");
+        }
+
+        if (!ext1.equivalent(ext2))
+        {
+            fail("equivalence true failed");
+        }
+
+        gen.reset();
+
+        gen.addExtension(OID_1, true, new byte[22]);
+        gen.addExtension(OID_2, true, new byte[20]);
+
+        ext2 = gen.generate();
+
+        if (ext1.equals(ext2))
+        {
+            fail("inequality 1 failed");
+        }
+
+        if (ext1.equivalent(ext2))
+        {
+            fail("non-equivalence 1 failed");
+        }
+
+        gen.reset();
+
+        gen.addExtension(OID_3, true, new byte[20]);
+        gen.addExtension(OID_2, true, new byte[20]);
+
+        ext2 = gen.generate();
+
+        if (ext1.equals(ext2))
+        {
+            fail("inequality 2 failed");
+        }
+
+        if (ext1.equivalent(ext2))
+        {
+            fail("non-equivalence 2 failed");
+        }
+
+        try
+        {
+            gen.addExtension(OID_2, true, new byte[20]);
+            fail("repeated oid");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("extension 1.2.2 already added"))
+            {
+                fail("wrong exception on repeated oid: " + e.getMessage());
+            }
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new X509ExtensionsTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/X509NameTest.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/X509NameTest.java
new file mode 100644
index 0000000..f1ae757
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/X509NameTest.java
@@ -0,0 +1,693 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Hashtable;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERSet;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x509.X509DefaultEntryConverter;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class X509NameTest
+    extends SimpleTest
+{
+   String[] subjects =
+   {
+       "C=AU,ST=Victoria,L=South Melbourne,O=Connect 4 Pty Ltd,OU=Webserver Team,CN=www2.connect4.com.au,E=webmaster@connect4.com.au",
+       "C=AU,ST=Victoria,L=South Melbourne,O=Connect 4 Pty Ltd,OU=Certificate Authority,CN=Connect 4 CA,E=webmaster@connect4.com.au",
+       "C=AU,ST=QLD,CN=SSLeay/rsa test cert",
+       "C=US,O=National Aeronautics and Space Administration,SERIALNUMBER=16+CN=Steve Schoch",
+       "E=cooke@issl.atl.hp.com,C=US,OU=Hewlett Packard Company (ISSL),CN=Paul A. Cooke",
+       "O=Sun Microsystems Inc,CN=store.sun.com",
+       "unstructuredAddress=192.168.1.33,unstructuredName=pixfirewall.ciscopix.com,CN=pixfirewall.ciscopix.com",
+       "CN=*.canal-plus.com,OU=Provided by TBS INTERNET http://www.tbs-certificats.com/,OU=\\ CANAL \\+,O=CANAL\\+DISTRIBUTION,L=issy les moulineaux,ST=Hauts de Seine,C=FR",
+       "O=Bouncy Castle,CN=www.bouncycastle.org\\ ",
+       "O=Bouncy Castle,CN=c:\\\\fred\\\\bob"
+    };
+
+    public String getName()
+    {
+        return "X509Name";
+    }
+    
+    private static X509Name fromBytes(
+        byte[]  bytes) 
+        throws IOException
+    {
+        return X509Name.getInstance(new ASN1InputStream(new ByteArrayInputStream(bytes)).readObject());
+    }
+
+    private ASN1Encodable createEntryValue(ASN1ObjectIdentifier oid, String value)
+    {
+        Hashtable attrs = new Hashtable();
+
+        attrs.put(oid, value);
+
+        Vector order = new Vector();
+
+        order.addElement(oid);
+        
+        X509Name name = new X509Name(order, attrs);
+
+        ASN1Sequence seq = (ASN1Sequence)name.toASN1Primitive();
+        ASN1Set set = (ASN1Set)seq.getObjectAt(0);
+        seq = (ASN1Sequence)set.getObjectAt(0);
+
+        return seq.getObjectAt(1);
+    }
+
+    private ASN1Encodable createEntryValueFromString(ASN1ObjectIdentifier oid, String value)
+    {
+        Hashtable attrs = new Hashtable();
+
+        attrs.put(oid, value);
+
+        Vector order = new Vector();
+
+        order.addElement(oid);
+        
+        X509Name name = new X509Name(new X509Name(order, attrs).toString());
+
+        ASN1Sequence seq = (ASN1Sequence)name.toASN1Primitive();
+        ASN1Set set = (ASN1Set)seq.getObjectAt(0);
+        seq = (ASN1Sequence)set.getObjectAt(0);
+
+        return seq.getObjectAt(1);
+    }
+
+    private void testEncodingPrintableString(ASN1ObjectIdentifier oid, String value)
+    {
+        ASN1Encodable converted = createEntryValue(oid, value);
+        if (!(converted instanceof DERPrintableString))
+        {
+            fail("encoding for " + oid + " not printable string");
+        }
+    }
+
+    private void testEncodingIA5String(ASN1ObjectIdentifier oid, String value)
+    {
+        ASN1Encodable converted = createEntryValue(oid, value);
+        if (!(converted instanceof DERIA5String))
+        {
+            fail("encoding for " + oid + " not IA5String");
+        }
+    }
+
+
+    private void testEncodingUTF8String(ASN1ObjectIdentifier oid, String value)
+        throws IOException
+    {
+        ASN1Encodable converted = createEntryValue(oid, value);
+        if (!(converted instanceof DERUTF8String))
+        {
+            fail("encoding for " + oid + " not IA5String");
+        }
+        if (!value.equals((DERUTF8String.getInstance(converted.toASN1Primitive().getEncoded()).getString())))
+        {
+            fail("decoding not correct");
+        }
+    }
+
+    private void testEncodingGeneralizedTime(ASN1ObjectIdentifier oid, String value)
+    {
+        ASN1Encodable converted = createEntryValue(oid, value);
+        if (!(converted instanceof ASN1GeneralizedTime))
+        {
+            fail("encoding for " + oid + " not GeneralizedTime");
+        }
+        converted = createEntryValueFromString(oid, value);
+        if (!(converted instanceof ASN1GeneralizedTime))
+        {
+            fail("encoding for " + oid + " not GeneralizedTime");
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        testEncodingPrintableString(X509Name.C, "AU");
+        testEncodingPrintableString(X509Name.SERIALNUMBER, "123456");
+        testEncodingPrintableString(X509Name.DN_QUALIFIER, "123456");
+        testEncodingIA5String(X509Name.EmailAddress, "test@test.com");
+        testEncodingIA5String(X509Name.DC, "test");
+        // correct encoding
+        testEncodingGeneralizedTime(X509Name.DATE_OF_BIRTH, "#180F32303032303132323132323232305A");
+        // compatibility encoding
+        testEncodingGeneralizedTime(X509Name.DATE_OF_BIRTH, "20020122122220Z");
+        testEncodingUTF8String(X509Name.CN, "Mörsky");
+        //
+        // composite
+        //
+        Hashtable                   attrs = new Hashtable();
+
+        attrs.put(X509Name.C, "AU");
+        attrs.put(X509Name.O, "The Legion of the Bouncy Castle");
+        attrs.put(X509Name.L, "Melbourne");
+        attrs.put(X509Name.ST, "Victoria");
+        attrs.put(X509Name.E, "feedback-crypto@bouncycastle.org");
+
+        Vector                     order = new Vector();
+
+        order.addElement(X509Name.C);
+        order.addElement(X509Name.O);
+        order.addElement(X509Name.L);
+        order.addElement(X509Name.ST);
+        order.addElement(X509Name.E);
+
+        X509Name    name1 = new X509Name(order, attrs);
+
+        if (!name1.equals(name1))
+        {
+            fail("Failed same object test");
+        }
+
+        if (!name1.equals(name1, true))
+        {
+            fail("Failed same object test - in Order");
+        }
+
+        X509Name    name2 = new X509Name(order, attrs);
+
+        if (!name1.equals(name2))
+        {
+            fail("Failed same name test");
+        }
+
+        if (!name1.equals(name2, true))
+        {
+            fail("Failed same name test - in Order");
+        }
+
+        if (name1.hashCode() != name2.hashCode())
+        {
+            fail("Failed same name test - in Order");
+        }
+
+        Vector  ord1 = new Vector();
+
+        ord1.addElement(X509Name.C);
+        ord1.addElement(X509Name.O);
+        ord1.addElement(X509Name.L);
+        ord1.addElement(X509Name.ST);
+        ord1.addElement(X509Name.E);
+
+        Vector  ord2 = new Vector();
+
+        ord2.addElement(X509Name.E);
+        ord2.addElement(X509Name.ST);
+        ord2.addElement(X509Name.L);
+        ord2.addElement(X509Name.O);
+        ord2.addElement(X509Name.C);
+
+        name1 = new X509Name(ord1, attrs);
+        name2 = new X509Name(ord2, attrs);
+
+        if (!name1.equals(name2))
+        {
+            fail("Failed reverse name test");
+        }
+
+        if (name1.hashCode() != name2.hashCode())
+        {
+            fail("Failed reverse name test hashCode");
+        }
+
+        if (name1.equals(name2, true))
+        {
+            fail("Failed reverse name test - in Order");
+        }
+
+        if (!name1.equals(name2, false))
+        {
+            fail("Failed reverse name test - in Order false");
+        }
+
+        Vector oids = name1.getOIDs();
+        if (!compareVectors(oids, ord1))
+        {
+            fail("oid comparison test");
+        }
+
+        Vector val1 = new Vector();
+
+        val1.addElement("AU");
+        val1.addElement("The Legion of the Bouncy Castle");
+        val1.addElement("Melbourne");
+        val1.addElement("Victoria");
+        val1.addElement("feedback-crypto@bouncycastle.org");
+
+        name1 = new X509Name(ord1, val1);
+        
+        Vector values = name1.getValues();
+        if (!compareVectors(values, val1))
+        {
+            fail("value comparison test");
+        }
+
+        ord2 = new Vector();
+
+        ord2.addElement(X509Name.ST);
+        ord2.addElement(X509Name.ST);
+        ord2.addElement(X509Name.L);
+        ord2.addElement(X509Name.O);
+        ord2.addElement(X509Name.C);
+
+        name1 = new X509Name(ord1, attrs);
+        name2 = new X509Name(ord2, attrs);
+
+        if (name1.equals(name2))
+        {
+            fail("Failed different name test");
+        }
+
+        ord2 = new Vector();
+
+        ord2.addElement(X509Name.ST);
+        ord2.addElement(X509Name.L);
+        ord2.addElement(X509Name.O);
+        ord2.addElement(X509Name.C);
+
+        name1 = new X509Name(ord1, attrs);
+        name2 = new X509Name(ord2, attrs);
+
+        if (name1.equals(name2))
+        {
+            fail("Failed subset name test");
+        }
+
+        compositeTest();
+
+        ByteArrayOutputStream bOut;
+        ASN1OutputStream aOut;
+        ASN1InputStream aIn;
+
+        //
+        // getValues test
+        //
+        Vector v1 = name1.getValues(X509Name.O);
+
+        if (v1.size() != 1 || !v1.elementAt(0).equals("The Legion of the Bouncy Castle"))
+        {
+            fail("O test failed");
+        }
+
+        Vector v2 = name1.getValues(X509Name.L);
+
+        if (v2.size() != 1 || !v2.elementAt(0).equals("Melbourne"))
+        {
+            fail("L test failed");
+        }
+
+        //
+        // general subjects test
+        //
+        for (int i = 0; i != subjects.length; i++)
+        {
+            X509Name    name = new X509Name(subjects[i]);
+
+            bOut = new ByteArrayOutputStream();
+            aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(name);
+
+            aIn = new ASN1InputStream(new ByteArrayInputStream(bOut.toByteArray()));
+
+            name = X509Name.getInstance(aIn.readObject());
+
+            if (!name.toString().equals(subjects[i]))
+            {
+                fail("failed regeneration test " + i + " got " + name.toString());
+            }
+        }
+
+        //
+        // sort test
+        //
+        X509Name unsorted = new X509Name("SERIALNUMBER=BBB + CN=AA");
+
+        if (!fromBytes(unsorted.getEncoded()).toString().equals("CN=AA+SERIALNUMBER=BBB"))
+        {
+            fail("failed sort test 1");
+        }
+
+        unsorted = new X509Name("CN=AA + SERIALNUMBER=BBB");
+
+        if (!fromBytes(unsorted.getEncoded()).toString().equals("CN=AA+SERIALNUMBER=BBB"))
+        {
+            fail("failed sort test 2");
+        }
+
+        unsorted = new X509Name("SERIALNUMBER=B + CN=AA");
+
+        if (!fromBytes(unsorted.getEncoded()).toString().equals("SERIALNUMBER=B+CN=AA"))
+        {
+            fail("failed sort test 3");
+        }
+
+        unsorted = new X509Name("CN=AA + SERIALNUMBER=B");
+
+        if (!fromBytes(unsorted.getEncoded()).toString().equals("SERIALNUMBER=B+CN=AA"))
+        {
+            fail("failed sort test 4");
+        }
+
+        //
+        // equality tests
+        //
+        equalityTest(new X509Name("CN=The     Legion"), new X509Name("CN=The Legion"));
+        equalityTest(new X509Name("CN=   The Legion"), new X509Name("CN=The Legion"));
+        equalityTest(new X509Name("CN=The Legion   "), new X509Name("CN=The Legion"));
+        equalityTest(new X509Name("CN=  The     Legion "), new X509Name("CN=The Legion"));
+        equalityTest(new X509Name("CN=  the     legion "), new X509Name("CN=The Legion"));
+
+        // # test
+
+        X509Name n1 = new X509Name("SERIALNUMBER=8,O=ABC,CN=ABC Class 3 CA,C=LT");
+        X509Name n2 = new X509Name("2.5.4.5=8,O=ABC,CN=ABC Class 3 CA,C=LT");
+        X509Name n3 = new X509Name("2.5.4.5=#130138,O=ABC,CN=ABC Class 3 CA,C=LT");
+
+        equalityTest(n1, n2);
+        equalityTest(n2, n3);
+        equalityTest(n3, n1);
+
+        n1 = new X509Name(true, "2.5.4.5=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT");
+        n2 = new X509Name(true, "SERIALNUMBER=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT");
+        n3 = X509Name.getInstance(ASN1Primitive.fromByteArray(Hex.decode("3063310b3009060355040613024c54312f302d060355040a1326"
+            + "55414220536b6169746d656e696e696f20736572746966696b6176696d6f2063656e74726173311730150603550403130e53534320436c6173732033204341310a30080603550405130138")));
+
+        equalityTest(n1, n2);
+        equalityTest(n2, n3);
+        equalityTest(n3, n1);
+
+        n1 = new X509Name("SERIALNUMBER=8,O=XX,CN=ABC Class 3 CA,C=LT");
+        n2 = new X509Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT");
+
+        if (n1.equals(n2))
+        {
+            fail("empty inequality check failed");
+        }
+
+        n1 = new X509Name("SERIALNUMBER=8,O=,CN=ABC Class 3 CA,C=LT");
+        n2 = new X509Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT");
+
+        equalityTest(n1, n2);
+        
+        //
+        // inequality to sequences
+        //
+        name1 = new X509Name("CN=The Legion");
+
+        if (name1.equals(new DERSequence()))
+        {
+            fail("inequality test with sequence");
+        }
+
+        if (name1.equals(new DERSequence(new DERSet())))
+        {
+            fail("inequality test with sequence and set");
+        }
+
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        v.add(new ASN1ObjectIdentifier("1.1"));
+        v.add(new ASN1ObjectIdentifier("1.1"));
+        if (name1.equals(new DERSequence(new DERSet(new DERSet(v)))))
+        {
+            fail("inequality test with sequence and bad set");
+        }
+
+        if (name1.equals(new DERSequence(new DERSet(new DERSet(v))), true))
+        {
+            fail("inequality test with sequence and bad set");
+        }
+
+        if (name1.equals(new DERSequence(new DERSet(new DERSequence()))))
+        {
+            fail("inequality test with sequence and short sequence");
+        }
+
+        if (name1.equals(new DERSequence(new DERSet(new DERSequence())), true))
+        {
+            fail("inequality test with sequence and short sequence");
+        }
+
+        v = new ASN1EncodableVector();
+
+        v.add(new ASN1ObjectIdentifier("1.1"));
+        v.add(new DERSequence());
+
+        if (name1.equals(new DERSequence(new DERSet(new DERSequence(v)))))
+        {
+            fail("inequality test with sequence and bad sequence");
+        }
+
+        if (name1.equals(null))
+        {
+            fail("inequality test with null");
+        }
+
+        if (name1.equals(null, true))
+        {
+            fail("inequality test with null");
+        }
+
+        //
+        // this is contrived but it checks sorting of sets with equal elements
+        //
+        unsorted = new X509Name("CN=AA + CN=AA + CN=AA");
+
+        //
+        // tagging test - only works if CHOICE implemented
+        //
+        /*
+        ASN1TaggedObject tag = new DERTaggedObject(false, 1, new X509Name("CN=AA"));
+
+        if (!tag.isExplicit())
+        {
+            fail("failed to explicitly tag CHOICE object");
+        }
+
+        X509Name name = X509Name.getInstance(tag, false);
+
+        if (!name.equals(new X509Name("CN=AA")))
+        {
+            fail("failed to recover tagged name");
+        }
+        */
+
+        DERUTF8String testString = new DERUTF8String("The Legion of the Bouncy Castle");
+        byte[] encodedBytes = testString.getEncoded();
+        byte[] hexEncodedBytes = Hex.encode(encodedBytes);
+        String hexEncodedString = "#" + new String(hexEncodedBytes);
+
+        DERUTF8String converted = (DERUTF8String)
+            new X509DefaultEntryConverter().getConvertedValue(
+                X509Name.L , hexEncodedString);
+
+        if (!converted.equals(testString))
+        {
+            fail("failed X509DefaultEntryConverter test");
+        }
+
+        //
+        // try escaped.
+        //
+        converted = (DERUTF8String)
+            new X509DefaultEntryConverter().getConvertedValue(
+                X509Name.L , "\\" + hexEncodedString);
+
+        if (!converted.equals(new DERUTF8String(hexEncodedString)))
+        {
+            fail("failed X509DefaultEntryConverter test got " + converted + " expected: " + hexEncodedString);
+        }
+        
+        //
+        // try a weird value
+        //
+        X509Name n = new X509Name("CN=\\#nothex#string");
+
+        if (!n.toString().equals("CN=\\#nothex#string"))
+        {
+            fail("# string not properly escaped.");
+        }
+
+        Vector vls = n.getValues(X509Name.CN);
+        if (vls.size() != 1 || !vls.elementAt(0).equals("#nothex#string"))
+        {
+            fail("escaped # not reduced properly");
+        }
+
+        n = new X509Name("CN=\"a+b\"");
+
+        vls = n.getValues(X509Name.CN);
+        if (vls.size() != 1 || !vls.elementAt(0).equals("a+b"))
+        {
+            fail("escaped + not reduced properly");
+        }
+
+        n = new X509Name("CN=a\\+b");
+
+        vls = n.getValues(X509Name.CN);
+        if (vls.size() != 1 || !vls.elementAt(0).equals("a+b"))
+        {
+            fail("escaped + not reduced properly");
+        }
+
+        if (!n.toString().equals("CN=a\\+b"))
+        {
+            fail("+ in string not properly escaped.");
+        }
+
+        n = new X509Name("CN=a\\=b");
+
+        vls = n.getValues(X509Name.CN);
+        if (vls.size() != 1 || !vls.elementAt(0).equals("a=b"))
+        {
+            fail("escaped = not reduced properly");
+        }
+
+        if (!n.toString().equals("CN=a\\=b"))
+        {
+            fail("= in string not properly escaped.");
+        }
+
+        n = new X509Name("TELEPHONENUMBER=\"+61999999999\"");
+
+        vls = n.getValues(X509Name.TELEPHONE_NUMBER);
+        if (vls.size() != 1 || !vls.elementAt(0).equals("+61999999999"))
+        {
+            fail("telephonenumber escaped + not reduced properly");
+        }
+
+        n = new X509Name("TELEPHONENUMBER=\\+61999999999");
+
+        vls = n.getValues(X509Name.TELEPHONE_NUMBER);
+        if (vls.size() != 1 || !vls.elementAt(0).equals("+61999999999"))
+        {
+            fail("telephonenumber escaped + not reduced properly");
+        }
+
+        // migration
+        X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
+        builder.addMultiValuedRDN(new ASN1ObjectIdentifier[] { BCStyle.CN, BCStyle.SN }, new String[] { "Thomas", "CVR:12341233-UID:1111" });
+        builder.addRDN(BCStyle.O, "Test");
+        builder.addRDN(BCStyle.C, "DK");
+
+        X500Name subject = builder.build();
+        ASN1Primitive derObject = subject.toASN1Primitive();
+        X509Name instance = X509Name.getInstance(derObject);
+    }
+
+    private boolean compareVectors(Vector a, Vector b)    // for compatibility with early JDKs
+    {
+        if (a.size() != b.size())
+        {
+            return false;
+        }
+
+        for (int i = 0; i != a.size(); i++)
+        {
+            if (!a.elementAt(i).equals(b.elementAt(i)))
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private void compositeTest()
+        throws IOException
+    {
+        //
+        // composite test
+        //
+        byte[]  enc = Hex.decode("305e310b300906035504061302415531283026060355040a0c1f546865204c6567696f6e206f662074686520426f756e637920436173746c653125301006035504070c094d656c626f75726e653011060355040b0c0a4173636f742056616c65");
+        ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(enc));
+
+        X509Name    n = X509Name.getInstance(aIn.readObject());
+
+        if (!n.toString().equals("C=AU,O=The Legion of the Bouncy Castle,L=Melbourne+OU=Ascot Vale"))
+        {
+            fail("Failed composite to string test got: " + n.toString());
+        }
+
+        if (!n.toString(true, X509Name.DefaultSymbols).equals("L=Melbourne+OU=Ascot Vale,O=The Legion of the Bouncy Castle,C=AU"))
+        {
+            fail("Failed composite to string test got: " + n.toString(true, X509Name.DefaultSymbols));
+        }
+
+        n = new X509Name(true, "L=Melbourne+OU=Ascot Vale,O=The Legion of the Bouncy Castle,C=AU");
+        if (!n.toString().equals("C=AU,O=The Legion of the Bouncy Castle,L=Melbourne+OU=Ascot Vale"))
+        {
+            fail("Failed composite to string reversal test got: " + n.toString());
+        }
+
+        n = new X509Name("C=AU, O=The Legion of the Bouncy Castle, L=Melbourne + OU=Ascot Vale");
+
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+        ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+        aOut.writeObject(n);
+
+        byte[]  enc2 = bOut.toByteArray();
+
+        if (!Arrays.areEqual(enc, enc2))
+        {
+            //fail("Failed composite string to encoding test");
+        }
+        
+        //
+        // dud name test - handle empty DN without barfing.
+        //
+        n = new X509Name("C=CH,O=,OU=dummy,CN=mail@dummy.com");
+
+        n = X509Name.getInstance(ASN1Primitive.fromByteArray(n.getEncoded()));
+    }
+
+    private void equalityTest(X509Name x509Name, X509Name x509Name1)
+    {
+        if (!x509Name.equals(x509Name1))
+        {
+            fail("equality test failed for " + x509Name + " : " + x509Name1);
+        }
+
+        if (x509Name.hashCode() != x509Name1.hashCode())
+        {
+            fail("hashCodeTest test failed for " + x509Name + " : " + x509Name1);
+        }
+
+        if (!x509Name.equals(x509Name1, true))
+        {
+            fail("equality test failed for " + x509Name + " : " + x509Name1);
+        }
+    }
+
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new X509NameTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/X9Test.java b/bcprov/src/main/java/org/bouncycastle/asn1/test/X9Test.java
new file mode 100644
index 0000000..effe266
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/X9Test.java
@@ -0,0 +1,173 @@
+package org.bouncycastle.asn1.test;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.sec.ECPrivateKey;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ECPoint;
+import org.bouncycastle.asn1.x9.X9IntegerConverter;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class X9Test
+    extends SimpleTest
+{
+    private byte[] namedPub = Base64.decode("MDcwEwYHKoZIzj0CAQYIKoZIzj0DAQEDIAADG5xRI+Iki/JrvL20hoDUa7Cggzorv5B9yyqSMjYu");
+    private byte[] expPub = Base64.decode(
+                "MIH8MIHXBgcqhkjOPQIBMIHLAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAA" +
+                "AAAH///////zBXBB5///////////////9///////+AAAAAAAB///////wEHiVXBfoqMGZUsfTL" +
+                "A9anUKMMJQEC1JiHF9m6FattPgMVAH1zdBaP/jRxtgqFdoahlHXTv6L/BB8DZ2iujhi7ks/PAF" +
+                "yUmqLG2UhT0OZgu/hUsclQX+laAh5///////////////9///+XXetBs6YFfDxDIUZSZVECAQED" +
+                "IAADG5xRI+Iki/JrvL20hoDUa7Cggzorv5B9yyqSMjYu");
+
+    private byte[] namedPriv = Base64.decode("MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBB" +
+                                                 "gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo=");
+
+    private byte[] expPriv = Base64.decode(
+                "MIIBBAIBADCB1wYHKoZIzj0CATCBywIBATApBgcqhkjOPQEBAh5///////////////9///////" +
+                    "+AAAAAAAB///////8wVwQef///////////////f///////gAAAAAAAf//////8BB4lVwX6KjBmVL" +
+                    "H0ywPWp1CjDCUBAtSYhxfZuhWrbT4DFQB9c3QWj/40cbYKhXaGoZR107+i/wQfA2doro4Yu5LPzw" +
+                    "BclJqixtlIU9DmYLv4VLHJUF/pWgIef///////////////f///l13rQbOmBXw8QyFGUmVRAgEBBC" +
+                    "UwIwIBAQQeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU");
+ 
+    private void encodePublicKey()
+        throws Exception
+    {
+        X9ECParameters          ecP = X962NamedCurves.getByOID(X9ObjectIdentifiers.prime239v3);
+
+        X9IntegerConverter conv = new X9IntegerConverter();
+
+        if (conv.getByteLength(ecP.getCurve()) != 30)
+        {
+            fail("wrong byte length reported for curve");
+        }
+
+        if (ecP.getCurve().getFieldSize() != 239)
+        {
+            fail("wrong field size reported for curve");
+        }
+
+        //
+        // named curve
+        //
+        X962Parameters          params = new X962Parameters(X9ObjectIdentifiers.prime192v1);
+        ECPoint                 point = ecP.getG().multiply(BigInteger.valueOf(100));
+
+        ASN1OctetString         p = new DEROctetString(point.getEncoded(true));
+
+        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), p.getOctets());
+        if (!areEqual(info.getEncoded(), namedPub))
+        {
+            fail("failed public named generation");
+        }
+
+        X9ECPoint               x9P = new X9ECPoint(ecP.getCurve(), p);
+
+        if (!Arrays.areEqual(p.getOctets(), x9P.getPoint().getEncoded()))
+        {
+            fail("point encoding not preserved");
+        }
+
+        ASN1Primitive           o = ASN1Primitive.fromByteArray(namedPub);
+        
+        if (!info.equals(o))
+        {
+            fail("failed public named equality");
+        }
+        
+        //
+        // explicit curve parameters
+        //
+        params = new X962Parameters(ecP);
+        
+        info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), p.getOctets());
+
+        if (!areEqual(info.getEncoded(), expPub))
+        {
+            fail("failed public explicit generation");
+        }
+
+        o = ASN1Primitive.fromByteArray(expPub);
+        
+        if (!info.equals(o))
+        {
+            fail("failed public explicit equality");
+        }
+    }
+    
+    private void encodePrivateKey()
+        throws Exception
+    {
+        X9ECParameters          ecP = X962NamedCurves.getByOID(X9ObjectIdentifiers.prime192v1);
+
+        //
+        // named curve
+        //
+        X962Parameters          params = new X962Parameters(X9ObjectIdentifiers.prime192v1);
+
+        PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), new ECPrivateKey(ecP.getCurve().getOrder().bitLength(), BigInteger.valueOf(10)));
+
+        if (!areEqual(info.getEncoded(), namedPriv))
+        {
+            fail("failed private named generation");
+        }
+
+        ASN1Primitive           o = ASN1Primitive.fromByteArray(namedPriv);
+
+        if (!info.equals(o))
+        {
+            fail("failed private named equality");
+        }
+        
+        //
+        // explicit curve parameters
+        //
+        ecP = X962NamedCurves.getByOID(X9ObjectIdentifiers.prime239v3);
+
+        params = new X962Parameters(ecP);
+        
+        info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), new ECPrivateKey(ecP.getCurve().getOrder().bitLength(), BigInteger.valueOf(20)));
+
+        if (!areEqual(info.getEncoded(), expPriv))
+        {
+            fail("failed private explicit generation");
+        }
+
+        o = ASN1Primitive.fromByteArray(expPriv);
+        
+        if (!info.equals(o))
+        {
+            fail("failed private explicit equality");
+        }
+    }
+    
+    public void performTest()
+        throws Exception
+    {
+        encodePublicKey();
+        encodePrivateKey();
+    }
+
+    public String getName()
+    {
+        return "X9";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new X9Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/test/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/test/package.html
new file mode 100644
index 0000000..df45e19
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/test/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Test programs for the ASN.1 package.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/tsp/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/tsp/package.html
new file mode 100644
index 0000000..d6265f0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/tsp/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting Time Stamp Protocol as described RFC 3161.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145ECBinary.java b/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145ECBinary.java
index 11c2af4..dc9f74c 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145ECBinary.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145ECBinary.java
@@ -12,15 +12,15 @@ import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.x9.X9IntegerConverter;
 import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.field.PolynomialExtensionField;
 import org.bouncycastle.util.Arrays;
 
 public class DSTU4145ECBinary
     extends ASN1Object
 {
-
     BigInteger version = BigInteger.valueOf(0);
 
     DSTU4145BinaryField f;
@@ -31,17 +31,27 @@ public class DSTU4145ECBinary
 
     public DSTU4145ECBinary(ECDomainParameters params)
     {
-        if (!(params.getCurve() instanceof ECCurve.F2m))
+        ECCurve curve = params.getCurve();
+        if (!ECAlgorithms.isF2mCurve(curve))
         {
             throw new IllegalArgumentException("only binary domain is possible");
         }
 
         // We always use big-endian in parameter encoding
-        ECCurve.F2m curve = (ECCurve.F2m)params.getCurve();
-        f = new DSTU4145BinaryField(curve.getM(), curve.getK1(), curve.getK2(), curve.getK3());
+
+        PolynomialExtensionField field = (PolynomialExtensionField)curve.getField();
+        int[] exponents = field.getMinimalPolynomial().getExponentsPresent();
+        if (exponents.length == 3)
+        {
+            f = new DSTU4145BinaryField(exponents[2], exponents[1]);
+        }
+        else if (exponents.length == 5)
+        {
+            f = new DSTU4145BinaryField(exponents[4], exponents[1], exponents[2], exponents[3]);
+        }
+
         a = new ASN1Integer(curve.getA().toBigInteger());
-        X9IntegerConverter converter = new X9IntegerConverter();
-        b = new DEROctetString(converter.integerToBytes(curve.getB().toBigInteger(), converter.getByteLength(curve)));
+        b = new DEROctetString(curve.getB().getEncoded());
         n = new ASN1Integer(params.getN());
         bp = new DEROctetString(DSTU4145PointEncoder.encodePoint(params.getG()));
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145NamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145NamedCurves.java
index 312bacb..0c02ce8 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145NamedCurves.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145NamedCurves.java
@@ -21,17 +21,41 @@ public class DSTU4145NamedCurves
 
     static
     {
+        BigInteger[] n_s = new BigInteger[10];
+        n_s[0] = new BigInteger("400000000000000000002BEC12BE2262D39BCF14D", 16);
+        n_s[1] = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFB12EBCC7D7F29FF7701F", 16);
+        n_s[2] = new BigInteger("800000000000000000000189B4E67606E3825BB2831", 16);
+        n_s[3] = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFB981960435FE5AB64236EF", 16);
+        n_s[4] = new BigInteger("40000000000000000000000069A779CAC1DABC6788F7474F", 16);
+        n_s[5] = new BigInteger("1000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 16);
+        n_s[6] = new BigInteger("800000000000000000000000000000006759213AF182E987D3E17714907D470D", 16);
+        n_s[7] = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC079C2F3825DA70D390FBBA588D4604022B7B7", 16);
+        n_s[8] = new BigInteger("40000000000000000000000000000000000000000000009C300B75A3FA824F22428FD28CE8812245EF44049B2D49", 16);
+        n_s[9] = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBA3175458009A8C0A724F02F81AA8A1FCBAF80D90C7A95110504CF", 16);
+
+        BigInteger[] h_s = new BigInteger[10];
+        h_s[0] = BigInteger.valueOf(2);
+        h_s[1] = BigInteger.valueOf(2);
+        h_s[2] = BigInteger.valueOf(4);
+        h_s[3] = BigInteger.valueOf(2);
+        h_s[4] = BigInteger.valueOf(2);
+        h_s[5] = BigInteger.valueOf(2);
+        h_s[6] = BigInteger.valueOf(4);
+        h_s[7] = BigInteger.valueOf(2);
+        h_s[8] = BigInteger.valueOf(2);
+        h_s[9] = BigInteger.valueOf(2);
+
         ECCurve.F2m[] curves = new ECCurve.F2m[10];
-        curves[0] = new ECCurve.F2m(163, 3, 6, 7, ONE, new BigInteger("5FF6108462A2DC8210AB403925E638A19C1455D21", 16));
-        curves[1] = new ECCurve.F2m(167, 6, ONE, new BigInteger("6EE3CEEB230811759F20518A0930F1A4315A827DAC", 16));
-        curves[2] = new ECCurve.F2m(173, 1, 2, 10, ZERO, new BigInteger("108576C80499DB2FC16EDDF6853BBB278F6B6FB437D9", 16));
-        curves[3] = new ECCurve.F2m(179, 1, 2, 4, ONE, new BigInteger("4A6E0856526436F2F88DD07A341E32D04184572BEB710", 16));
-        curves[4] = new ECCurve.F2m(191, 9, ONE, new BigInteger("7BC86E2102902EC4D5890E8B6B4981ff27E0482750FEFC03", 16));
-        curves[5] = new ECCurve.F2m(233, 1, 4, 9, ONE, new BigInteger("06973B15095675534C7CF7E64A21BD54EF5DD3B8A0326AA936ECE454D2C", 16));
-        curves[6] = new ECCurve.F2m(257, 12, ZERO, new BigInteger("1CEF494720115657E18F938D7A7942394FF9425C1458C57861F9EEA6ADBE3BE10", 16));
-        curves[7] = new ECCurve.F2m(307, 2, 4, 8, ONE, new BigInteger("393C7F7D53666B5054B5E6C6D3DE94F4296C0C599E2E2E241050DF18B6090BDC90186904968BB", 16));
-        curves[8] = new ECCurve.F2m(367, 21, ONE, new BigInteger("43FC8AD242B0B7A6F3D1627AD5654447556B47BF6AA4A64B0C2AFE42CADAB8F93D92394C79A79755437B56995136", 16));
-        curves[9] = new ECCurve.F2m(431, 1, 3, 5, ONE, new BigInteger("03CE10490F6A708FC26DFE8C3D27C4F94E690134D5BFF988D8D28AAEAEDE975936C66BAC536B18AE2DC312CA493117DAA469C640CAF3", 16));
+        curves[0] = new ECCurve.F2m(163, 3, 6, 7, ONE, new BigInteger("5FF6108462A2DC8210AB403925E638A19C1455D21", 16), n_s[0], h_s[0]);
+        curves[1] = new ECCurve.F2m(167, 6, ONE, new BigInteger("6EE3CEEB230811759F20518A0930F1A4315A827DAC", 16), n_s[1], h_s[1]);
+        curves[2] = new ECCurve.F2m(173, 1, 2, 10, ZERO, new BigInteger("108576C80499DB2FC16EDDF6853BBB278F6B6FB437D9", 16), n_s[2], h_s[2]);
+        curves[3] = new ECCurve.F2m(179, 1, 2, 4, ONE, new BigInteger("4A6E0856526436F2F88DD07A341E32D04184572BEB710", 16), n_s[3], h_s[3]);
+        curves[4] = new ECCurve.F2m(191, 9, ONE, new BigInteger("7BC86E2102902EC4D5890E8B6B4981ff27E0482750FEFC03", 16), n_s[4], h_s[4]);
+        curves[5] = new ECCurve.F2m(233, 1, 4, 9, ONE, new BigInteger("06973B15095675534C7CF7E64A21BD54EF5DD3B8A0326AA936ECE454D2C", 16), n_s[5], h_s[5]);
+        curves[6] = new ECCurve.F2m(257, 12, ZERO, new BigInteger("1CEF494720115657E18F938D7A7942394FF9425C1458C57861F9EEA6ADBE3BE10", 16), n_s[6], h_s[6]);
+        curves[7] = new ECCurve.F2m(307, 2, 4, 8, ONE, new BigInteger("393C7F7D53666B5054B5E6C6D3DE94F4296C0C599E2E2E241050DF18B6090BDC90186904968BB", 16), n_s[7], h_s[7]);
+        curves[8] = new ECCurve.F2m(367, 21, ONE, new BigInteger("43FC8AD242B0B7A6F3D1627AD5654447556B47BF6AA4A64B0C2AFE42CADAB8F93D92394C79A79755437B56995136", 16), n_s[8], h_s[8]);
+        curves[9] = new ECCurve.F2m(431, 1, 3, 5, ONE, new BigInteger("03CE10490F6A708FC26DFE8C3D27C4F94E690134D5BFF988D8D28AAEAEDE975936C66BAC536B18AE2DC312CA493117DAA469C640CAF3", 16), n_s[9], h_s[9]);
 
         ECPoint[] points = new ECPoint[10];
         points[0] = curves[0].createPoint(new BigInteger("2E2F85F5DD74CE983A5C4237229DAF8A3F35823BE", 16), new BigInteger("3826F008A8C51D7B95284D9D03FF0E00CE2CD723A", 16));
@@ -45,21 +69,9 @@ public class DSTU4145NamedCurves
         points[8] = curves[8].createPoint(new BigInteger("324A6EDDD512F08C49A99AE0D3F961197A76413E7BE81A400CA681E09639B5FE12E59A109F78BF4A373541B3B9A1", 16), new BigInteger("1AB597A5B4477F59E39539007C7F977D1A567B92B043A49C6B61984C3FE3481AAF454CD41BA1F051626442B3C10", 16));
         points[9] = curves[9].createPoint(new BigInteger("1A62BA79D98133A16BBAE7ED9A8E03C32E0824D57AEF72F88986874E5AAE49C27BED49A2A95058068426C2171E99FD3B43C5947C857D", 16), new BigInteger("70B5E1E14031C1F70BBEFE96BDDE66F451754B4CA5F48DA241F331AA396B8D1839A855C1769B1EA14BA53308B5E2723724E090E02DB9", 16));
 
-        BigInteger[] n_s = new BigInteger[10];
-        n_s[0] = new BigInteger("400000000000000000002BEC12BE2262D39BCF14D", 16);
-        n_s[1] = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFB12EBCC7D7F29FF7701F", 16);
-        n_s[2] = new BigInteger("800000000000000000000189B4E67606E3825BB2831", 16);
-        n_s[3] = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFB981960435FE5AB64236EF", 16);
-        n_s[4] = new BigInteger("40000000000000000000000069A779CAC1DABC6788F7474F", 16);
-        n_s[5] = new BigInteger("1000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 16);
-        n_s[6] = new BigInteger("800000000000000000000000000000006759213AF182E987D3E17714907D470D", 16);
-        n_s[7] = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC079C2F3825DA70D390FBBA588D4604022B7B7", 16);
-        n_s[8] = new BigInteger("40000000000000000000000000000000000000000000009C300B75A3FA824F22428FD28CE8812245EF44049B2D49", 16);
-        n_s[9] = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBA3175458009A8C0A724F02F81AA8A1FCBAF80D90C7A95110504CF", 16);
-
         for (int i = 0; i < params.length; i++)
         {
-            params[i] = new ECDomainParameters(curves[i], points[i], n_s[i]);
+            params[i] = new ECDomainParameters(curves[i], points[i], n_s[i], h_s[i]);
         }
 
         for (int i = 0; i < oids.length; i++)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java b/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java
index 8c16620..3405130 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ua/DSTU4145PointEncoder.java
@@ -7,7 +7,6 @@ import org.bouncycastle.math.ec.ECConstants;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.math.ec.ECFieldElement;
 import org.bouncycastle.math.ec.ECPoint;
-import org.bouncycastle.util.Arrays;
 
 /**
  * DSTU4145 encodes points somewhat differently than X9.62
@@ -15,21 +14,21 @@ import org.bouncycastle.util.Arrays;
  */
 public abstract class DSTU4145PointEncoder
 {
-    private static BigInteger trace(ECFieldElement fe)
+    private static ECFieldElement trace(ECFieldElement fe)
     {
         ECFieldElement t = fe;
-        for (int i = 0; i < fe.getFieldSize() - 1; i++)
+        for (int i = 1; i < fe.getFieldSize(); ++i)
         {
             t = t.square().add(fe);
         }
-        return t.toBigInteger();
+        return t;
     }
 
     /**
      * Solves a quadratic equation <code>z<sup>2</sup> + z = beta</code>(X9.62
      * D.1.6) The other solution is <code>z + 1</code>.
      *
-     * @param beta The value to solve the qradratic equation for.
+     * @param beta The value to solve the quadratic equation for.
      * @return the solution for <code>z<sup>2</sup> + z = beta</code> or
      *         <code>null</code> if no solution exists.
      */
@@ -91,8 +90,8 @@ public abstract class DSTU4145PointEncoder
 
         if (!x.isZero())
         {
-            ECFieldElement y = Q.getAffineYCoord().divide(x);
-            if (trace(y).equals(ECConstants.ONE))
+            ECFieldElement z = Q.getAffineYCoord().divide(x);
+            if (trace(z).isOne())
             {
                 bytes[bytes.length - 1] |= 0x01;
             }
@@ -118,39 +117,38 @@ public abstract class DSTU4145PointEncoder
 
           return curve.decodePoint(bp_enc);*/
 
-        BigInteger k = BigInteger.valueOf(bytes[bytes.length - 1] & 0x1);
-        if (!trace(curve.fromBigInteger(new BigInteger(1, bytes))).equals(curve.getA().toBigInteger()))
+        ECFieldElement k = curve.fromBigInteger(BigInteger.valueOf(bytes[bytes.length - 1] & 0x1));
+
+        ECFieldElement xp = curve.fromBigInteger(new BigInteger(1, bytes));
+        if (!trace(xp).equals(curve.getA()))
         {
-            bytes = Arrays.clone(bytes);
-            bytes[bytes.length - 1] ^= 0x01;
+            xp = xp.addOne();
         }
-        ECFieldElement xp = curve.fromBigInteger(new BigInteger(1, bytes));
+
         ECFieldElement yp = null;
         if (xp.isZero())
         {
-            yp = (ECFieldElement.F2m)curve.getB();
-            for (int i = 0; i < curve.getFieldSize() - 1; i++)
-            {
-                yp = yp.square();
-            }
+            yp = curve.getB().sqrt();
         }
         else
         {
-            ECFieldElement beta = xp.add(curve.getA()).add(
-                curve.getB().multiply(xp.square().invert()));
+            ECFieldElement beta = xp.square().invert().multiply(curve.getB()).add(curve.getA()).add(xp);
             ECFieldElement z = solveQuadraticEquation(curve, beta);
-            if (z == null)
+            if (z != null)
             {
-                throw new RuntimeException("Invalid point compression");
+                if (!trace(z).equals(k))
+                {
+                    z = z.addOne();
+                }
+                yp = xp.multiply(z);
             }
-            if (!trace(z).equals(k))
-            {
-                z = z.addOne();
-            }
-            yp = xp.multiply(z);
         }
 
-        return new ECPoint.F2m(curve, xp, yp);
-    }
+        if (yp == null)
+        {
+            throw new IllegalArgumentException("Invalid point compression");
+        }
 
+        return curve.createPoint(xp.toBigInteger(), yp.toBigInteger());
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ua/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/ua/package.html
new file mode 100644
index 0000000..0fc273f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ua/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for the Ukrainian DSTU standard.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
index 5302552..8a454f2 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
@@ -3,7 +3,10 @@ package org.bouncycastle.asn1.util;
 import java.io.IOException;
 import java.util.Enumeration;
 
+import org.bouncycastle.asn1.ASN1Boolean;
 import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Enumerated;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
@@ -11,8 +14,8 @@ import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1UTCTime;
 import org.bouncycastle.asn1.BERApplicationSpecific;
-import org.bouncycastle.asn1.BERConstructedOctetString;
 import org.bouncycastle.asn1.BEROctetString;
 import org.bouncycastle.asn1.BERSequence;
 import org.bouncycastle.asn1.BERSet;
@@ -21,16 +24,12 @@ import org.bouncycastle.asn1.BERTags;
 import org.bouncycastle.asn1.DERApplicationSpecific;
 import org.bouncycastle.asn1.DERBMPString;
 import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERBoolean;
-import org.bouncycastle.asn1.DEREnumerated;
 import org.bouncycastle.asn1.DERExternal;
-import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DERIA5String;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERPrintableString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERT61String;
-import org.bouncycastle.asn1.DERUTCTime;
 import org.bouncycastle.asn1.DERUTF8String;
 import org.bouncycastle.asn1.DERVisibleString;
 import org.bouncycastle.util.encoders.Hex;
@@ -172,7 +171,7 @@ public class ASN1Dump
         {
             ASN1OctetString oct = (ASN1OctetString)obj;
 
-            if (obj instanceof BEROctetString || obj instanceof  BERConstructedOctetString)
+            if (obj instanceof BEROctetString)
             {
                 buf.append(indent + "BER Constructed Octet String" + "[" + oct.getOctets().length + "] ");
             }
@@ -193,9 +192,9 @@ public class ASN1Dump
         {
             buf.append(indent + "ObjectIdentifier(" + ((ASN1ObjectIdentifier)obj).getId() + ")" + nl);
         }
-        else if (obj instanceof DERBoolean)
+        else if (obj instanceof ASN1Boolean)
         {
-            buf.append(indent + "Boolean(" + ((DERBoolean)obj).isTrue() + ")" + nl);
+            buf.append(indent + "Boolean(" + ((ASN1Boolean)obj).isTrue() + ")" + nl);
         }
         else if (obj instanceof ASN1Integer)
         {
@@ -238,13 +237,13 @@ public class ASN1Dump
         {
             buf.append(indent + "T61String(" + ((DERT61String)obj).getString() + ") " + nl);
         }
-        else if (obj instanceof DERUTCTime)
+        else if (obj instanceof ASN1UTCTime)
         {
-            buf.append(indent + "UTCTime(" + ((DERUTCTime)obj).getTime() + ") " + nl);
+            buf.append(indent + "UTCTime(" + ((ASN1UTCTime)obj).getTime() + ") " + nl);
         }
-        else if (obj instanceof DERGeneralizedTime)
+        else if (obj instanceof ASN1GeneralizedTime)
         {
-            buf.append(indent + "GeneralizedTime(" + ((DERGeneralizedTime)obj).getTime() + ") " + nl);
+            buf.append(indent + "GeneralizedTime(" + ((ASN1GeneralizedTime)obj).getTime() + ") " + nl);
         }
         else if (obj instanceof BERApplicationSpecific)
         {
@@ -254,9 +253,9 @@ public class ASN1Dump
         {
             buf.append(outputApplicationSpecific("DER", indent, verbose, obj, nl));
         }
-        else if (obj instanceof DEREnumerated)
+        else if (obj instanceof ASN1Enumerated)
         {
-            DEREnumerated en = (DEREnumerated) obj;
+            ASN1Enumerated en = (ASN1Enumerated) obj;
             buf.append(indent + "DER Enumerated(" + en.getValue() + ")" + nl);
         }
         else if (obj instanceof DERExternal)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/util/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/util/package.html
new file mode 100644
index 0000000..1db893d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/util/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+An ASN.1 dump utility.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/x500/package.html
new file mode 100644
index 0000000..9a3f9c6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for the creation and processing of object based on X.500 names.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/AbstractX500NameStyle.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/AbstractX500NameStyle.java
new file mode 100644
index 0000000..9792d40
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/AbstractX500NameStyle.java
@@ -0,0 +1,192 @@
+package org.bouncycastle.asn1.x500.style;
+
+import java.io.IOException;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameStyle;
+
+/**
+ * This class provides some default behavior and common implementation for a
+ * X500NameStyle. It should be easily extendable to support implementing the
+ * desired X500NameStyle.
+ */
+public abstract class AbstractX500NameStyle
+    implements X500NameStyle
+{
+
+    /**
+     * Tool function to shallow copy a Hashtable.
+     *
+     * @param paramsMap table to copy
+     * @return the copy of the table
+     */
+    public static Hashtable copyHashTable(Hashtable paramsMap)
+    {
+        Hashtable newTable = new Hashtable();
+
+        Enumeration keys = paramsMap.keys();
+        while (keys.hasMoreElements())
+        {
+            Object key = keys.nextElement();
+            newTable.put(key, paramsMap.get(key));
+        }
+
+        return newTable;
+    }
+
+    private int calcHashCode(ASN1Encodable enc)
+    {
+        String value = IETFUtils.valueToString(enc);
+        value = IETFUtils.canonicalize(value);
+        return value.hashCode();
+    }
+
+    public int calculateHashCode(X500Name name)
+    {
+        int hashCodeValue = 0;
+        RDN[] rdns = name.getRDNs();
+
+        // this needs to be order independent, like equals
+        for (int i = 0; i != rdns.length; i++)
+        {
+            if (rdns[i].isMultiValued())
+            {
+                AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
+
+                for (int j = 0; j != atv.length; j++)
+                {
+                    hashCodeValue ^= atv[j].getType().hashCode();
+                    hashCodeValue ^= calcHashCode(atv[j].getValue());
+                }
+            }
+            else
+            {
+                hashCodeValue ^= rdns[i].getFirst().getType().hashCode();
+                hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue());
+            }
+        }
+
+        return hashCodeValue;
+    }
+
+
+    /**
+     * For all string values starting with '#' is assumed, that these are
+     * already valid ASN.1 objects encoded in hex.
+     * <p>
+     * All other string values are send to
+     * {@link AbstractX500NameStyle#encodeStringValue(ASN1ObjectIdentifier, String)}.
+     * </p>
+     * Subclasses should overwrite
+     * {@link AbstractX500NameStyle#encodeStringValue(ASN1ObjectIdentifier, String)}
+     * to change the encoding of specific types.
+     *
+     * @param oid the DN name of the value.
+     * @param value the String representation of the value.
+     */
+    public ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value)
+    {
+        if (value.length() != 0 && value.charAt(0) == '#')
+        {
+            try
+            {
+                return IETFUtils.valueFromHexString(value, 1);
+            }
+            catch (IOException e)
+            {
+                throw new RuntimeException("can't recode value for oid " + oid.getId());
+            }
+        }
+
+        if (value.length() != 0 && value.charAt(0) == '\\')
+        {
+            value = value.substring(1);
+        }
+
+        return encodeStringValue(oid, value);
+    }
+
+    /**
+     * Encoded every value into a UTF8String.
+     * <p>
+     * Subclasses should overwrite
+     * this method to change the encoding of specific types.
+     * </p>
+     *
+     * @param oid the DN oid of the value
+     * @param value the String representation of the value
+     * @return a the value encoded into a ASN.1 object. Never returns <code>null</code>.
+     */
+    protected ASN1Encodable encodeStringValue(ASN1ObjectIdentifier oid, String value)
+    {
+        return new DERUTF8String(value);
+    }
+
+    public boolean areEqual(X500Name name1, X500Name name2)
+    {
+        RDN[] rdns1 = name1.getRDNs();
+        RDN[] rdns2 = name2.getRDNs();
+
+        if (rdns1.length != rdns2.length)
+        {
+            return false;
+        }
+
+        boolean reverse = false;
+
+        if (rdns1[0].getFirst() != null && rdns2[0].getFirst() != null)
+        {
+            reverse = !rdns1[0].getFirst().getType().equals(rdns2[0].getFirst().getType());  // guess forward
+        }
+
+        for (int i = 0; i != rdns1.length; i++)
+        {
+            if (!foundMatch(reverse, rdns1[i], rdns2))
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private boolean foundMatch(boolean reverse, RDN rdn, RDN[] possRDNs)
+    {
+        if (reverse)
+        {
+            for (int i = possRDNs.length - 1; i >= 0; i--)
+            {
+                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+                {
+                    possRDNs[i] = null;
+                    return true;
+                }
+            }
+        }
+        else
+        {
+            for (int i = 0; i != possRDNs.length; i++)
+            {
+                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+                {
+                    possRDNs[i] = null;
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    protected boolean rdnAreEqual(RDN rdn1, RDN rdn2)
+    {
+        return IETFUtils.rDNAreEqual(rdn1, rdn2);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
index 6842182..1c2a926 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
@@ -1,7 +1,5 @@
 package org.bouncycastle.asn1.x500.style;
 
-import java.io.IOException;
-import java.util.Enumeration;
 import java.util.Hashtable;
 
 import org.bouncycastle.asn1.ASN1Encodable;
@@ -9,16 +7,14 @@ import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERIA5String;
 import org.bouncycastle.asn1.DERPrintableString;
-import org.bouncycastle.asn1.DERUTF8String;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
 import org.bouncycastle.asn1.x500.RDN;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x500.X500NameStyle;
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 
 public class BCStyle
-    implements X500NameStyle
+    extends AbstractX500NameStyle
 {
     /**
      * country code - StringType(SIZE(2))
@@ -285,42 +281,24 @@ public class BCStyle
         defaultSymbols = copyHashTable(DefaultSymbols);
         defaultLookUp = copyHashTable(DefaultLookUp);
     }
-    
-    public ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value)
-    {
-        if (value.length() != 0 && value.charAt(0) == '#')
+
+    protected ASN1Encodable encodeStringValue(ASN1ObjectIdentifier oid,
+    		String value) {
+    	if (oid.equals(EmailAddress) || oid.equals(DC))
         {
-            try
-            {
-                return IETFUtils.valueFromHexString(value, 1);
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("can't recode value for oid " + oid.getId());
-            }
+            return new DERIA5String(value);
         }
-        else
+        else if (oid.equals(DATE_OF_BIRTH))  // accept time string as well as # (for compatibility)
         {
-            if (value.length() != 0 && value.charAt(0) == '\\')
-            {
-                value = value.substring(1);
-            }
-            if (oid.equals(EmailAddress) || oid.equals(DC))
-            {
-                return new DERIA5String(value);
-            }
-            else if (oid.equals(DATE_OF_BIRTH))  // accept time string as well as # (for compatibility)
-            {
-                return new ASN1GeneralizedTime(value);
-            }
-            else if (oid.equals(C) || oid.equals(SN) || oid.equals(DN_QUALIFIER)
-                || oid.equals(TELEPHONE_NUMBER))
-            {
-                return new DERPrintableString(value);
-            }
+            return new ASN1GeneralizedTime(value);
         }
-
-        return new DERUTF8String(value);
+        else if (oid.equals(C) || oid.equals(SN) || oid.equals(DN_QUALIFIER)
+            || oid.equals(TELEPHONE_NUMBER))
+        {
+            return new DERPrintableString(value);
+        }
+    	
+    	return super.encodeStringValue(oid, value);
     }
 
     public String oidToDisplayName(ASN1ObjectIdentifier oid)
@@ -338,109 +316,11 @@ public class BCStyle
         return IETFUtils.decodeAttrName(attrName, defaultLookUp);
     }
 
-    public boolean areEqual(X500Name name1, X500Name name2)
-    {
-        RDN[] rdns1 = name1.getRDNs();
-        RDN[] rdns2 = name2.getRDNs();
-
-        if (rdns1.length != rdns2.length)
-        {
-            return false;
-        }
-
-        boolean reverse = false;
-
-        if (rdns1[0].getFirst() != null && rdns2[0].getFirst() != null)
-        {
-            reverse = !rdns1[0].getFirst().getType().equals(rdns2[0].getFirst().getType());  // guess forward
-        }
-
-        for (int i = 0; i != rdns1.length; i++)
-        {
-            if (!foundMatch(reverse, rdns1[i], rdns2))
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    private boolean foundMatch(boolean reverse, RDN rdn, RDN[] possRDNs)
-    {
-        if (reverse)
-        {
-            for (int i = possRDNs.length - 1; i >= 0; i--)
-            {
-                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
-                {
-                    possRDNs[i] = null;
-                    return true;
-                }
-            }
-        }
-        else
-        {
-            for (int i = 0; i != possRDNs.length; i++)
-            {
-                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
-                {
-                    possRDNs[i] = null;
-                    return true;
-                }
-            }
-        }
-
-        return false;
-    }
-
-    protected boolean rdnAreEqual(RDN rdn1, RDN rdn2)
-    {
-        return IETFUtils.rDNAreEqual(rdn1, rdn2);
-    }
-
     public RDN[] fromString(String dirName)
     {
         return IETFUtils.rDNsFromString(dirName, this);
     }
 
-    public int calculateHashCode(X500Name name)
-    {
-        int hashCodeValue = 0;
-        RDN[] rdns = name.getRDNs();
-
-        // this needs to be order independent, like equals
-        for (int i = 0; i != rdns.length; i++)
-        {
-            if (rdns[i].isMultiValued())
-            {
-                AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
-
-                for (int j = 0; j != atv.length; j++)
-                {
-                    hashCodeValue ^= atv[j].getType().hashCode();
-                    hashCodeValue ^= calcHashCode(atv[j].getValue());
-                }
-            }
-            else
-            {
-                hashCodeValue ^= rdns[i].getFirst().getType().hashCode();
-                hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue());
-            }
-        }
-
-        return hashCodeValue;
-    }
-
-    private int calcHashCode(ASN1Encodable enc)
-    {
-        String value = IETFUtils.valueToString(enc);
-
-        value = IETFUtils.canonicalize(value);
-
-        return value.hashCode();
-    }
-
     public String toString(X500Name name)
     {
         StringBuffer buf = new StringBuffer();
@@ -465,17 +345,5 @@ public class BCStyle
         return buf.toString();
     }
 
-    private static Hashtable copyHashTable(Hashtable paramsMap)
-    {
-        Hashtable newTable = new Hashtable();
 
-        Enumeration keys = paramsMap.keys();
-        while (keys.hasMoreElements())
-        {
-            Object key = keys.nextElement();
-            newTable.put(key, paramsMap.get(key));
-        }
-
-        return newTable;
-    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
index b4f1794..9df924c 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
@@ -322,7 +322,10 @@ public class IETFUtils
         }
         else
         {
-            IETFUtils.appendTypeAndValue(buf, rdn.getFirst(), oidSymbols);
+            if (rdn.getFirst() != null)
+            {
+                IETFUtils.appendTypeAndValue(buf, rdn.getFirst(), oidSymbols);
+            }
         }
     }
 
@@ -438,7 +441,7 @@ public class IETFUtils
 
     public static String canonicalize(String s)
     {
-        String value = Strings.toLowerCase(s.trim());
+        String value = Strings.toLowerCase(s);
 
         if (value.length() > 0 && value.charAt(0) == '#')
         {
@@ -446,7 +449,27 @@ public class IETFUtils
 
             if (obj instanceof ASN1String)
             {
-                value = Strings.toLowerCase(((ASN1String)obj).getString().trim());
+                value = Strings.toLowerCase(((ASN1String)obj).getString());
+            }
+        }
+
+        if (value.length() > 1)
+        {
+            int start = 0;
+            while (start + 1 < value.length() && value.charAt(start) == '\\' && value.charAt(start + 1) == ' ')
+            {
+                start += 2;
+            }
+
+            int end = value.length() - 1;
+            while (end - 1 > 0 && value.charAt(end - 1) == '\\' && value.charAt(end) == ' ')
+            {
+                end -= 2;
+            }
+
+            if (start > 0 || end < value.length() - 1)
+            {
+                value = value.substring(start, end + 1);
             }
         }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
index 8c92257..13f6ef1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
@@ -1,21 +1,17 @@
 package org.bouncycastle.asn1.x500.style;
 
-import java.io.IOException;
-import java.util.Enumeration;
 import java.util.Hashtable;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERIA5String;
 import org.bouncycastle.asn1.DERPrintableString;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
 import org.bouncycastle.asn1.x500.RDN;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x500.X500NameStyle;
 
 public class RFC4519Style
-    implements X500NameStyle
+	extends AbstractX500NameStyle
 {
     public static final ASN1ObjectIdentifier businessCategory = new ASN1ObjectIdentifier("2.5.4.15");
     public static final ASN1ObjectIdentifier c = new ASN1ObjectIdentifier("2.5.4.6");
@@ -179,37 +175,19 @@ public class RFC4519Style
         defaultLookUp = copyHashTable(DefaultLookUp);
     }
 
-    public ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value)
-    {
-        if (value.length() != 0 && value.charAt(0) == '#')
+    protected ASN1Encodable encodeStringValue(ASN1ObjectIdentifier oid,
+    		String value) {
+    	if (oid.equals(dc))
         {
-            try
-            {
-                return IETFUtils.valueFromHexString(value, 1);
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("can't recode value for oid " + oid.getId());
-            }
+            return new DERIA5String(value);
         }
-        else
+        else if (oid.equals(c) || oid.equals(serialNumber) || oid.equals(dnQualifier)
+            || oid.equals(telephoneNumber))
         {
-            if (value.length() != 0 && value.charAt(0) == '\\')
-            {
-                value = value.substring(1);
-            }
-            if (oid.equals(dc))
-            {
-                return new DERIA5String(value);
-            }
-            else if (oid.equals(c) || oid.equals(serialNumber) || oid.equals(dnQualifier)
-                || oid.equals(telephoneNumber))
-            {
-                return new DERPrintableString(value);
-            }
+            return new DERPrintableString(value);
         }
 
-        return new DERUTF8String(value);
+    	return super.encodeStringValue(oid, value);
     }
 
     public String oidToDisplayName(ASN1ObjectIdentifier oid)
@@ -227,67 +205,6 @@ public class RFC4519Style
         return IETFUtils.decodeAttrName(attrName, defaultLookUp);
     }
 
-    public boolean areEqual(X500Name name1, X500Name name2)
-    {
-        RDN[] rdns1 = name1.getRDNs();
-        RDN[] rdns2 = name2.getRDNs();
-
-        if (rdns1.length != rdns2.length)
-        {
-            return false;
-        }
-
-        boolean reverse = false;
-
-        if (rdns1[0].getFirst() != null && rdns2[0].getFirst() != null)
-        {
-            reverse = !rdns1[0].getFirst().getType().equals(rdns2[0].getFirst().getType());  // guess forward
-        }
-
-        for (int i = 0; i != rdns1.length; i++)
-        {
-            if (!foundMatch(reverse, rdns1[i], rdns2))
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    private boolean foundMatch(boolean reverse, RDN rdn, RDN[] possRDNs)
-    {
-        if (reverse)
-        {
-            for (int i = possRDNs.length - 1; i >= 0; i--)
-            {
-                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
-                {
-                    possRDNs[i] = null;
-                    return true;
-                }
-            }
-        }
-        else
-        {
-            for (int i = 0; i != possRDNs.length; i++)
-            {
-                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
-                {
-                    possRDNs[i] = null;
-                    return true;
-                }
-            }
-        }
-
-        return false;
-    }
-
-    protected boolean rdnAreEqual(RDN rdn1, RDN rdn2)
-    {
-        return IETFUtils.rDNAreEqual(rdn1, rdn2);
-    }
-
     // parse backwards
     public RDN[] fromString(String dirName)
     {
@@ -302,43 +219,6 @@ public class RFC4519Style
         return res;
     }
 
-    public int calculateHashCode(X500Name name)
-    {
-        int hashCodeValue = 0;
-        RDN[] rdns = name.getRDNs();
-
-        // this needs to be order independent, like equals
-        for (int i = 0; i != rdns.length; i++)
-        {
-            if (rdns[i].isMultiValued())
-            {
-                AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
-
-                for (int j = 0; j != atv.length; j++)
-                {
-                    hashCodeValue ^= atv[j].getType().hashCode();
-                    hashCodeValue ^= calcHashCode(atv[j].getValue());
-                }
-            }
-            else
-            {
-                hashCodeValue ^= rdns[i].getFirst().getType().hashCode();
-                hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue());
-            }
-        }
-
-        return hashCodeValue;
-    }
-
-    private int calcHashCode(ASN1Encodable enc)
-    {
-        String value = IETFUtils.valueToString(enc);
-
-        value = IETFUtils.canonicalize(value);
-
-        return value.hashCode();
-    }
-
     // convert in reverse
     public String toString(X500Name name)
     {
@@ -364,17 +244,5 @@ public class RFC4519Style
         return buf.toString();
     }
 
-    private static Hashtable copyHashTable(Hashtable paramsMap)
-    {
-        Hashtable newTable = new Hashtable();
-
-        Enumeration keys = paramsMap.keys();
-        while (keys.hasMoreElements())
-        {
-            Object key = keys.nextElement();
-            newTable.put(key, paramsMap.get(key));
-        }
-
-        return newTable;
-    }
+    
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
index 2c8e3fc..b7e52f2 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
@@ -6,7 +6,7 @@ package org.bouncycastle.asn1.x500.style;
  * lightweight Java environment don't support classes like
  * StringTokenizer.
  */
-class X500NameTokenizer
+public class X500NameTokenizer
 {
     private String          value;
     private int             index;
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/package.html
new file mode 100644
index 0000000..219d3f5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Template classes for the common styles used for converting X.500 names to strings and back.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
index d250bf1..bb90030 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
@@ -8,7 +8,6 @@ import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 
 public class AlgorithmIdentifier
@@ -64,30 +63,6 @@ public class AlgorithmIdentifier
         this.objectId = new ASN1ObjectIdentifier(objectId);
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     * @param objectId
-     */
-    public AlgorithmIdentifier(
-        DERObjectIdentifier    objectId)
-    {
-        this.objectId = new ASN1ObjectIdentifier(objectId.getId());
-    }
-
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     * @param objectId
-     * @param parameters
-     */
-    public AlgorithmIdentifier(
-        DERObjectIdentifier objectId,
-        ASN1Encodable           parameters)
-    {
-        parametersDefined = true;
-        this.objectId = new ASN1ObjectIdentifier(objectId.getId());
-        this.parameters = parameters;
-    }
-
     public AlgorithmIdentifier(
         ASN1ObjectIdentifier     objectId,
         ASN1Encodable           parameters)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java
index 3a239ab..f66f270 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java
@@ -60,6 +60,12 @@ public class AuthorityInformationAccess
         }
     }
 
+    public AuthorityInformationAccess(
+        AccessDescription description)
+    {
+        this.descriptions = new AccessDescription[]{ description };
+    }
+
     /**
      * create an AuthorityInformationAccess with the oid and location provided.
      */
@@ -67,12 +73,9 @@ public class AuthorityInformationAccess
         ASN1ObjectIdentifier oid,
         GeneralName location)
     {
-        descriptions = new AccessDescription[1];
-        
-        descriptions[0] = new AccessDescription(oid, location);
+        this(new AccessDescription(oid, location));
     }
 
-
     /**
      * 
      * @return the access descriptions contained in this object.
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
index c91fdc6..302ba03 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
@@ -101,7 +101,7 @@ public class AuthorityKeyIdentifier
      *       publicKey.getEncoded()).readObject());
      *   AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
      * </pre>
-     *
+     * @deprecated create the extension using org.bouncycastle.cert.X509ExtensionUtils
      **/
     public AuthorityKeyIdentifier(
         SubjectPublicKeyInfo    spki)
@@ -118,6 +118,7 @@ public class AuthorityKeyIdentifier
     /**
      * create an AuthorityKeyIdentifier with the GeneralNames tag and
      * the serial number provided as well.
+     * @deprecated create the extension using org.bouncycastle.cert.X509ExtensionUtils
      */
     public AuthorityKeyIdentifier(
         SubjectPublicKeyInfo    spki,
@@ -144,9 +145,7 @@ public class AuthorityKeyIdentifier
         GeneralNames            name,
         BigInteger              serialNumber)
     {
-        this.keyidentifier = null;
-        this.certissuer = GeneralNames.getInstance(name.toASN1Primitive());
-        this.certserno = new ASN1Integer(serialNumber);
+        this((byte[])null, name, serialNumber);
     }
 
     /**
@@ -155,9 +154,7 @@ public class AuthorityKeyIdentifier
      public AuthorityKeyIdentifier(
          byte[]                  keyIdentifier)
      {
-         this.keyidentifier = new DEROctetString(keyIdentifier);
-         this.certissuer = null;
-         this.certserno = null;
+         this(keyIdentifier, null, null);
      }
 
     /**
@@ -169,9 +166,9 @@ public class AuthorityKeyIdentifier
         GeneralNames            name,
         BigInteger              serialNumber)
     {
-        this.keyidentifier = new DEROctetString(keyIdentifier);
-        this.certissuer = GeneralNames.getInstance(name.toASN1Primitive());
-        this.certserno = new ASN1Integer(serialNumber);
+        this.keyidentifier = (keyIdentifier != null) ? new DEROctetString(keyIdentifier) : null;
+        this.certissuer = name;
+        this.certserno = (serialNumber != null) ? new ASN1Integer(serialNumber) : null;
     }
     
     public byte[] getKeyIdentifier()
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java
index 4a16bd4..ba5ecf1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java
@@ -9,7 +9,6 @@ import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERBoolean;
 import org.bouncycastle.asn1.DERSequence;
 
 public class BasicConstraints
@@ -59,9 +58,9 @@ public class BasicConstraints
         }
         else
         {
-            if (seq.getObjectAt(0) instanceof DERBoolean)
+            if (seq.getObjectAt(0) instanceof ASN1Boolean)
             {
-                this.cA = DERBoolean.getInstance(seq.getObjectAt(0));
+                this.cA = ASN1Boolean.getInstance(seq.getObjectAt(0));
             }
             else
             {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java
index cab44d1..ef187e1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java
@@ -68,16 +68,15 @@ public class CertificatePair
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
+     * <p>
      * The sequence is of type CertificatePair:
-     * <p/>
      * <pre>
      *       CertificatePair ::= SEQUENCE {
      *         forward        [0]    Certificate OPTIONAL,
      *         reverse        [1]    Certificate OPTIONAL,
      *         -- at least one of the pair shall be present -- }
      * </pre>
-     *
+     * </p>
      * @param seq The ASN.1 sequence.
      */
     private CertificatePair(ASN1Sequence seq)
@@ -123,9 +122,8 @@ public class CertificatePair
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *       CertificatePair ::= SEQUENCE {
      *         forward        [0]    Certificate OPTIONAL,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java
index 1aeed15..6508f93 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java
@@ -43,8 +43,9 @@ public class Extensions
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
-     * the extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString)
+     * <p>
+     * The extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString)
+     * </p>
      */
     private Extensions(
         ASN1Sequence seq)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.java
index 8166926..44e0b67 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.java
@@ -3,11 +3,11 @@ package org.bouncycastle.asn1.x509;
 import java.util.Enumeration;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 
@@ -36,7 +36,7 @@ public class PrivateKeyUsagePeriod
         return null;
     }
 
-    private DERGeneralizedTime _notBefore, _notAfter;
+    private ASN1GeneralizedTime _notBefore, _notAfter;
 
     private PrivateKeyUsagePeriod(ASN1Sequence seq)
     {
@@ -47,21 +47,21 @@ public class PrivateKeyUsagePeriod
 
             if (tObj.getTagNo() == 0)
             {
-                _notBefore = DERGeneralizedTime.getInstance(tObj, false);
+                _notBefore = ASN1GeneralizedTime.getInstance(tObj, false);
             }
             else if (tObj.getTagNo() == 1)
             {
-                _notAfter = DERGeneralizedTime.getInstance(tObj, false);
+                _notAfter = ASN1GeneralizedTime.getInstance(tObj, false);
             }
         }
     }
 
-    public DERGeneralizedTime getNotBefore()
+    public ASN1GeneralizedTime getNotBefore()
     {
         return _notBefore;
     }
 
-    public DERGeneralizedTime getNotAfter()
+    public ASN1GeneralizedTime getNotAfter()
     {
         return _notAfter;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java
index bcaf560..5f0cd07 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java
@@ -5,8 +5,6 @@ import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
 
 /**
  * The SubjectKeyIdentifier object.
@@ -67,69 +65,4 @@ public class SubjectKeyIdentifier
     {
         return new DEROctetString(keyidentifier);
     }
-
-
-    /**
-     * Calculates the keyidentifier using a SHA1 hash over the BIT STRING
-     * from SubjectPublicKeyInfo as defined in RFC3280.
-     *
-     * @param spki the subject public key info.
-     * @deprecated
-     */
-    public SubjectKeyIdentifier(
-        SubjectPublicKeyInfo    spki)
-    {
-        this.keyidentifier = getDigest(spki);
-    }
-
-    /**
-     * Return a RFC 3280 type 1 key identifier. As in:
-     * <pre>
-     * (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
-     * value of the BIT STRING subjectPublicKey (excluding the tag,
-     * length, and number of unused bits).
-     * </pre>
-     * @param keyInfo the key info object containing the subjectPublicKey field.
-     * @return the key identifier.
-     * @deprecated use org.bouncycastle.cert.X509ExtensionUtils.createSubjectKeyIdentifier
-     */
-    public static SubjectKeyIdentifier createSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo)
-    {
-        return new SubjectKeyIdentifier(keyInfo);
-    }
-
-    /**
-     * Return a RFC 3280 type 2 key identifier. As in:
-     * <pre>
-     * (2) The keyIdentifier is composed of a four bit type field with
-     * the value 0100 followed by the least significant 60 bits of the
-     * SHA-1 hash of the value of the BIT STRING subjectPublicKey.
-     * </pre>
-     * @param keyInfo the key info object containing the subjectPublicKey field.
-     * @return the key identifier.
-     * @deprecated use org.bouncycastle.cert.X509ExtensionUtils.createTruncatedSubjectKeyIdentifier
-     */
-    public static SubjectKeyIdentifier createTruncatedSHA1KeyIdentifier(SubjectPublicKeyInfo keyInfo)
-    {
-        byte[] dig = getDigest(keyInfo);
-        byte[] id = new byte[8];
-
-        System.arraycopy(dig, dig.length - 8, id, 0, id.length);
-
-        id[0] &= 0x0f;
-        id[0] |= 0x40;
-        
-        return new SubjectKeyIdentifier(id);
-    }
-
-    private static byte[] getDigest(SubjectPublicKeyInfo spki)
-    {
-        Digest digest = new SHA1Digest();
-        byte[]  resBuf = new byte[digest.getDigestSize()];
-
-        byte[] bytes = spki.getPublicKeyData().getBytes();
-        digest.update(bytes, 0, bytes.length);
-        digest.doFinal(resBuf, 0);
-        return resBuf;
-    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java
index ce657a7..5fdbcd6 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java
@@ -3,15 +3,15 @@ package org.bouncycastle.asn1.x509;
 import java.util.Enumeration;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERGeneralizedTime;
+import org.bouncycastle.asn1.ASN1UTCTime;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.DERUTCTime;
 import org.bouncycastle.asn1.x500.X500Name;
 
 /**
@@ -190,8 +190,8 @@ public class TBSCertList
         thisUpdate = Time.getInstance(seq.getObjectAt(seqPos++));
 
         if (seqPos < seq.size()
-            && (seq.getObjectAt(seqPos) instanceof DERUTCTime
-               || seq.getObjectAt(seqPos) instanceof DERGeneralizedTime
+            && (seq.getObjectAt(seqPos) instanceof ASN1UTCTime
+               || seq.getObjectAt(seqPos) instanceof ASN1GeneralizedTime
                || seq.getObjectAt(seqPos) instanceof Time))
         {
             nextUpdate = Time.getInstance(seq.getObjectAt(seqPos++));
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java
index 5bffedc..77d36b3 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java
@@ -3,12 +3,15 @@ package org.bouncycastle.asn1.x509;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.Locale;
 import java.util.SimpleTimeZone;
 
 import org.bouncycastle.asn1.ASN1Choice;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1UTCTime;
 import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DERUTCTime;
 
@@ -28,8 +31,8 @@ public class Time
     public Time(
         ASN1Primitive   time)
     {
-        if (!(time instanceof DERUTCTime)
-            && !(time instanceof DERGeneralizedTime))
+        if (!(time instanceof ASN1UTCTime)
+            && !(time instanceof ASN1GeneralizedTime))
         {
             throw new IllegalArgumentException("unknown object passed to Time");
         }
@@ -38,28 +41,61 @@ public class Time
     }
 
     /**
-     * creates a time object from a given date - if the date is between 1950
+     * Creates a time object from a given date - if the date is between 1950
      * and 2049 a UTCTime object is generated, otherwise a GeneralizedTime
      * is used.
+     *
+     * @param time a date object representing the time of interest.
      */
     public Time(
-        Date    date)
+        Date    time)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
 
         dateF.setTimeZone(tz);
 
-        String  d = dateF.format(date) + "Z";
+        String  d = dateF.format(time) + "Z";
         int     year = Integer.parseInt(d.substring(0, 4));
 
         if (year < 1950 || year > 2049)
         {
-            time = new DERGeneralizedTime(d);
+            this.time = new DERGeneralizedTime(d);
         }
         else
         {
-            time = new DERUTCTime(d.substring(2));
+            this.time = new DERUTCTime(d.substring(2));
+        }
+    }
+
+    /**
+     * Creates a time object from a given date and locale - if the date is between 1950
+     * and 2049 a UTCTime object is generated, otherwise a GeneralizedTime
+     * is used. You may need to use this constructor if the default locale
+     * doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible with other ASN.1 implementations.
+     *
+     * @param time a date object representing the time of interest.
+     * @param locale an appropriate Locale for producing an ASN.1 GeneralizedTime value.
+     */
+    public Time(
+        Date    time,
+        Locale locale)
+    {
+        SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
+        SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
+
+        dateF.setTimeZone(tz);
+
+        String  d = dateF.format(time) + "Z";
+        int     year = Integer.parseInt(d.substring(0, 4));
+
+        if (year < 1950 || year > 2049)
+        {
+            this.time = new DERGeneralizedTime(d);
+        }
+        else
+        {
+            this.time = new DERUTCTime(d.substring(2));
         }
     }
 
@@ -70,13 +106,13 @@ public class Time
         {
             return (Time)obj;
         }
-        else if (obj instanceof DERUTCTime)
+        else if (obj instanceof ASN1UTCTime)
         {
-            return new Time((DERUTCTime)obj);
+            return new Time((ASN1UTCTime)obj);
         }
-        else if (obj instanceof DERGeneralizedTime)
+        else if (obj instanceof ASN1GeneralizedTime)
         {
-            return new Time((DERGeneralizedTime)obj);
+            return new Time((ASN1GeneralizedTime)obj);
         }
 
         throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
@@ -84,13 +120,13 @@ public class Time
 
     public String getTime()
     {
-        if (time instanceof DERUTCTime)
+        if (time instanceof ASN1UTCTime)
         {
-            return ((DERUTCTime)time).getAdjustedTime();
+            return ((ASN1UTCTime)time).getAdjustedTime();
         }
         else
         {
-            return ((DERGeneralizedTime)time).getTime();
+            return ((ASN1GeneralizedTime)time).getTime();
         }
     }
 
@@ -98,13 +134,13 @@ public class Time
     {
         try
         {
-            if (time instanceof DERUTCTime)
+            if (time instanceof ASN1UTCTime)
             {
-                return ((DERUTCTime)time).getAdjustedDate();
+                return ((ASN1UTCTime)time).getAdjustedDate();
             }
             else
             {
-                return ((DERGeneralizedTime)time).getDate();
+                return ((ASN1GeneralizedTime)time).getDate();
             }
         }
         catch (ParseException e)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java
index 3d923b6..d778d7f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java
@@ -2,10 +2,10 @@ package org.bouncycastle.asn1.x509;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1UTCTime;
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.DERUTCTime;
 import org.bouncycastle.asn1.x500.X500Name;
 
 /**
@@ -74,7 +74,7 @@ public class V3TBSCertificateGenerator
     }
     
     public void setStartDate(
-        DERUTCTime startDate)
+        ASN1UTCTime startDate)
     {
         this.startDate = new Time(startDate);
     }
@@ -86,7 +86,7 @@ public class V3TBSCertificateGenerator
     }
 
     public void setEndDate(
-        DERUTCTime endDate)
+        ASN1UTCTime endDate)
     {
         this.endDate = new Time(endDate);
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
index f29284d..9353057 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
@@ -2,11 +2,11 @@ package org.bouncycastle.asn1.x509;
 
 import java.io.IOException;
 
+import org.bouncycastle.asn1.ASN1Boolean;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.DERBoolean;
 
 /**
  * an object for the elements in the X.509 V3 extension block.
@@ -173,7 +173,7 @@ public class X509Extension
     ASN1OctetString     value;
 
     public X509Extension(
-        DERBoolean              critical,
+        ASN1Boolean             critical,
         ASN1OctetString         value)
     {
         this.critical = critical.isTrue();
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
index c72e3cc..5b9ea9e 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
@@ -4,6 +4,7 @@ import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
 
+import org.bouncycastle.asn1.ASN1Boolean;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -11,8 +12,6 @@ import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERBoolean;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 
 /**
@@ -259,7 +258,7 @@ public class X509Extensions
 
             if (s.size() == 3)
             {
-                extensions.put(s.getObjectAt(0), new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
+                extensions.put(s.getObjectAt(0), new X509Extension(ASN1Boolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
             }
             else if (s.size() == 2)
             {
@@ -369,17 +368,6 @@ public class X509Extensions
      * @return the extension if it's present, null otherwise.
      */
     public X509Extension getExtension(
-        DERObjectIdentifier oid)
-    {
-        return (X509Extension)extensions.get(oid);
-    }
-
-    /**
-     * @deprecated
-     * @param oid
-     * @return
-     */
-    public X509Extension getExtension(
         ASN1ObjectIdentifier oid)
     {
         return (X509Extension)extensions.get(oid);
@@ -410,7 +398,7 @@ public class X509Extensions
 
             if (ext.isCritical())
             {
-                v.add(DERBoolean.TRUE);
+                v.add(ASN1Boolean.TRUE);
             }
 
             v.add(ext.getValue());
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java
index 468d1b9..589d512 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java
@@ -7,7 +7,6 @@ import java.util.Vector;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 
 /**
@@ -29,28 +28,6 @@ public class X509ExtensionsGenerator
     }
 
     /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public void addExtension(
-        DERObjectIdentifier oid,
-        boolean             critical,
-        ASN1Encodable       value)
-    {
-        addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
-    }
-
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public void addExtension(
-        DERObjectIdentifier oid,
-        boolean             critical,
-        byte[]              value)
-    {
-        addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
-    }
-
-    /**
      * Add an extension with the given oid and the passed in value to be included
      * in the OCTET STRING associated with the extension.
      *
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java
index 5d919e1..188af43 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java
@@ -23,7 +23,7 @@ import org.bouncycastle.util.Strings;
  *         ASN1ObjectIdentifier  oid,
  *         String               value)
  *     {
- *         if (str.length() != 0 && str.charAt(0) == '#')
+ *         if (str.length() != 0 &amp;&amp; str.charAt(0) == '#')
  *         {
  *             return convertHexEncoded(str, 1);
  *         }
@@ -45,6 +45,7 @@ import org.bouncycastle.util.Strings;
  *         }
  *     }
  * }
+ * </pre>
  */
 public abstract class X509NameEntryConverter
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/x509/package.html
new file mode 100644
index 0000000..728921a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and processing X.509 certificates.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/qualified/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/x509/qualified/package.html
new file mode 100644
index 0000000..28cfef9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/qualified/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and processing messages based around RFC3739
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java
index 304f1d4..8c05277 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java
@@ -60,9 +60,8 @@ public class NameOrPseudonym
 
     /**
      * Constructor from DirectoryString.
-     * <p/>
+     * <p>
      * The sequence is of type NameOrPseudonym:
-     * <p/>
      * <pre>
      *       NameOrPseudonym ::= CHOICE {
      *            surAndGivenName SEQUENCE {
@@ -81,9 +80,8 @@ public class NameOrPseudonym
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
+     * <p>
      * The sequence is of type NameOrPseudonym:
-     * <p/>
      * <pre>
      *       NameOrPseudonym ::= CHOICE {
      *            surAndGivenName SEQUENCE {
@@ -93,7 +91,7 @@ public class NameOrPseudonym
      *            pseudonym DirectoryString
      *       }
      * </pre>
-     *
+     * </p>
      * @param seq The ASN.1 sequence.
      */
     private NameOrPseudonym(ASN1Sequence seq)
@@ -159,9 +157,8 @@ public class NameOrPseudonym
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *       NameOrPseudonym ::= CHOICE {
      *            surAndGivenName SEQUENCE {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java
index 0b73248..883ed8d 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java
@@ -18,7 +18,7 @@ import org.bouncycastle.asn1.x500.DirectoryString;
 /**
  * Contains personal data for the otherName field in the subjectAltNames
  * extension.
- * <p/>
+ *
  * <pre>
  *     PersonalData ::= SEQUENCE {
  *       nameOrPseudonym NameOrPseudonym,
@@ -60,9 +60,8 @@ public class PersonalData
 
     /**
      * Constructor from ASN1Sequence.
-     * <p/>
+     * <p>
      * The sequence is of type NameOrPseudonym:
-     * <p/>
      * <pre>
      *     PersonalData ::= SEQUENCE {
      *       nameOrPseudonym NameOrPseudonym,
@@ -73,7 +72,7 @@ public class PersonalData
      *       postalAddress [4] DirectoryString OPTIONAL
      *       }
      * </pre>
-     *
+     * </p>
      * @param seq The ASN.1 sequence.
      */
     private PersonalData(ASN1Sequence seq)
@@ -169,9 +168,8 @@ public class PersonalData
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * <p/>
+     * <p>
      * Returns:
-     * <p/>
      * <pre>
      *     PersonalData ::= SEQUENCE {
      *       nameOrPseudonym NameOrPseudonym,
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/package.html
new file mode 100644
index 0000000..4e073ce
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/sigi/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for the  German SigI (Signature Interoperability Specification)  standard.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
index 6a97a48..509111a 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.asn1.x9;
 
+import java.math.BigInteger;
 import java.util.Enumeration;
 
 import org.bouncycastle.asn1.ASN1Encodable;
@@ -38,6 +39,29 @@ public class DHDomainParameters
             + obj.getClass().getName());
     }
 
+    public DHDomainParameters(BigInteger p, BigInteger g, BigInteger q, BigInteger j,
+        DHValidationParms validationParms)
+    {
+        if (p == null)
+        {
+            throw new IllegalArgumentException("'p' cannot be null");
+        }
+        if (g == null)
+        {
+            throw new IllegalArgumentException("'g' cannot be null");
+        }
+        if (q == null)
+        {
+            throw new IllegalArgumentException("'q' cannot be null");
+        }
+
+        this.p = new ASN1Integer(p);
+        this.g = new ASN1Integer(g);
+        this.q = new ASN1Integer(q);
+        this.j = new ASN1Integer(j);
+        this.validationParms = validationParms;
+    }
+
     public DHDomainParameters(ASN1Integer p, ASN1Integer g, ASN1Integer q, ASN1Integer j,
         DHValidationParms validationParms)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java
index 78b0979..b3020e0 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java
@@ -21,17 +21,16 @@ public class DHValidationParms extends ASN1Object
 
     public static DHValidationParms getInstance(Object obj)
     {
-        if (obj == null || obj instanceof DHDomainParameters)
+        if (obj instanceof DHValidationParms)
         {
             return (DHValidationParms)obj;
         }
-
-        if (obj instanceof ASN1Sequence)
+        else if (obj != null)
         {
-            return new DHValidationParms((ASN1Sequence)obj);
+            return new DHValidationParms(ASN1Sequence.getInstance(obj));
         }
 
-        throw new IllegalArgumentException("Invalid DHValidationParms: " + obj.getClass().getName());
+        return null;
     }
 
     public DHValidationParms(DERBitString seed, ASN1Integer pgenCounter)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
index eeae0de..2206a33 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
@@ -44,6 +44,35 @@ public class ECNamedCurveTable
     }
 
     /**
+     * return the object identifier signified by the passed in name. Null
+     * if there is no object identifier associated with name.
+     *
+     * @return the object identifier associated with name, if present.
+     */
+    public static ASN1ObjectIdentifier getOID(
+        String name)
+    {
+        ASN1ObjectIdentifier oid = X962NamedCurves.getOID(name);
+
+        if (oid == null)
+        {
+            oid = SECNamedCurves.getOID(name);
+        }
+
+        if (oid == null)
+        {
+            oid = TeleTrusTNamedCurves.getOID(name);
+        }
+
+        if (oid == null)
+        {
+            oid = NISTNamedCurves.getOID(name);
+        }
+
+        return oid;
+    }
+
+    /**
      * return a X9ECParameters object representing the passed in named
      * curve.
      *
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java
index 764017e..25312fe 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java
@@ -19,17 +19,20 @@ public class X962NamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("ffffffffffffffffffffffff99def836146bc9b1b4d22831", 16);
+            BigInteger h = BigInteger.valueOf(1);
+
             ECCurve cFp192v1 = new ECCurve.Fp(
                 new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
                 new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
-                new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16));
+                new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16),
+                n, h);
 
             return new X9ECParameters(
                 cFp192v1,
                 cFp192v1.decodePoint(
                     Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")),
-                new BigInteger("ffffffffffffffffffffffff99def836146bc9b1b4d22831", 16),
-                BigInteger.valueOf(1),
+                n, h,
                 Hex.decode("3045AE6FC8422f64ED579528D38120EAE12196D5"));
         }
     };
@@ -38,17 +41,20 @@ public class X962NamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("fffffffffffffffffffffffe5fb1a724dc80418648d8dd31", 16);
+            BigInteger h = BigInteger.valueOf(1);
+
             ECCurve cFp192v2 = new ECCurve.Fp(
                 new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
                 new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
-                new BigInteger("cc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953", 16));
+                new BigInteger("cc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953", 16),
+                n, h);
 
             return new X9ECParameters(
                 cFp192v2,
                 cFp192v2.decodePoint(
                     Hex.decode("03eea2bae7e1497842f2de7769cfe9c989c072ad696f48034a")),
-                new BigInteger("fffffffffffffffffffffffe5fb1a724dc80418648d8dd31", 16),
-                BigInteger.valueOf(1),
+                n, h,
                 Hex.decode("31a92ee2029fd10d901b113e990710f0d21ac6b6"));
         }
     };
@@ -57,17 +63,20 @@ public class X962NamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("ffffffffffffffffffffffff7a62d031c83f4294f640ec13", 16);
+            BigInteger h = BigInteger.valueOf(1);
+
             ECCurve cFp192v3 = new ECCurve.Fp(
                 new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
                 new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
-                new BigInteger("22123dc2395a05caa7423daeccc94760a7d462256bd56916", 16));
+                new BigInteger("22123dc2395a05caa7423daeccc94760a7d462256bd56916", 16),
+                n, h);
 
             return new X9ECParameters(
                 cFp192v3,
                 cFp192v3.decodePoint(
                     Hex.decode("027d29778100c65a1da1783716588dce2b8b4aee8e228f1896")),
-                new BigInteger("ffffffffffffffffffffffff7a62d031c83f4294f640ec13", 16),
-                BigInteger.valueOf(1),
+                n, h,
                 Hex.decode("c469684435deb378c4b65ca9591e2a5763059a2e"));
         }
     };
@@ -76,17 +85,20 @@ public class X962NamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b", 16);
+            BigInteger h = BigInteger.valueOf(1);
+
             ECCurve cFp239v1 = new ECCurve.Fp(
                 new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
                 new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
-                new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16));
+                new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16),
+                n, h);
 
             return new X9ECParameters(
                 cFp239v1,
                 cFp239v1.decodePoint(
                     Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")),
-                new BigInteger("7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b", 16),
-                BigInteger.valueOf(1),
+                n, h,
                 Hex.decode("e43bb460f0b80cc0c0b075798e948060f8321b7d"));
         }
     };
@@ -95,17 +107,20 @@ public class X962NamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("7fffffffffffffffffffffff800000cfa7e8594377d414c03821bc582063", 16);
+            BigInteger h = BigInteger.valueOf(1);
+
             ECCurve cFp239v2 = new ECCurve.Fp(
                 new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
                 new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
-                new BigInteger("617fab6832576cbbfed50d99f0249c3fee58b94ba0038c7ae84c8c832f2c", 16));
+                new BigInteger("617fab6832576cbbfed50d99f0249c3fee58b94ba0038c7ae84c8c832f2c", 16),
+                n, h);
 
             return new X9ECParameters(
                 cFp239v2,
                 cFp239v2.decodePoint(
                     Hex.decode("0238af09d98727705120c921bb5e9e26296a3cdcf2f35757a0eafd87b830e7")),
-                new BigInteger("7fffffffffffffffffffffff800000cfa7e8594377d414c03821bc582063", 16),
-                BigInteger.valueOf(1),
+                n, h,
                 Hex.decode("e8b4011604095303ca3b8099982be09fcb9ae616"));
         }
     };
@@ -114,17 +129,20 @@ public class X962NamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("7fffffffffffffffffffffff7fffff975deb41b3a6057c3c432146526551", 16);
+            BigInteger h = BigInteger.valueOf(1);
+
             ECCurve cFp239v3 = new ECCurve.Fp(
                 new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
                 new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
-                new BigInteger("255705fa2a306654b1f4cb03d6a750a30c250102d4988717d9ba15ab6d3e", 16));
+                new BigInteger("255705fa2a306654b1f4cb03d6a750a30c250102d4988717d9ba15ab6d3e", 16),
+                n, h);
 
             return new X9ECParameters(
                 cFp239v3,
                 cFp239v3.decodePoint(
                     Hex.decode("036768ae8e18bb92cfcf005c949aa2c6d94853d0e660bbf854b1c9505fe95a")),
-                new BigInteger("7fffffffffffffffffffffff7fffff975deb41b3a6057c3c432146526551", 16),
-                BigInteger.valueOf(1),
+                n, h,
                 Hex.decode("7d7374168ffe3471b60a857686a19475d3bfa2ff"));
         }
     };
@@ -133,17 +151,20 @@ public class X962NamedCurves
     {
         protected X9ECParameters createParameters()
         {
+            BigInteger n = new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16);
+            BigInteger h = BigInteger.valueOf(1);
+
             ECCurve cFp256v1 = new ECCurve.Fp(
                 new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853951"),
                 new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
-                new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16));
+                new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16),
+                n, h);
 
             return new X9ECParameters(
                 cFp256v1,
                 cFp256v1.decodePoint(
                     Hex.decode("036b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296")),
-                new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
-                BigInteger.valueOf(1),
+                n, h,
                 Hex.decode("c49d360886e704936a6678e1139d26b7819f7e90"));
         }
     };
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
index 1c395d2..a4348de 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
@@ -74,7 +74,7 @@ public class X962Parameters
      * <pre>
      * Parameters ::= CHOICE {
      *    ecParameters ECParameters,
-     *    namedCurve   CURVES.&id({CurveNames}),
+     *    namedCurve   CURVES.&amp;id({CurveNames}),
      *    implicitlyCA NULL
      * }
      * </pre>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java
index f233657..f1bac2b 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java
@@ -11,6 +11,7 @@ import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECCurve;
 
 /**
@@ -46,6 +47,8 @@ public class X9Curve
         X9FieldID     fieldID,
         ASN1Sequence  seq)
     {
+        // TODO Is it possible to get the order(n) and cofactor(h) too?
+
         fieldIdentifier = fieldID.getIdentifier();
         if (fieldIdentifier.equals(prime_field))
         {
@@ -86,7 +89,6 @@ public class X9Curve
             }
             X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0));
             X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1));
-            // TODO Is it possible to get the order (n) and cofactor(h) too?
             curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger());
         }
         else
@@ -102,11 +104,11 @@ public class X9Curve
 
     private void setFieldIdentifier()
     {
-        if (curve instanceof ECCurve.Fp)
+        if (ECAlgorithms.isFpCurve(curve))
         {
             fieldIdentifier = prime_field;
         }
-        else if (curve instanceof ECCurve.F2m)
+        else if (ECAlgorithms.isF2mCurve(curve))
         {
             fieldIdentifier = characteristic_two_field;
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java
index 60f9008..302c130 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java
@@ -9,8 +9,10 @@ import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.field.PolynomialExtensionField;
 
 /**
  * ASN.1 def for Elliptic-Curve ECParameters structure. See
@@ -108,19 +110,31 @@ public class X9ECParameters
         this.h = h;
         this.seed = seed;
 
-        if (curve instanceof ECCurve.Fp)
+        if (ECAlgorithms.isFpCurve(curve))
         {
-            this.fieldID = new X9FieldID(((ECCurve.Fp)curve).getQ());
+            this.fieldID = new X9FieldID(curve.getField().getCharacteristic());
         }
-        else
+        else if (ECAlgorithms.isF2mCurve(curve))
         {
-            if (curve instanceof ECCurve.F2m)
+            PolynomialExtensionField field = (PolynomialExtensionField)curve.getField();
+            int[] exponents = field.getMinimalPolynomial().getExponentsPresent();
+            if (exponents.length == 3)
+            {
+                this.fieldID = new X9FieldID(exponents[2], exponents[1]);
+            }
+            else if (exponents.length == 5)
+            {
+                this.fieldID = new X9FieldID(exponents[4], exponents[1], exponents[2], exponents[3]);
+            }
+            else
             {
-                ECCurve.F2m curveF2m = (ECCurve.F2m)curve;
-                this.fieldID = new X9FieldID(curveF2m.getM(), curveF2m.getK1(),
-                    curveF2m.getK2(), curveF2m.getK3());
+                throw new IllegalArgumentException("Only trinomial and pentomial curves are supported");
             }
         }
+        else
+        {
+            throw new IllegalArgumentException("'curve' is of an unsupported type");
+        }
     }
 
     public ECCurve getCurve()
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java
index a210352..cb74234 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java
@@ -38,6 +38,20 @@ public class X9FieldID
      * @param m  The exponent <code>m</code> of
      * <code>F<sub>2<sup>m</sup></sub></code>.
      * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+     * x<sup>k1</sup> + 1</code>
+     * represents the reduction polynomial <code>f(z)</code>.
+     */
+    public X9FieldID(int m, int k1)
+    {
+        this(m, k1, 0, 0);
+    }
+
+    /**
+     * Constructor for elliptic curves over binary fields
+     * <code>F<sub>2<sup>m</sup></sub></code>.
+     * @param m  The exponent <code>m</code> of
+     * <code>F<sub>2<sup>m</sup></sub></code>.
+     * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
      * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
      * represents the reduction polynomial <code>f(z)</code>.
      * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
@@ -55,11 +69,21 @@ public class X9FieldID
         
         if (k2 == 0) 
         {
+            if (k3 != 0)
+            {
+                throw new IllegalArgumentException("inconsistent k values");
+            }
+
             fieldIdParams.add(tpBasis);
             fieldIdParams.add(new ASN1Integer(k1));
         } 
         else 
         {
+            if (k2 <= k1 || k3 <= k2)
+            {
+                throw new IllegalArgumentException("inconsistent k values");
+            }
+
             fieldIdParams.add(ppBasis);
             ASN1EncodableVector pentanomialParams = new ASN1EncodableVector();
             pentanomialParams.add(new ASN1Integer(k1));
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
index eabf90e..53a4373 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
@@ -63,78 +63,78 @@ public interface X9ObjectIdentifiers
     /**
      * Named curves base
      * <p>
-     * OID: 1.2.840.10045.1
+     * OID: 1.2.840.10045.3
      */
     static final ASN1ObjectIdentifier ellipticCurve = ansi_X9_62.branch("3");
 
     /**
      * Two Curves
      * <p>
-     * OID: 1.2.840.10045.1.0
+     * OID: 1.2.840.10045.3.0
      */
     static final ASN1ObjectIdentifier  cTwoCurve = ellipticCurve.branch("0");
 
-    /** Two Curve c2pnb163v1, OID: 1.2.840.10045.1.0.1 */
+    /** Two Curve c2pnb163v1, OID: 1.2.840.10045.3.0.1 */
     static final ASN1ObjectIdentifier c2pnb163v1 = cTwoCurve.branch("1");
-    /** Two Curve c2pnb163v2, OID: 1.2.840.10045.1.0.2 */
+    /** Two Curve c2pnb163v2, OID: 1.2.840.10045.3.0.2 */
     static final ASN1ObjectIdentifier c2pnb163v2 = cTwoCurve.branch("2");
-    /** Two Curve c2pnb163v3, OID: 1.2.840.10045.1.0.3 */
+    /** Two Curve c2pnb163v3, OID: 1.2.840.10045.3.0.3 */
     static final ASN1ObjectIdentifier c2pnb163v3 = cTwoCurve.branch("3");
-    /** Two Curve c2pnb176w1, OID: 1.2.840.10045.1.0.4 */
+    /** Two Curve c2pnb176w1, OID: 1.2.840.10045.3.0.4 */
     static final ASN1ObjectIdentifier c2pnb176w1 = cTwoCurve.branch("4");
-    /** Two Curve c2tnb191v1, OID: 1.2.840.10045.1.0.5 */
+    /** Two Curve c2tnb191v1, OID: 1.2.840.10045.3.0.5 */
     static final ASN1ObjectIdentifier c2tnb191v1 = cTwoCurve.branch("5");
-    /** Two Curve c2tnb191v2, OID: 1.2.840.10045.1.0.6 */
+    /** Two Curve c2tnb191v2, OID: 1.2.840.10045.3.0.6 */
     static final ASN1ObjectIdentifier c2tnb191v2 = cTwoCurve.branch("6");
-    /** Two Curve c2tnb191v3, OID: 1.2.840.10045.1.0.7 */
+    /** Two Curve c2tnb191v3, OID: 1.2.840.10045.3.0.7 */
     static final ASN1ObjectIdentifier c2tnb191v3 = cTwoCurve.branch("7");
-    /** Two Curve c2onb191v4, OID: 1.2.840.10045.1.0.8 */
+    /** Two Curve c2onb191v4, OID: 1.2.840.10045.3.0.8 */
     static final ASN1ObjectIdentifier c2onb191v4 = cTwoCurve.branch("8");
-    /** Two Curve c2onb191v5, OID: 1.2.840.10045.1.0.9 */
+    /** Two Curve c2onb191v5, OID: 1.2.840.10045.3.0.9 */
     static final ASN1ObjectIdentifier c2onb191v5 = cTwoCurve.branch("9");
-    /** Two Curve c2pnb208w1, OID: 1.2.840.10045.1.0.10 */
+    /** Two Curve c2pnb208w1, OID: 1.2.840.10045.3.0.10 */
     static final ASN1ObjectIdentifier c2pnb208w1 = cTwoCurve.branch("10");
-    /** Two Curve c2tnb239v1, OID: 1.2.840.10045.1.0.11 */
+    /** Two Curve c2tnb239v1, OID: 1.2.840.10045.3.0.11 */
     static final ASN1ObjectIdentifier c2tnb239v1 = cTwoCurve.branch("11");
-    /** Two Curve c2tnb239v2, OID: 1.2.840.10045.1.0.12 */
+    /** Two Curve c2tnb239v2, OID: 1.2.840.10045.3.0.12 */
     static final ASN1ObjectIdentifier c2tnb239v2 = cTwoCurve.branch("12");
-    /** Two Curve c2tnb239v3, OID: 1.2.840.10045.1.0.13 */
+    /** Two Curve c2tnb239v3, OID: 1.2.840.10045.3.0.13 */
     static final ASN1ObjectIdentifier c2tnb239v3 = cTwoCurve.branch("13");
-    /** Two Curve c2onb239v4, OID: 1.2.840.10045.1.0.14 */
+    /** Two Curve c2onb239v4, OID: 1.2.840.10045.3.0.14 */
     static final ASN1ObjectIdentifier c2onb239v4 = cTwoCurve.branch("14");
-    /** Two Curve c2onb239v5, OID: 1.2.840.10045.1.0.15 */
+    /** Two Curve c2onb239v5, OID: 1.2.840.10045.3.0.15 */
     static final ASN1ObjectIdentifier c2onb239v5 = cTwoCurve.branch("15");
-    /** Two Curve c2pnb272w1, OID: 1.2.840.10045.1.0.16 */
+    /** Two Curve c2pnb272w1, OID: 1.2.840.10045.3.0.16 */
     static final ASN1ObjectIdentifier c2pnb272w1 = cTwoCurve.branch("16");
-    /** Two Curve c2pnb304w1, OID: 1.2.840.10045.1.0.17 */
+    /** Two Curve c2pnb304w1, OID: 1.2.840.10045.3.0.17 */
     static final ASN1ObjectIdentifier c2pnb304w1 = cTwoCurve.branch("17");
-    /** Two Curve c2tnb359v1, OID: 1.2.840.10045.1.0.18 */
+    /** Two Curve c2tnb359v1, OID: 1.2.840.10045.3.0.18 */
     static final ASN1ObjectIdentifier c2tnb359v1 = cTwoCurve.branch("18");
-    /** Two Curve c2pnb368w1, OID: 1.2.840.10045.1.0.19 */
+    /** Two Curve c2pnb368w1, OID: 1.2.840.10045.3.0.19 */
     static final ASN1ObjectIdentifier c2pnb368w1 = cTwoCurve.branch("19");
-    /** Two Curve c2tnb431r1, OID: 1.2.840.10045.1.0.20 */
+    /** Two Curve c2tnb431r1, OID: 1.2.840.10045.3.0.20 */
     static final ASN1ObjectIdentifier c2tnb431r1 = cTwoCurve.branch("20");
 
     /**
      * Prime Curves
      * <p>
-     * OID: 1.2.840.10045.1.1
+     * OID: 1.2.840.10045.3.1
      */
     static final ASN1ObjectIdentifier primeCurve = ellipticCurve.branch("1");
 
-    /** Prime Curve prime192v1, OID: 1.2.840.10045.1.1.1 */
+    /** Prime Curve prime192v1, OID: 1.2.840.10045.3.1.1 */
     static final ASN1ObjectIdentifier prime192v1 = primeCurve.branch("1");
-    /** Prime Curve prime192v2, OID: 1.2.840.10045.1.1.2 */
+    /** Prime Curve prime192v2, OID: 1.2.840.10045.3.1.2 */
     static final ASN1ObjectIdentifier prime192v2 = primeCurve.branch("2");
-    /** Prime Curve prime192v3, OID: 1.2.840.10045.1.1.3 */
+    /** Prime Curve prime192v3, OID: 1.2.840.10045.3.1.3 */
     static final ASN1ObjectIdentifier prime192v3 = primeCurve.branch("3");
-    /** Prime Curve prime239v1, OID: 1.2.840.10045.1.1.4 */
+    /** Prime Curve prime239v1, OID: 1.2.840.10045.3.1.4 */
     static final ASN1ObjectIdentifier prime239v1 = primeCurve.branch("4");
-    /** Prime Curve prime239v2, OID: 1.2.840.10045.1.1.5 */
+    /** Prime Curve prime239v2, OID: 1.2.840.10045.3.1.5 */
     static final ASN1ObjectIdentifier prime239v2 = primeCurve.branch("5");
-    /** Prime Curve prime239v3, OID: 1.2.840.10045.1.1.6 */
+    /** Prime Curve prime239v3, OID: 1.2.840.10045.3.1.6 */
     static final ASN1ObjectIdentifier prime239v3 = primeCurve.branch("6");
-    /** Prime Curve prime256v1, OID: 1.2.840.10045.1.1.7 */
+    /** Prime Curve prime256v1, OID: 1.2.840.10045.3.1.7 */
     static final ASN1ObjectIdentifier prime256v1 = primeCurve.branch("7");
 
     /**
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/package.html b/bcprov/src/main/java/org/bouncycastle/asn1/x9/package.html
new file mode 100644
index 0000000..42fc97c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes useful for encoding and supporting X9.62 elliptic curve.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
index dd056ac..39f59da 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
@@ -48,13 +48,13 @@ public class BufferedBlockCipher
 
         pgpCFB = (idx > 0 && name.startsWith("PGP", idx));
 
-        if (pgpCFB)
+        if (pgpCFB || cipher instanceof StreamCipher)
         {
             partialBlockOkay = true;
         }
         else
         {
-            partialBlockOkay = (idx > 0 && (name.startsWith("CFB", idx) || name.startsWith("GCFB", idx) ||name.startsWith("OFB", idx) || name.startsWith("OpenPGP", idx) || name.startsWith("SIC", idx) || name.startsWith("GCTR", idx)));
+            partialBlockOkay = (idx > 0 && (name.startsWith("OpenPGP", idx)));
         }
     }
 
@@ -141,7 +141,7 @@ public class BufferedBlockCipher
     }
 
     /**
-     * process a single byte, producing an output block if neccessary.
+     * process a single byte, producing an output block if necessary.
      *
      * @param in the input byte.
      * @param out the space for any output that might be produced.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/SkippingCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/SkippingCipher.java
new file mode 100644
index 0000000..f8cc648
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/SkippingCipher.java
@@ -0,0 +1,31 @@
+package org.bouncycastle.crypto;
+
+/**
+ * Ciphers producing a key stream which can be reset to particular points in the stream implement this.
+ */
+public interface SkippingCipher
+{
+    /**
+     * Skip numberOfBytes forwards, or backwards.
+     *
+     * @param numberOfBytes the number of bytes to skip (positive forward, negative backwards).
+     * @return the number of bytes actually skipped.
+     * @throws java.lang.IllegalArgumentException if numberOfBytes is an invalid value.
+     */
+    long skip(long numberOfBytes);
+
+    /**
+     * Reset the cipher and then skip forward to a given position.
+     *
+     * @param position the number of bytes in to set the cipher state to.
+     * @return the byte position moved to.
+     */
+    long seekTo(long position);
+
+    /**
+     * Return the current "position" of the cipher
+     *
+     * @return the current byte position.
+     */
+    long getPosition();
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/SkippingStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/SkippingStreamCipher.java
new file mode 100644
index 0000000..a707a81
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/SkippingStreamCipher.java
@@ -0,0 +1,9 @@
+package org.bouncycastle.crypto;
+
+/**
+ * General interface for a stream cipher that supports skipping.
+ */
+public interface SkippingStreamCipher
+    extends StreamCipher, SkippingCipher
+{
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java
index 8fdd232..09aadfb 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java
@@ -1,108 +1,58 @@
 package org.bouncycastle.crypto;
 
 /**
- * a wrapper for block ciphers with a single byte block size, so that they
- * can be treated like stream ciphers.
+ * A parent class for block cipher modes that do not require block aligned data to be processed, but can function in
+ * a streaming mode.
  */
-public class StreamBlockCipher
-    implements StreamCipher
+public abstract class StreamBlockCipher
+    implements BlockCipher, StreamCipher
 {
-    private BlockCipher  cipher;
+    private final BlockCipher cipher;
 
-    private byte[]  oneByte = new byte[1];
-
-    /**
-     * basic constructor.
-     *
-     * @param cipher the block cipher to be wrapped.
-     * @exception IllegalArgumentException if the cipher has a block size other than
-     * one.
-     */
-    public StreamBlockCipher(
-        BlockCipher cipher)
+    protected StreamBlockCipher(BlockCipher cipher)
     {
-        if (cipher.getBlockSize() != 1)
-        {
-            throw new IllegalArgumentException("block cipher block size != 1.");
-        }
-
         this.cipher = cipher;
     }
 
     /**
-     * initialise the underlying cipher.
+     * return the underlying block cipher that we are wrapping.
      *
-     * @param forEncryption true if we are setting up for encryption, false otherwise.
-     * @param params the necessary parameters for the underlying cipher to be initialised.
+     * @return the underlying block cipher that we are wrapping.
      */
-    public void init(
-        boolean forEncryption,
-        CipherParameters params)
+    public BlockCipher getUnderlyingCipher()
     {
-        cipher.init(forEncryption, params);
+        return cipher;
     }
 
-    /**
-     * return the name of the algorithm we are wrapping.
-     *
-     * @return the name of the algorithm we are wrapping.
-     */
-    public String getAlgorithmName()
+    public final byte returnByte(byte in)
     {
-        return cipher.getAlgorithmName();
+        return calculateByte(in);
     }
 
-    /**
-     * encrypt/decrypt a single byte returning the result.
-     *
-     * @param in the byte to be processed.
-     * @return the result of processing the input byte.
-     */
-    public byte returnByte(
-        byte    in)
-    {
-        oneByte[0] = in;
-
-        cipher.processBlock(oneByte, 0, oneByte, 0);
-
-        return oneByte[0];
-    }
-
-    /**
-     * process a block of bytes from in putting the result into out.
-     * 
-     * @param in the input byte array.
-     * @param inOff the offset into the in array where the data to be processed starts.
-     * @param len the number of bytes to be processed.
-     * @param out the output buffer the processed bytes go into.   
-     * @param outOff the offset into the output byte array the processed data stars at.
-     * @exception DataLengthException if the output buffer is too small.
-     */
-    public void processBytes(
-        byte[]  in,
-        int     inOff,
-        int     len,
-        byte[]  out,
-        int     outOff)
+    public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
         throws DataLengthException
     {
         if (outOff + len > out.length)
         {
-            throw new DataLengthException("output buffer too small in processBytes()");
+            throw new DataLengthException("output buffer too short");
         }
 
-        for (int i = 0; i != len; i++)
+        if (inOff + len > in.length)
         {
-                cipher.processBlock(in, inOff + i, out, outOff + i);
+            throw new DataLengthException("input buffer too small");
         }
-    }
 
-    /**
-     * reset the underlying cipher. This leaves it in the same state
-     * it was at after the last init (if there was one).
-     */
-    public void reset()
-    {
-        cipher.reset();
+        int inStart = inOff;
+        int inEnd = inOff + len;
+        int outStart = outOff;
+
+        while (inStart < inEnd)
+        {
+             out[outStart++] = calculateByte(in[inStart++]);
+        }
+
+        return len;
     }
-}
+
+    protected abstract byte calculateByte(byte b);
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/StreamCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/StreamCipher.java
index 2a55d4f..c1255e9 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/StreamCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/StreamCipher.java
@@ -40,9 +40,10 @@ public interface StreamCipher
      * @param len the number of bytes to be processed.
      * @param out the output buffer the processed bytes go into.
      * @param outOff the offset into the output byte array the processed data starts at.
+     * @return the number of bytes produced - should always be len.
      * @exception DataLengthException if the output buffer is too small.
      */
-    public void processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
+    public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
         throws DataLengthException;
 
     /**
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/DHStandardGroups.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/DHStandardGroups.java
index 638bcb1..da4951d 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/DHStandardGroups.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/DHStandardGroups.java
@@ -10,20 +10,19 @@ import org.bouncycastle.util.encoders.Hex;
  */
 public class DHStandardGroups
 {
+    private static BigInteger fromHex(String hex)
+    {
+        return new BigInteger(1, Hex.decode(hex));
+    }
 
     private static DHParameters fromPG(String hexP, String hexG)
     {
-        BigInteger p = new BigInteger(1, Hex.decode(hexP));
-        BigInteger g = new BigInteger(1, Hex.decode(hexG));
-        return new DHParameters(p, g);
+        return new DHParameters(fromHex(hexP), fromHex(hexG));
     }
 
     private static DHParameters fromPGQ(String hexP, String hexG, String hexQ)
     {
-        BigInteger p = new BigInteger(1, Hex.decode(hexP));
-        BigInteger g = new BigInteger(1, Hex.decode(hexG));
-        BigInteger q = new BigInteger(1, Hex.decode(hexQ));
-        return new DHParameters(p, g, q);
+        return new DHParameters(fromHex(hexP), fromHex(hexG), fromHex(hexQ));
     }
 
     /*
@@ -115,7 +114,8 @@ public class DHStandardGroups
         + "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
         + "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
         + "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
-        + "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E" + "6DCC4024FFFFFFFFFFFFFFFF";
+        + "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
+        + "6DCC4024FFFFFFFFFFFFFFFF";
     private static final String rfc3526_6144_g = "02";
     public static final DHParameters rfc3526_6144 = fromPG(rfc3526_6144_p, rfc3526_6144_g);
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.java
index 94efd92..3fcb2df 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.java
@@ -10,19 +10,16 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * A participant in a Password Authenticated Key Exchange by Juggling (J-PAKE) exchange.
- * <p/>
- * <p/>
+ * <p>
  * The J-PAKE exchange is defined by Feng Hao and Peter Ryan in the paper
  * <a href="http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf">
  * "Password Authenticated Key Exchange by Juggling, 2008."</a>
- * <p/>
- * <p/>
+ * <p>
  * The J-PAKE protocol is symmetric.
  * There is no notion of a <i>client</i> or <i>server</i>, but rather just two <i>participants</i>.
  * An instance of {@link JPAKEParticipant} represents one participant, and
  * is the primary interface for executing the exchange.
- * <p/>
- * <p/>
+ * <p>
  * To execute an exchange, construct a {@link JPAKEParticipant} on each end,
  * and call the following 7 methods
  * (once and only once, in the given order, for each participant, sending messages between them as described):
@@ -35,36 +32,29 @@ import org.bouncycastle.util.Arrays;
  * <li>{@link #createRound3PayloadToSend(BigInteger)} - and send the payload to the other participant</li>
  * <li>{@link #validateRound3PayloadReceived(JPAKERound3Payload, BigInteger)} - use the payload received from the other participant</li>
  * </ol>
- * <p/>
- * <p/>
+ * <p>
  * Each side should derive a session key from the keying material returned by {@link #calculateKeyingMaterial()}.
  * The caller is responsible for deriving the session key using a secure key derivation function (KDF).
- * <p/>
- * <p/>
+ * <p>
  * Round 3 is an optional key confirmation process.
  * If you do not execute round 3, then there is no assurance that both participants are using the same key.
  * (i.e. if the participants used different passwords, then their session keys will differ.)
- * <p/>
- * <p/>
+ * <p>
  * If the round 3 validation succeeds, then the keys are guaranteed to be the same on both sides.
- * <p/>
- * <p/>
+ * <p>
  * The symmetric design can easily support the asymmetric cases when one party initiates the communication.
  * e.g. Sometimes the round1 payload and round2 payload may be sent in one pass.
  * Also, in some cases, the key confirmation payload can be sent together with the round2 payload.
  * These are the trivial techniques to optimize the communication.
- * <p/>
- * <p/>
+ * <p>
  * The key confirmation process is implemented as specified in
  * <a href="http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf">NIST SP 800-56A Revision 1</a>,
  * Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes.
- * <p/>
- * <p/>
+ * <p>
  * This class is stateful and NOT threadsafe.
  * Each instance should only be used for ONE complete J-PAKE exchange
  * (i.e. a new {@link JPAKEParticipant} should be constructed for each new J-PAKE exchange).
- * <p/>
- * <p/>
+ * <p>
  * See {@link JPAKEExample} for example usage.
  */
 public class JPAKEParticipant
@@ -91,9 +81,10 @@ public class JPAKEParticipant
     /**
      * Shared secret.  This only contains the secret between construction
      * and the call to {@link #calculateKeyingMaterial()}.
-     * <p/>
+     * <p>
      * i.e. When {@link #calculateKeyingMaterial()} is called, this buffer overwritten with 0's,
      * and the field is set to null.
+     * </p>
      */
     private char[] password;
 
@@ -155,7 +146,7 @@ public class JPAKEParticipant
      * Convenience constructor for a new {@link JPAKEParticipant} that uses
      * the {@link JPAKEPrimeOrderGroups#NIST_3072} prime order group,
      * a SHA-256 digest, and a default {@link SecureRandom} implementation.
-     * <p/>
+     * <p>
      * After construction, the {@link #getState() state} will be  {@link #STATE_INITIALIZED}.
      *
      * @param participantId unique identifier of this participant.
@@ -180,7 +171,7 @@ public class JPAKEParticipant
     /**
      * Convenience constructor for a new {@link JPAKEParticipant} that uses
      * a SHA-256 digest and a default {@link SecureRandom} implementation.
-     * <p/>
+     * <p>
      * After construction, the {@link #getState() state} will be  {@link #STATE_INITIALIZED}.
      *
      * @param participantId unique identifier of this participant.
@@ -209,7 +200,7 @@ public class JPAKEParticipant
 
     /**
      * Construct a new {@link JPAKEParticipant}.
-     * <p/>
+     * <p>
      * After construction, the {@link #getState() state} will be  {@link #STATE_INITIALIZED}.
      *
      * @param participantId unique identifier of this participant.
@@ -278,8 +269,7 @@ public class JPAKEParticipant
 
     /**
      * Creates and returns the payload to send to the other participant during round 1.
-     * <p/>
-     * <p/>
+     * <p>
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_1_CREATED}.
      */
     public JPAKERound1Payload createRound1PayloadToSend()
@@ -304,11 +294,9 @@ public class JPAKEParticipant
 
     /**
      * Validates the payload received from the other participant during round 1.
-     * <p/>
-     * <p/>
+     * <p>
      * Must be called prior to {@link #createRound2PayloadToSend()}.
-     * <p/>
-     * <p/>
+     * <p>
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_1_VALIDATED}.
      *
      * @throws CryptoException if validation fails.
@@ -338,11 +326,9 @@ public class JPAKEParticipant
 
     /**
      * Creates and returns the payload to send to the other participant during round 2.
-     * <p/>
-     * <p/>
+     * <p>
      * {@link #validateRound1PayloadReceived(JPAKERound1Payload)} must be called prior to this method.
-     * <p/>
-     * <p/>
+     * <p>
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_2_CREATED}.
      *
      * @throws IllegalStateException if called prior to {@link #validateRound1PayloadReceived(JPAKERound1Payload)}, or multiple times
@@ -370,16 +356,13 @@ public class JPAKEParticipant
 
     /**
      * Validates the payload received from the other participant during round 2.
-     * <p/>
-     * <p/>
+     * <p>
      * Note that this DOES NOT detect a non-common password.
      * The only indication of a non-common password is through derivation
      * of different keys (which can be detected explicitly by executing round 3 and round 4)
-     * <p/>
-     * <p/>
+     * <p>
      * Must be called prior to {@link #calculateKeyingMaterial()}.
-     * <p/>
-     * <p/>
+     * <p>
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_2_VALIDATED}.
      *
      * @throws CryptoException if validation fails.
@@ -412,8 +395,7 @@ public class JPAKEParticipant
      * Calculates and returns the key material.
      * A session key must be derived from this key material using a secure key derivation function (KDF).
      * The KDF used to derive the key is handled externally (i.e. not by {@link JPAKEParticipant}).
-     * <p/>
-     * <p/>
+     * <p>
      * The keying material will be identical for each participant if and only if
      * each participant's password is the same.  i.e. If the participants do not
      * share the same password, then each participant will derive a different key.
@@ -422,17 +404,13 @@ public class JPAKEParticipant
      * If you want to handle this detection explicitly, you can optionally perform
      * rounds 3 and 4.  See {@link JPAKEParticipant} for details on how to execute
      * rounds 3 and 4.
-     * <p/>
-     * <p/>
+     * <p>
      * The keying material will be in the range <tt>[0, p-1]</tt>.
-     * <p/>
-     * <p/>
+     * <p>
      * {@link #validateRound2PayloadReceived(JPAKERound2Payload)} must be called prior to this method.
-     * <p/>
-     * <p/>
+     * <p>
      * As a side effect, the internal {@link #password} array is cleared, since it is no longer needed.
-     * <p/>
-     * <p/>
+     * <p>
      * After execution, the {@link #getState() state} will be  {@link #STATE_KEY_CALCULATED}.
      *
      * @throws IllegalStateException if called prior to {@link #validateRound2PayloadReceived(JPAKERound2Payload)},
@@ -484,11 +462,9 @@ public class JPAKEParticipant
 
     /**
      * Creates and returns the payload to send to the other participant during round 3.
-     * <p/>
-     * <p/>
+     * <p>
      * See {@link JPAKEParticipant} for more details on round 3.
-     * <p/>
-     * <p/>
+     * <p>
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_3_CREATED}.
      *
      * @param keyingMaterial The keying material as returned from {@link #calculateKeyingMaterial()}.
@@ -522,11 +498,9 @@ public class JPAKEParticipant
 
     /**
      * Validates the payload received from the other participant during round 3.
-     * <p/>
-     * <p/>
+     * <p>
      * See {@link JPAKEParticipant} for more details on round 3.
-     * <p/>
-     * <p/>
+     * <p>
      * After execution, the {@link #getState() state} will be {@link #STATE_ROUND_3_VALIDATED}.
      *
      * @param keyingMaterial The keying material as returned from {@link #calculateKeyingMaterial()}.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.java
index d5df727..ad2c6ae 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.java
@@ -4,15 +4,12 @@ import java.math.BigInteger;
 
 /**
  * A pre-computed prime order group for use during a J-PAKE exchange.
- * <p/>
- * <p/>
+ * <p>
  * Typically a Schnorr group is used.  In general, J-PAKE can use any prime order group
  * that is suitable for public key cryptography, including elliptic curve cryptography.
- * <p/>
- * <p/>
+ * <p>
  * See {@link JPAKEPrimeOrderGroups} for convenient standard groups.
- * <p/>
- * <p/>
+ * <p>
  * NIST <a href="http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/DSA2_All.pdf">publishes</a>
  * many groups that can be used for the desired level of security.
  */
@@ -24,12 +21,10 @@ public class JPAKEPrimeOrderGroup
 
     /**
      * Constructs a new {@link JPAKEPrimeOrderGroup}.
-     * <p/>
-     * <p/>
+     * <p>
      * In general, you should use one of the pre-approved groups from
      * {@link JPAKEPrimeOrderGroups}, rather than manually constructing one.
-     * <p/>
-     * <p/>
+     * <p>
      * The following basic checks are performed:
      * <ul>
      * <li>p-1 must be evenly divisible by q</li>
@@ -38,12 +33,10 @@ public class JPAKEPrimeOrderGroup
      * <li>p must be prime (within reasonably certainty)</li>
      * <li>q must be prime (within reasonably certainty)</li>
      * </ul>
-     * <p/>
-     * <p/>
+     * <p>
      * The prime checks are performed using {@link BigInteger#isProbablePrime(int)},
      * and are therefore subject to the same probability guarantees.
-     * <p/>
-     * <p/>
+     * <p>
      * These checks prevent trivial mistakes.
      * However, due to the small uncertainties if p and q are not prime,
      * advanced attacks are not prevented.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.java
index 812d776..2fb1861 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.java
@@ -5,12 +5,10 @@ import java.math.BigInteger;
 /**
  * Standard pre-computed prime order groups for use by J-PAKE.
  * (J-PAKE can use pre-computed prime order groups, same as DSA and Diffie-Hellman.)
- * <p/>
- * <p/>
+ * <p>
  * This class contains some convenient constants for use as input for
  * constructing {@link JPAKEParticipant}s.
- * <p/>
- * <p/>
+ * <p>
  * The prime order groups below are taken from Sun's JDK JavaDoc (docs/guide/security/CryptoSpec.html#AppB),
  * and from the prime order groups
  * <a href="http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/DSA2_All.pdf">published by NIST</a>.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.java
index b319f9c..c704040 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.java
@@ -6,19 +6,16 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * The payload sent/received during the first round of a J-PAKE exchange.
- * <p/>
- * <p/>
+ * <p>
  * Each {@link JPAKEParticipant} creates and sends an instance
  * of this payload to the other {@link JPAKEParticipant}.
  * The payload to send should be created via
  * {@link JPAKEParticipant#createRound1PayloadToSend()}.
- * <p/>
- * <p/>
+ * <p>
  * Each {@link JPAKEParticipant} must also validate the payload
  * received from the other {@link JPAKEParticipant}.
  * The received payload should be validated via
  * {@link JPAKEParticipant#validateRound1PayloadReceived(JPAKERound1Payload)}.
- * <p/>
  */
 public class JPAKERound1Payload
 {
@@ -39,15 +36,17 @@ public class JPAKERound1Payload
 
     /**
      * The zero knowledge proof for x1.
-     * <p/>
+     * <p>
      * This is a two element array, containing {g^v, r} for x1.
+     * </p>
      */
     private final BigInteger[] knowledgeProofForX1;
 
     /**
      * The zero knowledge proof for x2.
-     * <p/>
+     * <p>
      * This is a two element array, containing {g^v, r} for x2.
+     * </p>
      */
     private final BigInteger[] knowledgeProofForX2;
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.java
index 8800cf5..af3cb5f 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.java
@@ -6,19 +6,16 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * The payload sent/received during the second round of a J-PAKE exchange.
- * <p/>
- * <p/>
+ * <p>
  * Each {@link JPAKEParticipant} creates and sends an instance
  * of this payload to the other {@link JPAKEParticipant}.
  * The payload to send should be created via
  * {@link JPAKEParticipant#createRound2PayloadToSend()}
- * <p/>
- * <p/>
+ * <p>
  * Each {@link JPAKEParticipant} must also validate the payload
  * received from the other {@link JPAKEParticipant}.
  * The received payload should be validated via
  * {@link JPAKEParticipant#validateRound2PayloadReceived(JPAKERound2Payload)}
- * <p/>
  */
 public class JPAKERound2Payload
 {
@@ -34,8 +31,9 @@ public class JPAKERound2Payload
 
     /**
      * The zero knowledge proof for x2 * s.
-     * <p/>
+     * <p>
      * This is a two element array, containing {g^v, r} for x2 * s.
+     * </p>
      */
     private final BigInteger[] knowledgeProofForX2s;
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.java
index c1255df..0fe1cba 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.java
@@ -5,19 +5,16 @@ import java.math.BigInteger;
 /**
  * The payload sent/received during the optional third round of a J-PAKE exchange,
  * which is for explicit key confirmation.
- * <p/>
- * <p/>
+ * <p>
  * Each {@link JPAKEParticipant} creates and sends an instance
  * of this payload to the other {@link JPAKEParticipant}.
  * The payload to send should be created via
  * {@link JPAKEParticipant#createRound3PayloadToSend(BigInteger)}
- * <p/>
- * <p/>
+ * <p>
  * Each {@link JPAKEParticipant} must also validate the payload
  * received from the other {@link JPAKEParticipant}.
  * The received payload should be validated via
  * {@link JPAKEParticipant#validateRound3PayloadReceived(JPAKERound3Payload, BigInteger)}
- * <p/>
  */
 public class JPAKERound3Payload
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.java
index 416152e..0a6c5fe 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.java
@@ -14,13 +14,11 @@ import org.bouncycastle.util.Strings;
 
 /**
  * Primitives needed for a J-PAKE exchange.
- * <p/>
- * <p/>
+ * <p>
  * The recommended way to perform a J-PAKE exchange is by using
  * two {@link JPAKEParticipant}s.  Internally, those participants
  * call these primitive operations in {@link JPAKEUtil}.
- * <p/>
- * <p/>
+ * <p>
  * The primitives, however, can be used without a {@link JPAKEParticipant}
  * if needed.
  */
@@ -31,8 +29,7 @@ public class JPAKEUtil
 
     /**
      * Return a value that can be used as x1 or x3 during round 1.
-     * <p/>
-     * <p/>
+     * <p>
      * The returned value is a random value in the range <tt>[0, q-1]</tt>.
      */
     public static BigInteger generateX1(
@@ -46,8 +43,7 @@ public class JPAKEUtil
 
     /**
      * Return a value that can be used as x2 or x4 during round 1.
-     * <p/>
-     * <p/>
+     * <p>
      * The returned value is a random value in the range <tt>[1, q-1]</tt>.
      */
     public static BigInteger generateX2(
@@ -188,10 +184,9 @@ public class JPAKEUtil
 
     /**
      * Validates that ga is not 1.
-     * <p/>
-     * <p/>
+     * <p>
      * As described by Feng Hao...
-     * <p/>
+     * <p>
      * <blockquote>
      * Alice could simply check ga != 1 to ensure it is a generator.
      * In fact, as we will explain in Section 3, (x1 + x3 + x4 ) is random over Zq even in the face of active attacks.
@@ -250,8 +245,6 @@ public class JPAKEUtil
      * Calculates the keying material, which can be done after round 2 has completed.
      * A session key must be derived from this key material using a secure key derivation function (KDF).
      * The KDF used to derive the key is handled externally (i.e. not by {@link JPAKEParticipant}).
-     * <p/>
-     * <p/>
      * <pre>
      * KeyingMaterial = (B/g^{x2*x4*s})^x2
      * </pre>
@@ -326,8 +319,6 @@ public class JPAKEUtil
      * Calculates the MacTag (to be used for key confirmation), as defined by
      * <a href="http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf">NIST SP 800-56A Revision 1</a>,
      * Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes.
-     * <p/>
-     * <p/>
      * <pre>
      * MacTag = HMAC(MacKey, MacLen, MacData)
      *
@@ -339,10 +330,9 @@ public class JPAKEUtil
      * is always the initiator for key confirmation.
      *
      * HMAC = {@link HMac} used with the given {@link Digest}
-     * H = The given {@link Digest}</li>
+     * H = The given {@link Digest}
      * MacLen = length of MacTag
      * </pre>
-     * <p/>
      */
     public static BigInteger calculateMacTag(
         String participantId,
@@ -383,8 +373,6 @@ public class JPAKEUtil
 
     /**
      * Calculates the MacKey (i.e. the key to use when calculating the MagTag for key confirmation).
-     * <p/>
-     * <p/>
      * <pre>
      * MacKey = H(K || "JPAKE_KC")
      * </pre>
@@ -407,7 +395,6 @@ public class JPAKEUtil
 
     /**
      * Validates the MacTag received from the partner participant.
-     * <p/>
      *
      * @param partnerMacTag the MacTag received from the partner.
      * @throws CryptoException if the participantId strings are equal.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/package.html
new file mode 100644
index 0000000..df16b4f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/jpake/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for Password Authenticated Key Exchange by Juggling (J-PAKE) key exchange.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.java
index ae551dd..315c548 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.java
@@ -1,7 +1,6 @@
 package org.bouncycastle.crypto.agreement.kdf;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.crypto.DerivationParameters;
 
 public class DHKDFParameters
@@ -13,7 +12,7 @@ public class DHKDFParameters
     private byte[] extraInfo;
 
     public DHKDFParameters(
-        DERObjectIdentifier algorithm,
+        ASN1ObjectIdentifier algorithm,
         int keySize,
         byte[] z)
     {
@@ -21,12 +20,12 @@ public class DHKDFParameters
     }
 
     public DHKDFParameters(
-        DERObjectIdentifier algorithm,
+        ASN1ObjectIdentifier algorithm,
         int keySize,
         byte[] z,
         byte[] extraInfo)
     {
-        this.algorithm = new ASN1ObjectIdentifier(algorithm.getId());
+        this.algorithm = algorithm;
         this.keySize = keySize;
         this.z = z;
         this.extraInfo = extraInfo;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java
index 947bc5c..6feb507 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java
@@ -4,7 +4,7 @@ import java.io.IOException;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
@@ -12,7 +12,7 @@ import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.DerivationFunction;
 import org.bouncycastle.crypto.DerivationParameters;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Pack;
 
 /**
  * RFC 2631 Diffie-hellman KEK derivation function.
@@ -22,7 +22,7 @@ public class DHKEKGenerator
 {
     private final Digest digest;
 
-    private DERObjectIdentifier algorithm;
+    private ASN1ObjectIdentifier algorithm;
     private int                 keySize;
     private byte[]              z;
     private byte[]              partyAInfo;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.java
index 500b1dd..5d15b99 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.java
@@ -16,7 +16,7 @@ import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.DigestDerivationFunction;
 import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
 import org.bouncycastle.crypto.params.KDFParameters;
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Pack;
 
 /**
  * X9.63 based key derivation function for ECDH CMS.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/package.html
new file mode 100644
index 0000000..a00160f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/kdf/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for KDF based key derivation functions.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/package.html
new file mode 100644
index 0000000..4b49331
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Basic key agreement classes.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Client.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Client.java
index 4df9023..436a94c 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Client.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Client.java
@@ -5,6 +5,7 @@ import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.CryptoException;
 import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
 
 /**
  * Implements the client side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe.
@@ -25,6 +26,10 @@ public class SRP6Client
     protected BigInteger u;
     protected BigInteger S;
 
+    protected BigInteger M1;
+	protected BigInteger M2;
+	protected BigInteger Key;
+	
     protected Digest digest;
     protected SecureRandom random;
 
@@ -47,6 +52,11 @@ public class SRP6Client
         this.random = random;
     }
 
+    public void init(SRP6GroupParameters group, Digest digest, SecureRandom random)
+    {
+        init(group.getN(), group.getG(), digest, random);
+    }
+
     /**
      * Generates client's credentials given the client's salt, identity and password
      * @param salt The salt used in the client's verifier.
@@ -64,7 +74,7 @@ public class SRP6Client
     }
 
     /**
-     * Generates client's verification message given the server's credentials
+     * Generates the secret S given the server's credentials
      * @param serverB The server's credentials
      * @return Client's verification message for the server
      * @throws CryptoException If server's credentials are invalid
@@ -90,4 +100,57 @@ public class SRP6Client
         BigInteger tmp = g.modPow(x, N).multiply(k).mod(N);
         return B.subtract(tmp).mod(N).modPow(exp, N);
     }
+    
+    /**
+	 * Computes the client evidence message M1 using the previously received values.
+	 * To be called after calculating the secret S.
+	 * @return M1: the client side generated evidence message
+	 * @throws CryptoException
+	 */
+	public BigInteger calculateClientEvidenceMessage() throws CryptoException{
+		// verify pre-requirements
+		if ((this.A==null)||(this.B==null)||(this.S==null)){
+			throw new CryptoException("Impossible to compute M1: " +
+					"some data are missing from the previous operations (A,B,S)");
+		}
+		// compute the client evidence message 'M1'
+		this.M1 = SRP6Util.calculateM1(digest, N, A, B, S);  
+		return M1;
+	}
+
+	/** Authenticates the server evidence message M2 received and saves it only if correct.
+	 * @param M2: the server side generated evidence message
+	 * @return A boolean indicating if the server message M2 was the expected one.
+	 * @throws CryptoException
+	 */
+	public boolean verifyServerEvidenceMessage(BigInteger serverM2) throws CryptoException{
+		//verify pre-requirements
+		if ((this.A==null)||(this.M1==null)||(this.S==null)){
+			throw new CryptoException("Impossible to compute and verify M2: " +
+					"some data are missing from the previous operations (A,M1,S)");
+		}
+		// Compute the own server evidence message 'M2'
+		BigInteger computedM2 = SRP6Util.calculateM2(digest, N, A, M1, S);
+		if (computedM2.equals(serverM2)){
+			this.M2 = serverM2;
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Computes the final session key as a result of the SRP successful mutual authentication
+	 * To be called after verifying the server evidence message M2.
+	 * @return Key: the mutually authenticated symmetric session key
+	 * @throws CryptoException
+	 */
+	public BigInteger calculateSessionKey() throws CryptoException{
+		//verify pre-requirements (here we enforce a previous calculation of M1 and M2)
+		if ((this.S==null)||(this.M1==null)||(this.M2==null)){
+			throw new CryptoException("Impossible to compute Key: " +
+					"some data are missing from the previous operations (S,M1,M2)");
+		}
+		this.Key = SRP6Util.calculateKey(digest, N, S);
+		return Key;
+	}
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Server.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Server.java
index fb20838..c0cc7bf 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Server.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Server.java
@@ -5,6 +5,7 @@ import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.CryptoException;
 import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
 
 /**
  * Implements the server side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe.
@@ -27,7 +28,10 @@ public class SRP6Server
 
     protected BigInteger u;
     protected BigInteger S;
-
+    protected BigInteger M1;
+	protected BigInteger M2;
+	protected BigInteger Key;
+	
     public SRP6Server()
     {
     }
@@ -50,6 +54,11 @@ public class SRP6Server
         this.digest = digest;
     }
 
+    public void init(SRP6GroupParameters group, BigInteger v, Digest digest, SecureRandom random)
+    {
+        init(group.getN(), group.getG(), v, digest, random);
+    }
+
     /**
      * Generates the server's credentials that are to be sent to the client.
      * @return The server's public value to the client
@@ -87,4 +96,59 @@ public class SRP6Server
     {
         return v.modPow(u, N).multiply(A).mod(N).modPow(b, N);
     }
+    
+    /** 
+	 * Authenticates the received client evidence message M1 and saves it only if correct.
+	 * To be called after calculating the secret S.
+	 * @param M1: the client side generated evidence message
+	 * @return A boolean indicating if the client message M1 was the expected one.
+	 * @throws CryptoException 
+	 */
+	public boolean verifyClientEvidenceMessage(BigInteger clientM1) throws CryptoException{
+		//verify pre-requirements
+		if ((this.A==null)||(this.B==null)||(this.S==null)){
+			throw new CryptoException("Impossible to compute and verify M1: " +
+					"some data are missing from the previous operations (A,B,S)");
+		}
+		// Compute the own client evidence message 'M1'
+		BigInteger computedM1 = SRP6Util.calculateM1(digest, N, A, B, S);
+		if (computedM1.equals(clientM1)){
+			this.M1 = clientM1;
+			return true;
+		}
+		return false;
+	}
+	
+	/**
+	 * Computes the server evidence message M2 using the previously verified values.
+	 * To be called after successfully verifying the client evidence message M1.
+	 * @return M2: the server side generated evidence message
+	 * @throws CryptoException
+	 */
+	public BigInteger calculateServerEvidenceMessage() throws CryptoException{
+		//verify pre-requirements
+		if ((this.A==null)||(this.M1==null)||(this.S==null)){
+			throw new CryptoException("Impossible to compute M2: " +
+					"some data are missing from the previous operations (A,M1,S)");
+		}
+		// Compute the server evidence message 'M2'
+		this.M2 = SRP6Util.calculateM2(digest, N, A, M1, S);  
+		return M2;
+	}
+	
+	/**
+	 * Computes the final session key as a result of the SRP successful mutual authentication
+	 * To be called after calculating the server evidence message M2.
+	 * @return Key: the mutual authenticated symmetric session key
+	 * @throws CryptoException
+	 */
+	public BigInteger calculateSessionKey() throws CryptoException{
+		//verify pre-requirements
+		if ((this.S==null)||(this.M1==null)||(this.M2==null)){
+			throw new CryptoException("Impossible to compute Key: " +
+					"some data are missing from the previous operations (S,M1,M2)");
+		}
+		this.Key = SRP6Util.calculateKey(digest, N, S);
+		return Key;
+	}
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6StandardGroups.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6StandardGroups.java
new file mode 100644
index 0000000..cc8b356
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6StandardGroups.java
@@ -0,0 +1,157 @@
+package org.bouncycastle.crypto.agreement.srp;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
+import org.bouncycastle.util.encoders.Hex;
+
+public class SRP6StandardGroups
+{
+    private static BigInteger fromHex(String hex)
+    {
+        return new BigInteger(1, Hex.decode(hex));
+    }
+
+    private static SRP6GroupParameters fromNG(String hexN, String hexG)
+    {
+        return new SRP6GroupParameters(fromHex(hexN), fromHex(hexG));
+    }
+
+    /*
+     * RFC 5054
+     */
+    private static final String rfc5054_1024_N = "EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C"
+        + "9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE4"
+        + "8E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B29"
+        + "7BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9A" + "FD5138FE8376435B9FC61D2FC0EB06E3";
+    private static final String rfc5054_1024_g = "02";
+    public static final SRP6GroupParameters rfc5054_1024 = fromNG(rfc5054_1024_N, rfc5054_1024_g);
+
+    private static final String rfc5054_1536_N = "9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA961"
+        + "4B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F843"
+        + "80B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0B"
+        + "E3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF5"
+        + "6EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734A"
+        + "F7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E"
+        + "8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB";
+    private static final String rfc5054_1536_g = "02";
+    public static final SRP6GroupParameters rfc5054_1536 = fromNG(rfc5054_1536_N, rfc5054_1536_g);
+
+    private static final String rfc5054_2048_N = "AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC319294"
+        + "3DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310D"
+        + "CD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FB"
+        + "D5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF74"
+        + "7359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A"
+        + "436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D"
+        + "5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E73"
+        + "03CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB6"
+        + "94B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F" + "9E4AFF73";
+    private static final String rfc5054_2048_g = "02";
+    public static final SRP6GroupParameters rfc5054_2048 = fromNG(rfc5054_2048_N, rfc5054_2048_g);
+
+    private static final String rfc5054_3072_N = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+        + "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+        + "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+        + "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+        + "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+        + "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+        + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+        + "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+        + "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+        + "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+        + "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+        + "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+        + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC" + "E0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
+    private static final String rfc5054_3072_g = "05";
+    public static final SRP6GroupParameters rfc5054_3072 = fromNG(rfc5054_3072_N, rfc5054_3072_g);
+
+    private static final String rfc5054_4096_N = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+        + "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+        + "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+        + "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+        + "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+        + "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+        + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+        + "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+        + "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+        + "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+        + "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+        + "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+        + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
+        + "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
+        + "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
+        + "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
+        + "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
+        + "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" + "FFFFFFFFFFFFFFFF";
+    private static final String rfc5054_4096_g = "05";
+    public static final SRP6GroupParameters rfc5054_4096 = fromNG(rfc5054_4096_N, rfc5054_4096_g);
+
+    private static final String rfc5054_6144_N = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+        + "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+        + "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+        + "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+        + "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+        + "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+        + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+        + "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+        + "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+        + "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+        + "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+        + "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+        + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
+        + "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
+        + "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
+        + "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
+        + "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
+        + "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+        + "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
+        + "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
+        + "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
+        + "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
+        + "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
+        + "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+        + "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
+        + "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
+        + "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E" + "6DCC4024FFFFFFFFFFFFFFFF";
+    private static final String rfc5054_6144_g = "05";
+    public static final SRP6GroupParameters rfc5054_6144 = fromNG(rfc5054_6144_N, rfc5054_6144_g);
+
+    private static final String rfc5054_8192_N = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+        + "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+        + "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+        + "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+        + "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
+        + "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+        + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
+        + "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
+        + "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
+        + "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
+        + "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
+        + "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+        + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
+        + "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
+        + "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
+        + "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
+        + "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
+        + "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+        + "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
+        + "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
+        + "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
+        + "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
+        + "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
+        + "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+        + "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
+        + "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
+        + "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
+        + "6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA"
+        + "3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C"
+        + "5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
+        + "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC886"
+        + "2F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A6"
+        + "6D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC5"
+        + "0846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268"
+        + "359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6"
+        + "FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" + "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
+    private static final String rfc5054_8192_g = "13";
+    public static final SRP6GroupParameters rfc5054_8192 = fromNG(rfc5054_8192_N, rfc5054_8192_g);
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java
index ad5ceac..6bcf018 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java
@@ -60,6 +60,69 @@ public class SRP6Util
 
         return val;
     }
+    /** 
+	 * Computes the client evidence message (M1) according to the standard routine:
+	 * M1 = H( A | B | S )
+	 * @param digest The Digest used as the hashing function H
+	 * @param N Modulus used to get the pad length
+	 * @param A The public client value
+	 * @param B The public server value
+	 * @param S The secret calculated by both sides
+	 * @return M1 The calculated client evidence message
+	 */
+	public static BigInteger calculateM1(Digest digest, BigInteger N, BigInteger A, BigInteger B, BigInteger S) {
+		BigInteger M1 = hashPaddedTriplet(digest,N,A,B,S);
+		return M1;
+	}
+
+	/** 
+	 * Computes the server evidence message (M2) according to the standard routine:
+	 * M2 = H( A | M1 | S )
+	 * @param digest The Digest used as the hashing function H
+	 * @param N Modulus used to get the pad length
+	 * @param A The public client value
+	 * @param M1 The client evidence message
+	 * @param S The secret calculated by both sides
+	 * @return M2 The calculated server evidence message
+	 */
+	public static BigInteger calculateM2(Digest digest, BigInteger N, BigInteger A, BigInteger M1, BigInteger S){
+		BigInteger M2 = hashPaddedTriplet(digest,N,A,M1,S);
+		return M2;
+	}
+
+	/**
+	 * Computes the final Key according to the standard routine: Key = H(S)
+	 * @param digest The Digest used as the hashing function H
+	 * @param N Modulus used to get the pad length
+	 * @param S The secret calculated by both sides
+	 * @return
+	 */
+	public static BigInteger calculateKey(Digest digest, BigInteger N, BigInteger S) {
+		int padLength = (N.bitLength() + 7) / 8;
+		byte[] _S = getPadded(S,padLength);
+		digest.update(_S, 0, _S.length);
+		
+		byte[] output = new byte[digest.getDigestSize()];
+        digest.doFinal(output, 0);
+        return new BigInteger(1, output);
+	}
+	
+	private static BigInteger hashPaddedTriplet(Digest digest, BigInteger N, BigInteger n1, BigInteger n2, BigInteger n3){
+        int padLength = (N.bitLength() + 7) / 8;
+
+        byte[] n1_bytes = getPadded(n1, padLength);
+        byte[] n2_bytes = getPadded(n2, padLength);
+        byte[] n3_bytes = getPadded(n3, padLength);
+
+        digest.update(n1_bytes, 0, n1_bytes.length);
+        digest.update(n2_bytes, 0, n2_bytes.length);
+        digest.update(n3_bytes, 0, n3_bytes.length);
+
+        byte[] output = new byte[digest.getDigestSize()];
+        digest.doFinal(output, 0);
+
+        return new BigInteger(1, output);
+    }
 
     private static BigInteger hashPaddedPair(Digest digest, BigInteger N, BigInteger n1, BigInteger n2)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.java
index 631ecc6..e0ae200 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.java
@@ -3,6 +3,7 @@ package org.bouncycastle.crypto.agreement.srp;
 import java.math.BigInteger;
 
 import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
 
 /**
  * Generates new SRP verifier for user
@@ -31,6 +32,13 @@ public class SRP6VerifierGenerator
         this.digest = digest;
     }
 
+    public void init(SRP6GroupParameters group, Digest digest)
+    {
+        this.N = group.getN();
+        this.g = group.getG();
+        this.digest = digest;
+    }
+
     /**
      * Creates a new SRP verifier
      * @param salt The salt to use, generally should be large and random
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/package.html
new file mode 100644
index 0000000..c125ffe
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/srp/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Support classes for Secure Remote Password (SRP) protocol.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/AllTests.java
new file mode 100644
index 0000000..cb5a862
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/AllTests.java
@@ -0,0 +1,25 @@
+package org.bouncycastle.crypto.agreement.test;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+public class AllTests
+    extends TestCase
+{
+    public static void main(String[] args)
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("JPKAE Engine Tests");
+
+        suite.addTestSuite(JPAKEParticipantTest.class);
+        suite.addTestSuite(JPAKEPrimeOrderGroupTest.class);
+        suite.addTestSuite(JPAKEUtilTest.class);
+
+        return suite;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/JPAKEParticipantTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/JPAKEParticipantTest.java
new file mode 100644
index 0000000..c6ecba2
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/JPAKEParticipantTest.java
@@ -0,0 +1,561 @@
+package org.bouncycastle.crypto.agreement.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.agreement.jpake.JPAKEParticipant;
+import org.bouncycastle.crypto.agreement.jpake.JPAKEPrimeOrderGroup;
+import org.bouncycastle.crypto.agreement.jpake.JPAKEPrimeOrderGroups;
+import org.bouncycastle.crypto.agreement.jpake.JPAKERound1Payload;
+import org.bouncycastle.crypto.agreement.jpake.JPAKERound2Payload;
+import org.bouncycastle.crypto.agreement.jpake.JPAKERound3Payload;
+import org.bouncycastle.crypto.agreement.jpake.JPAKEUtil;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+
+public class JPAKEParticipantTest
+    extends TestCase
+{
+
+    public void testConstruction()
+        throws CryptoException
+    {
+        JPAKEPrimeOrderGroup group = JPAKEPrimeOrderGroups.SUN_JCE_1024;
+        SecureRandom random = new SecureRandom();
+        Digest digest = new SHA256Digest();
+        String participantId = "participantId";
+        char[] password = "password".toCharArray();
+
+        // should succeed
+        new JPAKEParticipant(participantId, password, group, digest, random);
+
+        // null participantId
+        try
+        {
+            new JPAKEParticipant(null, password, group, digest, random);
+            fail();
+        }
+        catch (NullPointerException e)
+        {
+            // pass
+        }
+
+        // null password
+        try
+        {
+            new JPAKEParticipant(participantId, null, group, digest, random);
+            fail();
+        }
+        catch (NullPointerException e)
+        {
+            // pass
+        }
+
+        // empty password
+        try
+        {
+            new JPAKEParticipant(participantId, "".toCharArray(), group, digest, random);
+            fail();
+        }
+        catch (IllegalArgumentException e)
+        {
+            // pass
+        }
+
+        // null group
+        try
+        {
+            new JPAKEParticipant(participantId, password, null, digest, random);
+            fail();
+        }
+        catch (NullPointerException e)
+        {
+            // pass
+        }
+
+        // null digest
+        try
+        {
+            new JPAKEParticipant(participantId, password, group, null, random);
+            fail();
+        }
+        catch (NullPointerException e)
+        {
+            // pass
+        }
+
+        // null random
+        try
+        {
+            new JPAKEParticipant(participantId, password, group, digest, null);
+            fail();
+        }
+        catch (NullPointerException e)
+        {
+            // pass
+        }
+    }
+
+    public void testSuccessfulExchange()
+        throws CryptoException
+    {
+
+        JPAKEParticipant alice = createAlice();
+        JPAKEParticipant bob = createBob();
+
+        ExchangeAfterRound2Creation exchange = runExchangeUntilRound2Creation(alice, bob);
+
+        alice.validateRound2PayloadReceived(exchange.bobRound2Payload);
+        bob.validateRound2PayloadReceived(exchange.aliceRound2Payload);
+
+        BigInteger aliceKeyingMaterial = alice.calculateKeyingMaterial();
+        BigInteger bobKeyingMaterial = bob.calculateKeyingMaterial();
+
+        JPAKERound3Payload aliceRound3Payload = alice.createRound3PayloadToSend(aliceKeyingMaterial);
+        JPAKERound3Payload bobRound3Payload = bob.createRound3PayloadToSend(bobKeyingMaterial);
+
+        alice.validateRound3PayloadReceived(bobRound3Payload, aliceKeyingMaterial);
+        bob.validateRound3PayloadReceived(aliceRound3Payload, bobKeyingMaterial);
+
+        assertEquals(aliceKeyingMaterial, bobKeyingMaterial);
+
+    }
+
+    public void testIncorrectPassword()
+        throws CryptoException
+    {
+
+        JPAKEParticipant alice = createAlice();
+        JPAKEParticipant bob = createBobWithWrongPassword();
+
+        ExchangeAfterRound2Creation exchange = runExchangeUntilRound2Creation(alice, bob);
+
+        alice.validateRound2PayloadReceived(exchange.bobRound2Payload);
+        bob.validateRound2PayloadReceived(exchange.aliceRound2Payload);
+
+        BigInteger aliceKeyingMaterial = alice.calculateKeyingMaterial();
+        BigInteger bobKeyingMaterial = bob.calculateKeyingMaterial();
+
+        JPAKERound3Payload aliceRound3Payload = alice.createRound3PayloadToSend(aliceKeyingMaterial);
+        JPAKERound3Payload bobRound3Payload = bob.createRound3PayloadToSend(bobKeyingMaterial);
+
+        try
+        {
+            alice.validateRound3PayloadReceived(bobRound3Payload, aliceKeyingMaterial);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        try
+        {
+            bob.validateRound3PayloadReceived(aliceRound3Payload, bobKeyingMaterial);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+    }
+
+    /**
+     * Tests that {@link JPAKEParticipant} throws appropriate {@link IllegalStateException}s
+     * when the methods are called in the wrong order.
+     */
+    public void testStateValidation()
+        throws CryptoException
+    {
+
+        JPAKEParticipant alice = createAlice();
+        JPAKEParticipant bob = createBob();
+
+        // We're testing alice here. Bob is just used for help.
+
+        // START ROUND 1 CHECKS
+
+        assertEquals(JPAKEParticipant.STATE_INITIALIZED, alice.getState());
+
+        // create round 2 before round 1
+        try
+        {
+            alice.createRound2PayloadToSend();
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        JPAKERound1Payload aliceRound1Payload = alice.createRound1PayloadToSend();
+
+        assertEquals(JPAKEParticipant.STATE_ROUND_1_CREATED, alice.getState());
+
+        // create round 1 payload twice
+        try
+        {
+            alice.createRound1PayloadToSend();
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        // create round 2 before validating round 1
+        try
+        {
+            alice.createRound2PayloadToSend();
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        // validate round 2 before validating round 1
+        try
+        {
+            alice.validateRound2PayloadReceived(null);
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        JPAKERound1Payload bobRound1Payload = bob.createRound1PayloadToSend();
+
+        alice.validateRound1PayloadReceived(bobRound1Payload);
+
+        assertEquals(JPAKEParticipant.STATE_ROUND_1_VALIDATED, alice.getState());
+
+        // validate round 1 payload twice
+        try
+        {
+            alice.validateRound1PayloadReceived(bobRound1Payload);
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        bob.validateRound1PayloadReceived(aliceRound1Payload);
+
+        // START ROUND 2 CHECKS
+
+        JPAKERound2Payload aliceRound2Payload = alice.createRound2PayloadToSend();
+
+        assertEquals(JPAKEParticipant.STATE_ROUND_2_CREATED, alice.getState());
+
+        // create round 2 payload twice
+        try
+        {
+            alice.createRound2PayloadToSend();
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        // create key before validating round 2
+        try
+        {
+            alice.calculateKeyingMaterial();
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        // validate round 3 before validating round 2
+        try
+        {
+            alice.validateRound3PayloadReceived(null, null);
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        JPAKERound2Payload bobRound2Payload = bob.createRound2PayloadToSend();
+
+        alice.validateRound2PayloadReceived(bobRound2Payload);
+
+        assertEquals(JPAKEParticipant.STATE_ROUND_2_VALIDATED, alice.getState());
+
+        // validate round 2 payload twice
+        try
+        {
+            alice.validateRound2PayloadReceived(bobRound2Payload);
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        bob.validateRound2PayloadReceived(aliceRound2Payload);
+
+        // create round 3 before calculating key
+        try
+        {
+            alice.createRound3PayloadToSend(BigInteger.ONE);
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        // START KEY CALCULATION CHECKS
+
+        BigInteger aliceKeyingMaterial = alice.calculateKeyingMaterial();
+
+        assertEquals(JPAKEParticipant.STATE_KEY_CALCULATED, alice.getState());
+
+        // calculate key twice
+        try
+        {
+            alice.calculateKeyingMaterial();
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        BigInteger bobKeyingMaterial = bob.calculateKeyingMaterial();
+
+        // START ROUND 3 CHECKS
+
+        JPAKERound3Payload aliceRound3Payload = alice.createRound3PayloadToSend(aliceKeyingMaterial);
+
+        assertEquals(JPAKEParticipant.STATE_ROUND_3_CREATED, alice.getState());
+
+        // create round 3 payload twice
+        try
+        {
+            alice.createRound3PayloadToSend(aliceKeyingMaterial);
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        JPAKERound3Payload bobRound3Payload = bob.createRound3PayloadToSend(bobKeyingMaterial);
+
+        alice.validateRound3PayloadReceived(bobRound3Payload, aliceKeyingMaterial);
+
+        assertEquals(JPAKEParticipant.STATE_ROUND_3_VALIDATED, alice.getState());
+
+        // validate round 3 payload twice
+        try
+        {
+            alice.validateRound3PayloadReceived(bobRound3Payload, aliceKeyingMaterial);
+            fail();
+        }
+        catch (IllegalStateException e)
+        {
+            // pass
+        }
+
+        bob.validateRound3PayloadReceived(aliceRound3Payload, bobKeyingMaterial);
+
+
+    }
+
+    /**
+     * Tests that {@link JPAKEParticipant#validateRound1PayloadReceived(JPAKERound1Payload)}
+     * calls the appropriate validate methods in {@link JPAKEUtil}.
+     * Note that {@link JPAKEUtilTest} tests the individual validate methods
+     * called by {@link JPAKEParticipant} more extensively.
+     */
+    public void testValidateRound1PayloadReceived()
+        throws CryptoException
+    {
+
+        // We're testing alice here. Bob is just used for help.
+
+        JPAKERound1Payload bobRound1Payload = createBob().createRound1PayloadToSend();
+
+        // should succeed
+        createAlice().validateRound1PayloadReceived(bobRound1Payload);
+
+        // alice verifies alice's payload
+        try
+        {
+            JPAKEParticipant alice = createAlice();
+            alice.validateRound1PayloadReceived(alice.createRound1PayloadToSend());
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // g^x4 == 1
+        try
+        {
+            createAlice().validateRound1PayloadReceived(new JPAKERound1Payload(
+                bobRound1Payload.getParticipantId(),
+                bobRound1Payload.getGx1(),
+                BigInteger.ONE,
+                bobRound1Payload.getKnowledgeProofForX1(),
+                bobRound1Payload.getKnowledgeProofForX2()));
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // zero knowledge proof for x3 fails
+        try
+        {
+            JPAKERound1Payload bobRound1Payload2 = createBob().createRound1PayloadToSend();
+            createAlice().validateRound1PayloadReceived(new JPAKERound1Payload(
+                bobRound1Payload.getParticipantId(),
+                bobRound1Payload.getGx1(),
+                bobRound1Payload.getGx2(),
+                bobRound1Payload2.getKnowledgeProofForX1(),
+                bobRound1Payload.getKnowledgeProofForX2()));
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // zero knowledge proof for x4 fails
+        try
+        {
+            JPAKERound1Payload bobRound1Payload2 = createBob().createRound1PayloadToSend();
+            createAlice().validateRound1PayloadReceived(new JPAKERound1Payload(
+                bobRound1Payload.getParticipantId(),
+                bobRound1Payload.getGx1(),
+                bobRound1Payload.getGx2(),
+                bobRound1Payload.getKnowledgeProofForX1(),
+                bobRound1Payload2.getKnowledgeProofForX2()));
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+    }
+
+    /**
+     * Tests that {@link JPAKEParticipant#validateRound2PayloadReceived(JPAKERound2Payload)}
+     * calls the appropriate validate methods in {@link JPAKEUtil}.
+     * Note that {@link JPAKEUtilTest} tests the individual validate methods
+     * called by {@link JPAKEParticipant} more extensively.
+     */
+    public void testValidateRound2PayloadReceived()
+        throws CryptoException
+    {
+
+        // We're testing alice here. Bob is just used for help.
+
+        // should succeed
+        ExchangeAfterRound2Creation exchange1 = runExchangeUntilRound2Creation(createAlice(), createBob());
+        exchange1.alice.validateRound2PayloadReceived(exchange1.bobRound2Payload);
+
+        // alice verifies alice's payload
+        ExchangeAfterRound2Creation exchange2 = runExchangeUntilRound2Creation(createAlice(), createBob());
+        try
+        {
+            exchange2.alice.validateRound2PayloadReceived(exchange2.aliceRound2Payload);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // wrong z
+        ExchangeAfterRound2Creation exchange3 = runExchangeUntilRound2Creation(createAlice(), createBob());
+        ExchangeAfterRound2Creation exchange4 = runExchangeUntilRound2Creation(createAlice(), createBob());
+        try
+        {
+            exchange3.alice.validateRound2PayloadReceived(exchange4.bobRound2Payload);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+    }
+
+    private static class ExchangeAfterRound2Creation
+    {
+
+        public JPAKEParticipant alice;
+        public JPAKERound2Payload aliceRound2Payload;
+        public JPAKERound2Payload bobRound2Payload;
+
+        public ExchangeAfterRound2Creation(
+            JPAKEParticipant alice,
+            JPAKERound2Payload aliceRound2Payload,
+            JPAKERound2Payload bobRound2Payload)
+        {
+            this.alice = alice;
+            this.aliceRound2Payload = aliceRound2Payload;
+            this.bobRound2Payload = bobRound2Payload;
+        }
+
+    }
+
+    private ExchangeAfterRound2Creation runExchangeUntilRound2Creation(JPAKEParticipant alice, JPAKEParticipant bob)
+        throws CryptoException
+    {
+        JPAKERound1Payload aliceRound1Payload = alice.createRound1PayloadToSend();
+        JPAKERound1Payload bobRound1Payload = bob.createRound1PayloadToSend();
+
+        alice.validateRound1PayloadReceived(bobRound1Payload);
+        bob.validateRound1PayloadReceived(aliceRound1Payload);
+
+        JPAKERound2Payload aliceRound2Payload = alice.createRound2PayloadToSend();
+        JPAKERound2Payload bobRound2Payload = bob.createRound2PayloadToSend();
+
+        return new ExchangeAfterRound2Creation(
+            alice,
+            aliceRound2Payload,
+            bobRound2Payload);
+    }
+
+    private JPAKEParticipant createAlice()
+    {
+        return createParticipant("alice", "password");
+    }
+
+    private JPAKEParticipant createBob()
+    {
+        return createParticipant("bob", "password");
+    }
+
+    private JPAKEParticipant createBobWithWrongPassword()
+    {
+        return createParticipant("bob", "wrong");
+    }
+
+    private JPAKEParticipant createParticipant(String participantId, String password)
+    {
+        return new JPAKEParticipant(
+            participantId,
+            password.toCharArray(),
+            JPAKEPrimeOrderGroups.SUN_JCE_1024);
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/JPAKEPrimeOrderGroupTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/JPAKEPrimeOrderGroupTest.java
new file mode 100644
index 0000000..7d22f16
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/JPAKEPrimeOrderGroupTest.java
@@ -0,0 +1,85 @@
+package org.bouncycastle.crypto.agreement.test;
+
+import java.math.BigInteger;
+
+import junit.framework.TestCase;
+import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.agreement.jpake.JPAKEPrimeOrderGroup;
+
+public class JPAKEPrimeOrderGroupTest
+    extends TestCase
+{
+
+    public void testConstruction()
+        throws CryptoException
+    {
+        // p-1 not evenly divisible by q
+        try
+        {
+            new JPAKEPrimeOrderGroup(BigInteger.valueOf(7), BigInteger.valueOf(5), BigInteger.valueOf(6));
+            fail();
+        }
+        catch (IllegalArgumentException e)
+        {
+            // pass
+        }
+
+        // g < 2
+        try
+        {
+            new JPAKEPrimeOrderGroup(BigInteger.valueOf(11), BigInteger.valueOf(5), BigInteger.valueOf(1));
+            fail();
+        }
+        catch (IllegalArgumentException e)
+        {
+            // pass
+        }
+
+        // g > p-1
+        try
+        {
+            new JPAKEPrimeOrderGroup(BigInteger.valueOf(11), BigInteger.valueOf(5), BigInteger.valueOf(11));
+            fail();
+        }
+        catch (IllegalArgumentException e)
+        {
+            // pass
+        }
+
+        // g^q mod p not equal 1
+        try
+        {
+            new JPAKEPrimeOrderGroup(BigInteger.valueOf(11), BigInteger.valueOf(5), BigInteger.valueOf(6));
+            fail();
+        }
+        catch (IllegalArgumentException e)
+        {
+            // pass
+        }
+
+        // p not prime
+        try
+        {
+            new JPAKEPrimeOrderGroup(BigInteger.valueOf(15), BigInteger.valueOf(2), BigInteger.valueOf(4));
+            fail();
+        }
+        catch (IllegalArgumentException e)
+        {
+            // pass
+        }
+
+        // q not prime
+        try
+        {
+            new JPAKEPrimeOrderGroup(BigInteger.valueOf(7), BigInteger.valueOf(6), BigInteger.valueOf(3));
+            fail();
+        }
+        catch (IllegalArgumentException e)
+        {
+            // pass
+        }
+
+        // should succeed
+        new JPAKEPrimeOrderGroup(BigInteger.valueOf(7), BigInteger.valueOf(3), BigInteger.valueOf(4));
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/JPAKEUtilTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/JPAKEUtilTest.java
new file mode 100644
index 0000000..20268b8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/agreement/test/JPAKEUtilTest.java
@@ -0,0 +1,267 @@
+package org.bouncycastle.crypto.agreement.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.agreement.jpake.JPAKEPrimeOrderGroup;
+import org.bouncycastle.crypto.agreement.jpake.JPAKEPrimeOrderGroups;
+import org.bouncycastle.crypto.agreement.jpake.JPAKEUtil;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+
+public class JPAKEUtilTest
+    extends TestCase
+{
+    private static final BigInteger TEN = BigInteger.valueOf(10);
+
+    public void testValidateGx4()
+        throws CryptoException
+    {
+        JPAKEUtil.validateGx4(TEN);
+
+        try
+        {
+            JPAKEUtil.validateGx4(BigInteger.ONE);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+    }
+
+    public void testValidateGa()
+        throws CryptoException
+    {
+        JPAKEUtil.validateGa(TEN);
+
+        try
+        {
+            JPAKEUtil.validateGa(BigInteger.ONE);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+    }
+
+    public void testValidateParticipantIdsDiffer()
+        throws CryptoException
+    {
+        JPAKEUtil.validateParticipantIdsDiffer("a", "b");
+        JPAKEUtil.validateParticipantIdsDiffer("a", "A");
+
+        try
+        {
+            JPAKEUtil.validateParticipantIdsDiffer("a", "a");
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+    }
+
+    public void testValidateParticipantIdsEqual()
+        throws CryptoException
+    {
+        JPAKEUtil.validateParticipantIdsEqual("a", "a");
+
+        try
+        {
+            JPAKEUtil.validateParticipantIdsEqual("a", "b");
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+    }
+
+    public void testValidateMacTag()
+        throws CryptoException
+    {
+        JPAKEPrimeOrderGroup pg1 = JPAKEPrimeOrderGroups.SUN_JCE_1024;
+
+        SecureRandom random = new SecureRandom();
+        Digest digest = new SHA256Digest();
+
+        BigInteger x1 = JPAKEUtil.generateX1(pg1.getQ(), random);
+        BigInteger x2 = JPAKEUtil.generateX2(pg1.getQ(), random);
+        BigInteger x3 = JPAKEUtil.generateX1(pg1.getQ(), random);
+        BigInteger x4 = JPAKEUtil.generateX2(pg1.getQ(), random);
+
+        BigInteger gx1 = JPAKEUtil.calculateGx(pg1.getP(), pg1.getG(), x1);
+        BigInteger gx2 = JPAKEUtil.calculateGx(pg1.getP(), pg1.getG(), x2);
+        BigInteger gx3 = JPAKEUtil.calculateGx(pg1.getP(), pg1.getG(), x3);
+        BigInteger gx4 = JPAKEUtil.calculateGx(pg1.getP(), pg1.getG(), x4);
+
+        BigInteger gB = JPAKEUtil.calculateGA(pg1.getP(), gx3, gx1, gx2);
+
+        BigInteger s = JPAKEUtil.calculateS("password".toCharArray());
+
+        BigInteger xs = JPAKEUtil.calculateX2s(pg1.getQ(), x4, s);
+
+        BigInteger B = JPAKEUtil.calculateA(pg1.getP(), pg1.getQ(), gB, xs);
+
+        BigInteger keyingMaterial = JPAKEUtil.calculateKeyingMaterial(pg1.getP(), pg1.getQ(), gx4, x2, s, B);
+
+        BigInteger macTag = JPAKEUtil.calculateMacTag("participantId", "partnerParticipantId", gx1, gx2, gx3, gx4, keyingMaterial, digest);
+
+        // should succed
+        JPAKEUtil.validateMacTag("partnerParticipantId", "participantId", gx3, gx4, gx1, gx2, keyingMaterial, digest, macTag);
+
+        // validating own macTag (as opposed to the other party's mactag)
+        try
+        {
+            JPAKEUtil.validateMacTag("participantId", "partnerParticipantId", gx1, gx2, gx3, gx4, keyingMaterial, digest, macTag);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // participant ids switched
+        try
+        {
+            JPAKEUtil.validateMacTag("participantId", "partnerParticipantId", gx3, gx4, gx1, gx2, keyingMaterial, digest, macTag);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+    }
+
+    public void testValidateNotNull()
+    {
+        JPAKEUtil.validateNotNull("a", "description");
+
+        try
+        {
+            JPAKEUtil.validateNotNull(null, "description");
+            fail();
+        }
+        catch (NullPointerException e)
+        {
+            // pass
+        }
+    }
+
+    public void testValidateZeroKnowledgeProof()
+        throws CryptoException
+    {
+        JPAKEPrimeOrderGroup pg1 = JPAKEPrimeOrderGroups.SUN_JCE_1024;
+
+        SecureRandom random = new SecureRandom();
+        Digest digest1 = new SHA256Digest();
+
+        BigInteger x1 = JPAKEUtil.generateX1(pg1.getQ(), random);
+        BigInteger gx1 = JPAKEUtil.calculateGx(pg1.getP(), pg1.getG(), x1);
+        String participantId1 = "participant1";
+
+        BigInteger[] zkp1 = JPAKEUtil.calculateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), gx1, x1, participantId1, digest1, random);
+
+        // should succeed
+        JPAKEUtil.validateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), gx1, zkp1, participantId1, digest1);
+
+        // wrong group
+        JPAKEPrimeOrderGroup pg2 = JPAKEPrimeOrderGroups.NIST_3072;
+        try
+        {
+            JPAKEUtil.validateZeroKnowledgeProof(pg2.getP(), pg2.getQ(), pg2.getG(), gx1, zkp1, participantId1, digest1);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // wrong digest
+        Digest digest2 = new SHA1Digest();
+        try
+        {
+            JPAKEUtil.validateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), gx1, zkp1, participantId1, digest2);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // wrong participant
+        String participantId2 = "participant2";
+        try
+        {
+            JPAKEUtil.validateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), gx1, zkp1, participantId2, digest1);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // wrong gx
+        BigInteger x2 = JPAKEUtil.generateX1(pg1.getQ(), random);
+        BigInteger gx2 = JPAKEUtil.calculateGx(pg1.getP(), pg1.getG(), x2);
+        try
+        {
+            JPAKEUtil.validateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), gx2, zkp1, participantId1, digest1);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // wrong zkp
+        BigInteger[] zkp2 = JPAKEUtil.calculateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), gx2, x2, participantId1, digest1, random);
+        try
+        {
+            JPAKEUtil.validateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), gx1, zkp2, participantId1, digest1);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // gx <= 0
+        try
+        {
+            JPAKEUtil.validateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), BigInteger.ZERO, zkp1, participantId1, digest1);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // gx >= p
+        try
+        {
+            JPAKEUtil.validateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), pg1.getP(), zkp1, participantId1, digest1);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+
+        // gx mod q == 1
+        try
+        {
+            JPAKEUtil.validateZeroKnowledgeProof(pg1.getP(), pg1.getQ(), pg1.getG(), pg1.getQ().add(BigInteger.ONE), zkp1, participantId1, digest1);
+            fail();
+        }
+        catch (CryptoException e)
+        {
+            // pass
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/commitments/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/commitments/package.html
new file mode 100644
index 0000000..5bab3fc
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/commitments/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Classes for supporting commitment calculation.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/EncodableDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/EncodableDigest.java
new file mode 100644
index 0000000..d79fece
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/EncodableDigest.java
@@ -0,0 +1,17 @@
+package org.bouncycastle.crypto.digests;
+
+/**
+ *  Encodable digests allow you to download an encoded copy of their internal state. This is useful for the situation where
+ *  you need to generate a signature on an external device and it allows for "sign with last round", so a copy of the
+ *  internal state of the digest, plus the last few blocks of the message are all that needs to be sent, rather than the
+ *  entire message.
+ */
+public interface EncodableDigest
+{
+    /**
+     * Return an encoded byte array for the digest's internal state
+     *
+     * @return an encoding of the digests internal state.
+     */
+    byte[] getEncodedState();
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java
index 38a52aa..2df2d51 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GOST3411Digest.java
@@ -5,9 +5,9 @@ import org.bouncycastle.crypto.ExtendedDigest;
 import org.bouncycastle.crypto.engines.GOST28147Engine;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithSBox;
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 
 /**
  * implementation of GOST R 34.11-94
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java
index 15f3ebb..29692ba 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java
@@ -2,6 +2,7 @@ package org.bouncycastle.crypto.digests;
 
 import org.bouncycastle.crypto.ExtendedDigest;
 import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 
 /**
  * base implementation of MD4 family style digest as outlined in
@@ -11,8 +12,9 @@ public abstract class GeneralDigest
     implements ExtendedDigest, Memoable
 {
     private static final int BYTE_LENGTH = 64;
-    private byte[]  xBuf;
-    private int     xBufOff;
+
+    private final byte[]  xBuf = new byte[4];
+    private int           xBufOff;
 
     private long    byteCount;
 
@@ -21,7 +23,6 @@ public abstract class GeneralDigest
      */
     protected GeneralDigest()
     {
-        xBuf = new byte[4];
         xBufOff = 0;
     }
 
@@ -32,11 +33,16 @@ public abstract class GeneralDigest
      */
     protected GeneralDigest(GeneralDigest t)
     {
-        xBuf = new byte[t.xBuf.length];
-
         copyIn(t);
     }
 
+    protected GeneralDigest(byte[] encodedState)
+    {
+        System.arraycopy(encodedState, 0, xBuf, 0, xBuf.length);
+        xBufOff = Pack.bigEndianToInt(encodedState, 4);
+        byteCount = Pack.bigEndianToLong(encodedState, 8);
+    }
+
     protected void copyIn(GeneralDigest t)
     {
         System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length);
@@ -129,6 +135,13 @@ public abstract class GeneralDigest
         }
     }
 
+    protected void populateState(byte[] state)
+    {
+        System.arraycopy(xBuf, 0, state, 0, xBufOff);
+        Pack.intToBigEndian(xBufOff, state, 4);
+        Pack.longToBigEndian(byteCount, state, 8);
+    }
+
     public int getByteLength()
     {
         return BYTE_LENGTH;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java
index 5c79e4e..8ea474b 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java
@@ -1,18 +1,18 @@
 package org.bouncycastle.crypto.digests;
 
 import org.bouncycastle.crypto.ExtendedDigest;
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 
 /**
  * Base class for SHA-384 and SHA-512.
  */
 public abstract class LongDigest
-    implements ExtendedDigest, Memoable
+    implements ExtendedDigest, Memoable, EncodableDigest
 {
     private static final int BYTE_LENGTH = 128;
-    
-    private byte[]  xBuf;
+
+    private byte[] xBuf = new byte[8];
     private int     xBufOff;
 
     private long    byteCount1;
@@ -28,7 +28,6 @@ public abstract class LongDigest
      */
     protected LongDigest()
     {
-        xBuf = new byte[8];
         xBufOff = 0;
 
         reset();
@@ -41,8 +40,6 @@ public abstract class LongDigest
      */
     protected LongDigest(LongDigest t)
     {
-        xBuf = new byte[t.xBuf.length];
-
         copyIn(t);
     }
 
@@ -67,6 +64,56 @@ public abstract class LongDigest
         wOff = t.wOff;
     }
 
+    protected void populateState(byte[] state)
+    {
+        System.arraycopy(xBuf, 0, state, 0, xBufOff);
+        Pack.intToBigEndian(xBufOff, state, 8);
+        Pack.longToBigEndian(byteCount1, state, 12);
+        Pack.longToBigEndian(byteCount2, state, 20);
+        Pack.longToBigEndian(H1, state, 28);
+        Pack.longToBigEndian(H2, state, 36);
+        Pack.longToBigEndian(H3, state, 44);
+        Pack.longToBigEndian(H4, state, 52);
+        Pack.longToBigEndian(H5, state, 60);
+        Pack.longToBigEndian(H6, state, 68);
+        Pack.longToBigEndian(H7, state, 76);
+        Pack.longToBigEndian(H8, state, 84);
+
+        Pack.intToBigEndian(wOff, state, 92);
+        for (int i = 0; i < wOff; i++)
+        {
+            Pack.longToBigEndian(W[i], state, 96 + (i * 8));
+        }
+    }
+
+    protected void restoreState(byte[] encodedState)
+    {
+        xBufOff = Pack.bigEndianToInt(encodedState, 8);
+        System.arraycopy(encodedState, 0, xBuf, 0, xBufOff);
+        byteCount1 = Pack.bigEndianToLong(encodedState, 12);
+        byteCount2 = Pack.bigEndianToLong(encodedState, 20);
+
+        H1 = Pack.bigEndianToLong(encodedState, 28);
+        H2 = Pack.bigEndianToLong(encodedState, 36);
+        H3 = Pack.bigEndianToLong(encodedState, 44);
+        H4 = Pack.bigEndianToLong(encodedState, 52);
+        H5 = Pack.bigEndianToLong(encodedState, 60);
+        H6 = Pack.bigEndianToLong(encodedState, 68);
+        H7 = Pack.bigEndianToLong(encodedState, 76);
+        H8 = Pack.bigEndianToLong(encodedState, 84);
+
+        wOff = Pack.bigEndianToInt(encodedState, 92);
+        for (int i = 0; i < wOff; i++)
+        {
+            W[i] = Pack.bigEndianToLong(encodedState, 96 + (i * 8));
+        }
+    }
+
+    protected int getEncodedStateSize()
+    {
+        return 96 + (wOff * 8);
+    }
+
     public void update(
         byte in)
     {
@@ -165,7 +212,7 @@ public abstract class LongDigest
     {
         return BYTE_LENGTH;
     }
-    
+
     protected void processWord(
         byte[]  in,
         int     inOff)
@@ -228,7 +275,7 @@ public abstract class LongDigest
         long     g = H7;
         long     h = H8;
 
-        int t = 0;     
+        int t = 0;
         for(int i = 0; i < 10; i ++)
         {
           // t = 8 * i
@@ -271,7 +318,7 @@ public abstract class LongDigest
           e += a;
           a += Sum0(b) + Maj(b, c, d);
         }
- 
+
         H1 += a;
         H2 += b;
         H3 += c;
@@ -358,4 +405,5 @@ public abstract class LongDigest
 0x28db77f523047d84L, 0x32caab7b40c72493L, 0x3c9ebe0a15c9bebcL, 0x431d67c49c100d4cL,
 0x4cc5d4becb3e42b6L, 0x597f299cfc657e2aL, 0x5fcb6fab3ad6faecL, 0x6c44198c4a475817L
     };
+
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java
index 21b1024..450dda4 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java
@@ -1,7 +1,7 @@
 package org.bouncycastle.crypto.digests;
 
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 
 /**
  * implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349.
@@ -11,6 +11,7 @@ import org.bouncycastle.util.Memoable;
  */
 public class SHA1Digest
     extends GeneralDigest
+    implements EncodableDigest
 {
     private static final int    DIGEST_LENGTH = 20;
 
@@ -38,6 +39,23 @@ public class SHA1Digest
         copyIn(t);
     }
 
+    public SHA1Digest(byte[] encodedState)
+    {
+        super(encodedState);
+
+        H1 = Pack.bigEndianToInt(encodedState, 16);
+        H2 = Pack.bigEndianToInt(encodedState, 20);
+        H3 = Pack.bigEndianToInt(encodedState, 24);
+        H4 = Pack.bigEndianToInt(encodedState, 28);
+        H5 = Pack.bigEndianToInt(encodedState, 32);
+
+        xOff = Pack.bigEndianToInt(encodedState, 36);
+        for (int i = 0; i != xOff; i++)
+        {
+            X[i] = Pack.bigEndianToInt(encodedState, 40 + (i * 4));
+        }
+    }
+
     private void copyIn(SHA1Digest t)
     {
         H1 = t.H1;
@@ -302,6 +320,27 @@ public class SHA1Digest
         super.copyIn(d);
         copyIn(d);
     }
+
+    public byte[] getEncodedState()
+    {
+        byte[] state = new byte[40 + xOff * 4];
+
+        super.populateState(state);
+
+        Pack.intToBigEndian(H1, state, 16);
+        Pack.intToBigEndian(H2, state, 20);
+        Pack.intToBigEndian(H3, state, 24);
+        Pack.intToBigEndian(H4, state, 28);
+        Pack.intToBigEndian(H5, state, 32);
+        Pack.intToBigEndian(xOff, state, 36);
+
+        for (int i = 0; i != xOff; i++)
+        {
+            Pack.intToBigEndian(X[i], state, 40 + (i * 4));
+        }
+
+        return state;
+    }
 }
 
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java
index d430321..4f2b284 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java
@@ -1,8 +1,8 @@
 package org.bouncycastle.crypto.digests;
 
 
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 
 
 /**
@@ -18,6 +18,7 @@ import org.bouncycastle.util.Memoable;
  */
 public class SHA224Digest
     extends GeneralDigest
+    implements EncodableDigest
 {
     private static final int    DIGEST_LENGTH = 28;
 
@@ -62,6 +63,26 @@ public class SHA224Digest
         xOff = t.xOff;
     }
 
+    public SHA224Digest(byte[] encodedState)
+    {
+        super(encodedState);
+
+        H1 = Pack.bigEndianToInt(encodedState, 16);
+        H2 = Pack.bigEndianToInt(encodedState, 20);
+        H3 = Pack.bigEndianToInt(encodedState, 24);
+        H4 = Pack.bigEndianToInt(encodedState, 28);
+        H5 = Pack.bigEndianToInt(encodedState, 32);
+        H6 = Pack.bigEndianToInt(encodedState, 36);
+        H7 = Pack.bigEndianToInt(encodedState, 40);
+        H8 = Pack.bigEndianToInt(encodedState, 44);
+
+        xOff = Pack.bigEndianToInt(encodedState, 48);
+        for (int i = 0; i != xOff; i++)
+        {
+            X[i] = Pack.bigEndianToInt(encodedState, 52 + (i * 4));
+        }
+    }
+
     public String getAlgorithmName()
     {
         return "SHA-224";
@@ -307,5 +328,29 @@ public class SHA224Digest
 
         doCopy(d);
     }
+
+    public byte[] getEncodedState()
+    {
+        byte[] state = new byte[52 + xOff * 4];
+
+        super.populateState(state);
+
+        Pack.intToBigEndian(H1, state, 16);
+        Pack.intToBigEndian(H2, state, 20);
+        Pack.intToBigEndian(H3, state, 24);
+        Pack.intToBigEndian(H4, state, 28);
+        Pack.intToBigEndian(H5, state, 32);
+        Pack.intToBigEndian(H6, state, 36);
+        Pack.intToBigEndian(H7, state, 40);
+        Pack.intToBigEndian(H8, state, 44);
+        Pack.intToBigEndian(xOff, state, 48);
+
+        for (int i = 0; i != xOff; i++)
+        {
+            Pack.intToBigEndian(X[i], state, 52 + (i * 4));
+        }
+
+        return state;
+    }
 }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java
index a2ceda3..600d234 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java
@@ -1,8 +1,8 @@
 package org.bouncycastle.crypto.digests;
 
 
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 
 
 /**
@@ -18,6 +18,7 @@ import org.bouncycastle.util.Memoable;
  */
 public class SHA256Digest
     extends GeneralDigest
+    implements EncodableDigest
 {
     private static final int    DIGEST_LENGTH = 32;
 
@@ -62,6 +63,27 @@ public class SHA256Digest
         xOff = t.xOff;
     }
 
+    public SHA256Digest(byte[] encodedState)
+    {
+        super(encodedState);
+
+        H1 = Pack.bigEndianToInt(encodedState, 16);
+        H2 = Pack.bigEndianToInt(encodedState, 20);
+        H3 = Pack.bigEndianToInt(encodedState, 24);
+        H4 = Pack.bigEndianToInt(encodedState, 28);
+        H5 = Pack.bigEndianToInt(encodedState, 32);
+        H6 = Pack.bigEndianToInt(encodedState, 36);
+        H7 = Pack.bigEndianToInt(encodedState, 40);
+        H8 = Pack.bigEndianToInt(encodedState, 44);
+
+        xOff = Pack.bigEndianToInt(encodedState, 48);
+        for (int i = 0; i != xOff; i++)
+        {
+            X[i] = Pack.bigEndianToInt(encodedState, 52 + (i * 4));
+        }
+    }
+
+
     public String getAlgorithmName()
     {
         return "SHA-256";
@@ -310,5 +332,29 @@ public class SHA256Digest
 
         copyIn(d);
     }
+
+    public byte[] getEncodedState()
+    {
+        byte[] state = new byte[52 + xOff * 4];
+
+        super.populateState(state);
+
+        Pack.intToBigEndian(H1, state, 16);
+        Pack.intToBigEndian(H2, state, 20);
+        Pack.intToBigEndian(H3, state, 24);
+        Pack.intToBigEndian(H4, state, 28);
+        Pack.intToBigEndian(H5, state, 32);
+        Pack.intToBigEndian(H6, state, 36);
+        Pack.intToBigEndian(H7, state, 40);
+        Pack.intToBigEndian(H8, state, 44);
+        Pack.intToBigEndian(xOff, state, 48);
+
+        for (int i = 0; i != xOff; i++)
+        {
+            Pack.intToBigEndian(X[i], state, 52 + (i * 4));
+        }
+
+        return state;
+    }
 }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java
index 75d195d..fc9fa1e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java
@@ -1,7 +1,7 @@
 package org.bouncycastle.crypto.digests;
 
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 
 
 /**
@@ -36,6 +36,11 @@ public class SHA384Digest
         super(t);
     }
 
+    public SHA384Digest(byte[] encodedState)
+    {
+        restoreState(encodedState);
+    }
+
     public String getAlgorithmName()
     {
         return "SHA-384";
@@ -96,4 +101,11 @@ public class SHA384Digest
 
         super.copyIn(d);
     }
+
+    public byte[] getEncodedState()
+    {
+        byte[] encoded = new byte[getEncodedStateSize()];
+        super.populateState(encoded);
+        return encoded;
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java
index 15eb77c..e13dc61 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java
@@ -5,7 +5,7 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * implementation of SHA-3 based on following KeccakNISTInterface.c from http://keccak.noekeon.org/
- * <p/>
+ * <p>
  * Following the naming conventions used in the C source code to enable easy review of the implementation.
  */
 public class SHA3Digest
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java
index 7db63ad..644bafa 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java
@@ -1,7 +1,7 @@
 package org.bouncycastle.crypto.digests;
 
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 
 
 /**
@@ -36,6 +36,11 @@ public class SHA512Digest
         super(t);
     }
 
+    public SHA512Digest(byte[] encodedState)
+    {
+        restoreState(encodedState);
+    }
+
     public String getAlgorithmName()
     {
         return "SHA-512";
@@ -98,5 +103,12 @@ public class SHA512Digest
 
         copyIn(d);
     }
+
+    public byte[] getEncodedState()
+    {
+        byte[] encoded = new byte[getEncodedStateSize()];
+        super.populateState(encoded);
+        return encoded;
+    }
 }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512tDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512tDigest.java
index 4615461..d5848b1 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512tDigest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512tDigest.java
@@ -2,6 +2,7 @@ package org.bouncycastle.crypto.digests;
 
 import org.bouncycastle.util.Memoable;
 import org.bouncycastle.util.MemoableResetException;
+import org.bouncycastle.util.Pack;
 
 /**
  * FIPS 180-4 implementation of SHA-512/t
@@ -9,7 +10,7 @@ import org.bouncycastle.util.MemoableResetException;
 public class SHA512tDigest
     extends LongDigest
 {
-    private final int digestLength;
+    private int digestLength;      // non-final due to old flow analyser.
 
     private long  H1t, H2t, H3t, H4t, H5t, H6t, H7t, H8t;
 
@@ -53,6 +54,17 @@ public class SHA512tDigest
         reset(t);
     }
 
+    public SHA512tDigest(byte[] encodedState)
+    {
+        this(readDigestLength(encodedState));
+        restoreState(encodedState);
+    }
+
+    private static int readDigestLength(byte[] encodedState)
+    {
+        return Pack.bigEndianToInt(encodedState, encodedState.length - 4);
+    }
+
     public String getAlgorithmName()
     {
         return "SHA-512/" + Integer.toString(digestLength * 8);
@@ -202,4 +214,14 @@ public class SHA512tDigest
         this.H7t = t.H7t;
         this.H8t = t.H8t;
     }
+
+    public byte[] getEncodedState()
+    {
+        final int baseSize = getEncodedStateSize();
+        byte[] encoded = new byte[baseSize + 4];
+        populateState(encoded);
+        Pack.intToBigEndian(digestLength * 8, encoded, baseSize);
+        return encoded;
+    }
+
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java
index 55e579e..5e90add 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java
@@ -1,13 +1,13 @@
 package org.bouncycastle.crypto.digests;
 
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 
 /**
  * Implementation of Chinese SM3 digest as described at
  * http://tools.ietf.org/html/draft-shen-sm3-hash-00
  * and at .... ( Chinese PDF )
- * <p/>
+ * <p>
  * The specification says "process a bit stream",
  * but this is written to process bytes in blocks of 4,
  * meaning this will process 32-bit word groups.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java
index 06eaabd..ae1dbd6 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java
@@ -8,13 +8,12 @@ import org.bouncycastle.util.Memoable;
 /**
  * Implementation of the Skein parameterised hash function in 256, 512 and 1024 bit block sizes,
  * based on the {@link ThreefishEngine Threefish} tweakable block cipher.
- * <p/>
+ * <p>
  * This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
  * competition in October 2010.
- * <p/>
+ * <p>
  * Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
  * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
- * <p/>
  *
  * @see SkeinEngine
  * @see SkeinParameters
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java
index bca524e..b125dbd 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java
@@ -14,18 +14,18 @@ import org.bouncycastle.util.Memoable;
 /**
  * Implementation of the Skein family of parameterised hash functions in 256, 512 and 1024 bit block
  * sizes, based on the {@link ThreefishEngine Threefish} tweakable block cipher.
- * <p/>
+ * <p>
  * This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
  * competition in October 2010.
- * <p/>
+ * <p>
  * Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
  * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
- * <p/>
+ * <p>
  * This implementation is the basis for {@link SkeinDigest} and {@link SkeinMac}, implementing the
  * parameter based configuration system that allows Skein to be adapted to multiple applications. <br>
  * Initialising the engine with {@link SkeinParameters} allows standard and arbitrary parameters to
  * be applied during the Skein hash function.
- * <p/>
+ * <p>
  * Implemented:
  * <ul>
  * <li>256, 512 and 1024 bit internal states.</li>
@@ -34,7 +34,7 @@ import org.bouncycastle.util.Memoable;
  * parameters.</li>
  * <li>Arbitrary output size in 1 byte intervals.</li>
  * </ul>
- * <p/>
+ * <p>
  * Not implemented:
  * <ul>
  * <li>Sub-byte length input (bit padding).</li>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/digests/package.html
new file mode 100644
index 0000000..0a0d95c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Message digest classes.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java
new file mode 100644
index 0000000..c3d4f5b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java
@@ -0,0 +1,320 @@
+package org.bouncycastle.crypto.ec;
+
+import java.math.BigInteger;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ECParametersHolder;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.custom.djb.Curve25519;
+import org.bouncycastle.math.ec.custom.sec.SecP192K1Curve;
+import org.bouncycastle.math.ec.custom.sec.SecP192R1Curve;
+import org.bouncycastle.math.ec.custom.sec.SecP224K1Curve;
+import org.bouncycastle.math.ec.custom.sec.SecP224R1Curve;
+import org.bouncycastle.math.ec.custom.sec.SecP256K1Curve;
+import org.bouncycastle.math.ec.custom.sec.SecP256R1Curve;
+import org.bouncycastle.math.ec.custom.sec.SecP384R1Curve;
+import org.bouncycastle.math.ec.custom.sec.SecP521R1Curve;
+import org.bouncycastle.math.ec.endo.GLVTypeBEndomorphism;
+import org.bouncycastle.math.ec.endo.GLVTypeBParameters;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+
+public class CustomNamedCurves
+{
+    private static ECCurve configureCurve(ECCurve curve)
+    {
+        return curve;
+    }
+
+    private static ECCurve configureCurveGLV(ECCurve c, GLVTypeBParameters p)
+    {
+        return c.configure().setEndomorphism(new GLVTypeBEndomorphism(c, p)).create();
+    }
+
+    /*
+     * curve25519
+     */
+    static X9ECParametersHolder curve25519 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new Curve25519());
+
+            /*
+             * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form
+             * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3).
+             * 
+             * The Curve25519 paper doesn't say which of the two possible y values the base
+             * point has. The choice here is guided by language in the Ed25519 paper.
+             * 
+             * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 
+             */
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A"
+                + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9"));
+
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp192k1
+     */
+    static X9ECParametersHolder secp192k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            GLVTypeBParameters glv = new GLVTypeBParameters(
+                new BigInteger("bb85691939b869c1d087f601554b96b80cb4f55b35f433c2", 16),
+                new BigInteger("3d84f26c12238d7b4f3d516613c1759033b1a5800175d0b1", 16),
+                new BigInteger[]{
+                    new BigInteger("71169be7330b3038edb025f1", 16),
+                    new BigInteger("-b3fb3400dec5c4adceb8655c", 16) },
+                new BigInteger[]{
+                    new BigInteger("12511cfe811d0f4e6bc688b4d", 16),
+                    new BigInteger("71169be7330b3038edb025f1", 16) },
+                new BigInteger("71169be7330b3038edb025f1d0f9", 16),
+                new BigInteger("b3fb3400dec5c4adceb8655d4c94", 16),
+                208);
+            ECCurve curve = configureCurveGLV(new SecP192K1Curve(), glv);
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D"
+                + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp192r1
+     */
+    static X9ECParametersHolder secp192r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("3045AE6FC8422F64ED579528D38120EAE12196D5");
+            ECCurve curve = configureCurve(new SecP192R1Curve());
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"
+                + "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp224k1
+     */
+    static X9ECParametersHolder secp224k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            GLVTypeBParameters glv = new GLVTypeBParameters(
+                new BigInteger("fe0e87005b4e83761908c5131d552a850b3f58b749c37cf5b84d6768", 16),
+                new BigInteger("60dcd2104c4cbc0be6eeefc2bdd610739ec34e317f9b33046c9e4788", 16),
+                new BigInteger[]{
+                    new BigInteger("6b8cf07d4ca75c88957d9d670591", 16),
+                    new BigInteger("-b8adf1378a6eb73409fa6c9c637d", 16) },
+                new BigInteger[]{
+                    new BigInteger("1243ae1b4d71613bc9f780a03690e", 16),
+                    new BigInteger("6b8cf07d4ca75c88957d9d670591", 16) },
+                new BigInteger("6b8cf07d4ca75c88957d9d67059037a4", 16),
+                new BigInteger("b8adf1378a6eb73409fa6c9c637ba7f5", 16),
+                240);
+            ECCurve curve = configureCurveGLV(new SecP224K1Curve(), glv);
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C"
+                + "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp224r1
+     */
+    static X9ECParametersHolder secp224r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5");
+            ECCurve curve = configureCurve(new SecP224R1Curve());
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"
+                + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp256k1
+     */
+    static X9ECParametersHolder secp256k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            GLVTypeBParameters glv = new GLVTypeBParameters(
+                new BigInteger("7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee", 16),
+                new BigInteger("5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72", 16),
+                new BigInteger[]{
+                    new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16),
+                    new BigInteger("-e4437ed6010e88286f547fa90abfe4c3", 16) },
+                new BigInteger[]{
+                    new BigInteger("114ca50f7a8e2f3f657c1108d9d44cfd8", 16),
+                    new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16) },
+                new BigInteger("3086d221a7d46bcde86c90e49284eb153dab", 16),
+                new BigInteger("e4437ed6010e88286f547fa90abfe4c42212", 16),
+                272);
+            ECCurve curve = configureCurveGLV(new SecP256K1Curve(), glv);
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"
+                + "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp256r1
+     */
+    static X9ECParametersHolder secp256r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("C49D360886E704936A6678E1139D26B7819F7E90");
+            ECCurve curve = configureCurve(new SecP256R1Curve());
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
+                + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp384r1
+     */
+    static X9ECParametersHolder secp384r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("A335926AA319A27A1D00896A6773A4827ACDAC73");
+            ECCurve curve = configureCurve(new SecP384R1Curve());
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"
+                + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp521r1
+     */
+    static X9ECParametersHolder secp521r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("D09E8800291CB85396CC6717393284AAA0DA64BA");
+            ECCurve curve = configureCurve(new SecP521R1Curve());
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"
+                + "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    static final Hashtable nameToCurve = new Hashtable();
+    static final Hashtable nameToOID = new Hashtable();
+    static final Hashtable oidToCurve = new Hashtable();
+    static final Hashtable oidToName = new Hashtable();
+
+    static void defineCurve(String name, X9ECParametersHolder holder)
+    {
+        nameToCurve.put(name, holder);
+    }
+
+    static void defineCurveWithOID(String name, ASN1ObjectIdentifier oid, X9ECParametersHolder holder)
+    {
+        nameToCurve.put(name, holder);
+        nameToOID.put(name, oid);
+        oidToName.put(oid, name);
+        oidToCurve.put(oid, holder);
+    }
+
+    static void defineCurveAlias(String alias, ASN1ObjectIdentifier oid)
+    {
+        alias = Strings.toLowerCase(alias);
+        nameToOID.put(alias, oid);
+        nameToCurve.put(alias, oidToCurve.get(oid));
+    }
+
+    static
+    {
+        defineCurve("curve25519", curve25519);
+
+        defineCurveWithOID("secp192k1", SECObjectIdentifiers.secp192k1, secp192k1);
+        defineCurveWithOID("secp192r1", SECObjectIdentifiers.secp192r1, secp192r1);
+        defineCurveWithOID("secp224k1", SECObjectIdentifiers.secp224k1, secp224k1);
+        defineCurveWithOID("secp224r1", SECObjectIdentifiers.secp224r1, secp224r1);
+        defineCurveWithOID("secp256k1", SECObjectIdentifiers.secp256k1, secp256k1);
+        defineCurveWithOID("secp256r1", SECObjectIdentifiers.secp256r1, secp256r1);
+        defineCurveWithOID("secp384r1", SECObjectIdentifiers.secp384r1, secp384r1);
+        defineCurveWithOID("secp521r1", SECObjectIdentifiers.secp521r1, secp521r1);
+
+        defineCurveAlias("P-192", SECObjectIdentifiers.secp192r1);
+        defineCurveAlias("P-224", SECObjectIdentifiers.secp224r1);
+        defineCurveAlias("P-256", SECObjectIdentifiers.secp256r1);
+        defineCurveAlias("P-384", SECObjectIdentifiers.secp384r1);
+        defineCurveAlias("P-521", SECObjectIdentifiers.secp521r1);
+    }
+
+    public static X9ECParameters getByName(String name)
+    {
+        X9ECParametersHolder holder = (X9ECParametersHolder)nameToCurve.get(Strings.toLowerCase(name));
+        return holder == null ? null : holder.getParameters();
+    }
+
+    /**
+     * return the X9ECParameters object for the named curve represented by the passed in object
+     * identifier. Null if the curve isn't present.
+     * 
+     * @param oid
+     *            an object identifier representing a named curve, if present.
+     */
+    public static X9ECParameters getByOID(ASN1ObjectIdentifier oid)
+    {
+        X9ECParametersHolder holder = (X9ECParametersHolder)oidToCurve.get(oid);
+        return holder == null ? null : holder.getParameters();
+    }
+
+    /**
+     * return the object identifier signified by the passed in name. Null if there is no object
+     * identifier associated with name.
+     * 
+     * @return the object identifier associated with name, if present.
+     */
+    public static ASN1ObjectIdentifier getOID(String name)
+    {
+        return (ASN1ObjectIdentifier)nameToOID.get(Strings.toLowerCase(name));
+    }
+
+    /**
+     * return the named curve name represented by the given object identifier.
+     */
+    public static String getName(ASN1ObjectIdentifier oid)
+    {
+        return (String)oidToName.get(oid);
+    }
+
+    /**
+     * returns an enumeration containing the name strings for curves contained in this structure.
+     */
+    public static Enumeration getNames()
+    {
+        return nameToCurve.keys();
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECElGamalDecryptor.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECElGamalDecryptor.java
index 19c0beb..2f1c937 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECElGamalDecryptor.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECElGamalDecryptor.java
@@ -43,6 +43,6 @@ public class ECElGamalDecryptor
 
         ECPoint tmp = pair.getX().multiply(key.getD());
 
-        return pair.getY().add(tmp.negate()).normalize();
+        return pair.getY().subtract(tmp).normalize();
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECElGamalEncryptor.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECElGamalEncryptor.java
index 2a0b78d..48fc046 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECElGamalEncryptor.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECElGamalEncryptor.java
@@ -4,9 +4,12 @@ import java.math.BigInteger;
 import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
 
 /**
  * this does your basic ElGamal encryption algorithm using EC
@@ -61,13 +64,23 @@ public class ECElGamalEncryptor
             throw new IllegalStateException("ECElGamalEncryptor not initialised");
         }
 
-        BigInteger             n = key.getParameters().getN();
-        BigInteger             k = ECUtil.generateK(n, random);
+        ECDomainParameters ec = key.getParameters();
+        BigInteger k = ECUtil.generateK(ec.getN(), random);
 
-        ECPoint  g = key.getParameters().getG();
-        ECPoint  gamma = g.multiply(k);
-        ECPoint  phi = key.getQ().multiply(k).add(point);
+        ECMultiplier basePointMultiplier = createBasePointMultiplier();
 
-        return new ECPair(gamma.normalize(), phi.normalize());
+        ECPoint[] gamma_phi = new ECPoint[]{
+            basePointMultiplier.multiply(ec.getG(), k),
+            key.getQ().multiply(k).add(point)
+        };
+
+        ec.getCurve().normalizeAll(gamma_phi);
+
+        return new ECPair(gamma_phi[0], gamma_phi[1]);
+    }
+
+    protected ECMultiplier createBasePointMultiplier()
+    {
+        return new FixedPointCombMultiplier();
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECFixedTransform.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECFixedTransform.java
index e35e077..2c6a920 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECFixedTransform.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECFixedTransform.java
@@ -3,8 +3,11 @@ package org.bouncycastle.crypto.ec;
 import java.math.BigInteger;
 
 import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
 
 /**
  * this transforms the original randomness used for an ElGamal encryption by a fixed value.
@@ -38,7 +41,7 @@ public class ECFixedTransform
     }
 
     /**
-     * Transform an existing cipher test pair using the ElGamal algorithm. Note: it is assumed this
+     * Transform an existing cipher text pair using the ElGamal algorithm. Note: it is assumed this
      * transform has been initialised with the same public key that was used to create the original
      * cipher text.
      *
@@ -52,11 +55,20 @@ public class ECFixedTransform
             throw new IllegalStateException("ECFixedTransform not initialised");
         }
 
-        ECPoint  g = key.getParameters().getG();
-        ECPoint  gamma = g.multiply(k);
-        ECPoint  phi = key.getQ().multiply(k).add(cipherText.getY());
+        ECDomainParameters ec = key.getParameters();
+        BigInteger n = ec.getN();
 
-        return new ECPair(cipherText.getX().add(gamma).normalize(), phi.normalize());
+        ECMultiplier basePointMultiplier = createBasePointMultiplier();
+        BigInteger k = this.k.mod(n);
+
+        ECPoint[] gamma_phi = new ECPoint[]{
+            basePointMultiplier.multiply(ec.getG(), k).add(cipherText.getX()),
+            key.getQ().multiply(k).add(cipherText.getY())
+        };
+
+        ec.getCurve().normalizeAll(gamma_phi);
+
+        return new ECPair(gamma_phi[0], gamma_phi[1]);
     }
 
     /**
@@ -68,4 +80,9 @@ public class ECFixedTransform
     {
         return k;
     }
+
+    protected ECMultiplier createBasePointMultiplier()
+    {
+        return new FixedPointCombMultiplier();
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECNewPublicKeyTransform.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECNewPublicKeyTransform.java
index 74016c1..112d20c 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECNewPublicKeyTransform.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECNewPublicKeyTransform.java
@@ -4,9 +4,12 @@ import java.math.BigInteger;
 import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
 
 /**
  * this does your basic Elgamal encryption algorithm using EC
@@ -49,7 +52,7 @@ public class ECNewPublicKeyTransform
     }
 
     /**
-     * Transform an existing cipher test pair using the ElGamal algorithm. Note: the input cipherText will
+     * Transform an existing cipher text pair using the ElGamal algorithm. Note: the input cipherText will
      * need to be preserved in order to complete the transformation to the new public key.
      *
      * @param cipherText the EC point to process.
@@ -62,13 +65,24 @@ public class ECNewPublicKeyTransform
             throw new IllegalStateException("ECNewPublicKeyTransform not initialised");
         }
 
-        BigInteger             n = key.getParameters().getN();
-        BigInteger             k = ECUtil.generateK(n, random);
+        ECDomainParameters ec = key.getParameters();
+        BigInteger n = ec.getN();
 
-        ECPoint  g = key.getParameters().getG();
-        ECPoint  gamma = g.multiply(k);
-        ECPoint  phi = key.getQ().multiply(k).add(cipherText.getY());
+        ECMultiplier basePointMultiplier = createBasePointMultiplier();
+        BigInteger k = ECUtil.generateK(n, random);
 
-        return new ECPair(gamma.normalize(), phi.normalize());
+        ECPoint[] gamma_phi = new ECPoint[]{
+            basePointMultiplier.multiply(ec.getG(), k),
+            key.getQ().multiply(k).add(cipherText.getY())
+        };
+
+        ec.getCurve().normalizeAll(gamma_phi);
+
+        return new ECPair(gamma_phi[0], gamma_phi[1]);
+    }
+
+    protected ECMultiplier createBasePointMultiplier()
+    {
+        return new FixedPointCombMultiplier();
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECNewRandomnessTransform.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECNewRandomnessTransform.java
index b293759..7bfc0b3 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECNewRandomnessTransform.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECNewRandomnessTransform.java
@@ -4,9 +4,12 @@ import java.math.BigInteger;
 import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
 
 /**
  * this transforms the original randomness used for an ElGamal encryption.
@@ -66,16 +69,23 @@ public class ECNewRandomnessTransform
             throw new IllegalStateException("ECNewRandomnessTransform not initialised");
         }
 
-        BigInteger             n = key.getParameters().getN();
-        BigInteger             k = ECUtil.generateK(n, random);
 
-        ECPoint  g = key.getParameters().getG();
-        ECPoint  gamma = g.multiply(k);
-        ECPoint  phi = key.getQ().multiply(k).add(cipherText.getY());
+        ECDomainParameters ec = key.getParameters();
+        BigInteger n = ec.getN();
+
+        ECMultiplier basePointMultiplier = createBasePointMultiplier();
+        BigInteger k = ECUtil.generateK(n, random);
+
+        ECPoint[] gamma_phi = new ECPoint[]{
+            basePointMultiplier.multiply(ec.getG(), k).add(cipherText.getX()),
+            key.getQ().multiply(k).add(cipherText.getY())
+        };
+
+        ec.getCurve().normalizeAll(gamma_phi);
 
         lastK = k;
 
-        return new ECPair(cipherText.getX().add(gamma).normalize(), phi.normalize());
+        return new ECPair(gamma_phi[0], gamma_phi[1]);
     }
 
     /**
@@ -87,4 +97,9 @@ public class ECNewRandomnessTransform
     {
         return lastK;
     }
+
+    protected ECMultiplier createBasePointMultiplier()
+    {
+        return new FixedPointCombMultiplier();
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECUtil.java
index d21d8fd..74921f0 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/ECUtil.java
@@ -9,14 +9,13 @@ class ECUtil
 {
     static BigInteger generateK(BigInteger n, SecureRandom random)
     {
-        int                    nBitLength = n.bitLength();
-        BigInteger             k = new BigInteger(nBitLength, random);
-
-        while (k.equals(ECConstants.ZERO) || (k.compareTo(n) >= 0))
+        int nBitLength = n.bitLength();
+        BigInteger k;
+        do
         {
             k = new BigInteger(nBitLength, random);
         }
-
+        while (k.equals(ECConstants.ZERO) || (k.compareTo(n) >= 0));
         return k;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/ec/package.html
new file mode 100644
index 0000000..223823e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Utility classes for support Elliptic Curve cryptographic transforms.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/test/AllTests.java
new file mode 100644
index 0000000..ba75c06
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/test/AllTests.java
@@ -0,0 +1,39 @@
+package org.bouncycastle.crypto.ec.test;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.bouncycastle.util.test.SimpleTestResult;
+
+public class AllTests
+    extends TestCase
+{
+    public void testCrypto()
+    {
+        org.bouncycastle.util.test.Test[] tests = { new ECElGamalTest(), new ECTransformationTest() };
+
+        for (int i = 0; i != tests.length; i++)
+        {
+            SimpleTestResult result = (SimpleTestResult)tests[i].perform();
+
+            if (!result.isSuccessful())
+            {
+                fail(result.toString());
+            }
+        }
+    }
+
+    public static void main (String[] args)
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("Lightweight EC ElGamal Tests");
+
+        suite.addTestSuite(AllTests.class);
+
+        return suite;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/test/ECElGamalTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/test/ECElGamalTest.java
new file mode 100644
index 0000000..629c1a4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/test/ECElGamalTest.java
@@ -0,0 +1,88 @@
+package org.bouncycastle.crypto.ec.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.ec.ECDecryptor;
+import org.bouncycastle.crypto.ec.ECElGamalDecryptor;
+import org.bouncycastle.crypto.ec.ECElGamalEncryptor;
+import org.bouncycastle.crypto.ec.ECEncryptor;
+import org.bouncycastle.crypto.ec.ECPair;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class ECElGamalTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "ECElGamal";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        BigInteger n = new BigInteger("6277101735386680763835789423176059013767194773182842284081");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
+            new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
+            new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+                curve,
+                curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
+                n);
+
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+                    curve.decodePoint(Hex.decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
+                    params);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
+            params);
+
+        ParametersWithRandom pRandom = new ParametersWithRandom(pubKey, new SecureRandom());
+
+        doTest(priKey, pRandom, BigInteger.valueOf(20));
+
+        BigInteger rand = new BigInteger(pubKey.getParameters().getN().bitLength() - 1, new SecureRandom());
+
+        doTest(priKey, pRandom, rand);
+    }
+
+    private void doTest(ECPrivateKeyParameters priKey, ParametersWithRandom pRandom, BigInteger value)
+    {
+        ECPoint data = priKey.getParameters().getG().multiply(value);
+
+        ECEncryptor encryptor = new ECElGamalEncryptor();
+
+        encryptor.init(pRandom);
+
+        ECPair pair = encryptor.encrypt(data);
+
+        ECDecryptor decryptor = new ECElGamalDecryptor();
+
+        decryptor.init(priKey);
+
+        ECPoint result = decryptor.decrypt(pair);
+
+        if (!data.equals(result))
+        {
+            fail("point pair failed to decrypt back to original");
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new ECElGamalTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/test/ECTransformationTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/test/ECTransformationTest.java
new file mode 100644
index 0000000..96ada14
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/test/ECTransformationTest.java
@@ -0,0 +1,149 @@
+package org.bouncycastle.crypto.ec.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.ec.ECDecryptor;
+import org.bouncycastle.crypto.ec.ECElGamalDecryptor;
+import org.bouncycastle.crypto.ec.ECElGamalEncryptor;
+import org.bouncycastle.crypto.ec.ECEncryptor;
+import org.bouncycastle.crypto.ec.ECNewPublicKeyTransform;
+import org.bouncycastle.crypto.ec.ECNewRandomnessTransform;
+import org.bouncycastle.crypto.ec.ECPair;
+import org.bouncycastle.crypto.ec.ECPairTransform;
+import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class ECTransformationTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "ECTransformationTest";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        BigInteger n = new BigInteger("6277101735386680763835789423176059013767194773182842284081");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
+            new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
+            new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+                curve,
+                curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
+                n);
+
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+                    curve.decodePoint(Hex.decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
+                    params);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
+            params);
+
+
+        ParametersWithRandom pRandom = new ParametersWithRandom(pubKey, new SecureRandom());
+
+        doTest(priKey, pRandom, BigInteger.valueOf(20));
+
+        BigInteger rand = new BigInteger(pubKey.getParameters().getN().bitLength() - 1, new SecureRandom());
+
+        doTest(priKey, pRandom, rand);
+        doSameKeyTest(priKey, pRandom, rand);
+    }
+
+    private void doTest(ECPrivateKeyParameters priKey, ParametersWithRandom pRandom, BigInteger value)
+    {
+        ECPoint data = priKey.getParameters().getG().multiply(value);
+
+        ECEncryptor encryptor = new ECElGamalEncryptor();
+
+        encryptor.init(pRandom);
+
+        ECPair pair = encryptor.encrypt(data);
+
+        ECKeyPairGenerator ecGen = new ECKeyPairGenerator();
+
+        ecGen.init(new ECKeyGenerationParameters(priKey.getParameters(), new SecureRandom()));
+
+        AsymmetricCipherKeyPair reEncKP = ecGen.generateKeyPair();
+
+        ECPairTransform ecr = new ECNewPublicKeyTransform();
+
+        ecr.init(reEncKP.getPublic());
+
+        ECPair srcPair = pair;
+
+        // re-encrypt the message portion
+        pair = ecr.transform(srcPair);
+
+        ECDecryptor decryptor = new ECElGamalDecryptor();
+
+        decryptor.init(priKey);
+
+        // decrypt out the original private key
+        ECPoint p = decryptor.decrypt(new ECPair(srcPair.getX(), pair.getY()));
+
+        decryptor.init(reEncKP.getPrivate());
+
+        // decrypt the fully transformed point.
+        ECPoint result = decryptor.decrypt(new ECPair(pair.getX(), p));
+
+        if (!data.equals(result))
+        {
+            fail("point pair failed to decrypt back to original");
+        }
+    }
+
+    private void doSameKeyTest(ECPrivateKeyParameters priKey, ParametersWithRandom pRandom, BigInteger value)
+    {
+        ECPoint data = priKey.getParameters().getG().multiply(value);
+
+        ECEncryptor encryptor = new ECElGamalEncryptor();
+
+        encryptor.init(pRandom);
+
+        ECPair pair = encryptor.encrypt(data);
+
+        ECPairTransform ecr = new ECNewRandomnessTransform();
+
+        ecr.init(pRandom);
+
+        ECPair srcPair = pair;
+
+        // re-encrypt the message portion
+        pair = ecr.transform(srcPair);
+
+        ECDecryptor decryptor = new ECElGamalDecryptor();
+
+        decryptor.init(priKey);
+
+        // decrypt the fully transformed point.
+        ECPoint result = decryptor.decrypt(pair);
+
+        if (!data.equals(result))
+        {
+            fail("point pair failed to decrypt back to original");
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new ECTransformationTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
index 09f1537..f9acbd4 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
@@ -34,6 +34,8 @@ public class PKCS1Encoding
     private boolean                 forEncryption;
     private boolean                 forPrivateKey;
     private boolean                 useStrictLength;
+    private int                     pLen = -1;
+    private byte[]                  fallback = null;
 
     /**
      * Basic constructor.
@@ -46,6 +48,42 @@ public class PKCS1Encoding
         this.useStrictLength = useStrict();
     }   
 
+    /**
+     * Constructor for decryption with a fixed plaintext length.
+     * 
+     * @param cipher The cipher to use for cryptographic operation.
+     * @param pLen Length of the expected plaintext.
+     */
+    public PKCS1Encoding(
+        AsymmetricBlockCipher   cipher,
+        int pLen)
+    {
+        this.engine = cipher;
+        this.useStrictLength = useStrict();
+        this.pLen = pLen;
+    }
+
+	/**
+	 * Constructor for decryption with a fixed plaintext length and a fallback
+	 * value that is returned, if the padding is incorrect.
+	 * 
+	 * @param cipher
+	 *            The cipher to use for cryptographic operation.
+	 * @param fallback
+	 *            The fallback value, we don't do an arraycopy here.
+	 */
+	public PKCS1Encoding(
+    	AsymmetricBlockCipher   cipher,
+        byte[] fallback)
+    {
+    	this.engine = cipher;
+    	this.useStrictLength = useStrict();
+    	this.fallback = fallback;
+    	this.pLen = fallback.length;
+    }
+        
+
+    
     //
     // for J2ME compatibility
     //
@@ -183,6 +221,121 @@ public class PKCS1Encoding
 
         return engine.processBlock(block, 0, block.length);
     }
+    
+    /**
+     * Checks if the argument is a correctly PKCS#1.5 encoded Plaintext
+     * for encryption.
+     * 
+     * @param encoded The Plaintext.
+     * @param pLen Expected length of the plaintext.
+     * @return Either 0, if the encoding is correct, or -1, if it is incorrect.
+     */
+	private static int checkPkcs1Encoding(byte[] encoded, int pLen) {
+		int correct = 0;
+		/*
+		 * Check if the first two bytes are 0 2
+		 */
+		correct |= (encoded[0] ^ 2);
+
+		/*
+		 * Now the padding check, check for no 0 byte in the padding
+		 */
+		int plen = encoded.length - (
+				  pLen /* Lenght of the PMS */
+				+  1 /* Final 0-byte before PMS */
+		);
+
+		for (int i = 1; i < plen; i++) {
+			int tmp = encoded[i];
+			tmp |= tmp >> 1;
+			tmp |= tmp >> 2;
+			tmp |= tmp >> 4;
+			correct |= (tmp & 1) - 1;
+		}
+
+		/*
+		 * Make sure the padding ends with a 0 byte.
+		 */
+		correct |= encoded[encoded.length - (pLen +1)];
+
+		/*
+		 * Return 0 or 1, depending on the result.
+		 */
+		correct |= correct >> 1;
+		correct |= correct >> 2;
+		correct |= correct >> 4;
+		return ~((correct & 1) - 1);
+	}
+    
+
+    /**
+     * Decode PKCS#1.5 encoding, and return a random value if the padding is not correct.
+     * 
+     * @param in The encrypted block.
+     * @param inOff Offset in the encrypted block.
+     * @param inLen Length of the encrypted block.
+     * //@param pLen Length of the desired output.
+     * @return The plaintext without padding, or a random value if the padding was incorrect.
+     * 
+     * @throws InvalidCipherTextException
+     */
+    private byte[] decodeBlockOrRandom(byte[] in, int inOff, int inLen)
+        throws InvalidCipherTextException
+    {
+        if (!forPrivateKey)
+        {
+            throw new InvalidCipherTextException("sorry, this method is only for decryption, not for signing");
+        }
+
+        byte[] block = engine.processBlock(in, inOff, inLen);
+        byte[] random = null;
+        if (this.fallback == null)
+        {
+            random = new byte[this.pLen];
+            this.random.nextBytes(random);
+        }
+        else
+        {
+            random = fallback;
+        }
+
+		/*
+		 * TODO: This is a potential dangerous side channel. However, you can
+		 * fix this by changing the RSA engine in a way, that it will always
+		 * return blocks of the same length and prepend them with 0 bytes if
+		 * needed.
+		 */
+        if (block.length < getOutputBlockSize())
+        {
+            throw new InvalidCipherTextException("block truncated");
+        }
+
+		/*
+		 * TODO: Potential side channel. Fix it by making the engine always
+		 * return blocks of the correct length.
+		 */
+        if (useStrictLength && block.length != engine.getOutputBlockSize())
+        {
+            throw new InvalidCipherTextException("block incorrect size");
+        }
+
+		/*
+		 * Check the padding.
+		 */
+        int correct = PKCS1Encoding.checkPkcs1Encoding(block, this.pLen);
+		
+		/*
+		 * Now, to a constant time constant memory copy of the decrypted value
+		 * or the random value, depending on the validity of the padding.
+		 */
+        byte[] result = new byte[this.pLen];
+        for (int i = 0; i < this.pLen; i++)
+        {
+            result[i] = (byte)((block[i + (block.length - pLen)] & (~correct)) | (random[i] & correct));
+        }
+
+        return result;
+    }
 
     /**
      * @exception InvalidCipherTextException if the decrypted block is not in PKCS1 format.
@@ -193,7 +346,16 @@ public class PKCS1Encoding
         int     inLen)
         throws InvalidCipherTextException
     {
-        byte[]  block = engine.processBlock(in, inOff, inLen);
+        /*
+         * If the length of the expected plaintext is known, we use a constant-time decryption.
+         * If the decryption fails, we return a random value.
+         */
+		if (this.pLen != -1)
+        {
+    		return this.decodeBlockOrRandom(in, inOff, inLen);
+    	}
+    	
+        byte[] block = engine.processBlock(in, inOff, inLen);
 
         if (block.length < getOutputBlockSize())
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/package.html
new file mode 100644
index 0000000..fc56f63
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Block encodings for asymmetric ciphers.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java
index 756197c..a0fd084 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java
@@ -473,74 +473,65 @@ private static final int[] Tinv0 =
 
     private void encryptBlock(int[][] KW)
     {
-        int r, r0, r1, r2, r3;
-
-        C0 ^= KW[0][0];
-        C1 ^= KW[0][1];
-        C2 ^= KW[0][2];
-        C3 ^= KW[0][3];
-
-        r = 1;
+        int t0 = this.C0 ^ KW[0][0];
+        int t1 = this.C1 ^ KW[0][1];
+        int t2 = this.C2 ^ KW[0][2];
 
+        int r = 1, r0, r1, r2, r3 = this.C3 ^ KW[0][3];
         while (r < ROUNDS - 1)
         {
-            r0 = T0[C0&255] ^ shift(T0[(C1>>8)&255], 24) ^ shift(T0[(C2>>16)&255],16) ^ shift(T0[(C3>>24)&255],8) ^ KW[r][0];
-            r1 = T0[C1&255] ^ shift(T0[(C2>>8)&255], 24) ^ shift(T0[(C3>>16)&255], 16) ^ shift(T0[(C0>>24)&255], 8) ^ KW[r][1];
-            r2 = T0[C2&255] ^ shift(T0[(C3>>8)&255], 24) ^ shift(T0[(C0>>16)&255], 16) ^ shift(T0[(C1>>24)&255], 8) ^ KW[r][2];
-            r3 = T0[C3&255] ^ shift(T0[(C0>>8)&255], 24) ^ shift(T0[(C1>>16)&255], 16) ^ shift(T0[(C2>>24)&255], 8) ^ KW[r++][3];
-            C0 = T0[r0&255] ^ shift(T0[(r1>>8)&255], 24) ^ shift(T0[(r2>>16)&255], 16) ^ shift(T0[(r3>>24)&255], 8) ^ KW[r][0];
-            C1 = T0[r1&255] ^ shift(T0[(r2>>8)&255], 24) ^ shift(T0[(r3>>16)&255], 16) ^ shift(T0[(r0>>24)&255], 8) ^ KW[r][1];
-            C2 = T0[r2&255] ^ shift(T0[(r3>>8)&255], 24) ^ shift(T0[(r0>>16)&255], 16) ^ shift(T0[(r1>>24)&255], 8) ^ KW[r][2];
-            C3 = T0[r3&255] ^ shift(T0[(r0>>8)&255], 24) ^ shift(T0[(r1>>16)&255], 16) ^ shift(T0[(r2>>24)&255], 8) ^ KW[r++][3];
+            r0 = T0[t0&255] ^ shift(T0[(t1>>8)&255], 24) ^ shift(T0[(t2>>16)&255], 16) ^ shift(T0[(r3>>24)&255], 8) ^ KW[r][0];
+            r1 = T0[t1&255] ^ shift(T0[(t2>>8)&255], 24) ^ shift(T0[(r3>>16)&255], 16) ^ shift(T0[(t0>>24)&255], 8) ^ KW[r][1];
+            r2 = T0[t2&255] ^ shift(T0[(r3>>8)&255], 24) ^ shift(T0[(t0>>16)&255], 16) ^ shift(T0[(t1>>24)&255], 8) ^ KW[r][2];
+            r3 = T0[r3&255] ^ shift(T0[(t0>>8)&255], 24) ^ shift(T0[(t1>>16)&255], 16) ^ shift(T0[(t2>>24)&255], 8) ^ KW[r++][3];
+            t0 = T0[r0&255] ^ shift(T0[(r1>>8)&255], 24) ^ shift(T0[(r2>>16)&255], 16) ^ shift(T0[(r3>>24)&255], 8) ^ KW[r][0];
+            t1 = T0[r1&255] ^ shift(T0[(r2>>8)&255], 24) ^ shift(T0[(r3>>16)&255], 16) ^ shift(T0[(r0>>24)&255], 8) ^ KW[r][1];
+            t2 = T0[r2&255] ^ shift(T0[(r3>>8)&255], 24) ^ shift(T0[(r0>>16)&255], 16) ^ shift(T0[(r1>>24)&255], 8) ^ KW[r][2];
+            r3 = T0[r3&255] ^ shift(T0[(r0>>8)&255], 24) ^ shift(T0[(r1>>16)&255], 16) ^ shift(T0[(r2>>24)&255], 8) ^ KW[r++][3];
         }
 
-        r0 = T0[C0&255] ^ shift(T0[(C1>>8)&255], 24) ^ shift(T0[(C2>>16)&255], 16) ^ shift(T0[(C3>>24)&255], 8) ^ KW[r][0];
-        r1 = T0[C1&255] ^ shift(T0[(C2>>8)&255], 24) ^ shift(T0[(C3>>16)&255], 16) ^ shift(T0[(C0>>24)&255], 8) ^ KW[r][1];
-        r2 = T0[C2&255] ^ shift(T0[(C3>>8)&255], 24) ^ shift(T0[(C0>>16)&255], 16) ^ shift(T0[(C1>>24)&255], 8) ^ KW[r][2];
-        r3 = T0[C3&255] ^ shift(T0[(C0>>8)&255], 24) ^ shift(T0[(C1>>16)&255], 16) ^ shift(T0[(C2>>24)&255], 8) ^ KW[r++][3];
+        r0 = T0[t0&255] ^ shift(T0[(t1>>8)&255], 24) ^ shift(T0[(t2>>16)&255], 16) ^ shift(T0[(r3>>24)&255], 8) ^ KW[r][0];
+        r1 = T0[t1&255] ^ shift(T0[(t2>>8)&255], 24) ^ shift(T0[(r3>>16)&255], 16) ^ shift(T0[(t0>>24)&255], 8) ^ KW[r][1];
+        r2 = T0[t2&255] ^ shift(T0[(r3>>8)&255], 24) ^ shift(T0[(t0>>16)&255], 16) ^ shift(T0[(t1>>24)&255], 8) ^ KW[r][2];
+        r3 = T0[r3&255] ^ shift(T0[(t0>>8)&255], 24) ^ shift(T0[(t1>>16)&255], 16) ^ shift(T0[(t2>>24)&255], 8) ^ KW[r++][3];
 
         // the final round's table is a simple function of S so we don't use a whole other four tables for it
 
-        C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
-        C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
-        C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
-        C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
-
+        this.C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
+        this.C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
+        this.C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
+        this.C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
     }
 
     private void decryptBlock(int[][] KW)
     {
-        int r, r0, r1, r2, r3;
-
-        C0 ^= KW[ROUNDS][0];
-        C1 ^= KW[ROUNDS][1];
-        C2 ^= KW[ROUNDS][2];
-        C3 ^= KW[ROUNDS][3];
-
-        r = ROUNDS-1;
+        int t0 = this.C0 ^ KW[ROUNDS][0];
+        int t1 = this.C1 ^ KW[ROUNDS][1];
+        int t2 = this.C2 ^ KW[ROUNDS][2];
 
-        while (r>1)
+        int r = ROUNDS - 1, r0, r1, r2, r3 = this.C3 ^ KW[ROUNDS][3];
+        while (r > 1)
         {
-            r0 = Tinv0[C0&255] ^ shift(Tinv0[(C3>>8)&255], 24) ^ shift(Tinv0[(C2>>16)&255], 16) ^ shift(Tinv0[(C1>>24)&255], 8) ^ KW[r][0];
-            r1 = Tinv0[C1&255] ^ shift(Tinv0[(C0>>8)&255], 24) ^ shift(Tinv0[(C3>>16)&255], 16) ^ shift(Tinv0[(C2>>24)&255], 8) ^ KW[r][1];
-            r2 = Tinv0[C2&255] ^ shift(Tinv0[(C1>>8)&255], 24) ^ shift(Tinv0[(C0>>16)&255], 16) ^ shift(Tinv0[(C3>>24)&255], 8) ^ KW[r][2];
-            r3 = Tinv0[C3&255] ^ shift(Tinv0[(C2>>8)&255], 24) ^ shift(Tinv0[(C1>>16)&255], 16) ^ shift(Tinv0[(C0>>24)&255], 8) ^ KW[r--][3];
-            C0 = Tinv0[r0&255] ^ shift(Tinv0[(r3>>8)&255], 24) ^ shift(Tinv0[(r2>>16)&255], 16) ^ shift(Tinv0[(r1>>24)&255], 8) ^ KW[r][0];
-            C1 = Tinv0[r1&255] ^ shift(Tinv0[(r0>>8)&255], 24) ^ shift(Tinv0[(r3>>16)&255], 16) ^ shift(Tinv0[(r2>>24)&255], 8) ^ KW[r][1];
-            C2 = Tinv0[r2&255] ^ shift(Tinv0[(r1>>8)&255], 24) ^ shift(Tinv0[(r0>>16)&255], 16) ^ shift(Tinv0[(r3>>24)&255], 8) ^ KW[r][2];
-            C3 = Tinv0[r3&255] ^ shift(Tinv0[(r2>>8)&255], 24) ^ shift(Tinv0[(r1>>16)&255], 16) ^ shift(Tinv0[(r0>>24)&255], 8) ^ KW[r--][3];
+            r0 = Tinv0[t0&255] ^ shift(Tinv0[(r3>>8)&255], 24) ^ shift(Tinv0[(t2>>16)&255], 16) ^ shift(Tinv0[(t1>>24)&255], 8) ^ KW[r][0];
+            r1 = Tinv0[t1&255] ^ shift(Tinv0[(t0>>8)&255], 24) ^ shift(Tinv0[(r3>>16)&255], 16) ^ shift(Tinv0[(t2>>24)&255], 8) ^ KW[r][1];
+            r2 = Tinv0[t2&255] ^ shift(Tinv0[(t1>>8)&255], 24) ^ shift(Tinv0[(t0>>16)&255], 16) ^ shift(Tinv0[(r3>>24)&255], 8) ^ KW[r][2];
+            r3 = Tinv0[r3&255] ^ shift(Tinv0[(t2>>8)&255], 24) ^ shift(Tinv0[(t1>>16)&255], 16) ^ shift(Tinv0[(t0>>24)&255], 8) ^ KW[r--][3];
+            t0 = Tinv0[r0&255] ^ shift(Tinv0[(r3>>8)&255], 24) ^ shift(Tinv0[(r2>>16)&255], 16) ^ shift(Tinv0[(r1>>24)&255], 8) ^ KW[r][0];
+            t1 = Tinv0[r1&255] ^ shift(Tinv0[(r0>>8)&255], 24) ^ shift(Tinv0[(r3>>16)&255], 16) ^ shift(Tinv0[(r2>>24)&255], 8) ^ KW[r][1];
+            t2 = Tinv0[r2&255] ^ shift(Tinv0[(r1>>8)&255], 24) ^ shift(Tinv0[(r0>>16)&255], 16) ^ shift(Tinv0[(r3>>24)&255], 8) ^ KW[r][2];
+            r3 = Tinv0[r3&255] ^ shift(Tinv0[(r2>>8)&255], 24) ^ shift(Tinv0[(r1>>16)&255], 16) ^ shift(Tinv0[(r0>>24)&255], 8) ^ KW[r--][3];
         }
 
-        r0 = Tinv0[C0&255] ^ shift(Tinv0[(C3>>8)&255], 24) ^ shift(Tinv0[(C2>>16)&255], 16) ^ shift(Tinv0[(C1>>24)&255], 8) ^ KW[r][0];
-        r1 = Tinv0[C1&255] ^ shift(Tinv0[(C0>>8)&255], 24) ^ shift(Tinv0[(C3>>16)&255], 16) ^ shift(Tinv0[(C2>>24)&255], 8) ^ KW[r][1];
-        r2 = Tinv0[C2&255] ^ shift(Tinv0[(C1>>8)&255], 24) ^ shift(Tinv0[(C0>>16)&255], 16) ^ shift(Tinv0[(C3>>24)&255], 8) ^ KW[r][2];
-        r3 = Tinv0[C3&255] ^ shift(Tinv0[(C2>>8)&255], 24) ^ shift(Tinv0[(C1>>16)&255], 16) ^ shift(Tinv0[(C0>>24)&255], 8) ^ KW[r][3];
+        r0 = Tinv0[t0&255] ^ shift(Tinv0[(r3>>8)&255], 24) ^ shift(Tinv0[(t2>>16)&255], 16) ^ shift(Tinv0[(t1>>24)&255], 8) ^ KW[r][0];
+        r1 = Tinv0[t1&255] ^ shift(Tinv0[(t0>>8)&255], 24) ^ shift(Tinv0[(r3>>16)&255], 16) ^ shift(Tinv0[(t2>>24)&255], 8) ^ KW[r][1];
+        r2 = Tinv0[t2&255] ^ shift(Tinv0[(t1>>8)&255], 24) ^ shift(Tinv0[(t0>>16)&255], 16) ^ shift(Tinv0[(r3>>24)&255], 8) ^ KW[r][2];
+        r3 = Tinv0[r3&255] ^ shift(Tinv0[(t2>>8)&255], 24) ^ shift(Tinv0[(t1>>16)&255], 16) ^ shift(Tinv0[(t0>>24)&255], 8) ^ KW[r][3];
         
         // the final round's table is a simple function of Si so we don't use a whole other four tables for it
 
-        C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
-        C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
-        C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
-        C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
+        this.C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
+        this.C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
+        this.C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
+        this.C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java
index ff4b2f8..e2b00d3 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java
@@ -5,6 +5,7 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Pack;
 
 /**
  * an implementation of the AES (Rijndael), from FIPS-197.
@@ -110,8 +111,9 @@ public class AESFastEngine
          0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 };
 
     // precomputation tables of calculations for rounds
-    private static final int[] T0 =
+    private static final int[] T =
     {
+     // T0
      0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 
      0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, 
      0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 
@@ -163,10 +165,9 @@ public class AESFastEngine
      0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 
      0x31e6e6d7, 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 
      0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 
-     0x3a16162c};
+     0x3a16162c, 
 
-    private static final int[] T1 =
-    {
+     // T1
      0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 
      0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x01010203, 
      0x6767cea9, 0x2b2b567d, 0xfefee719, 0xd7d7b562, 0xabab4de6, 
@@ -218,10 +219,9 @@ public class AESFastEngine
      0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, 
      0xe6e6d731, 0x424284c6, 0x6868d0b8, 0x414182c3, 0x999929b0, 
      0x2d2d5a77, 0x0f0f1e11, 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 
-     0x16162c3a};
+     0x16162c3a, 
 
-    private static final int[] T2 =
-    {
+     // T2
      0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 
      0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, 0x30605030, 0x01020301, 
      0x67cea967, 0x2b567d2b, 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 
@@ -273,10 +273,9 @@ public class AESFastEngine
      0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, 
      0xe6d731e6, 0x4284c642, 0x68d0b868, 0x4182c341, 0x9929b099, 
      0x2d5a772d, 0x0f1e110f, 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 
-     0x162c3a16};
+     0x162c3a16, 
 
-    private static final int[] T3 =
-    {
+     // T3
      0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 
      0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x02030101, 
      0xcea96767, 0x567d2b2b, 0xe719fefe, 0xb562d7d7, 0x4de6abab, 
@@ -330,8 +329,9 @@ public class AESFastEngine
      0x5a772d2d, 0x1e110f0f, 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 
      0x2c3a1616};
 
-    private static final int[] Tinv0 =
+    private static final int[] Tinv =
     {
+     // Tinv0
      0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 
      0xf1459d1f, 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 
      0x9176cc88, 0x254c02f5, 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 
@@ -383,10 +383,9 @@ public class AESFastEngine
      0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 
      0x0c25e2bc, 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 
      0x9ce4b4d8, 0x90c15664, 0x6184cb7b, 0x70b632d5, 0x745c6c48, 
-     0x4257b8d0};
+     0x4257b8d0, 
 
-    private static final int[] Tinv1 =
-    {
+     // Tinv1
      0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, 
      0x459d1ff1, 0x58faacab, 0x03e34b93, 0xfa302055, 0x6d76adf6, 
      0x76cc8891, 0x4c02f525, 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 
@@ -438,10 +437,9 @@ public class AESFastEngine
      0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, 
      0x25e2bc0c, 0x493c288b, 0x950dff41, 0x01a83971, 0xb30c08de, 
      0xe4b4d89c, 0xc1566490, 0x84cb7b61, 0xb632d570, 0x5c6c4874, 
-     0x57b8d042};
+     0x57b8d042, 
 
-    private static final int[] Tinv2 =
-    {
+     // Tinv2
      0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, 
      0x9d1ff145, 0xfaacab58, 0xe34b9303, 0x302055fa, 0x76adf66d, 
      0xcc889176, 0x02f5254c, 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 
@@ -493,10 +491,9 @@ public class AESFastEngine
      0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, 
      0xe2bc0c25, 0x3c288b49, 0x0dff4195, 0xa8397101, 0x0c08deb3, 
      0xb4d89ce4, 0x566490c1, 0xcb7b6184, 0x32d570b6, 0x6c48745c, 
-     0xb8d04257};
+     0xb8d04257, 
 
-    private static final int[] Tinv3 =
-    {
+     // Tinv3
      0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, 
      0x1ff1459d, 0xacab58fa, 0x4b9303e3, 0x2055fa30, 0xadf66d76, 
      0x889176cc, 0xf5254c02, 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 
@@ -586,10 +583,11 @@ public class AESFastEngine
         return f2 ^ f4 ^ f8 ^ shift(f2 ^ f9, 8) ^ shift(f4 ^ f9, 16) ^ shift(f9, 24);
     }
 
-
     private static int subWord(int x)
     {
-        return (S[x&255]&255 | ((S[(x>>8)&255]&255)<<8) | ((S[(x>>16)&255]&255)<<16) | S[(x>>24)&255]<<24);
+        int i0 = x, i1 = x >>> 8, i2 = x >>> 16, i3 = x >>> 24;
+        i0 = S[i0 & 255] & 255; i1 = S[i1 & 255] & 255; i2 = S[i2 & 255] & 255; i3 = S[i3 & 255] & 255;
+        return i0 | i1 << 8 | i2 << 16 | i3 << 24;
     }
 
     /**
@@ -727,19 +725,19 @@ public class AESFastEngine
             throw new OutputLengthException("output buffer too short");
         }
 
+        unpackBlock(in, inOff);
+
         if (forEncryption)
         {
-            unpackBlock(in, inOff);
             encryptBlock(WorkingKey);
-            packBlock(out, outOff);
         }
         else
         {
-            unpackBlock(in, inOff);
             decryptBlock(WorkingKey);
-            packBlock(out, outOff);
         }
 
+        packBlock(out, outOff);
+
         return BLOCK_SIZE;
     }
 
@@ -747,129 +745,184 @@ public class AESFastEngine
     {
     }
 
-    private void unpackBlock(
-        byte[]      bytes,
-        int         off)
+    private void unpackBlock(byte[] bytes, int off)
     {
-        int     index = off;
-
-        C0 = (bytes[index++] & 0xff);
-        C0 |= (bytes[index++] & 0xff) << 8;
-        C0 |= (bytes[index++] & 0xff) << 16;
-        C0 |= bytes[index++] << 24;
-
-        C1 = (bytes[index++] & 0xff);
-        C1 |= (bytes[index++] & 0xff) << 8;
-        C1 |= (bytes[index++] & 0xff) << 16;
-        C1 |= bytes[index++] << 24;
-
-        C2 = (bytes[index++] & 0xff);
-        C2 |= (bytes[index++] & 0xff) << 8;
-        C2 |= (bytes[index++] & 0xff) << 16;
-        C2 |= bytes[index++] << 24;
-
-        C3 = (bytes[index++] & 0xff);
-        C3 |= (bytes[index++] & 0xff) << 8;
-        C3 |= (bytes[index++] & 0xff) << 16;
-        C3 |= bytes[index++] << 24;
+        this.C0 = Pack.littleEndianToInt(bytes, off);
+        this.C1 = Pack.littleEndianToInt(bytes, off + 4);
+        this.C2 = Pack.littleEndianToInt(bytes, off + 8);
+        this.C3 = Pack.littleEndianToInt(bytes, off + 12);
     }
 
-    private void packBlock(
-        byte[]      bytes,
-        int         off)
+    private void packBlock(byte[] bytes, int off)
     {
-        int     index = off;
-
-        bytes[index++] = (byte)C0;
-        bytes[index++] = (byte)(C0 >> 8);
-        bytes[index++] = (byte)(C0 >> 16);
-        bytes[index++] = (byte)(C0 >> 24);
-
-        bytes[index++] = (byte)C1;
-        bytes[index++] = (byte)(C1 >> 8);
-        bytes[index++] = (byte)(C1 >> 16);
-        bytes[index++] = (byte)(C1 >> 24);
-
-        bytes[index++] = (byte)C2;
-        bytes[index++] = (byte)(C2 >> 8);
-        bytes[index++] = (byte)(C2 >> 16);
-        bytes[index++] = (byte)(C2 >> 24);
-
-        bytes[index++] = (byte)C3;
-        bytes[index++] = (byte)(C3 >> 8);
-        bytes[index++] = (byte)(C3 >> 16);
-        bytes[index++] = (byte)(C3 >> 24);
+        Pack.intToLittleEndian(this.C0, bytes, off);
+        Pack.intToLittleEndian(this.C1, bytes, off + 4);
+        Pack.intToLittleEndian(this.C2, bytes, off + 8);
+        Pack.intToLittleEndian(this.C3, bytes, off + 12);
     }
 
     private void encryptBlock(int[][] KW)
     {
-        int r, r0, r1, r2, r3;
-        
-        C0 ^= KW[0][0];
-        C1 ^= KW[0][1];
-        C2 ^= KW[0][2];
-        C3 ^= KW[0][3];
+        int t0 = this.C0 ^ KW[0][0];
+        int t1 = this.C1 ^ KW[0][1];
+        int t2 = this.C2 ^ KW[0][2];
+
+        /*
+         * Fast engine has precomputed rotr(T0, 8/16/24) tables T1/T2/T3.
+         *
+         * Placing all precomputes in one array requires offsets additions for 8/16/24 rotations but
+         * avoids additional array range checks on 3 more arrays (which on HotSpot are more
+         * expensive than the offset additions).
+         */
+        int r = 1, r0, r1, r2, r3 = this.C3 ^ KW[0][3];
+        int i0, i1, i2, i3;
 
-        r = 1;
         while (r < ROUNDS - 1)
         {
-            r0 = T0[C0&255] ^ T1[(C1>>8)&255] ^ T2[(C2>>16)&255] ^ T3[(C3>>24)&255] ^ KW[r][0];
-            r1 = T0[C1&255] ^ T1[(C2>>8)&255] ^ T2[(C3>>16)&255] ^ T3[(C0>>24)&255] ^ KW[r][1];
-            r2 = T0[C2&255] ^ T1[(C3>>8)&255] ^ T2[(C0>>16)&255] ^ T3[(C1>>24)&255] ^ KW[r][2];
-            r3 = T0[C3&255] ^ T1[(C0>>8)&255] ^ T2[(C1>>16)&255] ^ T3[(C2>>24)&255] ^ KW[r++][3];
-            C0 = T0[r0&255] ^ T1[(r1>>8)&255] ^ T2[(r2>>16)&255] ^ T3[(r3>>24)&255] ^ KW[r][0];
-            C1 = T0[r1&255] ^ T1[(r2>>8)&255] ^ T2[(r3>>16)&255] ^ T3[(r0>>24)&255] ^ KW[r][1];
-            C2 = T0[r2&255] ^ T1[(r3>>8)&255] ^ T2[(r0>>16)&255] ^ T3[(r1>>24)&255] ^ KW[r][2];
-            C3 = T0[r3&255] ^ T1[(r0>>8)&255] ^ T2[(r1>>16)&255] ^ T3[(r2>>24)&255] ^ KW[r++][3];
+            i0 = t0; i1 = t1 >>> 8; i2 = t2 >>> 16; i3 = r3 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r0 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r][0];
+
+            i0 = t1; i1 = t2 >>> 8; i2 = r3 >>> 16; i3 = t0 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r1 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r][1];
+
+            i0 = t2; i1 = r3 >>> 8; i2 = t0 >>> 16; i3 = t1 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r2 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r][2];
+
+            i0 = r3; i1 = t0 >>> 8; i2 = t1 >>> 16; i3 = t2 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r3 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r++][3];
+
+            i0 = r0; i1 = r1 >>> 8; i2 = r2 >>> 16; i3 = r3 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            t0 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r][0];
+
+            i0 = r1; i1 = r2 >>> 8; i2 = r3 >>> 16; i3 = r0 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            t1 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r][1];
+
+            i0 = r2; i1 = r3 >>> 8; i2 = r0 >>> 16; i3 = r1 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            t2 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r][2];
+
+            i0 = r3; i1 = r0 >>> 8; i2 = r1 >>> 16; i3 = r2 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r3 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r++][3];
         }
 
-        r0 = T0[C0&255] ^ T1[(C1>>8)&255] ^ T2[(C2>>16)&255] ^ T3[(C3>>24)&255] ^ KW[r][0];
-        r1 = T0[C1&255] ^ T1[(C2>>8)&255] ^ T2[(C3>>16)&255] ^ T3[(C0>>24)&255] ^ KW[r][1];
-        r2 = T0[C2&255] ^ T1[(C3>>8)&255] ^ T2[(C0>>16)&255] ^ T3[(C1>>24)&255] ^ KW[r][2];
-        r3 = T0[C3&255] ^ T1[(C0>>8)&255] ^ T2[(C1>>16)&255] ^ T3[(C2>>24)&255] ^ KW[r++][3];
-        
+        i0 = t0; i1 = t1 >>> 8; i2 = t2 >>> 16; i3 = r3 >>> 24;
+        i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+        r0 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r][0];
+
+        i0 = t1; i1 = t2 >>> 8; i2 = r3 >>> 16; i3 = t0 >>> 24;
+        i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+        r1 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r][1];
+
+        i0 = t2; i1 = r3 >>> 8; i2 = t0 >>> 16; i3 = t1 >>> 24;
+        i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+        r2 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r][2];
+
+        i0 = r3; i1 = t0 >>> 8; i2 = t1 >>> 16; i3 = t2 >>> 24;
+        i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+        r3 = T[i0] ^ T[256 + i1] ^ T[512 + i2] ^ T[768 + i3] ^ KW[r++][3];
+
         // the final round's table is a simple function of S so we don't use a whole other four tables for it
 
-        C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
-        C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
-        C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
-        C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
+        i0 = r0; i1 = r1 >>> 8; i2 = r2 >>> 16; i3 = r3 >>> 24;
+        i0 = S[i0 & 255] & 255; i1 = S[i1 & 255] & 255; i2 = S[i2 & 255] & 255; i3 = S[i3 & 255] & 255;
+        this.C0 = i0 ^ i1 << 8 ^ i2 << 16 ^ i3 << 24 ^ KW[r][0];
+
+        i0 = r1; i1 = r2 >>> 8; i2 = r3 >>> 16; i3 = r0 >>> 24;
+        i0 = S[i0 & 255] & 255; i1 = S[i1 & 255] & 255; i2 = S[i2 & 255] & 255; i3 = S[i3 & 255] & 255;
+        this.C1 = i0 ^ i1 << 8 ^ i2 << 16 ^ i3 << 24 ^ KW[r][1];
 
+        i0 = r2; i1 = r3 >>> 8; i2 = r0 >>> 16; i3 = r1 >>> 24;
+        i0 = S[i0 & 255] & 255; i1 = S[i1 & 255] & 255; i2 = S[i2 & 255] & 255; i3 = S[i3 & 255] & 255;
+        this.C2 = i0 ^ i1 << 8 ^ i2 << 16 ^ i3 << 24 ^ KW[r][2];
+
+        i0 = r3; i1 = r0 >>> 8; i2 = r1 >>> 16; i3 = r2 >>> 24;
+        i0 = S[i0 & 255] & 255; i1 = S[i1 & 255] & 255; i2 = S[i2 & 255] & 255; i3 = S[i3 & 255] & 255;
+        this.C3 = i0 ^ i1 << 8 ^ i2 << 16 ^ i3 << 24 ^ KW[r][3];
     }
 
     private void decryptBlock(int[][] KW)
     {
-        int r0, r1, r2, r3;
+        int t0 = this.C0 ^ KW[ROUNDS][0];
+        int t1 = this.C1 ^ KW[ROUNDS][1];
+        int t2 = this.C2 ^ KW[ROUNDS][2];
 
-        C0 ^= KW[ROUNDS][0];
-        C1 ^= KW[ROUNDS][1];
-        C2 ^= KW[ROUNDS][2];
-        C3 ^= KW[ROUNDS][3];
+        int r = ROUNDS - 1, r0, r1, r2, r3 = this.C3 ^ KW[ROUNDS][3];
+        int i0, i1, i2, i3;
 
-        int r = ROUNDS-1; 
-        
-        while (r>1) 
+        while (r > 1)
         {
-            r0 = Tinv0[C0&255] ^ Tinv1[(C3>>8)&255] ^ Tinv2[(C2>>16)&255] ^ Tinv3[(C1>>24)&255] ^ KW[r][0];
-            r1 = Tinv0[C1&255] ^ Tinv1[(C0>>8)&255] ^ Tinv2[(C3>>16)&255] ^ Tinv3[(C2>>24)&255] ^ KW[r][1];
-            r2 = Tinv0[C2&255] ^ Tinv1[(C1>>8)&255] ^ Tinv2[(C0>>16)&255] ^ Tinv3[(C3>>24)&255] ^ KW[r][2];
-            r3 = Tinv0[C3&255] ^ Tinv1[(C2>>8)&255] ^ Tinv2[(C1>>16)&255] ^ Tinv3[(C0>>24)&255] ^ KW[r--][3];
-            C0 = Tinv0[r0&255] ^ Tinv1[(r3>>8)&255] ^ Tinv2[(r2>>16)&255] ^ Tinv3[(r1>>24)&255] ^ KW[r][0];
-            C1 = Tinv0[r1&255] ^ Tinv1[(r0>>8)&255] ^ Tinv2[(r3>>16)&255] ^ Tinv3[(r2>>24)&255] ^ KW[r][1];
-            C2 = Tinv0[r2&255] ^ Tinv1[(r1>>8)&255] ^ Tinv2[(r0>>16)&255] ^ Tinv3[(r3>>24)&255] ^ KW[r][2];
-            C3 = Tinv0[r3&255] ^ Tinv1[(r2>>8)&255] ^ Tinv2[(r1>>16)&255] ^ Tinv3[(r0>>24)&255] ^ KW[r--][3];
+            i0 = t0; i1 = r3 >>> 8; i2 = t2 >>> 16; i3 = t1 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r0 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[r][0];
+
+            i0 = t1; i1 = t0 >>> 8; i2 = r3 >>> 16; i3 = t2 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r1 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[r][1];
+
+            i0 = t2; i1 = t1 >>> 8; i2 = t0 >>> 16; i3 = r3 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r2 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[r][2];
+
+            i0 = r3; i1 = t2 >>> 8; i2 = t1 >>> 16; i3 = t0 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r3 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[r--][3];
+
+            i0 = r0; i1 = r3 >>> 8; i2 = r2 >>> 16; i3 = r1 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            t0 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[r][0];
+
+            i0 = r1; i1 = r0 >>> 8; i2 = r3 >>> 16; i3 = r2 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            t1 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[r][1];
+
+            i0 = r2; i1 = r1 >>> 8; i2 = r0 >>> 16; i3 = r3 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            t2 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[r][2];
+
+            i0 = r3; i1 = r2 >>> 8; i2 = r1 >>> 16; i3 = r0 >>> 24;
+            i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+            r3 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[r--][3];
         }
 
-        r0 = Tinv0[C0&255] ^ Tinv1[(C3>>8)&255] ^ Tinv2[(C2>>16)&255] ^ Tinv3[(C1>>24)&255] ^ KW[r][0];
-        r1 = Tinv0[C1&255] ^ Tinv1[(C0>>8)&255] ^ Tinv2[(C3>>16)&255] ^ Tinv3[(C2>>24)&255] ^ KW[r][1];
-        r2 = Tinv0[C2&255] ^ Tinv1[(C1>>8)&255] ^ Tinv2[(C0>>16)&255] ^ Tinv3[(C3>>24)&255] ^ KW[r][2];
-        r3 = Tinv0[C3&255] ^ Tinv1[(C2>>8)&255] ^ Tinv2[(C1>>16)&255] ^ Tinv3[(C0>>24)&255] ^ KW[r][3];
-        
+        i0 = t0; i1 = r3 >>> 8; i2 = t2 >>> 16; i3 = t1 >>> 24;
+        i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+        r0 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[1][0];
+
+        i0 = t1; i1 = t0 >>> 8; i2 = r3 >>> 16; i3 = t2 >>> 24;
+        i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+        r1 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[1][1];
+
+        i0 = t2; i1 = t1 >>> 8; i2 = t0 >>> 16; i3 = r3 >>> 24;
+        i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+        r2 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[1][2];
+
+        i0 = r3; i1 = t2 >>> 8; i2 = t1 >>> 16; i3 = t0 >>> 24;
+        i0 &= 255; i1 &= 255; i2 &= 255; i3 &= 255;
+        r3 = Tinv[i0] ^ Tinv[256 + i1] ^ Tinv[512 + i2] ^ Tinv[768 + i3] ^ KW[1][3];
+
         // the final round's table is a simple function of Si so we don't use a whole other four tables for it
 
-        C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
-        C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
-        C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
-        C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
+        i0 = r0; i1 = r3 >>> 8; i2 = r2 >>> 16; i3 = r1 >>> 24;
+        i0 = Si[i0 & 255] & 255; i1 = Si[i1 & 255] & 255; i2 = Si[i2 & 255] & 255; i3 = Si[i3 & 255] & 255;
+        this.C0 = i0 ^ i1 << 8 ^ i2 << 16 ^ i3 << 24 ^ KW[0][0];
+
+        i0 = r1; i1 = r0 >>> 8; i2 = r3 >>> 16; i3 = r2 >>> 24;
+        i0 = Si[i0 & 255] & 255; i1 = Si[i1 & 255] & 255; i2 = Si[i2 & 255] & 255; i3 = Si[i3 & 255] & 255;
+        this.C1 = i0 ^ i1 << 8 ^ i2 << 16 ^ i3 << 24 ^ KW[0][1];
+
+        i0 = r2; i1 = r1 >>> 8; i2 = r0 >>> 16; i3 = r3 >>> 24;
+        i0 = Si[i0 & 255] & 255; i1 = Si[i1 & 255] & 255; i2 = Si[i2 & 255] & 255; i3 = Si[i3 & 255] & 255;
+        this.C2 = i0 ^ i1 << 8 ^ i2 << 16 ^ i3 << 24 ^ KW[0][2];
+
+        i0 = r3; i1 = r2 >>> 8; i2 = r1 >>> 16; i3 = r0 >>> 24;
+        i0 = Si[i0 & 255] & 255; i1 = Si[i1 & 255] & 255; i2 = Si[i2 & 255] & 255; i3 = Si[i3 & 255] & 255;
+        this.C3 = i0 ^ i1 << 8 ^ i2 << 16 ^ i3 << 24 ^ KW[0][3];
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java
index df8444b..70a3f68 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java
@@ -370,70 +370,65 @@ public class AESLightEngine
 
     private void encryptBlock(int[][] KW)
     {
-        int r, r0, r1, r2, r3;
+        int t0 = this.C0 ^ KW[0][0];
+        int t1 = this.C1 ^ KW[0][1];
+        int t2 = this.C2 ^ KW[0][2];
 
-        C0 ^= KW[0][0];
-        C1 ^= KW[0][1];
-        C2 ^= KW[0][2];
-        C3 ^= KW[0][3];
-
-        for (r = 1; r < ROUNDS - 1;)
+        int r = 1, r0, r1, r2, r3 = this.C3 ^ KW[0][3];
+        while (r < ROUNDS - 1)
         {
-            r0 = mcol((S[C0&255]&255) ^ ((S[(C1>>8)&255]&255)<<8) ^ ((S[(C2>>16)&255]&255)<<16) ^ (S[(C3>>24)&255]<<24)) ^ KW[r][0];
-            r1 = mcol((S[C1&255]&255) ^ ((S[(C2>>8)&255]&255)<<8) ^ ((S[(C3>>16)&255]&255)<<16) ^ (S[(C0>>24)&255]<<24)) ^ KW[r][1];
-            r2 = mcol((S[C2&255]&255) ^ ((S[(C3>>8)&255]&255)<<8) ^ ((S[(C0>>16)&255]&255)<<16) ^ (S[(C1>>24)&255]<<24)) ^ KW[r][2];
-            r3 = mcol((S[C3&255]&255) ^ ((S[(C0>>8)&255]&255)<<8) ^ ((S[(C1>>16)&255]&255)<<16) ^ (S[(C2>>24)&255]<<24)) ^ KW[r++][3];
-            C0 = mcol((S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24)) ^ KW[r][0];
-            C1 = mcol((S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24)) ^ KW[r][1];
-            C2 = mcol((S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24)) ^ KW[r][2];
-            C3 = mcol((S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24)) ^ KW[r++][3];
+            r0 = mcol((S[t0&255]&255) ^ ((S[(t1>>8)&255]&255)<<8) ^ ((S[(t2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24)) ^ KW[r][0];
+            r1 = mcol((S[t1&255]&255) ^ ((S[(t2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(t0>>24)&255]<<24)) ^ KW[r][1];
+            r2 = mcol((S[t2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(t0>>16)&255]&255)<<16) ^ (S[(t1>>24)&255]<<24)) ^ KW[r][2];
+            r3 = mcol((S[r3&255]&255) ^ ((S[(t0>>8)&255]&255)<<8) ^ ((S[(t1>>16)&255]&255)<<16) ^ (S[(t2>>24)&255]<<24)) ^ KW[r++][3];
+            t0 = mcol((S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24)) ^ KW[r][0];
+            t1 = mcol((S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24)) ^ KW[r][1];
+            t2 = mcol((S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24)) ^ KW[r][2];
+            r3 = mcol((S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24)) ^ KW[r++][3];
         }
 
-        r0 = mcol((S[C0&255]&255) ^ ((S[(C1>>8)&255]&255)<<8) ^ ((S[(C2>>16)&255]&255)<<16) ^ (S[(C3>>24)&255]<<24)) ^ KW[r][0];
-        r1 = mcol((S[C1&255]&255) ^ ((S[(C2>>8)&255]&255)<<8) ^ ((S[(C3>>16)&255]&255)<<16) ^ (S[(C0>>24)&255]<<24)) ^ KW[r][1];
-        r2 = mcol((S[C2&255]&255) ^ ((S[(C3>>8)&255]&255)<<8) ^ ((S[(C0>>16)&255]&255)<<16) ^ (S[(C1>>24)&255]<<24)) ^ KW[r][2];
-        r3 = mcol((S[C3&255]&255) ^ ((S[(C0>>8)&255]&255)<<8) ^ ((S[(C1>>16)&255]&255)<<16) ^ (S[(C2>>24)&255]<<24)) ^ KW[r++][3];
+        r0 = mcol((S[t0&255]&255) ^ ((S[(t1>>8)&255]&255)<<8) ^ ((S[(t2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24)) ^ KW[r][0];
+        r1 = mcol((S[t1&255]&255) ^ ((S[(t2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(t0>>24)&255]<<24)) ^ KW[r][1];
+        r2 = mcol((S[t2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(t0>>16)&255]&255)<<16) ^ (S[(t1>>24)&255]<<24)) ^ KW[r][2];
+        r3 = mcol((S[r3&255]&255) ^ ((S[(t0>>8)&255]&255)<<8) ^ ((S[(t1>>16)&255]&255)<<16) ^ (S[(t2>>24)&255]<<24)) ^ KW[r++][3];
 
         // the final round is a simple function of S
 
-        C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
-        C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
-        C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
-        C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
-
+        this.C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
+        this.C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
+        this.C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
+        this.C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
     }
 
     private void decryptBlock(int[][] KW)
     {
-        int r, r0, r1, r2, r3;
-
-        C0 ^= KW[ROUNDS][0];
-        C1 ^= KW[ROUNDS][1];
-        C2 ^= KW[ROUNDS][2];
-        C3 ^= KW[ROUNDS][3];
+        int t0 = this.C0 ^ KW[ROUNDS][0];
+        int t1 = this.C1 ^ KW[ROUNDS][1];
+        int t2 = this.C2 ^ KW[ROUNDS][2];
 
-        for (r = ROUNDS-1; r>1;)
+        int r = ROUNDS - 1, r0, r1, r2, r3 = this.C3 ^ KW[ROUNDS][3];
+        while (r > 1)
         {
-            r0 = inv_mcol((Si[C0&255]&255) ^ ((Si[(C3>>8)&255]&255)<<8) ^ ((Si[(C2>>16)&255]&255)<<16) ^ (Si[(C1>>24)&255]<<24)) ^ KW[r][0];
-            r1 = inv_mcol((Si[C1&255]&255) ^ ((Si[(C0>>8)&255]&255)<<8) ^ ((Si[(C3>>16)&255]&255)<<16) ^ (Si[(C2>>24)&255]<<24)) ^ KW[r][1];
-            r2 = inv_mcol((Si[C2&255]&255) ^ ((Si[(C1>>8)&255]&255)<<8) ^ ((Si[(C0>>16)&255]&255)<<16) ^ (Si[(C3>>24)&255]<<24)) ^ KW[r][2];
-            r3 = inv_mcol((Si[C3&255]&255) ^ ((Si[(C2>>8)&255]&255)<<8) ^ ((Si[(C1>>16)&255]&255)<<16) ^ (Si[(C0>>24)&255]<<24)) ^ KW[r--][3];
-            C0 = inv_mcol((Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24)) ^ KW[r][0];
-            C1 = inv_mcol((Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24)) ^ KW[r][1];
-            C2 = inv_mcol((Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24)) ^ KW[r][2];
-            C3 = inv_mcol((Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24)) ^ KW[r--][3];
+            r0 = inv_mcol((Si[t0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(t2>>16)&255]&255)<<16) ^ (Si[(t1>>24)&255]<<24)) ^ KW[r][0];
+            r1 = inv_mcol((Si[t1&255]&255) ^ ((Si[(t0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(t2>>24)&255]<<24)) ^ KW[r][1];
+            r2 = inv_mcol((Si[t2&255]&255) ^ ((Si[(t1>>8)&255]&255)<<8) ^ ((Si[(t0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24)) ^ KW[r][2];
+            r3 = inv_mcol((Si[r3&255]&255) ^ ((Si[(t2>>8)&255]&255)<<8) ^ ((Si[(t1>>16)&255]&255)<<16) ^ (Si[(t0>>24)&255]<<24)) ^ KW[r--][3];
+            t0 = inv_mcol((Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24)) ^ KW[r][0];
+            t1 = inv_mcol((Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24)) ^ KW[r][1];
+            t2 = inv_mcol((Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24)) ^ KW[r][2];
+            r3 = inv_mcol((Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24)) ^ KW[r--][3];
         }
 
-        r0 = inv_mcol((Si[C0&255]&255) ^ ((Si[(C3>>8)&255]&255)<<8) ^ ((Si[(C2>>16)&255]&255)<<16) ^ (Si[(C1>>24)&255]<<24)) ^ KW[r][0];
-        r1 = inv_mcol((Si[C1&255]&255) ^ ((Si[(C0>>8)&255]&255)<<8) ^ ((Si[(C3>>16)&255]&255)<<16) ^ (Si[(C2>>24)&255]<<24)) ^ KW[r][1];
-        r2 = inv_mcol((Si[C2&255]&255) ^ ((Si[(C1>>8)&255]&255)<<8) ^ ((Si[(C0>>16)&255]&255)<<16) ^ (Si[(C3>>24)&255]<<24)) ^ KW[r][2];
-        r3 = inv_mcol((Si[C3&255]&255) ^ ((Si[(C2>>8)&255]&255)<<8) ^ ((Si[(C1>>16)&255]&255)<<16) ^ (Si[(C0>>24)&255]<<24)) ^ KW[r][3];
+        r0 = inv_mcol((Si[t0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(t2>>16)&255]&255)<<16) ^ (Si[(t1>>24)&255]<<24)) ^ KW[r][0];
+        r1 = inv_mcol((Si[t1&255]&255) ^ ((Si[(t0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(t2>>24)&255]<<24)) ^ KW[r][1];
+        r2 = inv_mcol((Si[t2&255]&255) ^ ((Si[(t1>>8)&255]&255)<<8) ^ ((Si[(t0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24)) ^ KW[r][2];
+        r3 = inv_mcol((Si[r3&255]&255) ^ ((Si[(t2>>8)&255]&255)<<8) ^ ((Si[(t1>>16)&255]&255)<<16) ^ (Si[(t0>>24)&255]<<24)) ^ KW[r][3];
 
         // the final round's table is a simple function of Si
 
-        C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
-        C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
-        C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
-        C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
+        this.C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
+        this.C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
+        this.C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
+        this.C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java
index 5d316ac..6d3e5ac 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java
@@ -9,8 +9,21 @@ package org.bouncycastle.crypto.engines;
 public class AESWrapEngine
     extends RFC3394WrapEngine
 {
+    /**
+     * Create a regular AESWrapEngine specifying the encrypt for wrapping, decrypt for unwrapping.
+     */
     public AESWrapEngine()
     {
         super(new AESEngine());
     }
+
+    /**
+     * Create an AESWrapEngine where the underlying cipher is set to decrypt for wrapping, encrypt for unwrapping.
+     *
+     * @param useReverseDirection true if underlying cipher should be used in decryption mode, false otherwise.
+     */
+    public AESWrapEngine(boolean useReverseDirection)
+    {
+        super(new AESEngine(), useReverseDirection);
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESWrapPadEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESWrapPadEngine.java
new file mode 100644
index 0000000..7776061
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESWrapPadEngine.java
@@ -0,0 +1,10 @@
+package org.bouncycastle.crypto.engines;
+
+public class AESWrapPadEngine
+    extends RFC5649WrapEngine
+{
+    public AESWrapPadEngine()
+    {
+        super(new AESEngine());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/ChaChaEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/ChaChaEngine.java
index 2d1de39..d4c4389 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/ChaChaEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/ChaChaEngine.java
@@ -1,13 +1,12 @@
 package org.bouncycastle.crypto.engines;
 
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Pack;
 
 /**
  * Implementation of Daniel J. Bernstein's ChaCha stream cipher.
  */
 public class ChaChaEngine extends Salsa20Engine
 {
-
     /**
      * Creates a 20 rounds ChaCha engine.
      */
@@ -30,6 +29,26 @@ public class ChaChaEngine extends Salsa20Engine
         return "ChaCha" + rounds;
     }
 
+    protected void advanceCounter(long diff)
+    {
+        int hi = (int)(diff >>> 32);
+        int lo = (int)diff;
+
+        if (hi > 0)
+        {
+            engineState[13] += hi;
+        }
+
+        int oldState = engineState[12];
+
+        engineState[12] += lo;
+
+        if (oldState != 0 && engineState[12] < oldState)
+        {
+            engineState[13]++;
+        }
+    }
+
     protected void advanceCounter()
     {
         if (++engineState[12] == 0)
@@ -38,48 +57,102 @@ public class ChaChaEngine extends Salsa20Engine
         }
     }
 
-    protected void resetCounter()
+    protected void retreatCounter(long diff)
     {
-        engineState[12] = engineState[13] = 0;
+        int hi = (int)(diff >>> 32);
+        int lo = (int)diff;
+
+        if (hi != 0)
+        {
+            if ((engineState[13] & 0xffffffffL) >= (hi & 0xffffffffL))
+            {
+                engineState[13] -= hi;
+            }
+            else
+            {
+                throw new IllegalStateException("attempt to reduce counter past zero.");
+            }
+        }
+
+        if ((engineState[12] & 0xffffffffL) >= (lo & 0xffffffffL))
+        {
+            engineState[12] -= lo;
+        }
+        else
+        {
+            if (engineState[13] != 0)
+            {
+                --engineState[13];
+                engineState[12] -= lo;
+            }
+            else
+            {
+                throw new IllegalStateException("attempt to reduce counter past zero.");
+            }
+        }
     }
 
-    protected void setKey(byte[] keyBytes, byte[] ivBytes)
+    protected void retreatCounter()
     {
-        if ((keyBytes.length != 16) && (keyBytes.length != 32))
+        if (engineState[12] == 0 && engineState[13] == 0)
         {
-            throw new IllegalArgumentException(getAlgorithmName() + " requires 128 bit or 256 bit key");
+            throw new IllegalStateException("attempt to reduce counter past zero.");
         }
 
-        int offset = 0;
-        byte[] constants;
+        if (--engineState[12] == -1)
+        {
+            --engineState[13];
+        }
+    }
 
-        // Key
-        engineState[4] = Pack.littleEndianToInt(keyBytes, 0);
-        engineState[5] = Pack.littleEndianToInt(keyBytes, 4);
-        engineState[6] = Pack.littleEndianToInt(keyBytes, 8);
-        engineState[7] = Pack.littleEndianToInt(keyBytes, 12);
+    protected long getCounter()
+    {
+        return ((long)engineState[13] << 32) | (engineState[12] & 0xffffffffL);
+    }
 
-        if (keyBytes.length == 32)
-        {
-            constants = sigma;
-            offset = 16;
-        } else
+    protected void resetCounter()
+    {
+        engineState[12] = engineState[13] = 0;
+    }
+
+    protected void setKey(byte[] keyBytes, byte[] ivBytes)
+    {
+        if (keyBytes != null)
         {
-            constants = tau;
-        }
+            if ((keyBytes.length != 16) && (keyBytes.length != 32))
+            {
+                throw new IllegalArgumentException(getAlgorithmName() + " requires 128 bit or 256 bit key");
+            }
 
-        engineState[8] = Pack.littleEndianToInt(keyBytes, offset);
-        engineState[9] = Pack.littleEndianToInt(keyBytes, offset + 4);
-        engineState[10] = Pack.littleEndianToInt(keyBytes, offset + 8);
-        engineState[11] = Pack.littleEndianToInt(keyBytes, offset + 12);
+            // Key
+            engineState[4] = Pack.littleEndianToInt(keyBytes, 0);
+            engineState[5] = Pack.littleEndianToInt(keyBytes, 4);
+            engineState[6] = Pack.littleEndianToInt(keyBytes, 8);
+            engineState[7] = Pack.littleEndianToInt(keyBytes, 12);
 
-        engineState[0] = Pack.littleEndianToInt(constants, 0);
-        engineState[1] = Pack.littleEndianToInt(constants, 4);
-        engineState[2] = Pack.littleEndianToInt(constants, 8);
-        engineState[3] = Pack.littleEndianToInt(constants, 12);
+            byte[] constants;
+            int offset;
+            if (keyBytes.length == 32)
+            {
+                constants = sigma;
+                offset = 16;
+            }
+            else
+            {
+                constants = tau;
+                offset = 0;
+            }
 
-        // Counter
-        engineState[12] = engineState[13] = 0;
+            engineState[8] = Pack.littleEndianToInt(keyBytes, offset);
+            engineState[9] = Pack.littleEndianToInt(keyBytes, offset + 4);
+            engineState[10] = Pack.littleEndianToInt(keyBytes, offset + 8);
+            engineState[11] = Pack.littleEndianToInt(keyBytes, offset + 12);
+
+            engineState[0] = Pack.littleEndianToInt(constants, 0);
+            engineState[1] = Pack.littleEndianToInt(constants, 4);
+            engineState[2] = Pack.littleEndianToInt(constants, 8);
+            engineState[3] = Pack.littleEndianToInt(constants, 12);
+        }
 
         // IV
         engineState[14] = Pack.littleEndianToInt(ivBytes, 0);
@@ -96,18 +169,19 @@ public class ChaChaEngine extends Salsa20Engine
      * ChacCha function
      *
      * @param   input   input data
-     *
-     * @return  keystream
      */    
     public static void chachaCore(int rounds, int[] input, int[] x)
     {
-        if (input.length != 16) {
+        if (input.length != 16)
+        {
             throw new IllegalArgumentException();
         }
-        if (x.length != 16) {
+        if (x.length != 16)
+        {
             throw new IllegalArgumentException();
         }
-        if (rounds % 2 != 0) {
+        if (rounds % 2 != 0)
+        {
             throw new IllegalArgumentException("Number of rounds must be even");
         }
 
@@ -182,5 +256,4 @@ public class ChaChaEngine extends Salsa20Engine
         x[14] = x14 + input[14];
         x[15] = x15 + input[15];
     }
-
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/CramerShoupCiphertext.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/CramerShoupCiphertext.java
new file mode 100644
index 0000000..5c4e608
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/CramerShoupCiphertext.java
@@ -0,0 +1,147 @@
+package org.bouncycastle.crypto.engines;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
+
+/**
+ * Class, holding Cramer Shoup ciphertexts (u1, u2, e, v)
+ */
+public class CramerShoupCiphertext
+{
+    BigInteger u1, u2, e, v;
+
+    public CramerShoupCiphertext()
+    {
+    }
+
+    public CramerShoupCiphertext(BigInteger u1, BigInteger u2, BigInteger e, BigInteger v)
+    {
+        this.u1 = u1;
+        this.u2 = u2;
+        this.e = e;
+        this.v = v;
+    }
+
+    public CramerShoupCiphertext(byte[] c)
+    {
+        int off = 0, s;
+        byte[] tmp;
+
+        s = Pack.bigEndianToInt(c, off);
+        off += 4;
+        tmp = Arrays.copyOfRange(c, off, off + s);
+        off += s;
+        u1 = new BigInteger(tmp);
+
+        s = Pack.bigEndianToInt(c, off);
+        off += 4;
+        tmp = Arrays.copyOfRange(c, off, off + s);
+        off += s;
+        u2 = new BigInteger(tmp);
+
+        s = Pack.bigEndianToInt(c, off);
+        off += 4;
+        tmp = Arrays.copyOfRange(c, off, off + s);
+        off += s;
+        e = new BigInteger(tmp);
+
+        s = Pack.bigEndianToInt(c, off);
+        off += 4;
+        tmp = Arrays.copyOfRange(c, off, off + s);
+        off += s;
+        v = new BigInteger(tmp);
+    }
+
+    public BigInteger getU1()
+    {
+        return u1;
+    }
+
+    public void setU1(BigInteger u1)
+    {
+        this.u1 = u1;
+    }
+
+    public BigInteger getU2()
+    {
+        return u2;
+    }
+
+    public void setU2(BigInteger u2)
+    {
+        this.u2 = u2;
+    }
+
+    public BigInteger getE()
+    {
+        return e;
+    }
+
+    public void setE(BigInteger e)
+    {
+        this.e = e;
+    }
+
+    public BigInteger getV()
+    {
+        return v;
+    }
+
+    public void setV(BigInteger v)
+    {
+        this.v = v;
+    }
+
+    public String toString()
+    {
+        StringBuffer result = new StringBuffer();
+
+        result.append("u1: " + u1.toString());
+        result.append("\nu2: " + u2.toString());
+        result.append("\ne: " + e.toString());
+        result.append("\nv: " + v.toString());
+
+        return result.toString();
+    }
+
+    /**
+     * convert the cipher-text in a byte array,
+     * prepending them with 4 Bytes for their length
+     *
+     * @return
+     */
+    public byte[] toByteArray()
+    {
+        byte[] u1Bytes = u1.toByteArray();
+        int u1Length = u1Bytes.length;
+        byte[] u2Bytes = u2.toByteArray();
+        int u2Length = u2Bytes.length;
+        byte[] eBytes = e.toByteArray();
+        int eLength = eBytes.length;
+        byte[] vBytes = v.toByteArray();
+        int vLength = vBytes.length;
+
+        int off = 0;
+        byte[] result = new byte[u1Length + u2Length + eLength + vLength + 4 * 4];
+        Pack.intToBigEndian(u1Length, result, off);
+        off += 4;
+        System.arraycopy(u1Bytes, 0, result, off, u1Length);
+        off += u1Length;
+        Pack.intToBigEndian(u2Length, result, off);
+        off += 4;
+        System.arraycopy(u2Bytes, 0, result, off, u2Length);
+        off += u2Length;
+        Pack.intToBigEndian(eLength, result, off);
+        off += 4;
+        System.arraycopy(eBytes, 0, result, off, eLength);
+        off += eLength;
+        Pack.intToBigEndian(vLength, result, off);
+        off += 4;
+        System.arraycopy(vBytes, 0, result, off, vLength);
+        off += vLength;
+
+        return result;
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/CramerShoupCoreEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/CramerShoupCoreEngine.java
new file mode 100644
index 0000000..5102f15
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/CramerShoupCoreEngine.java
@@ -0,0 +1,309 @@
+package org.bouncycastle.crypto.engines;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.params.CramerShoupKeyParameters;
+import org.bouncycastle.crypto.params.CramerShoupPrivateKeyParameters;
+import org.bouncycastle.crypto.params.CramerShoupPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.util.BigIntegers;
+
+/**
+ * Essentially the Cramer-Shoup encryption / decryption algorithms according to
+ * "A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack." (Crypto 1998)
+ */
+public class CramerShoupCoreEngine
+{
+
+    private static final BigInteger ONE = BigInteger.valueOf(1);
+
+    private CramerShoupKeyParameters key;
+    private SecureRandom random;
+    private boolean forEncryption;
+    private String label = null;
+
+    /**
+     * initialise the CramerShoup engine.
+     *
+     * @param forEncryption whether this engine should encrypt or decrypt
+     * @param param         the necessary CramerShoup key parameters.
+     * @param label         the label for labelled CS as {@link String}
+     */
+    public void init(boolean forEncryption, CipherParameters param, String label)
+    {
+        init(forEncryption, param);
+
+        this.label = label;
+    }
+
+    /**
+     * initialise the CramerShoup engine.
+     *
+     * @param forEncryption whether this engine should encrypt or decrypt
+     * @param param         the necessary CramerShoup key parameters.
+     */
+    public void init(boolean forEncryption, CipherParameters param)
+    {
+        SecureRandom providedRandom = null;
+
+        if (param instanceof ParametersWithRandom)
+        {
+            ParametersWithRandom rParam = (ParametersWithRandom)param;
+
+            key = (CramerShoupKeyParameters)rParam.getParameters();
+            providedRandom = rParam.getRandom();
+        }
+        else
+        {
+            key = (CramerShoupKeyParameters)param;
+        }
+
+        this.random = initSecureRandom(forEncryption, providedRandom);
+        this.forEncryption = forEncryption;
+    }
+
+    /**
+     * Return the maximum size for an input block to this engine. For Cramer
+     * Shoup this is always one byte less than the key size on encryption, and
+     * the same length as the key size on decryption.
+     * TODO: correct?
+     * @return maximum size for an input block.
+     */
+    public int getInputBlockSize()
+    {
+        int bitSize = key.getParameters().getP().bitLength();
+
+        if (forEncryption)
+        {
+            return (bitSize + 7) / 8 - 1;
+        }
+        else
+        {
+            return (bitSize + 7) / 8;
+        }
+    }
+
+    /**
+     * Return the maximum size for an output block to this engine. For Cramer
+     * Shoup this is always one byte less than the key size on decryption, and
+     * the same length as the key size on encryption.
+     * TODO: correct?
+     * @return maximum size for an output block.
+     */
+    public int getOutputBlockSize()
+    {
+        int bitSize = key.getParameters().getP().bitLength();
+
+        if (forEncryption)
+        {
+            return (bitSize + 7) / 8;
+        }
+        else
+        {
+            return (bitSize + 7) / 8 - 1;
+        }
+    }
+
+    public BigInteger convertInput(byte[] in, int inOff, int inLen)
+    {
+        if (inLen > (getInputBlockSize() + 1))
+        {
+            throw new DataLengthException("input too large for Cramer Shoup cipher.");
+        }
+        else if (inLen == (getInputBlockSize() + 1) && forEncryption)
+        {
+            throw new DataLengthException("input too large for Cramer Shoup cipher.");
+        }
+
+        byte[] block;
+
+        if (inOff != 0 || inLen != in.length)
+        {
+            block = new byte[inLen];
+
+            System.arraycopy(in, inOff, block, 0, inLen);
+        }
+        else
+        {
+            block = in;
+        }
+
+        BigInteger res = new BigInteger(1, block);
+        if (res.compareTo(key.getParameters().getP()) >= 0)
+        {
+            throw new DataLengthException("input too large for Cramer Shoup cipher.");
+        }
+
+        return res;
+    }
+
+    public byte[] convertOutput(BigInteger result)
+    {
+        byte[] output = result.toByteArray();
+
+        if (!forEncryption)
+        {
+            if (output[0] == 0 && output.length > getOutputBlockSize())
+            { // have ended up with an extra zero byte, copy down.
+                byte[] tmp = new byte[output.length - 1];
+
+                System.arraycopy(output, 1, tmp, 0, tmp.length);
+
+                return tmp;
+            }
+
+            if (output.length < getOutputBlockSize())
+            {// have ended up with less bytes than normal, lengthen
+                byte[] tmp = new byte[getOutputBlockSize()];
+
+                System.arraycopy(output, 0, tmp, tmp.length - output.length, output.length);
+
+                return tmp;
+            }
+        }
+        else
+        {
+            if (output[0] == 0)
+            { // have ended up with an extra zero byte, copy down.
+                byte[] tmp = new byte[output.length - 1];
+
+                System.arraycopy(output, 1, tmp, 0, tmp.length);
+
+                return tmp;
+            }
+        }
+
+        return output;
+    }
+
+    public CramerShoupCiphertext encryptBlock(BigInteger input)
+    {
+
+        CramerShoupCiphertext result = null;
+
+        if (!key.isPrivate() && this.forEncryption && key instanceof CramerShoupPublicKeyParameters)
+        {
+            CramerShoupPublicKeyParameters pk = (CramerShoupPublicKeyParameters)key;
+            BigInteger p = pk.getParameters().getP();
+            BigInteger g1 = pk.getParameters().getG1();
+            BigInteger g2 = pk.getParameters().getG2();
+
+            BigInteger h = pk.getH();
+
+            if (!isValidMessage(input, p))
+            {
+                return result;
+            }
+
+            BigInteger r = generateRandomElement(p, random);
+
+            BigInteger u1, u2, v, e, a;
+
+            u1 = g1.modPow(r, p);
+            u2 = g2.modPow(r, p);
+            e = h.modPow(r, p).multiply(input).mod(p);
+
+            Digest digest = pk.getParameters().getH();
+            byte[] u1Bytes = u1.toByteArray();
+            digest.update(u1Bytes, 0, u1Bytes.length);
+            byte[] u2Bytes = u2.toByteArray();
+            digest.update(u2Bytes, 0, u2Bytes.length);
+            byte[] eBytes = e.toByteArray();
+            digest.update(eBytes, 0, eBytes.length);
+            if (this.label != null)
+            {
+                byte[] lBytes = this.label.getBytes();
+                digest.update(lBytes, 0, lBytes.length);
+            }
+            byte[] out = new byte[digest.getDigestSize()];
+            digest.doFinal(out, 0);
+            a = new BigInteger(1, out);
+
+            v = pk.getC().modPow(r, p).multiply(pk.getD().modPow(r.multiply(a), p)).mod(p);
+
+            result = new CramerShoupCiphertext(u1, u2, e, v);
+        }
+        return result;
+    }
+
+    public BigInteger decryptBlock(CramerShoupCiphertext input)
+        throws CramerShoupCiphertextException
+    {
+
+        BigInteger result = null;
+
+        if (key.isPrivate() && !this.forEncryption && key instanceof CramerShoupPrivateKeyParameters)
+        {
+            CramerShoupPrivateKeyParameters sk = (CramerShoupPrivateKeyParameters)key;
+
+            BigInteger p = sk.getParameters().getP();
+
+            Digest digest = sk.getParameters().getH();
+            byte[] u1Bytes = input.getU1().toByteArray();
+            digest.update(u1Bytes, 0, u1Bytes.length);
+            byte[] u2Bytes = input.getU2().toByteArray();
+            digest.update(u2Bytes, 0, u2Bytes.length);
+            byte[] eBytes = input.getE().toByteArray();
+            digest.update(eBytes, 0, eBytes.length);
+            if (this.label != null)
+            {
+                byte[] lBytes = this.label.getBytes();
+                digest.update(lBytes, 0, lBytes.length);
+            }
+            byte[] out = new byte[digest.getDigestSize()];
+            digest.doFinal(out, 0);
+
+            BigInteger a = new BigInteger(1, out);
+            BigInteger v = input.u1.modPow(sk.getX1().add(sk.getY1().multiply(a)), p).
+                multiply(input.u2.modPow(sk.getX2().add(sk.getY2().multiply(a)), p)).mod(p);
+
+            // check correctness of ciphertext
+            if (input.v.equals(v))
+            {
+                result = input.e.multiply(input.u1.modPow(sk.getZ(), p).modInverse(p)).mod(p);
+            }
+            else
+            {
+                throw new CramerShoupCiphertextException("Sorry, that ciphertext is not correct");
+            }
+        }
+        return result;
+    }
+
+    private BigInteger generateRandomElement(BigInteger p, SecureRandom random)
+    {
+        return BigIntegers.createRandomInRange(ONE, p.subtract(ONE), random);
+    }
+
+    /**
+     * just checking whether the message m is actually less than the group order p
+     */
+    private boolean isValidMessage(BigInteger m, BigInteger p)
+    {
+        return m.compareTo(p) < 0;
+    }
+
+    protected SecureRandom initSecureRandom(boolean needed, SecureRandom provided)
+    {
+        return !needed ? null : (provided != null) ? provided : new SecureRandom();
+    }
+
+    /**
+     * CS exception for wrong cipher-texts
+     */
+    public static class CramerShoupCiphertextException
+        extends Exception
+    {
+        private static final long serialVersionUID = -6360977166495345076L;
+
+        public CramerShoupCiphertextException(String msg)
+        {
+            super(msg);
+        }
+
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java
index 9b1e404..6980fd0 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java
@@ -301,7 +301,7 @@ public class DESEngine
      * generate an integer based working key based on our secret key
      * and what we processing we are planning to do.
      *
-     * Acknowledgements for this routine go to James Gillogly & Phil Karn.
+     * Acknowledgements for this routine go to James Gillogly &amp; Phil Karn.
      *         (whoever, and wherever they are!).
      */
     protected int[] generateWorkingKey(
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
index a3c72cc..923a79c 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
@@ -58,8 +58,8 @@ public class DESedeWrapEngine
    /**
     * Method init
     *
-    * @param forWrapping
-    * @param param
+    * @param forWrapping true if for wrapping, false otherwise.
+    * @param param necessary parameters, may include KeyParameter, ParametersWithRandom, and ParametersWithIV
     */
     public void init(boolean forWrapping, CipherParameters param)
     {
@@ -128,9 +128,9 @@ public class DESedeWrapEngine
    /**
     * Method wrap
     *
-    * @param in
-    * @param inOff
-    * @param inLen
+    * @param in byte array containing the encoded key.
+    * @param inOff off set into in that the data starts at.
+    * @param inLen  length of the data.
     * @return the wrapped bytes.
     */
    public byte[] wrap(byte[] in, int inOff, int inLen) 
@@ -199,9 +199,9 @@ public class DESedeWrapEngine
    /**
     * Method unwrap
     *
-    * @param in
-    * @param inOff
-    * @param inLen
+    * @param in byte array containing the wrapped key.
+    * @param inOff off set into in that the data starts at.
+    * @param inLen  length of the data.
     * @return the unwrapped bytes.
     * @throws InvalidCipherTextException
     */
@@ -305,10 +305,11 @@ public class DESedeWrapEngine
      * - Compute the 20 octet SHA-1 hash on the key being wrapped.
      * - Use the first 8 octets of this hash as the checksum value.
      *
-     * @param key
+     * For details see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum.
+     *
+     * @param key the key to check,
      * @return the CMS checksum.
      * @throws RuntimeException
-     * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
      */
     private byte[] calculateCMSKeyChecksum(
         byte[] key)
@@ -324,10 +325,11 @@ public class DESedeWrapEngine
     }
 
     /**
-     * @param key
-     * @param checksum
+     * For details see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
+     *
+     * @param key key to be validated.
+     * @param checksum the checksum.
      * @return true if okay, false otherwise.
-     * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
      */
     private boolean checkCMSKeyChecksum(
         byte[] key,
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/ElGamalEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/ElGamalEngine.java
index 4bf8e75..ef8e799 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/ElGamalEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/ElGamalEngine.java
@@ -1,5 +1,8 @@
 package org.bouncycastle.crypto.engines;
 
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
@@ -9,9 +12,6 @@ import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.util.BigIntegers;
 
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
 /**
  * this does your basic ElGamal algorithm.
  */
@@ -170,7 +170,7 @@ public class ElGamalEngine
 
             BigInteger input = new BigInteger(1, block);
 
-            if (input.bitLength() >= p.bitLength())
+            if (input.compareTo(p) >= 0)
             {
                 throw new DataLengthException("input too large for ElGamal cipher.\n");
             }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/Grain128Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/Grain128Engine.java
index 89271f0..f5ecb75 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/Grain128Engine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/Grain128Engine.java
@@ -232,7 +232,7 @@ public class Grain128Engine
         }
     }
 
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
+    public int processBytes(byte[] in, int inOff, int len, byte[] out,
                              int outOff)
         throws DataLengthException
     {
@@ -256,6 +256,8 @@ public class Grain128Engine
         {
             out[outOff + i] = (byte)(in[inOff + i] ^ getKeyStream());
         }
+
+        return len;
     }
 
     public void reset()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/Grainv1Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/Grainv1Engine.java
index 782a93c..77f52d1 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/Grainv1Engine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/Grainv1Engine.java
@@ -220,7 +220,7 @@ public class Grainv1Engine
         }
     }
 
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
+    public int processBytes(byte[] in, int inOff, int len, byte[] out,
                              int outOff)
         throws DataLengthException
     {
@@ -244,6 +244,8 @@ public class Grainv1Engine
         {
             out[outOff + i] = (byte)(in[inOff + i] ^ getKeyStream());
         }
+
+        return len;
     }
 
     public void reset()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java
index 015e49e..7d18d62 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java
@@ -220,7 +220,7 @@ public class HC128Engine
         return ret;
     }
 
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
+    public int processBytes(byte[] in, int inOff, int len, byte[] out,
                              int outOff) throws DataLengthException
     {
         if (!initialised)
@@ -243,6 +243,8 @@ public class HC128Engine
         {
             out[outOff + i] = (byte)(in[inOff + i] ^ getByte());
         }
+
+        return len;
     }
 
     public void reset()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java
index 8bd7e9d..a74164a 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java
@@ -200,7 +200,7 @@ public class HC256Engine
         return ret;
     }
 
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
+    public int processBytes(byte[] in, int inOff, int len, byte[] out,
                              int outOff) throws DataLengthException
     {
         if (!initialised)
@@ -223,6 +223,8 @@ public class HC256Engine
         {
             out[outOff + i] = (byte)(in[inOff + i] ^ getByte());
         }
+
+        return len;
     }
 
     public void reset()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/IDEAEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/IDEAEngine.java
index fdf3f6d..08cf738 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/IDEAEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/IDEAEngine.java
@@ -10,22 +10,12 @@ import org.bouncycastle.crypto.params.KeyParameter;
  * A class that provides a basic International Data Encryption Algorithm (IDEA) engine.
  * <p>
  * This implementation is based on the "HOWTO: INTERNATIONAL DATA ENCRYPTION ALGORITHM"
- * implementation summary by Fauzan Mirza (F.U.Mirza@sheffield.ac.uk). (baring 1 typo at the
+ * implementation summary by Fauzan Mirza (F.U.Mirza@sheffield.ac.uk). (barring 1 typo at the
  * end of the mulinv function!).
  * <p>
  * It can be found at ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/idea/
  * <p>
- * Note 1: This algorithm is patented in the USA, Japan, and Europe including
- * at least Austria, France, Germany, Italy, Netherlands, Spain, Sweden, Switzerland
- * and the United Kingdom. Non-commercial use is free, however any commercial
- * products are liable for royalties. Please see
- * <a href="http://www.mediacrypt.com">www.mediacrypt.com</a> for
- * further details. This announcement has been included at the request of
- * the patent holders.
- * <p>
- * Note 2: Due to the requests concerning the above, this algorithm is now only
- * included in the extended Bouncy Castle provider and JCE signed jars. It is
- * not included in the default distributions.
+ * Note: This algorithm was patented in the USA, Japan and Europe. These patents expired in 2011/2012. 
  */
 public class IDEAEngine
     implements BlockCipher
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java
index ea8556d..d2dee1c 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java
@@ -18,9 +18,10 @@ import org.bouncycastle.crypto.params.IESParameters;
 import org.bouncycastle.crypto.params.IESWithCipherParameters;
 import org.bouncycastle.crypto.params.KDFParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.Pack;
 
 /**
  * Support class for constructing integrated encryption ciphers
@@ -42,7 +43,7 @@ public class IESEngine
     byte[] V;
     private EphemeralKeyPairGenerator keyPairGenerator;
     private KeyParser keyParser;
-
+    private byte[] IV;
 
     /**
      * set up for use with stream mode, where the key derivation function
@@ -87,57 +88,72 @@ public class IESEngine
         this.cipher = cipher;
     }
 
-
     /**
      * Initialise the encryptor.
      *
      * @param forEncryption whether or not this is encryption/decryption.
      * @param privParam     our private key parameters
      * @param pubParam      the recipient's/sender's public key parameters
-     * @param param         encoding and derivation parameters.
+     * @param params        encoding and derivation parameters, may be wrapped to include an IV for an underlying block cipher.
      */
     public void init(
         boolean forEncryption,
         CipherParameters privParam,
         CipherParameters pubParam,
-        CipherParameters param)
+        CipherParameters params)
     {
         this.forEncryption = forEncryption;
         this.privParam = privParam;
         this.pubParam = pubParam;
-        this.param = (IESParameters)param;
         this.V = new byte[0];
-    }
 
+        extractParams(params);
+    }
 
     /**
-     * Initialise the encryptor.
+     * Initialise the decryptor.
      *
      * @param publicKey      the recipient's/sender's public key parameters
-     * @param params         encoding and derivation parameters.
+     * @param params         encoding and derivation parameters, may be wrapped to include an IV for an underlying block cipher.
      * @param ephemeralKeyPairGenerator             the ephemeral key pair generator to use.
      */
     public void init(AsymmetricKeyParameter publicKey, CipherParameters params, EphemeralKeyPairGenerator ephemeralKeyPairGenerator)
     {
         this.forEncryption = true;
         this.pubParam = publicKey;
-        this.param = (IESParameters)params;
         this.keyPairGenerator = ephemeralKeyPairGenerator;
+
+        extractParams(params);
     }
 
     /**
      * Initialise the encryptor.
      *
      * @param privateKey      the recipient's private key.
-     * @param params          encoding and derivation parameters.
+     * @param params          encoding and derivation parameters, may be wrapped to include an IV for an underlying block cipher.
      * @param publicKeyParser the parser for reading the ephemeral public key.
      */
     public void init(AsymmetricKeyParameter privateKey, CipherParameters params, KeyParser publicKeyParser)
     {
         this.forEncryption = false;
         this.privParam = privateKey;
-        this.param = (IESParameters)params;
         this.keyParser = publicKeyParser;
+
+        extractParams(params);
+    }
+
+    private void extractParams(CipherParameters params)
+    {
+        if (params instanceof ParametersWithIV)
+        {
+            this.IV = ((ParametersWithIV)params).getIV();
+            this.param = (IESParameters)((ParametersWithIV)params).getParameters();
+        }
+        else
+        {
+            this.IV = null;
+            this.param = (IESParameters)params;
+        }
     }
 
     public BufferedBlockCipher getCipher()
@@ -198,7 +214,16 @@ public class IESEngine
             System.arraycopy(K, 0, K1, 0, K1.length);
             System.arraycopy(K, K1.length, K2, 0, K2.length);
 
-            cipher.init(true, new KeyParameter(K1));
+            // If iv provided use it to initialise the cipher
+            if (IV != null)
+            {
+                cipher.init(true, new ParametersWithIV(new KeyParameter(K1), IV));
+            }
+            else
+            {
+                cipher.init(true, new KeyParameter(K1));    
+            }
+            
             C = new byte[cipher.getOutputSize(inLen)];
             len = cipher.processBytes(in, inOff, inLen, C, 0);
             len += cipher.doFinal(C, len);
@@ -247,6 +272,12 @@ public class IESEngine
         byte[] M = null, K = null, K1 = null, K2 = null;
         int len;
 
+        // Ensure that the length of the input is greater than the MAC in bytes
+        if (inLen <= (param.getMacKeySize() / 8))
+        {
+            throw new InvalidCipherTextException("Length of input must be greater than the MAC");
+        }
+
         if (cipher == null)
         {
             // Streaming mode.
@@ -287,7 +318,15 @@ public class IESEngine
             System.arraycopy(K, 0, K1, 0, K1.length);
             System.arraycopy(K, K1.length, K2, 0, K2.length);
 
-            cipher.init(false, new KeyParameter(K1));
+            // If IV provide use it to initialize the cipher
+            if (IV != null)
+            {
+                cipher.init(false, new ParametersWithIV(new KeyParameter(K1), IV));
+            }
+            else
+            {
+                cipher.init(false, new KeyParameter(K1));    
+            }
 
             M = new byte[cipher.getOutputSize(inLen - V.length - mac.getMacSize())];
             len = cipher.processBytes(in_enc, inOff + V.length, inLen - V.length - mac.getMacSize(), M, 0);
@@ -327,7 +366,6 @@ public class IESEngine
             throw new InvalidCipherTextException("Invalid MAC.");
         }
 
-
         // Output the message.
         return Arrays.copyOfRange(M, 0, len);
     }
@@ -375,24 +413,26 @@ public class IESEngine
         byte[] Z = BigIntegers.asUnsignedByteArray(agree.getFieldSize(), z);
 
         // Create input to KDF.  
-        byte[] VZ;
         if (V.length != 0)
         {
-            VZ = new byte[V.length + Z.length];
-            System.arraycopy(V, 0, VZ, 0, V.length);
-            System.arraycopy(Z, 0, VZ, V.length, Z.length);
-        }
-        else
-        {
-            VZ = Z;
+            byte[] VZ = Arrays.concatenate(V, Z);
+            Arrays.fill(Z, (byte)0);
+            Z = VZ;
         }
 
-        // Initialise the KDF.
-        KDFParameters kdfParam = new KDFParameters(VZ, param.getDerivationV());
-        kdf.init(kdfParam);
+        try
+        {
+            // Initialise the KDF.
+            KDFParameters kdfParam = new KDFParameters(Z, param.getDerivationV());
+            kdf.init(kdfParam);
 
-        return forEncryption
-            ? encryptBlock(in, inOff, inLen)
-            : decryptBlock(in, inOff, inLen);
+            return forEncryption
+                ? encryptBlock(in, inOff, inLen)
+                : decryptBlock(in, inOff, inLen);
+        }
+        finally
+        {
+            Arrays.fill(Z, (byte)0);
+        }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java
index d6e1ae1..d2dd265 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java
@@ -5,7 +5,7 @@ import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.StreamCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Pack;
 
 /**
  * Implementation of Bob Jenkin's ISAAC (Indirection Shift Accumulate Add and Count).
@@ -69,7 +69,7 @@ public class ISAACEngine
         return out;
     }
     
-    public void processBytes(
+    public int processBytes(
         byte[]  in, 
         int     inOff, 
         int     len, 
@@ -101,6 +101,8 @@ public class ISAACEngine
             out[i+outOff] = (byte)(keyStream[index]^in[i+inOff]);
             index = (index + 1) & 1023;
         }
+
+        return len;
     }
     
     public String getAlgorithmName()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java
index 185387d..ec82b1a 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java
@@ -350,10 +350,11 @@ public class RC2WrapEngine
      * - Compute the 20 octet SHA-1 hash on the key being wrapped.
      * - Use the first 8 octets of this hash as the checksum value.
      *
+     * For details see  http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
      * @param key
      * @return
      * @throws RuntimeException
-     * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
+     *
      */
     private byte[] calculateCMSKeyChecksum(
         byte[] key)
@@ -369,10 +370,11 @@ public class RC2WrapEngine
     }
 
     /**
+     * For details see  http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
+     *
      * @param key
      * @param checksum
      * @return
-     * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
      */
     private boolean checkCMSKeyChecksum(
         byte[] key,
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java
index 4de7ea6..c1ceaa4 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java
@@ -68,7 +68,7 @@ public class RC4Engine implements StreamCipher
         return (byte)(in ^ engineState[(engineState[x] + engineState[y]) & 0xff]);
     }
 
-    public void processBytes(
+    public int processBytes(
         byte[]     in, 
         int     inOff, 
         int     len, 
@@ -99,6 +99,8 @@ public class RC4Engine implements StreamCipher
             out[i+outOff] = (byte)(in[i + inOff]
                     ^ engineState[(engineState[x] + engineState[y]) & 0xff]);
         }
+
+        return len;
     }
 
     public void reset()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java
index cfd86fb..d2886e7 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java
@@ -21,6 +21,7 @@ public class RFC3394WrapEngine
     implements Wrapper
 {
     private BlockCipher     engine;
+    private boolean         wrapCipherMode;
     private KeyParameter    param;
     private boolean         forWrapping;
 
@@ -28,9 +29,26 @@ public class RFC3394WrapEngine
                               (byte)0xa6, (byte)0xa6, (byte)0xa6, (byte)0xa6,
                               (byte)0xa6, (byte)0xa6, (byte)0xa6, (byte)0xa6 };
 
+    /**
+     * Create a RFC 3394 WrapEngine specifying the encrypt for wrapping, decrypt for unwrapping.
+     *
+     * @param engine the block cipher to be used for wrapping.
+     */
     public RFC3394WrapEngine(BlockCipher engine)
     {
+        this(engine, false);
+    }
+
+    /**
+     * Create a RFC 3394 WrapEngine specifying the direction for wrapping and unwrapping..
+     *
+     * @param engine the block cipher to be used for wrapping.
+     * @param useReverseDirection true if engine should be used in decryption mode for wrapping, false otherwise.
+     */
+    public RFC3394WrapEngine(BlockCipher engine, boolean useReverseDirection)
+    {
         this.engine = engine;
+        this.wrapCipherMode = (useReverseDirection) ? false : true;
     }
 
     public void init(
@@ -87,7 +105,7 @@ public class RFC3394WrapEngine
         System.arraycopy(iv, 0, block, 0, iv.length);
         System.arraycopy(in, inOff, block, iv.length, inLen);
 
-        engine.init(true, param);
+        engine.init(wrapCipherMode, param);
 
         for (int j = 0; j != 6; j++)
         {
@@ -140,7 +158,7 @@ public class RFC3394WrapEngine
         System.arraycopy(in, inOff, a, 0, iv.length);
         System.arraycopy(in, inOff + iv.length, block, 0, inLen - iv.length);
 
-        engine.init(false, param);
+        engine.init(!wrapCipherMode, param);
 
         n = n - 1;
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RFC5649WrapEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RFC5649WrapEngine.java
new file mode 100644
index 0000000..4506ac7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RFC5649WrapEngine.java
@@ -0,0 +1,300 @@
+package org.bouncycastle.crypto.engines;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.Wrapper;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
+
+/**
+ * An implementation of the AES Key Wrap with Padding specification
+ * as described in RFC 5649.
+ * <p>
+ * For details on the specification see:
+ * <a href="https://tools.ietf.org/html/rfc5649">https://tools.ietf.org/html/rfc5649</a>
+ * </p>
+ */
+public class RFC5649WrapEngine
+    implements Wrapper
+{
+    private BlockCipher engine;
+    private KeyParameter param;
+    private boolean forWrapping;
+
+    // The AIV as defined in the RFC
+    private byte[] highOrderIV = {(byte)0xa6, (byte)0x59, (byte)0x59, (byte)0xa6};
+    private byte[] preIV = highOrderIV;
+
+    private byte[] extractedAIV = null;
+
+    public RFC5649WrapEngine(BlockCipher engine)
+    {
+        this.engine = engine;
+    }
+
+    public void init(boolean forWrapping, CipherParameters param)
+    {
+        this.forWrapping = forWrapping;
+
+        if (param instanceof ParametersWithRandom)
+        {
+            param = ((ParametersWithRandom)param).getParameters();
+        }
+
+        if (param instanceof KeyParameter)
+        {
+            this.param = (KeyParameter)param;
+        }
+        else if (param instanceof ParametersWithIV)
+        {
+            this.preIV = ((ParametersWithIV)param).getIV();
+            this.param = (KeyParameter)((ParametersWithIV)param).getParameters();
+            if (this.preIV.length != 4)
+            {
+                throw new IllegalArgumentException("IV length not equal to 4");
+            }
+        }
+    }
+
+    public String getAlgorithmName()
+    {
+        return engine.getAlgorithmName();
+    }
+
+    /**
+     * Pads the plaintext (i.e., the key to be wrapped)
+     * as per section 4.1 of RFC 5649.
+     *
+     * @param plaintext The key being wrapped.
+     * @return The padded key.
+     */
+    private byte[] padPlaintext(byte[] plaintext)
+    {
+        int plaintextLength = plaintext.length;
+        int numOfZerosToAppend = (8 - (plaintextLength % 8)) % 8;
+        byte[] paddedPlaintext = new byte[plaintextLength + numOfZerosToAppend];
+        System.arraycopy(plaintext, 0, paddedPlaintext, 0, plaintextLength);
+        if (numOfZerosToAppend != 0)
+        {
+            // plaintext (i.e., key to be wrapped) does not have
+            // a multiple of 8 octet blocks so it must be padded
+            byte[] zeros = new byte[numOfZerosToAppend];
+            System.arraycopy(zeros, 0, paddedPlaintext, plaintextLength, numOfZerosToAppend);
+        }
+        return paddedPlaintext;
+    }
+
+    public byte[] wrap(byte[] in, int inOff, int inLen)
+    {
+        if (!forWrapping)
+        {
+            throw new IllegalStateException("not set for wrapping");
+        }
+        byte[] iv = new byte[8];
+
+        // MLI = size of key to be wrapped
+        byte[] mli = Pack.intToBigEndian(inLen);
+        // copy in the fixed portion of the AIV
+        System.arraycopy(preIV, 0, iv, 0, preIV.length);
+        // copy in the MLI after the AIV
+        System.arraycopy(mli, 0, iv, preIV.length, mli.length);
+
+        // get the relevant plaintext to be wrapped
+        byte[] relevantPlaintext = new byte[inLen];
+        System.arraycopy(in, inOff, relevantPlaintext, 0, inLen);
+        byte[] paddedPlaintext = padPlaintext(relevantPlaintext);
+
+        if (paddedPlaintext.length == 8)
+        {
+            // if the padded plaintext contains exactly 8 octets,
+            // then prepend iv and encrypt using AES in ECB mode.
+
+            // prepend the IV to the plaintext
+            byte[] paddedPlainTextWithIV = new byte[paddedPlaintext.length + iv.length];
+            System.arraycopy(iv, 0, paddedPlainTextWithIV, 0, iv.length);
+            System.arraycopy(paddedPlaintext, 0, paddedPlainTextWithIV, iv.length, paddedPlaintext.length);
+
+            engine.init(true, param);
+            for (int i = 0; i < paddedPlainTextWithIV.length; i += engine.getBlockSize())
+            {
+                engine.processBlock(paddedPlainTextWithIV, i, paddedPlainTextWithIV, i);
+            }
+
+            return paddedPlainTextWithIV;
+        }
+        else
+        {
+            // otherwise, apply the RFC 3394 wrap to
+            // the padded plaintext with the new IV
+            Wrapper wrapper = new RFC3394WrapEngine(engine);
+            ParametersWithIV paramsWithIV = new ParametersWithIV(param, iv);
+            wrapper.init(true, paramsWithIV);
+            return wrapper.wrap(paddedPlaintext, inOff, paddedPlaintext.length);
+        }
+
+    }
+
+    public byte[] unwrap(byte[] in, int inOff, int inLen)
+        throws InvalidCipherTextException
+    {
+        if (forWrapping)
+        {
+            throw new IllegalStateException("not set for unwrapping");
+        }
+
+        int n = inLen / 8;
+
+        if ((n * 8) != inLen)
+        {
+            throw new InvalidCipherTextException("unwrap data must be a multiple of 8 bytes");
+        }
+
+        if (n == 1)
+        {
+            throw new InvalidCipherTextException("unwrap data must be at least 16 bytes");
+        }
+
+        byte[] relevantCiphertext = new byte[inLen];
+        System.arraycopy(in, inOff, relevantCiphertext, 0, inLen);
+        byte[] decrypted = new byte[inLen];
+        byte[] paddedPlaintext;
+
+        if (n == 2)
+        {
+            // When there are exactly two 64-bit blocks of ciphertext,
+            // they are decrypted as a single block using AES in ECB.
+            engine.init(false, param);
+            for (int i = 0; i < relevantCiphertext.length; i += engine.getBlockSize())
+            {
+                engine.processBlock(relevantCiphertext, i, decrypted, i);
+            }
+
+            // extract the AIV
+            extractedAIV = new byte[8];
+            System.arraycopy(decrypted, 0, extractedAIV, 0, extractedAIV.length);
+            paddedPlaintext = new byte[decrypted.length - extractedAIV.length];
+            System.arraycopy(decrypted, extractedAIV.length, paddedPlaintext, 0, paddedPlaintext.length);
+        }
+        else
+        {
+            // Otherwise, unwrap as per RFC 3394 but don't check IV the same way
+            decrypted = rfc3394UnwrapNoIvCheck(in, inOff, inLen);
+            paddedPlaintext = decrypted;
+        }
+
+        // Decompose the extracted AIV to the fixed portion and the MLI
+        byte[] extractedHighOrderAIV = new byte[4];
+        byte[] mliBytes = new byte[4];
+        System.arraycopy(extractedAIV, 0, extractedHighOrderAIV, 0, extractedHighOrderAIV.length);
+        System.arraycopy(extractedAIV, extractedHighOrderAIV.length, mliBytes, 0, mliBytes.length);
+        int mli = Pack.bigEndianToInt(mliBytes, 0);
+
+        // Even if a check fails we still continue and check everything 
+        // else in order to avoid certain timing based side-channel attacks.
+        boolean isValid = true;
+
+        // Check the fixed portion of the AIV
+        if (!Arrays.constantTimeAreEqual(extractedHighOrderAIV, preIV))
+        {
+            isValid = false;
+        }
+
+        // Check the MLI against the actual length
+        int upperBound = paddedPlaintext.length;
+        int lowerBound = upperBound - 8;
+        if (mli <= lowerBound)
+        {
+            isValid = false;
+        }
+        if (mli > upperBound)
+        {
+            isValid = false;
+        }
+
+        // Check the number of padded zeros
+        int expectedZeros = upperBound - mli;
+        if (expectedZeros >= paddedPlaintext.length)
+        {
+            isValid = false;
+            expectedZeros = paddedPlaintext.length;
+        }
+
+        byte[] zeros = new byte[expectedZeros];
+        byte[] pad = new byte[expectedZeros];
+        System.arraycopy(paddedPlaintext, paddedPlaintext.length - expectedZeros, pad, 0, expectedZeros);
+        if (!Arrays.constantTimeAreEqual(pad, zeros))
+        {
+            isValid = false;
+        }
+
+        if (!isValid)
+        {
+            throw new InvalidCipherTextException("checksum failed");
+        }
+
+        // Extract the plaintext from the padded plaintext
+        byte[] plaintext = new byte[mli];
+        System.arraycopy(paddedPlaintext, 0, plaintext, 0, plaintext.length);
+
+        return plaintext;
+    }
+
+    /**
+     * Performs steps 1 and 2 of the unwrap process defined in RFC 3394.
+     * This code is duplicated from RFC3394WrapEngine because that class
+     * will throw an error during unwrap because the IV won't match up.
+     *
+     * @param in
+     * @param inOff
+     * @param inLen
+     * @return Unwrapped data.
+     */
+    private byte[] rfc3394UnwrapNoIvCheck(byte[] in, int inOff, int inLen)
+    {
+        byte[] iv = new byte[8];
+        byte[] block = new byte[inLen - iv.length];
+        byte[] a = new byte[iv.length];
+        byte[] buf = new byte[8 + iv.length];
+
+        System.arraycopy(in, inOff, a, 0, iv.length);
+        System.arraycopy(in, inOff + iv.length, block, 0, inLen - iv.length);
+
+        engine.init(false, param);
+
+        int n = inLen / 8;
+        n = n - 1;
+
+        for (int j = 5; j >= 0; j--)
+        {
+            for (int i = n; i >= 1; i--)
+            {
+                System.arraycopy(a, 0, buf, 0, iv.length);
+                System.arraycopy(block, 8 * (i - 1), buf, iv.length, 8);
+
+                int t = n * j + i;
+                for (int k = 1; t != 0; k++)
+                {
+                    byte v = (byte)t;
+
+                    buf[iv.length - k] ^= v;
+
+                    t >>>= 8;
+                }
+
+                engine.processBlock(buf, 0, buf, 0);
+                System.arraycopy(buf, 0, a, 0, 8);
+                System.arraycopy(buf, 8, block, 8 * (i - 1), 8);
+            }
+        }
+
+        // set the extracted AIV
+        extractedAIV = a;
+
+        return block;
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java
index 2d6140d..13aada9 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java
@@ -4,17 +4,17 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.MaxBytesExceededException;
 import org.bouncycastle.crypto.OutputLengthException;
-import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.SkippingStreamCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Pack;
 import org.bouncycastle.util.Strings;
 
 /**
  * Implementation of Daniel J. Bernstein's Salsa20 stream cipher, Snuffle 2005
  */
 public class Salsa20Engine
-    implements StreamCipher
+    implements SkippingStreamCipher
 {
     public final static int DEFAULT_ROUNDS = 20;
 
@@ -33,7 +33,7 @@ public class Salsa20Engine
      */
     private int         index = 0;
     protected int[]     engineState = new int[STATE_SIZE]; // state
-    protected int[]       x = new int[STATE_SIZE] ; // internal buffer
+    protected int[]     x = new int[STATE_SIZE] ; // internal buffer
     private byte[]      keyStream   = new byte[STATE_SIZE * 4]; // expanded state, 64 bytes
     private boolean     initialised = false;
 
@@ -96,15 +96,27 @@ public class Salsa20Engine
                     + " bytes of IV");
         }
 
-        if (!(ivParams.getParameters() instanceof KeyParameter))
+        CipherParameters keyParam = ivParams.getParameters();
+        if (keyParam == null)
         {
-            throw new IllegalArgumentException(getAlgorithmName() + " Init parameters must include a key");
-        }
+            if (!initialised)
+            {
+                throw new IllegalStateException(getAlgorithmName() + " KeyParameter can not be null for first initialisation");
+            }
 
-        KeyParameter key = (KeyParameter) ivParams.getParameters();
+            setKey(null, iv);
+        }
+        else if (keyParam instanceof KeyParameter)
+        {
+            setKey(((KeyParameter)keyParam).getKey(), iv);
+        }
+        else
+        {
+            throw new IllegalArgumentException(getAlgorithmName() + " Init parameters must contain a KeyParameter (or null for re-init)");
+        }
 
-        setKey(key.getKey(), iv);
         reset();
+
         initialised = true;
     }
 
@@ -130,18 +142,38 @@ public class Salsa20Engine
             throw new MaxBytesExceededException("2^70 byte limit per IV; Change IV");
         }
 
+        byte out = (byte)(keyStream[index]^in);
+        index = (index + 1) & 63;
+
         if (index == 0)
         {
-            generateKeyStream(keyStream);
             advanceCounter();
+            generateKeyStream(keyStream);
         }
 
-        byte out = (byte)(keyStream[index]^in);
-        index = (index + 1) & 63;
-
         return out;
     }
 
+    protected void advanceCounter(long diff)
+    {
+        int hi = (int)(diff >>> 32);
+        int lo = (int)diff;
+
+        if (hi > 0)
+        {
+            engineState[9] += hi;
+        }
+
+        int oldState = engineState[8];
+
+        engineState[8] += lo;
+
+        if (oldState != 0 && engineState[8] < oldState)
+        {
+            engineState[9]++;
+        }
+    }
+
     protected void advanceCounter()
     {
         if (++engineState[8] == 0)
@@ -150,7 +182,55 @@ public class Salsa20Engine
         }
     }
 
-    public void processBytes(
+    protected void retreatCounter(long diff)
+    {
+        int hi = (int)(diff >>> 32);
+        int lo = (int)diff;
+
+        if (hi != 0)
+        {
+            if ((engineState[9] & 0xffffffffL) >= (hi & 0xffffffffL))
+            {
+                engineState[9] -= hi;
+            }
+            else
+            {
+                throw new IllegalStateException("attempt to reduce counter past zero.");
+            }
+        }
+
+        if ((engineState[8] & 0xffffffffL) >= (lo & 0xffffffffL))
+        {
+            engineState[8] -= lo;
+        }
+        else
+        {
+            if (engineState[9] != 0)
+            {
+                --engineState[9];
+                engineState[8] -= lo;
+            }
+            else
+            {
+                throw new IllegalStateException("attempt to reduce counter past zero.");
+            }
+        }
+    }
+
+    protected void retreatCounter()
+    {
+        if (engineState[8] == 0 && engineState[9] == 0)
+        {
+            throw new IllegalStateException("attempt to reduce counter past zero.");
+        }
+
+        if (--engineState[8] == -1)
+        {
+            --engineState[9];
+        }
+    }
+
+    public int processBytes(
         byte[]     in, 
         int     inOff, 
         int     len, 
@@ -179,15 +259,82 @@ public class Salsa20Engine
 
         for (int i = 0; i < len; i++)
         {
+            out[i + outOff] = (byte)(keyStream[index] ^ in[i + inOff]);
+            index = (index + 1) & 63;
+
             if (index == 0)
             {
+                advanceCounter();
                 generateKeyStream(keyStream);
+            }
+        }
+
+        return len;
+    }
+
+    public long skip(long numberOfBytes)
+    {
+        if (numberOfBytes >= 0)
+        {
+            long remaining = numberOfBytes;
+
+            if (remaining >= 64)
+            {
+                long count = remaining / 64;
+
+                advanceCounter(count);
+
+                remaining -= count * 64;
+            }
+
+            int oldIndex = index;
+
+            index = (index + (int)remaining) & 63;
+
+            if (index < oldIndex)
+            {
                 advanceCounter();
             }
+        }
+        else
+        {
+            long remaining = -numberOfBytes;
 
-            out[i+outOff] = (byte)(keyStream[index]^in[i+inOff]);
-            index = (index + 1) & 63;
+            if (remaining >= 64)
+            {
+                long count = remaining / 64;
+
+                retreatCounter(count);
+
+                remaining -= count * 64;
+            }
+
+            for (long i = 0; i < remaining; i++)
+            {
+                if (index == 0)
+                {
+                    retreatCounter();
+                }
+
+                index = (index - 1) & 63;
+            }
         }
+
+        generateKeyStream(keyStream);
+
+        return numberOfBytes;
+    }
+
+    public long seekTo(long position)
+    {
+        reset();
+
+        return skip(position);
+    }
+
+    public long getPosition()
+    {
+        return getCounter() * 64 + index;
     }
 
     public void reset()
@@ -195,6 +342,13 @@ public class Salsa20Engine
         index = 0;
         resetLimitCounter();
         resetCounter();
+
+        generateKeyStream(keyStream);
+    }
+
+    protected long getCounter()
+    {
+        return ((long)engineState[9] << 32) | (engineState[8] & 0xffffffffL);
     }
 
     protected void resetCounter()
@@ -204,43 +358,46 @@ public class Salsa20Engine
 
     protected void setKey(byte[] keyBytes, byte[] ivBytes)
     {
-        if ((keyBytes.length != 16) && (keyBytes.length != 32)) {
-            throw new IllegalArgumentException(getAlgorithmName() + " requires 128 bit or 256 bit key");
-        }
-        
-        int offset = 0;
-        byte[] constants;
-
-        // Key
-        engineState[1] = Pack.littleEndianToInt(keyBytes, 0);
-        engineState[2] = Pack.littleEndianToInt(keyBytes, 4);
-        engineState[3] = Pack.littleEndianToInt(keyBytes, 8);
-        engineState[4] = Pack.littleEndianToInt(keyBytes, 12);
-
-        if (keyBytes.length == 32)
-        {
-            constants = sigma;
-            offset = 16;
-        }
-        else
+        if (keyBytes != null)
         {
-            constants = tau;
-        }
+            if ((keyBytes.length != 16) && (keyBytes.length != 32))
+            {
+                throw new IllegalArgumentException(getAlgorithmName() + " requires 128 bit or 256 bit key");
+            }
 
-        engineState[11] = Pack.littleEndianToInt(keyBytes, offset);
-        engineState[12] = Pack.littleEndianToInt(keyBytes, offset+4);
-        engineState[13] = Pack.littleEndianToInt(keyBytes, offset+8);
-        engineState[14] = Pack.littleEndianToInt(keyBytes, offset+12);
+            // Key
+            engineState[1] = Pack.littleEndianToInt(keyBytes, 0);
+            engineState[2] = Pack.littleEndianToInt(keyBytes, 4);
+            engineState[3] = Pack.littleEndianToInt(keyBytes, 8);
+            engineState[4] = Pack.littleEndianToInt(keyBytes, 12);
 
-        engineState[0 ] = Pack.littleEndianToInt(constants, 0);
-        engineState[5 ] = Pack.littleEndianToInt(constants, 4);
-        engineState[10] = Pack.littleEndianToInt(constants, 8);
-        engineState[15] = Pack.littleEndianToInt(constants, 12);
+            byte[] constants;
+            int offset;
+            if (keyBytes.length == 32)
+            {
+                constants = sigma;
+                offset = 16;
+            }
+            else
+            {
+                constants = tau;
+                offset = 0;
+            }
+
+            engineState[11] = Pack.littleEndianToInt(keyBytes, offset);
+            engineState[12] = Pack.littleEndianToInt(keyBytes, offset + 4);
+            engineState[13] = Pack.littleEndianToInt(keyBytes, offset + 8);
+            engineState[14] = Pack.littleEndianToInt(keyBytes, offset + 12);
+    
+            engineState[0 ] = Pack.littleEndianToInt(constants, 0);
+            engineState[5 ] = Pack.littleEndianToInt(constants, 4);
+            engineState[10] = Pack.littleEndianToInt(constants, 8);
+            engineState[15] = Pack.littleEndianToInt(constants, 12);
+        }
 
         // IV
         engineState[6] = Pack.littleEndianToInt(ivBytes, 0);
         engineState[7] = Pack.littleEndianToInt(ivBytes, 4);
-        resetCounter();
     }
 
     protected void generateKeyStream(byte[] output)
@@ -253,18 +410,19 @@ public class Salsa20Engine
      * Salsa20 function
      *
      * @param   input   input data
-     *
-     * @return  keystream
      */    
     public static void salsaCore(int rounds, int[] input, int[] x)
     {
-        if (input.length != 16) {
+        if (input.length != 16)
+        {
             throw new IllegalArgumentException();
         }
-        if (x.length != 16) {
+        if (x.length != 16)
+        {
             throw new IllegalArgumentException();
         }
-        if (rounds % 2 != 0) {
+        if (rounds % 2 != 0)
+        {
             throw new IllegalArgumentException("Number of rounds must be even");
         }
 
@@ -287,39 +445,39 @@ public class Salsa20Engine
 
         for (int i = rounds; i > 0; i -= 2)
         {
-            x04 ^= rotl((x00+x12), 7);
-            x08 ^= rotl((x04+x00), 9);
-            x12 ^= rotl((x08+x04),13);
-            x00 ^= rotl((x12+x08),18);
-            x09 ^= rotl((x05+x01), 7);
-            x13 ^= rotl((x09+x05), 9);
-            x01 ^= rotl((x13+x09),13);
-            x05 ^= rotl((x01+x13),18);
-            x14 ^= rotl((x10+x06), 7);
-            x02 ^= rotl((x14+x10), 9);
-            x06 ^= rotl((x02+x14),13);
-            x10 ^= rotl((x06+x02),18);
-            x03 ^= rotl((x15+x11), 7);
-            x07 ^= rotl((x03+x15), 9);
-            x11 ^= rotl((x07+x03),13);
-            x15 ^= rotl((x11+x07),18);
-
-            x01 ^= rotl((x00+x03), 7);
-            x02 ^= rotl((x01+x00), 9);
-            x03 ^= rotl((x02+x01),13);
-            x00 ^= rotl((x03+x02),18);
-            x06 ^= rotl((x05+x04), 7);
-            x07 ^= rotl((x06+x05), 9);
-            x04 ^= rotl((x07+x06),13);
-            x05 ^= rotl((x04+x07),18);
-            x11 ^= rotl((x10+x09), 7);
-            x08 ^= rotl((x11+x10), 9);
-            x09 ^= rotl((x08+x11),13);
-            x10 ^= rotl((x09+x08),18);
-            x12 ^= rotl((x15+x14), 7);
-            x13 ^= rotl((x12+x15), 9);
-            x14 ^= rotl((x13+x12),13);
-            x15 ^= rotl((x14+x13),18);
+            x04 ^= rotl(x00 + x12, 7);
+            x08 ^= rotl(x04 + x00, 9);
+            x12 ^= rotl(x08 + x04, 13);
+            x00 ^= rotl(x12 + x08, 18);
+            x09 ^= rotl(x05 + x01, 7);
+            x13 ^= rotl(x09 + x05, 9);
+            x01 ^= rotl(x13 + x09, 13);
+            x05 ^= rotl(x01 + x13, 18);
+            x14 ^= rotl(x10 + x06, 7);
+            x02 ^= rotl(x14 + x10, 9);
+            x06 ^= rotl(x02 + x14, 13);
+            x10 ^= rotl(x06 + x02, 18);
+            x03 ^= rotl(x15 + x11, 7);
+            x07 ^= rotl(x03 + x15, 9);
+            x11 ^= rotl(x07 + x03, 13);
+            x15 ^= rotl(x11 + x07, 18);
+
+            x01 ^= rotl(x00 + x03, 7);
+            x02 ^= rotl(x01 + x00, 9);
+            x03 ^= rotl(x02 + x01, 13);
+            x00 ^= rotl(x03 + x02, 18);
+            x06 ^= rotl(x05 + x04, 7);
+            x07 ^= rotl(x06 + x05, 9);
+            x04 ^= rotl(x07 + x06, 13);
+            x05 ^= rotl(x04 + x07, 18);
+            x11 ^= rotl(x10 + x09, 7);
+            x08 ^= rotl(x11 + x10, 9);
+            x09 ^= rotl(x08 + x11, 13);
+            x10 ^= rotl(x09 + x08, 18);
+            x12 ^= rotl(x15 + x14, 7);
+            x13 ^= rotl(x12 + x15, 9);
+            x14 ^= rotl(x13 + x12, 13);
+            x15 ^= rotl(x14 + x13, 18);
         }
 
         x[ 0] = x00 + input[ 0];
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
index 9da2301..8db5a6f 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
@@ -12,7 +12,7 @@ import org.bouncycastle.crypto.params.KeyParameter;
  * secure as three-key triple-DES.
  * <p>
  * Serpent was designed by Ross Anderson, Eli Biham and Lars Knudsen as a
- * candidate algorithm for the NIST AES Quest.>
+ * candidate algorithm for the NIST AES Quest.
  * <p>
  * For full details see the <a href="http://www.cl.cam.ac.uk/~rja14/serpent.html">The Serpent home page</a>
  */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/Shacal2Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/Shacal2Engine.java
index b59205d..62e0510 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/Shacal2Engine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/Shacal2Engine.java
@@ -5,6 +5,7 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
 
 /**
  * Block cipher Shacal2, designed by Helena Handschuh and David Naccache,
@@ -91,10 +92,10 @@ public class Shacal2Engine
 		}
 	}
 	
-	public void encryptBlock(byte[] in, int inOffset, byte[] out, int outOffset) 
+	private void encryptBlock(byte[] in, int inOffset, byte[] out, int outOffset)
 	{
 		int[] block = new int[BLOCK_SIZE / 4];// corresponds to working variables a,b,c,d,e,f,g,h of FIPS PUB 180-2
-		bytes2ints(in, block, inOffset, 0);
+		byteBlockToInts(in, block, inOffset, 0);
 		
 		for (int i = 0; i < ROUNDS; i++) 
 		{			
@@ -121,10 +122,10 @@ public class Shacal2Engine
 		ints2bytes(block, out, outOffset);
 	}
 	
-	public void decryptBlock(byte[] in, int inOffset, byte[] out, int outOffset) 
-	{		
+	private void decryptBlock(byte[] in, int inOffset, byte[] out, int outOffset)
+	{
 		int[] block = new int[BLOCK_SIZE / 4];
-		bytes2ints(in, block, inOffset, 0);		
+		byteBlockToInts(in, block, inOffset, 0);
 		for (int i = ROUNDS - 1; i >-1; i--) 
 		{
             int tmp = block[0] - (((block[1] >>> 2) | (block[1] << -2))
@@ -177,6 +178,17 @@ public class Shacal2Engine
 		return BLOCK_SIZE;
 	}
 
+    private void byteBlockToInts(byte[] bytes, int[] block, int bytesPos, int blockPos)
+    {
+        for (int i = blockPos; i <  BLOCK_SIZE / 4; i++)
+        {
+            block[i] = ((bytes[bytesPos++] & 0xFF) << 24)
+                | ((bytes[bytesPos++] & 0xFF) << 16)
+                | ((bytes[bytesPos++] & 0xFF) << 8)
+                | (bytes[bytesPos++] & 0xFF);
+        }
+    }
+
     private void bytes2ints(byte[] bytes, int[] block, int bytesPos, int blockPos)
     {
         for (int i = blockPos; i < bytes.length / 4; i++)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/ThreefishEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/ThreefishEngine.java
index 74bccfe..3366022 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/ThreefishEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/ThreefishEngine.java
@@ -9,13 +9,13 @@ import org.bouncycastle.crypto.params.TweakableBlockCipherParameters;
 /**
  * Implementation of the Threefish tweakable large block cipher in 256, 512 and 1024 bit block
  * sizes.
- * <p/>
+ * <p>
  * This is the 1.3 version of Threefish defined in the Skein hash function submission to the NIST
  * SHA-3 competition in October 2010.
- * <p/>
+ * <p>
  * Threefish was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
  * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
- * <p/>
+ * <p>
  * This implementation inlines all round functions, unrolls 8 rounds, and uses 1.2k of static tables
  * to speed up key schedule injection. <br>
  * 2 x block size state is retained by each cipher instance.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/VMPCEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/VMPCEngine.java
index f16f6d4..364c5d8 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/VMPCEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/VMPCEngine.java
@@ -91,7 +91,7 @@ public class VMPCEngine implements StreamCipher
         n = 0;
     }
 
-    public void processBytes(byte[] in, int inOff, int len, byte[] out,
+    public int processBytes(byte[] in, int inOff, int len, byte[] out,
         int outOff)
     {
         if ((inOff + len) > in.length)
@@ -117,6 +117,8 @@ public class VMPCEngine implements StreamCipher
             // xor
             out[i + outOff] = (byte) (in[i + inOff] ^ z);
         }
+
+        return len;
     }
 
     public void reset()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/XSalsa20Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/XSalsa20Engine.java
index 5b2181d..45cc478 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/XSalsa20Engine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/XSalsa20Engine.java
@@ -1,6 +1,6 @@
 package org.bouncycastle.crypto.engines;
 
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Pack;
 
 /**
  * Implementation of Daniel J. Bernstein's XSalsa20 stream cipher - Salsa20 with an extended nonce.
@@ -9,7 +9,6 @@ import org.bouncycastle.crypto.util.Pack;
  */
 public class XSalsa20Engine extends Salsa20Engine
 {
-
     public String getAlgorithmName()
     {
         return "XSalsa20";
@@ -27,6 +26,11 @@ public class XSalsa20Engine extends Salsa20Engine
      */
     protected void setKey(byte[] keyBytes, byte[] ivBytes)
     {
+        if (keyBytes == null)
+        {
+            throw new IllegalArgumentException(getAlgorithmName() + " doesn't support re-init with null key");
+        }
+
         if (keyBytes.length != 32)
         {
             throw new IllegalArgumentException(getAlgorithmName() + " requires a 256 bit key");
@@ -57,9 +61,5 @@ public class XSalsa20Engine extends Salsa20Engine
         // Last 64 bits of input IV
         engineState[6] = Pack.littleEndianToInt(ivBytes, 16);
         engineState[7] = Pack.littleEndianToInt(ivBytes, 20);
-
-        // Counter reset
-        resetCounter();
     }
-
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/engines/package.html
new file mode 100644
index 0000000..e945dac
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Basic cipher classes.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/examples/DESExample.java b/bcprov/src/main/java/org/bouncycastle/crypto/examples/DESExample.java
index 1698997..90a21de 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/examples/DESExample.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/examples/DESExample.java
@@ -41,9 +41,11 @@ import org.bouncycastle.util.encoders.Hex;
  * </ul>
  * <p>
  * When decrypting;
+ * <ul>
  *  <li>the infile is expected to be the 60 character wide base64 
  *    encoded file
  *  <li>the keyfile is expected to be a base64 encoded file
+ * </ul>
  * <p>
  * This example shows how to use the light-weight API, DES and
  * the filesystem for message encryption and decryption.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/examples/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/examples/package.html
new file mode 100644
index 0000000..390a540
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/examples/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Simple examples of light weight API usage.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/BCrypt.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/BCrypt.java
new file mode 100644
index 0000000..43d657d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/BCrypt.java
@@ -0,0 +1,660 @@
+package org.bouncycastle.crypto.generators;
+
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.util.Arrays;
+
+/**
+ * Core of password hashing scheme Bcrypt,
+ * designed by Niels Provos and David Mazières,
+ * corresponds to the C reference implementation.
+ * <p>
+ * This implementation does not correspondent to the 1999 published paper
+ * "A Future-Adaptable Password Scheme" of Niels Provos and David Mazières,
+ * see: https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html.
+ * In contrast to the paper, the order of key setup and salt setup is reversed:
+ * state <- ExpandKey(state, 0, key)
+ * state <- ExpandKey(state, 0, salt)
+ * This corresponds to the OpenBSD reference implementation of Bcrypt. 
+ * </p><p>
+ * Note: 
+ * There is no successful cryptanalysis (status 2015), but
+ * the amount of memory and the band width of Bcrypt
+ * may be insufficient to effectively prevent attacks 
+ * with custom hardware like FPGAs, ASICs
+ * </p><p>
+ * This implementation uses some parts of Bouncy Castle's BlowfishEngine.
+ * </p>
+ */
+public final class BCrypt
+{
+    private static final BCrypt INSTANCE = new BCrypt();
+
+    // magic String "OrpheanBeholderScryDoubt" is used as clear text for encryption
+    private static final int[] MAGIC_STRING =
+        {
+            0x4F727068, 0x65616E42, 0x65686F6C,
+            0x64657253, 0x63727944, 0x6F756274
+        };
+    final static int MAGIC_STRING_LENGTH = 6;
+
+
+    private final static int[]
+        KP = {
+        0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344,
+        0xA4093822, 0x299F31D0, 0x082EFA98, 0xEC4E6C89,
+        0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C,
+        0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917,
+        0x9216D5D9, 0x8979FB1B
+    },
+
+    KS0 = {
+        0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7,
+        0xB8E1AFED, 0x6A267E96, 0xBA7C9045, 0xF12C7F99,
+        0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16,
+        0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E,
+        0x0D95748F, 0x728EB658, 0x718BCD58, 0x82154AEE,
+        0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013,
+        0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF,
+        0x8E79DCB0, 0x603A180E, 0x6C9E0E8B, 0xB01E8A3E,
+        0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60,
+        0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440,
+        0x55CA396A, 0x2AAB10B6, 0xB4CC5C34, 0x1141E8CE,
+        0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A,
+        0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E,
+        0xAFD6BA33, 0x6C24CF5C, 0x7A325381, 0x28958677,
+        0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193,
+        0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032,
+        0xEF845D5D, 0xE98575B1, 0xDC262302, 0xEB651B88,
+        0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239,
+        0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E,
+        0x21C66842, 0xF6E96C9A, 0x670C9C61, 0xABD388F0,
+        0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3,
+        0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98,
+        0xA1F1651D, 0x39AF0176, 0x66CA593E, 0x82430E88,
+        0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE,
+        0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6,
+        0x4ED3AA62, 0x363F7706, 0x1BFEDF72, 0x429B023D,
+        0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B,
+        0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7,
+        0xE3FE501A, 0xB6794C3B, 0x976CE0BD, 0x04C006BA,
+        0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463,
+        0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F,
+        0x6DFC511F, 0x9B30952C, 0xCC814544, 0xAF5EBD09,
+        0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3,
+        0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB,
+        0x5579C0BD, 0x1A60320A, 0xD6A100C6, 0x402C7279,
+        0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8,
+        0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB,
+        0x323DB5FA, 0xFD238760, 0x53317B48, 0x3E00DF82,
+        0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB,
+        0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573,
+        0x695B27B0, 0xBBCA58C8, 0xE1FFA35D, 0xB8F011A0,
+        0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B,
+        0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790,
+        0xE1DDF2DA, 0xA4CB7E33, 0x62FB1341, 0xCEE4C6E8,
+        0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4,
+        0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0,
+        0xD08ED1D0, 0xAFC725E0, 0x8E3C5B2F, 0x8E7594B7,
+        0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C,
+        0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD,
+        0x2F2F2218, 0xBE0E1777, 0xEA752DFE, 0x8B021FA1,
+        0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299,
+        0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9,
+        0x165FA266, 0x80957705, 0x93CC7314, 0x211A1477,
+        0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF,
+        0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49,
+        0x00250E2D, 0x2071B35E, 0x226800BB, 0x57B8E0AF,
+        0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA,
+        0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5,
+        0x83260376, 0x6295CFA9, 0x11C81968, 0x4E734A41,
+        0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915,
+        0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400,
+        0x08BA6FB5, 0x571BE91F, 0xF296EC6B, 0x2A0DD915,
+        0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664,
+        0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A
+    },
+
+    KS1 = {
+        0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623,
+        0xAD6EA6B0, 0x49A7DF7D, 0x9CEE60B8, 0x8FEDB266,
+        0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1,
+        0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E,
+        0x3F54989A, 0x5B429D65, 0x6B8FE4D6, 0x99F73FD6,
+        0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1,
+        0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E,
+        0x09686B3F, 0x3EBAEFC9, 0x3C971814, 0x6B6A70A1,
+        0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737,
+        0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8,
+        0xB03ADA37, 0xF0500C0D, 0xF01C1F04, 0x0200B3FF,
+        0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD,
+        0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701,
+        0x3AE5E581, 0x37C2DADC, 0xC8B57634, 0x9AF3DDA7,
+        0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41,
+        0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331,
+        0x4E548B38, 0x4F6DB908, 0x6F420D03, 0xF60A04BF,
+        0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF,
+        0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E,
+        0x5512721F, 0x2E6B7124, 0x501ADDE6, 0x9F84CD87,
+        0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C,
+        0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2,
+        0xEF1C1847, 0x3215D908, 0xDD433B37, 0x24C2BA16,
+        0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD,
+        0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B,
+        0x043556F1, 0xD7A3C76B, 0x3C11183B, 0x5924A509,
+        0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E,
+        0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3,
+        0x771FE71C, 0x4E3D06FA, 0x2965DCB9, 0x99E71D0F,
+        0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A,
+        0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4,
+        0xF2F74EA7, 0x361D2B3D, 0x1939260F, 0x19C27960,
+        0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66,
+        0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28,
+        0xC332DDEF, 0xBE6C5AA5, 0x65582185, 0x68AB9802,
+        0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84,
+        0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510,
+        0x13CCA830, 0xEB61BD96, 0x0334FE1E, 0xAA0363CF,
+        0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14,
+        0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E,
+        0x648B1EAF, 0x19BDF0CA, 0xA02369B9, 0x655ABB50,
+        0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7,
+        0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8,
+        0xF837889A, 0x97E32D77, 0x11ED935F, 0x16681281,
+        0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99,
+        0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696,
+        0xCDB30AEB, 0x532E3054, 0x8FD948E4, 0x6DBC3128,
+        0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73,
+        0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0,
+        0x45EEE2B6, 0xA3AAABEA, 0xDB6C4F15, 0xFACB4FD0,
+        0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105,
+        0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250,
+        0xCF62A1F2, 0x5B8D2646, 0xFC8883A0, 0xC1C7B6A3,
+        0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285,
+        0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00,
+        0x58428D2A, 0x0C55F5EA, 0x1DADF43E, 0x233F7061,
+        0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB,
+        0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E,
+        0xA6078084, 0x19F8509E, 0xE8EFD855, 0x61D99735,
+        0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC,
+        0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9,
+        0xDB73DBD3, 0x105588CD, 0x675FDA79, 0xE3674340,
+        0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20,
+        0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7
+    },
+
+    KS2 = {
+        0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934,
+        0x411520F7, 0x7602D4F7, 0xBCF46B2E, 0xD4A20068,
+        0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF,
+        0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840,
+        0x4D95FC1D, 0x96B591AF, 0x70F4DDD3, 0x66A02F45,
+        0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504,
+        0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A,
+        0x28507825, 0x530429F4, 0x0A2C86DA, 0xE9B66DFB,
+        0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE,
+        0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6,
+        0xAACE1E7C, 0xD3375FEC, 0xCE78A399, 0x406B2A42,
+        0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B,
+        0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2,
+        0x3A6EFA74, 0xDD5B4332, 0x6841E7F7, 0xCA7820FB,
+        0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527,
+        0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B,
+        0x55A867BC, 0xA1159A58, 0xCCA92963, 0x99E1DB33,
+        0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C,
+        0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3,
+        0x95C11548, 0xE4C66D22, 0x48C1133F, 0xC70F86DC,
+        0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17,
+        0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564,
+        0x257B7834, 0x602A9C60, 0xDFF8E8A3, 0x1F636C1B,
+        0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115,
+        0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922,
+        0x85B2A20E, 0xE6BA0D99, 0xDE720C8C, 0x2DA2F728,
+        0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0,
+        0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E,
+        0x0A476341, 0x992EFF74, 0x3A6F6EAB, 0xF4F8FD37,
+        0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D,
+        0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804,
+        0xF1290DC7, 0xCC00FFA3, 0xB5390F92, 0x690FED0B,
+        0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3,
+        0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB,
+        0x37392EB3, 0xCC115979, 0x8026E297, 0xF42E312D,
+        0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C,
+        0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350,
+        0x1A6B1018, 0x11CAEDFA, 0x3D25BDD8, 0xE2E1C3C9,
+        0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A,
+        0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE,
+        0x9DBC8057, 0xF0F7C086, 0x60787BF8, 0x6003604D,
+        0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC,
+        0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F,
+        0x77A057BE, 0xBDE8AE24, 0x55464299, 0xBF582E61,
+        0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2,
+        0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9,
+        0x7AEB2661, 0x8B1DDF84, 0x846A0E79, 0x915F95E2,
+        0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C,
+        0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E,
+        0xB77F19B6, 0xE0A9DC09, 0x662D09A1, 0xC4324633,
+        0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10,
+        0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169,
+        0xDCB7DA83, 0x573906FE, 0xA1E2CE9B, 0x4FCD7F52,
+        0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027,
+        0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5,
+        0xF0177A28, 0xC0F586E0, 0x006058AA, 0x30DC7D62,
+        0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634,
+        0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76,
+        0x6F05E409, 0x4B7C0188, 0x39720A3D, 0x7C927C24,
+        0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC,
+        0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4,
+        0x1E50EF5E, 0xB161E6F8, 0xA28514D9, 0x6C51133C,
+        0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837,
+        0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0
+    },
+
+    KS3 = {
+        0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B,
+        0x5CB0679E, 0x4FA33742, 0xD3822740, 0x99BC9BBE,
+        0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B,
+        0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4,
+        0x5748AB2F, 0xBC946E79, 0xC6A376D2, 0x6549C2C8,
+        0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6,
+        0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304,
+        0xA1FAD5F0, 0x6A2D519A, 0x63EF8CE2, 0x9A86EE22,
+        0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4,
+        0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6,
+        0x2826A2F9, 0xA73A3AE1, 0x4BA99586, 0xEF5562E9,
+        0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59,
+        0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593,
+        0xE990FD5A, 0x9E34D797, 0x2CF0B7D9, 0x022B8B51,
+        0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28,
+        0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C,
+        0xE029AC71, 0xE019A5E6, 0x47B0ACFD, 0xED93FA9B,
+        0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28,
+        0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C,
+        0x15056DD4, 0x88F46DBA, 0x03A16125, 0x0564F0BD,
+        0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A,
+        0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319,
+        0x7533D928, 0xB155FDF5, 0x03563482, 0x8ABA3CBB,
+        0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F,
+        0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991,
+        0xEA7A90C2, 0xFB3E7BCE, 0x5121CE64, 0x774FBE32,
+        0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680,
+        0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166,
+        0xB39A460A, 0x6445C0DD, 0x586CDECF, 0x1C20C8AE,
+        0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB,
+        0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5,
+        0x72EACEA8, 0xFA6484BB, 0x8D6612AE, 0xBF3C6F47,
+        0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370,
+        0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D,
+        0x4040CB08, 0x4EB4E2CC, 0x34D2466A, 0x0115AF84,
+        0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048,
+        0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8,
+        0x611560B1, 0xE7933FDC, 0xBB3A792B, 0x344525BD,
+        0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9,
+        0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7,
+        0x1A908749, 0xD44FBD9A, 0xD0DADECB, 0xD50ADA38,
+        0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F,
+        0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C,
+        0xBF97222C, 0x15E6FC2A, 0x0F91FC71, 0x9B941525,
+        0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1,
+        0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442,
+        0xE0EC6E0E, 0x1698DB3B, 0x4C98A0BE, 0x3278E964,
+        0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E,
+        0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8,
+        0xDF359F8D, 0x9B992F2E, 0xE60B6F47, 0x0FE3F11D,
+        0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F,
+        0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299,
+        0xF523F357, 0xA6327623, 0x93A83531, 0x56CCCD02,
+        0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC,
+        0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614,
+        0xE6C6C7BD, 0x327A140A, 0x45E1D006, 0xC3F27B9A,
+        0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6,
+        0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B,
+        0x53113EC0, 0x1640E3D3, 0x38ABBD60, 0x2547ADF0,
+        0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060,
+        0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E,
+        0x1948C25C, 0x02FB8A8C, 0x01C36AE4, 0xD6EBE1F9,
+        0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F,
+        0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6
+    };
+
+    //====================================
+    // Useful constants
+    //====================================
+
+    private static final int ROUNDS = 16;
+    private static final int SBOX_SK = 256;
+    private static final int SBOX_SK2 = SBOX_SK * 2;
+    private static final int SBOX_SK3 = SBOX_SK * 3;
+    private static final int P_SZ = ROUNDS + 2;
+
+
+    private final int[] S;    // the s-boxes
+    private final int[] P;    // the p-array
+
+    public BCrypt()
+    {
+        S = new int[SBOX_SK * 4];
+        P = new int[P_SZ];
+    }
+
+    //==================================
+    // Private Implementation
+    //==================================
+
+    private int F(int x)
+    {
+        return (((S[(x >>> 24)] + S[SBOX_SK + ((x >>> 16) & 0xff)])
+            ^ S[SBOX_SK2 + ((x >>> 8) & 0xff)]) + S[SBOX_SK3 + (x & 0xff)]);
+    }
+
+    /*
+     * apply the encryption cycle to each value pair in the table.
+     */
+    private void processTable(
+        int xl,
+        int xr,
+        int[] table)
+    {
+        int size = table.length;
+
+        for (int s = 0; s < size; s += 2)
+        {
+            xl ^= P[0];
+
+            for (int i = 1; i < ROUNDS; i += 2)
+            {
+                xr ^= F(xl) ^ P[i];
+                xl ^= F(xr) ^ P[i + 1];
+            }
+
+            xr ^= P[ROUNDS + 1];
+
+            table[s] = xr;
+            table[s + 1] = xl;
+
+            xr = xl;            // end of cycle swap
+            xl = table[s];
+        }
+    }
+
+    /*
+     * Initialize the S-boxes and the P-array, with a fixed string
+     * This string contains the hexadecimal digits of pi (3.141...)
+     */
+    private void initState()
+    {
+        System.arraycopy(KS0, 0, S, 0, SBOX_SK);
+        System.arraycopy(KS1, 0, S, SBOX_SK, SBOX_SK);
+        System.arraycopy(KS2, 0, S, SBOX_SK2, SBOX_SK);
+        System.arraycopy(KS3, 0, S, SBOX_SK3, SBOX_SK);
+
+        System.arraycopy(KP, 0, P, 0, P_SZ);
+
+    }
+
+    private int BytesTo32bits(byte[] b, int i)
+    {
+        return ((b[i] & 0xff) << 24) |
+            ((b[i + 1] & 0xff) << 16) |
+            ((b[i + 2] & 0xff) << 8) |
+            ((b[i + 3] & 0xff));
+    }
+
+    private void Bits32ToBytes(int in, byte[] b, int offset)
+    {
+        b[offset + 3] = (byte)in;
+        b[offset + 2] = (byte)(in >> 8);
+        b[offset + 1] = (byte)(in >> 16);
+        b[offset] = (byte)(in >> 24);
+    }
+
+    /*
+     * XOR P with key cyclic.
+     * This is the first part of ExpandKey function
+     */
+    private final void cyclicXorKey(byte[] key)
+    {
+        int keyLength = key.length;
+        int keyIndex = 0;
+
+        for (int i = 0; i < P_SZ; i++)
+        {
+            // get the 32 bits of the key, in 4 * 8 bit chunks
+            int data = 0x0000000;
+            for (int j = 0; j < 4; j++)
+            {
+                // create a 32 bit block
+                data = (data << 8) | (key[keyIndex++] & 0xff);
+
+                // wrap when we get to the end of the key
+                if (keyIndex >= keyLength)
+                {
+                    keyIndex = 0;
+                }
+            }
+            // XOR the newly created 32 bit chunk onto the P-array
+            P[i] ^= data;
+        }
+    }
+
+
+    /*
+     *  encrypt magic String 64 times in ECB
+     */
+    private byte[] encryptMagicString()
+    {
+        int[] text = {
+            MAGIC_STRING[0], MAGIC_STRING[1],
+            MAGIC_STRING[2], MAGIC_STRING[3],
+            MAGIC_STRING[4], MAGIC_STRING[5]
+        };
+        for (int i = 0; i < 64; i++)
+        {
+            for (int j = 0; j < MAGIC_STRING_LENGTH; j += 2)
+            {
+                int left = text[j];
+                int right = text[j + 1];
+
+                left ^= P[0];
+                for (int k = 1; k < ROUNDS; k += 2)
+                {
+                    right ^= F(left) ^ P[k];
+                    left ^= F(right) ^ P[k + 1];
+                }
+                right ^= P[ROUNDS + 1];
+                // swap values:
+                text[j] = right;
+                text[j + 1] = left;
+            }
+        }
+        byte[] result = new byte[24]; // holds 192 bit key
+        for (int i = 0; i < text.length; i++)
+        {
+            Bits32ToBytes(text[i], result, i * 4);
+        }
+        Arrays.fill(text, 0);
+        Arrays.fill(P, 0);
+        Arrays.fill(S, 0);
+
+        return result;
+    }
+
+    /*
+     * This is a part of Eksblowfish function
+     *
+     * @param 	table: sub-keys or working key
+     * @param 	salt32Bit: a 16 byte salt as two 32 bit words
+     * @param 	iv1: value from last proceeded table
+     * @param 	iv2: value from last proceeded table
+     */
+    private void processTableWithSalt(
+        int[] table,
+        int[] salt32Bit,
+        int iv1,
+        int iv2)
+    {
+        int xl = iv1 ^ salt32Bit[0];
+        int xr = iv2 ^ salt32Bit[1];
+
+        int yl;
+        int yr;
+        int size = table.length;
+
+        for (int s = 0; s < size; s += 4)
+        {
+            xl ^= P[0];
+            for (int i = 1; i < ROUNDS; i += 2)
+            {
+                xr ^= F(xl) ^ P[i];
+                xl ^= F(xr) ^ P[i + 1];
+            }
+            xr ^= P[ROUNDS + 1];
+
+            table[s] = xr;
+            table[s + 1] = xl;
+
+            yl = salt32Bit[2] ^ xr;
+            yr = salt32Bit[3] ^ xl;
+
+            if (s + 2 >= size) // P holds 18 values
+            {
+                break;
+            }
+
+            yl ^= P[0];
+            for (int i = 1; i < ROUNDS; i += 2)
+            {
+                yr ^= F(yl) ^ P[i];
+                yl ^= F(yr) ^ P[i + 1];
+            }
+            yr ^= P[ROUNDS + 1];
+
+            table[s + 2] = yr;
+            table[s + 3] = yl;
+
+            xl = salt32Bit[0] ^ yr;
+            xr = salt32Bit[1] ^ yl;
+        }
+    }
+
+    /**
+     * Derives a raw 192 bit Bcrypt key
+     *
+     * @param cost the cost factor, treated as an exponent of 2
+     * @param salt a 16 byte salt
+     * @param psw  the password
+     * @return a 192 bit key
+     */
+    private final byte[] deriveRawKey(
+        int cost,
+        byte[] salt,
+        byte[] psw)
+    {
+        if (salt.length != 16)
+        {
+            throw new DataLengthException("Invalid salt size: 16 bytes expected.");
+        }
+        if (cost < 4 || cost > 31)
+        {
+            throw new IllegalArgumentException("Illegal cost factor: 4 - 31 expected.");
+        }
+
+        if (psw.length == 0)
+        {
+            psw = new byte[4];
+        }
+
+        // state <- InitState()
+        initState();
+
+        int[] salt32Bit = new int[4]; // holds 16 byte salt
+        salt32Bit[0] = BytesTo32bits(salt, 0);
+        salt32Bit[1] = BytesTo32bits(salt, 4);
+        salt32Bit[2] = BytesTo32bits(salt, 8);
+        salt32Bit[3] = BytesTo32bits(salt, 12);
+
+        int[] salt32Bit2 = new int[salt.length]; // swapped values
+        salt32Bit2[0] = salt32Bit[2];
+        salt32Bit2[1] = salt32Bit[3];
+        salt32Bit2[2] = salt32Bit[0];
+        salt32Bit2[3] = salt32Bit[1];
+
+        // ExpandKey( state, salt, key):
+        cyclicXorKey(psw);
+        processTableWithSalt(P, salt32Bit, 0, 0);
+        Arrays.fill(salt32Bit, 0);
+        processTableWithSalt(S, salt32Bit2, P[P.length - 2], P[P.length - 1]);
+        Arrays.fill(salt32Bit2, 0);
+
+        int rounds = 1 << cost;
+        for (int i = 0; i != rounds; i++)        // rounds may be negative if cost is 31
+        {
+            // state <- ExpandKey(state, 0, key);
+            cyclicXorKey(psw);
+            processTable(0, 0, P);
+            processTable(P[P_SZ - 2], P[P_SZ - 1], S);
+
+            // state <- ExpandKey(state, 0, salt);
+            cyclicXorKey(salt);
+            processTable(0, 0, P);
+            processTable(P[P_SZ - 2], P[P_SZ - 1], S);
+        }
+
+        // encrypt magicString 64 times
+        return encryptMagicString();
+    }
+
+    /**
+     * Size of the salt parameter in bytes
+     */
+    static final int SALT_SIZE_BYTES = 16;
+
+    /**
+     * Minimum value of cost parameter, equal to log2(bytes of salt)
+     */
+    static final int MIN_COST = 4;
+
+    /**
+     * Maximum value of cost parameter (31 == 2,147,483,648)
+     */
+    static final int MAX_COST = 31;
+
+    /**
+     * Maximum size of password == max (unrestricted) size of Blowfish key
+     */
+    // Blowfish spec limits keys to 448bit/56 bytes to ensure all bits of key affect all ciphertext
+    // bits, but technically algorithm handles 72 byte keys and most implementations support this.
+    static final int MAX_PASSWORD_BYTES = 72;
+
+    /**
+     * Calculates the <b>bcrypt</b> hash of a password.
+     * <p>
+     * This implements the raw <b>bcrypt</b> function as defined in the bcrypt specification, not
+     * the crypt encoded version implemented in OpenBSD.
+     * </p>
+     * @param password the password bytes (up to 72 bytes) to use for this invocation.
+     * @param salt     the 128 bit salt to use for this invocation.
+     * @param cost     the bcrypt cost parameter. The cost of the bcrypt function grows as
+     *                 <code>2^cost</code>. Legal values are 4..31 inclusive.
+     * @return the output of the raw bcrypt operation: a 192 bit (24 byte) hash.
+     */
+    public static byte[] generate(byte[] password, byte[] salt, int cost)
+    {
+        if (password == null || salt == null)
+        {
+            throw new IllegalArgumentException("Password and salt are required");
+        }
+        if (salt.length != SALT_SIZE_BYTES)
+        {
+            throw new IllegalArgumentException("BCrypt salt must be 128 bits");
+        }
+        if (password.length > MAX_PASSWORD_BYTES)
+        {
+            throw new IllegalArgumentException("BCrypt password must be <= 72 bytes");
+        }
+        if (cost < MIN_COST || cost > MAX_COST)
+        {
+            throw new IllegalArgumentException("BCrypt cost must be from 4..31");
+        }
+
+        return INSTANCE.deriveRawKey(cost, salt, password);
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java
index 16c8b91..b284a93 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java
@@ -6,7 +6,7 @@ import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.DigestDerivationFunction;
 import org.bouncycastle.crypto.params.ISO18033KDFParameters;
 import org.bouncycastle.crypto.params.KDFParameters;
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Pack;
 
 /**
  * Basic KDF generator for derived keys and ivs as defined by IEEE P1363a/ISO
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/CramerShoupKeyPairGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/CramerShoupKeyPairGenerator.java
new file mode 100644
index 0000000..8fcdf85
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/CramerShoupKeyPairGenerator.java
@@ -0,0 +1,63 @@
+package org.bouncycastle.crypto.generators;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.params.CramerShoupKeyGenerationParameters;
+import org.bouncycastle.crypto.params.CramerShoupParameters;
+import org.bouncycastle.crypto.params.CramerShoupPrivateKeyParameters;
+import org.bouncycastle.crypto.params.CramerShoupPublicKeyParameters;
+import org.bouncycastle.util.BigIntegers;
+
+/**
+ * a Cramer Shoup key pair generator
+ * 
+ */
+public class CramerShoupKeyPairGenerator implements AsymmetricCipherKeyPairGenerator {
+	
+	private static final BigInteger ONE = BigInteger.valueOf(1);
+
+	private CramerShoupKeyGenerationParameters param;
+
+	public void init(KeyGenerationParameters param) {
+		this.param = (CramerShoupKeyGenerationParameters) param;
+	}
+
+	public AsymmetricCipherKeyPair generateKeyPair() {
+		CramerShoupParameters csParams = param.getParameters();
+
+		CramerShoupPrivateKeyParameters sk = generatePrivateKey(param.getRandom(), csParams);
+		CramerShoupPublicKeyParameters pk = calculatePublicKey(csParams, sk);
+		sk.setPk(pk);
+
+		return new AsymmetricCipherKeyPair(pk, sk);
+	}
+
+	private BigInteger generateRandomElement(BigInteger p, SecureRandom random) {
+		return BigIntegers.createRandomInRange(ONE, p.subtract(ONE), random);
+	}
+	
+	private CramerShoupPrivateKeyParameters generatePrivateKey(SecureRandom random, CramerShoupParameters csParams){
+		BigInteger p = csParams.getP();
+		CramerShoupPrivateKeyParameters key = new CramerShoupPrivateKeyParameters(csParams,
+				generateRandomElement(p, random), generateRandomElement(p, random),
+				generateRandomElement(p, random), generateRandomElement(p, random),
+				generateRandomElement(p, random));
+		return key;
+	}
+
+	private CramerShoupPublicKeyParameters calculatePublicKey(CramerShoupParameters csParams, CramerShoupPrivateKeyParameters sk) {
+		BigInteger g1 = csParams.getG1();
+		BigInteger g2 = csParams.getG2();
+		BigInteger p = csParams.getP();
+		
+		BigInteger c = g1.modPow(sk.getX1(), p).multiply(g2.modPow(sk.getX2(), p));
+		BigInteger d = g1.modPow(sk.getY1(), p).multiply(g2.modPow(sk.getY2(), p));
+		BigInteger h = g1.modPow(sk.getZ(), p);
+		
+		return new CramerShoupPublicKeyParameters(csParams, c, d, h);
+	}
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/CramerShoupParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/CramerShoupParametersGenerator.java
new file mode 100644
index 0000000..22dd34a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/CramerShoupParametersGenerator.java
@@ -0,0 +1,124 @@
+package org.bouncycastle.crypto.generators;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.params.CramerShoupParameters;
+import org.bouncycastle.crypto.params.DHParameters;
+import org.bouncycastle.util.BigIntegers;
+
+public class CramerShoupParametersGenerator
+{
+    private static final BigInteger ONE = BigInteger.valueOf(1);
+
+    private int size;
+    private int certainty;
+    private SecureRandom random;
+
+    /**
+     * Initialise the parameters generator.
+     *
+     * @param size      bit length for the prime p
+     * @param certainty a measure of the uncertainty that the caller is willing to tolerate:
+     *                  the probability that the generated modulus is prime exceeds (1 - 1/2^certainty).
+     *                  The execution time of this method is proportional to the value of this parameter.
+     * @param random    a source of randomness
+     */
+    public void init(int size, int certainty, SecureRandom random)
+    {
+        this.size = size;
+        this.certainty = certainty;
+        this.random = random;
+    }
+
+    /**
+     * which generates the p and g values from the given parameters, returning
+     * the CramerShoupParameters object.
+     * <p>
+     * Note: can take a while...
+     * </p>
+     */
+    public CramerShoupParameters generateParameters()
+    {
+        //
+        // find a safe prime p where p = 2*q + 1, where p and q are prime.
+        //
+        BigInteger[] safePrimes = ParametersHelper.generateSafePrimes(size, certainty, random);
+
+//		BigInteger p = safePrimes[0];
+        BigInteger q = safePrimes[1];
+        BigInteger g1 = ParametersHelper.selectGenerator(q, random);
+        BigInteger g2 = ParametersHelper.selectGenerator(q, random);
+        while (g1.equals(g2))
+        {
+            g2 = ParametersHelper.selectGenerator(q, random);
+        }
+
+        return new CramerShoupParameters(q, g1, g2, new SHA256Digest());
+    }
+
+    public CramerShoupParameters generateParameters(DHParameters dhParams)
+    {
+        BigInteger p = dhParams.getP();
+        BigInteger g1 = dhParams.getG();
+
+        // now we just need a second generator
+        BigInteger g2 = ParametersHelper.selectGenerator(p, random);
+        while (g1.equals(g2))
+        {
+            g2 = ParametersHelper.selectGenerator(p, random);
+        }
+
+        return new CramerShoupParameters(p, g1, g2, new SHA256Digest());
+    }
+
+    private static class ParametersHelper
+    {
+
+        private static final BigInteger TWO = BigInteger.valueOf(2);
+
+        /*
+         * Finds a pair of prime BigInteger's {p, q: p = 2q + 1}
+         *
+         * (see: Handbook of Applied Cryptography 4.86)
+         */
+        static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
+        {
+            BigInteger p, q;
+            int qLength = size - 1;
+
+            for (; ; )
+            {
+                q = new BigInteger(qLength, 2, random);
+                p = q.shiftLeft(1).add(ONE);
+                if (p.isProbablePrime(certainty) && (certainty <= 2 || q.isProbablePrime(certainty)))
+                {
+                    break;
+                }
+            }
+
+            return new BigInteger[]{p, q};
+        }
+
+        static BigInteger selectGenerator(BigInteger p, SecureRandom random)
+        {
+            BigInteger pMinusTwo = p.subtract(TWO);
+            BigInteger g;
+
+			/*
+             * RFC 2631 2.2.1.2 (and see: Handbook of Applied Cryptography 4.81)
+			 */
+            do
+            {
+                BigInteger h = BigIntegers.createRandomInRange(TWO, pMinusTwo, random);
+
+                g = h.modPow(TWO, p);
+            }
+            while (g.equals(ONE));
+
+            return g;
+        }
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java
index e0d86fc..6795ec9 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java
@@ -4,6 +4,7 @@ import java.math.BigInteger;
 import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.params.DHParameters;
+import org.bouncycastle.math.ec.WNafUtil;
 import org.bouncycastle.util.BigIntegers;
 
 class DHKeyGeneratorHelper
@@ -19,12 +20,19 @@ class DHKeyGeneratorHelper
 
     BigInteger calculatePrivate(DHParameters dhParams, SecureRandom random)
     {
-        BigInteger p = dhParams.getP();
         int limit = dhParams.getL();
 
         if (limit != 0)
         {
-            return new BigInteger(limit, random).setBit(limit - 1);
+            int minWeight = limit >>> 2;
+            for (;;)
+            {
+                BigInteger x = new BigInteger(limit, random).setBit(limit - 1);
+                if (WNafUtil.getNafWeight(x) >= minWeight)
+                {
+                    return x;
+                }
+            }
         }
 
         BigInteger min = TWO;
@@ -34,14 +42,22 @@ class DHKeyGeneratorHelper
             min = ONE.shiftLeft(m - 1);
         }
 
-        BigInteger max = p.subtract(TWO);
         BigInteger q = dhParams.getQ();
-        if (q != null)
+        if (q == null)
         {
-            max = q.subtract(TWO);
+            q = dhParams.getP();
         }
+        BigInteger max = q.subtract(TWO);
 
-        return BigIntegers.createRandomInRange(min, max, random);
+        int minWeight = max.bitLength() >>> 2;
+        for (;;)
+        {
+            BigInteger x = BigIntegers.createRandomInRange(min, max, random);
+            if (WNafUtil.getNafWeight(x) >= minWeight)
+            {
+                return x;
+            }
+        }
     }
 
     BigInteger calculatePublic(DHParameters dhParams, BigInteger x)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
index 118bc9c..dc0a5ae 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
@@ -3,6 +3,7 @@ package org.bouncycastle.crypto.generators;
 import java.math.BigInteger;
 import java.security.SecureRandom;
 
+import org.bouncycastle.math.ec.WNafUtil;
 import org.bouncycastle.util.BigIntegers;
 
 class DHParametersHelper
@@ -19,6 +20,7 @@ class DHParametersHelper
     {
         BigInteger p, q;
         int qLength = size - 1;
+        int minWeight = size >>> 2;
 
         for (;;)
         {
@@ -27,10 +29,28 @@ class DHParametersHelper
             // p <- 2q + 1
             p = q.shiftLeft(1).add(ONE);
 
-            if (p.isProbablePrime(certainty) && (certainty <= 2 || q.isProbablePrime(certainty)))
+            if (!p.isProbablePrime(certainty))
             {
-                break;
+                continue;
             }
+
+            if (certainty > 2 && !q.isProbablePrime(certainty - 2))
+            {
+                continue;
+            }
+
+            /*
+             * Require a minimum weight of the NAF representation, since low-weight primes may be
+             * weak against a version of the number-field-sieve for the discrete-logarithm-problem.
+             * 
+             * See "The number field sieve for integers of low weight", Oliver Schirokauer.
+             */
+            if (WNafUtil.getNafWeight(p) < minWeight)
+            {
+                continue;
+            }
+
+            break;
         }
 
         return new BigInteger[] { p, q };
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java
index 93f49cf..ff3df35 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java
@@ -1,5 +1,8 @@
 package org.bouncycastle.crypto.generators;
 
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
 import org.bouncycastle.crypto.KeyGenerationParameters;
@@ -7,11 +10,9 @@ import org.bouncycastle.crypto.params.DSAKeyGenerationParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
 import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
+import org.bouncycastle.math.ec.WNafUtil;
 import org.bouncycastle.util.BigIntegers;
 
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
 /**
  * a DSA key pair generator.
  *
@@ -45,13 +46,20 @@ public class DSAKeyPairGenerator
 
     private static BigInteger generatePrivateKey(BigInteger q, SecureRandom random)
     {
-        // TODO Prefer this method? (change test cases that used fixed random)
-        // B.1.1 Key Pair Generation Using Extra Random Bits
-//        BigInteger c = new BigInteger(q.bitLength() + 64, random);
-//        return c.mod(q.subtract(ONE)).add(ONE);
-
         // B.1.2 Key Pair Generation by Testing Candidates
-        return BigIntegers.createRandomInRange(ONE, q.subtract(ONE), random);
+        int minWeight = q.bitLength() >>> 2;
+        for (;;)
+        {
+            // TODO Prefer this method? (change test cases that used fixed random)
+            // B.1.1 Key Pair Generation Using Extra Random Bits
+//            BigInteger x = new BigInteger(q.bitLength() + 64, random).mod(q.subtract(ONE)).add(ONE);
+
+            BigInteger x = BigIntegers.createRandomInRange(ONE, q.subtract(ONE), random);
+            if (WNafUtil.getNafWeight(x) >= minWeight)
+            {
+                return x;
+            }
+        }
     }
 
     private static BigInteger calculatePublicKey(BigInteger p, BigInteger g, BigInteger x)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
index f7a3df2..fe98b7c 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
@@ -42,7 +42,7 @@ public class DSAParametersGenerator
     /**
      * initialise the key generator.
      *
-     * @param size size of the key (range 2^512 -> 2^1024 - 64 bit increments)
+     * @param size size of the key (range 2^512 -&gt; 2^1024 - 64 bit increments)
      * @param certainty measure of robustness of prime (for FIPS 186-2 compliance this should be at least 80).
      * @param random random byte source.
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java
index d5f5fc8..4f46a38 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java
@@ -11,7 +11,10 @@ import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
+import org.bouncycastle.math.ec.WNafUtil;
 
 public class ECKeyPairGenerator
     implements AsymmetricCipherKeyPairGenerator, ECConstants
@@ -40,19 +43,42 @@ public class ECKeyPairGenerator
     public AsymmetricCipherKeyPair generateKeyPair()
     {
         BigInteger n = params.getN();
-        int        nBitLength = n.bitLength();
-        BigInteger d;
+        int nBitLength = n.bitLength();
+        int minWeight = nBitLength >>> 2;
 
-        do
+        BigInteger d;
+        for (;;)
         {
             d = new BigInteger(nBitLength, random);
+
+            if (d.compareTo(TWO) < 0  || (d.compareTo(n) >= 0))
+            {
+                continue;
+            }
+
+            /*
+             * Require a minimum weight of the NAF representation, since low-weight primes may be
+             * weak against a version of the number-field-sieve for the discrete-logarithm-problem.
+             * 
+             * See "The number field sieve for integers of low weight", Oliver Schirokauer.
+             */
+            if (WNafUtil.getNafWeight(d) < minWeight)
+            {
+                continue;
+            }
+
+            break;
         }
-        while (d.equals(ZERO)  || (d.compareTo(n) >= 0));
 
-        ECPoint Q = params.getG().multiply(d);
+        ECPoint Q = createBasePointMultiplier().multiply(params.getG(), d);
 
         return new AsymmetricCipherKeyPair(
             new ECPublicKeyParameters(Q, params),
             new ECPrivateKeyParameters(d, params));
     }
+
+    protected ECMultiplier createBasePointMultiplier()
+    {
+        return new FixedPointCombMultiplier();
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java
index 3e13c21..8948f93 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java
@@ -7,6 +7,7 @@ import org.bouncycastle.crypto.params.GOST3410KeyGenerationParameters;
 import org.bouncycastle.crypto.params.GOST3410Parameters;
 import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters;
 import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters;
+import org.bouncycastle.math.ec.WNafUtil;
 
 import java.math.BigInteger;
 import java.security.SecureRandom;
@@ -19,8 +20,6 @@ import java.security.SecureRandom;
 public class GOST3410KeyPairGenerator
         implements AsymmetricCipherKeyPairGenerator
     {
-        private static final BigInteger ZERO = BigInteger.valueOf(0);
-
         private GOST3410KeyGenerationParameters param;
 
         public void init(
@@ -39,11 +38,29 @@ public class GOST3410KeyPairGenerator
             p = GOST3410Params.getP();
             a = GOST3410Params.getA();
 
-            do
+            int minWeight = 64;
+            for (;;)
             {
                 x = new BigInteger(256, random);
+
+                if (x.signum() < 1 || x.compareTo(q) >= 0)
+                {
+                    continue;
+                }
+
+                /*
+                 * Require a minimum weight of the NAF representation, since low-weight primes may be
+                 * weak against a version of the number-field-sieve for the discrete-logarithm-problem.
+                 * 
+                 * See "The number field sieve for integers of low weight", Oliver Schirokauer.
+                 */
+                if (WNafUtil.getNafWeight(x) < minWeight)
+                {
+                    continue;
+                }
+
+                break;
             }
-            while (x.equals(ZERO) || x.compareTo(q) >= 0);
 
             //
             // calculate the public key.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/HKDFBytesGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/HKDFBytesGenerator.java
index 8e93e6b..75915cf 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/HKDFBytesGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/HKDFBytesGenerator.java
@@ -11,7 +11,7 @@ import org.bouncycastle.crypto.params.KeyParameter;
 /**
  * HMAC-based Extract-and-Expand Key Derivation Function (HKDF) implemented
  * according to IETF RFC 5869, May 2010 as specified by H. Krawczyk, IBM
- * Research & P. Eronen, Nokia. It uses a HMac internally to compute de OKM
+ * Research &amp; P. Eronen, Nokia. It uses a HMac internally to compute de OKM
  * (output keying material) and is likely to have better security properties
  * than KDF's based on just a hash function.
  */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/KDFCounterBytesGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/KDFCounterBytesGenerator.java
index 306530e..7147add 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/KDFCounterBytesGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/KDFCounterBytesGenerator.java
@@ -11,6 +11,31 @@ import org.bouncycastle.crypto.params.KeyParameter;
 
 /**
  * This KDF has been defined by the publicly available NIST SP 800-108 specification.
+ * NIST SP800-108 allows for alternative orderings of the input fields, meaning that the input can be formated in multiple ways.
+ * There are 3 supported formats:  - Below [i]_2 is a counter of r-bits length concatenated to the fixedInputData.
+ * <ul>
+ * <li>1: K(i) := PRF( KI, [i]_2 || Label || 0x00 || Context || [L]_2 ) with the counter at the very beginning of the fixedInputData (The default implementation has this format)</li>
+ * <li>2: K(i) := PRF( KI, Label || 0x00 || Context || [L]_2 || [i]_2 ) with the counter at the very end of the fixedInputData</li>
+ * <li>3a: K(i) := PRF( KI, Label || 0x00 || [i]_2 || Context || [L]_2 ) OR:</li>
+ * <li>3b: K(i) := PRF( KI, Label || 0x00 || [i]_2 || [L]_2 || Context ) OR:</li>
+ * <li>3c: K(i) := PRF( KI, Label || [i]_2 || 0x00 || Context || [L]_2 ) etc... with the counter somewhere in the 'middle' of the fixedInputData.</li>
+ * </ul>
+ * </p>
+ * <p>
+ * This function must be called with the following KDFCounterParameters():
+ *  - KI      <br/>
+ *  - The part of the fixedInputData that comes BEFORE the counter OR null  <br/>
+ *  - the part of the fixedInputData that comes AFTER the counter OR null <br/>
+ *  - the length of the counter in bits (not bytes)
+ *  </p>
+ * Resulting function calls assuming an 8 bit counter.
+ * <ul>
+ * <li>1.  KDFCounterParameters(ki, 	null, 									"Label || 0x00 || Context || [L]_2]",	8);</li>
+ * <li>2.  KDFCounterParameters(ki, 	"Label || 0x00 || Context || [L]_2]", 	null,									8);</li>
+ * <li>3a. KDFCounterParameters(ki, 	"Label || 0x00",						"Context || [L]_2]",					8);</li>
+ * <li>3b. KDFCounterParameters(ki, 	"Label || 0x00",						"[L]_2] || Context",					8);</li>
+ * <li>3c. KDFCounterParameters(ki, 	"Label", 								"0x00 || Context || [L]_2]",			8);</li>
+ * </ul>
  */
 public class KDFCounterBytesGenerator
     implements MacDerivationFunction
@@ -27,7 +52,8 @@ public class KDFCounterBytesGenerator
     private final int h;
 
     // fields set by init
-    private byte[] fixedInputData;
+    private byte[] fixedInputDataCtrPrefix;
+    private byte[] fixedInputData_afterCtr;
     private int maxSizeExcl;
     // ios is i defined as an octet string (the binary representation)
     private byte[] ios;
@@ -61,7 +87,8 @@ public class KDFCounterBytesGenerator
 
         // --- set arguments ---
 
-        this.fixedInputData = kdfParams.getFixedInputData();
+        this.fixedInputDataCtrPrefix = kdfParams.getFixedInputDataCounterPrefix();
+        this.fixedInputData_afterCtr = kdfParams.getFixedInputDataCounterSuffix();
 
         int r = kdfParams.getR();
         this.ios = new byte[r / 8];
@@ -145,8 +172,9 @@ public class KDFCounterBytesGenerator
 
 
         // special case for K(0): K(0) is empty, so no update
+        prf.update(fixedInputDataCtrPrefix, 0, fixedInputDataCtrPrefix.length);
         prf.update(ios, 0, ios.length);
-        prf.update(fixedInputData, 0, fixedInputData.length);
+        prf.update(fixedInputData_afterCtr, 0, fixedInputData_afterCtr.length);
         prf.doFinal(k, 0);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java
new file mode 100644
index 0000000..b5f133f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java
@@ -0,0 +1,315 @@
+package org.bouncycastle.crypto.generators;
+
+import java.io.ByteArrayOutputStream;
+
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Strings;
+
+/**
+ * Password hashing scheme BCrypt,
+ * designed by Niels Provos and David Mazières, using the
+ * String format and the Base64 encoding
+ * of the reference implementation on OpenBSD
+ */
+public class OpenBSDBCrypt
+{
+    private static final byte[] encodingTable = // the Bcrypts encoding table for OpenBSD
+        {
+            (byte)'.', (byte)'/', (byte)'A', (byte)'B', (byte)'C', (byte)'D',
+            (byte)'E', (byte)'F', (byte)'G', (byte)'H', (byte)'I', (byte)'J',
+            (byte)'K', (byte)'L', (byte)'M', (byte)'N', (byte)'O', (byte)'P',
+            (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', (byte)'V',
+            (byte)'W', (byte)'X', (byte)'Y', (byte)'Z', (byte)'a', (byte)'b',
+            (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g', (byte)'h',
+            (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
+            (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t',
+            (byte)'u', (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
+            (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5',
+            (byte)'6', (byte)'7', (byte)'8', (byte)'9'
+        };
+    /*
+     * set up the decoding table.
+     */
+    private static final byte[] decodingTable = new byte[128];
+    private static final String version = "2a"; // previous version was not UTF-8
+
+    static
+    {
+        for (int i = 0; i < decodingTable.length; i++)
+        {
+            decodingTable[i] = (byte)0xff;
+        }
+
+        for (int i = 0; i < encodingTable.length; i++)
+        {
+            decodingTable[encodingTable[i]] = (byte)i;
+        }
+    }
+
+    public OpenBSDBCrypt()
+    {
+
+    }
+
+    /**
+     * Creates a 60 character Bcrypt String, including
+     * version, cost factor, salt and hash, separated by '$'
+     *
+     * @param cost     the cost factor, treated as an exponent of 2
+     * @param salt     a 16 byte salt
+     * @param password the password
+     * @return a 60 character Bcrypt String
+     */
+    private static String createBcryptString(
+        byte[] password,
+        byte[] salt,
+        int cost)
+    {
+        StringBuffer sb = new StringBuffer(60);
+        sb.append('$');
+        sb.append(version);
+        sb.append('$');
+        sb.append(cost < 10 ? ("0" + cost) : Integer.toString(cost));
+        sb.append('$');
+        sb.append(encodeData(salt));
+
+        byte[] key = BCrypt.generate(password, salt, cost);
+
+        sb.append(encodeData(key));
+
+        return sb.toString();
+    }
+
+    /**
+     * Creates a 60 character Bcrypt String, including
+     * version, cost factor, salt and hash, separated by '$'
+     *
+     * @param cost     the cost factor, treated as an exponent of 2
+     * @param salt     a 16 byte salt
+     * @param password the password
+     * @return a 60 character Bcrypt String
+     */
+    public static String generate(
+        char[] password,
+        byte[] salt,
+        int cost)
+    {
+        if (password == null)
+        {
+            throw new IllegalArgumentException("Password required.");
+        }
+        if (salt == null)
+        {
+            throw new IllegalArgumentException("Salt required.");
+        }
+        else if (salt.length != 16)
+        {
+            throw new DataLengthException("16 byte salt required: " + salt.length);
+        }
+        if (cost < 4 || cost > 31) // Minimum rounds: 16, maximum 2^31
+        {
+            throw new IllegalArgumentException("Invalid cost factor.");
+        }
+
+        byte[] psw = Strings.toUTF8ByteArray(password);
+
+        // 0 termination:
+
+        byte[] tmp = new byte[psw.length >= 72 ? 72 : psw.length + 1];
+
+        if (tmp.length > psw.length)
+        {
+            System.arraycopy(psw, 0, tmp, 0, psw.length);
+        }
+        else
+        {
+            System.arraycopy(psw, 0, tmp, 0, tmp.length);
+        }
+
+        Arrays.fill(psw, (byte)0);
+
+        String rv = createBcryptString(tmp, salt, cost);
+
+        Arrays.fill(tmp, (byte)0);
+
+        return rv;
+    }
+
+    /**
+     * Checks if a password corresponds to a 60 character Bcrypt String
+     *
+     * @param bcryptString a 60 character Bcrypt String, including
+     *                     version, cost factor, salt and hash,
+     *                     separated by '$'
+     * @param password     the password as an array of chars
+     * @return true if the password corresponds to the
+     * Bcrypt String, otherwise false
+     */
+    public static boolean checkPassword(
+        String bcryptString,
+        char[] password)
+    {
+        // validate bcryptString:
+        if (bcryptString.length() != 60)
+        {
+            throw new DataLengthException("Bcrypt String length: "
+                + bcryptString.length() + ", 60 required.");
+        }
+        if (bcryptString.charAt(0) != '$'
+            || bcryptString.charAt(3) != '$'
+            || bcryptString.charAt(6) != '$')
+        {
+            throw new IllegalArgumentException("Invalid Bcrypt String format.");
+        }
+        if (!bcryptString.substring(1, 3).equals(version))
+        {
+            throw new IllegalArgumentException("Wrong Bcrypt version, 2a expected.");
+        }
+        int cost = 0;
+        try
+        {
+            cost = Integer.parseInt(bcryptString.substring(4, 6));
+        }
+        catch (NumberFormatException nfe)
+        {
+            throw new IllegalArgumentException("Invalid cost factor:"
+                + bcryptString.substring(4, 6));
+        }
+        if (cost < 4 || cost > 31)
+        {
+            throw new IllegalArgumentException("Invalid cost factor: "
+                + cost + ", 4 < cost < 31 expected.");
+        }
+        // check password:
+        if (password == null)
+        {
+            throw new IllegalArgumentException("Missing password.");
+        }
+        byte[] salt = decodeSaltString(
+            bcryptString.substring(bcryptString.lastIndexOf('$') + 1,
+                bcryptString.length() - 31));
+
+        String newBcryptString = generate(password, salt, cost);
+
+        return bcryptString.equals(newBcryptString);
+    }
+
+    /*
+     * encode the input data producing a Bcrypt base 64 String.
+     *
+     * @param 	a byte representation of the salt or the password
+     * @return 	the Bcrypt base64 String
+     */
+    private static String encodeData(
+        byte[] data)
+
+    {
+        if (data.length != 24 && data.length != 16) // 192 bit key or 128 bit salt expected
+        {
+            throw new DataLengthException("Invalid length: " + data.length + ", 24 for key or 16 for salt expected");
+        }
+        boolean salt = false;
+        if (data.length == 16)//salt
+        {
+            salt = true;
+            byte[] tmp = new byte[18];// zero padding
+            System.arraycopy(data, 0, tmp, 0, data.length);
+            data = tmp;
+        }
+        else // key
+        {
+            data[data.length - 1] = (byte)0;
+        }
+
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        int len = data.length;
+
+        int a1, a2, a3;
+        int i;
+        for (i = 0; i < len; i += 3)
+        {
+            a1 = data[i] & 0xff;
+            a2 = data[i + 1] & 0xff;
+            a3 = data[i + 2] & 0xff;
+
+            out.write(encodingTable[(a1 >>> 2) & 0x3f]);
+            out.write(encodingTable[((a1 << 4) | (a2 >>> 4)) & 0x3f]);
+            out.write(encodingTable[((a2 << 2) | (a3 >>> 6)) & 0x3f]);
+            out.write(encodingTable[a3 & 0x3f]);
+        }
+
+        String result = Strings.fromByteArray(out.toByteArray());
+        if (salt == true)// truncate padding
+        {
+            return result.substring(0, 22);
+        }
+        else
+        {
+            return result.substring(0, result.length() - 1);
+        }
+    }
+
+
+    /*
+     * decodes the bcrypt base 64 encoded SaltString
+     *
+     * @param 		a 22 character Bcrypt base 64 encoded String 
+     * @return 		the 16 byte salt
+     * @exception 	DataLengthException if the length 
+     * 				of parameter is not 22
+     * @exception 	InvalidArgumentException if the parameter
+     * 				contains a value other than from Bcrypts base 64 encoding table
+     */
+    private static byte[] decodeSaltString(
+        String saltString)
+    {
+        char[] saltChars = saltString.toCharArray();
+
+        ByteArrayOutputStream out = new ByteArrayOutputStream(16);
+        byte b1, b2, b3, b4;
+
+        if (saltChars.length != 22)// bcrypt salt must be 22 (16 bytes)
+        {
+            throw new DataLengthException("Invalid base64 salt length: " + saltChars.length + " , 22 required.");
+        }
+
+        // check String for invalid characters:
+        for (int i = 0; i < saltChars.length; i++)
+        {
+            int value = saltChars[i];
+            if (value > 122 || value < 46 || (value > 57 && value < 65))
+            {
+                throw new IllegalArgumentException("Salt string contains invalid character: " + value);
+            }
+        }
+
+        // Padding: add two '\u0000'
+        char[] tmp = new char[22 + 2];
+        System.arraycopy(saltChars, 0, tmp, 0, saltChars.length);
+        saltChars = tmp;
+
+        int len = saltChars.length;
+
+        for (int i = 0; i < len; i += 4)
+        {
+            b1 = decodingTable[saltChars[i]];
+            b2 = decodingTable[saltChars[i + 1]];
+            b3 = decodingTable[saltChars[i + 2]];
+            b4 = decodingTable[saltChars[i + 3]];
+
+            out.write((b1 << 2) | (b2 >> 4));
+            out.write((b2 << 4) | (b3 >> 2));
+            out.write((b3 << 6) | b4);
+        }
+
+        byte[] saltBytes = out.toByteArray();
+
+        // truncate:
+        byte[] tmpSalt = new byte[16];
+        System.arraycopy(saltBytes, 0, tmpSalt, 0, tmpSalt.length);
+        saltBytes = tmpSalt;
+
+        return saltBytes;
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/Poly1305KeyGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/Poly1305KeyGenerator.java
index 9165973..59eee39 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/Poly1305KeyGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/Poly1305KeyGenerator.java
@@ -53,7 +53,7 @@ public class Poly1305KeyGenerator
      * <li>r[4], r[8], r[12] have bottom two bits clear (i.e., are in {0, 4, 8, . . . , 252})</li>
      * </ul>
      *
-     * @param a 32 byte key value <code>k[0] ... k[15], r[0] ... r[15]</code>
+     * @param key a 32 byte key value <code>k[0] ... k[15], r[0] ... r[15]</code>
      */
     public static void clamp(byte[] key)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
index f58069d..7277045 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
@@ -1,13 +1,14 @@
 package org.bouncycastle.crypto.generators;
 
+import java.math.BigInteger;
+
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-
-import java.math.BigInteger;
+import org.bouncycastle.math.ec.WNafUtil;
 
 /**
  * an RSA key pair generator.
@@ -19,129 +20,156 @@ public class RSAKeyPairGenerator
 
     private RSAKeyGenerationParameters param;
 
-    public void init(
-        KeyGenerationParameters param)
+    public void init(KeyGenerationParameters param)
     {
         this.param = (RSAKeyGenerationParameters)param;
     }
 
     public AsymmetricCipherKeyPair generateKeyPair()
     {
-        BigInteger    p, q, n, d, e, pSub1, qSub1, phi;
+        AsymmetricCipherKeyPair result = null;
+        boolean done = false;
 
-        //
-        // p and q values should have a length of half the strength in bits
-        //
-        int strength = param.getStrength();
-        int pbitlength = (strength + 1) / 2;
-        int qbitlength = strength - pbitlength;
-        int mindiffbits = strength / 3;
+        while (!done)
+        {
+            BigInteger p, q, n, d, e, pSub1, qSub1, phi, lcm, dLowerBound;
 
-        e = param.getPublicExponent();
+            //
+            // p and q values should have a length of half the strength in bits
+            //
+            int strength = param.getStrength();
+            int pbitlength = (strength + 1) / 2;
+            int qbitlength = strength - pbitlength;
+            int mindiffbits = strength / 3;
+            int minWeight = strength >> 2;
 
-        // TODO Consider generating safe primes for p, q (see DHParametersHelper.generateSafePrimes)
-        // (then p-1 and q-1 will not consist of only small factors - see "Pollard's algorithm")
+            e = param.getPublicExponent();
 
-        //
-        // generate p, prime and (p-1) relatively prime to e
-        //
-        for (;;)
-        {
-            p = new BigInteger(pbitlength, 1, param.getRandom());
-            
-            if (p.mod(e).equals(ONE))
-            {
-                continue;
-            }
-            
-            if (!p.isProbablePrime(param.getCertainty()))
-            {
-                continue;
-            }
-            
-            if (e.gcd(p.subtract(ONE)).equals(ONE)) 
-            {
-                break;
-            }
-        }
+            // TODO Consider generating safe primes for p, q (see DHParametersHelper.generateSafePrimes)
+            // (then p-1 and q-1 will not consist of only small factors - see "Pollard's algorithm")
 
-        //
-        // generate a modulus of the required length
-        //
-        for (;;)
-        {
-            // generate q, prime and (q-1) relatively prime to e,
-            // and not equal to p
+            p = chooseRandomPrime(pbitlength, e);
+
+            //
+            // generate a modulus of the required length
             //
             for (;;)
             {
-                q = new BigInteger(qbitlength, 1, param.getRandom());
+                q = chooseRandomPrime(qbitlength, e);
 
-                if (q.subtract(p).abs().bitLength() < mindiffbits)
+                // p and q should not be too close together (or equal!)
+                BigInteger diff = q.subtract(p).abs();
+                if (diff.bitLength() < mindiffbits)
                 {
                     continue;
                 }
-                
-                if (q.mod(e).equals(ONE))
+
+                //
+                // calculate the modulus
+                //
+                n = p.multiply(q);
+
+                if (n.bitLength() != strength)
                 {
+                    //
+                    // if we get here our primes aren't big enough, make the largest
+                    // of the two p and try again
+                    //
+                    p = p.max(q);
                     continue;
                 }
-            
-                if (!q.isProbablePrime(param.getCertainty()))
+
+	            /*
+	             * Require a minimum weight of the NAF representation, since low-weight composites may
+	             * be weak against a version of the number-field-sieve for factoring.
+	             *
+	             * See "The number field sieve for integers of low weight", Oliver Schirokauer.
+	             */
+                if (WNafUtil.getNafWeight(n) < minWeight)
                 {
+                    p = chooseRandomPrime(pbitlength, e);
                     continue;
                 }
-            
-                if (e.gcd(q.subtract(ONE)).equals(ONE)) 
-                {
-                    break;
-                } 
+
+                break;
+            }
+
+            if (p.compareTo(q) < 0)
+            {
+                phi = p;
+                p = q;
+                q = phi;
             }
 
+            pSub1 = p.subtract(ONE);
+            qSub1 = q.subtract(ONE);
+            phi = pSub1.multiply(qSub1);
+            lcm = phi.divide(pSub1.gcd(qSub1));
+
             //
-            // calculate the modulus
+            // calculate the private exponent
             //
-            n = p.multiply(q);
+            d = e.modInverse(lcm);
 
-            if (n.bitLength() == param.getStrength()) 
+            // if d is less than or equal to dLowerBound, we need to start over
+            // also, for backward compatibility, if d is not the same as
+            // e.modInverse(phi), we need to start over
+
+            if (d.bitLength() <= qbitlength || !d.equals(e.modInverse(phi)))
             {
-                break;
-            } 
+                continue;
+            }
+            else
+            {
+                done = true;
+            }
 
             //
-            // if we get here our primes aren't big enough, make the largest
-            // of the two p and try again
+            // calculate the CRT factors
             //
-            p = p.max(q);
-        }
+            BigInteger dP, dQ, qInv;
 
-        if (p.compareTo(q) < 0)
-        {
-            phi = p;
-            p = q;
-            q = phi;
-        }
-
-        pSub1 = p.subtract(ONE);
-        qSub1 = q.subtract(ONE);
-        phi = pSub1.multiply(qSub1);
+            dP = d.remainder(pSub1);
+            dQ = d.remainder(qSub1);
+            qInv = q.modInverse(p);
 
-        //
-        // calculate the private exponent
-        //
-        d = e.modInverse(phi);
+            result = new AsymmetricCipherKeyPair(
+                new RSAKeyParameters(false, n, e),
+                new RSAPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv));
+        }
 
-        //
-        // calculate the CRT factors
-        //
-        BigInteger    dP, dQ, qInv;
+        return result;
+    }
 
-        dP = d.remainder(pSub1);
-        dQ = d.remainder(qSub1);
-        qInv = q.modInverse(p);
+    /**
+     * Choose a random prime value for use with RSA
+     * 
+     * @param bitlength the bit-length of the returned prime
+     * @param e the RSA public exponent
+     * @return a prime p, with (p-1) relatively prime to e
+     */
+    protected BigInteger chooseRandomPrime(int bitlength, BigInteger e)
+    {
+        for (;;)
+        {
+            BigInteger p = new BigInteger(bitlength, 1, param.getRandom());
+            
+            if (p.mod(e).equals(ONE))
+            {
+                continue;
+            }
+            
+            if (!p.isProbablePrime(param.getCertainty()))
+            {
+                continue;
+            }
 
-        return new AsymmetricCipherKeyPair(
-                new RSAKeyParameters(false, n, e),
-                new RSAPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv));
+            if (!e.gcd(p.subtract(ONE)).equals(ONE)) 
+            {
+                continue;
+            }
+            
+            return p;
+        }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/SCrypt.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/SCrypt.java
index da22fa4..0b3dc14 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/SCrypt.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/SCrypt.java
@@ -4,14 +4,65 @@ import org.bouncycastle.crypto.PBEParametersGenerator;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.engines.Salsa20Engine;
 import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Arrays;
-
+import org.bouncycastle.util.Pack;
+
+/**
+ * Implementation of the scrypt a password-based key derivation function.
+ * <p>
+ * Scrypt was created by Colin Percival and is specified in <a
+ * href="http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01">draft-josefsson-scrypt-kd</a>
+ *
+ */
 public class SCrypt
 {
-    // TODO Validate arguments
+    /**
+     * Generate a key using the scrypt key derivation function.
+     * 
+     * @param P the bytes of the pass phrase.
+     * @param S the salt to use for this invocation.
+     * @param N CPU/Memory cost parameter. Must be larger than 1, a power of 2 and less than
+     *            <code>2^(128 * r / 8)</code>.
+     * @param r the block size, must be >= 1.
+     * @param p Parallelization parameter. Must be a positive integer less than or equal to
+     *            <code>Integer.MAX_VALUE / (128 * r * 8)</code>.
+     * 
+     * @param dkLen the length of the key to generate.
+     * @return the generated key.
+     */
     public static byte[] generate(byte[] P, byte[] S, int N, int r, int p, int dkLen)
     {
+        if (P== null)
+        {
+            throw new IllegalArgumentException("Passphrase P must be provided.");
+        }
+        if (S == null)
+        {
+            throw new IllegalArgumentException("Salt S must be provided.");
+        }
+        if (N <= 1)
+        {
+            throw new IllegalArgumentException("Cost parameter N must be > 1.");
+        }
+        // Only value of r that cost (as an int) could be exceeded for is 1
+        if (r == 1 && N > 65536)
+        {
+            throw new IllegalArgumentException("Cost parameter N must be > 1 and < 65536.");
+        }
+        if (r < 1)
+        {
+            throw new IllegalArgumentException("Block size r must be >= 1.");
+        }
+        int maxParallel = Integer.MAX_VALUE / (128 * r * 8);
+        if (p < 1 || p > maxParallel)
+        {
+            throw new IllegalArgumentException("Parallelisation parameter p must be >= 1 and <= " + maxParallel
+                + " (based on block size r of " + r + ")");
+        }
+        if (dkLen < 1)
+        {
+            throw new IllegalArgumentException("Generated key length dkLen must be >= 1.");
+        }
         return MFcrypt(P, S, N, r, p, dkLen);
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/generators/package.html
new file mode 100644
index 0000000..9d73ce3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Generators for keys, key pairs and password based encryption algorithms.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherIOException.java b/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherIOException.java
new file mode 100644
index 0000000..beeb60b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherIOException.java
@@ -0,0 +1,26 @@
+package org.bouncycastle.crypto.io;
+
+import java.io.IOException;
+
+/**
+ * {@link IOException} wrapper around an exception indicating a problem with the use of a cipher.
+ */
+public class CipherIOException
+    extends IOException
+{
+    private static final long serialVersionUID = 1L;
+
+    private final Throwable cause;
+
+    public CipherIOException(String message, Throwable cause)
+    {
+        super(message);
+
+        this.cause = cause;
+    }
+
+    public Throwable getCause()
+    {
+        return cause;
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java b/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java
index 93b04e9..b06d1f5 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java
@@ -6,14 +6,16 @@ import java.io.InputStream;
 
 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.SkippingCipher;
 import org.bouncycastle.crypto.StreamCipher;
 import org.bouncycastle.crypto.modes.AEADBlockCipher;
+import org.bouncycastle.util.Arrays;
 
 /**
  * A CipherInputStream is composed of an InputStream and a cipher so that read() methods return data
  * that are read in from the underlying InputStream but have been additionally processed by the
  * Cipher. The cipher must be fully initialized before being used by a CipherInputStream.
- * <p/>
+ * <p>
  * For example, if the Cipher is initialized for decryption, the
  * CipherInputStream will attempt to read in data and decrypt them,
  * before returning the decrypted data.
@@ -21,18 +23,24 @@ import org.bouncycastle.crypto.modes.AEADBlockCipher;
 public class CipherInputStream
     extends FilterInputStream
 {
+    private static final int INPUT_BUF_SIZE = 2048;
+
+    private SkippingCipher skippingCipher;
+    private byte[] inBuf;
+
     private BufferedBlockCipher bufferedBlockCipher;
     private StreamCipher streamCipher;
     private AEADBlockCipher aeadBlockCipher;
 
-    private final byte[] buf;
-    private final byte[] inBuf;
+    private byte[] buf;
+    private byte[] markBuf;
+
 
     private int bufOff;
     private int maxBuf;
     private boolean finalized;
-
-    private static final int INPUT_BUF_SIZE = 2048;
+    private long markPosition;
+    private int markBufOff;
 
     /**
      * Constructs a CipherInputStream from an InputStream and a
@@ -42,37 +50,73 @@ public class CipherInputStream
         InputStream is,
         BufferedBlockCipher cipher)
     {
+        this(is, cipher, INPUT_BUF_SIZE);
+    }
+
+    /**
+     * Constructs a CipherInputStream from an InputStream and a StreamCipher.
+     */
+    public CipherInputStream(
+        InputStream is,
+        StreamCipher cipher)
+    {
+        this(is, cipher, INPUT_BUF_SIZE);
+    }
+
+    /**
+     * Constructs a CipherInputStream from an InputStream and an AEADBlockCipher.
+     */
+    public CipherInputStream(
+        InputStream is,
+        AEADBlockCipher cipher)
+    {
+        this(is, cipher, INPUT_BUF_SIZE);
+    }
+
+    /**
+     * Constructs a CipherInputStream from an InputStream, a
+     * BufferedBlockCipher, and a specified internal buffer size.
+     */
+    public CipherInputStream(
+        InputStream is,
+        BufferedBlockCipher cipher,
+        int bufSize)
+    {
         super(is);
 
         this.bufferedBlockCipher = cipher;
-
-        buf = new byte[cipher.getOutputSize(INPUT_BUF_SIZE)];
-        inBuf = new byte[INPUT_BUF_SIZE];
+        this.inBuf = new byte[bufSize];
+        this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null;
     }
 
+    /**
+     * Constructs a CipherInputStream from an InputStream, a StreamCipher, and a specified internal buffer size.
+     */
     public CipherInputStream(
         InputStream is,
-        StreamCipher cipher)
+        StreamCipher cipher,
+        int bufSize)
     {
         super(is);
 
         this.streamCipher = cipher;
-
-        buf = new byte[INPUT_BUF_SIZE];
-        inBuf = new byte[INPUT_BUF_SIZE];
+        this.inBuf = new byte[bufSize];
+        this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null;
     }
 
     /**
-     * Constructs a CipherInputStream from an InputStream and an AEADBlockCipher.
+     * Constructs a CipherInputStream from an InputStream, an AEADBlockCipher, and a specified internal buffer size.
      */
-    public CipherInputStream(InputStream is, AEADBlockCipher cipher)
+    public CipherInputStream(
+        InputStream is,
+        AEADBlockCipher cipher,
+        int bufSize)
     {
         super(is);
 
         this.aeadBlockCipher = cipher;
-
-        buf = new byte[cipher.getOutputSize(INPUT_BUF_SIZE)];
-        inBuf = new byte[INPUT_BUF_SIZE];
+        this.inBuf = new byte[bufSize];
+        this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null;
     }
 
     /**
@@ -108,6 +152,7 @@ public class CipherInputStream
 
             try
             {
+                ensureCapacity(read, false);
                 if (bufferedBlockCipher != null)
                 {
                     maxBuf = bufferedBlockCipher.processBytes(inBuf, 0, read, buf, 0);
@@ -124,7 +169,7 @@ public class CipherInputStream
             }
             catch (Exception e)
             {
-                throw new IOException("Error processing stream " + e);
+                throw new CipherIOException("Error processing stream ", e);
             }
         }
         return maxBuf;
@@ -136,6 +181,7 @@ public class CipherInputStream
         try
         {
             finalized = true;
+            ensureCapacity(0, true);
             if (bufferedBlockCipher != null)
             {
                 maxBuf = bufferedBlockCipher.doFinal(buf, 0);
@@ -162,9 +208,9 @@ public class CipherInputStream
     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and returns the next available byte.
-     * <p/>
+     * <p>
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
-     *
+     * </p>
      * @throws IOException if there was an error closing the input stream.
      * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
      * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
@@ -186,9 +232,9 @@ public class CipherInputStream
     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and then returns up to <code>b.length</code> bytes in the provided array.
-     * <p/>
+     * <p>
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
-     *
+     * </p>
      * @param b the buffer into which the data is read.
      * @return the total number of bytes read into the buffer, or <code>-1</code> if there is no
      *         more data because the end of the stream has been reached.
@@ -206,9 +252,9 @@ public class CipherInputStream
     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and then returns up to <code>len</code> bytes in the provided array.
-     * <p/>
+     * <p>
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
-     *
+     * </p>
      * @param b   the buffer into which the data is read.
      * @param off the start offset in the destination array <code>b</code>
      * @param len the maximum number of bytes read.
@@ -247,9 +293,36 @@ public class CipherInputStream
             return 0;
         }
 
-        int skip = (int)Math.min(n, available());
-        bufOff += skip;
-        return skip;
+        if (skippingCipher != null)
+        {
+            int avail = available();
+            if (n <= avail)
+            {
+                bufOff += n;
+
+                return n;
+            }
+
+            bufOff = maxBuf;
+
+            long skip = in.skip(n - avail);
+
+            long cSkip = skippingCipher.skip(skip);
+
+            if (skip != cSkip)
+            {
+                throw new IOException("Unable to skip cipher " + skip + " bytes.");
+            }
+
+            return skip + avail;
+        }
+        else
+        {
+            int skip = (int)Math.min(n, available());
+            bufOff += skip;
+
+            return skip;
+        }
     }
 
     public int available()
@@ -259,11 +332,49 @@ public class CipherInputStream
     }
 
     /**
+     * Ensure the cipher text buffer has space sufficient to accept an upcoming output.
+     *
+     * @param updateSize the size of the pending update.
+     * @param finalOutput <code>true</code> iff this the cipher is to be finalised.
+     */
+    private void ensureCapacity(int updateSize, boolean finalOutput)
+    {
+        int bufLen = updateSize;
+        if (finalOutput)
+        {
+            if (bufferedBlockCipher != null)
+            {
+                bufLen = bufferedBlockCipher.getOutputSize(updateSize);
+            }
+            else if (aeadBlockCipher != null)
+            {
+                bufLen = aeadBlockCipher.getOutputSize(updateSize);
+            }
+        }
+        else
+        {
+            if (bufferedBlockCipher != null)
+            {
+                bufLen = bufferedBlockCipher.getUpdateOutputSize(updateSize);
+            }
+            else if (aeadBlockCipher != null)
+            {
+                bufLen = aeadBlockCipher.getUpdateOutputSize(updateSize);
+            }
+        }
+
+        if ((buf == null) || (buf.length < bufLen))
+        {
+            buf = new byte[bufLen];
+        }
+    }
+
+    /**
      * Closes the underlying input stream and finalises the processing of the data by the cipher.
      *
      * @throws IOException if there was an error closing the input stream.
      * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
-     * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
+     *             (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
      */
     public void close()
         throws IOException
@@ -282,19 +393,84 @@ public class CipherInputStream
             }
         }
         maxBuf = bufOff = 0;
+        markBufOff = 0;
+        markPosition = 0;
+        if (markBuf != null)
+        {
+            Arrays.fill(markBuf, (byte)0);
+            markBuf = null;
+        }
+        if (buf != null)
+        {
+            Arrays.fill(buf, (byte)0);
+            buf = null;
+        }
+        Arrays.fill(inBuf, (byte)0);
     }
 
+    /**
+     * Mark the current position.
+     * <p>
+     * This method only works if markSupported() returns true - which means the underlying stream supports marking, and the cipher passed
+     * in to this stream's constructor is a SkippingCipher (so capable of being reset to an arbitrary point easily).
+     * </p>
+     * @param readlimit the maximum read ahead required before a reset() may be called.
+     */
     public void mark(int readlimit)
     {
+        in.mark(readlimit);
+        if (skippingCipher != null)
+        {
+            markPosition = skippingCipher.getPosition();
+        }
+
+        if (buf != null)
+        {
+            markBuf = new byte[buf.length];
+            System.arraycopy(buf, 0, markBuf, 0, buf.length);
+        }
+
+        markBufOff = bufOff;
     }
 
+    /**
+     * Reset to the last marked position, if supported.
+     *
+     * @throws IOException if marking not supported by the cipher used, or the underlying stream.
+     */
     public void reset()
         throws IOException
     {
-    }
+        if (skippingCipher == null)
+        {
+            throw new IOException("cipher must implement SkippingCipher to be used with reset()");
+        }
+
+        in.reset();
+
+        skippingCipher.seekTo(markPosition);
+
+        if (markBuf != null)
+        {
+            buf = markBuf;
+        }
 
+        bufOff = markBufOff;
+     }
+
+    /**
+     * Return true if mark(readlimit) is supported. This will be true if the underlying stream supports marking and the
+     * cipher used is a SkippingCipher,
+     *
+     * @return true if mark(readlimit) supported, false otherwise.
+     */
     public boolean markSupported()
     {
+        if (skippingCipher != null)
+        {
+            return in.markSupported();
+        }
+
         return false;
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java b/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java
index 9beb5b9..5d5f0d1 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java
@@ -14,7 +14,7 @@ import org.bouncycastle.crypto.modes.AEADBlockCipher;
  * the written data with the cipher, and the output of the cipher is in turn written to the
  * underlying OutputStream. The cipher must be fully initialized before being used by a
  * CipherInputStream.
- * <p/>
+ * <p>
  * For example, if the cipher is initialized for encryption, the CipherOutputStream will encrypt the
  * data before writing the encrypted data to the underlying stream.
  */
@@ -86,7 +86,7 @@ public class CipherOutputStream
     /**
      * Writes <code>b.length</code> bytes from the specified byte array
      * to this output stream.
-     * <p/>
+     * <p>
      * The <code>write</code> method of
      * <code>CipherOutputStream</code> calls the <code>write</code>
      * method of three arguments with the three arguments
@@ -118,7 +118,7 @@ public class CipherOutputStream
         int len)
         throws IOException
     {
-        ensureCapacity(len);
+        ensureCapacity(len, false);
 
         if (bufferedBlockCipher != null)
         {
@@ -149,24 +149,35 @@ public class CipherOutputStream
     /**
      * Ensure the ciphertext buffer has space sufficient to accept an upcoming output.
      *
-     * @param outputSize the size of the pending update.
+     * @param updateSize the size of the pending update.
+     * @param finalOutput <code>true</code> iff this the cipher is to be finalised.
      */
-    private void ensureCapacity(int outputSize)
+    private void ensureCapacity(int updateSize, boolean finalOutput)
     {
-        // This overestimates buffer on updates for AEAD/padded, but keeps it simple.
-        int bufLen;
-        if (bufferedBlockCipher != null)
+        int bufLen = updateSize;
+        if (finalOutput)
         {
-            bufLen = bufferedBlockCipher.getOutputSize(outputSize);
-        }
-        else if (aeadBlockCipher != null)
-        {
-            bufLen = aeadBlockCipher.getOutputSize(outputSize);
+            if (bufferedBlockCipher != null)
+            {
+                bufLen = bufferedBlockCipher.getOutputSize(updateSize);
+            }
+            else if (aeadBlockCipher != null)
+            {
+                bufLen = aeadBlockCipher.getOutputSize(updateSize);
+            }
         }
         else
         {
-            bufLen = outputSize;
+            if (bufferedBlockCipher != null)
+            {
+                bufLen = bufferedBlockCipher.getUpdateOutputSize(updateSize);
+            }
+            else if (aeadBlockCipher != null)
+            {
+                bufLen = aeadBlockCipher.getUpdateOutputSize(updateSize);
+            }
         }
+
         if ((buf == null) || (buf.length < bufLen))
         {
             buf = new byte[bufLen];
@@ -177,8 +188,7 @@ public class CipherOutputStream
      * Flushes this output stream by forcing any buffered output bytes
      * that have already been processed by the encapsulated cipher object
      * to be written out.
-     * <p/>
-     * <p/>
+     * <p>
      * Any bytes buffered by the encapsulated cipher
      * and waiting to be processed by it will not be written out. For example,
      * if the encapsulated cipher is a block cipher, and the total number of
@@ -196,12 +206,12 @@ public class CipherOutputStream
     /**
      * Closes this output stream and releases any system resources
      * associated with this stream.
-     * <p/>
+     * <p>
      * This method invokes the <code>doFinal</code> method of the encapsulated
      * cipher object, which causes any bytes buffered by the encapsulated
      * cipher to be processed. The result is written out by calling the
      * <code>flush</code> method of this output stream.
-     * <p/>
+     * <p>
      * This method resets the encapsulated cipher object to its initial state
      * and calls the <code>close</code> method of the underlying output
      * stream.
@@ -213,7 +223,7 @@ public class CipherOutputStream
     public void close()
         throws IOException
     {
-        ensureCapacity(0);
+        ensureCapacity(0, true);
         IOException error = null;
         try
         {
@@ -242,7 +252,7 @@ public class CipherOutputStream
         }
         catch (Exception e)
         {
-            error = new IOException("Error closing stream: " + e);
+            error = new CipherIOException("Error closing stream: ", e);
         }
 
         try
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/io/InvalidCipherTextIOException.java b/bcprov/src/main/java/org/bouncycastle/crypto/io/InvalidCipherTextIOException.java
index b601d4c..46561c6 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/io/InvalidCipherTextIOException.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/io/InvalidCipherTextIOException.java
@@ -8,21 +8,12 @@ import java.io.IOException;
  * expose invalid ciphertext errors.
  */
 public class InvalidCipherTextIOException
-    extends IOException
+    extends CipherIOException
 {
     private static final long serialVersionUID = 1L;
 
-    private final Throwable cause;
-
     public InvalidCipherTextIOException(String message, Throwable cause)
     {
-        super(message);
-
-        this.cause = cause;
-    }
-
-    public Throwable getCause()
-    {
-        return cause;
+        super(message, cause);
     }
 }
 \ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/io/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/io/package.html
new file mode 100644
index 0000000..f2c9e40
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/io/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Classes for doing "enhanced" I/O with Digests and MACs.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java b/bcprov/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java
index 82ac20c..3513198 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.java
@@ -13,7 +13,10 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.KDFParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.BigIntegers;
 
 /**
@@ -120,8 +123,10 @@ public class ECIESKeyEncapsulation
         // Compute the static-ephemeral key agreement
         BigInteger rPrime = CofactorMode ? r.multiply(h).mod(n) : r;
 
+        ECMultiplier basePointMultiplier = createBasePointMultiplier();
+
         ECPoint[] ghTilde = new ECPoint[]{ 
-            ecParams.getG().multiply(r),
+            basePointMultiplier.multiply(ecParams.getG(), r),
             ecPubKey.getQ().multiply(rPrime)
         };
 
@@ -131,33 +136,13 @@ public class ECIESKeyEncapsulation
         ECPoint gTilde = ghTilde[0], hTilde = ghTilde[1];
 
         // Encode the ephemeral public key
-        byte[] C = gTilde.getEncoded();
+        byte[] C = gTilde.getEncoded(false);
         System.arraycopy(C, 0, out, outOff, C.length);
 
         // Encode the shared secret value
         byte[] PEH = hTilde.getAffineXCoord().getEncoded();
 
-        // Initialise the KDF
-        byte[] kdfInput;
-        if (SingleHashMode)
-        {
-            kdfInput = new byte[C.length + PEH.length];
-            System.arraycopy(C, 0, kdfInput, 0, C.length);
-            System.arraycopy(PEH, 0, kdfInput, C.length, PEH.length);
-        }
-        else
-        {
-            kdfInput = PEH;
-        }
-
-        kdf.init(new KDFParameters(kdfInput, null));
-
-        // Generate the secret key
-        byte[] K = new byte[keyLen];
-        kdf.generateBytes(K, 0, K.length);
-
-        // Return the ciphertext
-        return new KeyParameter(K);
+        return deriveKey(keyLen, C, PEH);
     }
 
     /**
@@ -220,25 +205,7 @@ public class ECIESKeyEncapsulation
         // Encode the shared secret value
         byte[] PEH = hTilde.getAffineXCoord().getEncoded();
 
-        // Initialise the KDF
-        byte[] kdfInput;
-        if (SingleHashMode)
-        {
-            kdfInput = new byte[C.length + PEH.length];
-            System.arraycopy(C, 0, kdfInput, 0, C.length);
-            System.arraycopy(PEH, 0, kdfInput, C.length, PEH.length);
-        }
-        else
-        {
-            kdfInput = PEH;
-        }
-        kdf.init(new KDFParameters(kdfInput, null));
-
-        // Generate the secret key
-        byte[] K = new byte[keyLen];
-        kdf.generateBytes(K, 0, K.length);
-
-        return new KeyParameter(K);
+        return deriveKey(keyLen, C, PEH);
     }
 
     /**
@@ -252,4 +219,36 @@ public class ECIESKeyEncapsulation
     {
         return decrypt(in, 0, in.length, keyLen);
     }
+
+    protected ECMultiplier createBasePointMultiplier()
+    {
+        return new FixedPointCombMultiplier();
+    }
+
+    protected KeyParameter deriveKey(int keyLen, byte[] C, byte[] PEH)
+    {
+        byte[] kdfInput = PEH;
+        if (SingleHashMode)
+        {
+            kdfInput = Arrays.concatenate(C, PEH);
+            Arrays.fill(PEH, (byte)0);
+        }
+
+        try
+        {
+            // Initialise the KDF
+            kdf.init(new KDFParameters(kdfInput, null));
+    
+            // Generate the secret key
+            byte[] K = new byte[keyLen];
+            kdf.generateBytes(K, 0, K.length);
+
+            // Return the ciphertext
+            return new KeyParameter(K);
+        }
+        finally
+        {
+            Arrays.fill(kdfInput, (byte)0);
+        }
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/kems/RSAKeyEncapsulation.java b/bcprov/src/main/java/org/bouncycastle/crypto/kems/RSAKeyEncapsulation.java
index 8c1a172..42fc235 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/kems/RSAKeyEncapsulation.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/kems/RSAKeyEncapsulation.java
@@ -38,7 +38,6 @@ public class RSAKeyEncapsulation
         this.rnd = rnd;
     }
 
-
     /**
      * Initialise the RSA-KEM.
      *
@@ -51,12 +50,9 @@ public class RSAKeyEncapsulation
         {
             throw new IllegalArgumentException("RSA key required");
         }
-        else
-        {
-            this.key = (RSAKeyParameters)key;
-        }
-    }
 
+        this.key = (RSAKeyParameters)key;
+    }
 
     /**
      * Generate and encapsulate a random session key.
@@ -79,25 +75,15 @@ public class RSAKeyEncapsulation
 
         // Generate the ephemeral random and encode it    
         BigInteger r = BigIntegers.createRandomInRange(ZERO, n.subtract(ONE), rnd);
-        byte[] R = BigIntegers.asUnsignedByteArray((n.bitLength() + 7) / 8, r);
 
         // Encrypt the random and encode it     
         BigInteger c = r.modPow(e, n);
         byte[] C = BigIntegers.asUnsignedByteArray((n.bitLength() + 7) / 8, c);
         System.arraycopy(C, 0, out, outOff, C.length);
 
-
-        // Initialise the KDF
-        kdf.init(new KDFParameters(R, null));
-
-        // Generate the secret key
-        byte[] K = new byte[keyLen];
-        kdf.generateBytes(K, 0, K.length);
-
-        return new KeyParameter(K);
+        return generateKey(n, r, keyLen);
     }
 
-
     /**
      * Generate and encapsulate a random session key.
      *
@@ -110,7 +96,6 @@ public class RSAKeyEncapsulation
         return encrypt(out, 0, keyLen);
     }
 
-
     /**
      * Decrypt an encapsulated session key.
      *
@@ -138,16 +123,8 @@ public class RSAKeyEncapsulation
 
         // Decrypt the ephemeral random and encode it
         BigInteger r = c.modPow(d, n);
-        byte[] R = BigIntegers.asUnsignedByteArray((n.bitLength() + 7) / 8, r);
 
-        // Initialise the KDF
-        kdf.init(new KDFParameters(R, null));
-
-        // Generate the secret key
-        byte[] K = new byte[keyLen];
-        kdf.generateBytes(K, 0, K.length);
-
-        return new KeyParameter(K);
+        return generateKey(n, r, keyLen);
     }
 
     /**
@@ -161,4 +138,18 @@ public class RSAKeyEncapsulation
     {
         return decrypt(in, 0, in.length, keyLen);
     }
+
+    protected KeyParameter generateKey(BigInteger n, BigInteger r, int keyLen)
+    {
+        byte[] R = BigIntegers.asUnsignedByteArray((n.bitLength() + 7) / 8, r);
+
+        // Initialise the KDF
+        kdf.init(new KDFParameters(R, null));
+
+        // Generate the secret key
+        byte[] K = new byte[keyLen];
+        kdf.generateBytes(K, 0, K.length);
+
+        return new KeyParameter(K);
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/kems/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/kems/package.html
new file mode 100644
index 0000000..88fddd0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/kems/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Key Encapsulation Mechanisms.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/CMac.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/CMac.java
index 1aa8ede..0492ae6 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/CMac.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/CMac.java
@@ -58,14 +58,14 @@ public class CMac implements Mac
     /**
      * create a standard MAC based on a block cipher with the size of the
      * MAC been given in bits.
-     * <p/>
+     * <p>
      * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
      * or 16 bits if being used as a data authenticator (FIPS Publication 113),
      * and in general should be less than the size of the block cipher as it reduces
      * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
      *
      * @param cipher        the cipher to be used as the basis of the MAC generation.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and <= 128.
+     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and &lt;= 128.
      */
     public CMac(BlockCipher cipher, int macSizeInBits)
     {
@@ -133,24 +133,31 @@ public class CMac implements Mac
 
     public void init(CipherParameters params)
     {
-        if (params instanceof KeyParameter)
-        {
-            cipher.init(true, params);
-    
-            //initializes the L, Lu, Lu2 numbers
-            L = new byte[ZEROES.length];
-            cipher.processBlock(ZEROES, 0, L, 0);
-            Lu = doubleLu(L);
-            Lu2 = doubleLu(Lu);
-        } else if (params != null)
-        {
-            // CMAC mode does not permit IV to underlying CBC mode
-            throw new IllegalArgumentException("CMac mode only permits key to be set.");
-        }
+        validate(params);
+
+        cipher.init(true, params);
+
+        //initializes the L, Lu, Lu2 numbers
+        L = new byte[ZEROES.length];
+        cipher.processBlock(ZEROES, 0, L, 0);
+        Lu = doubleLu(L);
+        Lu2 = doubleLu(Lu);
 
         reset();
     }
 
+    void validate(CipherParameters params)
+    {
+        if (params != null)
+        {
+            if (!(params instanceof KeyParameter))
+            {
+                // CMAC mode does not permit IV to underlying CBC mode
+                throw new IllegalArgumentException("CMac mode only permits key to be set.");
+            }
+        }
+    }
+
     public int getMacSize()
     {
         return macSize;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/CMacWithIV.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/CMacWithIV.java
new file mode 100644
index 0000000..a0371d9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/CMacWithIV.java
@@ -0,0 +1,27 @@
+package org.bouncycastle.crypto.macs;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+
+/**
+ * A non-NIST variant which allows passing of an IV to the underlying CBC cipher.
+ * <p>Note: there isn't really a good reason to use an IV here, use the regular CMac where possible.</p>
+ */
+public class CMacWithIV
+    extends CMac
+{
+    public CMacWithIV(BlockCipher cipher)
+    {
+        super(cipher);
+    }
+
+    public CMacWithIV(BlockCipher cipher, int macSizeInBits)
+    {
+        super(cipher, macSizeInBits);
+    }
+
+    void validate(CipherParameters params)
+    {
+        // accept all
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/GMac.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/GMac.java
index 8aae1e2..b34f9ea 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/GMac.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/GMac.java
@@ -23,7 +23,7 @@ public class GMac implements Mac
 
     /**
      * Creates a GMAC based on the operation of a block cipher in GCM mode.
-     * <p/>
+     * <p>
      * This will produce an authentication code the length of the block size of the cipher.
      * 
      * @param cipher
@@ -40,7 +40,8 @@ public class GMac implements Mac
      * Creates a GMAC based on the operation of a 128 bit block cipher in GCM mode.
      * 
      * @param macSizeBits
-     *            the mac size to generate, in bits. Must be a multiple of 8 and >= 96 and <= 128.
+     *            the mac size to generate, in bits. Must be a multiple of 8 and &gt;= 32 and &lt;= 128.
+     *            Sizes less than 96 are not recommended, but are supported for specialized applications.
      * @param cipher
      *            the cipher to be used in GCM mode to generate the MAC.
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java
index 150eb61..7a346f1 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java
@@ -7,7 +7,7 @@ import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Pack;
 
 /**
  * Poly1305 message authentication code, designed by D. J. Bernstein.
@@ -53,6 +53,14 @@ public class Poly1305
     private int h0, h1, h2, h3, h4;
 
     /**
+     * Constructs a Poly1305 MAC, where the key passed to init() will be used directly.
+     */
+    public Poly1305()
+    {
+        this.cipher = null;
+    }
+
+    /**
      * Constructs a Poly1305 MAC, using a 128 bit block cipher.
      */
     public Poly1305(final BlockCipher cipher)
@@ -66,35 +74,48 @@ public class Poly1305
 
     /**
      * Initialises the Poly1305 MAC.
-     *
-     * @param a {@link ParametersWithIV} containing a 128 bit nonce and a {@link KeyParameter} with
-     *            a 256 bit key complying to the {@link Poly1305KeyGenerator Poly1305 key format}.
+     * 
+     * @param params if used with a block cipher, then a {@link ParametersWithIV} containing a 128 bit
+     *        nonce and a {@link KeyParameter} with a 256 bit key complying to the
+     *        {@link Poly1305KeyGenerator Poly1305 key format}, otherwise just the
+     *        {@link KeyParameter}.
      */
-    public void init(final CipherParameters params)
+    public void init(CipherParameters params)
         throws IllegalArgumentException
     {
-        final byte[] nonce;
-        final byte[] key;
-        if ((params instanceof ParametersWithIV) && ((ParametersWithIV)params).getParameters() instanceof KeyParameter)
+        byte[] nonce = null;
+
+        if (cipher != null)
         {
-            nonce = ((ParametersWithIV)params).getIV();
-            key = ((KeyParameter)((ParametersWithIV)params).getParameters()).getKey();
+            if (!(params instanceof ParametersWithIV))
+            {
+                throw new IllegalArgumentException("Poly1305 requires an IV when used with a block cipher.");
+            }
+            
+            ParametersWithIV ivParams = (ParametersWithIV)params;
+            nonce = ivParams.getIV();
+            params = ivParams.getParameters();
         }
-        else
+
+        if (!(params instanceof KeyParameter))
         {
-            throw new IllegalArgumentException("Poly1305 requires a key and and IV.");
+            throw new IllegalArgumentException("Poly1305 requires a key.");
         }
 
-        setKey(key, nonce);
+        KeyParameter keyParams = (KeyParameter)params;
+
+        setKey(keyParams.getKey(), nonce);
+
         reset();
     }
 
     private void setKey(final byte[] key, final byte[] nonce)
     {
-        if (nonce.length != BLOCK_SIZE)
+        if (cipher != null && (nonce == null || nonce.length != BLOCK_SIZE))
         {
             throw new IllegalArgumentException("Poly1305 requires a 128 bit IV.");
         }
+
         Poly1305KeyGenerator.checkKey(key);
 
         // Extract r portion of key
@@ -115,22 +136,28 @@ public class Poly1305
         s3 = r3 * 5;
         s4 = r4 * 5;
 
-        // Compute encrypted nonce
-        final byte[] cipherKey = new byte[BLOCK_SIZE];
-        System.arraycopy(key, 0, cipherKey, 0, cipherKey.length);
-
-        cipher.init(true, new KeyParameter(cipherKey));
-        cipher.processBlock(nonce, 0, cipherKey, 0);
+        final byte[] kBytes;
+        if (cipher == null)
+        {
+            kBytes = key;
+        }
+        else
+        {
+            // Compute encrypted nonce
+            kBytes = new byte[BLOCK_SIZE];
+            cipher.init(true, new KeyParameter(key, 0, BLOCK_SIZE));
+            cipher.processBlock(nonce, 0, kBytes, 0);
+        }
 
-        k0 = Pack.littleEndianToInt(cipherKey, 0);
-        k1 = Pack.littleEndianToInt(cipherKey, 4);
-        k2 = Pack.littleEndianToInt(cipherKey, 8);
-        k3 = Pack.littleEndianToInt(cipherKey, 12);
+        k0 = Pack.littleEndianToInt(kBytes, 0);
+        k1 = Pack.littleEndianToInt(kBytes, 4);
+        k2 = Pack.littleEndianToInt(kBytes, 8);
+        k3 = Pack.littleEndianToInt(kBytes, 12);
     }
 
     public String getAlgorithmName()
     {
-        return "Poly1305-" + cipher.getAlgorithmName();
+        return cipher == null ? "Poly1305" : "Poly1305-" + cipher.getAlgorithmName();
     }
 
     public int getMacSize()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/SipHash.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/SipHash.java
index 527c804..d6b9dbb 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/SipHash.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/SipHash.java
@@ -4,13 +4,12 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.util.Pack;
-import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
 
 /**
  * Implementation of SipHash as specified in "SipHash: a fast short-input PRF", by Jean-Philippe
  * Aumasson and Daniel J. Bernstein (https://131002.net/siphash/siphash.pdf).
- * <p/>
+ * <p>
  * "SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d are the number of
  * compression rounds and the number of finalization rounds. A compression round is identical to a
  * finalization round and this round function is called SipRound. Given a 128-bit key k and a
@@ -19,14 +18,13 @@ import org.bouncycastle.util.Arrays;
 public class SipHash
     implements Mac
 {
-
     protected final int c, d;
 
     protected long k0, k1;
-    protected long v0, v1, v2, v3, v4;
+    protected long v0, v1, v2, v3;
 
-    protected byte[] buf = new byte[8];
-    protected int bufPos = 0;
+    protected long m = 0;
+    protected int wordPos = 0;
     protected int wordCount = 0;
 
     /**
@@ -34,7 +32,7 @@ public class SipHash
      */
     public SipHash()
     {
-        // use of this confuses flow analyser on earlier JDKs.
+        // use of 'this' confuses the flow analyser on earlier JDKs.
         this.c = 2;
         this.d = 4;
     }
@@ -84,12 +82,13 @@ public class SipHash
     public void update(byte input)
         throws IllegalStateException
     {
+        m >>>= 8;
+        m |= (input & 0xffL) << 56;
 
-        buf[bufPos] = input;
-        if (++bufPos == buf.length)
+        if (++wordPos == 8)
         {
             processMessageWord();
-            bufPos = 0;
+            wordPos = 0;
         }
     }
 
@@ -97,14 +96,41 @@ public class SipHash
         throws DataLengthException,
         IllegalStateException
     {
-
-        for (int i = 0; i < length; ++i)
+        int i = 0, fullWords = length & ~7;
+        if (wordPos == 0)
         {
-            buf[bufPos] = input[offset + i];
-            if (++bufPos == buf.length)
+            for (; i < fullWords; i += 8)
             {
+                m = Pack.littleEndianToLong(input, offset + i);
                 processMessageWord();
-                bufPos = 0;
+            }
+            for (; i < length; ++i)
+            {
+                m >>>= 8;
+                m |= (input[offset + i] & 0xffL) << 56;
+            }
+            wordPos = length - fullWords;
+        }
+        else
+        {
+            int bits = wordPos << 3;
+            for (; i < fullWords; i += 8)
+            {
+                long n = Pack.littleEndianToLong(input, offset + i);
+                m = (n << bits) | (m >>> -bits);
+                processMessageWord();
+                m = n;
+            }
+            for (; i < length; ++i)
+            {
+                m >>>= 8;
+                m |= (input[offset + i] & 0xffL) << 56;
+
+                if (++wordPos == 8)
+                {
+                    processMessageWord();
+                    wordPos = 0;
+                }
             }
         }
     }
@@ -112,12 +138,10 @@ public class SipHash
     public long doFinal()
         throws DataLengthException, IllegalStateException
     {
-
-        buf[7] = (byte)(((wordCount << 3) + bufPos) & 0xff);
-        while (bufPos < 7)
-        {
-            buf[bufPos++] = 0;
-        }
+        // NOTE: 2 distinct shifts to avoid "64-bit shift" when wordPos == 0
+        m >>>= ((7 - wordPos) << 3);
+        m >>>= 8;
+        m |= (((wordCount << 3) + wordPos) & 0xffL) << 56;
 
         processMessageWord();
 
@@ -135,7 +159,6 @@ public class SipHash
     public int doFinal(byte[] out, int outOff)
         throws DataLengthException, IllegalStateException
     {
-
         long result = doFinal();
         Pack.longToLittleEndian(result, out, outOff);
         return 8;
@@ -143,22 +166,19 @@ public class SipHash
 
     public void reset()
     {
-
         v0 = k0 ^ 0x736f6d6570736575L;
         v1 = k1 ^ 0x646f72616e646f6dL;
         v2 = k0 ^ 0x6c7967656e657261L;
         v3 = k1 ^ 0x7465646279746573L;
 
-        Arrays.fill(buf, (byte)0);
-        bufPos = 0;
+        m = 0;
+        wordPos = 0;
         wordCount = 0;
     }
 
     protected void processMessageWord()
     {
-
         ++wordCount;
-        long m = Pack.littleEndianToLong(buf, 0);
         v3 ^= m;
         applySipRounds(c);
         v0 ^= m;
@@ -166,27 +186,31 @@ public class SipHash
 
     protected void applySipRounds(int n)
     {
+        long r0 = v0, r1 = v1, r2 = v2, r3 = v3;
+
         for (int r = 0; r < n; ++r)
         {
-            v0 += v1;
-            v2 += v3;
-            v1 = rotateLeft(v1, 13);
-            v3 = rotateLeft(v3, 16);
-            v1 ^= v0;
-            v3 ^= v2;
-            v0 = rotateLeft(v0, 32);
-            v2 += v1;
-            v0 += v3;
-            v1 = rotateLeft(v1, 17);
-            v3 = rotateLeft(v3, 21);
-            v1 ^= v2;
-            v3 ^= v0;
-            v2 = rotateLeft(v2, 32);
+            r0 += r1;
+            r2 += r3;
+            r1 = rotateLeft(r1, 13);
+            r3 = rotateLeft(r3, 16);
+            r1 ^= r0;
+            r3 ^= r2;
+            r0 = rotateLeft(r0, 32);
+            r2 += r1;
+            r0 += r3;
+            r1 = rotateLeft(r1, 17);
+            r3 = rotateLeft(r3, 21);
+            r1 ^= r2;
+            r3 ^= r0;
+            r2 = rotateLeft(r2, 32);
         }
+
+        v0 = r0; v1 = r1; v2 = r2; v3 = r3;
     }
 
     protected static long rotateLeft(long x, int n)
     {
-        return (x << n) | (x >>> (64 - n));
+        return (x << n) | (x >>> -n);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java
index 6097247..7115b51 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java
@@ -10,13 +10,12 @@ import org.bouncycastle.crypto.params.SkeinParameters;
 /**
  * Implementation of the Skein parameterised MAC function in 256, 512 and 1024 bit block sizes,
  * based on the {@link ThreefishEngine Threefish} tweakable block cipher.
- * <p/>
+ * <p>
  * This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
  * competition in October 2010.
- * <p/>
+ * <p>
  * Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
  * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
- * <p/>
  *
  * @see SkeinEngine
  * @see SkeinParameters
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/macs/package.html
new file mode 100644
index 0000000..0b1f86d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Classes for creating MACs and HMACs.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/AEADBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/AEADBlockCipher.java
index 71b7595..fe46119 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/AEADBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/AEADBlockCipher.java
@@ -7,6 +7,16 @@ import org.bouncycastle.crypto.InvalidCipherTextException;
 
 /**
  * A block cipher mode that includes authenticated encryption with a streaming mode and optional associated data.
+ * <p>
+ * Implementations of this interface may operate in a packet mode (where all input data is buffered and 
+ * processed dugin the call to {@link #doFinal(byte[], int)}), or in a streaming mode (where output data is
+ * incrementally produced with each call to {@link #processByte(byte, byte[], int)} or 
+ * {@link #processBytes(byte[], int, int, byte[], int)}.
+ * </p>
+ * This is important to consider during decryption: in a streaming mode, unauthenticated plaintext data
+ * may be output prior to the call to {@link #doFinal(byte[], int)} that results in an authentication
+ * failure. The higher level protocol utilising this cipher must ensure the plaintext data is handled 
+ * appropriately until the end of data is reached and the entire ciphertext is authenticated.
  * @see org.bouncycastle.crypto.params.AEADParameters
  */
 public interface AEADBlockCipher
@@ -101,6 +111,11 @@ public interface AEADBlockCipher
     /**
      * return the size of the output buffer required for a processBytes
      * an input of len bytes.
+     * <p>
+     * The returned size may be dependent on the initialisation of this cipher
+     * and may not be accurate once subsequent input data is processed - this method
+     * should be invoked immediately prior to input data being processed.
+     * </p>
      *
      * @param len the length of the input.
      * @return the space required to accommodate a call to processBytes
@@ -111,7 +126,12 @@ public interface AEADBlockCipher
     /**
      * return the size of the output buffer required for a processBytes plus a
      * doFinal with an input of len bytes.
-     *
+     * <p>
+     * The returned size may be dependent on the initialisation of this cipher
+     * and may not be accurate once subsequent input data is processed - this method
+     * should be invoked immediately prior to a call to final processing of input data
+     * and a call to {@link #doFinal(byte[], int)}.
+     * </p>
      * @param len the length of the input.
      * @return the space required to accommodate a call to processBytes and doFinal
      * with len bytes of input.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java
index fef51fd..7f870ca 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java
@@ -7,6 +7,7 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
 import org.bouncycastle.crypto.params.AEADParameters;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -42,7 +43,7 @@ public class CCMBlockCipher
         this.cipher = c;
         this.blockSize = c.getBlockSize();
         this.macBlock = new byte[blockSize];
-        
+
         if (blockSize != 16)
         {
             throw new IllegalArgumentException("cipher required with a block size of 16.");
@@ -99,7 +100,7 @@ public class CCMBlockCipher
         {
             throw new IllegalArgumentException("nonce must have length from 7 to 13 octets");
         }
-        
+
         reset();
     }
 
@@ -130,6 +131,10 @@ public class CCMBlockCipher
     public int processBytes(byte[] in, int inOff, int inLen, byte[] out, int outOff)
         throws DataLengthException, IllegalStateException
     {
+        if (in.length < (inOff + inLen))
+        {
+            throw new DataLengthException("Input buffer too short");
+        }
         data.write(in, inOff, inLen);
 
         return 0;
@@ -155,15 +160,15 @@ public class CCMBlockCipher
     /**
      * Returns a byte array containing the mac calculated as part of the
      * last encrypt or decrypt operation.
-     * 
+     *
      * @return the last mac calculated.
      */
     public byte[] getMac()
     {
         byte[] mac = new byte[macSize];
-        
+
         System.arraycopy(macBlock, 0, mac, 0, mac.length);
-        
+
         return mac;
     }
 
@@ -267,7 +272,7 @@ public class CCMBlockCipher
             outputLen = inLen + macSize;
             if (output.length < (outputLen + outOff))
             {
-                throw new DataLengthException("Output buffer too short.");
+                throw new OutputLengthException("Output buffer too short.");
             }
 
             calculateMac(in, inOff, inLen, macBlock);
@@ -300,7 +305,7 @@ public class CCMBlockCipher
             outputLen = inLen - macSize;
             if (output.length < (outputLen + outOff))
             {
-                throw new DataLengthException("Output buffer too short.");
+                throw new OutputLengthException("Output buffer too short.");
             }
 
             System.arraycopy(in, inOff + outputLen, macBlock, 0, macSize);
@@ -350,18 +355,18 @@ public class CCMBlockCipher
         // build b0
         //
         byte[] b0 = new byte[16];
-    
+
         if (hasAssociatedText())
         {
             b0[0] |= 0x40;
         }
-        
+
         b0[0] |= (((cMac.getMacSize() - 2) / 2) & 0x7) << 3;
 
         b0[0] |= ((15 - nonce.length) - 1) & 0x7;
-        
+
         System.arraycopy(nonce, 0, b0, 1, nonce.length);
-        
+
         int q = dataLen;
         int count = 1;
         while (q > 0)
@@ -370,22 +375,22 @@ public class CCMBlockCipher
             q >>>= 8;
             count++;
         }
-        
+
         cMac.update(b0, 0, b0.length);
-        
+
         //
         // process associated text
         //
         if (hasAssociatedText())
         {
             int extra;
-            
+
             int textLength = getAssociatedTextLength();
             if (textLength < ((1 << 16) - (1 << 8)))
             {
                 cMac.update((byte)(textLength >> 8));
                 cMac.update((byte)textLength);
-                
+
                 extra = 2;
             }
             else // can't go any higher than 2^32
@@ -396,7 +401,7 @@ public class CCMBlockCipher
                 cMac.update((byte)(textLength >> 16));
                 cMac.update((byte)(textLength >> 8));
                 cMac.update((byte)textLength);
-                
+
                 extra = 6;
             }
 
@@ -418,7 +423,7 @@ public class CCMBlockCipher
                 }
             }
         }
- 
+
         //
         // add the text
         //
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java
index a885169..6167d25 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java
@@ -3,6 +3,7 @@ package org.bouncycastle.crypto.modes;
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.StreamBlockCipher;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Arrays;
 
@@ -10,15 +11,17 @@ import org.bouncycastle.util.Arrays;
  * implements a Cipher-FeedBack (CFB) mode on top of a simple cipher.
  */
 public class CFBBlockCipher
-    implements BlockCipher
+    extends StreamBlockCipher
 {
     private byte[]          IV;
     private byte[]          cfbV;
     private byte[]          cfbOutV;
+    private byte[]          inBuf;
 
     private int             blockSize;
     private BlockCipher     cipher = null;
     private boolean         encrypting;
+    private int             byteCount;
 
     /**
      * Basic constructor.
@@ -31,22 +34,15 @@ public class CFBBlockCipher
         BlockCipher cipher,
         int         bitBlockSize)
     {
+        super(cipher);
+
         this.cipher = cipher;
         this.blockSize = bitBlockSize / 8;
 
         this.IV = new byte[cipher.getBlockSize()];
         this.cfbV = new byte[cipher.getBlockSize()];
         this.cfbOutV = new byte[cipher.getBlockSize()];
-    }
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
+        this.inBuf = new byte[blockSize];
     }
 
     /**
@@ -117,6 +113,54 @@ public class CFBBlockCipher
         return cipher.getAlgorithmName() + "/CFB" + (blockSize * 8);
     }
 
+    protected byte calculateByte(byte in)
+          throws DataLengthException, IllegalStateException
+    {
+        return (encrypting) ? encryptByte(in) : decryptByte(in);
+    }
+
+    private byte encryptByte(byte in)
+    {
+        if (byteCount == 0)
+        {
+            cipher.processBlock(cfbV, 0, cfbOutV, 0);
+        }
+
+        byte rv = (byte)(cfbOutV[byteCount] ^ in);
+        inBuf[byteCount++] = rv;
+
+        if (byteCount == blockSize)
+        {
+            byteCount = 0;
+
+            System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize);
+            System.arraycopy(inBuf, 0, cfbV, cfbV.length - blockSize, blockSize);
+        }
+
+        return rv;
+    }
+
+    private byte decryptByte(byte in)
+    {
+        if (byteCount == 0)
+        {
+            cipher.processBlock(cfbV, 0, cfbOutV, 0);
+        }
+
+        inBuf[byteCount] = in;
+        byte rv = (byte)(cfbOutV[byteCount++] ^ in);
+
+        if (byteCount == blockSize)
+        {
+            byteCount = 0;
+
+            System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize);
+            System.arraycopy(inBuf, 0, cfbV, cfbV.length - blockSize, blockSize);
+        }
+
+        return rv;
+    }
+
     /**
      * return the block size we are operating at.
      *
@@ -147,7 +191,9 @@ public class CFBBlockCipher
         int         outOff)
         throws DataLengthException, IllegalStateException
     {
-        return (encrypting) ? encryptBlock(in, inOff, out, outOff) : decryptBlock(in, inOff, out, outOff);
+        processBytes(in, inOff, blockSize, out, outOff);
+
+        return blockSize;
     }
 
     /**
@@ -169,31 +215,7 @@ public class CFBBlockCipher
         int         outOff)
         throws DataLengthException, IllegalStateException
     {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        cipher.processBlock(cfbV, 0, cfbOutV, 0);
-
-        //
-        // XOR the cfbV with the plaintext producing the ciphertext
-        //
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] = (byte)(cfbOutV[i] ^ in[inOff + i]);
-        }
-
-        //
-        // change over the input block.
-        //
-        System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize);
-        System.arraycopy(out, outOff, cfbV, cfbV.length - blockSize, blockSize);
+        processBytes(in, inOff, blockSize, out, outOff);
 
         return blockSize;
     }
@@ -217,31 +239,7 @@ public class CFBBlockCipher
         int         outOff)
         throws DataLengthException, IllegalStateException
     {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        cipher.processBlock(cfbV, 0, cfbOutV, 0);
-
-        //
-        // change over the input block.
-        //
-        System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize);
-        System.arraycopy(in, inOff, cfbV, cfbV.length - blockSize, blockSize);
-
-        //
-        // XOR the cfbV with the ciphertext producing the plaintext
-        //
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] = (byte)(cfbOutV[i] ^ in[inOff + i]);
-        }
+        processBytes(in, inOff, blockSize, out, outOff);
 
         return blockSize;
     }
@@ -263,6 +261,8 @@ public class CFBBlockCipher
     public void reset()
     {
         System.arraycopy(IV, 0, cfbV, 0, IV.length);
+        Arrays.fill(inBuf, (byte)0);
+        byteCount = 0;
 
         cipher.reset();
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java
index 5388b40..64b076d 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java
@@ -4,6 +4,7 @@ import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.StreamBlockCipher;
 
 /**
  * A Cipher Text Stealing (CTS) mode cipher. CTS allows block ciphers to
@@ -22,9 +23,8 @@ public class CTSBlockCipher
     public CTSBlockCipher(
         BlockCipher     cipher)
     {
-        if ((cipher instanceof OFBBlockCipher) || (cipher instanceof CFBBlockCipher) || (cipher instanceof SICBlockCipher))
+        if (cipher instanceof StreamBlockCipher)
         {
-            // TODO: This is broken - need to introduce marker interface to differentiate block cipher primitive from mode?
             throw new IllegalArgumentException("CTSBlockCipher can only accept ECB, or CBC ciphers");
         }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
index 8f74000..209d5cd 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
@@ -5,22 +5,23 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.macs.CMac;
 import org.bouncycastle.crypto.params.AEADParameters;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Arrays;
 
 /**
- * A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and 
+ * A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and
  * Efficiency - by M. Bellare, P. Rogaway, D. Wagner.
- * 
+ *
  * http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
- * 
- * EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block 
- * cipher to encrypt and authenticate data. It's on-line (the length of a 
+ *
+ * EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block
+ * cipher to encrypt and authenticate data. It's on-line (the length of a
  * message isn't needed to begin processing it), has good performances, it's
  * simple and provably secure (provided the underlying block cipher is secure).
- * 
+ *
  * Of course, this implementations is NOT thread-safe.
  */
 public class EAXBlockCipher
@@ -43,7 +44,7 @@ public class EAXBlockCipher
     private byte[] nonceMac;
     private byte[] associatedTextMac;
     private byte[] macBlock;
-    
+
     private int macSize;
     private byte[] bufBlock;
     private int bufOff;
@@ -61,7 +62,6 @@ public class EAXBlockCipher
         blockSize = cipher.getBlockSize();
         mac = new CMac(cipher);
         macBlock = new byte[blockSize];
-        bufBlock = new byte[blockSize * 2];
         associatedTextMac = new byte[mac.getMacSize()];
         nonceMac = new byte[mac.getMacSize()];
         this.cipher = new SICBlockCipher(cipher);
@@ -113,6 +113,8 @@ public class EAXBlockCipher
             throw new IllegalArgumentException("invalid parameters passed to EAX");
         }
 
+        bufBlock = new byte[forEncryption ? blockSize : (blockSize + macSize)];
+
         byte[] tag = new byte[blockSize];
 
         // Key reuse implemented in CBC mode of underlying CMac
@@ -123,9 +125,9 @@ public class EAXBlockCipher
         mac.update(nonce, 0, nonce.length);
         mac.doFinal(nonceMac, 0);
 
-        // Same BlockCipher underlies this and the mac, so reuse last key on cipher 
+        // Same BlockCipher underlies this and the mac, so reuse last key on cipher
         cipher.init(true, new ParametersWithIV(null, nonceMac));
-        
+
         reset();
     }
 
@@ -218,6 +220,11 @@ public class EAXBlockCipher
     {
         initCipher();
 
+        if (in.length < (inOff + len))
+        {
+            throw new DataLengthException("Input buffer too short");
+        }
+
         int resultLen = 0;
 
         for (int i = 0; i != len; i++)
@@ -240,12 +247,11 @@ public class EAXBlockCipher
 
         if (forEncryption)
         {
-            if (out.length < (outOff + extra))
+            if (out.length < (outOff + extra + macSize))
             {
-                throw new DataLengthException("Output buffer too short");
+                throw new OutputLengthException("Output buffer too short");
             }
             cipher.processBlock(bufBlock, 0, tmp, 0);
-            cipher.processBlock(bufBlock, blockSize, tmp, blockSize);
 
             System.arraycopy(tmp, 0, out, outOff, extra);
 
@@ -261,6 +267,10 @@ public class EAXBlockCipher
         }
         else
         {
+            if (out.length < (outOff + extra - macSize))
+            {
+                throw new OutputLengthException("Output buffer too short");
+            }
             if (extra < macSize)
             {
                 throw new InvalidCipherTextException("data too short");
@@ -270,7 +280,6 @@ public class EAXBlockCipher
                 mac.update(bufBlock, 0, extra - macSize);
 
                 cipher.processBlock(bufBlock, 0, tmp, 0);
-                cipher.processBlock(bufBlock, blockSize, tmp, blockSize);
 
                 System.arraycopy(tmp, 0, out, outOff, extra - macSize);
             }
@@ -329,6 +338,10 @@ public class EAXBlockCipher
 
         if (bufOff == bufBlock.length)
         {
+            if (out.length < (outOff + blockSize))
+            {
+                throw new OutputLengthException("Output buffer is too short");
+            }
             // TODO Could move the processByte(s) calls to here
 //            initCipher();
 
@@ -347,8 +360,12 @@ public class EAXBlockCipher
                 size = cipher.processBlock(bufBlock, 0, out, outOff);
             }
 
-            bufOff = blockSize;
-            System.arraycopy(bufBlock, blockSize, bufBlock, 0, blockSize);
+            bufOff = 0;
+            if (!forEncryption)
+            {
+                System.arraycopy(bufBlock, blockSize, bufBlock, 0, macSize);
+                bufOff = macSize;
+            }
 
             return size;
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCFBBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCFBBlockCipher.java
index 887c169..5791e89 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCFBBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCFBBlockCipher.java
@@ -3,6 +3,7 @@ package org.bouncycastle.crypto.modes;
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.StreamBlockCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
@@ -12,7 +13,7 @@ import org.bouncycastle.crypto.params.ParametersWithSBox;
  * An implementation of the GOST CFB mode with CryptoPro key meshing as described in RFC 4357.
  */
 public class GCFBBlockCipher
-    implements BlockCipher
+    extends StreamBlockCipher
 {
     private static final byte[] C =
         {
@@ -30,6 +31,8 @@ public class GCFBBlockCipher
 
     public GCFBBlockCipher(BlockCipher engine)
     {
+        super(engine);
+
         this.cfbEngine = new CFBBlockCipher(engine, engine.getBlockSize() * 8);
     }
 
@@ -61,7 +64,8 @@ public class GCFBBlockCipher
 
     public String getAlgorithmName()
     {
-        return "G" + cfbEngine.getAlgorithmName();
+        String name = cfbEngine.getAlgorithmName();
+        return name.substring(0, name.indexOf('/') - 1) + "/G" + name.substring(name.indexOf('/') + 1);
     }
 
     public int getBlockSize()
@@ -72,6 +76,13 @@ public class GCFBBlockCipher
     public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
         throws DataLengthException, IllegalStateException
     {
+        this.processBytes(in, inOff, cfbEngine.getBlockSize(), out, outOff);
+
+        return cfbEngine.getBlockSize();
+    }
+
+    protected byte calculateByte(byte b)
+    {
         if (counter > 0 && counter % 1024 == 0)
         {
             BlockCipher  base = cfbEngine.getUnderlyingCipher();
@@ -87,18 +98,18 @@ public class GCFBBlockCipher
 
             key = new KeyParameter(nextKey);
 
-            byte[] iv = new byte[8];
-
             base.init(true, key);
 
-            base.processBlock(cfbEngine.getCurrentIV(), 0, iv, 0);
+            byte[] iv = cfbEngine.getCurrentIV();
+
+            base.processBlock(iv, 0, iv, 0);
 
             cfbEngine.init(forEncryption, new ParametersWithIV(key, iv));
         }
 
-        counter += cfbEngine.getBlockSize();
+        counter++;
 
-        return cfbEngine.processBlock(in, inOff, out, outOff);
+        return cfbEngine.calculateByte(b);
     }
 
     public void reset()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
index 9e617ec..93f0fe9 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
@@ -4,15 +4,17 @@ import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.modes.gcm.GCMExponentiator;
 import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
+import org.bouncycastle.crypto.modes.gcm.GCMUtil;
 import org.bouncycastle.crypto.modes.gcm.Tables1kGCMExponentiator;
 import org.bouncycastle.crypto.modes.gcm.Tables8kGCMMultiplier;
 import org.bouncycastle.crypto.params.AEADParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
 
 /**
  * Implements the Galois/Counter mode (GCM) detailed in
@@ -23,7 +25,7 @@ public class GCMBlockCipher
 {
     private static final int BLOCK_SIZE = 16;
 
-    // not final due to a compiler bug 
+    // not final due to a compiler bug
     private BlockCipher   cipher;
     private GCMMultiplier multiplier;
     private GCMExponentiator exp;
@@ -81,6 +83,10 @@ public class GCMBlockCipher
         return cipher.getAlgorithmName() + "/GCM";
     }
 
+    /**
+     * NOTE: MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits.
+     * Sizes less than 96 are not recommended, but are supported for specialized applications.
+     */
     public void init(boolean forEncryption, CipherParameters params)
         throws IllegalArgumentException
     {
@@ -97,12 +103,12 @@ public class GCMBlockCipher
             initialAssociatedText = param.getAssociatedText();
 
             int macSizeBits = param.getMacSize();
-            if (macSizeBits < 96 || macSizeBits > 128 || macSizeBits % 8 != 0)
+            if (macSizeBits < 32 || macSizeBits > 128 || macSizeBits % 8 != 0)
             {
                 throw new IllegalArgumentException("Invalid value for MAC size: " + macSizeBits);
             }
 
-            macSize = macSizeBits / 8; 
+            macSize = macSizeBits / 8;
             keyParam = param.getKey();
         }
         else if (params instanceof ParametersWithIV)
@@ -119,7 +125,7 @@ public class GCMBlockCipher
             throw new IllegalArgumentException("invalid parameters passed to GCM");
         }
 
-        int bufLength = forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize); 
+        int bufLength = forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize);
         this.bufBlock = new byte[bufLength];
 
         if (nonce == null || nonce.length < 1)
@@ -127,9 +133,7 @@ public class GCMBlockCipher
             throw new IllegalArgumentException("IV must be at least 1 byte");
         }
 
-        // TODO This should be configurable by init parameters
-        // (but must be 16 if nonce length not 12) (BLOCK_SIZE?)
-//        this.tagLength = 16;
+        // TODO Restrict macSize to 16 if nonce length not 12?
 
         // Cipher always used in forward mode
         // if keyParam is null we're reusing the last key.
@@ -144,6 +148,10 @@ public class GCMBlockCipher
             multiplier.init(H);
             exp = null;
         }
+        else if (this.H == null)
+        {
+            throw new IllegalArgumentException("Key must be specified in initial init");
+        }
 
         this.J0 = new byte[BLOCK_SIZE];
 
@@ -188,7 +196,7 @@ public class GCMBlockCipher
 
         if (forEncryption)
         {
-             return totalData + macSize;
+            return totalData + macSize;
         }
 
         return totalData < macSize ? 0 : totalData - macSize;
@@ -271,6 +279,10 @@ public class GCMBlockCipher
     public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
         throws DataLengthException
     {
+        if (in.length < (inOff + len))
+        {
+            throw new DataLengthException("Input buffer too short");
+        }
         int resultLen = 0;
 
         for (int i = 0; i < len; ++i)
@@ -288,6 +300,10 @@ public class GCMBlockCipher
 
     private void outputBlock(byte[] output, int offset)
     {
+        if (output.length < (offset + BLOCK_SIZE))
+        {
+            throw new OutputLengthException("Output buffer too short");
+        }
         if (totalLength == 0)
         {
             initCipher();
@@ -324,6 +340,10 @@ public class GCMBlockCipher
 
         if (extra > 0)
         {
+            if (out.length < (outOff + extra))
+            {
+                throw new OutputLengthException("Output buffer too short");
+            }
             gCTRPartial(bufBlock, 0, extra, out, outOff);
         }
 
@@ -347,7 +367,7 @@ public class GCMBlockCipher
             // Find the difference between the AAD hashes
             if (atLengthPre > 0)
             {
-                xor(S_at, S_atPre);
+                GCMUtil.xor(S_at, S_atPre);
             }
 
             // Number of cipher-text blocks produced
@@ -363,10 +383,10 @@ public class GCMBlockCipher
             exp.exponentiateX(c, H_c);
 
             // Carry the difference forward
-            multiply(S_at, H_c);
+            GCMUtil.multiply(S_at, H_c);
 
             // Adjust the current hash
-            xor(S, S_at);
+            GCMUtil.xor(S, S_at);
         }
 
         // Final gHASH
@@ -376,11 +396,10 @@ public class GCMBlockCipher
 
         gHASHBlock(S, X);
 
-        // TODO Fix this if tagLength becomes configurable
         // T = MSBt(GCTRk(J0,S))
         byte[] tag = new byte[BLOCK_SIZE];
         cipher.processBlock(J0, 0, tag, 0);
-        xor(tag, S);
+        GCMUtil.xor(tag, S);
 
         int resultLen = extra;
 
@@ -390,6 +409,10 @@ public class GCMBlockCipher
 
         if (forEncryption)
         {
+            if (out.length < (outOff + extra + macSize))
+            {
+                throw new OutputLengthException("Output buffer too short");
+            }
             // Append T to the message
             System.arraycopy(macBlock, 0, out, outOff + bufOff, macSize);
             resultLen += macSize;
@@ -451,7 +474,7 @@ public class GCMBlockCipher
     {
         byte[] tmp = getNextCounterBlock();
 
-        xor(tmp, block);
+        GCMUtil.xor(tmp, block);
         System.arraycopy(tmp, 0, out, outOff, BLOCK_SIZE);
 
         gHASHBlock(S, forEncryption ? tmp : block);
@@ -463,7 +486,7 @@ public class GCMBlockCipher
     {
         byte[] tmp = getNextCounterBlock();
 
-        xor(tmp, buf, off, len);
+        GCMUtil.xor(tmp, buf, off, len);
         System.arraycopy(tmp, 0, out, outOff, len);
 
         gHASHPartial(S, forEncryption ? tmp : buf, 0, len);
@@ -482,13 +505,13 @@ public class GCMBlockCipher
 
     private void gHASHBlock(byte[] Y, byte[] b)
     {
-        xor(Y, b);
+        GCMUtil.xor(Y, b);
         multiplier.multiplyH(Y);
     }
 
     private void gHASHPartial(byte[] Y, byte[] b, int off, int len)
     {
-        xor(Y, b, off, len);
+        GCMUtil.xor(Y, b, off, len);
         multiplier.multiplyH(Y);
     }
 
@@ -510,65 +533,4 @@ public class GCMBlockCipher
         cipher.processBlock(counter, 0, tmp, 0);
         return tmp;
     }
-
-    private static void multiply(byte[] block, byte[] val)
-    {
-        byte[] tmp = Arrays.clone(block);
-        byte[] c = new byte[16];
-
-        for (int i = 0; i < 16; ++i)
-        {
-            byte bits = val[i];
-            for (int j = 7; j >= 0; --j)
-            {
-                if ((bits & (1 << j)) != 0)
-                {
-                    xor(c, tmp);
-                }
-
-                boolean lsb = (tmp[15] & 1) != 0;
-                shiftRight(tmp);
-                if (lsb)
-                {
-                    // R = new byte[]{ 0xe1, ... };
-//                    xor(v, R);
-                    tmp[0] ^= (byte)0xe1;
-                }
-            }
-        }
-
-        System.arraycopy(c, 0, block, 0, 16);
-    }
-
-    private static void shiftRight(byte[] block)
-    {
-        int i = 0;
-        int bit = 0;
-        for (;;)
-        {
-            int b = block[i] & 0xff;
-            block[i] = (byte) ((b >>> 1) | bit);
-            if (++i == 16)
-            {
-                break;
-            }
-            bit = (b & 1) << 7;
-        }
-    }
-
-    private static void xor(byte[] block, byte[] val)
-    {
-        for (int i = 15; i >= 0; --i)
-        {
-            block[i] ^= val[i];
-        }
-    }
-
-    private static void xor(byte[] block, byte[] val, int off, int len)
-    {
-        while (len-- > 0)
-        {
-            block[len] ^= val[off + len];
-        }
-    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java
index 0e66cf3..b025a1b 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java
@@ -3,17 +3,19 @@ package org.bouncycastle.crypto.modes;
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.StreamBlockCipher;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 
 /**
  * implements the GOST 28147 OFB counter mode (GCTR).
  */
 public class GOFBBlockCipher
-    implements BlockCipher
+    extends StreamBlockCipher
 {
     private byte[]          IV;
     private byte[]          ofbV;
     private byte[]          ofbOutV;
+    private int             byteCount;
 
     private final int             blockSize;
     private final BlockCipher     cipher;
@@ -34,6 +36,8 @@ public class GOFBBlockCipher
     public GOFBBlockCipher(
         BlockCipher cipher)
     {
+        super(cipher);
+
         this.cipher = cipher;
         this.blockSize = cipher.getBlockSize();
         
@@ -48,16 +52,6 @@ public class GOFBBlockCipher
     }
 
     /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-    /**
      * Initialise the cipher and, possibly, the initialisation vector (IV).
      * If an IV isn't passed as part of the parameter, the IV will be all zeros.
      * An IV which is too short is handled in FIPS compliant fashion.
@@ -127,7 +121,6 @@ public class GOFBBlockCipher
         return cipher.getAlgorithmName() + "/GCTR";
     }
 
-    
     /**
      * return the block size we are operating at (in bytes).
      *
@@ -158,44 +151,7 @@ public class GOFBBlockCipher
         int         outOff)
         throws DataLengthException, IllegalStateException
     {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        if (firstStep)
-        {
-            firstStep = false;
-            cipher.processBlock(ofbV, 0, ofbOutV, 0);
-            N3 = bytesToint(ofbOutV, 0);
-            N4 = bytesToint(ofbOutV, 4);
-        }
-        N3 += C2;
-        N4 += C1;
-        intTobytes(N3, ofbV, 0);
-        intTobytes(N4, ofbV, 4);
-
-        cipher.processBlock(ofbV, 0, ofbOutV, 0);
-
-        //
-        // XOR the ofbV with the plaintext producing the cipher text (and
-        // the next input block).
-        //
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] = (byte)(ofbOutV[i] ^ in[inOff + i]);
-        }
-
-        //
-        // change over the input block.
-        //
-        System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize);
-        System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize);
+        processBytes(in, inOff, blockSize, out, outOff);
 
         return blockSize;
     }
@@ -210,7 +166,7 @@ public class GOFBBlockCipher
         N3 = 0;
         N4 = 0;
         System.arraycopy(IV, 0, ofbV, 0, IV.length);
-
+        byteCount = 0;
         cipher.reset();
     }
 
@@ -234,4 +190,39 @@ public class GOFBBlockCipher
             out[outOff + 1] = (byte)(num >>> 8);
             out[outOff] =     (byte)num;
     }
+
+    protected byte calculateByte(byte b)
+    {
+        if (byteCount == 0)
+        {
+            if (firstStep)
+            {
+                firstStep = false;
+                cipher.processBlock(ofbV, 0, ofbOutV, 0);
+                N3 = bytesToint(ofbOutV, 0);
+                N4 = bytesToint(ofbOutV, 4);
+            }
+            N3 += C2;
+            N4 += C1;
+            intTobytes(N3, ofbV, 0);
+            intTobytes(N4, ofbV, 4);
+
+            cipher.processBlock(ofbV, 0, ofbOutV, 0);
+        }
+
+        byte rv = (byte)(ofbOutV[byteCount++] ^ b);
+
+        if (byteCount == blockSize)
+        {
+            byteCount = 0;
+
+            //
+            // change over the input block.
+            //
+            System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize);
+            System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize);
+        }
+
+        return rv;
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/NISTCTSBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/NISTCTSBlockCipher.java
new file mode 100644
index 0000000..fe7bf97
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/NISTCTSBlockCipher.java
@@ -0,0 +1,337 @@
+/**
+ * A Cipher Text Stealing (CTS) mode cipher. CTS allows block ciphers to
+ * be used to produce cipher text which is the same length as the plain text.
+ */
+package org.bouncycastle.crypto.modes;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.StreamBlockCipher;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+
+/**
+ * A Cipher Text Stealing (CTS) mode cipher. CTS allows block ciphers to
+ * be used to produce cipher text which is the same length as the plain text.
+ * <p>
+ *     This class implements the NIST version as documented in "Addendum to NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode"
+ * </p>
+ */
+public class NISTCTSBlockCipher
+    extends BufferedBlockCipher
+{
+    public static final int CS1 = 1;
+    public static final int CS2 = 2;
+    public static final int CS3 = 3;
+
+    private final int type;
+    private final int blockSize;
+
+    /**
+     * Create a buffered block cipher that uses NIST Cipher Text Stealing
+     *
+     * @param type type of CTS mode (CS1, CS2, or CS3)
+     * @param cipher the underlying block cipher used to create the CBC block cipher this cipher uses..
+     */
+    public NISTCTSBlockCipher(
+        int type,
+        BlockCipher cipher)
+    {
+        this.type = type;
+        this.cipher = new CBCBlockCipher(cipher);
+
+        blockSize = cipher.getBlockSize();
+
+        buf = new byte[blockSize * 2];
+        bufOff = 0;
+    }
+
+    /**
+     * return the size of the output buffer required for an update
+     * an input of len bytes.
+     *
+     * @param len the length of the input.
+     * @return the space required to accommodate a call to update
+     * with len bytes of input.
+     */
+    public int getUpdateOutputSize(
+        int len)
+    {
+        int total       = len + bufOff;
+        int leftOver    = total % buf.length;
+
+        if (leftOver == 0)
+        {
+            return total - buf.length;
+        }
+
+        return total - leftOver;
+    }
+
+    /**
+     * return the size of the output buffer required for an update plus a
+     * doFinal with an input of len bytes.
+     *
+     * @param len the length of the input.
+     * @return the space required to accommodate a call to update and doFinal
+     * with len bytes of input.
+     */
+    public int getOutputSize(
+        int len)
+    {
+        return len + bufOff;
+    }
+
+    /**
+     * process a single byte, producing an output block if necessary.
+     *
+     * @param in the input byte.
+     * @param out the space for any output that might be produced.
+     * @param outOff the offset from which the output will be copied.
+     * @return the number of output bytes copied to out.
+     * @exception org.bouncycastle.crypto.DataLengthException if there isn't enough space in out.
+     * @exception IllegalStateException if the cipher isn't initialised.
+     */
+    public int processByte(
+        byte        in,
+        byte[]      out,
+        int         outOff)
+        throws DataLengthException, IllegalStateException
+    {
+        int         resultLen = 0;
+
+        if (bufOff == buf.length)
+        {
+            resultLen = cipher.processBlock(buf, 0, out, outOff);
+            System.arraycopy(buf, blockSize, buf, 0, blockSize);
+
+            bufOff = blockSize;
+        }
+
+        buf[bufOff++] = in;
+
+        return resultLen;
+    }
+
+    /**
+     * process an array of bytes, producing output if necessary.
+     *
+     * @param in the input byte array.
+     * @param inOff the offset at which the input data starts.
+     * @param len the number of bytes to be copied out of the input array.
+     * @param out the space for any output that might be produced.
+     * @param outOff the offset from which the output will be copied.
+     * @return the number of output bytes copied to out.
+     * @exception org.bouncycastle.crypto.DataLengthException if there isn't enough space in out.
+     * @exception IllegalStateException if the cipher isn't initialised.
+     */
+    public int processBytes(
+        byte[]      in,
+        int         inOff,
+        int         len,
+        byte[]      out,
+        int         outOff)
+        throws DataLengthException, IllegalStateException
+    {
+        if (len < 0)
+        {
+            throw new IllegalArgumentException("Can't have a negative input length!");
+        }
+
+        int blockSize   = getBlockSize();
+        int length      = getUpdateOutputSize(len);
+
+        if (length > 0)
+        {
+            if ((outOff + length) > out.length)
+            {
+                throw new DataLengthException("output buffer too short");
+            }
+        }
+
+        int resultLen = 0;
+        int gapLen = buf.length - bufOff;
+
+        if (len > gapLen)
+        {
+            System.arraycopy(in, inOff, buf, bufOff, gapLen);
+
+            resultLen += cipher.processBlock(buf, 0, out, outOff);
+            System.arraycopy(buf, blockSize, buf, 0, blockSize);
+
+            bufOff = blockSize;
+
+            len -= gapLen;
+            inOff += gapLen;
+
+            while (len > blockSize)
+            {
+                System.arraycopy(in, inOff, buf, bufOff, blockSize);
+                resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen);
+                System.arraycopy(buf, blockSize, buf, 0, blockSize);
+
+                len -= blockSize;
+                inOff += blockSize;
+            }
+        }
+
+        System.arraycopy(in, inOff, buf, bufOff, len);
+
+        bufOff += len;
+
+        return resultLen;
+    }
+
+    /**
+     * Process the last block in the buffer.
+     *
+     * @param out the array the block currently being held is copied into.
+     * @param outOff the offset at which the copying starts.
+     * @return the number of output bytes copied to out.
+     * @exception org.bouncycastle.crypto.DataLengthException if there is insufficient space in out for
+     * the output.
+     * @exception IllegalStateException if the underlying cipher is not
+     * initialised.
+     * @exception org.bouncycastle.crypto.InvalidCipherTextException if cipher text decrypts wrongly (in
+     * case the exception will never get thrown).
+     */
+    public int doFinal(
+        byte[]  out,
+        int     outOff)
+        throws DataLengthException, IllegalStateException, InvalidCipherTextException
+    {
+        if (bufOff + outOff > out.length)
+        {
+            throw new DataLengthException("output buffer to small in doFinal");
+        }
+
+        int     blockSize = cipher.getBlockSize();
+        int     len = bufOff - blockSize;
+        byte[]  block = new byte[blockSize];
+
+        if (forEncryption)
+        {
+            if (bufOff < blockSize)
+            {
+                throw new DataLengthException("need at least one block of input for NISTCTS");
+            }
+
+            if (bufOff > blockSize)
+            {
+                byte[]  lastBlock = new byte[blockSize];
+
+                if (this.type == CS2 || this.type == CS3)
+                {
+                    cipher.processBlock(buf, 0, block, 0);
+
+                    System.arraycopy(buf, blockSize, lastBlock, 0, len);
+
+                    cipher.processBlock(lastBlock, 0, lastBlock, 0);
+
+                    if (this.type == CS2 && len == blockSize)
+                    {
+                        System.arraycopy(block, 0, out, outOff, blockSize);
+
+                        System.arraycopy(lastBlock, 0, out, outOff + blockSize, len);
+                    }
+                    else
+                    {
+                        System.arraycopy(lastBlock, 0, out, outOff, blockSize);
+
+                        System.arraycopy(block, 0, out, outOff + blockSize, len);
+                    }
+                }
+                else
+                {
+                    System.arraycopy(buf, 0, block, 0, blockSize);
+                    cipher.processBlock(block, 0, block, 0);
+                    System.arraycopy(block, 0, out, outOff, len);
+
+                    System.arraycopy(buf, bufOff - len, lastBlock, 0, len);
+                    cipher.processBlock(lastBlock, 0, lastBlock, 0);
+                    System.arraycopy(lastBlock, 0, out, outOff + len, blockSize);
+                }
+            }
+            else
+            {
+                cipher.processBlock(buf, 0, block, 0);
+
+                System.arraycopy(block, 0, out, outOff, blockSize);
+            }
+        }
+        else
+        {
+            if (bufOff < blockSize)
+            {
+                throw new DataLengthException("need at least one block of input for CTS");
+            }
+
+            byte[]  lastBlock = new byte[blockSize];
+
+            if (bufOff > blockSize)
+            {
+                if (this.type == CS3 || (this.type == CS2 && ((buf.length - bufOff) % blockSize) != 0))
+                {
+                    if (cipher instanceof CBCBlockCipher)
+                    {
+                        BlockCipher c = ((CBCBlockCipher)cipher).getUnderlyingCipher();
+
+                        c.processBlock(buf, 0, block, 0);
+                    }
+                    else
+                    {
+                        cipher.processBlock(buf, 0, block, 0);
+                    }
+
+                    for (int i = blockSize; i != bufOff; i++)
+                    {
+                        lastBlock[i - blockSize] = (byte)(block[i - blockSize] ^ buf[i]);
+                    }
+
+                    System.arraycopy(buf, blockSize, block, 0, len);
+
+                    cipher.processBlock(block, 0, out, outOff);
+                    System.arraycopy(lastBlock, 0, out, outOff + blockSize, len);
+                }
+                else
+                {
+                    BlockCipher c = ((CBCBlockCipher)cipher).getUnderlyingCipher();
+
+                    c.processBlock(buf, bufOff - blockSize, lastBlock, 0);
+
+                    System.arraycopy(buf, 0, block, 0, blockSize);
+
+                    if (len != blockSize)
+                    {
+                        System.arraycopy(lastBlock, len, block, len, blockSize - len);
+                    }
+
+                    cipher.processBlock(block, 0, block, 0);
+
+                    System.arraycopy(block, 0, out, outOff, blockSize);
+
+                    for (int i = 0; i != len; i++)
+                    {
+                        lastBlock[i] ^= buf[i];
+                    }
+
+                    System.arraycopy(lastBlock, 0, out, outOff + blockSize, len);
+                }
+            }
+            else
+            {
+                cipher.processBlock(buf, 0, block, 0);
+
+                System.arraycopy(block, 0, out, outOff, blockSize);
+            }
+        }
+
+        int offset = bufOff;
+
+        reset();
+
+        return offset;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
index 6dc7148..8626391 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
@@ -6,29 +6,28 @@ import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.params.AEADParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Arrays;
 
 /**
- * An implementation of the "work in progress" Internet-Draft <a
- * href="http://tools.ietf.org/html/draft-irtf-cfrg-ocb-03">The OCB Authenticated-Encryption
- * Algorithm</a>, licensed per:
- * <p/>
+ * An implementation of <a href="http://tools.ietf.org/html/rfc7253">RFC 7253 on The OCB
+ * Authenticated-Encryption Algorithm</a>, licensed per:
+ * <p>
  * <blockquote> <a href="http://www.cs.ucdavis.edu/~rogaway/ocb/license1.pdf">License for
  * Open-Source Software Implementations of OCB</a> (Jan 9, 2013) &mdash; &ldquo;License 1&rdquo; <br>
  * Under this license, you are authorized to make, use, and distribute open-source software
  * implementations of OCB. This license terminates for you if you sue someone over their open-source
  * software implementation of OCB claiming that you have a patent covering their implementation.
- * <p/>
+ * <p>
  * This is a non-binding summary of a legal document (the link above). The parameters of the license
  * are specified in the license document and that document is controlling. </blockquote>
  */
 public class OCBBlockCipher
     implements AEADBlockCipher
 {
-
     private static final int BLOCK_SIZE = 16;
 
     private BlockCipher hashCipher;
@@ -51,7 +50,9 @@ public class OCBBlockCipher
     /*
      * NONCE-DEPENDENT
      */
-    private byte[] OffsetMAIN_0;
+    private byte[] KtopInput = null;
+    private byte[] Stretch = new byte[24];
+    private byte[] OffsetMAIN_0 = new byte[16];
 
     /*
      * PER-ENCRYPTION/DECRYPTION
@@ -61,7 +62,7 @@ public class OCBBlockCipher
     private long hashBlockCount, mainBlockCount;
     private byte[] OffsetHASH;
     private byte[] Sum;
-    private byte[] OffsetMAIN;
+    private byte[] OffsetMAIN = new byte[16];
     private byte[] Checksum;
 
     // NOTE: The MAC value is preserved after doFinal
@@ -111,6 +112,7 @@ public class OCBBlockCipher
     public void init(boolean forEncryption, CipherParameters parameters)
         throws IllegalArgumentException
     {
+        boolean oldForEncryption = this.forEncryption;
         this.forEncryption = forEncryption;
         this.macBlock = null;
 
@@ -164,14 +166,17 @@ public class OCBBlockCipher
          * KEY-DEPENDENT INITIALISATION
          */
 
-        if (keyParameter == null)
+        if (keyParameter != null)
         {
-            // TODO If 'keyParameter' is null we're re-using the last key.
+            // hashCipher always used in forward mode
+            hashCipher.init(true, keyParameter);
+            mainCipher.init(forEncryption, keyParameter);
+            KtopInput = null;
+        }
+        else if (oldForEncryption != forEncryption)
+        {
+            throw new IllegalArgumentException("cannot change encrypting state without providing key.");
         }
-
-        // hashCipher always used in forward mode
-        hashCipher.init(true, keyParameter);
-        mainCipher.init(forEncryption, keyParameter);
 
         this.L_Asterisk = new byte[16];
         hashCipher.processBlock(L_Asterisk, 0, L_Asterisk, 0);
@@ -185,25 +190,8 @@ public class OCBBlockCipher
          * NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION
          */
 
-        byte[] nonce = new byte[16];
-        System.arraycopy(N, 0, nonce, nonce.length - N.length, N.length);
-        nonce[0] = (byte)(macSize << 4);
-        nonce[15 - N.length] |= 1;
+        int bottom = processNonce(N);
 
-        int bottom = nonce[15] & 0x3F;
-
-        byte[] Ktop = new byte[16];
-        nonce[15] &= 0xC0;
-        hashCipher.processBlock(nonce, 0, Ktop, 0);
-
-        byte[] Stretch = new byte[24];
-        System.arraycopy(Ktop, 0, Stretch, 0, 16);
-        for (int i = 0; i < 8; ++i)
-        {
-            Stretch[16 + i] = (byte)(Ktop[i] ^ Ktop[i + 1]);
-        }
-
-        this.OffsetMAIN_0 = new byte[16];
         int bits = bottom % 8, bytes = bottom / 8;
         if (bits == 0)
         {
@@ -227,7 +215,7 @@ public class OCBBlockCipher
 
         this.OffsetHASH = new byte[16];
         this.Sum = new byte[16];
-        this.OffsetMAIN = Arrays.clone(this.OffsetMAIN_0);
+        System.arraycopy(this.OffsetMAIN_0, 0, this.OffsetMAIN, 0, 16);
         this.Checksum = new byte[16];
 
         if (initialAssociatedText != null)
@@ -236,6 +224,34 @@ public class OCBBlockCipher
         }
     }
 
+    protected int processNonce(byte[] N)
+    {
+        byte[] nonce = new byte[16];
+        System.arraycopy(N, 0, nonce, nonce.length - N.length, N.length);
+        nonce[0] = (byte)(macSize << 4);
+        nonce[15 - N.length] |= 1;
+
+        int bottom = nonce[15] & 0x3F;
+        nonce[15] &= 0xC0;
+
+        /*
+         * When used with incrementing nonces, the cipher is only applied once every 64 inits.
+         */
+        if (KtopInput == null || !Arrays.areEqual(nonce, KtopInput))
+        {
+            byte[] Ktop = new byte[16];
+            KtopInput = nonce;
+            hashCipher.processBlock(KtopInput, 0, Ktop, 0);
+            System.arraycopy(Ktop, 0, Stretch, 0, 16);
+            for (int i = 0; i < 8; ++i)
+            {
+                Stretch[16 + i] = (byte)(Ktop[i] ^ Ktop[i + 1]);
+            }
+        }
+
+        return bottom;
+    }
+
     public byte[] getMac()
     {
         return Arrays.clone(macBlock);
@@ -301,6 +317,10 @@ public class OCBBlockCipher
     public int processBytes(byte[] input, int inOff, int len, byte[] output, int outOff)
         throws DataLengthException
     {
+        if (input.length < (inOff + len))
+        {
+            throw new DataLengthException("Input buffer too short");
+        }
         int resultLen = 0;
 
         for (int i = 0; i < len; ++i)
@@ -362,6 +382,10 @@ public class OCBBlockCipher
 
             xor(mainBlock, Pad);
 
+            if (output.length < (outOff + mainBlockPos))
+            {
+                throw new OutputLengthException("Output buffer too short");
+            }
             System.arraycopy(mainBlock, 0, output, outOff, mainBlockPos);
 
             if (!forEncryption)
@@ -389,6 +413,10 @@ public class OCBBlockCipher
 
         if (forEncryption)
         {
+            if (output.length < (outOff + resultLen + macSize))
+            {
+                throw new OutputLengthException("Output buffer too short");
+            }
             // Append tag to the message
             System.arraycopy(macBlock, 0, output, outOff + resultLen, macSize);
             resultLen += macSize;
@@ -440,6 +468,11 @@ public class OCBBlockCipher
 
     protected void processMainBlock(byte[] output, int outOff)
     {
+        if (output.length < (outOff + BLOCK_SIZE))
+        {
+            throw new OutputLengthException("Output buffer too short");
+        }
+
         /*
          * OCB-ENCRYPT/OCB-DECRYPT: Process any whole blocks
          */
@@ -537,7 +570,7 @@ public class OCBBlockCipher
         while ((x & 1L) == 0L)
         {
             ++n;
-            x >>= 1;
+            x >>>= 1;
         }
         return n;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java
index 5297698..d9ff428 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java
@@ -3,14 +3,16 @@ package org.bouncycastle.crypto.modes;
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.StreamBlockCipher;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 
 /**
  * implements a Output-FeedBack (OFB) mode on top of a simple cipher.
  */
 public class OFBBlockCipher
-    implements BlockCipher
+    extends StreamBlockCipher
 {
+    private int             byteCount;
     private byte[]          IV;
     private byte[]          ofbV;
     private byte[]          ofbOutV;
@@ -29,6 +31,8 @@ public class OFBBlockCipher
         BlockCipher cipher,
         int         blockSize)
     {
+        super(cipher);
+
         this.cipher = cipher;
         this.blockSize = blockSize / 8;
 
@@ -38,16 +42,6 @@ public class OFBBlockCipher
     }
 
     /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-    /**
      * Initialise the cipher and, possibly, the initialisation vector (IV).
      * If an IV isn't passed as part of the parameter, the IV will be all zeros.
      * An IV which is too short is handled in FIPS compliant fashion.
@@ -113,7 +107,7 @@ public class OFBBlockCipher
         return cipher.getAlgorithmName() + "/OFB" + (blockSize * 8);
     }
 
-    
+
     /**
      * return the block size we are operating at (in bytes).
      *
@@ -144,32 +138,7 @@ public class OFBBlockCipher
         int         outOff)
         throws DataLengthException, IllegalStateException
     {
-        if ((inOff + blockSize) > in.length)
-        {
-            throw new DataLengthException("input buffer too short");
-        }
-
-        if ((outOff + blockSize) > out.length)
-        {
-            throw new DataLengthException("output buffer too short");
-        }
-
-        cipher.processBlock(ofbV, 0, ofbOutV, 0);
-
-        //
-        // XOR the ofbV with the plaintext producing the cipher text (and
-        // the next input block).
-        //
-        for (int i = 0; i < blockSize; i++)
-        {
-            out[outOff + i] = (byte)(ofbOutV[i] ^ in[inOff + i]);
-        }
-
-        //
-        // change over the input block.
-        //
-        System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize);
-        System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize);
+        processBytes(in, inOff, blockSize, out, outOff);
 
         return blockSize;
     }
@@ -181,7 +150,29 @@ public class OFBBlockCipher
     public void reset()
     {
         System.arraycopy(IV, 0, ofbV, 0, IV.length);
+        byteCount = 0;
 
         cipher.reset();
     }
+
+    protected byte calculateByte(byte in)
+          throws DataLengthException, IllegalStateException
+    {
+        if (byteCount == 0)
+        {
+            cipher.processBlock(ofbV, 0, ofbOutV, 0);
+        }
+
+        byte rv = (byte)(ofbOutV[byteCount++] ^ in);
+
+        if (byteCount == blockSize)
+        {
+            byteCount = 0;
+
+            System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize);
+            System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize);
+        }
+
+        return rv;
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java
index da8c4ae..fbc8bf4 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java
@@ -3,14 +3,18 @@ package org.bouncycastle.crypto.modes;
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.SkippingStreamCipher;
+import org.bouncycastle.crypto.StreamBlockCipher;
 import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Pack;
 
 /**
  * Implements the Segmented Integer Counter (SIC) mode on top of a simple
  * block cipher. This mode is also known as CTR mode.
  */
 public class SICBlockCipher
-    implements BlockCipher
+    extends StreamBlockCipher
+    implements SkippingStreamCipher
 {
     private final BlockCipher     cipher;
     private final int             blockSize;
@@ -18,7 +22,7 @@ public class SICBlockCipher
     private byte[]          IV;
     private byte[]          counter;
     private byte[]          counterOut;
-
+    private int             byteCount;
 
     /**
      * Basic constructor.
@@ -27,25 +31,16 @@ public class SICBlockCipher
      */
     public SICBlockCipher(BlockCipher c)
     {
+        super(c);
+
         this.cipher = c;
         this.blockSize = cipher.getBlockSize();
         this.IV = new byte[blockSize];
         this.counter = new byte[blockSize];
         this.counterOut = new byte[blockSize];
+        this.byteCount = 0;
     }
 
-
-    /**
-     * return the underlying block cipher that we are wrapping.
-     *
-     * @return the underlying block cipher that we are wrapping.
-     */
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher;
-    }
-
-
     public void init(
         boolean             forEncryption, //ignored by this CTR mode
         CipherParameters    params)
@@ -53,17 +48,17 @@ public class SICBlockCipher
     {
         if (params instanceof ParametersWithIV)
         {
-          ParametersWithIV ivParam = (ParametersWithIV)params;
-          byte[]           iv      = ivParam.getIV();
-          System.arraycopy(iv, 0, IV, 0, IV.length);
+            ParametersWithIV ivParam = (ParametersWithIV)params;
+            byte[] iv = ivParam.getIV();
+            System.arraycopy(iv, 0, IV, 0, IV.length);
 
-          reset();
+            // if null it's an IV changed only.
+            if (ivParam.getParameters() != null)
+            {
+                cipher.init(true, ivParam.getParameters());
+            }
 
-          // if null it's an IV changed only.
-          if (ivParam.getParameters() != null)
-          {
-            cipher.init(true, ivParam.getParameters());
-          }
+            reset();
         }
         else
         {
@@ -81,33 +76,240 @@ public class SICBlockCipher
         return cipher.getBlockSize();
     }
 
-
     public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
           throws DataLengthException, IllegalStateException
     {
-        cipher.processBlock(counter, 0, counterOut, 0);
+        processBytes(in, inOff, blockSize, out, outOff);
 
-        //
-        // XOR the counterOut with the plaintext producing the cipher text
-        //
-        for (int i = 0; i < counterOut.length; i++)
+        return blockSize;
+    }
+
+    protected byte calculateByte(byte in)
+          throws DataLengthException, IllegalStateException
+    {
+        if (byteCount == 0)
+        {
+            cipher.processBlock(counter, 0, counterOut, 0);
+
+            return (byte)(counterOut[byteCount++] ^ in);
+        }
+
+        byte rv = (byte)(counterOut[byteCount++] ^ in);
+
+        if (byteCount == counter.length)
         {
-          out[outOff + i] = (byte)(counterOut[i] ^ in[inOff + i]);
+            byteCount = 0;
+
+            incrementCounter();
         }
 
+        return rv;
+    }
+
+    private void incrementCounterPow2(int pow2Div8)
+    {
+        // increment counter by 1 << 8 * pow2Div8
+        for (int i = counter.length - (1 + pow2Div8); i >= 0 && ++counter[i] == 0; i--)
+        {
+            ; // do nothing - pre-increment and test for 0 in counter does the job.
+        }
+    }
+
+    private void incrementCounter(int offSet)
+    {
+        byte old = counter[counter.length - 1];
+
+        counter[counter.length - 1] += offSet;
+
+        if (old != 0 && counter[counter.length - 1] < old)
+        {
+            incrementCounterPow2(1);
+        }
+    }
+
+    private void incrementCounter()
+    {
         // increment counter by 1.
         for (int i = counter.length - 1; i >= 0 && ++counter[i] == 0; i--)
         {
             ; // do nothing - pre-increment and test for 0 in counter does the job.
         }
+    }
+
+    private void decrementCounterPow2(int pow2Div8)
+    {
+        if (counter[pow2Div8] == 0)
+        {
+            boolean nonZero = false;
+
+            for (int i = counter.length - (1 + pow2Div8); i > 0; i--)
+            {
+                if (counter[i] != 0)
+                {
+                    nonZero = true;
+                }
+            }
+
+            if (!nonZero)
+            {
+                throw new IllegalStateException("attempt to reduce counter past zero.");
+            }
+        }
 
-        return counter.length;
+        // decrement counter by 1.
+        for (int i = counter.length - (1 + pow2Div8); i >= 0 && --counter[i] == -1; i--)
+        {
+            ;
+        }
     }
 
+    private void decrementCounter()
+    {
+        if (counter[0] == 0)
+        {
+            boolean nonZero = false;
+
+            for (int i = counter.length - 1; i > 0; i--)
+            {
+                if (counter[i] != 0)
+                {
+                    nonZero = true;
+                }
+            }
+
+            if (!nonZero)
+            {
+                throw new IllegalStateException("attempt to reduce counter past zero.");
+            }
+        }
+
+        // decrement counter by 1.
+        for (int i = counter.length - 1; i >= 0 && --counter[i] == -1; i--)
+        {
+            ;
+        }
+    }
+
+    private void adjustCounter(long n)
+    {
+        if (n >= 0)
+        {
+            long numBlocks = (n + byteCount) / blockSize;
+
+            if (numBlocks > 255)
+            {
+                long gap = numBlocks;
+
+                for (int i = 5; i >= 1; i--)
+                {
+                    long diff = 1L << (8 * i);
+
+                    while (gap >= diff)
+                    {
+                        incrementCounterPow2(i);
+
+                        gap -= diff;
+                    }
+                }
+
+                incrementCounter((int)gap);
+            }
+            else
+            {
+                incrementCounter((int)numBlocks);
+            }
+
+            byteCount = (int)((n + byteCount) - (blockSize * numBlocks));
+        }
+        else
+        {
+            long numBlocks = (-n - byteCount) / blockSize;
+
+            if (numBlocks > 255)
+            {
+                long gap = numBlocks;
+
+                for (int i = 5; i >= 1; i--)
+                {
+                    long diff = 1L << (8 * i);
+
+                    while (gap > diff)
+                    {
+                        decrementCounterPow2(i);
+
+                        gap -= diff;
+                    }
+                }
+
+                for (long i = 0; i != gap; i++)
+                {
+                    decrementCounter();
+                }
+            }
+            else
+            {
+                for (long i = 0; i != numBlocks; i++)
+                {
+                    decrementCounter();
+                }
+            }
+
+            int gap = (int)(byteCount + n + (blockSize * numBlocks));
+
+            if (gap >= 0)
+            {
+                byteCount = 0;
+            }
+            else
+            {
+                decrementCounter();
+                byteCount =  blockSize + gap;
+            }
+        }
+    }
 
     public void reset()
     {
         System.arraycopy(IV, 0, counter, 0, counter.length);
         cipher.reset();
+        this.byteCount = 0;
+    }
+
+    public long skip(long numberOfBytes)
+    {
+        adjustCounter(numberOfBytes);
+
+        cipher.processBlock(counter, 0, counterOut, 0);
+
+        return numberOfBytes;
+    }
+
+    public long seekTo(long position)
+    {
+        reset();
+
+        return skip(position);
+    }
+
+    public long getPosition()
+    {
+        byte[] res = new byte[IV.length];
+
+        System.arraycopy(counter, 0, res, 0, res.length);
+
+        for (int i = res.length - 1; i >= 1; i--)
+        {
+            int v = (res[i] & 0xff) - (IV[i] & 0xff);
+
+            if (v < 0)
+            {
+               res[i - 1]--;
+               v += 256;
+            }
+
+            res[i] = (byte)v;
+        }
+
+        return Pack.bigEndianToLong(res, res.length - 8) * blockSize + byteCount;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java
index a98d5b2..2afb18f 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java
@@ -1,18 +1,18 @@
 package org.bouncycastle.crypto.modes.gcm;
 
-import org.bouncycastle.util.Arrays;
-
 public class BasicGCMMultiplier implements GCMMultiplier
 {
-    private byte[] H;
+    private int[] H;
 
     public void init(byte[] H)
     {
-        this.H = Arrays.clone(H);
+        this.H = GCMUtil.asInts(H);
     }
 
     public void multiplyH(byte[] x)
     {
-        GCMUtil.multiply(x, H);
+        int[] t = GCMUtil.asInts(x);
+        GCMUtil.multiply(t, H);
+        GCMUtil.asBytes(t, x);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
index 3031a44..58f4078 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
@@ -1,13 +1,11 @@
 package org.bouncycastle.crypto.modes.gcm;
 
-import org.bouncycastle.crypto.util.Pack;
-import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
 
-abstract class GCMUtil
+public abstract class GCMUtil
 {
     private static final int E1 = 0xe1000000;
-    private static final byte E1B = (byte)0xe1;
-    private static final long E1L = (E1 & 0xFFFFFFFFL) << 24;
+    private static final long E1L = (E1 & 0xFFFFFFFFL) << 32;
 
     private static int[] generateLookup()
     {
@@ -31,170 +29,151 @@ abstract class GCMUtil
 
     private static final int[] LOOKUP = generateLookup();
 
-    static byte[] oneAsBytes()
+    public static byte[] oneAsBytes()
     {
         byte[] tmp = new byte[16];
         tmp[0] = (byte)0x80;
         return tmp;
     }
 
-    static int[] oneAsInts()
+    public static int[] oneAsInts()
     {
         int[] tmp = new int[4];
         tmp[0] = 1 << 31;
         return tmp;
     }
 
-    static long[] oneAsLongs()
+    public static long[] oneAsLongs()
     {
         long[] tmp = new long[2];
         tmp[0] = 1L << 63;
         return tmp;
     }
 
-    static byte[] asBytes(int[] x)
+    public static byte[] asBytes(int[] x)
     {
         byte[] z = new byte[16];
         Pack.intToBigEndian(x, z, 0);
         return z;
     }
 
-    static void asBytes(int[] x, byte[] z)
+    public static void asBytes(int[] x, byte[] z)
     {
         Pack.intToBigEndian(x, z, 0);
     }
 
-    static byte[] asBytes(long[] x)
+    public static byte[] asBytes(long[] x)
     {
         byte[] z = new byte[16];
         Pack.longToBigEndian(x, z, 0);
         return z;
     }
 
-    static void asBytes(long[] x, byte[] z)
+    public static void asBytes(long[] x, byte[] z)
     {
         Pack.longToBigEndian(x, z, 0);
     }
 
-    static int[] asInts(byte[] x)
+    public static int[] asInts(byte[] x)
     {
         int[] z = new int[4];
         Pack.bigEndianToInt(x, 0, z);
         return z;
     }
 
-    static void asInts(byte[] x, int[] z)
+    public static void asInts(byte[] x, int[] z)
     {
         Pack.bigEndianToInt(x, 0, z);
     }
 
-    static long[] asLongs(byte[] x)
+    public static long[] asLongs(byte[] x)
     {
         long[] z = new long[2];
         Pack.bigEndianToLong(x, 0, z);
         return z;
     }
 
-    static void asLongs(byte[] x, long[] z)
+    public static void asLongs(byte[] x, long[] z)
     {
         Pack.bigEndianToLong(x, 0, z);
     }
 
-    static void multiply(byte[] x, byte[] y)
+    public static void multiply(byte[] x, byte[] y)
     {
-        byte[] r0 = Arrays.clone(x);
-        byte[] r1 = new byte[16];
-
-        for (int i = 0; i < 16; ++i)
-        {
-            byte bits = y[i];
-            for (int j = 7; j >= 0; --j)
-            {
-                if ((bits & (1 << j)) != 0)
-                {
-                    xor(r1, r0);
-                }
-
-                if (shiftRight(r0) != 0)
-                {
-                    r0[0] ^= E1B;
-                }
-            }
-        }
-
-        System.arraycopy(r1, 0, x, 0, 16);
+        int[] t1 = GCMUtil.asInts(x);
+        int[] t2 = GCMUtil.asInts(y);
+        GCMUtil.multiply(t1, t2);
+        GCMUtil.asBytes(t1, x);
     }
 
-    static void multiply(int[] x, int[] y)
+    public static void multiply(int[] x, int[] y)
     {
-        int[] r0 = Arrays.clone(x);
-        int[] r1 = new int[4];
-
+        int r00 = x[0], r01 = x[1], r02 = x[2], r03 = x[3];
+        int r10 = 0, r11 = 0, r12 = 0, r13 = 0;
+        
         for (int i = 0; i < 4; ++i)
         {
             int bits = y[i];
-            for (int j = 31; j >= 0; --j)
+            for (int j = 0; j < 32; ++j)
             {
-                if ((bits & (1 << j)) != 0)
-                {
-                    xor(r1, r0);
-                }
-
-                if (shiftRight(r0) != 0)
-                {
-                    r0[0] ^= E1;
-                }
+                int m1 = bits >> 31; bits <<= 1;
+                r10 ^= (r00 & m1);
+                r11 ^= (r01 & m1);
+                r12 ^= (r02 & m1);
+                r13 ^= (r03 & m1);
+
+                int m2 = (r03 << 31) >> 8;
+                r03 = (r03 >>> 1) | (r02 << 63);
+                r02 = (r02 >>> 1) | (r01 << 63);
+                r01 = (r01 >>> 1) | (r00 << 63);
+                r00 = (r00 >>> 1) ^ (m2 & E1);
             }
         }
 
-        System.arraycopy(r1, 0, x, 0, 4);
+        x[0] = r10;
+        x[1] = r11;
+        x[2] = r12;
+        x[3] = r13;
     }
 
-    static void multiply(long[] x, long[] y)
+    public static void multiply(long[] x, long[] y)
     {
-        long[] r0 = new long[]{ x[0], x[1] };
-        long[] r1 = new long[2];
+        long r00 = x[0], r01 = x[1], r10 = 0, r11 = 0;
 
         for (int i = 0; i < 2; ++i)
         {
             long bits = y[i];
-            for (int j = 63; j >= 0; --j)
+            for (int j = 0; j < 64; ++j)
             {
-                if ((bits & (1L << j)) != 0)
-                {
-                    xor(r1, r0);
-                }
+                long m1 = bits >> 63; bits <<= 1;
+                r10 ^= (r00 & m1);
+                r11 ^= (r01 & m1);
 
-                if (shiftRight(r0) != 0)
-                {
-                    r0[0] ^= E1L;
-                }
+                long m2 = (r01 << 63) >> 8;
+                r01 = (r01 >>> 1) | (r00 << 63);
+                r00 = (r00 >>> 1) ^ (m2 & E1L);
             }
         }
 
-        x[0] = r1[0];
-        x[1] = r1[1];
+        x[0] = r10;
+        x[1] = r11;
     }
 
     // P is the value with only bit i=1 set
-    static void multiplyP(int[] x)
+    public static void multiplyP(int[] x)
     {
-        if (shiftRight(x) != 0)
-        {
-            x[0] ^= E1;
-        }
+        int m = shiftRight(x) >> 8;
+        x[0] ^= (m & E1);
     }
 
-    static void multiplyP(int[] x, int[] y)
+    public static void multiplyP(int[] x, int[] z)
     {
-        if (shiftRight(x, y) != 0)
-        {
-            y[0] ^= E1;
-        }
+        int m = shiftRight(x, z) >> 8;
+        z[0] ^= (m & E1);
     }
 
     // P is the value with only bit i=1 set
-    static void multiplyP8(int[] x)
+    public static void multiplyP8(int[] x)
     {
 //        for (int i = 8; i != 0; --i)
 //        {
@@ -205,74 +184,12 @@ abstract class GCMUtil
         x[0] ^= LOOKUP[c >>> 24];
     }
 
-    static void multiplyP8(int[] x, int[] y)
+    public static void multiplyP8(int[] x, int[] y)
     {
         int c = shiftRightN(x, 8, y);
         y[0] ^= LOOKUP[c >>> 24];
     }
 
-    static byte shiftRight(byte[] x)
-    {
-//        int c = 0;
-//        for (int i = 0; i < 16; ++i)
-//        {
-//            int b = x[i] & 0xff;
-//            x[i] = (byte)((b >>> 1) | c);
-//            c = (b & 1) << 7;
-//        }
-//        return (byte)c;
-
-        int i = 0, c = 0;
-        do
-        {
-            int b = x[i] & 0xff;
-            x[i++] = (byte)((b >>> 1) | c);
-            c = (b & 1) << 7;
-            b = x[i] & 0xff;
-            x[i++] = (byte)((b >>> 1) | c);
-            c = (b & 1) << 7;
-            b = x[i] & 0xff;
-            x[i++] = (byte)((b >>> 1) | c);
-            c = (b & 1) << 7;
-            b = x[i] & 0xff;
-            x[i++] = (byte)((b >>> 1) | c);
-            c = (b & 1) << 7;
-        }
-        while (i < 16);
-        return (byte)c;
-    }
-
-    static byte shiftRight(byte[] x, byte[] z)
-    {
-//        int c = 0;
-//        for (int i = 0; i < 16; ++i)
-//        {
-//            int b = x[i] & 0xff;
-//            z[i] = (byte) ((b >>> 1) | c);
-//            c = (b & 1) << 7;
-//        }
-//        return (byte) c;
-
-        int i = 0, c = 0;
-        do
-        {
-            int b = x[i] & 0xff;
-            z[i++] = (byte)((b >>> 1) | c);
-            c = (b & 1) << 7;
-            b = x[i] & 0xff;
-            z[i++] = (byte)((b >>> 1) | c);
-            c = (b & 1) << 7;
-            b = x[i] & 0xff;
-            z[i++] = (byte)((b >>> 1) | c);
-            c = (b & 1) << 7;
-            b = x[i] & 0xff;
-            z[i++] = (byte)((b >>> 1) | c);
-            c = (b & 1) << 7;
-        }
-        while (i < 16);
-        return (byte)c;
-    }
-
     static int shiftRight(int[] x)
     {
 //        int c = 0;
@@ -393,7 +310,7 @@ abstract class GCMUtil
         return b << nInv;
     }
 
-    static void xor(byte[] x, byte[] y)
+    public static void xor(byte[] x, byte[] y)
     {
         int i = 0;
         do
@@ -406,15 +323,15 @@ abstract class GCMUtil
         while (i < 16);
     }
 
-    static void xor(byte[] x, byte[] y, int yOff, int yLen)
+    public static void xor(byte[] x, byte[] y, int yOff, int yLen)
     {
-        while (yLen-- > 0)
+        while (--yLen >= 0)
         {
             x[yLen] ^= y[yOff + yLen];
         }
     }
 
-    static void xor(byte[] x, byte[] y, byte[] z)
+    public static void xor(byte[] x, byte[] y, byte[] z)
     {
         int i = 0;
         do
@@ -427,7 +344,7 @@ abstract class GCMUtil
         while (i < 16);
     }
 
-    static void xor(int[] x, int[] y)
+    public static void xor(int[] x, int[] y)
     {
         x[0] ^= y[0];
         x[1] ^= y[1];
@@ -435,7 +352,7 @@ abstract class GCMUtil
         x[3] ^= y[3];
     }
 
-    static void xor(int[] x, int[] y, int[] z)
+    public static void xor(int[] x, int[] y, int[] z)
     {
         z[0] = x[0] ^ y[0];
         z[1] = x[1] ^ y[1];
@@ -443,13 +360,13 @@ abstract class GCMUtil
         z[3] = x[3] ^ y[3];
     }
 
-    static void xor(long[] x, long[] y)
+    public static void xor(long[] x, long[] y)
     {
         x[0] ^= y[0];
         x[1] ^= y[1];
     }
 
-    static void xor(long[] x, long[] y, long[] z)
+    public static void xor(long[] x, long[] y, long[] z)
     {
         z[0] = x[0] ^ y[0];
         z[1] = x[1] ^ y[1];
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java
index a34a6ea..4f32a0d 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java
@@ -1,7 +1,7 @@
 package org.bouncycastle.crypto.modes.gcm;
 
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
 
 public class Tables64kGCMMultiplier implements GCMMultiplier
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java
index 8535db5..69c1dce 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.java
@@ -1,7 +1,7 @@
 package org.bouncycastle.crypto.modes.gcm;
 
-import org.bouncycastle.crypto.util.Pack;
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
 
 public class Tables8kGCMMultiplier  implements GCMMultiplier
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/package.html
new file mode 100644
index 0000000..09c42f0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/gcm/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+GCM mode support classes.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/modes/package.html
new file mode 100644
index 0000000..5402df4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Modes for symmetric ciphers.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/package.html
new file mode 100644
index 0000000..ee5487f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Base classes for the lightweight API.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java b/bcprov/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java
index 93b149f..8b30398 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java
@@ -57,18 +57,19 @@ public class PKCS7Padding
         throws InvalidCipherTextException
     {
         int count = in[in.length - 1] & 0xff;
+        byte countAsbyte = (byte)count;
 
-        if (count > in.length || count == 0)
+        // constant time version
+        boolean failed = (count > in.length | count == 0);
+
+        for (int i = 0; i < in.length; i++)
         {
-            throw new InvalidCipherTextException("pad block corrupted");
+            failed |= (in.length - i <= count) & (in[i] != countAsbyte);
         }
-        
-        for (int i = 1; i <= count; i++)
+
+        if (failed)
         {
-            if (in[in.length - i] != count)
-            {
-                throw new InvalidCipherTextException("pad block corrupted");
-            }
+            throw new InvalidCipherTextException("pad block corrupted");
         }
 
         return count;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java
index ee3fd60..d5928f7 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java
@@ -125,7 +125,7 @@ public class PaddedBufferedBlockCipher
 
         if (leftOver == 0)
         {
-            return total - buf.length;
+            return Math.max(0, total - buf.length);
         }
 
         return total - leftOver;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/paddings/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/paddings/package.html
new file mode 100644
index 0000000..2b82e60
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/paddings/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Paddings for symmetric ciphers.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupKeyGenerationParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupKeyGenerationParameters.java
new file mode 100644
index 0000000..001cd59
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupKeyGenerationParameters.java
@@ -0,0 +1,29 @@
+package org.bouncycastle.crypto.params;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.KeyGenerationParameters;
+
+public class CramerShoupKeyGenerationParameters
+	extends KeyGenerationParameters
+{
+
+	private CramerShoupParameters params;
+
+	public CramerShoupKeyGenerationParameters(SecureRandom random, CramerShoupParameters params)
+	{
+		super(random, getStrength(params));
+
+		this.params = params;
+	}
+
+	public CramerShoupParameters getParameters()
+	{
+		return params;
+	}
+
+	static int getStrength(CramerShoupParameters params)
+	{
+		return params.getP().bitLength();
+	}
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupKeyParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupKeyParameters.java
new file mode 100644
index 0000000..9e4219c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupKeyParameters.java
@@ -0,0 +1,40 @@
+package org.bouncycastle.crypto.params;
+
+public class CramerShoupKeyParameters extends AsymmetricKeyParameter {
+	
+	private CramerShoupParameters params;
+
+	protected CramerShoupKeyParameters(boolean isPrivate, CramerShoupParameters params) {
+		super(isPrivate);
+
+		this.params = params;
+	}
+
+	public CramerShoupParameters getParameters() {
+		return params;
+	}
+
+	public boolean equals(Object obj) {
+		if (!(obj instanceof CramerShoupKeyParameters)) {
+			return false;
+		}
+
+		CramerShoupKeyParameters csKey = (CramerShoupKeyParameters) obj;
+
+		if (params == null) {
+			return csKey.getParameters() == null;
+		} else {
+			return params.equals(csKey.getParameters());
+		}
+	}
+
+	public int hashCode() {
+		int code = isPrivate() ? 0 : 1;
+
+		if (params != null) {
+			code ^= params.hashCode();
+		}
+
+		return code;
+	}
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupParameters.java
new file mode 100644
index 0000000..24264b6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupParameters.java
@@ -0,0 +1,53 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.Digest;
+
+public class CramerShoupParameters implements CipherParameters {
+
+	private BigInteger p; // prime order of G
+	private BigInteger g1, g2; // generate G
+	
+	private Digest H; // hash function
+
+	public CramerShoupParameters(BigInteger p, BigInteger g1, BigInteger g2, Digest H) {
+		this.p = p;
+		this.g1 = g1;
+		this.g2 = g2;
+		this.H = H;
+	}
+
+	public boolean equals(Object obj) {
+		if (!(obj instanceof DSAParameters)) {
+			return false;
+		}
+
+		CramerShoupParameters pm = (CramerShoupParameters) obj;
+
+		return (pm.getP().equals(p) && pm.getG1().equals(g1) && pm.getG2().equals(g2));
+	}
+
+	public int hashCode() {
+		return getP().hashCode() ^ getG1().hashCode() ^ getG2().hashCode();
+	}
+	
+	public BigInteger getG1() {
+		return g1;
+	}
+	
+	public BigInteger getG2() {
+		return g2;
+	}
+	
+	public BigInteger getP() {
+		return p;
+	}
+	
+	public Digest getH() {
+		H.reset();
+		return H;
+	}
+	
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupPrivateKeyParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupPrivateKeyParameters.java
new file mode 100644
index 0000000..79de46a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupPrivateKeyParameters.java
@@ -0,0 +1,61 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+public class CramerShoupPrivateKeyParameters extends CramerShoupKeyParameters {
+	
+	private BigInteger x1, x2, y1, y2, z; // Z_p
+	private CramerShoupPublicKeyParameters pk; // public key
+
+	public CramerShoupPrivateKeyParameters(CramerShoupParameters params, BigInteger x1, BigInteger x2, BigInteger y1, BigInteger y2, BigInteger z) {
+		super(true, params);
+
+		this.x1 = x1;
+		this.x2 = x2;
+		this.y1 = y1;
+		this.y2 = y2;
+		this.z = z;
+	}
+
+	public BigInteger getX1() {
+		return x1;
+	}
+	
+	public BigInteger getX2() {
+		return x2;
+	}
+	
+	public BigInteger getY1() {
+		return y1;
+	}
+	
+	public BigInteger getY2() {
+		return y2;
+	}
+	
+	public BigInteger getZ() {
+		return z;
+	}
+	
+	public void setPk(CramerShoupPublicKeyParameters pk) {
+		this.pk = pk;
+	}
+	
+	public CramerShoupPublicKeyParameters getPk() {
+		return pk;
+	}
+
+	public int hashCode() {
+		return x1.hashCode() ^ x2.hashCode() ^ y1.hashCode() ^ y2.hashCode() ^ z.hashCode() ^ super.hashCode();
+	}
+
+	public boolean equals(Object obj) {
+		if (!(obj instanceof CramerShoupPrivateKeyParameters)) {
+			return false;
+		}
+
+		CramerShoupPrivateKeyParameters other = (CramerShoupPrivateKeyParameters) obj;
+
+		return other.getX1().equals(this.x1) && other.getX2().equals(this.x2) && other.getY1().equals(this.y1) && other.getY2().equals(this.y2) && other.getZ().equals(this.z) && super.equals(obj);
+	}
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupPublicKeyParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupPublicKeyParameters.java
new file mode 100644
index 0000000..341149c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/CramerShoupPublicKeyParameters.java
@@ -0,0 +1,42 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+public class CramerShoupPublicKeyParameters extends CramerShoupKeyParameters {
+	
+	private BigInteger c, d, h; // public key group elements
+
+	public CramerShoupPublicKeyParameters(CramerShoupParameters params, BigInteger c, BigInteger d, BigInteger h) {
+		super(false, params);
+
+		this.c = c;
+		this.d = d;
+		this.h = h;
+	}
+
+	public BigInteger getC() {
+		return c;
+	}
+	
+	public BigInteger getD() {
+		return d;
+	}
+	
+	public BigInteger getH() {
+		return h;
+	}
+
+	public int hashCode() {
+		return c.hashCode() ^ d.hashCode() ^ h.hashCode() ^ super.hashCode();
+	}
+
+	public boolean equals(Object obj) {
+		if (!(obj instanceof CramerShoupPublicKeyParameters)) {
+			return false;
+		}
+
+		CramerShoupPublicKeyParameters other = (CramerShoupPublicKeyParameters) obj;
+
+		return other.getC().equals(c) && other.getD().equals(d) && other.getH().equals(h) && super.equals(obj);
+	}
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/DHParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/DHParameters.java
index b679287..fec6dfd 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/params/DHParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/DHParameters.java
@@ -84,8 +84,7 @@ public class DHParameters
     {
         if (l != 0)
         {
-            BigInteger bigL = BigInteger.valueOf(2L ^ (l - 1));
-            if (bigL.compareTo(p) == 1)
+            if (l > p.bitLength())
             {
                 throw new IllegalArgumentException("when l value specified, it must satisfy 2^(l-1) <= p");
             }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/ECNamedDomainParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/ECNamedDomainParameters.java
new file mode 100644
index 0000000..5b694be
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/ECNamedDomainParameters.java
@@ -0,0 +1,35 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+public class ECNamedDomainParameters
+    extends ECDomainParameters
+{
+    private ASN1ObjectIdentifier name;
+
+    public ECNamedDomainParameters(ASN1ObjectIdentifier name, ECCurve curve, ECPoint G, BigInteger n)
+    {
+        this(name, curve, G, n, null, null);
+    }
+
+    public ECNamedDomainParameters(ASN1ObjectIdentifier name, ECCurve curve, ECPoint G, BigInteger n, BigInteger h)
+    {
+        this(name, curve, G, n, h, null);
+    }
+
+    public ECNamedDomainParameters(ASN1ObjectIdentifier name, ECCurve curve, ECPoint G, BigInteger n, BigInteger h, byte[] seed)
+    {
+        super(curve, G, n, h, seed);
+
+        this.name = name;
+    }
+
+    public ASN1ObjectIdentifier getName()
+    {
+        return name;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/KDFCounterParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/KDFCounterParameters.java
index 0eb6cb7..29d8b36 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/params/KDFCounterParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/KDFCounterParameters.java
@@ -3,15 +3,63 @@ package org.bouncycastle.crypto.params;
 import org.bouncycastle.crypto.DerivationParameters;
 import org.bouncycastle.util.Arrays;
 
+/**
+ * This KDF has been defined by the publicly available NIST SP 800-108 specification.
+ * NIST SP800-108 allows for alternative orderings of the input fields, meaning that the input can be formated in multiple ways.
+ * There are 3 supported formats:  - Below [i]_2 is a counter of r-bits length concatenated to the fixedInputData.
+ * <ul>
+ * <li>1: K(i) := PRF( KI, [i]_2 || Label || 0x00 || Context || [L]_2 ) with the counter at the very beginning of the fixedInputData (The default implementation has this format)</li>
+ * <li>2: K(i) := PRF( KI, Label || 0x00 || Context || [L]_2 || [i]_2 ) with the counter at the very end of the fixedInputData</li>
+ * <li>3a: K(i) := PRF( KI, Label || 0x00 || [i]_2 || Context || [L]_2 ) OR:</li>
+ * <li>3b: K(i) := PRF( KI, Label || 0x00 || [i]_2 || [L]_2 || Context ) OR:</li>
+ * <li>3c: K(i) := PRF( KI, Label || [i]_2 || 0x00 || Context || [L]_2 ) etc... with the counter somewhere in the 'middle' of the fixedInputData.</li>
+ * </ul>
+ * <p>
+ * This function must be called with the following KDFCounterParameters():
+ *  - KI     <br/>
+ *  - The part of the fixedInputData that comes BEFORE the counter OR null  <br/>
+ *  - the part of the fixedInputData that comes AFTER the counter OR null  <br/>
+ *  - the length of the counter in bits (not bytes) <br/>
+ * </p>
+ * Resulting function calls assuming an 8 bit counter.
+ * <ul>
+ * <li>1.  KDFCounterParameters(ki, 	null, 									"Label || 0x00 || Context || [L]_2]",	8); </li>
+ * <li>2.  KDFCounterParameters(ki, 	"Label || 0x00 || Context || [L]_2]", 	null,									8); </li>
+ * <li>3a. KDFCounterParameters(ki, 	"Label || 0x00",						"Context || [L]_2]",					8);  </li>
+ * <li>3b. KDFCounterParameters(ki, 	"Label || 0x00",						"[L]_2] || Context",					8);</li>
+ * <li>3c. KDFCounterParameters(ki, 	"Label", 								"0x00 || Context || [L]_2]",			8); </li>
+ * </ul>
+ */
 public final class KDFCounterParameters
     implements DerivationParameters
 {
 
-    private final byte[] ki;
-    private final byte[] fixedInputData;
-    private final int r;
+    private byte[] ki;
+    private byte[] fixedInputDataCounterPrefix;
+    private byte[] fixedInputDataCounterSuffix;
+    private int r;
 
-    public KDFCounterParameters(byte[] ki, byte[] fixedInputData, int r)
+    /**
+     * Base constructor - suffix fixed input data only.
+     *
+     * @param ki the KDF seed
+     * @param fixedInputDataCounterSuffix  fixed input data to follow counter.
+     * @param r length of the counter in bits.
+     */
+    public KDFCounterParameters(byte[] ki, byte[] fixedInputDataCounterSuffix, int r)
+    {
+    	this(ki, null, fixedInputDataCounterSuffix, r);
+    }
+
+    /**
+     * Base constructor - prefix and suffix fixed input data.
+     *
+     * @param ki the KDF seed
+     * @param fixedInputDataCounterPrefix fixed input data to precede counter
+     * @param fixedInputDataCounterSuffix fixed input data to follow counter.
+     * @param r length of the counter in bits.
+     */
+    public KDFCounterParameters(byte[] ki, byte[] fixedInputDataCounterPrefix, byte[] fixedInputDataCounterSuffix, int r)
     {
         if (ki == null)
         {
@@ -19,13 +67,22 @@ public final class KDFCounterParameters
         }
         this.ki = Arrays.clone(ki);
 
-        if (fixedInputData == null)
+        if (fixedInputDataCounterPrefix == null)
+        {
+            this.fixedInputDataCounterPrefix = new byte[0];
+        }
+        else
+        {
+            this.fixedInputDataCounterPrefix = Arrays.clone(fixedInputDataCounterPrefix);
+        }
+        
+        if (fixedInputDataCounterSuffix == null)
         {
-            this.fixedInputData = new byte[0];
+            this.fixedInputDataCounterSuffix = new byte[0];
         }
         else
         {
-            this.fixedInputData = Arrays.clone(fixedInputData);
+            this.fixedInputDataCounterSuffix = Arrays.clone(fixedInputDataCounterSuffix);
         }
 
         if (r != 8 && r != 16 && r != 24 && r != 32)
@@ -34,7 +91,7 @@ public final class KDFCounterParameters
         }
         this.r = r;
     }
-
+    
     public byte[] getKI()
     {
         return ki;
@@ -42,7 +99,18 @@ public final class KDFCounterParameters
 
     public byte[] getFixedInputData()
     {
-        return Arrays.clone(fixedInputData);
+    	//Retained for backwards compatibility
+        return Arrays.clone(fixedInputDataCounterSuffix);
+    }
+
+    public byte[] getFixedInputDataCounterPrefix()
+    {
+        return Arrays.clone(fixedInputDataCounterPrefix);
+    }
+    
+    public byte[] getFixedInputDataCounterSuffix()
+    {
+        return Arrays.clone(fixedInputDataCounterSuffix);
     }
 
     public int getR()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/SRP6GroupParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/SRP6GroupParameters.java
new file mode 100644
index 0000000..506560e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/SRP6GroupParameters.java
@@ -0,0 +1,24 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+public class SRP6GroupParameters
+{
+    private BigInteger N, g;
+
+    public SRP6GroupParameters(BigInteger N, BigInteger g)
+    {
+        this.N = N;
+        this.g = g;
+    }
+
+    public BigInteger getG()
+    {
+        return g;
+    }
+
+    public BigInteger getN()
+    {
+        return N;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/SkeinParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/SkeinParameters.java
index 76241ee..326e106 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/params/SkeinParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/SkeinParameters.java
@@ -8,6 +8,7 @@ import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Hashtable;
+import java.util.Locale;
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.digests.SkeinDigest;
@@ -17,7 +18,7 @@ import org.bouncycastle.util.Integers;
 
 /**
  * Parameters for the Skein hash function - a series of byte[] strings identified by integer tags.
- * <p/>
+ * <p>
  * Parameterised Skein can be used for:
  * <ul>
  * <li>MAC generation, by providing a {@link SkeinParameters.Builder#setKey(byte[]) key}.</li>
@@ -179,9 +180,9 @@ public class SkeinParameters
          * Sets a parameters to apply to the Skein hash function.<br>
          * Parameter types must be in the range 0,5..62, and cannot use the value {@value
          * SkeinParameters#PARAM_TYPE_MESSAGE} (reserved for message body).
-         * <p/>
-         * Parameters with type < {@value SkeinParameters#PARAM_TYPE_MESSAGE} are processed before
-         * the message content, parameters with type > {@value SkeinParameters#PARAM_TYPE_MESSAGE}
+         * <p>
+         * Parameters with type &lt; {@value SkeinParameters#PARAM_TYPE_MESSAGE} are processed before
+         * the message content, parameters with type &gt; {@value SkeinParameters#PARAM_TYPE_MESSAGE}
          * are processed after the message and prior to output.
          *
          * @param type  the type of the parameter, in the range 5..62.
@@ -227,14 +228,14 @@ public class SkeinParameters
         /**
          * Implements the recommended personalisation format for Skein defined in Section 4.11 of
          * the Skein 1.3 specification.
-         * <p/>
+         * <p>
          * The format is <code>YYYYMMDD email@address distinguisher</code>, encoded to a byte
          * sequence using UTF-8 encoding.
          *
          * @param date          the date the personalised application of the Skein was defined.
          * @param emailAddress  the email address of the creation of the personalised application.
          * @param distinguisher an arbitrary personalisation string distinguishing the application.
-         * @return
+         * @return the current builder.
          */
         public Builder setPersonalisation(Date date, String emailAddress, String distinguisher)
         {
@@ -258,6 +259,41 @@ public class SkeinParameters
         }
 
         /**
+          * Implements the recommended personalisation format for Skein defined in Section 4.11 of
+          * the Skein 1.3 specification. You may need to use this method if the default locale
+          * doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible implementations.
+          * <p>
+          * The format is <code>YYYYMMDD email@address distinguisher</code>, encoded to a byte
+          * sequence using UTF-8 encoding.
+          *
+          * @param date          the date the personalised application of the Skein was defined.
+          * @param dateLocale    locale to be used for date interpretation.
+          * @param emailAddress  the email address of the creation of the personalised application.
+          * @param distinguisher an arbitrary personalisation string distinguishing the application.
+          * @return the current builder.
+          */
+         public Builder setPersonalisation(Date date, Locale dateLocale, String emailAddress, String distinguisher)
+         {
+             try
+             {
+                 final ByteArrayOutputStream bout = new ByteArrayOutputStream();
+                 final OutputStreamWriter out = new OutputStreamWriter(bout, "UTF-8");
+                 final DateFormat format = new SimpleDateFormat("YYYYMMDD", dateLocale);
+                 out.write(format.format(date));
+                 out.write(" ");
+                 out.write(emailAddress);
+                 out.write(" ");
+                 out.write(distinguisher);
+                 out.close();
+                 return set(PARAM_TYPE_PERSONALISATION, bout.toByteArray());
+             }
+             catch (IOException e)
+             {
+                 throw new IllegalStateException("Byte I/O failed: " + e);
+             }
+         }
+
+        /**
          * Sets the {@link SkeinParameters#PARAM_TYPE_KEY_IDENTIFIER} parameter.
          */
         public Builder setPublicKey(byte[] publicKey)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/params/package.html
new file mode 100644
index 0000000..4e00a75
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Classes for parameter objects for ciphers and generators.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/parsers/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/parsers/package.html
new file mode 100644
index 0000000..03d05c7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/parsers/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Helper classes for parsing "on the wire" public keys.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/SP800SecureRandom.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/SP800SecureRandom.java
index e1ec6c2..9481782 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/prng/SP800SecureRandom.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/SP800SecureRandom.java
@@ -57,7 +57,7 @@ public class SP800SecureRandom
             // check if a reseed is required...
             if (drbg.generate(bytes, null, predictionResistant) < 0)
             {
-                drbg.reseed(entropySource.getEntropy());
+                drbg.reseed(null);
                 drbg.generate(bytes, null, predictionResistant);
             }
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/VMPCRandomGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/VMPCRandomGenerator.java
index 2146af7..c7e420d 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/prng/VMPCRandomGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/VMPCRandomGenerator.java
@@ -1,6 +1,6 @@
 package org.bouncycastle.crypto.prng;
 
-import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Pack;
 
 public class VMPCRandomGenerator implements RandomGenerator
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/X931RNG.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/X931RNG.java
new file mode 100644
index 0000000..f86dc2d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/X931RNG.java
@@ -0,0 +1,146 @@
+package org.bouncycastle.crypto.prng;
+
+import org.bouncycastle.crypto.BlockCipher;
+
+public class X931RNG
+{
+    private static final long       BLOCK64_RESEED_MAX = 1L << (16 - 1);
+    private static final long       BLOCK128_RESEED_MAX = 1L << (24 - 1);
+    private static final int        BLOCK64_MAX_BITS_REQUEST = 1 << (13 - 1);
+    private static final int        BLOCK128_MAX_BITS_REQUEST = 1 << (19 - 1);
+    
+    private final BlockCipher engine;
+    private final EntropySource entropySource;
+
+    private final byte[] DT;
+    private final byte[] I;
+    private final byte[] R;;
+
+    private byte[] V;
+
+    private long reseedCounter = 1;
+
+    /**
+     *
+     * @param engine
+     * @param entropySource
+     */
+    public X931RNG(BlockCipher engine, byte[] dateTimeVector, EntropySource entropySource)
+    {
+        this.engine = engine;
+        this.entropySource = entropySource;
+
+        this.DT = new byte[engine.getBlockSize()];
+
+        System.arraycopy(dateTimeVector, 0, DT, 0, DT.length);
+
+        this.I = new byte[engine.getBlockSize()];
+        this.R = new byte[engine.getBlockSize()];
+    }
+
+    /**
+     * Populate a passed in array with random data.
+     *
+     * @param output output array for generated bits.
+     * @param predictionResistant true if a reseed should be forced, false otherwise.
+     *
+     * @return number of bits generated, -1 if a reseed required.
+     */
+    int generate(byte[] output, boolean predictionResistant)
+    {
+        if (R.length == 8) // 64 bit block size
+        {
+            if (reseedCounter > BLOCK64_RESEED_MAX)
+            {
+                return -1;
+            }
+
+            if (isTooLarge(output, BLOCK64_MAX_BITS_REQUEST / 8))
+            {
+                throw new IllegalArgumentException("Number of bits per request limited to " + BLOCK64_MAX_BITS_REQUEST);
+            }
+        }
+        else
+        {
+            if (reseedCounter > BLOCK128_RESEED_MAX)
+            {
+                return -1;
+            }
+
+            if (isTooLarge(output, BLOCK128_MAX_BITS_REQUEST / 8))
+            {
+                throw new IllegalArgumentException("Number of bits per request limited to " + BLOCK128_MAX_BITS_REQUEST);
+            }
+        }
+        
+        if (predictionResistant || V == null)
+        {
+            V = entropySource.getEntropy();
+        }
+
+        int m = output.length / R.length;
+
+        for (int i = 0; i < m; i++)
+        {
+            engine.processBlock(DT, 0, I, 0);
+            process(R, I, V);
+            process(V, R, I);
+
+            System.arraycopy(R, 0, output, i * R.length, R.length);
+
+            increment(DT);
+        }
+
+        int bytesToCopy = (output.length - m * R.length);
+
+        if (bytesToCopy > 0)
+        {
+            engine.processBlock(DT, 0, I, 0);
+            process(R, I, V);
+            process(V, R, I);
+
+            System.arraycopy(R, 0, output, m * R.length, bytesToCopy);
+
+            increment(DT);
+        }
+
+        reseedCounter++;
+
+        return output.length;
+    }
+
+    /**
+     * Reseed the RNG.
+     */
+    void reseed()
+    {
+        V = entropySource.getEntropy();
+        reseedCounter = 1;
+    }
+
+    private void process(byte[] res, byte[] a, byte[] b)
+    {
+        for (int i = 0; i != res.length; i++)
+        {
+            res[i] = (byte)(a[i] ^ b[i]);
+        }
+
+        engine.processBlock(res, 0, res, 0);
+    }
+
+    private void increment(byte[] val)
+    {
+        for (int i = val.length - 1; i >= 0; i--)
+        {
+            if (++val[i] != 0)
+            {
+                break;
+            }
+        }
+    }
+    
+    private static boolean isTooLarge(byte[] bytes, int maxBytes)
+    {
+        return bytes != null && bytes.length > maxBytes;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/X931SecureRandom.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/X931SecureRandom.java
new file mode 100644
index 0000000..e51e6f0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/X931SecureRandom.java
@@ -0,0 +1,63 @@
+package org.bouncycastle.crypto.prng;
+
+import java.security.SecureRandom;
+
+public class X931SecureRandom
+    extends SecureRandom
+{
+    private final boolean predictionResistant;
+    private final SecureRandom randomSource;
+    private final X931RNG drbg;
+
+    X931SecureRandom(SecureRandom randomSource, X931RNG drbg, boolean predictionResistant)
+    {
+        this.randomSource = randomSource;
+        this.drbg = drbg;
+        this.predictionResistant = predictionResistant;
+    }
+
+    public void setSeed(byte[] seed)
+    {
+        synchronized (this)
+        {
+            if (randomSource != null)
+            {
+                this.randomSource.setSeed(seed);
+            }
+        }
+    }
+
+    public void setSeed(long seed)
+    {
+        synchronized (this)
+        {
+            // this will happen when SecureRandom() is created
+            if (randomSource != null)
+            {
+                this.randomSource.setSeed(seed);
+            }
+        }
+    }
+
+    public void nextBytes(byte[] bytes)
+    {
+        synchronized (this)
+        {
+            // check if a reseed is required...
+            if (drbg.generate(bytes, predictionResistant) < 0)
+            {
+                drbg.reseed();
+                drbg.generate(bytes, predictionResistant);
+            }
+        }
+    }
+
+    public byte[] generateSeed(int numBytes)
+    {
+        byte[] bytes = new byte[numBytes];
+
+        this.nextBytes(bytes);
+
+        return bytes;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/X931SecureRandomBuilder.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/X931SecureRandomBuilder.java
new file mode 100644
index 0000000..89c2905
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/X931SecureRandomBuilder.java
@@ -0,0 +1,97 @@
+package org.bouncycastle.crypto.prng;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Pack;
+
+public class X931SecureRandomBuilder
+{
+    private SecureRandom random;          // JDK 1.1 complains on final.
+    private EntropySourceProvider entropySourceProvider;
+
+    private BlockCipher engine;
+    private byte[] dateTimeVector;
+
+    /**
+     * Basic constructor, creates a builder using an EntropySourceProvider based on the default SecureRandom with
+     * predictionResistant set to false.
+     * <p>
+     * Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if
+     * the default SecureRandom does for its generateSeed() call.
+     * </p>
+     */
+    public X931SecureRandomBuilder()
+    {
+        this(new SecureRandom(), false);
+    }
+
+    /**
+     * Construct a builder with an EntropySourceProvider based on the passed in SecureRandom and the passed in value
+     * for prediction resistance.
+     * <p>
+     * Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if
+     * the passed in SecureRandom does for its generateSeed() call.
+     * </p>
+     * @param entropySource
+     * @param predictionResistant
+     */
+    public X931SecureRandomBuilder(SecureRandom entropySource, boolean predictionResistant)
+    {
+        this.random = entropySource;
+        this.entropySourceProvider = new BasicEntropySourceProvider(random, predictionResistant);
+    }
+
+    /**
+     * Create a builder which makes creates the SecureRandom objects from a specified entropy source provider.
+     * <p>
+     * <b>Note:</b> If this constructor is used any calls to setSeed() in the resulting SecureRandom will be ignored.
+     * </p>
+     * @param entropySourceProvider a provider of EntropySource objects.
+     */
+    public X931SecureRandomBuilder(EntropySourceProvider entropySourceProvider)
+    {
+        this.random = null;
+        this.entropySourceProvider = entropySourceProvider;
+    }
+
+    public X931SecureRandomBuilder setDateTimeVector(byte[] dateTimeVector)
+    {
+        this.dateTimeVector = dateTimeVector;
+
+        return this;
+    }
+
+    /**
+     * Construct a X9.31 secure random generator using the passed in engine and key. If predictionResistant is true the
+     * generator will be reseeded on each request.
+     *
+     * @param engine a block cipher to use as the operator.
+     * @param key the block cipher key to initialise engine with.
+     * @param predictionResistant true if engine to be reseeded on each use, false otherwise.
+     * @return a SecureRandom.
+     */
+    public X931SecureRandom build(BlockCipher engine, KeyParameter key, boolean predictionResistant)
+    {
+        this.engine = engine;
+
+        if (dateTimeVector == null)
+        {
+            if (engine.getBlockSize() == 8)
+            {
+                dateTimeVector = Pack.longToBigEndian(System.currentTimeMillis());
+            }
+            else
+            {
+                dateTimeVector = new byte[engine.getBlockSize()];
+                byte[] date = Pack.longToBigEndian(System.currentTimeMillis());
+                System.arraycopy(date, 0, dateTimeVector, 0, date.length);
+            }
+        }
+
+        engine.init(true, key);
+
+        return new X931SecureRandom(random, new X931RNG(engine, dateTimeVector, entropySourceProvider.get(engine.getBlockSize() * 8)), predictionResistant);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/CTRSP800DRBG.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/CTRSP800DRBG.java
index 84fe4a4..5701199 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/CTRSP800DRBG.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/CTRSP800DRBG.java
@@ -310,6 +310,16 @@ public class CTRSP800DRBG
     }
 
     /**
+     * Return the block size (in bits) of the DRBG.
+     *
+     * @return the number of bits produced on each internal round of the DRBG.
+     */
+    public int getBlockSize()
+    {
+        return _V.length * 8;
+    }
+
+    /**
      * Populate a passed in array with random data.
      *
      * @param output output array for generated bits.
@@ -365,17 +375,20 @@ public class CTRSP800DRBG
 
         _engine.init(true, new KeyParameter(expandKey(_Key)));
 
-        for (int i = 0; i < output.length / out.length; i++)
+        for (int i = 0; i <= output.length / out.length; i++)
         {
-            addOneTo(_V);
-
-            _engine.processBlock(_V, 0, out, 0);
-
             int bytesToCopy = ((output.length - i * out.length) > out.length)
                     ? out.length
                     : (output.length - i * _V.length);
 
-            System.arraycopy(out, 0, output, i * out.length, bytesToCopy);
+            if (bytesToCopy != 0)
+            {
+                addOneTo(_V);
+
+                _engine.processBlock(_V, 0, out, 0);
+
+                System.arraycopy(out, 0, output, i * out.length, bytesToCopy);
+            }
         }
 
         CTR_DRBG_Update(additionalInput, _Key, _V);
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECPoints.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECPoints.java
index c3715bc..7dcfa94 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECPoints.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECPoints.java
@@ -19,7 +19,7 @@ public class DualECPoints
      * <pre>
      *     max_outlen = largest multiple of 8 less than ((field size in bits) - (13 + log2(cofactor))
      * </pre>
-     * </p>
+     *
      * @param securityStrength maximum security strength to be associated with these parameters
      * @param p the P point.
      * @param q the Q point.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java
index 8d326ff..4e1b881 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.java
@@ -6,7 +6,9 @@ import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.prng.EntropySource;
 import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.BigIntegers;
 
@@ -70,6 +72,7 @@ public class DualECSP800DRBG
     private ECPoint                _Q;
     private byte[]                 _s;
     private int                    _sLength;
+    private ECMultiplier           _fixedPointMultiplier = new FixedPointCombMultiplier();
 
     /**
      * Construct a SP800-90A Dual EC DRBG.
@@ -146,6 +149,16 @@ public class DualECSP800DRBG
     }
 
     /**
+     * Return the block size (in bits) of the DRBG.
+     *
+     * @return the number of bits produced on each internal round of the DRBG.
+     */
+    public int getBlockSize()
+    {
+        return _outlen * 8;
+    }
+
+    /**
      * Populate a passed in array with random data.
      *
      * @param output output array for generated bits.
@@ -199,7 +212,7 @@ public class DualECSP800DRBG
 
             //System.err.println("S: " + new String(Hex.encode(_s)));
 
-            byte[] r = _Q.multiply(s).normalize().getAffineXCoord().toBigInteger().toByteArray();
+            byte[] r = getScalarMultipleXCoord(_Q, s).toByteArray();
 
             if (r.length > _outlen)
             {
@@ -220,7 +233,7 @@ public class DualECSP800DRBG
         {
             s = getScalarMultipleXCoord(_P, s);
 
-            byte[] r = _Q.multiply(s).normalize().getAffineXCoord().toBigInteger().toByteArray();
+            byte[] r = getScalarMultipleXCoord(_Q, s).toByteArray();
 
             int required = output.length - outOffset;
 
@@ -237,7 +250,7 @@ public class DualECSP800DRBG
         }
 
         // Need to preserve length of S as unsigned int.
-        _s = BigIntegers.asUnsignedByteArray(_sLength, _P.multiply(s).normalize().getAffineXCoord().toBigInteger());
+        _s = BigIntegers.asUnsignedByteArray(_sLength, getScalarMultipleXCoord(_P, s));
 
         return numberOfBits;
     }
@@ -302,6 +315,6 @@ public class DualECSP800DRBG
 
     private BigInteger getScalarMultipleXCoord(ECPoint p, BigInteger s)
     {
-        return p.multiply(s).normalize().getAffineXCoord().toBigInteger();
+        return _fixedPointMultiplier.multiply(p, s).normalize().getAffineXCoord().toBigInteger();
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/HMacSP800DRBG.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/HMacSP800DRBG.java
index 3ddeaac..f4ef2c4 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/HMacSP800DRBG.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/HMacSP800DRBG.java
@@ -88,6 +88,16 @@ public class HMacSP800DRBG
     }
 
     /**
+     * Return the block size (in bits) of the DRBG.
+     *
+     * @return the number of bits produced on each round of the DRBG.
+     */
+    public int getBlockSize()
+    {
+        return _V.length * 8;
+    }
+
+    /**
      * Populate a passed in array with random data.
      *
      * @param output output array for generated bits.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/HashSP800DRBG.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/HashSP800DRBG.java
index 4ed5716..d6ab4f5 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/HashSP800DRBG.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/HashSP800DRBG.java
@@ -88,6 +88,16 @@ public class HashSP800DRBG
     }
 
     /**
+     * Return the block size (in bits) of the DRBG.
+     *
+     * @return the number of bits produced on each internal round of the DRBG.
+     */
+    public int getBlockSize()
+    {
+        return _digest.getDigestSize() * 8;
+    }
+
+    /**
      * Populate a passed in array with random data.
      *
      * @param output output array for generated bits.
@@ -226,12 +236,17 @@ public class HashSP800DRBG
     
     private byte[] hash(byte[] input)
     {
-        _digest.update(input, 0, input.length);
         byte[] hash = new byte[_digest.getDigestSize()];
-        _digest.doFinal(hash, 0);
+        doHash(input, hash);
         return hash;
     }
-    
+
+    private void doHash(byte[] input, byte[] output)
+    {
+        _digest.update(input, 0, input.length);
+        _digest.doFinal(output, 0);
+    }
+
     // 1. m = [requested_number_of_bits / outlen]
     // 2. data = V.
     // 3. W = the Null string.
@@ -251,10 +266,10 @@ public class HashSP800DRBG
 
         byte[] W = new byte[lengthInBits / 8];
 
-        byte[] dig;
+        byte[] dig = new byte[_digest.getDigestSize()];
         for (int i = 0; i <= m; i++)
         {
-            dig = hash(data);
+            doHash(data, dig);
 
             int bytesToCopy = ((W.length - i * dig.length) > dig.length)
                     ? dig.length
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/SP80090DRBG.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/SP80090DRBG.java
index 93bc894..7a919f3 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/SP80090DRBG.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/SP80090DRBG.java
@@ -6,6 +6,13 @@ package org.bouncycastle.crypto.prng.drbg;
 public interface SP80090DRBG
 {
     /**
+     * Return the block size of the DRBG.
+     *
+     * @return the block size (in bits) produced by each round of the DRBG.
+     */
+    int getBlockSize();
+
+    /**
      * Populate a passed in array with random data.
      *
      * @param output output array for generated bits.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/package.html
new file mode 100644
index 0000000..c006166
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/drbg/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+SP800-90A deterministic random bit generators, can be used stand alone or in conjunction with SP800SecureRandomBuilder class.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/prng/package.html
new file mode 100644
index 0000000..bb583ab
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Lightweight psuedo-random number generators and SecureRandom builders.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/AllTests.java
new file mode 100644
index 0000000..4c0504f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/AllTests.java
@@ -0,0 +1,39 @@
+package org.bouncycastle.crypto.prng.test;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.bouncycastle.util.test.SimpleTestResult;
+
+public class AllTests
+    extends TestCase
+{   
+    public void testCrypto()
+    {   
+        org.bouncycastle.util.test.Test[] tests = RegressionTest.tests;
+        
+        for (int i = 0; i != tests.length; i++)
+        {
+            SimpleTestResult  result = (SimpleTestResult)tests[i].perform();
+  
+            if (!result.isSuccessful())
+            {
+                fail(result.toString());
+            }
+        }
+    }
+    
+    public static void main (String[] args)
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+    
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("Lightweight Crypto PRNG Tests");
+        
+        suite.addTestSuite(AllTests.class);
+        
+        return suite;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/CTRDRBGTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/CTRDRBGTest.java
new file mode 100644
index 0000000..3d37a78
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/CTRDRBGTest.java
@@ -0,0 +1,528 @@
+package org.bouncycastle.crypto.prng.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.params.DESedeParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.prng.drbg.CTRSP800DRBG;
+import org.bouncycastle.crypto.prng.drbg.SP80090DRBG;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * CTR DRBG Test
+ */
+public class CTRDRBGTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "CTRDRBGTest";
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new CTRDRBGTest());
+    }
+    
+    private DRBGTestVector[] createTestVectorData()
+    {
+        return new DRBGTestVector[]
+            {
+                new DRBGTestVector(
+                            new DESedeEngine(), 168,
+                            new Bit232EntropyProvider().get(232),
+                            false,
+                            "20212223242526",
+                            112,
+                            new String[]
+                                {
+                                    "ABC88224514D0316EA3D48AEE3C9A2B4",
+                                    "D3D3F372E43E7ABDC4FA293743EED076"
+                                }
+                        ),
+                new DRBGTestVector(
+                            new DESedeEngine(), 168,
+                            new Bit232EntropyProvider().get(232),
+                            false,
+                            "20212223242526",
+                            112,
+                            new String[]
+                                {
+                                    "D4564EE072ACA5BD279536E14F94CB12",
+                                    "1CCD9AFEF15A9679BA75E35225585DEA"
+                                }
+                        )
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBC"),
+                new DRBGTestVector(
+                            new DESedeEngine(), 168,
+                            new Bit232EntropyProvider().get(232),
+                            false,
+                            "20212223242526",
+                            112,
+                            new String[]
+                                {
+                                    "760BED7D92B083B10AF31CF0656081EB",
+                                    "FD1AC41482384D823CF3FD6F0E6C88B3"
+                                }
+                        )
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C"),
+                new DRBGTestVector(
+                            new DESedeEngine(), 168,
+                            new Bit232EntropyProvider().get(232),
+                            false,
+                            "20212223242526",
+                            112,
+                            new String[]
+                                {
+                                    "7A4C1D7ADC8A67FDB50100ED23583A2C",
+                                    "43044D311C0E07541CA5C8B0916976B2"
+                                }
+                        )
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C")
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBC"),
+                new DRBGTestVector(
+                            new DESedeEngine(), 168,
+                            new Bit232EntropyProvider().get(232),
+                            true,
+                            "20212223242526",
+                            112,
+                            new String[]
+                                {
+                                    "8FB78ABCA75C9F284E974E36141866BC",
+                                    "9D9745FF31C42A4488CBB771B13B5D86"
+                                }
+                        ),
+                new DRBGTestVector(
+                            new DESedeEngine(), 168,
+                            new Bit232EntropyProvider().get(232),
+                            true,
+                            "20212223242526",
+                            112,
+                            new String[]
+                                {
+                                    "0E389920A09B485AA4ABD0CA7E60D89C",
+                                    "F4478EC6659A0D3577625B0C73A211DD"
+                                }
+                        )
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBC"),
+                new DRBGTestVector(
+                            new DESedeEngine(), 168,
+                            new Bit232EntropyProvider().get(232),
+                            true,
+                            "20212223242526",
+                            112,
+                            new String[]
+                                {
+                                    "64983055D014550B39DE699E43130B64",
+                                    "035FDDA8582A2214EC722C410A8D95D3"
+                                }
+                        )
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C"),
+                new DRBGTestVector(
+                            new DESedeEngine(), 168,
+                            new Bit232EntropyProvider().get(232),
+                            true,
+                            "20212223242526",
+                            112,
+                            new String[]
+                                {
+                                    "A29C1A8C42FBC562D7D1DBA7DC541FFE",
+                                    "0BDA66B049429061C013E4228C2F44C6"
+                                }
+                        )
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C")
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBC"),
+                new DRBGTestVector(
+                            new AESFastEngine(), 128,
+                            new Bit256EntropyProvider().get(256),
+                            false,
+                            "2021222324252627",
+                            128,
+                            new String[]
+                                {
+                                    "8CF59C8CF6888B96EB1C1E3E79D82387AF08A9E5FF75E23F1FBCD4559B6B997E",
+                                    "69CDEF912C692D61B1DA4C05146B52EB7B8849BD87937835328254EC25A9180E"
+                                }
+                        ),
+                new DRBGTestVector(
+                            new AESFastEngine(), 128,
+                            new Bit256EntropyProvider().get(256),
+                            false,
+                            "2021222324252627",
+                            128,
+                            new String[]
+                                {
+                                    "E8C74A4B7BFFB53BEB80E78CA86BB6DF70E2032AEB473E0DD54D2339CEFCE9D0",
+                                    "26B3F823B4DBAFC23B141375E10B3AEB7A0B5DEF1C7D760B6F827D01ECD17AC7"
+                                }
+                        )
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBF"),
+                new DRBGTestVector(
+                           new AESFastEngine(), 128,
+                           new Bit256EntropyProvider().get(256),
+                           false,
+                           "2021222324252627",
+                           128,
+                           new String[]
+                               {
+                                   "18FDEFBDC43D7A36D5D6D862205765D1D701C9F237007030DF1B8E70EE4EEE29",
+                                   "9888F1D38BB1CCE31B363AA1BD9B39616876C30DEE1FF0B7BD8C4C441715C833"
+                               }
+                       )
+               .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F"),
+                new DRBGTestVector(
+                            new AESFastEngine(), 128,
+                            new Bit256EntropyProvider().get(256),
+                            true,
+                            "2021222324252627",
+                            128,
+                            new String[]
+                                {
+                                    "BFF4B85D68C84529F24F69F9ACF1756E29BA648DDEB825C225FA32BA490EF4A9",
+                                    "9BD2635137A52AF7D0FCBEFEFB97EA93A0F4C438BD98956C0DACB04F15EE25B3"
+                                }
+                        ),
+                new DRBGTestVector(
+                            new AESFastEngine(), 128,
+                            new Bit256EntropyProvider().get(256),
+                            true,
+                            "2021222324252627",
+                            128,
+                            new String[]
+                                {
+                                    "4573AC8BBB33D7CC4DBEF3EEDF6EAE748B536C3A1082CEE4948CDB51C83A7F9C",
+                                    "99C628CDD87BD8C2F1FE443AA7F761DA16886436326323354DA6311FFF5BC678"
+                                }
+                        )
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBF"),
+                new DRBGTestVector(
+                           new AESFastEngine(), 128,
+                           new Bit256EntropyProvider().get(256),
+                           true,
+                           "2021222324252627",
+                           128,
+                           new String[]
+                               {
+                                   "F324104E2FA14F79D8AA60DF06B93B3BC157324958F0A7EE1E193677A70E0250",
+                                   "78F4C840134F40DC001BFAD3A90B5EF4DEBDBFAC3CFDF0CD69A89DC4FD34713F"
+                               }
+                       )
+               .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F"),
+                new DRBGTestVector(
+                            new AESFastEngine(), 192,
+                            new Bit320EntropyProvider().get(320),
+                            false,
+                            "202122232425262728292A2B",
+                            192,
+                            new String[]
+                                {
+                                    "E231244B3235B085C81604424357E85201E3828B5C45568679A5555F867AAC8C",
+                                    "DDD0F7BCCADADAA31A67652259CE569A271DD85CF66C3D6A7E9FAED61F38D219"
+                                }
+                        )
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061626364656667"),
+                new DRBGTestVector(
+                        new AESFastEngine(), 192,
+                        new Bit320EntropyProvider().get(320),
+                        true,
+                        "202122232425262728292A2B",
+                        192,
+                        new String[]
+                            {
+                                "F780D4A2C25CF8EE7407D948EC0B724A4235D8B20E65081392755CA7912AD7C0",
+                                "BA14617F915BA964CB79276BDADC840C14B631BBD1A59097054FA6DFF863B238"
+                            }
+                    )
+            .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061626364656667"),
+                new DRBGTestVector(
+                            new AESFastEngine(), 256,
+                            new Bit384EntropyProvider().get(384),
+                            false,
+                            "202122232425262728292A2B2C2D2E2F",
+                            256,
+                            new String[]
+                                {
+                                    "47111E146562E9AA2FB2A1B095D37A8165AF8FC7CA611D632BE7D4C145C83900",
+                                    "98A28E3B1BA363C9DAF0F6887A1CF52B833D3354D77A7C10837DD63DD2E645F8"
+                                }
+                        )
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F")
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF"),
+                new DRBGTestVector(
+                            new AESFastEngine(), 256,
+                            new Bit384EntropyProvider().get(384),
+                            true,
+                            "202122232425262728292A2B2C2D2E2F",
+                            256,
+                            new String[]
+                                {
+                                    "71BB3F9C9CEAF4E6C92A83EB4C7225010EE150AC75E23F5F77AD5073EF24D88A",
+                                    "386DEBBBF091BBF0502957B0329938FB836B82E594A2F5FDD5EB28D4E35528F4"
+                                }
+                        )
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF"),
+                new DRBGTestVector(
+                            new AESFastEngine(), 256,
+                            new Bit384EntropyProvider().get(384),
+                            true,
+                            "202122232425262728292A2B2C2D2E2F",
+                            256,
+                            new String[]
+                                {
+                                    "1A2E3FEE9056E98D375525FDC2B63B95B47CE51FCF594D804BD5A17F2E01139B",
+                                    "601F95384F0D85946301D1EACE8F645A825CE38F1E2565B0C0C439448E9CA8AC"
+                                }
+                        )
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F"),
+                new DRBGTestVector(
+                            new AESFastEngine(), 256,
+                            new Bit384EntropyProvider().get(384),
+                            true,
+                            "202122232425262728292A2B2C2D2E2F",
+                            256,
+                            new String[]
+                                {
+                                    "EAE6BCE781807E524D26605EA198077932D01EEB445B9AC6C5D99C101D29F46E",
+                                    "738E99C95AF59519AAD37FF3D5180986ADEBAB6E95836725097E50A8D1D0BD28"
+                                }
+                        )
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F")
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF"),
+                new DRBGTestVector(
+                            new AESFastEngine(), 256,
+                            new Bit384EntropyProvider().get(384),
+                            true,
+                            "202122232425262728292A2B2C2D2E2F",
+                            256,
+                            new String[]
+                                {
+                                    "eae6bce781807e524d26605ea198077932d01eeb445b9ac6c5d99c101d29f46e30b27377",
+                                    "ec51b55b49904c3ff9e13939f1cf27398993e1b3acb2b0be0be8761261428f0aa8ba2657"
+                                }
+                        )
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F")
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF")
+            };
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        DRBGTestVector[] tests = createTestVectorData();
+
+        for (int i = 0; i != tests.length; i++)
+        {
+            DRBGTestVector tv = tests[i];
+
+            byte[] nonce = tv.nonce();
+            byte[] personalisationString = tv.personalizationString();
+
+            SP80090DRBG d = new CTRSP800DRBG(tv.getCipher(), tv.keySizeInBits(), tv.securityStrength(), tv.entropySource(), personalisationString, nonce);
+
+            byte[] output = new byte[tv.expectedValue(0).length];
+
+            d.generate(output, tv.additionalInput(0), tv.predictionResistance());
+
+            byte[] expected = tv.expectedValue(0);
+
+            if (!areEqual(expected, output))
+            {
+                fail("Test #" + (i + 1) + ".1 failed, expected " + new String(Hex.encode(tv.expectedValue(0))) + " got " + new String(Hex.encode(output)));
+            }
+
+            output = new byte[tv.expectedValue(0).length];
+
+            d.generate(output, tv.additionalInput(1), tv.predictionResistance());
+
+            expected = tv.expectedValue(1);
+            if (!areEqual(expected, output))
+            {
+                fail("Test #" + (i + 1) + ".2 failed, expected " + new String(Hex.encode(tv.expectedValue(1))) + " got " + new String(Hex.encode(output)));
+            }
+        }
+
+        // DESede/TDEA key parity test
+        DRBGTestVector tv = tests[0];
+
+        SP80090DRBG drbg = new CTRSP800DRBG(new KeyParityCipher(tv.getCipher()), tv.keySizeInBits(), tv.securityStrength(), tv.entropySource(), tv.personalizationString(), tv.nonce());
+
+        byte[] output = new byte[tv.expectedValue(0).length];
+
+        drbg.generate(output, tv.additionalInput(0), tv.predictionResistance());
+
+        // Exception tests
+        SP80090DRBG d;
+        try
+        {
+            d = new CTRSP800DRBG(new AESEngine(), 256, 256, new Bit232EntropyProvider().get(128), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("Not enough entropy for security strength required"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+
+        try
+        {
+            d = new CTRSP800DRBG(new DESedeEngine(), 256, 256, new Bit232EntropyProvider().get(232), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("Requested security strength is not supported by block cipher and key size"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+
+        try
+        {
+            d = new CTRSP800DRBG(new DESedeEngine(), 168, 256, new Bit232EntropyProvider().get(232), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("Requested security strength is not supported by block cipher and key size"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+
+        try
+        {
+            d = new CTRSP800DRBG(new AESEngine(), 192, 256, new Bit232EntropyProvider().get(232), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("Requested security strength is not supported by block cipher and key size"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+    }
+
+    private class Bit232EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        Bit232EntropyProvider()
+        {
+            super(Hex.decode(
+               "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C" +
+               "808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C" +
+               "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDC"), true);
+        }
+    }
+
+    private class Bit256EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        Bit256EntropyProvider()
+        {
+            super(Hex.decode(
+                "0001020304050607"+
+                "08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"+
+                "8081828384858687"+
+                "88898A8B8C8D8E8F909192939495969798999A9B9C9D9E9F"+
+                "C0C1C2C3C4C5C6C7"+
+                "C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDF"), true);
+        }
+    }
+
+    private class Bit320EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        Bit320EntropyProvider()
+        {
+            super(Hex.decode(
+            "000102030405060708090A0B0C0D0E0F"+
+            "101112131415161718191A1B1C1D1E1F2021222324252627"+
+            "808182838485868788898A8B8C8D8E8F"+
+            "909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7"+
+            "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF"+
+            "D0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7"), true);
+        }
+    }
+
+    private class Bit384EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        Bit384EntropyProvider()
+        {
+            super(Hex.decode(
+            "000102030405060708090A0B0C0D0E0F1011121314151617" +
+            "18191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F" +
+            "808182838485868788898A8B8C8D8E8F9091929394959697" +
+            "98999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAF" +
+            "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7" +
+            "D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEF"), true);
+        }
+    }
+
+    private class KeyParityCipher
+        implements BlockCipher
+    {
+        private BlockCipher cipher;
+
+        KeyParityCipher(BlockCipher cipher)
+        {
+            this.cipher = cipher;
+        }
+
+        public void init(boolean forEncryption, CipherParameters params)
+            throws IllegalArgumentException
+        {
+            byte[] k = Arrays.clone(((KeyParameter)params).getKey());
+
+            DESedeParameters.setOddParity(k);
+
+            if (!Arrays.areEqual(((KeyParameter)params).getKey(), k))
+            {
+                fail("key not odd parity");
+            }
+
+            cipher.init(forEncryption, params);
+        }
+
+        public String getAlgorithmName()
+        {
+            return cipher.getAlgorithmName();
+        }
+
+        public int getBlockSize()
+        {
+            return cipher.getBlockSize();
+        }
+
+        public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
+            throws DataLengthException, IllegalStateException
+        {
+            return cipher.processBlock(in, inOff, out, outOff);
+        }
+
+        public void reset()
+        {
+            cipher.reset();
+        }
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/DRBGTestVector.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/DRBGTestVector.java
new file mode 100644
index 0000000..dd6801c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/DRBGTestVector.java
@@ -0,0 +1,131 @@
+package org.bouncycastle.crypto.prng.test;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.prng.EntropySource;
+import org.bouncycastle.util.encoders.Hex;
+
+public class DRBGTestVector
+{
+        private Digest _digest;
+        private BlockCipher _cipher;
+        private int _keySizeInBits;
+        private EntropySource _eSource;
+        private boolean _pr;
+        private String _nonce;
+        private String _personalisation;
+        private int _ss;
+        private String[] _ev;
+        private List _ai = new ArrayList();
+
+        public DRBGTestVector(Digest digest, EntropySource eSource, boolean predictionResistance, String nonce, int securityStrength, String[] expected)
+        {
+            _digest = digest;
+            _eSource = eSource;
+            _pr = predictionResistance;
+            _nonce = nonce;
+            _ss = securityStrength;
+            _ev = expected;
+            _personalisation = null;
+        }
+
+        public DRBGTestVector(BlockCipher cipher, int keySizeInBits, EntropySource eSource, boolean predictionResistance, String nonce, int securityStrength, String[] expected)
+        {
+            _cipher = cipher;
+            _keySizeInBits = keySizeInBits;
+            _eSource = eSource;
+            _pr = predictionResistance;
+            _nonce = nonce;
+            _ss = securityStrength;
+            _ev = expected;
+            _personalisation = null;
+        }
+
+        public Digest getDigest()
+        {
+            return _digest;
+        }
+
+        public BlockCipher getCipher()
+        {
+            return _cipher;
+        }
+
+        public int keySizeInBits()
+        {
+            return _keySizeInBits;
+        }
+
+        public DRBGTestVector addAdditionalInput(String input)
+        {
+            _ai.add(input);
+
+            return this;
+        }
+
+        public DRBGTestVector setPersonalizationString(String p)
+        {
+            _personalisation = p;
+
+            return this;
+        }
+
+        public EntropySource entropySource()
+        {
+            return _eSource;
+        }
+
+        public boolean predictionResistance()
+        {
+            return _pr;
+        }
+
+        public byte[] nonce()
+        {
+            if (_nonce == null)
+            {
+                return null;
+            }
+
+            return Hex.decode(_nonce);
+        }
+
+        public byte[] personalizationString()
+        {
+            if (_personalisation == null)
+            {
+                return null;
+            }
+
+            return Hex.decode(_personalisation);
+        }
+
+        public int securityStrength()
+        {
+            return _ss;
+        }
+
+        public byte[] expectedValue(int index)
+        {
+            return Hex.decode(_ev[index]);
+        }
+
+        public byte[] additionalInput(int position)
+        {
+            int len = _ai.size();
+            byte[] rv;
+            if (position >= len)
+            {
+                rv = null;
+            }
+            else
+            {
+                rv = Hex.decode((String)(_ai.get(position)));
+            }
+            return rv;
+        }
+
+    }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/DualECDRBGTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/DualECDRBGTest.java
new file mode 100644
index 0000000..d6c2630
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/DualECDRBGTest.java
@@ -0,0 +1,415 @@
+package org.bouncycastle.crypto.prng.test;
+
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.digests.SHA384Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.prng.drbg.DualECSP800DRBG;
+import org.bouncycastle.crypto.prng.drbg.SP80090DRBG;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Dual EC SP800-90 DRBG test
+ */
+public class DualECDRBGTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "DualECDRBG";
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new DualECDRBGTest());
+    }
+
+    private DRBGTestVector[] createTestVectorData()
+    {
+        return new DRBGTestVector[]
+            {
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(128),
+                    false,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "FF5163C388F791E96F1052D5C8F0BD6FBF7144839C4890FF85487C5C12702E4C9849AF518AE68DEB14D3A62702BBDE4B98AB211765FD87ACA12FC2A6",
+                            "9A0A11F2DFB88F7260559DD8DA6134EB2B34CC0415FA8FD0474DB6B85E1A08385F41B435DF81296B1B4EDF66E0107C0844E3D28A89B05046B89177F2"
+                        }),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(128),
+                    false,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "C08E954FCD486D0B0934A0236692AC705A835D1A3C94D2ACD4684AB26E978D7D42E73CC06D6EC1472C63E51BED7F71518395836E2052BBD73A20CABB",
+                            "1D76DEE36FCC5F9478C112EAFA1C4CCD0635435A6F3A247A3BA3849790B5245070E95C1A67BE7A39BFB213F2C0EFCC171A3253DA6D54DA4362EA2099"
+                        })
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAF"),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(128),
+                    false,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "3AB095CC493A8730D70DE923108B2E4710799044FFC27D0A1156250DDF97E8B05ACE055E49F3E3F5B928CCD18317A3E68FCB0B6F0459ADF9ECF79C87",
+                            "7B902FC35B0AF50F57F8822936D08A96E41B16967C6B1AA0BC05032F0D53919DC587B664C883E2FE8F3948002FCD8BCBFC4706BCAA2075EF6BF41167"
+                        })
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F"),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(128),
+                    false,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "3B68A1D95ED0312150AC1991189780F37EC50E75249F915CD806BBA0C44F9E3A919B2390805E1E90C1D2D1C823B17B96DB44535B72E0CFB62723529D",
+                            "250B933475E3BD4FC85D97FD797834B599DEDEDF8B6F15474E1F31B4AF215CFA7A8C0A0296A2E374B3886BB0CC7E49DBB19324564B451E64F12864F9"
+                        })
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F")
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAF"),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(128),
+                    true,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "8C77288EDBEA9A742464F78D55E33593C1BF5F9D8CD8609D6D53BAC4E4B42252A227A99BAD0F2358B05955CD35723B549401C71C9C1F32F8A2018E24",
+                            "56ECA61C64F69C1C232E992623C71418BD0B96D783118FAAD94A09E3A9DB74D15E805BA7F14625995CA77612B2EF7A05863699ECBABF70D3D422C014"
+                        }),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(128),
+                    true,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "A5C397DFEB540E86F0470E9625D5C5AC2D50016FB201E8DF574F2201DFBB42A799FEB9E238AAD301A493382250EEE60D2E2927E500E848E57535ABD1",
+                            "BF9894630BEBAF0A0EDFE726285EB055FD2ED678B76673803DD327F49DBEDE87D3E447A6EB73B5D5C52A40078132677F412E9E7DE32B9B1CB32421B9"
+                        })
+                    .addAdditionalInput("606162636465666768696A6B6C6D6E6F")
+                    .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAF"),
+                new DRBGTestVector(
+                    new SHA384Digest(),
+                    new SHA384EntropyProvider().get(192),
+                    false,
+                    "202122232425262728292A2B",
+                    192,
+                    new String[]
+                        {
+                            "1F858858B65357D6360E1ED8F8475767B08DAB30718CCA01C6FAE77A4BDCE2702C76D0FB4758EA1ED6AA587CFD26B9011DC8A75D0B4154193BB2C1798FFA52BCAB208310" +
+                            "3CD2AAD44BEED56D042FC2B8915D7D9BED6437EFEB1582EE",
+                            "6E4AAB63938212C870F24BB067A32CA9E7FC2343" +
+                            "5D411729268C8BA6F90E87074D04888CE2CC5A916B7AC93F" +
+                            "EDE85E2995645DFCC4CE44B9FB41F1BFCC5E9F59EE3A8E1B" +
+                            "8F85247F741B7C480521EE6BF8BA319B59048E65F08FAA76"
+                        }),
+                new DRBGTestVector(
+                    new SHA384Digest(),
+                    new SHA384EntropyProvider().get(192),
+                    false,
+                    "202122232425262728292A2B",
+                    192,
+                    new String[]
+                        {
+                            "E6A30AB0C9AFCBA673E4F1C94B3DB1F0C7D78B3D" +
+                            "87B967281BE1E7B3CAF5200AED502C26B84FC169FE8336BD" +
+                            "23271CB299812F2CF1955AA63FC362044ABA246EF1610F9E" +
+                            "DC613924A84A00F8DB3FC65C13373F3171EB20848FA9A70E",
+                            "8585764DF1C86EA12ACCB882525BF6217B447486" +
+                            "5EBFDA367B8657FA80471139BAC626172B9F219DF2CE9099" +
+                            "F65833E07CD1A8DD80468779EA3C26620A2C9C9F5C7EFCDD" +
+                            "C036E6F6C8BF70316D3C37FC246A4CC79B3F1DB971D72ED0"
+                        })
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F5051525354555657"),
+                new DRBGTestVector(
+                    new SHA384Digest(),
+                    new SHA384EntropyProvider().get(192),
+                    false,
+                    "202122232425262728292A2B",
+                    192,
+                    new String[]
+                        {
+                            "13F6EA9BBA7BABDC2A52A3B9FD73D65ECAA638A0" +
+                            "4C74BCCA2ACDE6FD29FEA4B5D884E095E87D1B7C0DEB9D37" +
+                            "7AD81FBFEEA2D5EF82C0F6F52B9FCC359E769AC9DF2A876C" +
+                            "58BAF21657814F3E66D1680B1D4EBD65581E42534F85197D",
+                            "FC0A36F4D20F8F83BE3430AA3C36A49191821A82" +
+                            "072BBC3D5AFF8D7EC39484D646277CE87599B6FE8CCA9862" +
+                            "559703A10F4DE1066BFD30B80C325E774B512525BC6D3734" +
+                            "4C93906368243D31F89E99C4D2A6E9BEB24D5F7267360DCA"
+                        })
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F5051525354555657")
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F7071727374757677")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7"),
+                new DRBGTestVector(
+                    new SHA384Digest(),
+                    new SHA384EntropyProvider().get(192),
+                    true,
+                    "202122232425262728292A2B",
+                    192,
+                    new String[]
+                        {
+                            "FE55601BF734493013705CCEB76E44AAD48373F7" +
+                            "42E72B83D4701FA6549255F1CDE6217953522FF973BA4F6E" +
+                            "C96D2BDCF14A76BE7DEB61781E34B99335BD714F17C91739" +
+                            "B4E2AB57E36E9C3116E215D3D94FCFAD532636874875CAC7",
+                            "F5E59D0ABADE81F62FFAB9D4A6A26FF200016608" +
+                            "A7215E389858FFED83FBC75CFD33DBA6688C89AA32AD22E4" +
+                            "80EA3D04EADFB35567B67564207E64B77844E8E4A87502D5" +
+                            "02DBBB6D8277F1CACDB7CF8D293D09DB7DD59A950821507A"
+                        })
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F7071727374757677")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7"),
+                new DRBGTestVector(
+                    new SHA384Digest(),
+                    new SHA384EntropyProvider().get(192),
+                    true,
+                    "202122232425262728292A2B",
+                    192,
+                    new String[]
+                        {
+                            "CC788F70FB08F256D9604333630D85936D400F45" +
+                            "718DC3F939A8B9F6F75D3E4EC17D68FBB924AEACB7021295" +
+                            "48FA63CE9BCB82176639B64DE890A47025B5582312FE934E" +
+                            "F0D0A12697C0F05D2DA108CCADB511BA0EB62F4051BB2354",
+                            "2C922EA620D76E4137B315EBC29E518F80951B3F" +
+                            "0E6173FA2BFD94A230EE513EE2E4EB330D802F620DD24911" +
+                            "534EC0F95A1F1D44A2125F5D57476A666FC372092B55D0D6" +
+                            "8B49738F5BC466EC206AB3CF6A972B38BCFAE5FCD53C7E21 "
+                        }),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(256),
+                    false,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]
+                        {
+                            "7A8313798EE1" +
+                            "D1898712683F2D0B0DEE5804146ABA64FDA8DB4E539CC8D1" +
+                            "E59C74EE5AA48E73E958C8EC85DD529D42E68B4F7E02FFAF" +
+                            "3E3EF8312AEA68BC08A414885E60A7DF0B55F9D90210B319" +
+                            "E9B8FD23E078A4153636F29AA3CAC8198CB1D5D846151653" +
+                            "ECE275A591089261238014E5058410065AB8229EB9115E8E",
+                            "918B5D79E646" +
+                            "64966D954BC5E2946BF48F061BF0C2701C3C2D1F75EA821E" +
+                            "1DA05D5B3C2C4EEA246E806B53BF6BDB3F3D53A3AE756C2A" +
+                            "45C72603973A3DE1BC367C283CA124A5589CEAB30E5D2D74" +
+                            "8A40DD874FF15B032CF4F4B2AAD590B0DB91A0D38FCE93C5" +
+                            "AAD4E55AC482F86FF06FAE66B7C7CCA7E45557E1A5A3B85D"
+                        }),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(256),
+                    true,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]
+                        {
+                            "C7ED88A2C690" +
+                            "1C04802BA2BB04262921B19664835A4A3C002CB9F13E35E3" +
+                            "DEB3698A436BF1C85B070E9E6977CA78A5130905AA0C01A9" +
+                            "4130F5133DF904A4ACF59A7DD01227E8FCA1C8D51F093839" +
+                            "46ECD950113104760D7E216CAF581FE9D3AACE6FC4CDDC4C" +
+                            "CD736D26A60BE8BE2A6A78CD752D1EC7CCC802638B177307",
+                            "83B78B206785" +
+                            "4412EEB24AEA86064D510C68FD96DBF94EAC1BC2022752D7" +
+                            "558AEB9F97B9CBC1B9648FE4D88E2C82A6F530675E1DB92D" +
+                            "396D6D85BDAD2A23CBD10AD808ECCCFBFC811EB68AE835E4" +
+                            "912E011DD10A4399C8DE2D9D88F81B6168B05D282B9DAC1E" +
+                            "65E0A45F61043E1FA047870DD582295E6C50DD1185B13594 "
+                        })
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F")
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBF"),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(256),
+                    true,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]
+                        {
+                            "CC7035C73040" +
+                            "5CF5DF7137ED9E10744B75B540AFFC68EB564B71C0F737E8" +
+                            "F656B6171940497FA90D8F383EFB6FC6717BA14AAA164EF5" +
+                            "6641C0F513312551DCD21D0A5B0DBDCD97F627E968DFD752" +
+                            "56C11CF2BCCA5822EAACE796A34CB7D2F8CD8CC6DBE76274" +
+                            "498289BBC4C2F1CADA6185D82605CF992EC285BC4945EE9E",
+                            "0E6C329AD1BE" +
+                            "681EB1E6F5E03A89E3D80153D6CCDD5A3ECF865003EE4A2D" +
+                            "E5A23B7F43681361CFAFC3A3FEF17777E75CF9D6685573C8" +
+                            "87A3962CB955076D45D6F1E45EE4B8CB31A4731CDA031FA2" +
+                            "815B6D34E29F2603526CE186576F4CCA3FEDF7F8ACDB37C9" +
+                            "9D762706ABE4967D44739C8CFCFCC76C58B1ED243AC394C0"
+                        }),
+                // From http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
+                // modified to test partial block processing.
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new TestEntropySourceProvider(Hex.decode("a826f1cd3fa24b9e71c316e5bf2bafff"), false).get(128),
+                    false,
+                    "82bc3bf050614b34",
+                    128,
+                    new String[]
+                        {
+                            "14949b876e30f832331f59f2e687350bea9ba22b78549521a70748ca916c74ebff0b638266aa" +
+                            "d81e089545eb60bfe332f7d134d91ed3c104f975fae0f71391add71e3380a725251ed5552a84" +
+                            "650637eddfc88b5ab26311277cbc429aa152b2cfac61c67846512d7564114177a622f25e870a" +
+                            "acec37c0977d",
+                            "7050bf74a887809673ecd295071f7a457d1e2e227f68ef4b4445e34f3904b95d4833180ee522" +
+                            "104bfc996234063e2c76173937b883c66b0e64a56643877228cad5212cddbf839270ef80889b" +
+                            "c83424c141c2419f2231004c8860f8fd95435e2c9f8ac7409fcbfb6a74851fadc7d99bf5d68b" +
+                            "591892f0e3a1"
+                        }),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new TestEntropySourceProvider(Hex.decode("a826f1cd3fa24b9e71c316e5bf2bafff"), false).get(128),
+                    false,
+                    "82bc3bf050614b34",
+                    128,
+                    new String[]
+                        {
+                            "14949b876e30f832331f59f2e687350bea9ba22b78549521a70748ca916c74ebff0b638266aa" +
+                            "d81e089545eb60bfe332f7d134d91ed3c104f975fae0f71391add71e3380a725251ed5552a84" +
+                            "650637eddfc88b5ab26311277cbc429aa152b2cfac61c67846512d7564114177a622f25e870a" +
+                            "acec37c0977d",
+                            "7050bf74a887809673ecd295071f7a457d1e2e227f68ef4b4445e34f3904b95d4833180ee522" +
+                            "104bfc996234063e2c76173937b883c66b0e64a56643877228cad5212cddbf839270ef80889b" +
+                            "c83424c141c2419f2231004c8860f8fd95435e2c9f8ac7409fcbfb6a74851fadc7d99bf5d68b" +
+                            "591892f0e3"
+                        })
+            };
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        DRBGTestVector[] tests = createTestVectorData();
+
+        for (int i = 0; i != tests.length; i++)
+        {
+            DRBGTestVector tv = tests[i];
+
+            byte[] nonce = tv.nonce();
+            byte[] personalisationString = tv.personalizationString();
+
+            SP80090DRBG d = new DualECSP800DRBG(tv.getDigest(), tv.securityStrength(), tv.entropySource(), personalisationString, nonce);
+
+            byte[] output = new byte[tv.expectedValue(0).length];
+
+            d.generate(output, tv.additionalInput(0), tv.predictionResistance());
+
+            byte[] expected = tv.expectedValue(0);
+
+            if (!areEqual(expected, output))
+            {
+                fail("Test #" + (i + 1) + ".1 failed, expected " + new String(Hex.encode(tv.expectedValue(0))) + " got " + new String(Hex.encode(output)));
+            }
+
+            output = new byte[tv.expectedValue(1).length];
+
+            d.generate(output, tv.additionalInput(1), tv.predictionResistance());
+
+            expected = tv.expectedValue(1);
+            if (!areEqual(expected, output))
+            {
+                fail("Test #" + (i + 1) + ".2 failed, expected " + new String(Hex.encode(tv.expectedValue(1))) + " got " + new String(Hex.encode(output)));
+            }
+        }
+
+        // Exception tests
+        //
+        SP80090DRBG d;
+
+        try
+        {
+            d = new DualECSP800DRBG(new SHA256Digest(), 256, new SHA256EntropyProvider().get(128), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("EntropySource must provide between 256 and 4096 bits"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+
+        try
+        {
+            d = new DualECSP800DRBG(new SHA256Digest(), 256, new SHA256EntropyProvider().get(1 << (13 - 1) + 1), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("EntropySource must provide between 256 and 4096 bits"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+
+        try
+        {
+            d = new DualECSP800DRBG(new SHA1Digest(), 256, new SHA256EntropyProvider().get(256), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("Requested security strength is not supported by digest"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+    }
+
+    private class SHA256EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA256EntropyProvider()
+        {
+            super(Hex.decode(
+                "000102030405060708090A0B0C0D0E0F " +
+                    "808182838485868788898A8B8C8D8E8F" +
+                    "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF"), true);
+        }
+    }
+
+    private class SHA384EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA384EntropyProvider()
+        {
+            super(Hex.decode(
+                "000102030405060708090A0B0C0D0E0F1011121314151617" +
+                "808182838485868788898A8B8C8D8E8F9091929394959697" +
+                "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7"), true);
+        }
+    }
+
+    private class SHA512EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA512EntropyProvider()
+        {
+            super(Hex.decode(
+                "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F" +
+                "808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9F" +
+                "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDF"), true);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/FixedSecureRandomTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/FixedSecureRandomTest.java
new file mode 100644
index 0000000..24fc238
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/FixedSecureRandomTest.java
@@ -0,0 +1,68 @@
+package org.bouncycastle.crypto.prng.test;
+
+import org.bouncycastle.crypto.prng.FixedSecureRandom;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class FixedSecureRandomTest
+    extends SimpleTest
+{
+    byte[]  base = Hex.decode("deadbeefdeadbeef");
+    byte[]  r1 = Hex.decode("cafebabecafebabe");
+    byte[]  r2 = Hex.decode("ffffffffcafebabedeadbeef");
+
+    public String getName()
+    {
+        return "FixedSecureRandom";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        FixedSecureRandom fixed = new FixedSecureRandom(base);
+        byte[]       buf = new byte[8];
+
+        fixed.nextBytes(buf);
+
+        if (!Arrays.areEqual(buf, base))
+        {
+            fail("wrong data returned");
+        }
+
+        fixed = new FixedSecureRandom(base);
+
+        byte[] seed = fixed.generateSeed(8);
+
+        if (!Arrays.areEqual(seed, base))
+        {
+            fail("wrong seed data returned");
+        }
+
+        if (!fixed.isExhausted())
+        {
+            fail("not exhausted");
+        }
+
+        fixed = new FixedSecureRandom(new byte[][] { r1, r2 });
+
+        seed = fixed.generateSeed(12);
+
+        if (!Arrays.areEqual(seed, Hex.decode("cafebabecafebabeffffffff")))
+        {
+            fail("wrong seed data returned - composite");
+        }
+
+        fixed.nextBytes(buf);
+
+        if (!Arrays.areEqual(buf, Hex.decode("cafebabedeadbeef")))
+        {
+            fail("wrong data returned");
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new FixedSecureRandomTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/HMacDRBGTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/HMacDRBGTest.java
new file mode 100644
index 0000000..add77d5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/HMacDRBGTest.java
@@ -0,0 +1,508 @@
+package org.bouncycastle.crypto.prng.test;
+
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.digests.SHA384Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.prng.drbg.HMacSP800DRBG;
+import org.bouncycastle.crypto.prng.drbg.SP80090DRBG;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * HMAC SP800-90 DRBG
+ */
+public class HMacDRBGTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "HMacDRBG";
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new HMacDRBGTest());
+    }
+
+    private DRBGTestVector[] createTestVectorData()
+    {
+        return new DRBGTestVector[]
+            {
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    false,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "5A7D3B449F481CB38DF79AD2B1FCC01E57F8135E8C0B22CD0630BFB0127FB5408C8EFC17A929896E",
+                            "82cf772ec3e84b00fc74f5df104efbfb2428554e9ce367d03aeade37827fa8e9cb6a08196115d948"
+                        }),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    false,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "B3BD05246CBA12A64735A4E3FDE599BC1BE30F439BD060208EEA7D71F9D123DF47B3CE069D98EDE6",
+                            "B5DADA380E2872DF935BCA55B882C8C9376902AB639765472B71ACEBE2EA8B1B6B49629CB67317E0"
+                        })
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576"),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    false,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "C7AAAC583C6EF6300714C2CC5D06C148CFFB40449AD0BB26FAC0497B5C57E161E36681BCC930CE80",
+                            "6EBD2B7B5E0A2AD7A24B1BF9A1DBA47D43271719B9C37B7FE81BA94045A14A7CB514B446666EA5A7"
+                        })
+                .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F90919293949596")
+                .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6"),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    true,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "FEC4597F06A3A8CC8529D59557B9E661053809C0BC0EFC282ABD87605CC90CBA9B8633DCB1DAE02E",
+                            "84ADD5E2D2041C01723A4DE4335B13EFDF16B0E51A0AD39BD15E862E644F31E4A2D7D843E57C5968"
+                        }),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    true,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "6C37FDD729AA40F80BC6AB08CA7CC649794F6998B57081E4220F22C5C283E2C91B8E305AB869C625",
+                            "CAF57DCFEA393B9236BF691FA456FEA7FDF1DF8361482CA54D5FA723F4C88B4FA504BF03277FA783"
+                        })
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576"),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    true,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "A1BA8FA58BB5013F43F7B6ED52B4539FA16DC77957AEE815B9C07004C7E992EB8C7E591964AFEEA2",
+                            "84264A73A818C95C2F424B37D3CC990B046FB50C2DC64A164211889A010F2471A0912FFEA1BF0195"
+                        })
+                    .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F90919293949596")
+                    .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6"),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(440),
+                    false,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "D67B8C1734F46FA3F763CF57C6F9F4F2" +
+                                "DC1089BD8BC1F6F023950BFC5617635208C8501238AD7A44" +
+                                "00DEFEE46C640B61AF77C2D1A3BFAA90EDE5D207406E5403",
+                            "8FDAEC20F8B421407059E3588920DA7E" +
+                                "DA9DCE3CF8274DFA1C59C108C1D0AA9B0FA38DA5C792037C" +
+                                "4D33CD070CA7CD0C5608DBA8B885654639DE2187B74CB263"
+                        }),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(440),
+                    true,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "FABD0AE25C69DC2EFDEFB7F20C5A31B5" +
+                            "7AC938AB771AA19BF8F5F1468F665C938C9A1A5DF0628A56" +
+                            "90F15A1AD8A613F31BBD65EEAD5457D5D26947F29FE91AA7",
+                            "6BD925B0E1C232EFD67CCD84F722E927" +
+                            "ECB46AB2B740014777AF14BA0BBF53A45BDBB62B3F7D0B9C" +
+                            "8EEAD057C0EC754EF8B53E60A1F434F05946A8B686AFBC7A"
+                        }),
+                new DRBGTestVector(
+                    new SHA384Digest(),
+                    new SHA384EntropyProvider().get(888),
+                    false,
+                    "202122232425262728292A2B",
+                    192,
+                    new String[]{
+                        "03AB8BCE4D1DBBB636C5C5B7E1C58499FEB1C619CDD11D35" +
+                        "CD6CF6BB8F20EF27B6F5F9054FF900DB9EBF7BF30ED4DCBB" +
+                        "BC8D5B51C965EA226FFEE2CA5AB2EFD00754DC32F357BF7A" +
+                        "E42275E0F7704DC44E50A5220AD05AB698A22640AC634829",
+                        "B907E77144FD55A54E9BA1A6A0EED0AAC780020C41A15DD8" +
+                        "9A6C163830BA1D094E6A17100FF71EE30A96E1EE04D2A966" +
+                        "03832A4E404F1966C2B5F4CB61B9927E8D12AC1E1A24CF23" +
+                        "88C14E8EC96C35181EAEE32AAA46330DEAAFE5E7CE783C74"})
+                    .setPersonalizationString(
+                        "404142434445464748494A4B4C4D4E" +
+                        "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                        "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                        "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                        "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE"),
+                new DRBGTestVector(
+                    new SHA384Digest(),
+                    new SHA384EntropyProvider().get(888),
+                    true,
+                    "202122232425262728292A2B",
+                    192,
+                    new String[]{
+                        "804A3AD720F4FCE8738D0632514FEF16430CB7D63A8DF1A5" +
+                        "F02A3CE3BD7ED6A668B69E63E2BB93F096EE753D6194A0F1" +
+                        "A32711063653009636337D22167CC4402D019AC216FA574F" +
+                        "091CF6EA283568D737A77BE38E8F09382C69E76B142ABC3A",
+                        "73B8E55C753202176A17B9B9754A9FE6F23B01861FCD4059" +
+                        "6AEAA301AF1AEF8AF0EAF22FBF34541EFFAB1431666ACACC" +
+                        "759338C7E28672819D53CFEF10A3E19DAFBD53295F1980A9" +
+                        "F491504A2725506784B7AC826D92C838A8668171CAAA86E7"})
+                    .setPersonalizationString(
+                        "404142434445464748494A4B4C4D4E" +
+                            "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                            "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                            "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                            "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE"),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(888),
+                    false,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]{
+                        "2A5FF6520C20F66E" +
+                            "D5EA431BD4AEAC58F975EEC9A015137D5C94B73AA09CB8B5" +
+                            "9D611DDEECEB34A52BB999424009EB9EAC5353F92A6699D2" +
+                            "0A02164EEBBC6492941E10426323898465DFD731C7E04730" +
+                            "60A5AA8973841FDF3446FB6E72A58DA8BDA2A57A36F3DD98" +
+                            "6DF85C8A5C6FF31CDE660BF8A841B21DD6AA9D3AC356B87B",
+                        "0EDC8D7D7CEEC7FE" +
+                            "36333FB30C0A9A4B27AA0BECBF075568B006C1C3693B1C29" +
+                            "0F84769C213F98EB5880909EDF068FDA6BFC43503987BBBD" +
+                            "4FC23AFBE982FE4B4B007910CC4874EEC217405421C8D8A1" +
+                            "BA87EC684D0AF9A6101D9DB787AE82C3A6A25ED478DF1B12" +
+                            "212CEC325466F3AC7C48A56166DD0B119C8673A1A9D54F67"})
+                    .setPersonalizationString(
+                        "404142434445464748494A4B4C4D4E" +
+                            "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                            "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                            "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                            "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE"),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(888),
+                    true,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]{
+                        "AAE4DC3C9ECC74D9" +
+                        "061DD527117EF3D29E1E52B26853C539D6CA797E8DA3D0BB" +
+                        "171D8E30B8B194D8C28F7F6BE3B986B88506DC6A01B294A7" +
+                        "165DD1C3470F7BE7B396AA0DB7D50C4051E7C7E1C8A7D21A" +
+                        "2B5878C0BCB163CAA79366E7A1162FDC88429616CD3E6977" +
+                        "8D327520A6BBBF71D8AA2E03EC4A9DAA0E77CF93E1EE30D2 ",
+                        "129FF6D31A23FFBC" +
+                        "870632B35EE477C2280DDD2ECDABEDB900C78418BE2D243B" +
+                        "B9D8E5093ECE7B6BF48638D8F704D134ADDEB7F4E9D5C142" +
+                        "CD05683E72B516486AF24AEC15D61E81E270DD4EBED91B62" +
+                        "12EB8896A6250D5C8BC3A4A12F7E3068FBDF856F47EB23D3" +
+                        "79F82C1EBCD1585FB260B9C0C42625FBCEE68CAD773CD5B1"})
+                .setPersonalizationString(
+                    "404142434445464748494A4B4C4D4E" +
+                        "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                        "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                        "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                        "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE"),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(888),
+                    false,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]{
+                        "7AE31A2DEC31075F" +
+                        "E5972660C16D22ECC0D415C5693001BE5A468B590BC1AE2C" +
+                        "43F647F8D681AEEA0D87B79B0B4E5D089CA2C9D327534234" +
+                        "0254E6B04690D77A71A294DA9568479EEF8BB2A2110F18B6" +
+                        "22F60F35235DE0E8F9D7E98105D84AA24AF0757AF005DFD5" +
+                        "2FA51DE3F44FCE0C5F3A27FCE8B0F6E4A3F7C7B53CE34A3D",
+                        "D83A8084630F286D" +
+                        "A4DB49B9F6F608C8993F7F1397EA0D6F4A72CF3EF2733A11" +
+                        "AB823C29F2EBDEC3EDE962F93D920A1DB59C84E1E879C29F" +
+                        "5F9995FC3A6A3AF9B587CA7C13EA197D423E81E1D6469942" +
+                        "B6E2CA83A97E91F6B298266AC148A1809776C26AF5E239A5" +
+                        "5A2BEB9E752203A694E1F3FE2B3E6A0C9C314421CDB55FBD "})
+                .setPersonalizationString(
+                    "404142434445464748494A4B4C4D4E" +
+                    "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                    "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                    "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                    "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE")
+                .addAdditionalInput(
+                    "606162636465666768696A6B6C6D6E" +
+                    "6F707172737475767778797A7B7C7D7E7F80818283848586" +
+                    "8788898A8B8C8D8E8F909192939495969798999A9B9C9D9E" +
+                    "9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6" +
+                    "B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCE")
+                .addAdditionalInput(
+                    "A0A1A2A3A4A5A6A7A8A9AAABACADAE" +
+                    "AFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6" +
+                    "C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDE" +
+                    "DFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6" +
+                    "F7F8F9FAFBFCFDFEFF000102030405060708090A0B0C0D0E"),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(888),
+                    true,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]{
+                        "28FD6060C4F35F4D" +
+                            "317AB2060EE32019E0DAA330F3F5650BBCA57CB67EE6AF1C" +
+                            "6F25D1B01F3601EDA85DC2ED29A9B2BA4C85CF491CE7185F" +
+                            "1A2BD9378AE3C655BD1CEC2EE108AE7FC382989F6D4FEA8A" +
+                            "B01499697C2F07945CE02C5ED617D04287FEAF3BA638A4CE" +
+                            "F3BB6B827E40AF16279580FCF1FDAD830930F7FDE341E2AF",
+                        "C0B1601AFE39338B" +
+                            "58DC2BE7C256AEBE3C21C5A939BEEC7E97B3528AC420F0C6" +
+                            "341847187666E0FF578A8EB0A37809F877365A28DF2FA0F0" +
+                            "6354A6F02496747369375B9A9D6B756FDC4A8FB308E08256" +
+                            "9D79A85BB960F747256626389A3B45B0ABE7ECBC39D5CD7B" +
+                            "2C18DF2E5FDE8C9B8D43474C54B6F9839468445929B438C7"}),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(888),
+                    true,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]{
+                        "72691D2103FB567C" +
+                        "CD30370715B36666F63430087B1C688281CA0974DB456BDB" +
+                        "A7EB5C48CFF62EA05F9508F3B530CE995A272B11EC079C13" +
+                        "923EEF8E011A93C19B58CC6716BC7CB8BD886CAA60C14D85" +
+                        "C023348BD77738C475D6C7E1D9BFF4B12C43D8CC73F838DC" +
+                        "4F8BD476CF8328EEB71B3D873D6B7B859C9B21065638FF95",
+                        "8570DA3D47E1E160" +
+                        "5CF3E44B8D328B995EFC64107B6292D1B1036B5F88CE3160" +
+                        "2F12BEB71D801C0942E7C0864B3DB67A9356DB203490D881" +
+                        "24FE86BCE38AC2269B4FDA6ABAA884039DF80A0336A24D79" +
+                        "1EB3067C8F5F0CF0F18DD73B66A7B316FB19E02835CC6293" +
+                        "65FCD1D3BE640178ED9093B91B36E1D68135F2785BFF505C"})
+                .addAdditionalInput(
+                    "606162636465666768696A6B6C6D6E" +
+                    "6F707172737475767778797A7B7C7D7E7F80818283848586" +
+                    "8788898A8B8C8D8E8F909192939495969798999A9B9C9D9E" +
+                    "9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6" +
+                    "B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCE")
+                .addAdditionalInput(
+                    "A0A1A2A3A4A5A6A7A8A9AAABACADAE" +
+                    "AFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6" +
+                    "C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDE" +
+                    "DFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6" +
+                    "F7F8F9FAFBFCFDFEFF000102030405060708090A0B0C0D0E"),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(888),
+                    true,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]{
+                        "AAE4DC3C9ECC74D9" +
+                        "061DD527117EF3D29E1E52B26853C539D6CA797E8DA3D0BB" +
+                        "171D8E30B8B194D8C28F7F6BE3B986B88506DC6A01B294A7" +
+                        "165DD1C3470F7BE7B396AA0DB7D50C4051E7C7E1C8A7D21A" +
+                        "2B5878C0BCB163CAA79366E7A1162FDC88429616CD3E6977" +
+                        "8D327520A6BBBF71D8AA2E03EC4A9DAA0E77CF93E1EE30D2 ",
+                        "129FF6D31A23FFBC" +
+                        "870632B35EE477C2280DDD2ECDABEDB900C78418BE2D243B" +
+                        "B9D8E5093ECE7B6BF48638D8F704D134ADDEB7F4E9D5C142" +
+                        "CD05683E72B516486AF24AEC15D61E81E270DD4EBED91B62" +
+                        "12EB8896A6250D5C8BC3A4A12F7E3068FBDF856F47EB23D3" +
+                        "79F82C1EBCD1585FB260B9C0C42625FBCEE68CAD773CD5B1"})
+                .setPersonalizationString(
+                    "404142434445464748494A4B4C4D4E" +
+                        "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                        "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                        "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                        "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE"),
+                new DRBGTestVector(
+                    new SHA512Digest(),
+                    new SHA512EntropyProvider().get(888),
+                    true,
+                    "202122232425262728292A2B2C2D2E2F",
+                    256,
+                    new String[]{
+                        "B8E827652175E6E0" +
+                        "6E513C7BE94B5810C14ED94AD903647940CAEB7EE014C848" +
+                        "8DCBBE6D4D6616D06656A3DC707CDAC4F02EE6D8408C065F" +
+                        "CB068C0760DA47C5D60E5D70D09DC3929B6979615D117F7B" +
+                        "EDCC661A98514B3A1F55B2CBABDCA59F11823E4838065F1F" +
+                        "8431CBF28A577738234AF3F188C7190CC19739E72E9BBFFF",
+                        "7ED41B9CFDC8C256" +
+                        "83BBB4C553CC2DC61F690E62ABC9F038A16B8C519690CABE" +
+                        "BD1B5C196C57CF759BB9871BE0C163A57315EA96F615136D" +
+                        "064572F09F26D659D24211F9610FFCDFFDA8CE23FFA96735" +
+                        "7595182660877766035EED800B05364CE324A75EB63FD9B3" +
+                        "EED956D147480B1D0A42DF8AA990BB628666F6F61D60CBE2"})
+                .setPersonalizationString(
+                    "404142434445464748494A4B4C4D4E" +
+                        "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                        "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                        "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                        "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE")
+                .addAdditionalInput(
+                    "606162636465666768696A6B6C6D6E" +
+                        "6F707172737475767778797A7B7C7D7E7F80818283848586" +
+                        "8788898A8B8C8D8E8F909192939495969798999A9B9C9D9E" +
+                        "9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6" +
+                        "B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCE")
+                .addAdditionalInput(
+                    "A0A1A2A3A4A5A6A7A8A9AAABACADAE" +
+                    "AFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6" +
+                    "C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDE" +
+                    "DFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6" +
+                    "F7F8F9FAFBFCFDFEFF000102030405060708090A0B0C0D0E")
+            };
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        DRBGTestVector[] tests = createTestVectorData();
+
+        for (int i = 0; i != tests.length; i++)
+        {
+            DRBGTestVector tv = tests[i];
+
+            byte[] nonce = tv.nonce();
+            byte[] personalisationString = tv.personalizationString();
+
+            SP80090DRBG d = new HMacSP800DRBG(new HMac(tv.getDigest()), tv.securityStrength(), tv.entropySource(), personalisationString, nonce);
+
+            byte[] output = new byte[tv.expectedValue(0).length];
+
+            d.generate(output, tv.additionalInput(0), tv.predictionResistance());
+
+            byte[] expected = tv.expectedValue(0);
+
+            if (!areEqual(expected, output))
+            {
+                fail("Test #" + (i + 1) + ".1 failed, expected " + new String(Hex.encode(tv.expectedValue(0))) + " got " + new String(Hex.encode(output)));
+            }
+
+            output = new byte[tv.expectedValue(0).length];
+
+            d.generate(output, tv.additionalInput(1), tv.predictionResistance());
+
+            expected = tv.expectedValue(1);
+            if (!areEqual(expected, output))
+            {
+                fail("Test #" + (i + 1) + ".2 failed, expected " + new String(Hex.encode(tv.expectedValue(1))) + " got " + new String(Hex.encode(output)));
+            }
+        }
+
+        // Exception tests
+        //
+        SP80090DRBG d;
+        try
+        {
+            d = new HMacSP800DRBG(new HMac(new SHA256Digest()), 256, new SHA256EntropyProvider().get(128), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("Not enough entropy for security strength required"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+    }
+
+    private class SHA1EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA1EntropyProvider()
+        {
+            super(
+                Hex.decode(
+                    "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233343536"
+                        + "808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6"
+                        + "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6"), true);
+        }
+    }
+
+    private class SHA256EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA256EntropyProvider()
+        {
+            super(Hex.decode(
+                "00010203040506" +
+                    "0708090A0B0C0D0E0F101112131415161718191A1B1C1D1E" +
+                    "1F202122232425262728292A2B2C2D2E2F30313233343536" +
+                    "80818283848586" +
+                    "8788898A8B8C8D8E8F909192939495969798999A9B9C9D9E" +
+                    "9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6" +
+                    "C0C1C2C3C4C5C6" +
+                    "C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDE" +
+                    "DFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6"), true);
+        }
+    }
+
+    private class SHA384EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA384EntropyProvider()
+        {
+            super(Hex.decode(
+                "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223242526"
+                    + "2728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F50515253545556"
+                    + "5758595A5B5C5D5E5F606162636465666768696A6B6C6D6E" +
+                    "808182838485868788898A8B8C8D8E" +
+                    "8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6" +
+                    "A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBE" +
+                    "BFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6" +
+                    "D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEE" +
+                    "C0C1C2C3C4C5C6C7C8C9CACBCCCDCE" +
+                    "CFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6" +
+                    "E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFE" +
+                    "FF000102030405060708090A0B0C0D0E0F10111213141516" +
+                    "1718191A1B1C1D1E1F202122232425262728292A2B2C2D2E"), true);
+        }
+    }
+
+    private class SHA512EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA512EntropyProvider()
+        {
+            super(Hex.decode(
+                "000102030405060708090A0B0C0D0E" +
+                    "0F101112131415161718191A1B1C1D1E1F20212223242526" +
+                    "2728292A2B2C2D2E2F303132333435363738393A3B3C3D3E" +
+                    "3F404142434445464748494A4B4C4D4E4F50515253545556" +
+                    "5758595A5B5C5D5E5F606162636465666768696A6B6C6D6E" +
+                    "808182838485868788898A8B8C8D8E" +
+                    "8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6" +
+                    "A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBE" +
+                    "BFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6" +
+                    "D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEE" +
+                    "C0C1C2C3C4C5C6C7C8C9CACBCCCDCE" +
+                    "CFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6" +
+                    "E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFE" +
+                    "FF000102030405060708090A0B0C0D0E0F10111213141516" +
+                    "1718191A1B1C1D1E1F202122232425262728292A2B2C2D2E"), true);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/HashDRBGTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/HashDRBGTest.java
new file mode 100644
index 0000000..ee63203
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/HashDRBGTest.java
@@ -0,0 +1,481 @@
+package org.bouncycastle.crypto.prng.test;
+
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.digests.SHA384Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.prng.drbg.HashSP800DRBG;
+import org.bouncycastle.crypto.prng.drbg.SP80090DRBG;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * DRBG Test
+ */
+public class HashDRBGTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "HashDRBG";
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new HashDRBGTest());
+    }
+
+    private DRBGTestVector[] createTestVectorData()
+    {
+        return new DRBGTestVector[]
+            {
+                new DRBGTestVector(
+                            new SHA1Digest(),
+                            new SHA1EntropyProvider().get(440),
+                            false,
+                            "2021222324",
+                            80,
+                            new String[]
+                                {
+                                    "9F7CFF1ECA23E750F66326969F11800F12088BA68E441D15D888B3FE12BF66FE057494F4546DE2F1",
+                                    "B77AA5C0CD55BBCEED7574AF223AFD988C7EEC8EFF4A94E5E89D26A04F58FA79F5E0D3702D7A9A6A"
+                                }
+                        ),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    false,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "AB438BD3B01A0AF85CFEE29F7D7B71621C4908B909124D430E7B406FB1086EA994C582E0D656D989",
+                            "29D9098F987E7005314A0F51B3DD2B8122F4AED706735DE6AD5DDBF223177C1E5F3AEBC52FAB90B9"
+                        })
+                    .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576"),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    false,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "E76B4EDD5C865BC8AFD809A59B69B429AC7F4352A579BCF3F75E56249A3491F87C3CA6848B0FAB25",
+                            "6577B6B4F87A93240B199FE51A3B335313683103DECE171E3256FB7E803586CA4E45DD242EB01F70"
+                        })
+                    .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F90919293949596")
+                    .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6"),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    true,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "56EF4913373994D5539F4D7D17AFE7448CDF5E72416CC6A71A340059FA0D5AE526B23250C46C0944",
+                            "575B37A2739814F966C63B60A2C4F149CA9ACC84FC4B25493289B085C67B2E30F5F0B99A2C349E2A"
+                        }),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    true,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "532CA1165DCFF21C55592687639884AF4BC4B057DF8F41DE653AB44E2ADEC7C9303E75ABE277EDBF",
+                            "73C2C67C696D686D0C4DBCEB5C2AF7DDF6F020B6874FAE4390F102117ECAAFF54418529A367005A0"
+                        })
+                .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576"),
+                new DRBGTestVector(
+                    new SHA1Digest(),
+                    new SHA1EntropyProvider().get(440),
+                    true,
+                    "2021222324",
+                    80,
+                    new String[]
+                        {
+                            "183C242A1430E46C4ED70B4DBE1BF9AB0AB8721CDCA2A2D1820AD6F6C956858543B2AA191D8D1287",
+                            "F196F9BD021C745CBD5AC7BFCE48EAAF0D0E7C091FBF436940E63A198EE770D9A4F0718669AF2BC9"
+                        })
+                    .addAdditionalInput("606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F90919293949596")
+                    .addAdditionalInput("A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6"),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(440),
+                    false,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "77E05A0E7DC78AB5D8934D5E93E82C06" +
+                            "A07C04CEE6C9C53045EEB485872777CF3B3E35C474F976B8" +
+                            "94BF301A86FA651F463970E89D4A0534B2ECAD29EC044E7E",
+                            "5FF4BA493C40CFFF3B01E472C575668C" +
+                            "CE3880B9290B05BFEDE5EC96ED5E9B2898508B09BC800EEE" +
+                            "099A3C90602ABD4B1D4F343D497C6055C87BB956D53BF351"
+                        }
+                ),
+                new DRBGTestVector(
+                    new SHA256Digest(),
+                    new SHA256EntropyProvider().get(440),
+                    true,
+                    "2021222324252627",
+                    128,
+                    new String[]
+                        {
+                            "92275523C70E567BCF9B35EC50B933F8" +
+                            "12616DF586B7F72EE1BC7735A5C2654373CBBC72316DFF84" +
+                            "20A33BF02B97AC8D1952583F270ACD7005CC027F4CF1187E",
+                            "681A46B2AA8694A0FE4DEEA720927A84" +
+                            "EAAA985E59C19F8BE0984D8CBEF8C69B754167641946E040" +
+                            "EE2043E1CCB29DCF063C0A50830E428E6DCA262ECD77C542"
+                        }),
+                new DRBGTestVector(
+                            new SHA384Digest(),
+                            new SHA384EntropyProvider().get(888),
+                            false,
+                            "202122232425262728292A2B",
+                            192,
+                            new String[]
+                                {
+                                    "04FF23AD15E78790ADD36B438BBC097C7A11747CC2CCEEDE" +
+                                    "2C978B23B3DC63B732C953061D7764990ABFEFC47A581B92" +
+                                    "1BC0428C4F12212460E406A0F0651E7F0CB9A90ABFDB07B5" +
+                                    "25565C74F0AA085082F6CF213AAFAD0C0646895078F1E1FE",
+                                    "4F35B85F95DEE3E873054905CFD02341653E18F529930CBE" +
+                                    "14D909F37FEAF2C790D22FAE7516B4590BE35D53E2FE1A35" +
+                                    "AFE4B6607CB358589C3B4D094A1D81FE0717F1DF5BDDEB3E" +
+                                    "114F130BB781E66C22B5B770E8AE115FF39F8ADAF66DEEDF"
+                                }
+                        ),
+                new DRBGTestVector(
+                        new SHA384Digest(),
+                        new SHA384EntropyProvider().get(888),
+                        true,
+                        "202122232425262728292A2B",
+                        192,
+                        new String[]
+                            {
+                                "97993B78F7C31C0E876DC92EB7D6C408E09D608AD6B99D0E" +
+                                "A2229B05A578C426334FCC8A1C7E676ED2D89A5B4CDF5B3F" +
+                                "4ADF11936BF14F4E10909DBA9C24F4FDFFDE72351DA8E2CC" +
+                                "3B135A395373899E5F1A5955B880CA9B9E9DD4C9CA7FA4D4",
+                                "F5983946320E36C64EF283CA1F65D197CF81624EC6778E77" +
+                                "0E78949D84EF21A45CDD62D1DB76920D4C2836FC6AE5299F" +
+                                "AF1357D9701FAD10FBD88D1E2832239436D76EB271BDC3CA" +
+                                "04425EC88BC0E89A4D5C37FFCE7C6C3ABDE9C413AE6D3FEA"
+                            }
+                    ),
+                new DRBGTestVector(
+                            new SHA512Digest(),
+                            new SHA512EntropyProvider().get(888),
+                            false,
+                            "202122232425262728292A2B2C2D2E2F",
+                            256,
+                            new String[]
+                            {
+                                "DA126CF95C6BF97E" +
+                                "2F731F2137A907ACC70FD7AC9EBACD1C6E31C74029B052E3" +
+                                "AABC48F3B00993F2B2381F7650A55322A968C86E05DE88E6" +
+                                "367F6EF89A601DB4342E9086C7AC13B5E56C32E9E668040B" +
+                                "73847893C5BFD38A1CF44F348B4EEE4CD68ADB7E7B8C837F" +
+                                "19BC4F902761F7CFF24AB1D704FD11C4E929D8553753B55D",
+                                "400B977CE8A2BB6A" +
+                                "84C6FD1CF901459685ABF5408CFF4588CEDF52E2D2DC300A" +
+                                "A9B4FAED8CD0161C2172B1FD269253195883D6EBF21020F2" +
+                                "C20E5F2C81AE60C8595B834A229B1F5B726C1125717E6207" +
+                                "8886EF38E61E32707AD5F8116C6393DFB6E7C7AE0E8E92BB" +
+                                "D7E0C3D04BBA02F5169F2F569A58158915FEE4C9D28D45DB"
+                            }
+                        )
+                    .setPersonalizationString(
+                        "404142434445464748494A4B4C4D4E" +
+                        "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                        "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                        "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                        "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE")
+                    .addAdditionalInput(
+                        "606162636465666768696A6B6C6D6E" +
+                        "6F707172737475767778797A7B7C7D7E7F80818283848586" +
+                        "8788898A8B8C8D8E8F909192939495969798999A9B9C9D9E" +
+                        "9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6" +
+                        "B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCE")
+                    .addAdditionalInput(
+                        "A0A1A2A3A4A5A6A7A8A9AAABACADAE" +
+                        "AFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6" +
+                        "C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDE" +
+                        "DFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6" +
+                        "F7F8F9FAFBFCFDFEFF000102030405060708090A0B0C0D0E"),
+                new DRBGTestVector(
+                        new SHA512Digest(),
+                        new SHA512EntropyProvider().get(888),
+                        true,
+                        "202122232425262728292A2B2C2D2E2F",
+                        256,
+                        new String[]
+                        {
+                            "F93CA6855590A77F" +
+                            "07354097E90E026648B6115DF008FFEDBD9D9811F54E8286" +
+                            "EF00FDD6BA1E58DF2535E3FBDD9A9BA3754A97F36EE83322" +
+                            "1582060A1F37FCE4EE8826636B28EAD589593F4CA8B64738" +
+                            "8F24EB3F0A34796968D21BDEE6F81FD5DF93536F935937B8" +
+                            "025EC8CBF57DDB0C61F2E41463CC1516D657DA2829C6BF90",
+                            "4817618F48C60FB1" +
+                            "CE5BFBDA0CAF4591882A31F6EE3FE0F78779992A06EC60F3" +
+                            "7FB9A8D6108C231F0A927754B0599FA4FA27A4E25E065EF0" +
+                            "3085B892979DC0E7A1080883CAEBFDFD3665A8F2D061C521" +
+                            "F7D6E3DA2AF8B97B6B43B6EC831AF515070A83BBB9AC95ED" +
+                            "4EF49B756A2377A5F0833D847E27A88DDB0C2CE4AD782E7B "
+                        }
+                    ),
+                new DRBGTestVector(
+                        new SHA512Digest(),
+                        new SHA512EntropyProvider().get(888),
+                        true,
+                        "202122232425262728292A2B2C2D2E2F",
+                        256,
+                        new String[]
+                        {
+                            "0455DD4AD7DBACB2" +
+                            "410BE58DF7248D765A4547ABAEE1743B0BCAD37EBD06DA7C" +
+                            "F7CE5E2216E525327E9E2005EBEF2CE53BD733B18128627D" +
+                            "3FD6153089373AF2606A1584646A0EA488BFEF45228699A0" +
+                            "89CEA8AEC44502D86D9591F3552C688B7F7B45FCB0C3C2B9" +
+                            "43C1CD8A6FC63DF4D81C3DA543C9CF2843855EA84E4F959C",
+                            "C047D46D7F614E4E" +
+                            "4A7952C79A451F8F7ACA379967E2977C401C626A2ED70D74" +
+                            "A63660579A354115BC8C8C8CC3AEA3050686A0CFCDB6FA9C" +
+                            "F78D4C2165BAF851C6F9B1CD16A2E14C15C6DAAC56C16E75" +
+                            "FC84A14D58B41622E88B0F1B1995587FD8BAA999CBA98025" +
+                            "4C8AB9A9691DF7B84D88B639A9A3106DEABEB63748B99C09"
+                        }
+                    )
+                .addAdditionalInput(
+                    "606162636465666768696A6B6C6D6E" +
+                    "6F707172737475767778797A7B7C7D7E7F80818283848586" +
+                    "8788898A8B8C8D8E8F909192939495969798999A9B9C9D9E" +
+                    "9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6" +
+                    "B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCE")
+                .addAdditionalInput(
+                    "A0A1A2A3A4A5A6A7A8A9AAABACADAE" +
+                    "AFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6" +
+                    "C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDE" +
+                    "DFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6" +
+                    "F7F8F9FAFBFCFDFEFF000102030405060708090A0B0C0D0E"),
+                new DRBGTestVector(
+                            new SHA512Digest(),
+                            new SHA512EntropyProvider().get(888),
+                            true,
+                            "202122232425262728292A2B2C2D2E2F",
+                            256,
+                            new String[]
+                            {
+                                "22EB93A67911DA73" +
+                                "85D9180C78127DE1A04FF713114C07C9C615F7CC5EF72744" +
+                                "A2DDCD7C3CB85E65DED8EF5F240FBDCBEBBDE2BAAC8ECF7D" +
+                                "CBC8AC333E54607AD41DC495D83DF72A05EF55B127C1441C" +
+                                "9A0EFFDA2C7954DB6C2D04342EB812E5E0B11D6C395F41ED" +
+                                "A2702ECE5BA479E2DFA18F953097492636C12FE30CE5C968",
+                                "E66698CFBF1B3F2E" +
+                                "919C03036E584EAA81CF1C6666240AF05F70637043733954" +
+                                "D8A1E5A66A04C53C6900FDC145D4A3A80A31F5868ACE9AC9" +
+                                "4E14E2051F624A05EEA1F8B684AA5410BCE315E76EA07C71" +
+                                "5D6F34731320FF0DCF78D795E6EFA2DF92B98BE636CDFBA2" +
+                                "9008DD392112AEC202F2E481CB9D83F987FEA69CD1B368BB"
+                            }
+                        )
+                    .setPersonalizationString(
+                        "404142434445464748494A4B4C4D4E" +
+                            "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                            "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                            "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                            "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE"),
+                new DRBGTestVector(
+                            new SHA512Digest(),
+                            new SHA512EntropyProvider().get(888),
+                            true,
+                            "202122232425262728292A2B2C2D2E2F",
+                            256,
+                            new String[]
+                            {
+                                "7596A76372308BD5" +
+                                "A5613439934678B35521A94D81ABFE63A21ACF61ABB88B61" +
+                                "E86A12C37F308F2BBBE32BE4B38D03AE808386494D70EF52" +
+                                "E9E1365DD18B7784CAB826F31D47579E4D57F69D8BF3152B" +
+                                "95741946CEBE58571DF58ED39980D9AF44E69F01E8989759" +
+                                "8E40171101A0E3302838E0AD9E849C01988993CF9F6E5263",
+                                "DBE5EE36FCD85301" +
+                                "303E1C3617C1AC5E23C08885D0BEFAAD0C85A0D89F85B9F1" +
+                                "6ECE3D88A24EB96504F2F13EFA7049621782F5DE2C416A0D" +
+                                "294CCFE53545C4E309C48E1E285A2B829A574B72B3C2FBE1" +
+                                "34D01E3706B486F2401B9820E17298A342666918E15B8462" +
+                                "87F8C5AF2D96B20FAF3D0BB392E15F4A06CDB0DECD1B6AD7"
+                            }
+                        )
+                    .setPersonalizationString(
+                        "404142434445464748494A4B4C4D4E" +
+                            "4F505152535455565758595A5B5C5D5E5F60616263646566" +
+                            "6768696A6B6C6D6E6F707172737475767778797A7B7C7D7E" +
+                            "7F808182838485868788898A8B8C8D8E8F90919293949596" +
+                            "9798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAE")
+                    .addAdditionalInput(
+                        "606162636465666768696A6B6C6D6E" +
+                            "6F707172737475767778797A7B7C7D7E7F80818283848586" +
+                            "8788898A8B8C8D8E8F909192939495969798999A9B9C9D9E" +
+                            "9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6" +
+                            "B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCE")
+                    .addAdditionalInput(
+                        "A0A1A2A3A4A5A6A7A8A9AAABACADAE" +
+                            "AFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6" +
+                            "C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDE" +
+                            "DFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6" +
+                            "F7F8F9FAFBFCFDFEFF000102030405060708090A0B0C0D0E")
+            };
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        DRBGTestVector[] tests = createTestVectorData();
+
+        for (int i = 0; i != tests.length; i++)
+        {
+            DRBGTestVector tv = tests[i];
+
+            byte[] nonce = tv.nonce();
+            byte[] personalisationString = tv.personalizationString();
+
+            SP80090DRBG d = new HashSP800DRBG(tv.getDigest(), tv.securityStrength(), tv.entropySource(), personalisationString, nonce);
+
+            byte[] output = new byte[tv.expectedValue(0).length];
+
+            d.generate(output, tv.additionalInput(0), tv.predictionResistance());
+
+            byte[] expected = tv.expectedValue(0);
+
+            if (!areEqual(expected, output))
+            {
+                fail("Test #" + (i + 1) + ".1 failed, expected " + new String(Hex.encode(tv.expectedValue(0))) + " got " + new String(Hex.encode(output)));
+            }
+
+            output = new byte[tv.expectedValue(0).length];
+
+            d.generate(output, tv.additionalInput(1), tv.predictionResistance());
+
+            expected = tv.expectedValue(1);
+            if (!areEqual(expected, output))
+            {
+                fail("Test #" + (i + 1) + ".2 failed, expected " + new String(Hex.encode(tv.expectedValue(1))) + " got " + new String(Hex.encode(output)));
+            }
+        }
+
+        // Exception tests
+        //
+        SP80090DRBG d;
+        try
+        {
+            d = new HashSP800DRBG(new SHA256Digest(), 256, new SHA256EntropyProvider().get(128), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("Not enough entropy for security strength required"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+
+        try
+        {
+            d = new HashSP800DRBG(new SHA1Digest(), 256, new SHA256EntropyProvider().get(256), null, null);
+            fail("no exception thrown");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("Requested security strength is not supported by the derivation function"))
+            {
+                fail("Wrong exception", e);
+            }
+        }
+    }
+
+    private class SHA1EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA1EntropyProvider()
+        {
+            super(
+                Hex.decode(
+                    "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233343536"
+                        + "808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6"
+                        + "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6"), true);
+        }
+    }
+
+    private class SHA256EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA256EntropyProvider()
+        {
+            super(Hex.decode(
+                "00010203040506" +
+                    "0708090A0B0C0D0E0F101112131415161718191A1B1C1D1E" +
+                    "1F202122232425262728292A2B2C2D2E2F30313233343536" +
+                    "80818283848586" +
+                    "8788898A8B8C8D8E8F909192939495969798999A9B9C9D9E" +
+                    "9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6" +
+                    "C0C1C2C3C4C5C6" +
+                    "C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDE" +
+                    "DFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6"), true);
+        }
+    }
+
+    private class SHA384EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA384EntropyProvider()
+        {
+            super(Hex.decode(
+                "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223242526"
+                    + "2728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F50515253545556"
+                    + "5758595A5B5C5D5E5F606162636465666768696A6B6C6D6E" +
+                    "808182838485868788898A8B8C8D8E" +
+                    "8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6" +
+                    "A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBE" +
+                    "BFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6" +
+                    "D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEE" +
+                    "C0C1C2C3C4C5C6C7C8C9CACBCCCDCE" +
+                    "CFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6" +
+                    "E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFE" +
+                    "FF000102030405060708090A0B0C0D0E0F10111213141516" +
+                    "1718191A1B1C1D1E1F202122232425262728292A2B2C2D2E"), true);
+        }
+    }
+
+    private class SHA512EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA512EntropyProvider()
+        {
+            super(Hex.decode(
+                "000102030405060708090A0B0C0D0E" +
+                    "0F101112131415161718191A1B1C1D1E1F20212223242526" +
+                    "2728292A2B2C2D2E2F303132333435363738393A3B3C3D3E" +
+                    "3F404142434445464748494A4B4C4D4E4F50515253545556" +
+                    "5758595A5B5C5D5E5F606162636465666768696A6B6C6D6E" +
+                    "808182838485868788898A8B8C8D8E" +
+                    "8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6" +
+                    "A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBE" +
+                    "BFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6" +
+                    "D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEE" +
+                    "C0C1C2C3C4C5C6C7C8C9CACBCCCDCE" +
+                    "CFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6" +
+                    "E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFE" +
+                    "FF000102030405060708090A0B0C0D0E0F10111213141516" +
+                    "1718191A1B1C1D1E1F202122232425262728292A2B2C2D2E"), true);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/RegressionTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/RegressionTest.java
new file mode 100644
index 0000000..9b03637
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/RegressionTest.java
@@ -0,0 +1,34 @@
+package org.bouncycastle.crypto.prng.test;
+
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class RegressionTest
+{
+    public static Test[]    tests = {
+        new CTRDRBGTest(),
+        new DualECDRBGTest(),
+        new HashDRBGTest(),
+        new HMacDRBGTest(),
+        new SP800RandomTest(),
+        new X931Test(),
+        new FixedSecureRandomTest()
+    };
+
+    public static void main(
+        String[]    args)
+    {
+        for (int i = 0; i != tests.length; i++)
+        {
+            TestResult  result = tests[i].perform();
+            
+            if (result.getException() != null)
+            {
+                result.getException().printStackTrace();
+            }
+            
+            System.out.println(result);
+        }
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/SP800RandomTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/SP800RandomTest.java
new file mode 100644
index 0000000..a164f8f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/SP800RandomTest.java
@@ -0,0 +1,319 @@
+package org.bouncycastle.crypto.prng.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.prng.SP800SecureRandomBuilder;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class SP800RandomTest
+    extends SimpleTest
+{
+
+    public String getName()
+    {
+        return "SP800RandomTest";
+    }
+
+    private void testHashRandom()
+    {
+        DRBGTestVector tv = new DRBGTestVector(
+                            new SHA1Digest(),
+                            new SHA1EntropyProvider().get(440),
+                            true,
+                            "2021222324",
+                            80,
+                            new String[]
+                                {
+                                    "532CA1165DCFF21C55592687639884AF4BC4B057DF8F41DE653AB44E2ADEC7C9303E75ABE277EDBF",
+                                    "73C2C67C696D686D0C4DBCEB5C2AF7DDF6F020B6874FAE4390F102117ECAAFF54418529A367005A0"
+                                })
+                        .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576");
+
+        doHashTest(0, tv);
+
+        tv =  new DRBGTestVector(
+                            new SHA1Digest(),
+                            new SHA1EntropyProvider().get(440),
+                            false,
+                            "2021222324",
+                            80,
+                            new String[]
+                                {
+                                    "AB438BD3B01A0AF85CFEE29F7D7B71621C4908B909124D430E7B406FB1086EA994C582E0D656D989",
+                                    "29D9098F987E7005314A0F51B3DD2B8122F4AED706735DE6AD5DDBF223177C1E5F3AEBC52FAB90B9"
+                                })
+                            .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576");
+
+        doHashTest(1, tv);
+    }
+
+    private void doHashTest(int index, DRBGTestVector tv)
+    {
+        SP800SecureRandomBuilder rBuild = new SP800SecureRandomBuilder(new SHA1EntropyProvider());
+
+        rBuild.setPersonalizationString(tv.personalizationString());
+        rBuild.setSecurityStrength(tv.securityStrength());
+        rBuild.setEntropyBitsRequired(tv.entropySource().getEntropy().length * 8);
+
+        SecureRandom random = rBuild.buildHash(tv.getDigest(), tv.nonce(), tv.predictionResistance());
+
+        byte[] expected = tv.expectedValue(0);
+        byte[] produced = new byte[expected.length];
+
+        random.nextBytes(produced);
+
+        if (!Arrays.areEqual(expected, produced))
+        {
+            fail(index + " SP800 Hash SecureRandom produced incorrect result (1)");
+        }
+
+        random.nextBytes(produced);
+        expected = tv.expectedValue(1);
+
+        if (!Arrays.areEqual(expected, produced))
+        {
+            fail(index + " SP800 Hash SecureRandom produced incorrect result (2)");
+        }
+    }
+
+    private void testHMACRandom()
+    {
+        DRBGTestVector tv = new DRBGTestVector(
+            new SHA1Digest(),
+            new SHA1EntropyProvider().get(440),
+            true,
+            "2021222324",
+            80,
+            new String[]
+                {
+                    "6C37FDD729AA40F80BC6AB08CA7CC649794F6998B57081E4220F22C5C283E2C91B8E305AB869C625",
+                    "CAF57DCFEA393B9236BF691FA456FEA7FDF1DF8361482CA54D5FA723F4C88B4FA504BF03277FA783"
+                })
+            .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576");
+
+        doHMACTest(tv);
+
+        tv = new DRBGTestVector(
+                new SHA1Digest(),
+                new SHA1EntropyProvider().get(440),
+                false,
+                "2021222324",
+                80,
+                new String[]
+                    {
+                        "5A7D3B449F481CB38DF79AD2B1FCC01E57F8135E8C0B22CD0630BFB0127FB5408C8EFC17A929896E",
+                        "82cf772ec3e84b00fc74f5df104efbfb2428554e9ce367d03aeade37827fa8e9cb6a08196115d948"
+                    });
+
+        doHMACTest(tv);
+    }
+
+    private void doHMACTest(DRBGTestVector tv)
+    {
+        SP800SecureRandomBuilder rBuild = new SP800SecureRandomBuilder(new SHA1EntropyProvider());
+
+        rBuild.setPersonalizationString(tv.personalizationString());
+        rBuild.setSecurityStrength(tv.securityStrength());
+        rBuild.setEntropyBitsRequired(tv.entropySource().getEntropy().length * 8);
+
+        SecureRandom random = rBuild.buildHMAC(new HMac(tv.getDigest()), tv.nonce(), tv.predictionResistance());
+
+        byte[] expected = tv.expectedValue(0);
+        byte[] produced = new byte[expected.length];
+
+        random.nextBytes(produced);
+        if (!Arrays.areEqual(expected, produced))
+        {
+            fail("SP800 HMAC SecureRandom produced incorrect result (1)");
+        }
+
+        random.nextBytes(produced);
+        expected = tv.expectedValue(1);
+
+        if (!Arrays.areEqual(expected, produced))
+        {
+            fail("SP800 HMAC SecureRandom produced incorrect result (2)");
+        }
+    }
+
+    private void testDualECRandom()
+    {
+        DRBGTestVector tv = new DRBGTestVector(
+                            new SHA256Digest(),
+                            new SHA256EntropyProvider().get(128),
+                            false,
+                            "2021222324252627",
+                            128,
+                            new String[]
+                                {
+                                    "3AB095CC493A8730D70DE923108B2E4710799044FFC27D0A1156250DDF97E8B05ACE055E49F3E3F5B928CCD18317A3E68FCB0B6F0459ADF9ECF79C87",
+                                    "7B902FC35B0AF50F57F8822936D08A96E41B16967C6B1AA0BC05032F0D53919DC587B664C883E2FE8F3948002FCD8BCBFC4706BCAA2075EF6BF41167"
+                                })
+                        .setPersonalizationString("404142434445464748494A4B4C4D4E4F");
+
+        doDualECTest(1, tv);
+
+        tv = new DRBGTestVector(
+                            new SHA256Digest(),
+                            new SHA256EntropyProvider().get(128),
+                            true,
+                            "2021222324252627",
+                            128,
+                            new String[]
+                                {
+                                    "8C77288EDBEA9A742464F78D55E33593C1BF5F9D8CD8609D6D53BAC4E4B42252A227A99BAD0F2358B05955CD35723B549401C71C9C1F32F8A2018E24",
+                                    "56ECA61C64F69C1C232E992623C71418BD0B96D783118FAAD94A09E3A9DB74D15E805BA7F14625995CA77612B2EF7A05863699ECBABF70D3D422C014"
+                                });
+
+        doDualECTest(2, tv);
+    }
+
+    private void doDualECTest(int index, DRBGTestVector tv)
+    {
+        SP800SecureRandomBuilder rBuild = new SP800SecureRandomBuilder(new SHA256EntropyProvider());
+
+        rBuild.setPersonalizationString(tv.personalizationString());
+        rBuild.setSecurityStrength(tv.securityStrength());
+        rBuild.setEntropyBitsRequired(tv.securityStrength());
+
+        SecureRandom random = rBuild.buildDualEC(tv.getDigest(), tv.nonce(), tv.predictionResistance());
+
+        byte[] expected = tv.expectedValue(0);
+        byte[] produced = new byte[expected.length];
+
+        random.nextBytes(produced);
+        if (!Arrays.areEqual(expected, produced))
+        {
+            fail(index + " SP800 Dual EC SecureRandom produced incorrect result (1)");
+        }
+
+        random.nextBytes(produced);
+        expected = tv.expectedValue(1);
+
+        if (!Arrays.areEqual(expected, produced))
+        {
+            fail(index + " SP800 Dual EC SecureRandom produced incorrect result (2)");
+        }
+    }
+
+    private void testCTRRandom()
+    {
+        DRBGTestVector tv = new DRBGTestVector(
+                                    new DESedeEngine(), 168,
+                                    new Bit232EntropyProvider().get(232),
+                                    false,
+                                    "20212223242526",
+                                    112,
+                                    new String[]
+                                        {
+                                            "ABC88224514D0316EA3D48AEE3C9A2B4",
+                                            "D3D3F372E43E7ABDC4FA293743EED076"
+                                        }
+                                );
+
+        doCTRTest(tv);
+
+        tv = new DRBGTestVector(
+                    new DESedeEngine(), 168,
+                    new Bit232EntropyProvider().get(232),
+                    true,
+                    "20212223242526",
+                    112,
+                    new String[]
+                        {
+                            "64983055D014550B39DE699E43130B64",
+                            "035FDDA8582A2214EC722C410A8D95D3"
+                        }
+                )
+        .setPersonalizationString("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C");
+
+        doCTRTest(tv);
+    }
+
+    private void doCTRTest(DRBGTestVector tv)
+    {
+        SP800SecureRandomBuilder rBuild = new SP800SecureRandomBuilder(new Bit232EntropyProvider());
+
+        rBuild.setPersonalizationString(tv.personalizationString());
+        rBuild.setSecurityStrength(tv.securityStrength());
+        rBuild.setEntropyBitsRequired(tv.entropySource().getEntropy().length * 8);
+
+        SecureRandom random = rBuild.buildCTR(tv.getCipher(), tv.keySizeInBits(), tv.nonce(), tv.predictionResistance());
+
+        byte[] expected = tv.expectedValue(0);
+        byte[] produced = new byte[expected.length];
+
+        random.nextBytes(produced);
+        if (!Arrays.areEqual(expected, produced))
+        {
+            fail("SP800 CTR SecureRandom produced incorrect result (1)");
+        }
+
+        random.nextBytes(produced);
+        expected = tv.expectedValue(1);
+
+        if (!Arrays.areEqual(expected, produced))
+        {
+            fail("SP800 CTR SecureRandom produced incorrect result (2)");
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        testHashRandom();
+        testHMACRandom();
+        testCTRRandom();
+        testDualECRandom();
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new SP800RandomTest());
+    }
+
+    // for HMAC/Hash
+    private class SHA1EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA1EntropyProvider()
+        {
+            super(
+                Hex.decode(
+                    "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233343536"
+                        + "808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6"
+                        + "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6"), true);
+        }
+    }
+
+    // for Dual EC
+    private class SHA256EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        SHA256EntropyProvider()
+        {
+            super(Hex.decode(
+                "000102030405060708090A0B0C0D0E0F " +
+                    "808182838485868788898A8B8C8D8E8F" +
+                    "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF"), true);
+        }
+    }
+
+    private class Bit232EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        Bit232EntropyProvider()
+        {
+            super(Hex.decode(
+               "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C" +
+               "808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C" +
+               "C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDC"), true);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/TestEntropySourceProvider.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/TestEntropySourceProvider.java
new file mode 100644
index 0000000..64e7595
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/TestEntropySourceProvider.java
@@ -0,0 +1,46 @@
+package org.bouncycastle.crypto.prng.test;
+
+import org.bouncycastle.crypto.prng.EntropySource;
+import org.bouncycastle.crypto.prng.EntropySourceProvider;
+
+public class TestEntropySourceProvider
+    implements EntropySourceProvider
+{
+    private final byte[] data;
+    private final boolean isPredictionResistant;
+
+    protected TestEntropySourceProvider(byte[] data, boolean isPredictionResistant)
+    {
+        this.data = data;
+        this.isPredictionResistant = isPredictionResistant;
+    }
+
+    public EntropySource get(final int bitsRequired)
+    {
+        return new EntropySource()
+        {
+            int index = 0;
+
+            public boolean isPredictionResistant()
+            {
+                return isPredictionResistant;
+            }
+
+            public byte[] getEntropy()
+            {
+                byte[] rv = new byte[bitsRequired / 8];
+
+                System.arraycopy(data, index, rv, 0, rv.length);
+
+                index += bitsRequired / 8;
+
+                return rv;
+            }
+
+            public int entropySize()
+            {
+                return bitsRequired;
+            }
+        };
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/X931Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/X931Test.java
new file mode 100644
index 0000000..26ed67f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/X931Test.java
@@ -0,0 +1,124 @@
+package org.bouncycastle.crypto.prng.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.prng.X931SecureRandomBuilder;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * HMAC SP800-90 DRBG
+ */
+public class X931Test
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "X931";
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new X931Test());
+    }
+
+    private X931TestVector[] createTestVectorData()
+    {
+        return new X931TestVector[]
+            {
+                new X931TestVector(
+                    new AESEngine(),
+                    new AES128EntropyProvider(),
+                    "f7d36762b9915f1ed585eb8e91700eb2",
+                    "259e67249288597a4d61e7c0e690afae",
+                    false,
+                    new String[] {
+                        "15f013af5a8e9df9a8e37500edaeac43",
+                        "a9d74bb1c90a222adc398546d64879cf",
+                        "0379e404042d58180764fb9e6c5d94bb",
+                        "3c74603e036d28c79947ffb56fee4e51",
+                        "e872101a4df81ebbe1e632fc87195d52",
+                        "26a6b3d33b8e7e68b75d9630ec036314" }),
+                new X931TestVector(
+                    new DESedeEngine(),
+                    new TDESEntropyProvider(),
+                    "ef16ec643e5db5892cbc6eabba310b3410e6f8759e3e382c",
+                    "55df103deaf68dc4",
+                    false,
+                    new String[] {
+                        "9c960bb9662ce6de",
+                        "d9d0e527fd0931da",
+                        "3e2db9994e9e6995",
+                        "0e3868aef8218cf7",
+                        "7b0b0ca137f8fd81",
+                        "f657df270ad12265" })
+            };
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        X931TestVector[] vectors = createTestVectorData();
+
+        for (int i = 0; i != vectors.length; i++)
+        {
+            X931TestVector tv = vectors[i];
+            X931SecureRandomBuilder bld = new X931SecureRandomBuilder(tv.getEntropyProvider());
+
+            bld.setDateTimeVector(Hex.decode(tv.getDateTimeVector()));
+
+            SecureRandom rand = bld.build(tv.getEngine(), new KeyParameter(Hex.decode(tv.getKey())), tv.isPredictionResistant());
+
+            for (int j = 0; j != tv.getExpected().length - 1; j++)
+            {
+                byte[] expected = Hex.decode(tv.getExpected()[j]);
+                byte[] res = new byte[expected.length];
+
+                rand.nextBytes(res);
+
+                if (!Arrays.areEqual(expected, res))
+                {
+                    fail("expected output wrong [" + j + "] got : " + Strings.fromByteArray(Hex.encode(res)));
+                }
+            }
+
+            byte[] expected = Hex.decode(tv.getExpected()[tv.getExpected().length - 1]);
+            byte[] res = new byte[expected.length];
+
+            for (int j = tv.getExpected().length - 1; j != 10000; j++)
+            {
+                rand.nextBytes(res);
+            }
+
+            if (!Arrays.areEqual(expected, res))
+            {
+                fail("expected output wrong [" + 10000 + "] got : " + Strings.fromByteArray(Hex.encode(res)));
+            }
+        }
+    }
+
+    private class AES128EntropyProvider
+        extends TestEntropySourceProvider
+    {
+        AES128EntropyProvider()
+        {
+            super(Hex.decode(
+                "35cc0ea481fc8a4f5f05c7d4667233b2"), true);
+        }
+    }
+
+    private class TDESEntropyProvider
+        extends TestEntropySourceProvider
+    {
+        TDESEntropyProvider()
+        {
+            super(Hex.decode(
+                "96d872b9122c5e74"), true);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/X931TestVector.java b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/X931TestVector.java
new file mode 100644
index 0000000..ce57a96
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/prng/test/X931TestVector.java
@@ -0,0 +1,56 @@
+package org.bouncycastle.crypto.prng.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.prng.EntropySourceProvider;
+
+public class X931TestVector
+{
+    private final BlockCipher engine;
+    private final EntropySourceProvider entropyProvider;
+    private final String key;
+    private final String dateTimeVector;
+    private final boolean predictionResistant;
+    private final String[] expected;
+
+    public X931TestVector(BlockCipher engine, EntropySourceProvider entropyProvider, String key, String dateTimeVector, boolean predictionResistant, String[] expected)
+    {
+        this.engine = engine;
+        this.entropyProvider = entropyProvider;
+        this.key = key;
+
+
+        this.dateTimeVector = dateTimeVector;
+        this.predictionResistant = predictionResistant;
+        this.expected = expected;
+    }
+
+    public String getDateTimeVector()
+    {
+        return dateTimeVector;
+    }
+
+    public BlockCipher getEngine()
+    {
+        return engine;
+    }
+
+    public EntropySourceProvider getEntropyProvider()
+    {
+        return entropyProvider;
+    }
+
+    public String[] getExpected()
+    {
+        return expected;
+    }
+
+    public String getKey()
+    {
+        return key;
+    }
+
+    public boolean isPredictionResistant()
+    {
+        return predictionResistant;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java
index 2e4c48d..684eb9c 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java
@@ -5,9 +5,9 @@ import java.math.BigInteger;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DSA;
@@ -142,8 +142,8 @@ public class DSADigestSigner
         throws IOException
     {
         ASN1EncodableVector v = new ASN1EncodableVector();
-        v.add(new DERInteger(r));
-        v.add(new DERInteger(s));
+        v.add(new ASN1Integer(r));
+        v.add(new ASN1Integer(s));
 
         return new DERSequence(v).getEncoded(ASN1Encoding.DER);
     }
@@ -156,8 +156,8 @@ public class DSADigestSigner
 
         return new BigInteger[]
         {
-            ((DERInteger)s.getObjectAt(0)).getValue(),
-            ((DERInteger)s.getObjectAt(1)).getValue()
+            ((ASN1Integer)s.getObjectAt(0)).getValue(),
+            ((ASN1Integer)s.getObjectAt(1)).getValue()
         };
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
index 292c408..44f838b 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
@@ -45,18 +45,19 @@ public class DSASigner
         boolean                 forSigning,
         CipherParameters        param)
     {
+        SecureRandom providedRandom = null;
+
         if (forSigning)
         {
             if (param instanceof ParametersWithRandom)
             {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
+                ParametersWithRandom rParam = (ParametersWithRandom)param;
 
-                this.random = rParam.getRandom();
                 this.key = (DSAPrivateKeyParameters)rParam.getParameters();
+                providedRandom = rParam.getRandom();
             }
             else
             {
-                this.random = new SecureRandom();
                 this.key = (DSAPrivateKeyParameters)param;
             }
         }
@@ -64,6 +65,8 @@ public class DSASigner
         {
             this.key = (DSAPublicKeyParameters)param;
         }
+
+        this.random = initSecureRandom(forSigning && !kCalculator.isDeterministic(), providedRandom);
     }
 
     /**
@@ -77,32 +80,28 @@ public class DSASigner
         byte[] message)
     {
         DSAParameters   params = key.getParameters();
-        BigInteger      m = calculateE(params.getQ(), message);
+        BigInteger      q = params.getQ();
+        BigInteger      m = calculateE(q, message);
+        BigInteger      x = ((DSAPrivateKeyParameters)key).getX();
 
         if (kCalculator.isDeterministic())
         {
-            kCalculator.init(params.getQ(), ((DSAPrivateKeyParameters)key).getX(), message);
+            kCalculator.init(q, x, message);
         }
         else
         {
-            kCalculator.init(params.getQ(), random);
+            kCalculator.init(q, random);
         }
 
         BigInteger  k = kCalculator.nextK();
 
-        BigInteger  r = params.getG().modPow(k, params.getP()).mod(params.getQ());
-
-        k = k.modInverse(params.getQ()).multiply(
-                    m.add(((DSAPrivateKeyParameters)key).getX().multiply(r)));
-
-        BigInteger  s = k.mod(params.getQ());
+        BigInteger  r = params.getG().modPow(k, params.getP()).mod(q);
 
-        BigInteger[]  res = new BigInteger[2];
+        k = k.modInverse(q).multiply(m.add(x.multiply(r)));
 
-        res[0] = r;
-        res[1] = s;
+        BigInteger  s = k.mod(q);
 
-        return res;
+        return new BigInteger[]{ r, s };
     }
 
     /**
@@ -116,28 +115,30 @@ public class DSASigner
         BigInteger  s)
     {
         DSAParameters   params = key.getParameters();
-        BigInteger      m = calculateE(params.getQ(), message);
+        BigInteger      q = params.getQ();
+        BigInteger      m = calculateE(q, message);
         BigInteger      zero = BigInteger.valueOf(0);
 
-        if (zero.compareTo(r) >= 0 || params.getQ().compareTo(r) <= 0)
+        if (zero.compareTo(r) >= 0 || q.compareTo(r) <= 0)
         {
             return false;
         }
 
-        if (zero.compareTo(s) >= 0 || params.getQ().compareTo(s) <= 0)
+        if (zero.compareTo(s) >= 0 || q.compareTo(s) <= 0)
         {
             return false;
         }
 
-        BigInteger  w = s.modInverse(params.getQ());
+        BigInteger  w = s.modInverse(q);
 
-        BigInteger  u1 = m.multiply(w).mod(params.getQ());
-        BigInteger  u2 = r.multiply(w).mod(params.getQ());
+        BigInteger  u1 = m.multiply(w).mod(q);
+        BigInteger  u2 = r.multiply(w).mod(q);
 
-        u1 = params.getG().modPow(u1, params.getP());
-        u2 = ((DSAPublicKeyParameters)key).getY().modPow(u2, params.getP());
+        BigInteger p = params.getP();
+        u1 = params.getG().modPow(u1, p);
+        u2 = ((DSAPublicKeyParameters)key).getY().modPow(u2, p);
 
-        BigInteger  v = u1.multiply(u2).mod(params.getP()).mod(params.getQ());
+        BigInteger  v = u1.multiply(u2).mod(p).mod(q);
 
         return v.equals(r);
     }
@@ -157,4 +158,9 @@ public class DSASigner
             return new BigInteger(1, trunc);
         }
     }
+
+    protected SecureRandom initSecureRandom(boolean needed, SecureRandom provided)
+    {
+        return !needed ? null : (provided != null) ? provided : new SecureRandom();
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java
index 0e76950..bceb822 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSTU4145Signer.java
@@ -13,7 +13,9 @@ import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -57,9 +59,9 @@ public class DSTU4145Signer
 
     public BigInteger[] generateSignature(byte[] message)
     {
-        ECDomainParameters parameters = key.getParameters();
+        ECDomainParameters ec = key.getParameters();
 
-        ECCurve curve = parameters.getCurve();
+        ECCurve curve = ec.getCurve();
 
         ECFieldElement h = hash2FieldElement(curve, message);
         if (h.isZero())
@@ -67,10 +69,14 @@ public class DSTU4145Signer
             h = curve.fromBigInteger(ONE);
         }
 
-        BigInteger n = parameters.getN();
+        BigInteger n = ec.getN();
         BigInteger e, r, s;
         ECFieldElement Fe, y;
 
+        BigInteger d = ((ECPrivateKeyParameters)key).getD();
+
+        ECMultiplier basePointMultiplier = createBasePointMultiplier();
+
         do
         {
             do
@@ -78,7 +84,7 @@ public class DSTU4145Signer
                 do
                 {
                     e = generateRandomInteger(n, random);
-                    Fe = parameters.getG().multiply(e).normalize().getAffineXCoord();
+                    Fe = basePointMultiplier.multiply(ec.getG(), e).normalize().getAffineXCoord();
                 }
                 while (Fe.isZero());
 
@@ -87,7 +93,7 @@ public class DSTU4145Signer
             }
             while (r.signum() == 0);
 
-            s = r.multiply(((ECPrivateKeyParameters)key).getD()).add(e).mod(n);
+            s = r.multiply(d).add(e).mod(n);
         }
         while (s.signum() == 0);
 
@@ -129,6 +135,11 @@ public class DSTU4145Signer
         return fieldElement2Integer(n, y).compareTo(r) == 0;
     }
 
+    protected ECMultiplier createBasePointMultiplier()
+    {
+        return new FixedPointCombMultiplier();
+    }
+
     /**
      * Generates random integer such, than its bit length is less than that of n
      */
@@ -136,40 +147,24 @@ public class DSTU4145Signer
     {
         return new BigInteger(n.bitLength() - 1, random);
     }
-    
-    private static void reverseBytes(byte[] bytes)
-    {
-        byte tmp;
-        
-        for (int i=0; i<bytes.length/2; i++)
-        {
-            tmp=bytes[i];
-            bytes[i]=bytes[bytes.length-1-i];
-            bytes[bytes.length-1-i]=tmp;
-        }
-    }
 
     private static ECFieldElement hash2FieldElement(ECCurve curve, byte[] hash)
     {
-        byte[] data = Arrays.clone(hash);
-        reverseBytes(data);
-        BigInteger num = new BigInteger(1, data);
-        while (num.bitLength() > curve.getFieldSize())
-        {
-            num = num.clearBit(num.bitLength() - 1);
-        }
+        byte[] data = Arrays.reverse(hash);
+        return curve.fromBigInteger(truncate(new BigInteger(1, data), curve.getFieldSize()));
+    }
 
-        return curve.fromBigInteger(num);
+    private static BigInteger fieldElement2Integer(BigInteger n, ECFieldElement fe)
+    {
+        return truncate(fe.toBigInteger(), n.bitLength() - 1);
     }
 
-    private static BigInteger fieldElement2Integer(BigInteger n, ECFieldElement fieldElement)
+    private static BigInteger truncate(BigInteger x, int bitLength)
     {
-        BigInteger num = fieldElement.toBigInteger();
-        while (num.bitLength() >= n.bitLength())
+        if (x.bitLength() > bitLength)
         {
-            num = num.clearBit(num.bitLength() - 1);
+            x = x.mod(ONE.shiftLeft(bitLength));
         }
-
-        return num;
+        return x;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
index 2a1f98e..5fce112 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
@@ -5,13 +5,16 @@ import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECKeyParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
 
 /**
  * EC-DSA as described in X9.62
@@ -46,18 +49,19 @@ public class ECDSASigner
         boolean                 forSigning,
         CipherParameters        param)
     {
+        SecureRandom providedRandom = null;
+
         if (forSigning)
         {
             if (param instanceof ParametersWithRandom)
             {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
+                ParametersWithRandom rParam = (ParametersWithRandom)param;
 
-                this.random = rParam.getRandom();
                 this.key = (ECPrivateKeyParameters)rParam.getParameters();
+                providedRandom = rParam.getRandom();
             }
             else
             {
-                this.random = new SecureRandom();
                 this.key = (ECPrivateKeyParameters)param;
             }
         }
@@ -65,6 +69,8 @@ public class ECDSASigner
         {
             this.key = (ECPublicKeyParameters)param;
         }
+
+        this.random = initSecureRandom(forSigning && !kCalculator.isDeterministic(), providedRandom);
     }
 
     // 5.3 pg 28
@@ -78,50 +84,44 @@ public class ECDSASigner
     public BigInteger[] generateSignature(
         byte[] message)
     {
-        BigInteger n = key.getParameters().getN();
+        ECDomainParameters ec = key.getParameters();
+        BigInteger n = ec.getN();
         BigInteger e = calculateE(n, message);
-        BigInteger r = null;
-        BigInteger s = null;
+        BigInteger d = ((ECPrivateKeyParameters)key).getD();
 
         if (kCalculator.isDeterministic())
         {
-            kCalculator.init(n, ((ECPrivateKeyParameters)key).getD(), message);
+            kCalculator.init(n, d, message);
         }
         else
         {
             kCalculator.init(n, random);
         }
 
+        BigInteger r, s;
+
+        ECMultiplier basePointMultiplier = createBasePointMultiplier();
+
         // 5.3.2
         do // generate s
         {
-            BigInteger k = null;
-
+            BigInteger k;
             do // generate r
             {
                 k = kCalculator.nextK();
 
-                ECPoint p = key.getParameters().getG().multiply(k).normalize();
+                ECPoint p = basePointMultiplier.multiply(ec.getG(), k).normalize();
 
                 // 5.3.3
-                BigInteger x = p.getAffineXCoord().toBigInteger();
-
-                r = x.mod(n);
+                r = p.getAffineXCoord().toBigInteger().mod(n);
             }
             while (r.equals(ZERO));
 
-            BigInteger d = ((ECPrivateKeyParameters)key).getD();
-
             s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n);
         }
         while (s.equals(ZERO));
 
-        BigInteger[]  res = new BigInteger[2];
-
-        res[0] = r;
-        res[1] = s;
-
-        return res;
+        return new BigInteger[]{ r, s };
     }
 
     // 5.4 pg 29
@@ -135,7 +135,8 @@ public class ECDSASigner
         BigInteger  r,
         BigInteger  s)
     {
-        BigInteger n = key.getParameters().getN();
+        ECDomainParameters ec = key.getParameters();
+        BigInteger n = ec.getN();
         BigInteger e = calculateE(n, message);
 
         // r in the range [1,n-1]
@@ -155,7 +156,7 @@ public class ECDSASigner
         BigInteger u1 = e.multiply(c).mod(n);
         BigInteger u2 = r.multiply(c).mod(n);
 
-        ECPoint G = key.getParameters().getG();
+        ECPoint G = ec.getG();
         ECPoint Q = ((ECPublicKeyParameters)key).getQ();
 
         ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2).normalize();
@@ -171,7 +172,7 @@ public class ECDSASigner
         return v.equals(r);
     }
 
-    private BigInteger calculateE(BigInteger n, byte[] message)
+    protected BigInteger calculateE(BigInteger n, byte[] message)
     {
         int log2n = n.bitLength();
         int messageBitLength = message.length * 8;
@@ -183,4 +184,14 @@ public class ECDSASigner
         }
         return e;
     }
+
+    protected ECMultiplier createBasePointMultiplier()
+    {
+        return new FixedPointCombMultiplier();
+    }
+
+    protected SecureRandom initSecureRandom(boolean needed, SecureRandom provided)
+    {
+        return !needed ? null : (provided != null) ? provided : new SecureRandom();
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java
index f6d7f4f..0ef8876 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java
@@ -2,13 +2,16 @@ package org.bouncycastle.crypto.signers;
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECKeyParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.FixedPointCombMultiplier;
 
 import java.math.BigInteger;
 import java.security.SecureRandom;
@@ -63,17 +66,20 @@ public class ECGOST3410Signer
         {
             mRev[i] = message[mRev.length - 1 - i];
         }
-        
+
         BigInteger e = new BigInteger(1, mRev);
-        BigInteger n = key.getParameters().getN();
 
-        BigInteger r = null;
-        BigInteger s = null;
+        ECDomainParameters ec = key.getParameters();
+        BigInteger n = ec.getN();
+        BigInteger d = ((ECPrivateKeyParameters)key).getD();
+
+        BigInteger r, s;
+
+        ECMultiplier basePointMultiplier = createBasePointMultiplier();
 
         do // generate s
         {
-            BigInteger k = null;
-
+            BigInteger k;
             do // generate r
             {
                 do
@@ -82,26 +88,17 @@ public class ECGOST3410Signer
                 }
                 while (k.equals(ECConstants.ZERO));
 
-                ECPoint p = key.getParameters().getG().multiply(k).normalize();
-
-                BigInteger x = p.getAffineXCoord().toBigInteger();
+                ECPoint p = basePointMultiplier.multiply(ec.getG(), k).normalize();
 
-                r = x.mod(n);
+                r = p.getAffineXCoord().toBigInteger().mod(n);
             }
             while (r.equals(ECConstants.ZERO));
 
-            BigInteger d = ((ECPrivateKeyParameters)key).getD();
-
             s = (k.multiply(e)).add(d.multiply(r)).mod(n);
         }
         while (s.equals(ECConstants.ZERO));
 
-        BigInteger[]  res = new BigInteger[2];
-
-        res[0] = r;
-        res[1] = s;
-
-        return res;
+        return new BigInteger[]{ r, s };
     }
 
     /**
@@ -155,4 +152,9 @@ public class ECGOST3410Signer
 
         return R.equals(r);
     }
+
+    protected ECMultiplier createBasePointMultiplier()
+    {
+        return new FixedPointCombMultiplier();
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java
index 72bbbcb..3e83916 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java
@@ -101,7 +101,7 @@ public class ECNRSigner
 
             //    BigInteger Vx = tempPair.getPublic().getW().getAffineX();
             ECPublicKeyParameters V = (ECPublicKeyParameters)tempPair.getPublic();        // get temp's public key
-            BigInteger Vx = V.getQ().normalize().getAffineXCoord().toBigInteger();        // get the point's x coordinate
+            BigInteger Vx = V.getQ().getAffineXCoord().toBigInteger();                    // get the point's x coordinate
 
             r = Vx.add(e).mod(n);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java
index 9fcc41b..135f185 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java
@@ -1,11 +1,15 @@
 package org.bouncycastle.crypto.signers;
 
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DSA;
-import org.bouncycastle.crypto.params.*;
-
-import java.security.SecureRandom;
-import java.math.BigInteger;
+import org.bouncycastle.crypto.params.GOST3410KeyParameters;
+import org.bouncycastle.crypto.params.GOST3410Parameters;
+import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters;
+import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
 
 /**
  * GOST R 34.10-94 Signature Algorithm
@@ -25,7 +29,7 @@ public class GOST3410Signer
             {
                 if (param instanceof ParametersWithRandom)
                 {
-                    ParametersWithRandom    rParam = (ParametersWithRandom)param;
+                    ParametersWithRandom rParam = (ParametersWithRandom)param;
 
                     this.random = rParam.getRandom();
                     this.key = (GOST3410PrivateKeyParameters)rParam.getParameters();
@@ -99,7 +103,7 @@ public class GOST3410Signer
             }
             
             BigInteger           m = new BigInteger(1, mRev);
-            GOST3410Parameters   params = key.getParameters();
+            GOST3410Parameters params = key.getParameters();
             BigInteger           zero = BigInteger.valueOf(0);
 
             if (zero.compareTo(r) >= 0 || params.getQ().compareTo(r) <= 0)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/GenericSigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/GenericSigner.java
index 6819e14..add087e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/GenericSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/GenericSigner.java
@@ -121,6 +121,14 @@ public class GenericSigner
         {
             byte[] sig = engine.processBlock(signature, 0, signature.length);
 
+            // Extend with leading zeroes to match the digest size, if necessary.
+            if (sig.length < hash.length)
+            {
+                byte[] tmp = new byte[hash.length];
+                System.arraycopy(sig, 0, tmp, tmp.length - sig.length, sig.length);
+                sig = tmp;
+            }
+
             return Arrays.constantTimeAreEqual(sig, hash);
         }
         catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/HMacDSAKCalculator.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/HMacDSAKCalculator.java
index b96e3f3..0fb7375 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/HMacDSAKCalculator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/HMacDSAKCalculator.java
@@ -61,7 +61,7 @@ public class HMacDSAKCalculator
 
         BigInteger mInt = bitsToInt(message);
 
-        if (mInt.compareTo(n) > 0)
+        if (mInt.compareTo(n) >= 0)
         {
             mInt = mInt.subtract(n);
         }
@@ -113,37 +113,28 @@ public class HMacDSAKCalculator
 
                 hMac.doFinal(V, 0);
 
-                if (t.length - tOff < V.length)
-                {
-                    System.arraycopy(V, 0, t, tOff, t.length - tOff);
-                    tOff += t.length - tOff;
-                }
-                else
-                {
-                    System.arraycopy(V, 0, t, tOff, V.length);
-                    tOff += V.length;
-                }
+                int len = Math.min(t.length - tOff, V.length);
+                System.arraycopy(V, 0, t, tOff, len);
+                tOff += len;
             }
 
             BigInteger k = bitsToInt(t);
 
-            if (k.equals(ZERO) || k.compareTo(n) >= 0)
+            if (k.compareTo(ZERO) > 0 && k.compareTo(n) < 0)
             {
-                hMac.update(V, 0, V.length);
-                hMac.update((byte)0x00);
+                return k;
+            }
 
-                hMac.doFinal(K, 0);
+            hMac.update(V, 0, V.length);
+            hMac.update((byte)0x00);
 
-                hMac.init(new KeyParameter(K));
+            hMac.doFinal(K, 0);
 
-                hMac.update(V, 0, V.length);
+            hMac.init(new KeyParameter(K));
 
-                hMac.doFinal(V, 0);
-            }
-            else
-            {
-                return k;
-            }
+            hMac.update(V, 0, V.length);
+
+            hMac.doFinal(V, 0);
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java
index e3dcc08..fcd5816 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java
@@ -17,7 +17,7 @@ import org.bouncycastle.util.Integers;
 
 /**
  * ISO9796-2 - mechanism using a hash function with recovery (scheme 2 and 3).
- * <p/>
+ * <p>
  * Note: the usual length for the salt is the length of the hash
  * function used in bytes.
  */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
index aaae064..69d9918 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
@@ -48,6 +48,8 @@ public class RSADigestSigner
         oidMap.put("SHA-256", NISTObjectIdentifiers.id_sha256);
         oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
         oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
+        oidMap.put("SHA-512/224", NISTObjectIdentifiers.id_sha512_224);
+        oidMap.put("SHA-512/256", NISTObjectIdentifiers.id_sha512_256);
 
         oidMap.put("MD2", PKCSObjectIdentifiers.md2);
         oidMap.put("MD4", PKCSObjectIdentifiers.md4);
@@ -218,6 +220,8 @@ public class RSADigestSigner
         }
         else
         {
+            Arrays.constantTimeAreEqual(expected, expected);  // keep time "steady".
+
             return false;
         }
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/RandomDSAKCalculator.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/RandomDSAKCalculator.java
index bbd8cda..6a69308 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/RandomDSAKCalculator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/RandomDSAKCalculator.java
@@ -3,7 +3,7 @@ package org.bouncycastle.crypto.signers;
 import java.math.BigInteger;
 import java.security.SecureRandom;
 
-class RandomDSAKCalculator
+public class RandomDSAKCalculator
     implements DSAKCalculator
 {
     private static final BigInteger ZERO = BigInteger.valueOf(0);
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/X931Signer.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/X931Signer.java
new file mode 100644
index 0000000..7197404
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/X931Signer.java
@@ -0,0 +1,269 @@
+package org.bouncycastle.crypto.signers;
+
+import java.math.BigInteger;
+import java.util.Hashtable;
+
+import org.bouncycastle.crypto.AsymmetricBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.Signer;
+import org.bouncycastle.crypto.SignerWithRecovery;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.Integers;
+import org.bouncycastle.util.encoders.Hex;
+
+/**
+ * X9.31-1998 - signing using a hash.
+ * <p>
+ * The message digest hash, H, is encapsulated to form a byte string as follows
+ * <pre>
+ * EB = 06 || PS || 0xBA || H || TRAILER
+ * </pre>
+ * where PS is a string of bytes all of value 0xBB of length such that |EB|=|n|, and TRAILER is the ISO/IEC 10118 part number† for the digest. The byte string, EB, is converted to an integer value, the message representative, f.
+ */
+public class X931Signer
+    implements Signer
+{
+    static final public int   TRAILER_IMPLICIT    = 0xBC;
+    static final public int   TRAILER_RIPEMD160   = 0x31CC;
+    static final public int   TRAILER_RIPEMD128   = 0x32CC;
+    static final public int   TRAILER_SHA1        = 0x33CC;
+    static final public int   TRAILER_SHA256      = 0x34CC;
+    static final public int   TRAILER_SHA512      = 0x35CC;
+    static final public int   TRAILER_SHA384      = 0x36CC;
+    static final public int   TRAILER_WHIRLPOOL   = 0x37CC;
+    static final public int   TRAILER_SHA224      = 0x38CC;
+
+    private static Hashtable  trailerMap          = new Hashtable();
+
+    static
+    {
+        trailerMap.put("RIPEMD128", Integers.valueOf(TRAILER_RIPEMD128));
+        trailerMap.put("RIPEMD160", Integers.valueOf(TRAILER_RIPEMD160));
+
+        trailerMap.put("SHA-1", Integers.valueOf(TRAILER_SHA1));
+        trailerMap.put("SHA-224", Integers.valueOf(TRAILER_SHA224));
+        trailerMap.put("SHA-256", Integers.valueOf(TRAILER_SHA256));
+        trailerMap.put("SHA-384", Integers.valueOf(TRAILER_SHA384));
+        trailerMap.put("SHA-512", Integers.valueOf(TRAILER_SHA512));
+
+        trailerMap.put("Whirlpool", Integers.valueOf(TRAILER_WHIRLPOOL));
+    }
+
+    private Digest                      digest;
+    private AsymmetricBlockCipher       cipher;
+    private RSAKeyParameters            kParam;
+
+    private int         trailer;
+    private int         keyBits;
+    private byte[]      block;
+
+    /**
+     * Generate a signer for the with either implicit or explicit trailers
+     * for ISO9796-2.
+     *
+     * @param cipher base cipher to use for signature creation/verification
+     * @param digest digest to use.
+     * @param implicit whether or not the trailer is implicit or gives the hash.
+     */
+    public X931Signer(
+        AsymmetricBlockCipher cipher,
+        Digest digest,
+        boolean implicit)
+    {
+        this.cipher = cipher;
+        this.digest = digest;
+
+        if (implicit)
+        {
+            trailer = TRAILER_IMPLICIT;
+        }
+        else
+        {
+            Integer trailerObj = (Integer)trailerMap.get(digest.getAlgorithmName());
+
+            if (trailerObj != null)
+            {
+                trailer = trailerObj.intValue();
+            }
+            else
+            {
+                throw new IllegalArgumentException("no valid trailer for digest");
+            }
+        }
+    }
+
+    /**
+     * Constructor for a signer with an explicit digest trailer.
+     *
+     * @param cipher cipher to use.
+     * @param digest digest to sign with.
+     */
+    public X931Signer(
+        AsymmetricBlockCipher cipher,
+        Digest digest)
+    {
+        this(cipher, digest, false);
+    }
+    
+    public void init(
+        boolean                 forSigning,
+        CipherParameters        param)
+    {
+        kParam = (RSAKeyParameters)param;
+
+        cipher.init(forSigning, kParam);
+
+        keyBits = kParam.getModulus().bitLength();
+
+        block = new byte[(keyBits + 7) / 8];
+
+        reset();
+    }
+    
+    /**
+     * clear possible sensitive data
+     */
+    private void clearBlock(
+        byte[]  block)
+    {
+        for (int i = 0; i != block.length; i++)
+        {
+            block[i] = 0;
+        }
+    }
+
+    /**
+     * update the internal digest with the byte b
+     */
+    public void update(
+        byte    b)
+    {
+        digest.update(b);
+    }
+
+    /**
+     * update the internal digest with the byte array in
+     */
+    public void update(
+        byte[]  in,
+        int     off,
+        int     len)
+    {
+        digest.update(in, off, len);
+    }
+
+    /**
+     * reset the internal state
+     */
+    public void reset()
+    {
+        digest.reset();
+    }
+
+    /**
+     * generate a signature for the loaded message using the key we were
+     * initialised with.
+     */
+    public byte[] generateSignature()
+        throws CryptoException
+    {
+        createSignatureBlock();
+
+        BigInteger t = new BigInteger(1, cipher.processBlock(block, 0, block.length));
+        BigInteger nSubT = kParam.getModulus().subtract(t);
+
+        clearBlock(block);
+
+        BigInteger v = kParam.getModulus().shiftRight(2);
+
+        if (t.compareTo(nSubT) > 0)
+        {
+            return BigIntegers.asUnsignedByteArray((kParam.getModulus().bitLength() + 7) / 8, nSubT);
+        }
+        else
+        {
+            return BigIntegers.asUnsignedByteArray((kParam.getModulus().bitLength() + 7) / 8, t);
+        }
+    }
+
+    private void createSignatureBlock()
+    {
+        int     digSize = digest.getDigestSize();
+
+        int delta;
+
+        if (trailer == TRAILER_IMPLICIT)
+        {
+            delta = block.length - digSize - 1;
+            digest.doFinal(block, delta);
+            block[block.length - 1] = (byte)TRAILER_IMPLICIT;
+        }
+        else
+        {
+            delta = block.length - digSize - 2;
+            digest.doFinal(block, delta);
+            block[block.length - 2] = (byte)(trailer >>> 8);
+            block[block.length - 1] = (byte)trailer;
+        }
+
+        block[0] = 0x6b;
+        for (int i = delta - 2; i != 0; i--)
+        {
+            block[i] = (byte)0xbb;
+        }
+        block[delta - 1] = (byte)0xba;
+    }
+
+    /**
+     * return true if the signature represents a ISO9796-2 signature
+     * for the passed in message.
+     */
+    public boolean verifySignature(
+        byte[]      signature)
+    {
+        try
+        {
+            block = cipher.processBlock(signature, 0, signature.length);
+        }
+        catch (Exception e)
+        {
+            return false;
+        }
+
+        BigInteger t = new BigInteger(block);
+        BigInteger f;
+
+        if (t.mod(BigInteger.valueOf(16)).equals(BigInteger.valueOf(12)))
+        {
+             f = t;
+        }
+        else
+        {
+            t = kParam.getModulus().subtract(t);
+            if (t.mod(BigInteger.valueOf(16)).equals(BigInteger.valueOf(12)))
+            {
+                 f = t;
+            }
+            else
+            {
+                return false;
+            }
+        }
+
+        createSignatureBlock();
+
+        byte[] fBlock = BigIntegers.asUnsignedByteArray(block.length, f);
+
+        boolean rv = Arrays.constantTimeAreEqual(block, fBlock);
+
+        clearBlock(block);
+        clearBlock(fBlock);
+
+        return rv;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/signers/package.html
new file mode 100644
index 0000000..151d3d5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Basic signers.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/AEADTestUtil.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/AEADTestUtil.java
new file mode 100644
index 0000000..5ffa72a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/AEADTestUtil.java
@@ -0,0 +1,474 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.OutputLengthException;
+import org.bouncycastle.crypto.modes.AEADBlockCipher;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestFailedException;
+
+public class AEADTestUtil
+{
+    public static void testTampering(Test test, AEADBlockCipher cipher, CipherParameters params)
+        throws InvalidCipherTextException
+    {
+        byte[] plaintext = new byte[1000];
+        for (int i = 0; i < plaintext.length; i++)
+        {
+            plaintext[i] = (byte)i;
+        }
+        cipher.init(true, params);
+
+        byte[] ciphertext = new byte[cipher.getOutputSize(plaintext.length)];
+        int len = cipher.processBytes(plaintext, 0, plaintext.length, ciphertext, 0);
+        cipher.doFinal(ciphertext, len);
+
+        int macLength = cipher.getMac().length;
+
+        // Test tampering with a single byte
+        cipher.init(false, params);
+        byte[] tampered = new byte[ciphertext.length];
+        byte[] output = new byte[plaintext.length];
+        System.arraycopy(ciphertext, 0, tampered, 0, tampered.length);
+        tampered[0] += 1;
+
+        cipher.processBytes(tampered, 0, tampered.length, output, 0);
+        try
+        {
+            cipher.doFinal(output, 0);
+            throw new TestFailedException(
+                new SimpleTestResult(false, test + " : tampering of ciphertext not detected."));
+        }
+        catch (InvalidCipherTextException e)
+        {
+            // Expected
+        }
+
+        // Test truncation of ciphertext to < tag length
+        cipher.init(false, params);
+        byte[] truncated = new byte[macLength - 1];
+        System.arraycopy(ciphertext, 0, truncated, 0, truncated.length);
+
+        cipher.processBytes(truncated, 0, truncated.length, output, 0);
+        try
+        {
+            cipher.doFinal(output, 0);
+            fail(test, "tampering of ciphertext not detected.");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            // Expected
+        }
+    }
+
+    private static void fail(Test test, String message)
+    {
+        throw new TestFailedException(SimpleTestResult.failed(test, message));
+    }
+
+    private static void fail(Test test, String message, String expected, String result)
+    {
+        throw new TestFailedException(SimpleTestResult.failed(test, message, expected, result));
+    }
+
+    public static void testReset(Test test, AEADBlockCipher cipher1, AEADBlockCipher cipher2, CipherParameters params)
+        throws InvalidCipherTextException
+    {
+        cipher1.init(true, params);
+
+        byte[] plaintext = new byte[1000];
+        byte[] ciphertext = new byte[cipher1.getOutputSize(plaintext.length)];
+
+        // Establish baseline answer
+        crypt(cipher1, plaintext, ciphertext);
+
+        // Test encryption resets
+        checkReset(test, cipher1, params, true, plaintext, ciphertext);
+
+        // Test decryption resets with fresh instance
+        cipher2.init(false, params);
+        checkReset(test, cipher2, params, false, ciphertext, plaintext);
+    }
+
+    private static void checkReset(Test test,
+                                   AEADBlockCipher cipher,
+                                   CipherParameters params,
+                                   boolean encrypt,
+                                   byte[] pretext,
+                                   byte[] posttext)
+        throws InvalidCipherTextException
+    {
+        // Do initial run
+        byte[] output = new byte[posttext.length];
+        crypt(cipher, pretext, output);
+
+        // Check encrypt resets cipher
+        crypt(cipher, pretext, output);
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(test, (encrypt ? "Encrypt" : "Decrypt") + " did not reset cipher.");
+        }
+
+        // Check init resets data
+        cipher.processBytes(pretext, 0, 100, output, 0);
+        cipher.init(encrypt, params);
+
+        try
+        {
+            crypt(cipher, pretext, output);
+        }
+        catch (DataLengthException e)
+        {
+            fail(test, "Init did not reset data.");
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(test, "Init did not reset data.", new String(Hex.encode(posttext)), new String(Hex.encode(output)));
+        }
+
+        // Check init resets AD
+        cipher.processAADBytes(pretext, 0, 100);
+        cipher.init(encrypt, params);
+
+        try
+        {
+            crypt(cipher, pretext, output);
+        }
+        catch (DataLengthException e)
+        {
+            fail(test, "Init did not reset additional data.");
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(test, "Init did not reset additional data.");
+        }
+
+        // Check reset resets data
+        cipher.processBytes(pretext, 0, 100, output, 0);
+        cipher.reset();
+
+        try
+        {
+            crypt(cipher, pretext, output);
+        }
+        catch (DataLengthException e)
+        {
+            fail(test, "Init did not reset data.");
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(test, "Reset did not reset data.");
+        }
+
+        // Check reset resets AD
+        cipher.processAADBytes(pretext, 0, 100);
+        cipher.reset();
+
+        try
+        {
+            crypt(cipher, pretext, output);
+        }
+        catch (DataLengthException e)
+        {
+            fail(test, "Init did not reset data.");
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(test, "Reset did not reset additional data.");
+        }
+    }
+
+    private static void crypt(AEADBlockCipher cipher, byte[] plaintext, byte[] output)
+        throws InvalidCipherTextException
+    {
+        int len = cipher.processBytes(plaintext, 0, plaintext.length, output, 0);
+        cipher.doFinal(output, len);
+    }
+
+    public static void testOutputSizes(Test test, AEADBlockCipher cipher, AEADParameters params)
+        throws IllegalStateException,
+        InvalidCipherTextException
+    {
+        int maxPlaintext = cipher.getUnderlyingCipher().getBlockSize() * 10;
+        byte[] plaintext = new byte[maxPlaintext];
+        byte[] ciphertext = new byte[maxPlaintext * 2];
+
+        // Check output size calculations for truncated ciphertext lengths
+        cipher.init(true, params);
+        cipher.doFinal(ciphertext, 0);
+        int macLength = cipher.getMac().length;
+
+        cipher.init(false, params);
+        for (int i = 0; i < macLength; i++)
+        {
+            cipher.reset();
+            if (cipher.getUpdateOutputSize(i) != 0)
+            {
+                fail(test, "AE cipher should not produce update output with ciphertext length <= macSize");
+            }
+            if (cipher.getOutputSize(i) != 0)
+            {
+                fail(test, "AE cipher should not produce output with ciphertext length <= macSize");
+            }
+        }
+
+        for (int i = 0; i < plaintext.length; i++)
+        {
+            cipher.init(true, params);
+            int expectedCTUpdateSize = cipher.getUpdateOutputSize(i);
+            int expectedCTOutputSize = cipher.getOutputSize(i);
+
+            if (expectedCTUpdateSize < 0)
+            {
+                fail(test, "Encryption update output size should not be < 0 for size " + i);
+            }
+
+            if (expectedCTOutputSize < 0)
+            {
+                fail(test, "Encryption update output size should not be < 0 for size " + i);
+            }
+
+            int actualCTSize = cipher.processBytes(plaintext, 0, i, ciphertext, 0);
+
+            if (expectedCTUpdateSize != actualCTSize)
+            {
+                fail(test, "Encryption update output size did not match calculated for plaintext length " + i,
+                        String.valueOf(expectedCTUpdateSize), String.valueOf(actualCTSize));
+            }
+
+            actualCTSize += cipher.doFinal(ciphertext, actualCTSize);
+
+            if (expectedCTOutputSize != actualCTSize)
+            {
+                fail(test, "Encryption actual final output size did not match calculated for plaintext length " + i,
+                        String.valueOf(expectedCTOutputSize), String.valueOf(actualCTSize));
+            }
+
+            cipher.init(false, params);
+            int expectedPTUpdateSize = cipher.getUpdateOutputSize(actualCTSize);
+            int expectedPTOutputSize = cipher.getOutputSize(actualCTSize);
+
+            if (expectedPTOutputSize != i)
+            {
+                fail(test, "Decryption update output size did not original plaintext length " + i,
+                        String.valueOf(expectedPTUpdateSize), String.valueOf(i));
+            }
+
+            int actualPTSize = cipher.processBytes(ciphertext, 0, actualCTSize, plaintext, 0);
+
+            if (expectedPTUpdateSize != actualPTSize)
+            {
+                fail(test, "Decryption update output size did not match calculated for plaintext length " + i,
+                        String.valueOf(expectedPTUpdateSize), String.valueOf(actualPTSize));
+            }
+
+            actualPTSize += cipher.doFinal(plaintext, actualPTSize);
+
+            if (expectedPTOutputSize != actualPTSize)
+            {
+                fail(test, "Decryption update output size did not match calculated for plaintext length " + i,
+                        String.valueOf(expectedPTOutputSize), String.valueOf(actualPTSize));
+            }
+
+        }
+    }
+
+    public static void testBufferSizeChecks(Test test, AEADBlockCipher cipher, AEADParameters params)
+        throws IllegalStateException,
+        InvalidCipherTextException
+    {
+        int blockSize = cipher.getUnderlyingCipher().getBlockSize();
+        int maxPlaintext = (blockSize * 10);
+        byte[] plaintext = new byte[maxPlaintext];
+
+
+        cipher.init(true, params);
+
+        int expectedUpdateOutputSize = cipher.getUpdateOutputSize(plaintext.length);
+        byte[] ciphertext = new byte[cipher.getOutputSize(plaintext.length)];
+
+        try
+        {
+            cipher.processBytes(new byte[maxPlaintext - 1], 0, maxPlaintext, new byte[expectedUpdateOutputSize], 0);
+            fail(test, "processBytes should validate input buffer length");
+        }
+        catch (DataLengthException e)
+        {
+            // Expected
+        }
+        cipher.reset();
+
+        if (expectedUpdateOutputSize > 0)
+        {
+            int outputTrigger = 0;
+            // Process bytes until output would be produced
+            for(int i = 0; i < plaintext.length; i++) {
+                if (cipher.getUpdateOutputSize(1) != 0)
+                {
+                    outputTrigger = i + 1;
+                    break;
+                }
+                cipher.processByte(plaintext[i], ciphertext, 0);
+            }
+            if (outputTrigger == 0)
+            {
+                fail(test, "Failed to find output trigger size");
+            }
+            try
+            {
+                cipher.processByte(plaintext[0], new byte[cipher.getUpdateOutputSize(1) - 1], 0);
+                fail(test, "Encrypt processByte should validate output buffer length");
+            }
+            catch (OutputLengthException e)
+            {
+                // Expected
+            }
+            cipher.reset();
+
+            // Repeat checking with entire input at once
+            try
+            {
+                cipher.processBytes(plaintext, 0, outputTrigger,
+                        new byte[cipher.getUpdateOutputSize(outputTrigger) - 1], 0);
+                fail(test, "Encrypt processBytes should validate output buffer length");
+            }
+            catch (OutputLengthException e)
+            {
+                // Expected
+            }
+            cipher.reset();
+
+        }
+
+        // Remember the actual ciphertext for later
+        int actualOutputSize = cipher.processBytes(plaintext, 0, plaintext.length, ciphertext, 0);
+        actualOutputSize += cipher.doFinal(ciphertext, actualOutputSize);
+        int macSize = cipher.getMac().length;
+
+        cipher.reset();
+        try
+        {
+            cipher.processBytes(plaintext, 0, plaintext.length, ciphertext, 0);
+            cipher.doFinal(new byte[cipher.getOutputSize(0) - 1], 0);
+            fail(test, "Encrypt doFinal should validate output buffer length");
+        }
+        catch (OutputLengthException e)
+        {
+            // Expected
+        }
+
+        // Decryption tests
+
+        cipher.init(false, params);
+        expectedUpdateOutputSize = cipher.getUpdateOutputSize(actualOutputSize);
+
+        if (expectedUpdateOutputSize > 0)
+        {
+            // Process bytes until output would be produced
+            int outputTrigger = 0;
+            for (int i = 0; i < plaintext.length; i++)
+            {
+                if (cipher.getUpdateOutputSize(1) != 0)
+                {
+                    outputTrigger = i + 1;
+                    break;
+                }
+                cipher.processByte(ciphertext[i], plaintext, 0);
+            }
+            if (outputTrigger == 0)
+            {
+                fail(test, "Failed to find output trigger size");
+            }
+
+            try
+            {
+                cipher.processByte(ciphertext[0], new byte[cipher.getUpdateOutputSize(1) - 1], 0);
+                fail(test, "Decrypt processByte should validate output buffer length");
+            }
+            catch (OutputLengthException e)
+            {
+                // Expected
+            }
+            cipher.reset();
+
+            // Repeat test with processBytes
+            try
+            {
+                cipher.processBytes(ciphertext, 0, outputTrigger,
+                        new byte[cipher.getUpdateOutputSize(outputTrigger) - 1], 0);
+                fail(test, "Decrypt processBytes should validate output buffer length");
+            }
+            catch (OutputLengthException e)
+            {
+                // Expected
+            }
+        }
+
+        cipher.reset();
+        // Data less than mac length should fail before output length check
+        try
+        {
+            // Assumes AE cipher on decrypt can't return any data until macSize bytes are received
+            if (cipher.processBytes(ciphertext, 0, macSize - 1, plaintext, 0) != 0)
+            {
+                fail(test, "AE cipher unexpectedly produced output");
+            }
+            cipher.doFinal(new byte[0], 0);
+            fail(test, "Decrypt doFinal should check ciphertext length");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            // Expected
+        }
+
+        try
+        {
+            // Search through plaintext lengths until one is found that creates >= 1 buffered byte
+            // during decryption of ciphertext for doFinal to handle
+            for (int i = 2; i < plaintext.length; i++)
+            {
+                cipher.init(true, params);
+                int encrypted = cipher.processBytes(plaintext, 0, i, ciphertext, 0);
+                encrypted += cipher.doFinal(ciphertext, encrypted);
+
+                cipher.init(false, params);
+                cipher.processBytes(ciphertext, 0, encrypted - 1, plaintext, 0);
+                if (cipher.processByte(ciphertext[encrypted - 1], plaintext, 0) == 0)
+                {
+                    cipher.doFinal(new byte[cipher.getOutputSize(0) - 1], 0);
+                    fail(test, "Decrypt doFinal should check output length");
+                    cipher.reset();
+
+                    // Truncated Mac should be reported in preference to inability to output
+                    // buffered plaintext byte
+                    try
+                    {
+                        cipher.processBytes(ciphertext, 0, actualOutputSize - 1, plaintext, 0);
+                        cipher.doFinal(new byte[cipher.getOutputSize(0) - 1], 0);
+                        fail(test, "Decrypt doFinal should check ciphertext length");
+                    }
+                    catch (InvalidCipherTextException e)
+                    {
+                        // Expected
+                    }
+                    cipher.reset();
+                }
+            }
+            fail(test, "Decrypt doFinal test couldn't find a ciphertext length that buffered for doFinal");
+        }
+        catch (OutputLengthException e)
+        {
+            // Expected
+        }
+    }
+
+    static AEADParameters reuseKey(AEADParameters p)
+    {
+        return new AEADParameters(null, p.getMacSize(), p.getNonce(), p.getAssociatedText());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/AESFastTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESFastTest.java
new file mode 100644
index 0000000..c94b118
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESFastTest.java
@@ -0,0 +1,150 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test vectors from the NIST standard tests and Brian Gladman's vector set
+ * <a href="http://fp.gladman.plus.com/cryptography_technology/rijndael/">
+ * http://fp.gladman.plus.com/cryptography_technology/rijndael/</a>
+ */
+public class AESFastTest
+    extends CipherTest
+{
+    static SimpleTest[]  tests = 
+            {
+                new BlockCipherVectorTest(0, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(1, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(2, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(3, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(4, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(5, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(6, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(7, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168"),
+                new BlockCipherVectorTest(8, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(9, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(10, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(11, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(12, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(13, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(14, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(15, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168"),
+                new BlockCipherVectorTest(16, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(17, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(18, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(19, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(20, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(21, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(22, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(23, 10000, new AESFastEngine(),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168")
+            };
+    
+    private BlockCipher _engine = new AESFastEngine();
+
+    AESFastTest()
+    {
+        super(tests, new AESFastEngine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "AESFast";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        super.performTest();
+
+        byte[] keyBytes = new byte[16];
+        
+        _engine.init(true, new KeyParameter(keyBytes));
+        
+        //
+        // init tests
+        //
+        try
+        {
+            byte[]      dudKey = new byte[6];
+            
+            _engine.init(true, new KeyParameter(dudKey));
+            
+            fail("failed key length check");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected 
+        }
+        
+        try
+        {
+            byte[]      iv = new byte[16];
+
+            _engine.init(true, new ParametersWithIV(null, iv));
+            
+            fail("failed parameter check");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected 
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new AESFastTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/AESLightTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESLightTest.java
new file mode 100644
index 0000000..5e989f4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESLightTest.java
@@ -0,0 +1,150 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.engines.AESLightEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test vectors from the NIST standard tests and Brian Gladman's vector set
+ * <a href="http://fp.gladman.plus.com/cryptography_technology/rijndael/">
+ * http://fp.gladman.plus.com/cryptography_technology/rijndael/</a>
+ */
+public class AESLightTest
+    extends CipherTest
+{
+    static SimpleTest[]  tests = 
+            {
+                new BlockCipherVectorTest(0, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(1, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(2, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(3, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(4, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(5, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(6, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(7, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168"),
+                new BlockCipherVectorTest(8, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(9, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(10, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(11, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(12, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(13, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(14, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(15, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168"),
+                new BlockCipherVectorTest(16, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(17, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(18, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(19, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(20, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(21, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(22, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(23, 10000, new AESLightEngine(),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168")
+            };
+    
+    private BlockCipher _engine = new AESLightEngine();
+
+    AESLightTest()
+    {
+        super(tests, new AESLightEngine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "AESLight";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        super.performTest();
+
+        byte[] keyBytes = new byte[16];
+        
+        _engine.init(true, new KeyParameter(keyBytes));
+        
+        //
+        // init tests
+        //
+        try
+        {
+            byte[]      dudKey = new byte[6];
+            
+            _engine.init(true, new KeyParameter(dudKey));
+            
+            fail("failed key length check");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected 
+        }
+        
+        try
+        {
+            byte[]      iv = new byte[16];
+
+            _engine.init(true, new ParametersWithIV(null, iv));
+            
+            fail("failed parameter check");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected 
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new AESLightTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/AESTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESTest.java
new file mode 100644
index 0000000..5585d8c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESTest.java
@@ -0,0 +1,442 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.crypto.modes.SICBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test vectors from the NIST standard tests and Brian Gladman's vector set
+ * <a href="http://fp.gladman.plus.com/cryptography_technology/rijndael/">
+ * http://fp.gladman.plus.com/cryptography_technology/rijndael/</a>
+ */
+public class AESTest
+    extends CipherTest
+{
+    private static final byte[] tData   = Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114F3F6752AE8D7831138F041560631B1145A01020304050607");
+    private static final byte[] outCBC1 = Hex.decode("a444a9a4d46eb30cb7ed34d62873a89f8fdf2bf8a54e1aeadd06fd85c9cb46f021ee7cd4f418fa0bb72e9d07c70d5d20");
+    private static final byte[] outCBC2 = Hex.decode("585681354f0e01a86b32f94ebb6a675045d923cf201263c2aaecca2b4de82da0edd74ca5efd654c688f8a58e61955b11");
+    private static final byte[] outSIC1 = Hex.decode("82a1744e8ebbd053ca72362d5e570326e0b6fdaf824ab673fbf029042886b23c75129a015852913790f81f94447475a0");
+    private static final byte[] outSIC2 = Hex.decode("146cbb581d9e12c3333dd9c736fbb93043c92019f78580da48f81f80b3f551d58ea836fed480fc6912fefa9c5c89cc24");
+    private static final byte[] outCFB1 = Hex.decode("82a1744e8ebbd053ca72362d5e5703264b4182de3208c374b8ac4fa36af9c5e5f4f87d1e3b67963d06acf5eb13914c90");
+    private static final byte[] outCFB2 = Hex.decode("146cbb581d9e12c3333dd9c736fbb9303c8a3eb5185e2809e9d3c28e25cc2d2b6f5c11ee28d6530f72c412b1438a816a");
+    private static final byte[] outOFB1 = Hex.decode("82a1744e8ebbd053ca72362d5e5703261ebf1fdbec05e57b3465b583132f84b43bf95b2c89040ad1677b22d42db69a7a");
+    private static final byte[] outOFB2 = Hex.decode("146cbb581d9e12c3333dd9c736fbb9309ea4c2a7696c84959a2dada49f2f1c5905db1f0cec3a31acbc4701e74ab05e1f");
+
+    static SimpleTest[]  tests = 
+            {
+                new BlockCipherVectorTest(0, new AESEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(1, new AESEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(2, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(3, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(4, new AESEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(5, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(6, new AESEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(7, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168"),
+                new BlockCipherVectorTest(8, new AESEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(9, new AESEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(10, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(11, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(12, new AESEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(13, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(14, new AESEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(15, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168"),
+                new BlockCipherVectorTest(16, new AESEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(17, new AESEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(18, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(19, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(20, new AESEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(21, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(22, new AESEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(23, 10000, new AESEngine(),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168")
+            };
+    
+    private BlockCipher _engine = new AESEngine();
+
+    public AESTest()
+    {
+        super(tests, new AESEngine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "AES";
+    }
+
+    private void testNullSIC()
+        throws InvalidCipherTextException
+    {
+        BufferedBlockCipher b = new BufferedBlockCipher(new SICBlockCipher(new AESEngine()));
+        KeyParameter kp = new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917"));
+
+        b.init(true, new ParametersWithIV(kp, new byte[16]));
+
+        byte[] out = new byte[b.getOutputSize(tData.length)];
+
+        int len = b.processBytes(tData, 0, tData.length, out, 0);
+
+        len += b.doFinal(out, len);
+
+        if (!areEqual(outSIC1, out))
+        {
+            fail("no match on first nullSIC check");
+        }
+
+        b.init(true, new ParametersWithIV(null, Hex.decode("000102030405060708090a0b0c0d0e0f")));
+
+        len = b.processBytes(tData, 0, tData.length, out, 0);
+
+        len += b.doFinal(out, len);
+
+        if (!areEqual(outSIC2, out))
+        {
+            fail("no match on second nullSIC check");
+        }
+    }
+
+    private void testNullCBC()
+        throws InvalidCipherTextException
+    {
+        BufferedBlockCipher b = new BufferedBlockCipher(new CBCBlockCipher(new AESEngine()));
+        KeyParameter kp = new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917"));
+
+        b.init(true, new ParametersWithIV(kp, new byte[16]));
+
+        byte[] out = new byte[b.getOutputSize(tData.length)];
+
+        int len = b.processBytes(tData, 0, tData.length, out, 0);
+
+        len += b.doFinal(out, len);
+
+        if (!areEqual(outCBC1, out))
+        {
+            fail("no match on first nullCBC check");
+        }
+
+        b.init(true, new ParametersWithIV(null, Hex.decode("000102030405060708090a0b0c0d0e0f")));
+
+        len = b.processBytes(tData, 0, tData.length, out, 0);
+
+        len += b.doFinal(out, len);
+
+        if (!areEqual(outCBC2, out))
+        {
+            fail("no match on second nullCBC check");
+        }
+    }
+
+    private void testNullOFB()
+        throws InvalidCipherTextException
+    {
+        BufferedBlockCipher b = new BufferedBlockCipher(new OFBBlockCipher(new AESEngine(), 128));
+        KeyParameter kp = new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917"));
+
+        b.init(true, new ParametersWithIV(kp, new byte[16]));
+
+        byte[] out = new byte[b.getOutputSize(tData.length)];
+
+        int len = b.processBytes(tData, 0, tData.length, out, 0);
+
+        len += b.doFinal(out, len);
+
+        if (!areEqual(outOFB1, out))
+        {
+            fail("no match on first nullOFB check");
+        }
+
+        b.init(true, new ParametersWithIV(null, Hex.decode("000102030405060708090a0b0c0d0e0f")));
+
+        len = b.processBytes(tData, 0, tData.length, out, 0);
+
+        len += b.doFinal(out, len);
+
+        if (!areEqual(outOFB2, out))
+        {
+            fail("no match on second nullOFB check");
+        }
+    }
+
+    private void testNullCFB()
+        throws InvalidCipherTextException
+    {
+        BufferedBlockCipher b = new BufferedBlockCipher(new CFBBlockCipher(new AESEngine(), 128));
+        KeyParameter kp = new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917"));
+
+        b.init(true, new ParametersWithIV(kp, new byte[16]));
+
+        byte[] out = new byte[b.getOutputSize(tData.length)];
+
+        int len = b.processBytes(tData, 0, tData.length, out, 0);
+
+        len += b.doFinal(out, len);
+
+        if (!areEqual(outCFB1, out))
+        {
+            fail("no match on first nullCFB check");
+        }
+
+        b.init(true, new ParametersWithIV(null, Hex.decode("000102030405060708090a0b0c0d0e0f")));
+
+        len = b.processBytes(tData, 0, tData.length, out, 0);
+
+        len += b.doFinal(out, len);
+
+        if (!areEqual(outCFB2, out))
+        {
+            fail("no match on second nullCFB check");
+        }
+    }
+
+    private boolean areEqual(byte[] a, int aOff, byte[] b, int bOff)
+    {
+        for (int i = bOff; i != b.length; i++)
+        {
+            if (a[aOff + i - bOff] != b[i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private void skipTest()
+    {
+        CipherParameters params = new ParametersWithIV(new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")), Hex.decode("00000000000000000000000000000000"));
+        SICBlockCipher engine = new SICBlockCipher(new AESEngine());
+
+        engine.init(true, params);
+
+        SecureRandom rand = new SecureRandom();
+        byte[]       plain = new byte[50000];
+        byte[]       cipher = new byte[50000];
+
+        rand.nextBytes(plain);
+        engine.processBytes(plain, 0, plain.length, cipher, 0);
+
+        byte[]      fragment = new byte[20];
+
+        engine.init(true, params);
+
+        engine.skip(10);
+
+        if (engine.getPosition() != 10)
+        {
+            fail("skip position incorrect - 10 got " + engine.getPosition());
+        }
+
+        engine.processBytes(plain, 10, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 10, fragment, 0))
+        {
+            fail("skip forward 10 failed");
+        }
+
+        engine.skip(1000);
+
+        if (engine.getPosition() != 1010 + fragment.length)
+        {
+            fail("skip position incorrect - " + (1010 + fragment.length) + " got " + engine.getPosition());
+        }
+
+        engine.processBytes(plain, 1010 + fragment.length, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 1010 + fragment.length, fragment, 0))
+        {
+            fail("skip forward 1000 failed");
+        }
+
+        engine.skip(-10);
+
+        if (engine.getPosition() != 1010 + 2 * fragment.length - 10)
+        {
+            fail("skip position incorrect - " + (1010 + 2 * fragment.length - 10) + " got " + engine.getPosition());
+        }
+
+        engine.processBytes(plain, 1010 + 2 * fragment.length - 10, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 1010 + 2 * fragment.length - 10, fragment, 0))
+        {
+            fail("skip back 10 failed");
+        }
+
+        engine.skip(-1000);
+
+        if (engine.getPosition() != 60)
+        {
+            fail("skip position incorrect - " + 60 + " got " + engine.getPosition());
+        }
+
+        engine.processBytes(plain, 60, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 60, fragment, 0))
+        {
+            fail("skip back 1000 failed");
+        }
+
+        long pos = engine.seekTo(1010);
+
+        if (pos != 1010)
+        {
+            fail("position incorrect - " + 1010 + " got " + pos);
+        }
+
+        engine.processBytes(plain, 1010, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 1010, fragment, 0))
+        {
+            fail("seek to 1010 failed");
+        }
+
+        engine.reset();
+
+        for (int i = 0; i != 5000; i++)
+        {
+            engine.skip(i);
+
+            if (engine.getPosition() != i)
+            {
+                fail("skip forward at wrong position");
+            }
+
+            engine.processBytes(plain, i, fragment.length, fragment, 0);
+
+            if (!areEqual(cipher, i, fragment, 0))
+            {
+                fail("skip forward i failed: " + i);
+            }
+
+            if (engine.getPosition() != i + fragment.length)
+            {
+                fail("cipher at wrong position: " + engine.getPosition() + " [" + i + "]");
+            }
+
+            engine.skip(-fragment.length);
+
+            if (engine.getPosition() != i)
+            {
+                fail("skip back at wrong position");
+            }
+
+            engine.processBytes(plain, i, fragment.length, fragment, 0);
+
+            if (!areEqual(cipher, i, fragment, 0))
+            {
+                fail("skip back i failed: " + i);
+            }
+
+            engine.reset();
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        super.performTest();
+
+        byte[] keyBytes = new byte[16];
+        
+        _engine.init(true, new KeyParameter(keyBytes));
+        
+        //
+        // init tests
+        //
+        try
+        {
+            byte[]      dudKey = new byte[6];
+            
+            _engine.init(true, new KeyParameter(dudKey));
+            
+            fail("failed key length check");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected 
+        }
+        
+        try
+        {
+            byte[]      iv = new byte[16];
+
+            _engine.init(true, new ParametersWithIV(null, iv));
+            
+            fail("failed parameter check");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected 
+        }
+
+        testNullCBC();
+        testNullSIC();
+        testNullOFB();
+        testNullCFB();
+
+        skipTest();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new AESTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/AESVectorFileTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESVectorFileTest.java
new file mode 100644
index 0000000..cfd4843
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESVectorFileTest.java
@@ -0,0 +1,258 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipFile;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.engines.AESLightEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * Test vectors from the NIST standard tests and Brian Gladman's vector set
+ * <a href="http://fp.gladman.plus.com/cryptography_technology/rijndael/">
+ * http://fp.gladman.plus.com/cryptography_technology/rijndael/</a>
+ */
+public class AESVectorFileTest
+    implements Test
+{
+
+    private int countOfTests = 0;
+    private int testNum = 0;
+
+    protected BlockCipher createNewEngineForTest()
+    {
+        return new AESEngine();
+    }
+
+    private Test[] readTestVectors(InputStream inStream)
+    {
+        // initialize key, plaintext, ciphertext = null
+        // read until find BLOCKSIZE=
+        // return if not 128
+        // read KEYSIZE= or ignore
+        // loop
+        // read a line
+        // if starts with BLOCKSIZE=
+        // parse the rest. return if not 128
+        // if starts with KEY=
+        // parse the rest and set KEY
+        // if starts with PT=
+        // parse the rest and set plaintext
+        // if starts with CT=
+        // parse the rest and set ciphertext
+        // if starts with TEST= or end of file
+        // if key, plaintext, ciphertext are all not null
+        // save away their values as the next test
+        // until end of file
+        List   tests = new ArrayList();
+        String key = null;
+        String plaintext = null;
+        String ciphertext = null;
+
+        BufferedReader in = new BufferedReader(new InputStreamReader(inStream));
+
+        try
+        {
+            String line = in.readLine();
+
+            while (line != null)
+            {
+                line = line.trim().toLowerCase();
+                if (line.startsWith("blocksize="))
+                {
+                    int i = 0;
+                    try
+                    {
+                        i = Integer.parseInt(line.substring(10).trim());
+                    }
+                    catch (Exception e)
+                    {
+                    }
+                    if (i != 128)
+                    {
+                        return null;
+                    }
+                }
+                else if (line.startsWith("keysize="))
+                {
+                    int i = 0;
+                    try
+                    {
+                        i = Integer.parseInt(line.substring(10).trim());
+                    }
+                    catch (Exception e)
+                    {
+                    }
+                    if ((i != 128) && (i != 192) && (i != 256))
+                    {
+                        return null;
+                    }
+                }
+                else if (line.startsWith("key="))
+                {
+                    key = line.substring(4).trim();
+                }
+                else if (line.startsWith("pt="))
+                {
+                    plaintext = line.substring(3).trim();
+                }
+                else if (line.startsWith("ct="))
+                {
+                    ciphertext = line.substring(3).trim();
+                }
+                else if (line.startsWith("test="))
+                {
+                    if ((key != null) && (plaintext != null)
+                            && (ciphertext != null))
+                    {
+                        tests.add(new BlockCipherVectorTest(testNum++,
+                                createNewEngineForTest(), new KeyParameter(Hex
+                                        .decode(key)), plaintext, ciphertext));
+                    }
+                }
+
+                line = in.readLine();
+            }
+            try
+            {
+                in.close();
+            }
+            catch (IOException e)
+            {
+            }
+        }
+        catch (IOException e)
+        {
+        }
+        if ((key != null) && (plaintext != null) && (ciphertext != null))
+        {
+            tests.add(new BlockCipherVectorTest(testNum++,
+                    createNewEngineForTest(),
+                    new KeyParameter(Hex.decode(key)), plaintext, ciphertext));
+        }
+        return (Test[])(tests.toArray(new Test[tests.size()]));
+    }
+
+    public String getName()
+    {
+        return "AES";
+    }
+
+    private TestResult performTestsFromZipFile(File zfile)
+    {
+        try
+        {
+            ZipFile inZip = new ZipFile(zfile);
+            for (Enumeration files = inZip.entries(); files.hasMoreElements();)
+            {
+                Test[] tests = null;
+                try
+                {
+                    tests = readTestVectors(inZip
+                            .getInputStream((ZipEntry)(files.nextElement())));
+                }
+                catch (Exception e)
+                {
+                    return new SimpleTestResult(false, getName() + ": threw "
+                            + e);
+                }
+                if (tests != null)
+                {
+                    for (int i = 0; i != tests.length; i++)
+                    {
+                        TestResult res = tests[i].perform();
+                        countOfTests++;
+
+                        if (!res.isSuccessful())
+                        {
+                            return res;
+                        }
+                    }
+                }
+            }
+            inZip.close();
+            return new SimpleTestResult(true, getName() + ": Okay");
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": threw " + e);
+        }
+    }
+
+    private static final String[] zipFileNames = { "rijn.tv.ecbnk.zip",
+            "rijn.tv.ecbnt.zip", "rijn.tv.ecbvk.zip", "rijn.tv.ecbvt.zip" };
+
+    public TestResult perform()
+    {
+        countOfTests = 0;
+        for (int i = 0; i < zipFileNames.length; i++)
+        {
+            File inf = new File(zipFileNames[i]);
+            TestResult res = performTestsFromZipFile(inf);
+            if (!res.isSuccessful())
+            {
+                return res;
+            }
+        }
+        return new SimpleTestResult(true, getName() + ": " + countOfTests
+                + " performed Okay");
+    }
+
+    public static void main(String[] args)
+    {
+        AESVectorFileTest test = new AESVectorFileTest();
+        TestResult result = test.perform();
+        System.out.println(result);
+
+        test = new AESLightVectorFileTest();
+        result = test.perform();
+        System.out.println(result);
+
+        test = new AESFastVectorFileTest();
+        result = test.perform();
+        System.out.println(result);
+
+    }
+
+    private static class AESLightVectorFileTest extends AESVectorFileTest
+    {
+        protected BlockCipher createNewEngineForTest()
+        {
+            return new AESLightEngine();
+        }
+
+        public String getName()
+        {
+            return "AESLight";
+        }
+
+    }
+
+    private static class AESFastVectorFileTest extends AESVectorFileTest
+    {
+        protected BlockCipher createNewEngineForTest()
+        {
+            return new AESFastEngine();
+        }
+
+        public String getName()
+        {
+            return "AESFast";
+        }
+
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/AESWrapPadTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESWrapPadTest.java
new file mode 100644
index 0000000..75ac525
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESWrapPadTest.java
@@ -0,0 +1,146 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.Wrapper;
+import org.bouncycastle.crypto.engines.AESWrapPadEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * This is a test harness I use because I cannot modify the BC test harness without
+ * invalidating the signature on their signed provider library. The code here is not
+ * high quality but it does test the RFC vectors as well as randomly generated values.
+ * The RFC test vectors are tested by making sure both the ciphertext and decrypted
+ * values match the expected values whereas the random values are just checked to make
+ * sure that:
+ * <p>unwrap(wrap(random_value, random_kek), random_kek) == random_value.</p>
+ */
+
+public class AESWrapPadTest
+    extends SimpleTest
+{
+
+    private final int numOfRandomIterations = 100;
+
+    public AESWrapPadTest()
+    {
+
+    }
+
+    private void wrapAndUnwrap(byte[] kek, byte[] key, byte[] expected)
+        throws Exception
+    {
+        Wrapper wrapper = new AESWrapPadEngine();
+
+        wrapper.init(true, new KeyParameter(kek));
+
+        byte[] cipherText = wrapper.wrap(key, 0, key.length);
+        if (!areEqual(cipherText, expected))
+        {
+            fail("Wrapped value does not match expected.");
+        }
+        wrapper.init(false, new KeyParameter(kek));
+        byte[] plainText = wrapper.unwrap(cipherText, 0, cipherText.length);
+
+        if (!areEqual(key, plainText))
+        {
+            fail("Unwrapped value does not match original.");
+        }
+    }
+
+    private void wrapAndUnwrap(byte[] kek, byte[] key)
+        throws Exception
+    {
+        Wrapper wrapper = new AESWrapPadEngine();
+
+        wrapper.init(true, new KeyParameter(kek));
+
+        byte[] cipherText = wrapper.wrap(key, 0, key.length);
+
+        wrapper.init(false, new KeyParameter(kek));
+        byte[] plainText = wrapper.unwrap(cipherText, 0, cipherText.length);
+
+        if (!areEqual(key, plainText))
+        {
+            fail("Unwrapped value does not match original.");
+        }
+    }
+
+    public String getName()
+    {
+        return "AESWrapPad";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        // test RFC 5649 test vectors
+        byte[] kek = Hex.decode("5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8");
+        byte[] key = Hex.decode("c37b7e6492584340bed12207808941155068f738");
+        byte[] wrap = Hex.decode("138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a");
+
+        wrapAndUnwrap(kek, key, wrap);
+
+        wrap = Hex.decode("afbeb0f07dfbf5419200f2ccb50bb24f");
+        key = Hex.decode("466f7250617369");
+        wrapAndUnwrap(kek, key, wrap);
+
+
+        //
+        // offset test
+        //
+        Wrapper wrapper = new AESWrapPadEngine();
+
+        byte[] pText = new byte[5 + key.length];
+        byte[]  cText;
+
+        System.arraycopy(key, 0, pText, 5, key.length);
+
+        wrapper.init(true, new KeyParameter(kek));
+
+        cText = wrapper.wrap(pText, 5, key.length);
+        if (!Arrays.areEqual(cText, wrap))
+        {
+            fail("failed offset wrap test expected " + new String(Hex.encode(wrap)) + " got " + new String(Hex.encode(cText)));
+        }
+
+        wrapper.init(false, new KeyParameter(kek));
+
+        cText = new byte[6 + wrap.length];
+        System.arraycopy(wrap, 0, cText, 6, wrap.length);
+
+        pText = wrapper.unwrap(cText, 6, wrap.length);
+        if (!Arrays.areEqual(pText, key))
+        {
+            fail("failed offset unwrap test expected " + new String(Hex.encode(key)) + " got " + new String(Hex.encode(pText)));
+        }
+
+        // test random values
+        SecureRandom rnd = new SecureRandom();
+        for (int i = 0; i < numOfRandomIterations; i++)
+        {
+            int kekLength = 128;
+            boolean shouldIncrease = (rnd.nextInt() & 0x01) != 0;
+            if (shouldIncrease)
+            {
+                kekLength = 256;
+            }
+            kek = new byte[kekLength / 8];
+            rnd.nextBytes(kek);
+            int keyToWrapSize = rnd.nextInt(256 / 8 - 8) + 8;
+            byte[] keyToWrap = new byte[keyToWrapSize];
+            rnd.nextBytes(keyToWrap);
+            wrapAndUnwrap(kek, keyToWrap);
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new AESWrapPadTest());
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/AESWrapTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESWrapTest.java
new file mode 100644
index 0000000..7bd1e4b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/AESWrapTest.java
@@ -0,0 +1,260 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.Wrapper;
+import org.bouncycastle.crypto.engines.AESWrapEngine;
+import org.bouncycastle.crypto.engines.AESWrapPadEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestFailedException;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * Wrap Test
+ */
+public class AESWrapTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "AESWrap";
+    }
+
+    private void wrapTest(
+        int     id,
+        byte[]  kek,
+        byte[]  in,
+        byte[]  out)
+    {
+        wrapTest(id, kek, in, out, false);
+    }
+
+    private void wrapTest(
+        int     id,
+        byte[]  kek,
+        byte[]  in,
+        byte[]  out,
+        boolean useReverseDirection)
+    {
+        Wrapper wrapper = new AESWrapEngine(useReverseDirection);
+
+        wrapper.init(true, new KeyParameter(kek));
+
+        try
+        {
+            byte[]  cText = wrapper.wrap(in, 0, in.length);
+            if (!Arrays.areEqual(cText, out))
+            {
+                fail("failed wrap test " + id  + " expected " + new String(Hex.encode(out)) + " got " + new String(Hex.encode(cText)));
+            }
+        }
+        catch (TestFailedException e)
+        {
+            throw e;
+        }
+        catch (Exception e)
+        {
+            fail("failed wrap test exception " + e.toString());
+        }
+
+        wrapper.init(false, new KeyParameter(kek));
+
+        try
+        {
+            byte[]  pText = wrapper.unwrap(out, 0, out.length);
+            if (!Arrays.areEqual(pText, in))
+            {
+                fail("failed unwrap test " + id  + " expected " + new String(Hex.encode(in)) + " got " + new String(Hex.encode(pText)));
+            }
+        }
+        catch (TestFailedException e)
+        {
+            throw e;
+        }
+        catch (Exception e)
+        {
+            fail("failed unwrap test exception.", e);
+        }
+
+        //
+        // offset test
+        //
+        byte[] pText = new byte[5 + in.length];
+        byte[]  cText;
+
+        System.arraycopy(in, 0, pText, 5, in.length);
+
+        wrapper.init(true, new KeyParameter(kek));
+
+        try
+        {
+            cText = wrapper.wrap(pText, 5, in.length);
+            if (!Arrays.areEqual(cText, out))
+            {
+                fail("failed wrap test " + id  + " expected " + new String(Hex.encode(out)) + " got " + new String(Hex.encode(cText)));
+            }
+        }
+        catch (Exception e)
+        {
+            fail("failed wrap test exception " + e.toString());
+        }
+
+        wrapper.init(false, new KeyParameter(kek));
+
+        cText = new byte[6 + out.length];
+        System.arraycopy(out, 0, cText, 6, out.length);
+
+        try
+        {
+            pText = wrapper.unwrap(cText, 6, out.length);
+            if (!Arrays.areEqual(pText, in))
+            {
+                fail("failed unwrap test " + id  + " expected " + new String(Hex.encode(in)) + " got " + new String(Hex.encode(pText)));
+            }
+        }
+        catch (Exception e)
+        {
+            fail("failed unwrap test exception.", e);
+        }
+    }
+
+    private void heapIssueTest()
+    {
+   		byte[] key = Hex.decode("d305ef52a6b9e72c810b821261d2d678");
+   		byte[] ciphertext = Hex.decode("d2b2906d209a46261d8f6794eca3179d");
+
+   		Wrapper aes = new AESWrapPadEngine();
+   		aes.init(false, new KeyParameter(key));
+        try
+        {
+            byte[] result = aes.unwrap(ciphertext, 0, ciphertext.length);
+
+            fail("incorrect pad not detected");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            // ignore
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        byte[]  kek1 = Hex.decode("000102030405060708090a0b0c0d0e0f");
+        byte[]  in1 = Hex.decode("00112233445566778899aabbccddeeff");
+        byte[]  out1 = Hex.decode("1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5");
+
+        wrapTest(1, kek1, in1, out1);
+
+        byte[]  kek2 = Hex.decode("000102030405060708090a0b0c0d0e0f1011121314151617");
+        byte[]  in2 = Hex.decode("00112233445566778899aabbccddeeff");
+        byte[]  out2 = Hex.decode("96778b25ae6ca435f92b5b97c050aed2468ab8a17ad84e5d");
+
+        wrapTest(2, kek2, in2, out2);
+
+        byte[]  kek3 = Hex.decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f");
+        byte[]  in3 = Hex.decode("00112233445566778899aabbccddeeff");
+        byte[]  out3 = Hex.decode("64e8c3f9ce0f5ba263e9777905818a2a93c8191e7d6e8ae7");
+
+        wrapTest(3, kek3, in3, out3);
+
+        byte[]  kek4 = Hex.decode("000102030405060708090a0b0c0d0e0f1011121314151617");
+        byte[]  in4 = Hex.decode("00112233445566778899aabbccddeeff0001020304050607");
+        byte[]  out4 = Hex.decode("031d33264e15d33268f24ec260743edce1c6c7ddee725a936ba814915c6762d2");
+        wrapTest(4, kek4, in4, out4);
+
+        byte[]  kek5 = Hex.decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f");
+        byte[]  in5 = Hex.decode("00112233445566778899aabbccddeeff0001020304050607");
+        byte[]  out5 = Hex.decode("a8f9bc1612c68b3ff6e6f4fbe30e71e4769c8b80a32cb8958cd5d17d6b254da1");
+        wrapTest(5, kek5, in5, out5);
+
+        byte[]  kek6 = Hex.decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f");
+        byte[]  in6 = Hex.decode("00112233445566778899aabbccddeeff000102030405060708090a0b0c0d0e0f");
+        byte[]  out6 = Hex.decode("28c9f404c4b810f4cbccb35cfb87f8263f5786e2d80ed326cbc7f0e71a99f43bfb988b9b7a02dd21");
+        wrapTest(6, kek6, in6, out6);
+
+        byte[]  kek7 = Hex.decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f");
+        byte[]  in7 = Hex.decode("00112233445566778899aabbccddeeff000102030405060708090a0b0c0d0e0f");
+        byte[]  out7 = Hex.decode("cba01acbdb4c7c39fa59babb383c485f318837208731a81c735b5be6ba710375a1159e26a9b57228");
+        wrapTest(7, kek7, in7, out7, true);
+
+        Wrapper      wrapper = new AESWrapEngine();
+        KeyParameter key = new KeyParameter(new byte[16]);
+        byte[]       buf = new byte[16];
+
+        try
+        {
+            wrapper.init(true, key);
+
+            wrapper.unwrap(buf, 0, buf.length);
+
+            fail("failed unwrap state test.");
+        }
+        catch (IllegalStateException e)
+        {
+            // expected
+        }
+        catch (InvalidCipherTextException e)
+        {
+            fail("unexpected exception: " + e, e);
+        }
+
+        try
+        {
+            wrapper.init(false, key);
+
+            wrapper.wrap(buf, 0, buf.length);
+
+            fail("failed unwrap state test.");
+        }
+        catch (IllegalStateException e)
+        {
+            // expected
+        }
+
+        //
+        // short test
+        //
+        try
+        {
+            wrapper.init(false, key);
+
+            wrapper.unwrap(buf, 0, buf.length / 2);
+
+            fail("failed unwrap short test.");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            // expected
+        }
+
+        try
+        {
+            wrapper.init(true, key);
+
+            wrapper.wrap(buf, 0, 15);
+
+            fail("ailed wrap length test.");
+        }
+        catch (DataLengthException e)
+        {
+            // expected
+        }
+
+        heapIssueTest();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        AESWrapTest     test = new AESWrapTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/AllTests.java
new file mode 100644
index 0000000..35bf235
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/AllTests.java
@@ -0,0 +1,41 @@
+package org.bouncycastle.crypto.test;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.bouncycastle.util.test.SimpleTestResult;
+
+public class AllTests
+    extends TestCase
+{   
+    public void testCrypto()
+    {   
+        org.bouncycastle.util.test.Test[] tests = RegressionTest.tests;
+        
+        for (int i = 0; i != tests.length; i++)
+        {
+            SimpleTestResult  result = (SimpleTestResult)tests[i].perform();
+  
+            if (!result.isSuccessful())
+            {
+                fail(result.toString());
+            }
+        }
+    }
+    
+    public static void main (String[] args)
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+    
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("Lightweight Crypto Tests");
+        
+        suite.addTestSuite(AllTests.class);
+        suite.addTestSuite(GCMReorderTest.class);
+        
+        return suite;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/BCryptTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/BCryptTest.java
new file mode 100644
index 0000000..6a4f777
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/BCryptTest.java
@@ -0,0 +1,151 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.generators.BCrypt;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Integers;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/*
+ * bcrypt test vectors
+ */
+public class BCryptTest
+    extends SimpleTest
+{
+    // Raw test vectors based on crypt style test vectors
+    // Cross checked with JBCrypt
+    private static final Object[][] testVectors = {
+        {"", "144b3d691a7b4ecf39cf735c7fa7a79c", Integers.valueOf(6), "557e94f34bf286e8719a26be94ac1e16d95ef9f819dee092"},
+        {"00", "144b3d691a7b4ecf39cf735c7fa7a79c", Integers.valueOf(6), "557e94f34bf286e8719a26be94ac1e16d95ef9f819dee092"},
+        {"00", "26c63033c04f8bcba2fe24b574db6274", Integers.valueOf(8), "56701b26164d8f1bc15225f46234ac8ac79bf5bc16bf48ba"},
+        {"00", "9b7c9d2ada0fd07091c915d1517701d6", Integers.valueOf(10), "7b2e03106a43c9753821db688b5cc7590b18fdf9ba544632"},
+        {"6100", "a3612d8c9a37dac2f99d94da03bd4521", Integers.valueOf(6), "e6d53831f82060dc08a2e8489ce850ce48fbf976978738f3"},
+        {"6100", "7a17b15dfe1c4be10ec6a3ab47818386", Integers.valueOf(8), "a9f3469a61cbff0a0f1a1445dfe023587f38b2c9c40570e1"},
+        {"6100", "9bef4d04e1f8f92f3de57323f8179190", Integers.valueOf(10), "5169fd39606d630524285147734b4c981def0ee512c3ace1"},
+        {"61626300", "2a1f1dc70a3d147956a46febe3016017", Integers.valueOf(6), "d9a275b493bcbe1024b0ff80d330253cfdca34687d8f69e5"},
+        {"61626300", "4ead845a142c9bc79918c8797f470ef5", Integers.valueOf(8), "8d4131a723bfbbac8a67f2e035cae08cc33b69f37331ea91"},
+        {"61626300", "631c554493327c32f9c26d9be7d18e4c", Integers.valueOf(10), "8cd0b863c3ff0860e31a2b42427974e0283b3af7142969a6"},
+        {"6162636465666768696a6b6c6d6e6f707172737475767778797a00", "02d1176d74158ee29cffdac6150cf123", Integers.valueOf(6), "4d38b523ce9dc6f2f6ff9fb3c2cd71dfe7f96eb4a3baf19f"},
+        {"6162636465666768696a6b6c6d6e6f707172737475767778797a00", "715b96caed2ac92c354ed16c1e19e38a", Integers.valueOf(8), "98bf9ffc1f5be485f959e8b1d526392fbd4ed2d5719f506b"},
+        {"6162636465666768696a6b6c6d6e6f707172737475767778797a00", "85727e838f9049397fbec90566ede0df", Integers.valueOf(10), "cebba53f67bd28af5a44c6707383c231ac4ef244a6f5fb2b"},
+        {"7e21402324255e262a28292020202020207e21402324255e262a2829504e4246524400", "8512ae0d0fac4ec9a5978f79b6171028", Integers.valueOf(6), "26f517fe5345ad575ba7dfb8144f01bfdb15f3d47c1e146a"},
+        {"7e21402324255e262a28292020202020207e21402324255e262a2829504e4246524400", "1ace2de8807df18c79fced54678f388f", Integers.valueOf(8), "d51d7cdf839b91a25758b80141e42c9f896ae80fd6cd561f"},
+        {"7e21402324255e262a28292020202020207e21402324255e262a2829504e4246524400", "36285a6267751b14ba2dc989f6d43126", Integers.valueOf(10), "db4fab24c1ff41c1e2c966f8b3d6381c76e86f52da9e15a9"},
+        {"c2a300", "144b3d691a7b4ecf39cf735c7fa7a79c", Integers.valueOf(6), "5a6c4fedb23980a7da9217e0442565ac6145b687c7313339"},
+    };
+
+    public String getName()
+    {
+        return "BCrypt";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        testParameters();
+        testShortKeys();
+        testVectors();
+    }
+
+    private void testShortKeys()
+    {
+        byte[] salt = new byte[16];
+
+        // Check BCrypt with empty key pads to zero byte key
+        byte[] hashEmpty = BCrypt.generate(new byte[0], salt, 4);
+        byte[] hashZero1 = BCrypt.generate(new byte[1], salt, 4);
+
+        if (!Arrays.areEqual(hashEmpty, hashZero1))
+        {
+            fail("Hash for empty password should equal zeroed key", new String(Hex.encode(hashEmpty)),
+                new String(Hex.encode(hashZero1)));
+        }
+
+        // Check zeroed byte key of min Blowfish length is equivalent
+        byte[] hashZero4 = BCrypt.generate(new byte[4], salt, 4);
+        if (!Arrays.areEqual(hashEmpty, hashZero4))
+        {
+            fail("Hash for empty password should equal zeroed key[4]", new String(Hex.encode(hashEmpty)), new String(
+                Hex.encode(hashZero4)));
+        }
+
+        // Check BCrypt isn't padding too small (32 bit) keys
+        byte[] hashA = BCrypt.generate(new byte[]{(byte)'a'}, salt, 4);
+        byte[] hashA0 = BCrypt.generate(new byte[]{(byte)'a', (byte)0}, salt, 4);
+        if (Arrays.areEqual(hashA, hashA0))
+        {
+            fail("Small keys should not be 0 padded.");
+        }
+    }
+
+    public void testParameters()
+    {
+        checkOK("Empty key", new byte[0], new byte[16], 4);
+        checkOK("Minimal values", new byte[1], new byte[16], 4);
+        // checkOK("Max cost", new byte[1], new byte[16], 31);
+        checkOK("Max passcode", new byte[72], new byte[16], 4);
+        checkIllegal("Null password", null, new byte[16], 4);
+        checkIllegal("Null salt", new byte[1], null, 4);
+        checkIllegal("Salt too small", new byte[1], new byte[15], 4);
+        checkIllegal("Salt too big", new byte[1], new byte[17], 4);
+        checkIllegal("Cost too low", new byte[16], new byte[16], 3);
+        checkIllegal("Cost too high", new byte[16], new byte[16], 32);
+        checkIllegal("Passcode too long", new byte[73], new byte[16], 32);
+    }
+
+    private void checkOK(String msg, byte[] pass, byte[] salt, int cost)
+    {
+        try
+        {
+            BCrypt.generate(pass, salt, cost);
+        }
+        catch (IllegalArgumentException e)
+        {
+            e.printStackTrace();
+            fail(msg);
+        }
+    }
+
+    private void checkIllegal(String msg, byte[] pass, byte[] salt, int cost)
+    {
+        try
+        {
+            BCrypt.generate(pass, salt, cost);
+            fail(msg);
+        }
+        catch (IllegalArgumentException e)
+        {
+            // e.printStackTrace();
+        }
+    }
+
+    public void testVectors()
+        throws Exception
+    {
+        for (int i = 0; i < testVectors.length; i++)
+        {
+            byte[] password = Hex.decode((String)testVectors[i][0]);
+            byte[] salt = Hex.decode((String)testVectors[i][1]);
+            int cost = ((Integer)testVectors[i][2]).intValue();
+            byte[] expected = Hex.decode((String)testVectors[i][3]);
+
+            test(password, salt, cost, expected);
+        }
+
+    }
+
+    private void test(byte[] password, byte[] salt, int cost, byte[] expected)
+    {
+        byte[] hash = BCrypt.generate(password, salt, cost);
+        if (!Arrays.areEqual(hash, expected))
+        {
+            fail("Hash for " + new String(Hex.encode(password)), new String(Hex.encode(expected)),
+                new String(Hex.encode(hash)));
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new BCryptTest());
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/BigSkippingCipherTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/BigSkippingCipherTest.java
new file mode 100644
index 0000000..695a009
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/BigSkippingCipherTest.java
@@ -0,0 +1,223 @@
+package org.bouncycastle.crypto.test;
+
+import java.util.Random;
+
+import junit.framework.TestCase;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.SkippingStreamCipher;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.ChaChaEngine;
+import org.bouncycastle.crypto.engines.Salsa20Engine;
+import org.bouncycastle.crypto.modes.SICBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+
+public class BigSkippingCipherTest
+    extends TestCase
+{
+    public void testAESCTR()
+        throws Exception
+    {
+        CipherParameters params = new ParametersWithIV(new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")), Hex.decode("00000000000000000000000000000000"));
+        SICBlockCipher linearEngine = new SICBlockCipher(new AESEngine());
+        SICBlockCipher skippingEngine = new SICBlockCipher(new AESEngine());
+        Random random = new Random();
+
+        linearEngine.init(true, params);
+        skippingEngine.init(false, params);
+
+        testCipher(random, linearEngine, skippingEngine);
+
+        byte[] in = Base64.decode("pzVbCyj5JntIYN2Kvzf64/po+gTu/jvnZwU33F7UsfxpWRUDEGIQbArxqCQzEkGAwa4omXJ28WJveJNUQbQ5cBxS2aTt3sV0mrP+cneJ3OZkzo5Lhz0vuXs7Mav9uUzQFrU0DuMyGr1QJnKO0BUal0gLJ0v6YAo2SObDS5A4CTrsAgo0C2UXQmnuGzyYlhm4VoSNotD8auqyQXUrT8c2B/tLIcjyyl8ug1BabL2gAxN7oKbpvW5j2z3IZNZh+AKR4OR47RfjtYglOfgGQB1L5yiL9reuWEsRjbZmcEFfLmAAK0gtcP+0KDXV/DS4NxRx0sC7NkBzSC3uq2RbQOdjygFZ5qrmvwQZgLqlXs2cGiNzqx5CRjAvl83aAWAAerR5T2sHadRckW01oE2ivQixpgdPCGFHLeXoPMlkZ/r1cECYFAGPjMGSG2qnQZ/ZJbStEAZye/11r/dyoUgP+XTc6FDCCQHSdmyQljPHDQm7ioMTTkCf15YWv0kSuKOd4nBlLrGjSl9dsJsVU9TDRCqNExmk+lN3f0p8vr8TVNnir+OtEabOXzjOv6i3PHQZP27ML3Hy9TU1MHx1Q0bLdgi6yIw8lmzzBzok8j5VrCpNf2HmBqtRm1WDeTO9R62OWyaMT/dCT7AzEzP8ClBSq57p69OrlEDoaLXrYvNS3hEw1Lo=");
+        byte[] exp = Base64.decode("JD0KPwMaKvqYZnDgI0rFTCbexg+RRj3UbEPtsf5IDeM3lb5OJ5EMLHXrfknu//XNLE6dV/Jaoz3LuylkfRlMg2/Vvgo6KwXNV3VsUgkEmTpy74NAd9DCh+1EgJYCNbHkT/haaKpPWLqHEIp1/LVKZZgRXc+C4kH02GzqwYkjUZCSrE8GBpiILlHhN+2A14Ltmxe7XZrlnOQx62sBoh+QR2ZCSAhQjMayhnkrIC1qpM8S4vcZbAYOGuVRcmBhGZdvQg+YXUKrx3FS6XS+xF3yMld5iVx2aEzjkmXuDoULLzrppD/5Ed0I2CCFZigBZ3ZFsOGIZw1yTBXLRVroM/xksYaGgQs9arKB3rEBpUV4yUMuYokqz9A4k7jg/6loTFU8SntBzXptrPuKPbEMT/FvJqEsI3yKCndYiRAkTRmHWhNmdjLH9Pw32VYlpbjYzQjPP6Iy055VujucBofsP3/ENK32XNs1I6PzcVrjjRJaBy3dbAB0e7/P7cqnUvKu+dSR7N92VnuDtCaS5ksVMWJOlfLhqLq8umz8+3aIsTj20bfNGzf4aeqkUzv+AezQedVY3gmYBgwv/1ZR3Y9bUATE4ieIwK+gkZBgtANOs2abY+8+of5sQhyfYiWpUrSb+L/7MjaFgBz+b69bD5xl0kes/ySVGBqaqG4jcOr01qGfaLw=");
+        byte[] buf = new byte[512];
+
+        skippingEngine.seekTo(1L << 38);
+
+        skippingEngine.processBytes(in, 0, in.length, buf, 0);
+
+        if (!Arrays.areEqual(buf, exp))
+        {
+            fail("long seek failed");
+        }
+
+        skippingEngine.skip(-(1L << 38) - 512);
+
+        if (skippingEngine.getPosition() != 0)
+        {
+            fail("zero position came back as: " + skippingEngine.getPosition());
+        }
+
+        random.nextBytes(buf);
+
+        byte[] linOut = new byte[512];
+        byte[] skipOut = new byte[512];
+
+        linearEngine.init(true, params);
+
+        linearEngine.processBytes(buf, 0, buf.length, linOut, 0);
+        skippingEngine.processBytes(buf, 0, buf.length, skipOut, 0);
+
+        if (!Arrays.areEqual(linOut, skipOut))
+        {
+            fail("long output mismatch");
+        }
+    }
+
+    public void testSalsa20()
+        throws Exception
+    {
+        CipherParameters params = new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE"));
+        Salsa20Engine linearEngine = new Salsa20Engine();
+        Salsa20Engine skippingEngine = new Salsa20Engine();
+        Random random = new Random();
+
+        linearEngine.init(true, params);
+        skippingEngine.init(false, params);
+
+        testCipher(random, linearEngine, skippingEngine);
+
+        byte[] in = Base64.decode("pzVbCyj5JntIYN2Kvzf64/po+gTu/jvnZwU33F7UsfxpWRUDEGIQbArxqCQzEkGAwa4omXJ28WJveJNUQbQ5cBxS2aTt3sV0mrP+cneJ3OZkzo5Lhz0vuXs7Mav9uUzQFrU0DuMyGr1QJnKO0BUal0gLJ0v6YAo2SObDS5A4CTrsAgo0C2UXQmnuGzyYlhm4VoSNotD8auqyQXUrT8c2B/tLIcjyyl8ug1BabL2gAxN7oKbpvW5j2z3IZNZh+AKR4OR47RfjtYglOfgGQB1L5yiL9reuWEsRjbZmcEFfLmAAK0gtcP+0KDXV/DS4NxRx0sC7NkBzSC3uq2RbQOdjygFZ5qrmvwQZgLqlXs2cGiNzqx5CRjAvl83aAWAAerR5T2sHadRckW01oE2ivQixpgdPCGFHLeXoPMlkZ/r1cECYFAGPjMGSG2qnQZ/ZJbStEAZye/11r/dyoUgP+XTc6FDCCQHSdmyQljPHDQm7ioMTTkCf15YWv0kSuKOd4nBlLrGjSl9dsJsVU9TDRCqNExmk+lN3f0p8vr8TVNnir+OtEabOXzjOv6i3PHQZP27ML3Hy9TU1MHx1Q0bLdgi6yIw8lmzzBzok8j5VrCpNf2HmBqtRm1WDeTO9R62OWyaMT/dCT7AzEzP8ClBSq57p69OrlEDoaLXrYvNS3hEw1Lo=");
+        byte[] exp = Base64.decode("e0bdyXVHsxzA9pZ/htVVPAsAgief6pEyLmdayG09N3GkBZFulTze/He524ETzTGtV7c1yGypTwjwVr+rNWmZs9YeXtYljySAQUbv1il5spmn7+iiwN6H21Keg6r4ciwzR7jhm7Wc0A1GGkh8OLmb2ZAh/fNDXHyL8mbEmLYh5C9n+DCTruTEjtS5TwueaRsUSNkexUgemqOVHxeOD0nZcVARr2AzMW6btNrQycol3+WTvLmbCeAZwcZnfPvZeU3r2UF73o8lP0vOUrOi095H2WZkJIVrAiV/+i4Sb76XXRgFlvWP6RbX9mYApIBhs69+yxp8lmVI0AABAwwV7PNXo+1UK6kzNi5spa32MRDMogP+wDHMyu8nHzLpIv9OTx0CmkZ0XO4Lla3d3UsPGq8g50a6gfrSOa9JHYFjfMzqIY/6SdZxr39Z8jVYiCfWGYplMTSDvfj3whk2J0DnSSdf6k6JstCjIXeMagKjwpcf9r0kq1Q9mAGhdJLqkM2LYHz3CP6GiWbGy5477GKnrhFDOeG1PtLv4YaTLrrjnNngIeeMK0tgkwBhsobVCD1hSs26I9/V+rdFhFb3/a/ob37cfnPmflbC0oOpSKoY6tZEaDp9u2ulNCpLYV6zrn3k9soP4q+sfsmXKMuWU2+rJGvBOEPh9Jo8Z+u7r+1PG+8VgAs=");
+        byte[] buf = new byte[512];
+
+        skippingEngine.seekTo(1L << 38);
+
+        skippingEngine.processBytes(in, 0, in.length, buf, 0);
+
+        if (!Arrays.areEqual(buf, exp))
+        {
+            fail("long seek failed");
+        }
+
+        skippingEngine.skip(-(1L << 38) - 512);
+
+        if (skippingEngine.getPosition() != 0)
+        {
+            fail("zero position came back as: " + skippingEngine.getPosition());
+        }
+
+        random.nextBytes(buf);
+
+        byte[] linOut = new byte[512];
+        byte[] skipOut = new byte[512];
+
+        linearEngine.init(true, params);
+
+        linearEngine.processBytes(buf, 0, buf.length, linOut, 0);
+        skippingEngine.processBytes(buf, 0, buf.length, skipOut, 0);
+
+        if (!Arrays.areEqual(linOut, skipOut))
+        {
+            fail("long output mismatch");
+        }
+    }
+
+    public void testChaCha()
+        throws Exception
+    {
+        CipherParameters params = new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE"));
+        ChaChaEngine linearEngine = new ChaChaEngine();
+        ChaChaEngine skippingEngine = new ChaChaEngine();
+        Random random = new Random();
+
+        linearEngine.init(true, params);
+        skippingEngine.init(false, params);
+
+        testCipher(random, linearEngine, skippingEngine);
+
+        byte[] in = Base64.decode("pzVbCyj5JntIYN2Kvzf64/po+gTu/jvnZwU33F7UsfxpWRUDEGIQbArxqCQzEkGAwa4omXJ28WJveJNUQbQ5cBxS2aTt3sV0mrP+cneJ3OZkzo5Lhz0vuXs7Mav9uUzQFrU0DuMyGr1QJnKO0BUal0gLJ0v6YAo2SObDS5A4CTrsAgo0C2UXQmnuGzyYlhm4VoSNotD8auqyQXUrT8c2B/tLIcjyyl8ug1BabL2gAxN7oKbpvW5j2z3IZNZh+AKR4OR47RfjtYglOfgGQB1L5yiL9reuWEsRjbZmcEFfLmAAK0gtcP+0KDXV/DS4NxRx0sC7NkBzSC3uq2RbQOdjygFZ5qrmvwQZgLqlXs2cGiNzqx5CRjAvl83aAWAAerR5T2sHadRckW01oE2ivQixpgdPCGFHLeXoPMlkZ/r1cECYFAGPjMGSG2qnQZ/ZJbStEAZye/11r/dyoUgP+XTc6FDCCQHSdmyQljPHDQm7ioMTTkCf15YWv0kSuKOd4nBlLrGjSl9dsJsVU9TDRCqNExmk+lN3f0p8vr8TVNnir+OtEabOXzjOv6i3PHQZP27ML3Hy9TU1MHx1Q0bLdgi6yIw8lmzzBzok8j5VrCpNf2HmBqtRm1WDeTO9R62OWyaMT/dCT7AzEzP8ClBSq57p69OrlEDoaLXrYvNS3hEw1Lo=");
+        byte[] exp = Base64.decode("FACFDKSYxFYEOknCBPdfy5elbrDu8FzOImwpczlIk1HWlcbBPHXwHEnVaKrGtmthC7gA1DQJSeobO83KW3YZVkT8fcGnMFbeee6ISs9R4KqekE+Fs8uNWYlqsgT5xrErOC/cmz4B5envQx7EZK5h+fJupYO3vHqVk5/Q6c/v8ndDeBKSDTKA6eyybOwFVIjwJKPfuliu4mJGHphUIsp/OgRPs+VhlMrWXMVwsGzGHy9xZvTz6Xv6GJvrIoONMHh24YGOSt+83cFTepU7ur8anyDaoWzMz/n04eopnQd9TlREwYOZWdF0ZAJ0VZQYEixopmH+mlEZ/Nyw6IDswvyX3Zf/7lyDsM8bv2kz1gXvmQgUMqr6wXrOuJtxaH8aUvLVswCeNZEGFl17FHgwdD2MRzkmhfPRFlTgicd02D/ateBs5B0ORu5CKu3p/RGjU4YE68ONPNEkwkBRm5uGzdezTJmUzdJAEtoIxv1XfE1tytP7U+BpWdP5LY5NlEUo6sNR4O2nlSQJkAOzhoz821hnn1IL6r9DLDHIW40IhStDqc5Hy/8rEZgnnFhIE6pAD1PAGV5oJk/Z/V64bFvGkpD7xuhN5U2Eic7UheB8D227JtQQWTc8GhynlOWbmkYm/koKw+ieraN5IWE/KD2HFqJhxasB9lb3lMGh3zfgBKck5Lo=");
+        byte[] buf = new byte[512];
+
+        skippingEngine.seekTo(1L << 38);
+
+        skippingEngine.processBytes(in, 0, in.length, buf, 0);
+
+        if (!Arrays.areEqual(buf, exp))
+        {
+            fail("long seek failed");
+        }
+
+        skippingEngine.skip(-(1L << 38) - 512);
+
+        if (skippingEngine.getPosition() != 0)
+        {
+            fail("zero position came back as: " + skippingEngine.getPosition());
+        }
+
+        random.nextBytes(buf);
+
+        byte[] linOut = new byte[512];
+        byte[] skipOut = new byte[512];
+
+        linearEngine.init(true, params);
+
+        linearEngine.processBytes(buf, 0, buf.length, linOut, 0);
+        skippingEngine.processBytes(buf, 0, buf.length, skipOut, 0);
+
+        if (!Arrays.areEqual(linOut, skipOut))
+        {
+            fail("long output mismatch");
+        }
+    }
+
+    public void testCipher(Random random, SkippingStreamCipher linearEngine, SkippingStreamCipher skippingEngine)
+        throws Exception
+    {
+        byte[] startDataBuf = new byte[1 << 16];
+        byte[] startEncBuf = new byte[1 << 16];
+        byte[] startSeekBuf = new byte[1 << 16];
+
+        random.nextBytes(startDataBuf);
+
+        linearEngine.processBytes(startDataBuf, 0, startDataBuf.length, startEncBuf, 0);
+
+        byte[] incBuf = new byte[1 << 12];
+        byte[] linearOutBuf = new byte[1 << 12];
+        byte[] seekOutBuf = new byte[1 << 12];
+
+        for (long i = 0; i != 1L << 20; i++)
+        {
+            random.nextBytes(incBuf);
+
+            linearEngine.processBytes(incBuf, 0, incBuf.length, linearOutBuf, 0);
+
+            skippingEngine.seekTo(startDataBuf.length + i * incBuf.length);
+
+            if (skippingEngine.getPosition() != startDataBuf.length + i * incBuf.length)
+            {
+                fail(i + "th position came back as: " + skippingEngine.getPosition());
+            }
+
+            skippingEngine.processBytes(incBuf, 0, incBuf.length, seekOutBuf, 0);
+
+            if (!Arrays.areEqual(linearOutBuf, seekOutBuf))
+            {
+                fail("output mismatch");
+            }
+
+            if (skippingEngine.getPosition() != startDataBuf.length + (i + 1) * incBuf.length)
+            {
+                fail(i + "th + 1 position came back as: " + skippingEngine.getPosition());
+            }
+
+            skippingEngine.skip(-skippingEngine.getPosition());
+
+            if (skippingEngine.getPosition() != 0)
+            {
+                fail("zero position came back as: " + skippingEngine.getPosition());
+            }
+
+            skippingEngine.processBytes(startEncBuf, 0, startEncBuf.length, startSeekBuf, 0);
+
+            if (!Arrays.areEqual(startDataBuf, startSeekBuf))
+            {
+                fail("output mismatch");
+            }
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/BlockCipherMonteCarloTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/BlockCipherMonteCarloTest.java
new file mode 100644
index 0000000..72242c5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/BlockCipherMonteCarloTest.java
@@ -0,0 +1,82 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * a basic test that takes a cipher, key parameter, and an input
+ * and output string. This test wraps the engine in a buffered block
+ * cipher with padding disabled.
+ */
+public class BlockCipherMonteCarloTest
+    extends SimpleTest
+{
+    int                 id;
+    int                 iterations;
+    BlockCipher         engine;
+    CipherParameters    param;
+    byte[]              input;
+    byte[]              output;
+
+    public BlockCipherMonteCarloTest(
+        int                 id,
+        int                 iterations,
+        BlockCipher         engine,
+        CipherParameters    param,
+        String              input,
+        String              output)
+    {
+        this.id = id;
+        this.iterations = iterations;
+        this.engine = engine;
+        this.param = param;
+        this.input = Hex.decode(input);
+        this.output = Hex.decode(output);
+    }
+
+    public String getName()
+    {
+        return engine.getAlgorithmName() + " Monte Carlo Test " + id;
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        BufferedBlockCipher cipher = new BufferedBlockCipher(engine);
+
+        cipher.init(true, param);
+
+        byte[]  out = new byte[input.length];
+
+        System.arraycopy(input, 0, out, 0, out.length);
+
+        for (int i = 0; i != iterations; i++)
+        {
+            int len1 = cipher.processBytes(out, 0, out.length, out, 0);
+
+            cipher.doFinal(out, len1);
+        }
+
+        if (!areEqual(out, output))
+        {
+            fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+        }
+
+        cipher.init(false, param);
+
+        for (int i = 0; i != iterations; i++)
+        {
+            int len1 = cipher.processBytes(out, 0, out.length, out, 0);
+
+            cipher.doFinal(out, len1);
+        }
+
+        if (!areEqual(input, out))
+        {
+            fail("failed reversal");
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/BlockCipherResetTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/BlockCipherResetTest.java
new file mode 100644
index 0000000..a35835b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/BlockCipherResetTest.java
@@ -0,0 +1,206 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.engines.AESLightEngine;
+import org.bouncycastle.crypto.engines.BlowfishEngine;
+import org.bouncycastle.crypto.engines.CAST5Engine;
+import org.bouncycastle.crypto.engines.CAST6Engine;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.engines.NoekeonEngine;
+import org.bouncycastle.crypto.engines.RC6Engine;
+import org.bouncycastle.crypto.engines.SEEDEngine;
+import org.bouncycastle.crypto.engines.SerpentEngine;
+import org.bouncycastle.crypto.engines.TEAEngine;
+import org.bouncycastle.crypto.engines.TwofishEngine;
+import org.bouncycastle.crypto.engines.XTEAEngine;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.GOFBBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
+import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
+import org.bouncycastle.crypto.modes.SICBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test whether block ciphers implement reset contract on init, encrypt/decrypt and reset.
+ */
+public class BlockCipherResetTest
+    extends SimpleTest
+{
+
+    public String getName()
+    {
+        return "Block Cipher Reset";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        // 128 bit block ciphers
+        testReset("AESFastEngine", new AESFastEngine(), new AESFastEngine(), new KeyParameter(new byte[16]));
+        testReset("AESEngine", new AESEngine(), new AESEngine(), new KeyParameter(new byte[16]));
+        testReset("AESLightEngine", new AESLightEngine(), new AESLightEngine(), new KeyParameter(new byte[16]));
+        testReset("Twofish", new TwofishEngine(), new TwofishEngine(), new KeyParameter(new byte[16]));
+        testReset("NoekeonEngine", new NoekeonEngine(), new NoekeonEngine(), new KeyParameter(new byte[16]));
+        testReset("SerpentEngine", new SerpentEngine(), new SerpentEngine(), new KeyParameter(new byte[16]));
+        testReset("SEEDEngine", new SEEDEngine(), new SEEDEngine(), new KeyParameter(new byte[16]));
+        testReset("CAST6Engine", new CAST6Engine(), new CAST6Engine(), new KeyParameter(new byte[16]));
+        testReset("RC6Engine", new RC6Engine(), new RC6Engine(), new KeyParameter(new byte[16]));
+
+        // 64 bit block ciphers
+        testReset("DESEngine", new DESEngine(), new DESEngine(), new KeyParameter(new byte[8]));
+        testReset("BlowfishEngine", new BlowfishEngine(), new BlowfishEngine(), new KeyParameter(new byte[8]));
+        testReset("CAST5Engine", new CAST5Engine(), new CAST5Engine(), new KeyParameter(new byte[8]));
+        testReset("DESedeEngine", new DESedeEngine(), new DESedeEngine(), new KeyParameter(new byte[24]));
+        testReset("TEAEngine", new TEAEngine(), new TEAEngine(), new KeyParameter(new byte[16]));
+        testReset("XTEAEngine", new XTEAEngine(), new XTEAEngine(), new KeyParameter(new byte[16]));
+
+        // primitive block cipher modes (don't reset on processBlock)
+        testModeReset("AES/CBC", new CBCBlockCipher(new AESEngine()), new CBCBlockCipher(new AESEngine()),
+            new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]));
+        testModeReset("AES/SIC", new SICBlockCipher(new AESEngine()), new SICBlockCipher(new AESEngine()),
+            new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]));
+        testModeReset("AES/CFB", new CFBBlockCipher(new AESEngine(), 128), new CFBBlockCipher(new AESEngine(), 128),
+            new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]));
+        testModeReset("AES/OFB", new OFBBlockCipher(new AESEngine(), 128), new OFBBlockCipher(new AESEngine(), 128),
+            new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]));
+        testModeReset("AES/GCTR", new GOFBBlockCipher(new DESEngine()), new GOFBBlockCipher(new DESEngine()),
+            new ParametersWithIV(new KeyParameter(new byte[8]), new byte[8]));
+        testModeReset("AES/OpenPGPCFB", new OpenPGPCFBBlockCipher(new AESEngine()), new OpenPGPCFBBlockCipher(
+            new AESEngine()), new KeyParameter(new byte[16]));
+        testModeReset("AES/PGPCFB", new PGPCFBBlockCipher(new AESEngine(), false), new PGPCFBBlockCipher(
+            new AESEngine(), false), new KeyParameter(new byte[16]));
+
+        // PGPCFB with IV is broken (it's also not a PRP, so probably shouldn't be a BlockCipher)
+        // testModeReset("AES/PGPCFBwithIV", new PGPCFBBlockCipher(new AESEngine(), true), new
+        // PGPCFBBlockCipher(
+        // new AESEngine(), true), new ParametersWithIV(new KeyParameter(new byte[16]), new
+        // byte[16]));
+        // testModeReset("AES/PGPCFBwithIV_NoIV", new PGPCFBBlockCipher(new AESEngine(), true), new
+        // PGPCFBBlockCipher(
+        // new AESEngine(), true), new KeyParameter(new byte[16]));
+
+    }
+
+    private void testModeReset(String test, BlockCipher cipher1, BlockCipher cipher2, CipherParameters params)
+        throws InvalidCipherTextException
+    {
+        testReset(test, false, cipher1, cipher2, params);
+    }
+
+    private void testReset(String test, BlockCipher cipher1, BlockCipher cipher2, CipherParameters params)
+        throws InvalidCipherTextException
+    {
+        testReset(test, true, cipher1, cipher2, params);
+    }
+
+    private void testReset(String test,
+                           boolean testCryptReset,
+                           BlockCipher cipher1,
+                           BlockCipher cipher2,
+                           CipherParameters params)
+        throws InvalidCipherTextException
+    {
+        cipher1.init(true, params);
+
+        byte[] plaintext = new byte[cipher1.getBlockSize()];
+        byte[] ciphertext = new byte[(cipher1.getAlgorithmName().indexOf("PGPCFBwithIV")) > -1 ? 2 * cipher1.getBlockSize() + 2
+            : cipher1.getBlockSize()];
+
+        // Establish baseline answer
+        crypt(cipher1, true, plaintext, ciphertext);
+
+        // Test encryption resets
+        checkReset(test, testCryptReset, cipher1, params, true, plaintext, ciphertext);
+
+        // Test decryption resets with fresh instance
+        cipher2.init(false, params);
+        checkReset(test, testCryptReset, cipher2, params, false, ciphertext, plaintext);
+    }
+
+    private void checkReset(String test,
+                            boolean testCryptReset,
+                            BlockCipher cipher,
+                            CipherParameters params,
+                            boolean encrypt,
+                            byte[] pretext,
+                            byte[] posttext)
+        throws InvalidCipherTextException
+    {
+        // Do initial run
+        byte[] output = new byte[posttext.length];
+        crypt(cipher, encrypt, pretext, output);
+
+        // Check encrypt resets cipher
+        if (testCryptReset)
+        {
+            crypt(cipher, encrypt, pretext, output);
+            if (!Arrays.areEqual(output, posttext))
+            {
+                fail(test + (encrypt ? " encrypt" : " decrypt") + " did not reset cipher.");
+            }
+        }
+
+        // Check init resets data
+        cipher.processBlock(pretext, 0, output, 0);
+        cipher.init(encrypt, params);
+
+        try
+        {
+            crypt(cipher, encrypt, pretext, output);
+        }
+        catch (DataLengthException e)
+        {
+            fail(test + " init did not reset data.");
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(test + " init did not reset data.", new String(Hex.encode(posttext)), new String(Hex.encode(output)));
+        }
+
+        // Check reset resets data
+        cipher.processBlock(pretext, 0, output, 0);
+        cipher.reset();
+
+        try
+        {
+            crypt(cipher, encrypt, pretext, output);
+        }
+        catch (DataLengthException e)
+        {
+            fail(test + " reset did not reset data.");
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(test + " reset did not reset data.");
+        }
+    }
+
+    private static void crypt(BlockCipher cipher1, boolean encrypt, byte[] plaintext, byte[] output)
+        throws InvalidCipherTextException
+    {
+        cipher1.processBlock(plaintext, 0, output, 0);
+        if ((cipher1.getAlgorithmName().indexOf("PGPCFBwithIV") > -1) && !encrypt)
+        {
+            // Process past IV in first block
+            cipher1.processBlock(plaintext, cipher1.getBlockSize(), output, 0);
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new BlockCipherResetTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/BlockCipherVectorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/BlockCipherVectorTest.java
new file mode 100644
index 0000000..36b729c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/BlockCipherVectorTest.java
@@ -0,0 +1,71 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * a basic test that takes a cipher, key parameter, and an input
+ * and output string. This test wraps the engine in a buffered block
+ * cipher with padding disabled.
+ */
+public class BlockCipherVectorTest
+    extends SimpleTest
+{
+    int                 id;
+    BlockCipher         engine;
+    CipherParameters    param;
+    byte[]              input;
+    byte[]              output;
+
+    public BlockCipherVectorTest(
+        int                 id,
+        BlockCipher         engine,
+        CipherParameters    param,
+        String              input,
+        String              output)
+    {
+        this.id = id;
+        this.engine = engine;
+        this.param = param;
+        this.input = Hex.decode(input);
+        this.output = Hex.decode(output);
+    }
+
+    public String getName()
+    {
+        return engine.getAlgorithmName() + " Vector Test " + id;
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        BufferedBlockCipher cipher = new BufferedBlockCipher(engine);
+
+        cipher.init(true, param);
+
+        byte[]  out = new byte[input.length];
+
+        int len1 = cipher.processBytes(input, 0, input.length, out, 0);
+
+        cipher.doFinal(out, len1);
+
+        if (!areEqual(out, output))
+        {
+            fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+        }
+
+        cipher.init(false, param);
+
+        int len2 = cipher.processBytes(output, 0, output.length, out, 0);
+
+        cipher.doFinal(out, len2);
+
+        if (!areEqual(input, out))
+        {
+            fail("failed reversal got " + new String(Hex.encode(out)));
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/BlowfishTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/BlowfishTest.java
new file mode 100644
index 0000000..757788e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/BlowfishTest.java
@@ -0,0 +1,57 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.BlowfishEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * blowfish tester - vectors from http://www.counterpane.com/vectors.txt
+ */
+public class BlowfishTest
+    extends CipherTest
+{
+    static SimpleTest[]  tests = 
+            {
+                new BlockCipherVectorTest(0, new BlowfishEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000")),
+                        "0000000000000000", "4EF997456198DD78"),
+                new BlockCipherVectorTest(1, new BlowfishEngine(),
+                        new KeyParameter(Hex.decode("FFFFFFFFFFFFFFFF")),
+                        "FFFFFFFFFFFFFFFF", "51866FD5B85ECB8A"),
+                new BlockCipherVectorTest(2, new BlowfishEngine(),
+                        new KeyParameter(Hex.decode("3000000000000000")),
+                        "1000000000000001", "7D856F9A613063F2"),
+                new BlockCipherVectorTest(3, new BlowfishEngine(),
+                        new KeyParameter(Hex.decode("1111111111111111")),
+                        "1111111111111111", "2466DD878B963C9D"),
+                new BlockCipherVectorTest(4, new BlowfishEngine(),
+                        new KeyParameter(Hex.decode("0123456789ABCDEF")),
+                        "1111111111111111", "61F9C3802281B096"),
+                new BlockCipherVectorTest(5, new BlowfishEngine(),
+                        new KeyParameter(Hex.decode("FEDCBA9876543210")),
+                        "0123456789ABCDEF", "0ACEAB0FC6A0A28D"),
+                new BlockCipherVectorTest(6, new BlowfishEngine(),
+                        new KeyParameter(Hex.decode("7CA110454A1A6E57")),
+                        "01A1D6D039776742", "59C68245EB05282B"),
+                new BlockCipherVectorTest(7, new BlowfishEngine(),
+                        new KeyParameter(Hex.decode("0131D9619DC1376E")),
+                        "5CD54CA83DEF57DA", "B1B8CC0B250F09A0"),
+            };
+
+    BlowfishTest()
+    {
+        super(tests, new BlowfishEngine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "Blowfish";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new BlowfishTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CAST5Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CAST5Test.java
new file mode 100644
index 0000000..c651d87
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CAST5Test.java
@@ -0,0 +1,44 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.CAST5Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * cast tester - vectors from http://www.ietf.org/rfc/rfc2144.txt
+ */
+public class CAST5Test
+    extends CipherTest
+{
+    static SimpleTest[]  tests = {
+        new BlockCipherVectorTest(0, new CAST5Engine(),
+            new KeyParameter(Hex.decode("0123456712345678234567893456789A")),
+            "0123456789ABCDEF", 
+            "238B4FE5847E44B2"),
+        new BlockCipherVectorTest(0, new CAST5Engine(),
+            new KeyParameter(Hex.decode("01234567123456782345")),
+            "0123456789ABCDEF", 
+            "EB6A711A2C02271B"),
+        new BlockCipherVectorTest(0, new CAST5Engine(),
+            new KeyParameter(Hex.decode("0123456712")),
+            "0123456789ABCDEF", 
+            "7Ac816d16E9B302E"),
+            };
+
+    CAST5Test()
+    {
+        super(tests, new CAST5Engine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "CAST5";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new CAST5Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CAST6Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CAST6Test.java
new file mode 100644
index 0000000..ef035a5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CAST6Test.java
@@ -0,0 +1,44 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.CAST6Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * cast6 tester - vectors from http://www.ietf.org/rfc/rfc2612.txt
+ */
+public class CAST6Test
+    extends CipherTest
+{
+    static SimpleTest[]  tests = {
+        new BlockCipherVectorTest(0, new CAST6Engine(),
+            new KeyParameter(Hex.decode("2342bb9efa38542c0af75647f29f615d")),
+            "00000000000000000000000000000000", 
+            "c842a08972b43d20836c91d1b7530f6b"),
+        new BlockCipherVectorTest(0, new CAST6Engine(),
+            new KeyParameter(Hex.decode("2342bb9efa38542cbed0ac83940ac298bac77a7717942863")),
+            "00000000000000000000000000000000", 
+            "1b386c0210dcadcbdd0e41aa08a7a7e8"),
+        new BlockCipherVectorTest(0, new CAST6Engine(),
+            new KeyParameter(Hex.decode("2342bb9efa38542cbed0ac83940ac2988d7c47ce264908461cc1b5137ae6b604")),
+            "00000000000000000000000000000000", 
+            "4f6a2038286897b9c9870136553317fa")
+            };
+
+    CAST6Test()
+    {
+        super(tests, new CAST6Engine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "CAST6";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new CAST6Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CCMTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CCMTest.java
new file mode 100644
index 0000000..2bbfe2a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CCMTest.java
@@ -0,0 +1,305 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.modes.CCMBlockCipher;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * First four test vectors from
+ * NIST Special Publication 800-38C.
+ */
+public class CCMTest
+    extends SimpleTest
+{
+    private byte[] K1 = Hex.decode("404142434445464748494a4b4c4d4e4f");
+    private byte[] N1 = Hex.decode("10111213141516");
+    private byte[] A1 = Hex.decode("0001020304050607");
+    private byte[] P1 = Hex.decode("20212223");
+    private byte[] C1 = Hex.decode("7162015b4dac255d");
+    private byte[] T1 = Hex.decode("6084341b");
+
+    private byte[] K2 = Hex.decode("404142434445464748494a4b4c4d4e4f");
+    private byte[] N2 = Hex.decode("1011121314151617");
+    private byte[] A2 = Hex.decode("000102030405060708090a0b0c0d0e0f");
+    private byte[] P2 = Hex.decode("202122232425262728292a2b2c2d2e2f");
+    private byte[] C2 = Hex.decode("d2a1f0e051ea5f62081a7792073d593d1fc64fbfaccd");
+    private byte[] T2 = Hex.decode("7f479ffca464");
+
+    private byte[] K3 = Hex.decode("404142434445464748494a4b4c4d4e4f");
+    private byte[] N3 = Hex.decode("101112131415161718191a1b");
+    private byte[] A3 = Hex.decode("000102030405060708090a0b0c0d0e0f10111213");
+    private byte[] P3 = Hex.decode("202122232425262728292a2b2c2d2e2f3031323334353637");
+    private byte[] C3 = Hex.decode("e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5484392fbc1b09951");
+    private byte[] T3 = Hex.decode("67c99240c7d51048");
+
+    private byte[] K4 = Hex.decode("404142434445464748494a4b4c4d4e4f");
+    private byte[] N4 = Hex.decode("101112131415161718191a1b1c");
+    private byte[] A4 = Hex.decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
+    private byte[] P4 = Hex.decode("202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f");
+    private byte[] C4 = Hex.decode("69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72b4ac6bec93e8598e7f0dadbcea5b");
+    private byte[] T4 = Hex.decode("f4dd5d0ee404617225ffe34fce91");
+
+    //
+    // long data vector
+    //
+    private byte[] C5 = Hex.decode("49b17d8d3ea4e6174a48e2b65e6d8b417ac0dd3f8ee46ce4a4a2a509661cef52528c1cd9805333a5cfd482fa3f095a3c2fdd1cc47771c5e55fddd60b5c8d6d3fa5c8dd79d08b16242b6642106e7c0c28bd1064b31e6d7c9800c8397dbc3fa8071e6a38278b386c18d65d39c6ad1ef9501a5c8f68d38eb6474799f3cc898b4b9b97e87f9c95ce5c51bc9d758f17119586663a5684e0a0daf6520ec572b87473eb141d10471e4799ded9e607655402eca5176bbf792ef39dd135ac8d710da8e9e854fd3b95c681023f36b5ebe2fb213d0b62dd6e9e3cfe190b792ccb20c53423b2dca128f861a61d306910e1af418839467e466f0ec361d2539eedd99d4724f1b51c07beb40e875a87491ec8b27cd1");
+    private byte[] T5 = Hex.decode("5c768856796b627b13ec8641581b");
+
+    public void performTest()
+        throws Exception
+    {
+        CCMBlockCipher ccm = new CCMBlockCipher(new AESEngine());
+
+        checkVectors(0, ccm, K1, 32, N1, A1, P1, T1, C1);
+        checkVectors(1, ccm, K2, 48, N2, A2, P2, T2, C2);
+        checkVectors(2, ccm, K3, 64, N3, A3, P3, T3, C3);
+
+        ivParamTest(0, ccm, K1, N1);
+
+        //
+        // 4 has a reduced associated text which needs to be replicated
+        //
+        byte[] a4 = new byte[65536]; // 524288 / 8
+
+        for (int i = 0; i < a4.length; i += A4.length)
+        {
+            System.arraycopy(A4, 0, a4, i, A4.length);
+        }
+
+        checkVectors(3, ccm, K4, 112, N4, a4, P4, T4, C4);
+
+        //
+        // long data test
+        //
+        checkVectors(4, ccm, K4, 112, N4, A4, A4, T5, C5);
+
+        // decryption with output specified, non-zero offset.
+        ccm.init(false, new AEADParameters(new KeyParameter(K2), 48, N2, A2));
+
+        byte[] inBuf = new byte[C2.length + 10];
+        byte[] outBuf = new byte[ccm.getOutputSize(C2.length) + 10];
+
+        System.arraycopy(C2, 0, inBuf, 10, C2.length);
+
+        int len = ccm.processPacket(inBuf, 10, C2.length, outBuf, 10);
+        byte[] out = ccm.processPacket(C2, 0, C2.length);
+
+        if (len != out.length || !isEqual(out, outBuf, 10))
+        {
+            fail("decryption output incorrect");
+        }
+
+        // encryption with output specified, non-zero offset.
+        ccm.init(true, new AEADParameters(new KeyParameter(K2), 48, N2, A2));
+
+        int inLen = len;
+        inBuf = outBuf;
+        outBuf = new byte[ccm.getOutputSize(inLen) + 10];
+
+        len = ccm.processPacket(inBuf, 10, inLen, outBuf, 10);
+        out = ccm.processPacket(inBuf, 10, inLen);
+
+        if (len != out.length || !isEqual(out, outBuf, 10))
+        {
+            fail("encryption output incorrect");
+        }
+
+        //
+        // exception tests
+        //
+
+        try
+        {
+            ccm.init(false, new AEADParameters(new KeyParameter(K1), 32, N2, A2));
+
+            ccm.processPacket(C2, 0, C2.length);
+
+            fail("invalid cipher text not picked up");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            // expected
+        }
+
+        try
+        {
+            ccm = new CCMBlockCipher(new DESEngine());
+
+            fail("incorrect block size not picked up");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+
+        try
+        {
+            ccm.init(false, new KeyParameter(K1));
+
+            fail("illegal argument not picked up");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+
+        AEADTestUtil.testReset(this, new CCMBlockCipher(new AESEngine()), new CCMBlockCipher(new AESEngine()), new AEADParameters(new KeyParameter(K1), 32, N2));
+        AEADTestUtil.testTampering(this, ccm, new AEADParameters(new KeyParameter(K1), 32, N2));
+        AEADTestUtil.testOutputSizes(this, new CCMBlockCipher(new AESEngine()), new AEADParameters(
+                new KeyParameter(K1), 32, N2));
+        AEADTestUtil.testBufferSizeChecks(this, new CCMBlockCipher(new AESEngine()), new AEADParameters(
+                new KeyParameter(K1), 32, N2));
+    }
+
+    private boolean isEqual(byte[] exp, byte[] other, int off)
+    {
+        for (int i = 0; i != exp.length; i++)
+        {
+            if (exp[i] != other[off + i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private void checkVectors(
+        int count,
+        CCMBlockCipher ccm,
+        byte[] k,
+        int macSize,
+        byte[] n,
+        byte[] a,
+        byte[] p,
+        byte[] t,
+        byte[] c)
+        throws InvalidCipherTextException
+    {
+        byte[] fa = new byte[a.length / 2];
+        byte[] la = new byte[a.length - (a.length / 2)];
+        System.arraycopy(a, 0, fa, 0, fa.length);
+        System.arraycopy(a, fa.length, la, 0, la.length);
+
+        checkVectors(count, ccm, "all initial associated data", k, macSize, n, a, null, p, t, c);
+        checkVectors(count, ccm, "subsequent associated data", k, macSize, n, null, a, p, t, c);
+        checkVectors(count, ccm, "split associated data", k, macSize, n, fa, la, p, t, c);
+        checkVectors(count, ccm, "reuse key", null, macSize, n, fa, la, p, t, c);
+    }
+
+    private void checkVectors(
+        int count,
+        CCMBlockCipher ccm,
+        String additionalDataType,
+        byte[] k,
+        int macSize,
+        byte[] n,
+        byte[] a,
+        byte[] sa,
+        byte[] p,
+        byte[] t,
+        byte[] c)
+        throws InvalidCipherTextException
+    {
+        KeyParameter keyParam = (k == null) ? null : new KeyParameter(k);
+
+        ccm.init(true, new AEADParameters(keyParam, macSize, n, a));
+
+        byte[] enc = new byte[c.length];
+
+        if (sa != null)
+        {
+            ccm.processAADBytes(sa, 0, sa.length);
+        }
+
+        int len = ccm.processBytes(p, 0, p.length, enc, 0);
+
+        len += ccm.doFinal(enc, len);
+
+        if (!areEqual(c, enc))
+        {
+            fail("encrypted stream fails to match in test " + count + " with " + additionalDataType);
+        }
+
+        ccm.init(false, new AEADParameters(keyParam, macSize, n, a));
+
+        byte[] tmp = new byte[enc.length];
+
+        if (sa != null)
+        {
+            ccm.processAADBytes(sa, 0, sa.length);
+        }
+
+        len = ccm.processBytes(enc, 0, enc.length, tmp, 0);
+
+        len += ccm.doFinal(tmp, len);
+
+        byte[] dec = new byte[len];
+
+        System.arraycopy(tmp, 0, dec, 0, len);
+
+        if (!areEqual(p, dec))
+        {
+            fail("decrypted stream fails to match in test " + count + " with " + additionalDataType,
+                    new String(Hex.encode(p)), new String(Hex.encode(dec)));
+        }
+
+        if (!areEqual(t, ccm.getMac()))
+        {
+            fail("MAC fails to match in test " + count + " with " + additionalDataType);
+        }
+    }
+
+    private void ivParamTest(
+        int count,
+        CCMBlockCipher ccm,
+        byte[] k,
+        byte[] n)
+        throws InvalidCipherTextException
+    {
+        byte[] p = Strings.toByteArray("hello world!!");
+
+        ccm.init(true, new ParametersWithIV(new KeyParameter(k), n));
+
+        byte[] enc = new byte[p.length + 8];
+
+        int len = ccm.processBytes(p, 0, p.length, enc, 0);
+
+        len += ccm.doFinal(enc, len);
+
+        ccm.init(false, new ParametersWithIV(new KeyParameter(k), n));
+
+        byte[] tmp = new byte[enc.length];
+
+        len = ccm.processBytes(enc, 0, enc.length, tmp, 0);
+
+        len += ccm.doFinal(tmp, len);
+
+        byte[] dec = new byte[len];
+
+        System.arraycopy(tmp, 0, dec, 0, len);
+
+        if (!areEqual(p, dec))
+        {
+            fail("decrypted stream fails to match in test " + count);
+        }
+    }
+
+    public String getName()
+    {
+        return "CCM";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new CCMTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CMacTest.java
new file mode 100644
index 0000000..720f8ea
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CMacTest.java
@@ -0,0 +1,321 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.macs.CMac;
+import org.bouncycastle.crypto.macs.CMacWithIV;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * CMAC tester - <a href="http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/tv/omac1-tv.txt">Official Test Vectors</a>.
+ */
+public class CMacTest
+    extends SimpleTest
+{
+    private static final byte[] keyBytes128 = Hex.decode("2b7e151628aed2a6abf7158809cf4f3c");
+    private static final byte[] keyBytes192 = Hex.decode(
+              "8e73b0f7da0e6452c810f32b809079e5"
+            + "62f8ead2522c6b7b");
+    private static final byte[] keyBytes256 = Hex.decode(
+              "603deb1015ca71be2b73aef0857d7781"
+            + "1f352c073b6108d72d9810a30914dff4");
+
+    private static final byte[] input0 = Hex.decode("");
+    private static final byte[] input16 = Hex.decode("6bc1bee22e409f96e93d7e117393172a");
+    private static final byte[] input40 = Hex.decode(
+              "6bc1bee22e409f96e93d7e117393172a"
+            + "ae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411");
+    private static final byte[] input64 = Hex.decode(
+              "6bc1bee22e409f96e93d7e117393172a"
+            + "ae2d8a571e03ac9c9eb76fac45af8e51"
+            + "30c81c46a35ce411e5fbc1191a0a52ef"
+            + "f69f2445df4f9b17ad2b417be66c3710");
+
+    private static final byte[] output_k128_m0 = Hex.decode("bb1d6929e95937287fa37d129b756746");
+    private static final byte[] output_k128_m16 = Hex.decode("070a16b46b4d4144f79bdd9dd04a287c");
+    private static final byte[] output_k128_m40 = Hex.decode("dfa66747de9ae63030ca32611497c827");
+    private static final byte[] output_k128_m64 = Hex.decode("51f0bebf7e3b9d92fc49741779363cfe");
+
+    private static final byte[] output_k192_m0 = Hex.decode("d17ddf46adaacde531cac483de7a9367");
+    private static final byte[] output_k192_m16 = Hex.decode("9e99a7bf31e710900662f65e617c5184");
+    private static final byte[] output_k192_m40 = Hex.decode("8a1de5be2eb31aad089a82e6ee908b0e");
+    private static final byte[] output_k192_m64 = Hex.decode("a1d5df0eed790f794d77589659f39a11");
+
+    private static final byte[] output_k256_m0 = Hex.decode("028962f61b7bf89efc6b551f4667d983");
+    private static final byte[] output_k256_m16 = Hex.decode("28a7023f452e8f82bd4bf28d8c37c35c");
+    private static final byte[] output_k256_m40 = Hex.decode("aaf3d8f1de5640c232f5b169b9c911e6");
+    private static final byte[] output_k256_m64 = Hex.decode("e1992190549f6ed5696a2c056c315410");
+
+    public CMacTest()
+    {
+    }
+
+    public void performTest()
+    {
+        BlockCipher cipher = new AESFastEngine();
+        Mac mac = new CMac(cipher, 128);
+
+        //128 bytes key
+
+        KeyParameter key = new KeyParameter(keyBytes128);
+
+        // 0 bytes message - 128 bytes key
+        mac.init(key);
+
+        mac.update(input0, 0, input0.length);
+
+        byte[] out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k128_m0))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k128_m0))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // 16 bytes message - 128 bytes key
+        mac.init(key);
+
+        mac.update(input16, 0, input16.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k128_m16))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k128_m16))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // 40 bytes message - 128 bytes key
+        mac.init(key);
+
+        mac.update(input40, 0, input40.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k128_m40))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k128_m40))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // 64 bytes message - 128 bytes key
+        mac.init(key);
+
+        mac.update(input64, 0, input64.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k128_m64))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k128_m64))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        //192 bytes key
+
+        key = new KeyParameter(keyBytes192);
+
+        // 0 bytes message - 192 bytes key
+        mac.init(key);
+
+        mac.update(input0, 0, input0.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k192_m0))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k192_m0))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // 16 bytes message - 192 bytes key
+        mac.init(key);
+
+        mac.update(input16, 0, input16.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k192_m16))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k192_m16))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // 40 bytes message - 192 bytes key
+        mac.init(key);
+
+        mac.update(input40, 0, input40.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k192_m40))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k192_m40))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // 64 bytes message - 192 bytes key
+        mac.init(key);
+
+        mac.update(input64, 0, input64.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k192_m64))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k192_m64))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        //256 bytes key
+
+        key = new KeyParameter(keyBytes256);
+
+        // 0 bytes message - 256 bytes key
+        mac.init(key);
+
+        mac.update(input0, 0, input0.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k256_m0))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k256_m0))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // 16 bytes message - 256 bytes key
+        mac.init(key);
+
+        mac.update(input16, 0, input16.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k256_m16))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k256_m16))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // 40 bytes message - 256 bytes key
+        mac.init(key);
+
+        mac.update(input40, 0, input40.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k256_m40))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k256_m40))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // 64 bytes message - 256 bytes key
+        mac.init(key);
+
+        mac.update(input64, 0, input64.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k256_m64))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k256_m64))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        // CMAC with IV
+        // 16 bytes message - 256 bytes key
+        mac = new CMacWithIV(new AESFastEngine());
+
+        mac.init(key);
+
+        mac.update(input16, 0, input16.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output_k256_m16))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output_k256_m16))
+                + " got " + new String(Hex.encode(out)));
+        }
+
+                // CMAC with IV
+        // 16 bytes message - 256 bytes key
+        mac = new CMacWithIV(new AESFastEngine());
+
+        mac.init(new ParametersWithIV(key, Hex.decode("000102030405060708090a0b0c0d0e0f")));
+
+        mac.update(input16, 0, input16.length);
+
+        out = new byte[16];
+
+        mac.doFinal(out, 0);
+
+        if (areEqual(out, output_k256_m16))
+        {
+            fail("Failed - got " + new String(Hex.encode(output_k256_m16)));
+        }
+
+        if (!areEqual(out, Hex.decode("9347a60c64061b9ff2a92522ca8e08fc")))
+        {
+            fail("Failed - expected " + "9347a60c64061b9ff2a92522ca8e08fc"
+                + " got " + new String(Hex.encode(out)));
+        }
+
+        testExceptions();
+    }
+
+    private void testExceptions()
+    {
+        try 
+        {
+            CMac mac = new CMac(new AESEngine());
+            mac.init(new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]));
+            fail("CMac does not accept IV");
+        } catch(IllegalArgumentException e)
+        {
+            // Expected
+        }
+    }
+
+    public String getName()
+    {
+        return "CMac";
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new CMacTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CTSTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CTSTest.java
new file mode 100644
index 0000000..28fcc20
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CTSTest.java
@@ -0,0 +1,212 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.engines.SkipjackEngine;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CTSBlockCipher;
+import org.bouncycastle.crypto.modes.OldCTSBlockCipher;
+import org.bouncycastle.crypto.modes.SICBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * CTS tester
+ */
+public class CTSTest
+    extends SimpleTest
+{
+    static byte[]   in1 = Hex.decode("4e6f7720697320746865207420");
+    static byte[]   in2 = Hex.decode("000102030405060708090a0b0c0d0e0fff0102030405060708090a0b0c0d0e0f0aaa");
+    static byte[]   out1 = Hex.decode("9952f131588465033fa40e8a98");
+    static byte[]   out2 = Hex.decode("358f84d01eb42988dc34efb994");
+    static byte[]   out3 = Hex.decode("170171cfad3f04530c509b0c1f0be0aefbd45a8e3755a873bff5ea198504b71683c6");
+    
+    private void testCTS(
+        int                 id,
+        BlockCipher         cipher,
+        CipherParameters    params,
+        byte[]              input,
+        byte[]              output)
+        throws Exception
+    {
+        byte[]                  out = new byte[input.length];
+        BufferedBlockCipher     engine = new CTSBlockCipher(cipher);
+
+        engine.init(true, params);
+
+        int len = engine.processBytes(input, 0, input.length, out, 0);
+
+        engine.doFinal(out, len);
+
+        if (!areEqual(output, out))
+        {
+            fail("failed encryption expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+        }
+
+        engine.init(false, params);
+
+        len = engine.processBytes(output, 0, output.length, out, 0);
+
+        engine.doFinal(out, len);
+
+        if (!areEqual(input, out))
+        {
+            fail("failed decryption expected " + new String(Hex.encode(input)) + " got " + new String(Hex.encode(out)));
+        }
+    }
+
+    private void testOldCTS(
+            int                 id,
+            BlockCipher         cipher,
+            CipherParameters    params,
+            byte[]              input,
+            byte[]              output)
+    throws Exception
+    {
+        byte[]                  out = new byte[input.length];
+        BufferedBlockCipher     engine = new OldCTSBlockCipher(cipher);
+
+        engine.init(true, params);
+
+        int len = engine.processBytes(input, 0, input.length, out, 0);
+
+        engine.doFinal(out, len);
+
+        if (!areEqual(output, out))
+        {
+            fail("failed encryption expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+        }
+
+        engine.init(false, params);
+
+        len = engine.processBytes(output, 0, output.length, out, 0);
+
+        engine.doFinal(out, len);
+
+        if (!areEqual(input, out))
+        {
+            fail("failed decryption expected " + new String(Hex.encode(input)) + " got " + new String(Hex.encode(out)));
+        }
+    }
+
+    private void testExceptions() throws InvalidCipherTextException
+    {
+        BufferedBlockCipher engine = new CTSBlockCipher(new DESEngine());
+        CipherParameters params = new KeyParameter(new byte[engine.getBlockSize()]);
+        engine.init(true, params);
+
+        byte[] out = new byte[engine.getOutputSize(engine.getBlockSize())];
+        
+        engine.processBytes(new byte[engine.getBlockSize() - 1], 0, engine.getBlockSize() - 1, out, 0);
+        try 
+        {
+            engine.doFinal(out, 0);
+            fail("Expected CTS encrypt error on < 1 block input");
+        } catch(DataLengthException e)
+        {
+            // Expected
+        }
+
+        engine.init(true, params);
+        engine.processBytes(new byte[engine.getBlockSize()], 0, engine.getBlockSize(), out, 0);
+        try 
+        {
+            engine.doFinal(out, 0);
+        } catch(DataLengthException e)
+        {
+            fail("Unexpected CTS encrypt error on == 1 block input");
+        }
+
+        engine.init(false, params);
+        engine.processBytes(new byte[engine.getBlockSize() - 1], 0, engine.getBlockSize() - 1, out, 0);
+        try 
+        {
+            engine.doFinal(out, 0);
+            fail("Expected CTS decrypt error on < 1 block input");
+        } catch(DataLengthException e)
+        {
+            // Expected
+        }
+
+        engine.init(false, params);
+        engine.processBytes(new byte[engine.getBlockSize()], 0, engine.getBlockSize(), out, 0);
+        try 
+        {
+            engine.doFinal(out, 0);
+        } catch(DataLengthException e)
+        {
+            fail("Unexpected CTS decrypt error on == 1 block input");
+        }
+
+        try 
+        {
+            new CTSBlockCipher(new SICBlockCipher(new AESEngine()));
+            fail("Expected CTS construction error - only ECB/CBC supported.");
+        } catch(IllegalArgumentException e)
+        {
+            // Expected
+        }
+
+    }
+
+    public String getName()
+    {
+        return "CTS";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        byte[]  key1 = { (byte)0x01, (byte)0x23, (byte)0x45, (byte)0x67, (byte)0x89, (byte)0xAB, (byte)0xCD, (byte)0xEF };
+        byte[]  key2 = { (byte)0x01, (byte)0x23, (byte)0x45, (byte)0x67, (byte)0x89, (byte)0xAB, (byte)0xCD, (byte)0xEF, (byte)0xee, (byte)0xff  };
+        byte[]  iv = { 1, 2, 3, 4, 5, 6, 7, 8 };
+
+        testCTS(1, new DESEngine(), new KeyParameter(key1), in1, out1);
+        testCTS(2, new CBCBlockCipher(new DESEngine()), new ParametersWithIV(new KeyParameter(key1), iv), in1, out2);
+        testCTS(3, new CBCBlockCipher(new SkipjackEngine()), new ParametersWithIV(new KeyParameter(key2), iv), in2, out3);
+
+        //
+        // test vectors from rfc3962
+        //
+        byte[] aes128 = Hex.decode("636869636b656e207465726979616b69");
+        byte[] aesIn1  = Hex.decode("4920776f756c64206c696b652074686520");
+        byte[] aesOut1 = Hex.decode("c6353568f2bf8cb4d8a580362da7ff7f97");
+        byte[] aesIn2  = Hex.decode("4920776f756c64206c696b65207468652047656e6572616c20476175277320");
+        byte[] aesOut2 = Hex.decode("fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5");
+        byte[] aesIn3  = Hex.decode("4920776f756c64206c696b65207468652047656e6572616c2047617527732043");
+        byte[] aesOut3 = Hex.decode("39312523a78662d5be7fcbcc98ebf5a897687268d6ecccc0c07b25e25ecfe584");
+
+        testCTS(4, new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(aes128), new byte[16]), aesIn1, aesOut1);
+        testCTS(5, new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(aes128), new byte[16]), aesIn2, aesOut2);
+        testCTS(6, new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(aes128), new byte[16]), aesIn3, aesOut3);
+
+        testOldCTS(4, new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(aes128), new byte[16]), aesIn1, aesOut1);
+        testOldCTS(5, new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(aes128), new byte[16]), aesIn2, aesOut2);
+        testOldCTS(6, new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(aes128), new byte[16]), aesIn3, aesOut3);
+
+        byte[] aes1Block = Hex.decode("4920776f756c64206c696b6520746865");
+        byte[] preErrata = Hex.decode("e7664c13ff28c965b0d2a0e7ec353706");   // CTS style one block
+        byte[] pstErrata = Hex.decode("97687268d6ecccc0c07b25e25ecfe584");   // CBC style one block
+        byte[] pstErrataNonZeroIV = Hex.decode("571f5108c53fe95ab52df783df933fa3");
+
+        testCTS(7, new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(aes128), new byte[16]), aes1Block, pstErrata);
+        testCTS(8, new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(aes128), aes1Block), aes1Block, pstErrataNonZeroIV);
+        testOldCTS(7, new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(aes128), new byte[16]), aes1Block, preErrata);
+
+        testExceptions();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new CTSTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CamelliaLightTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CamelliaLightTest.java
new file mode 100644
index 0000000..6198ce6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CamelliaLightTest.java
@@ -0,0 +1,66 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.CamelliaLightEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Camellia tester - vectors from https://www.cosic.esat.kuleuven.be/nessie/testvectors/ and RFC 3713
+ */
+public class CamelliaLightTest
+    extends CipherTest
+{
+    static SimpleTest[] tests =
+        {
+            new BlockCipherVectorTest(0, new CamelliaLightEngine(),
+                new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                "80000000000000000000000000000000", "07923A39EB0A817D1C4D87BDB82D1F1C"),
+            new BlockCipherVectorTest(1, new CamelliaLightEngine(),
+                new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                "00000000000000000000000000000000", "6C227F749319A3AA7DA235A9BBA05A2C"),
+            new BlockCipherVectorTest(2, new CamelliaLightEngine(),
+                new KeyParameter(Hex.decode("0123456789abcdeffedcba9876543210")),
+                "0123456789abcdeffedcba9876543210", "67673138549669730857065648eabe43"),
+            //
+            // 192 bit
+            //
+            new BlockCipherVectorTest(3, new CamelliaLightEngine(),
+                new KeyParameter(Hex.decode("0123456789abcdeffedcba98765432100011223344556677")),
+                "0123456789abcdeffedcba9876543210", "b4993401b3e996f84ee5cee7d79b09b9"),
+            new BlockCipherVectorTest(4, new CamelliaLightEngine(),
+                new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                "00040000000000000000000000000000", "9BCA6C88B928C1B0F57F99866583A9BC"),
+            new BlockCipherVectorTest(5, new CamelliaLightEngine(),
+                new KeyParameter(Hex.decode("949494949494949494949494949494949494949494949494")),
+                "636EB22D84B006381235641BCF0308D2", "94949494949494949494949494949494"),
+            //
+            // 256 bit
+            //
+            new BlockCipherVectorTest(6, new CamelliaLightEngine(),
+                new KeyParameter(Hex.decode("0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff")),
+                "0123456789abcdeffedcba9876543210", "9acc237dff16d76c20ef7c919e3a7509"),
+            new BlockCipherVectorTest(7, new CamelliaLightEngine(),
+                new KeyParameter(Hex.decode("4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A")),
+                "057764FE3A500EDBD988C5C3B56CBA9A", "4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A"),
+            new BlockCipherVectorTest(8, new CamelliaLightEngine(),
+                new KeyParameter(Hex.decode("0303030303030303030303030303030303030303030303030303030303030303")),
+                "7968B08ABA92193F2295121EF8D75C8A", "03030303030303030303030303030303"),
+        };
+
+    CamelliaLightTest()
+    {
+        super(tests, new CamelliaLightEngine(), new KeyParameter(new byte[32]));
+    }
+
+    public String getName()
+    {
+        return "CamelliaLight";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new CamelliaLightTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CamelliaTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CamelliaTest.java
new file mode 100644
index 0000000..e69a82a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CamelliaTest.java
@@ -0,0 +1,70 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.CamelliaEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * Camellia tester - vectors from https://www.cosic.esat.kuleuven.be/nessie/testvectors/ and RFC 3713
+ */
+public class CamelliaTest
+    extends CipherTest
+{
+    static SimpleTest[]  tests = 
+            {
+                new BlockCipherVectorTest(0, new CamelliaEngine(),
+                    new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                    "80000000000000000000000000000000", "07923A39EB0A817D1C4D87BDB82D1F1C"),
+                new BlockCipherVectorTest(1, new CamelliaEngine(),
+                    new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                    "00000000000000000000000000000000", "6C227F749319A3AA7DA235A9BBA05A2C"),
+                new BlockCipherVectorTest(2, new CamelliaEngine(),
+                        new KeyParameter(Hex.decode("0123456789abcdeffedcba9876543210")),
+                        "0123456789abcdeffedcba9876543210", "67673138549669730857065648eabe43"),
+                //
+                // 192 bit
+                //
+                new BlockCipherVectorTest(3, new CamelliaEngine(),
+                        new KeyParameter(Hex.decode("0123456789abcdeffedcba98765432100011223344556677")),
+                        "0123456789abcdeffedcba9876543210", "b4993401b3e996f84ee5cee7d79b09b9"),
+                new BlockCipherVectorTest(4, new CamelliaEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "00040000000000000000000000000000", "9BCA6C88B928C1B0F57F99866583A9BC"),
+                new BlockCipherVectorTest(5, new CamelliaEngine(),
+                        new KeyParameter(Hex.decode("949494949494949494949494949494949494949494949494")),
+                        "636EB22D84B006381235641BCF0308D2", "94949494949494949494949494949494"),
+                //
+                // 256 bit
+                //
+                new BlockCipherVectorTest(6, new CamelliaEngine(),
+                    new KeyParameter(Hex.decode("0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff")),
+                    "0123456789abcdeffedcba9876543210", "9acc237dff16d76c20ef7c919e3a7509"),
+                new BlockCipherVectorTest(7, new CamelliaEngine(),
+                        new KeyParameter(Hex.decode("4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A")),
+                        "057764FE3A500EDBD988C5C3B56CBA9A", "4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A"),
+                new BlockCipherVectorTest(8, new CamelliaEngine(),
+                        new KeyParameter(Hex.decode("0303030303030303030303030303030303030303030303030303030303030303")),
+                        "7968B08ABA92193F2295121EF8D75C8A", "03030303030303030303030303030303"),
+            };
+
+    CamelliaTest()
+    {
+        super(tests, new CamelliaEngine(), new KeyParameter(new byte[32]));
+    }
+
+    public String getName()
+    {
+        return "Camellia";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        CamelliaTest    test = new CamelliaTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ChaChaTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ChaChaTest.java
new file mode 100644
index 0000000..45c063f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ChaChaTest.java
@@ -0,0 +1,403 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.engines.ChaChaEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * ChaCha Test
+ * <p>
+ * Test cases generated using ref version of ChaCha20 in estreambench-20080905.
+ */
+public class ChaChaTest
+    extends SimpleTest
+{
+    byte[] zeroes = Hex.decode(
+          "00000000000000000000000000000000"
+        + "00000000000000000000000000000000"
+        + "00000000000000000000000000000000"
+        + "00000000000000000000000000000000");
+
+    String set1v0_0 = "FBB87FBB8395E05DAA3B1D683C422046"
+        + "F913985C2AD9B23CFC06C1D8D04FF213"
+        + "D44A7A7CDB84929F915420A8A3DC58BF"
+        + "0F7ECB4B1F167BB1A5E6153FDAF4493D";
+
+    String set1v0_192 = "D9485D55B8B82D792ED1EEA8E93E9BC1"
+        + "E2834AD0D9B11F3477F6E106A2F6A5F2"
+        + "EA8244D5B925B8050EAB038F58D4DF57"
+        + "7FAFD1B89359DAE508B2B10CBD6B488E";
+
+    String set1v0_256 = "08661A35D6F02D3D9ACA8087F421F7C8"
+        + "A42579047D6955D937925BA21396DDD4"
+        + "74B1FC4ACCDCAA33025B4BCE817A4FBF"
+        + "3E5D07D151D7E6FE04934ED466BA4779";
+
+    String set1v0_448 = "A7E16DD38BA48CCB130E5BE9740CE359"
+        + "D631E91600F85C8A5D0785A612D1D987"
+        + "90780ACDDC26B69AB106CCF6D866411D"
+        + "10637483DBF08CC5591FD8B3C87A3AE0";
+
+    String set1v9_0 = "A276339F99316A913885A0A4BE870F06"
+        + "91E72B00F1B3F2239F714FE81E88E00C"
+        + "BBE52B4EBBE1EA15894E29658C4CB145"
+        + "E6F89EE4ABB045A78514482CE75AFB7C";
+
+    String set1v9_192 = "0DFB9BD4F87F68DE54FBC1C6428FDEB0"
+        + "63E997BE8490C9B7A4694025D6EBA2B1"
+        + "5FE429DB82A7CAE6AAB22918E8D00449"
+        + "6FB6291467B5AE81D4E85E81D8795EBB";
+
+    String set1v9_256 = "546F5BB315E7F71A46E56D4580F90889"
+        + "639A2BA528F757CF3B048738BA141AF3"
+        + "B31607CB21561BAD94721048930364F4"
+        + "B1227CFEB7CDECBA881FB44903550E68";
+
+    String set1v9_448 = "6F813586E76691305A0CF048C0D8586D"
+        + "C89460207D8B230CD172398AA33D19E9"
+        + "2D24883C3A9B0BB7CD8C6B2668DB142E"
+        + "37A97948A7A01498A21110297984CD20";
+
+    String set6v0_0 = "57459975BC46799394788DE80B928387"
+        + "862985A269B9E8E77801DE9D874B3F51"
+        + "AC4610B9F9BEE8CF8CACD8B5AD0BF17D"
+        + "3DDF23FD7424887EB3F81405BD498CC3";
+
+    String set6v0_65472 = "EF9AEC58ACE7DB427DF012B2B91A0C1E"
+        + "8E4759DCE9CDB00A2BD59207357BA06C"
+        + "E02D327C7719E83D6348A6104B081DB0"
+        + "3908E5186986AE41E3AE95298BB7B713";
+
+    String set6v0_65536 = "17EF5FF454D85ABBBA280F3A94F1D26E"
+        + "950C7D5B05C4BB3A78326E0DC5731F83"
+        + "84205C32DB867D1B476CE121A0D7074B"
+        + "AA7EE90525D15300F48EC0A6624BD0AF";
+
+    String set6v1_0 = "92A2508E2C4084567195F2A1005E552B"
+        + "4874EC0504A9CD5E4DAF739AB553D2E7"
+        + "83D79C5BA11E0653BEBB5C116651302E"
+        + "8D381CB728CA627B0B246E83942A2B99";
+
+    String set6v1_65472 = "E1974EC3063F7BD0CBA58B1CE34BC874"
+        + "67AAF5759B05EA46682A5D4306E5A76B"
+        + "D99A448DB8DE73AF97A73F5FBAE2C776"
+        + "35040464524CF14D7F08D4CE1220FD84";
+
+    String set6v1_65536 = "BE3436141CFD62D12FF7D852F80C1344"
+        + "81F152AD0235ECF8CA172C55CA8C031B"
+        + "2E785D773A988CA8D4BDA6FAE0E493AA"
+        + "71DCCC4C894D1F106CAC62A9FC0A9607";
+
+    // ChaCha12
+    String chacha12_set1v0_0 = "36CF0D56E9F7FBF287BC5460D95FBA94"
+            + "AA6CBF17D74E7C784DDCF7E0E882DDAE"
+            + "3B5A58243EF32B79A04575A8E2C2B73D"
+            + "C64A52AA15B9F88305A8F0CA0B5A1A25";
+
+    String chacha12_set1v0_192 = "83496792AB68FEC75ADB16D3044420A4"
+        + "A00A6E9ADC41C3A63DBBF317A8258C85"
+        + "A9BC08B4F76B413A4837324AEDF8BC2A"
+        + "67D53C9AB9E1C5BC5F379D48DF9AF730";
+
+    String chacha12_set1v0_256 = "BAA28ED593690FD760ADA07C95E3B888"
+        + "4B4B64E488CA7A2D9BDC262243AB9251"
+        + "394C5037E255F8BCCDCD31306C508FFB"
+        + "C9E0161380F7911FCB137D46D9269250";
+
+    String chacha12_set1v0_448 = "B7ECFB6AE0B51915762FE1FD03A14D0C"
+        + "9E54DA5DC76EB16EBA5313BC535DE63D"
+        + "C72D7F9F1874E301E99C8531819F4E37"
+        + "75793F6A5D19C717FA5C78A39EB804A6";
+
+    // ChaCha8
+    String chacha8_set1v0_0 = "BEB1E81E0F747E43EE51922B3E87FB38"
+            + "D0163907B4ED49336032AB78B67C2457"
+            + "9FE28F751BD3703E51D876C017FAA435"
+            + "89E63593E03355A7D57B2366F30047C5";
+    
+    String chacha8_set1v0_192 = "33B8B7CA8F8E89F0095ACE75A379C651"
+            + "FD6BDD55703C90672E44C6BAB6AACDD8"
+            + "7C976A87FD264B906E749429284134C2"
+            + "38E3B88CF74A68245B860D119A8BDF43";
+    
+    String chacha8_set1v0_256 = "F7CA95BF08688BD3BE8A27724210F9DC"
+            + "16F32AF974FBFB09E9F757C577A245AB"
+            + "F35F824B70A4C02CB4A8D7191FA8A5AD"
+            + "6A84568743844703D353B7F00A8601F4";
+    
+    String chacha8_set1v0_448 = "7B4117E8BFFD595CD8482270B08920FB"
+            + "C9B97794E1809E07BB271BF07C861003"
+            + "4C38DBA6ECA04E5474F399A284CBF6E2"
+            + "7F70142E604D0977797DE5B58B6B25E0";
+    
+
+
+    public String getName()
+    {
+        return "ChaCha";
+    }
+
+    public void performTest()
+    {
+        chachaTest1(20, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")),
+                  set1v0_0, set1v0_192,  set1v0_256,  set1v0_448);
+        chachaTest1(20, new ParametersWithIV(new KeyParameter(Hex.decode("00400000000000000000000000000000")), Hex.decode("0000000000000000")),
+                  set1v9_0, set1v9_192,  set1v9_256,  set1v9_448);
+        chachaTest1(12, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")),
+                chacha12_set1v0_0, chacha12_set1v0_192,  chacha12_set1v0_256,  chacha12_set1v0_448);
+        chachaTest1(8, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")),
+                chacha8_set1v0_0, chacha8_set1v0_192,  chacha8_set1v0_256,  chacha8_set1v0_448);
+        chachaTest2(new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE")),
+                  set6v0_0, set6v0_65472, set6v0_65536);
+        chachaTest2(new ParametersWithIV(new KeyParameter(Hex.decode("0558ABFE51A4F74A9DF04396E93C8FE23588DB2E81D4277ACD2073C6196CBF12")), Hex.decode("167DE44BB21980E7")),
+                  set6v1_0, set6v1_65472, set6v1_65536);
+        reinitBug();
+        skipTest();
+    }
+
+    private void chachaTest1(int rounds, CipherParameters params, String v0, String v192, String v256, String v448)
+    {
+        StreamCipher chaCha = new ChaChaEngine(rounds);
+        byte[]       buf = new byte[64];
+
+        chaCha.init(true, params);
+
+        for (int i = 0; i != 7; i++)
+        {
+            chaCha.processBytes(zeroes, 0, 64, buf, 0);
+            switch (i)
+            {
+            case 0:
+                if (!areEqual(buf, Hex.decode(v0)))
+                {
+                    mismatch("v0/" + rounds, v0, buf);
+                }
+                break;
+            case 3:
+                if (!areEqual(buf, Hex.decode(v192)))
+                {
+                    mismatch("v192/" + rounds, v192, buf);
+                }
+                break;
+            case 4:
+                if (!areEqual(buf, Hex.decode(v256)))
+                {
+                    mismatch("v256/" + rounds, v256, buf);
+                }
+                break;
+            default:
+                // ignore
+            }
+        }
+
+        for (int i = 0; i != 64; i++)
+        {
+            buf[i] = chaCha.returnByte(zeroes[i]);
+        }
+
+        if (!areEqual(buf, Hex.decode(v448)))
+        {
+            mismatch("v448", v448, buf);
+        }       
+    }
+
+    private void chachaTest2(CipherParameters params, String v0, String v65472, String v65536)
+    {
+        StreamCipher chaCha = new ChaChaEngine();
+        byte[]       buf = new byte[64];
+
+        chaCha.init(true, params);
+
+        for (int i = 0; i != 1025; i++)
+        {
+            chaCha.processBytes(zeroes, 0, 64, buf, 0);
+            switch (i)
+            {
+            case 0:
+                if (!areEqual(buf, Hex.decode(v0)))
+                {
+                    mismatch("v0", v0, buf);
+                }
+                break;
+            case 1023:
+                if (!areEqual(buf, Hex.decode(v65472)))
+                {
+                    mismatch("v65472", v65472, buf);
+                }
+                break;
+            case 1024:
+                if (!areEqual(buf, Hex.decode(v65536)))
+                {
+                    mismatch("v65536", v65536, buf);
+                }
+                break;
+            default:
+                // ignore
+            }
+        }
+    }
+
+    private void mismatch(String name, String expected, byte[] found)
+    {
+        fail("mismatch on " + name, expected, new String(Hex.encode(found)));
+    }
+
+
+    private void reinitBug()
+    {
+        KeyParameter key = new KeyParameter(Hex.decode("80000000000000000000000000000000"));
+        ParametersWithIV parameters = new ParametersWithIV(key, Hex.decode("0000000000000000"));
+
+        StreamCipher salsa = new ChaChaEngine();
+
+        salsa.init(true, parameters);
+
+        try
+        {
+            salsa.init(true, key);
+            fail("Salsa20 should throw exception if no IV in Init");
+        }
+        catch (IllegalArgumentException e)
+        {
+        }
+    }
+
+    private boolean areEqual(byte[] a, int aOff, byte[] b, int bOff)
+    {
+        for (int i = bOff; i != b.length; i++)
+        {
+            if (a[aOff + i - bOff] != b[i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private void skipTest()
+    {
+        SecureRandom rand = new SecureRandom();
+        byte[]       plain = new byte[5000];
+        byte[]       cipher = new byte[5000];
+
+        rand.nextBytes(plain);
+
+        CipherParameters params = new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE"));
+        ChaChaEngine    engine = new ChaChaEngine();
+
+        engine.init(true, params);
+
+        engine.processBytes(plain, 0, plain.length, cipher, 0);
+
+        byte[]      fragment = new byte[20];
+
+        engine.init(true, params);
+
+        engine.skip(10);
+
+        engine.processBytes(plain, 10, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 10, fragment, 0))
+        {
+            fail("skip forward 10 failed");
+        }
+
+        engine.skip(1000);
+
+        engine.processBytes(plain, 1010 + fragment.length, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 1010 + fragment.length, fragment, 0))
+        {
+            fail("skip forward 1000 failed");
+        }
+
+        engine.skip(-10);
+
+        engine.processBytes(plain, 1010 + 2 * fragment.length - 10, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 1010 + 2 * fragment.length - 10, fragment, 0))
+        {
+            fail("skip back 10 failed");
+        }
+
+        engine.skip(-1000);
+
+        if (engine.getPosition() != 60)
+        {
+            fail("skip position incorrect - " + 60 + " got " + engine.getPosition());
+        }
+
+        engine.processBytes(plain, 60, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 60, fragment, 0))
+        {
+            fail("skip back 1000 failed");
+        }
+
+        long pos = engine.seekTo(1010);
+        if (pos != 1010)
+        {
+            fail("position wrong");
+        }
+
+        engine.processBytes(plain, 1010, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 1010, fragment, 0))
+        {
+            fail("seek to 1010 failed");
+        }
+
+        engine.reset();
+
+        for (int i = 0; i != 1000; i++)
+        {
+            engine.skip(i);
+
+            if (engine.getPosition() != i)
+            {
+                fail("skip forward at wrong position");
+            }
+
+            engine.processBytes(plain, i, fragment.length, fragment, 0);
+
+            if (!areEqual(cipher, i, fragment, 0))
+            {
+                fail("skip forward i failed: " + i);
+            }
+
+            if (engine.getPosition() != i + fragment.length)
+            {
+                fail("cipher at wrong position: " + engine.getPosition() + " [" + i + "]");
+            }
+
+            engine.skip(-fragment.length);
+
+            if (engine.getPosition() != i)
+            {
+                fail("skip back at wrong position");
+            }
+
+            engine.processBytes(plain, i, fragment.length, fragment, 0);
+
+            if (!areEqual(cipher, i, fragment, 0))
+            {
+                fail("skip back i failed: " + i);
+            }
+
+            engine.reset();
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ChaChaTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CipherStreamTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CipherStreamTest.java
new file mode 100644
index 0000000..089e4ed
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CipherStreamTest.java
@@ -0,0 +1,706 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.BlowfishEngine;
+import org.bouncycastle.crypto.engines.CAST5Engine;
+import org.bouncycastle.crypto.engines.CAST6Engine;
+import org.bouncycastle.crypto.engines.CamelliaEngine;
+import org.bouncycastle.crypto.engines.ChaChaEngine;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.engines.Grain128Engine;
+import org.bouncycastle.crypto.engines.Grainv1Engine;
+import org.bouncycastle.crypto.engines.HC128Engine;
+import org.bouncycastle.crypto.engines.HC256Engine;
+import org.bouncycastle.crypto.engines.NoekeonEngine;
+import org.bouncycastle.crypto.engines.RC2Engine;
+import org.bouncycastle.crypto.engines.RC4Engine;
+import org.bouncycastle.crypto.engines.RC6Engine;
+import org.bouncycastle.crypto.engines.SEEDEngine;
+import org.bouncycastle.crypto.engines.Salsa20Engine;
+import org.bouncycastle.crypto.engines.SerpentEngine;
+import org.bouncycastle.crypto.engines.TEAEngine;
+import org.bouncycastle.crypto.engines.ThreefishEngine;
+import org.bouncycastle.crypto.engines.TwofishEngine;
+import org.bouncycastle.crypto.engines.XSalsa20Engine;
+import org.bouncycastle.crypto.engines.XTEAEngine;
+import org.bouncycastle.crypto.io.CipherInputStream;
+import org.bouncycastle.crypto.io.CipherOutputStream;
+import org.bouncycastle.crypto.io.InvalidCipherTextIOException;
+import org.bouncycastle.crypto.modes.AEADBlockCipher;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CCMBlockCipher;
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.CTSBlockCipher;
+import org.bouncycastle.crypto.modes.EAXBlockCipher;
+import org.bouncycastle.crypto.modes.GCMBlockCipher;
+import org.bouncycastle.crypto.modes.NISTCTSBlockCipher;
+import org.bouncycastle.crypto.modes.OCBBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.crypto.modes.SICBlockCipher;
+import org.bouncycastle.crypto.paddings.PKCS7Padding;
+import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class CipherStreamTest
+    extends SimpleTest
+{
+    private int streamSize;
+
+    public String getName()
+    {
+        return "CipherStreamTest";
+    }
+
+    private void testMode(Object cipher, CipherParameters params)
+        throws Exception
+    {
+        testWriteRead(cipher, params, false);
+        testWriteRead(cipher, params, true);
+        testReadWrite(cipher, params, false);
+        testReadWrite(cipher, params, true);
+
+        if (!(cipher instanceof CTSBlockCipher || cipher instanceof NISTCTSBlockCipher))
+        {
+            testWriteReadEmpty(cipher, params, false);
+            testWriteReadEmpty(cipher, params, true);
+        }
+
+        if (cipher instanceof AEADBlockCipher)
+        {
+            testTamperedRead((AEADBlockCipher)cipher, params);
+            testTruncatedRead((AEADBlockCipher)cipher, params);
+            testTamperedWrite((AEADBlockCipher)cipher, params);
+        }
+    }
+
+    private OutputStream createCipherOutputStream(OutputStream output, Object cipher)
+    {
+        if (cipher instanceof BufferedBlockCipher)
+        {
+            return new CipherOutputStream(output, (BufferedBlockCipher)cipher);
+        }
+        else if (cipher instanceof AEADBlockCipher)
+        {
+            return new CipherOutputStream(output, (AEADBlockCipher)cipher);
+        }
+        else
+        {
+            return new CipherOutputStream(output, (StreamCipher)cipher);
+        }
+    }
+
+    private InputStream createCipherInputStream(byte[] data, Object cipher)
+    {
+        ByteArrayInputStream input = new ByteArrayInputStream(data);
+        if (cipher instanceof BufferedBlockCipher)
+        {
+            return new CipherInputStream(input, (BufferedBlockCipher)cipher);
+        }
+        else if (cipher instanceof AEADBlockCipher)
+        {
+            return new CipherInputStream(input, (AEADBlockCipher)cipher);
+        }
+        else
+        {
+            return new CipherInputStream(input, (StreamCipher)cipher);
+        }
+    }
+
+    /**
+     * Test tampering of ciphertext followed by read from decrypting CipherInputStream
+     */
+    private void testTamperedRead(AEADBlockCipher cipher, CipherParameters params)
+        throws Exception
+    {
+        cipher.init(true, params);
+
+        byte[] ciphertext = new byte[cipher.getOutputSize(streamSize)];
+        cipher.doFinal(ciphertext, cipher.processBytes(new byte[streamSize], 0, streamSize, ciphertext, 0));
+
+        // Tamper
+        ciphertext[0] += 1;
+
+        cipher.init(false, params);
+        InputStream input = createCipherInputStream(ciphertext, cipher);
+        try
+        {
+            while (input.read() >= 0)
+            {
+            }
+            fail("Expected invalid ciphertext after tamper and read : " + cipher.getAlgorithmName());
+        }
+        catch (InvalidCipherTextIOException e)
+        {
+            // Expected
+        }
+        try
+        {
+            input.close();
+        }
+        catch (Exception e)
+        {
+            fail("Unexpected exception after tamper and read : " + cipher.getAlgorithmName());
+        }
+    }
+
+    /**
+     * Test truncation of ciphertext to make tag calculation impossible, followed by read from
+     * decrypting CipherInputStream
+     */
+    private void testTruncatedRead(AEADBlockCipher cipher, CipherParameters params)
+        throws Exception
+    {
+        cipher.init(true, params);
+
+        byte[] ciphertext = new byte[cipher.getOutputSize(streamSize)];
+        cipher.doFinal(ciphertext, cipher.processBytes(new byte[streamSize], 0, streamSize, ciphertext, 0));
+
+        // Truncate to just smaller than complete tag
+        byte[] truncated = new byte[ciphertext.length - streamSize - 1];
+        System.arraycopy(ciphertext, 0, truncated, 0, truncated.length);
+
+        cipher.init(false, params);
+        InputStream input = createCipherInputStream(truncated, cipher);
+        while (true)
+        {
+            int read = 0;
+            try
+            {
+                read = input.read();
+            }
+            catch (InvalidCipherTextIOException e)
+            {
+                // Expected
+                break;
+            }
+            catch (Exception e)
+            {
+                fail("Unexpected exception  on truncated read : " + cipher.getAlgorithmName());
+                break;
+            }
+            if (read < 0)
+            {
+                fail("Expected invalid ciphertext after truncate and read : " + cipher.getAlgorithmName());
+                break;
+            }
+        }
+        try
+        {
+            input.close();
+        }
+        catch (Exception e)
+        {
+            fail("Unexpected exception after truncate and read : " + cipher.getAlgorithmName());
+        }
+    }
+
+    /**
+     * Test tampering of ciphertext followed by write to decrypting CipherOutputStream
+     */
+    private void testTamperedWrite(AEADBlockCipher cipher, CipherParameters params)
+        throws Exception
+    {
+        cipher.init(true, params);
+
+        byte[] ciphertext = new byte[cipher.getOutputSize(streamSize)];
+        cipher.doFinal(ciphertext, cipher.processBytes(new byte[streamSize], 0, streamSize, ciphertext, 0));
+
+        // Tamper
+        ciphertext[0] += 1;
+
+        cipher.init(false, params);
+        ByteArrayOutputStream plaintext = new ByteArrayOutputStream();
+        OutputStream output = createCipherOutputStream(plaintext, cipher);
+
+        for (int i = 0; i < ciphertext.length; i++)
+        {
+            output.write(ciphertext[i]);
+        }
+        try
+        {
+            output.close();
+            fail("Expected invalid ciphertext after tamper and write : " + cipher.getAlgorithmName());
+        }
+        catch (InvalidCipherTextIOException e)
+        {
+            // Expected
+        }
+    }
+
+    /**
+     * Test CipherOutputStream in ENCRYPT_MODE, CipherInputStream in DECRYPT_MODE
+     */
+    private void testWriteRead(Object cipher, CipherParameters params, boolean blocks)
+        throws Exception
+    {
+        byte[] data = new byte[streamSize];
+        for (int i = 0; i < data.length; i++)
+        {
+            data[i] = (byte)(i % 255);
+        }
+
+        testWriteRead(cipher, params, blocks, data);
+    }
+
+    /**
+     * Test CipherOutputStream in ENCRYPT_MODE, CipherInputStream in DECRYPT_MODE
+     */
+    private void testWriteReadEmpty(Object cipher, CipherParameters params, boolean blocks)
+        throws Exception
+    {
+        byte[] data = new byte[0];
+
+        testWriteRead(cipher, params, blocks, data);
+    }
+
+    private void testWriteRead(Object cipher, CipherParameters params, boolean blocks, byte[] data)
+    {
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+        try
+        {
+            init(cipher, true, params);
+
+            OutputStream cOut = createCipherOutputStream(bOut, cipher);
+            if (blocks)
+            {
+                int chunkSize = Math.max(1, data.length / 8);
+                for (int i = 0; i < data.length; i += chunkSize)
+                {
+                    cOut.write(data, i, Math.min(chunkSize, data.length - i));
+                }
+            }
+            else
+            {
+                for (int i = 0; i < data.length; i++)
+                {
+                    cOut.write(data[i]);
+                }
+            }
+            cOut.close();
+
+            byte[] cipherText = bOut.toByteArray();
+            bOut.reset();
+            init(cipher, false, params);
+            InputStream cIn = createCipherInputStream(cipherText, cipher);
+
+            if (blocks)
+            {
+                byte[] block = new byte[getBlockSize(cipher) + 1];
+                int c;
+                while ((c = cIn.read(block)) >= 0)
+                {
+                    bOut.write(block, 0, c);
+                }
+            }
+            else
+            {
+                int c;
+                while ((c = cIn.read()) >= 0)
+                {
+                    bOut.write(c);
+                }
+
+            }
+            cIn.close();
+
+        }
+        catch (Exception e)
+        {
+            fail("Unexpected exception " + getName(cipher), e);
+        }
+
+        byte[] decrypted = bOut.toByteArray();
+        if (!Arrays.areEqual(data, decrypted))
+        {
+            fail("Failed - decrypted data doesn't match: " + getName(cipher));
+        }
+    }
+
+    private String getName(Object cipher)
+    {
+        if (cipher instanceof BufferedBlockCipher)
+        {
+            return ((BufferedBlockCipher)cipher).getUnderlyingCipher().getAlgorithmName();
+        }
+        else if (cipher instanceof AEADBlockCipher)
+        {
+            return ((AEADBlockCipher)cipher).getUnderlyingCipher().getAlgorithmName();
+        }
+        else if (cipher instanceof StreamCipher)
+        {
+            return ((StreamCipher)cipher).getAlgorithmName();
+        }
+        return null;
+    }
+
+    private int getBlockSize(Object cipher)
+    {
+        if (cipher instanceof BlockCipher)
+        {
+            return ((BlockCipher)cipher).getBlockSize();
+        }
+        else if (cipher instanceof BufferedBlockCipher)
+        {
+            return ((BufferedBlockCipher)cipher).getBlockSize();
+        }
+        else if (cipher instanceof AEADBlockCipher)
+        {
+            return ((AEADBlockCipher)cipher).getUnderlyingCipher().getBlockSize();
+        }
+        else if (cipher instanceof StreamCipher)
+        {
+            return 1;
+        }
+        return 0;
+    }
+
+    private void init(Object cipher, boolean forEncrypt, CipherParameters params)
+    {
+        if (cipher instanceof BufferedBlockCipher)
+        {
+            ((BufferedBlockCipher)cipher).init(forEncrypt, params);
+        }
+        else if (cipher instanceof AEADBlockCipher)
+        {
+            ((AEADBlockCipher)cipher).init(forEncrypt, params);
+        }
+        else if (cipher instanceof StreamCipher)
+        {
+            ((StreamCipher)cipher).init(forEncrypt, params);
+        }
+    }
+
+    protected void fail(String message, boolean authenticated, boolean bc)
+    {
+        if (bc || !authenticated)
+        {
+            super.fail(message);
+        }
+        else
+        {
+            // javax.crypto.CipherInputStream/CipherOutputStream
+            // are broken wrt handling AEAD failures
+            System.err.println("Broken JCE Streams: " + message);
+        }
+    }
+
+    /**
+     * Test CipherInputStream in ENCRYPT_MODE, CipherOutputStream in DECRYPT_MODE
+     */
+    private void testReadWrite(Object cipher, CipherParameters params, boolean blocks)
+        throws Exception
+    {
+        String lCode = "ABCDEFGHIJKLMNOPQRSTU";
+
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+        try
+        {
+            init(cipher, true, params);
+
+            InputStream cIn = createCipherInputStream(lCode.getBytes(), cipher);
+            ByteArrayOutputStream ct = new ByteArrayOutputStream();
+
+            if (blocks)
+            {
+                byte[] block = new byte[getBlockSize(cipher) + 1];
+                int c;
+                while ((c = cIn.read(block)) >= 0)
+                {
+                    ct.write(block, 0, c);
+                }
+            }
+            else
+            {
+                int c;
+                while ((c = cIn.read()) >= 0)
+                {
+                    ct.write(c);
+                }
+            }
+            cIn.close();
+
+            init(cipher, false, params);
+            ByteArrayInputStream dataIn = new ByteArrayInputStream(ct.toByteArray());
+            OutputStream cOut = createCipherOutputStream(bOut, cipher);
+
+            if (blocks)
+            {
+                byte[] block = new byte[getBlockSize(cipher) + 1];
+                int c;
+                while ((c = dataIn.read(block)) >= 0)
+                {
+                    cOut.write(block, 0, c);
+                }
+            }
+            else
+            {
+                int c;
+                while ((c = dataIn.read()) >= 0)
+                {
+                    cOut.write(c);
+                }
+            }
+            cOut.flush();
+            cOut.close();
+
+        }
+        catch (Exception e)
+        {
+            fail("Unexpected exception " + getName(cipher), e);
+        }
+
+        String res = new String(bOut.toByteArray());
+        if (!res.equals(lCode))
+        {
+            fail("Failed read/write - decrypted data doesn't match: " + getName(cipher), lCode, res);
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        int[] testSizes = new int[]{0, 1, 7, 8, 9, 15, 16, 17, 1023, 1024, 1025, 2047, 2048, 2049, 4095, 4096, 4097};
+        for (int i = 0; i < testSizes.length; i++)
+        {
+            this.streamSize = testSizes[i];
+            performTests();
+        }
+    }
+
+    private void performTests()
+        throws Exception
+    {
+        testModes(new BlowfishEngine(), new BlowfishEngine(), 16);
+        testModes(new DESEngine(), new DESEngine(), 8);
+        testModes(new DESedeEngine(), new DESedeEngine(), 24);
+        testModes(new TEAEngine(), new TEAEngine(), 16);
+        testModes(new CAST5Engine(), new CAST5Engine(), 16);
+        testModes(new RC2Engine(), new RC2Engine(), 16);
+        testModes(new XTEAEngine(), new XTEAEngine(), 16);
+
+        testModes(new AESEngine(), new AESEngine(), 16);
+        testModes(new NoekeonEngine(), new NoekeonEngine(), 16);
+        testModes(new TwofishEngine(), new TwofishEngine(), 16);
+        testModes(new CAST6Engine(), new CAST6Engine(), 16);
+        testModes(new SEEDEngine(), new SEEDEngine(), 16);
+        testModes(new SerpentEngine(), new SerpentEngine(), 16);
+        testModes(new RC6Engine(), new RC6Engine(), 16);
+        testModes(new CamelliaEngine(), new CamelliaEngine(), 16);
+        testModes(new ThreefishEngine(ThreefishEngine.BLOCKSIZE_512),
+            new ThreefishEngine(ThreefishEngine.BLOCKSIZE_512), 64);
+
+        testMode(new RC4Engine(), new KeyParameter(new byte[16]));
+        testMode(new Salsa20Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[8]));
+        testMode(new XSalsa20Engine(), new ParametersWithIV(new KeyParameter(new byte[32]), new byte[24]));
+        testMode(new ChaChaEngine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[8]));
+        testMode(new Grainv1Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[8]));
+        testMode(new Grain128Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[12]));
+        testMode(new HC128Engine(), new KeyParameter(new byte[16]));
+        testMode(new HC256Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]));
+
+        testSkipping(new Salsa20Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[8]));
+        testSkipping(new SICBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]));
+    }
+
+    private void testModes(BlockCipher cipher1, BlockCipher cipher2, int keySize)
+        throws Exception
+    {
+        final KeyParameter key = new KeyParameter(new byte[keySize]);
+        final int blockSize = getBlockSize(cipher1);
+        final CipherParameters withIv = new ParametersWithIV(key, new byte[blockSize]);
+
+        if (blockSize > 1)
+        {
+            testMode(new PaddedBufferedBlockCipher(cipher1, new PKCS7Padding()), key);
+
+            testMode(new PaddedBufferedBlockCipher(new CBCBlockCipher(cipher1), new PKCS7Padding()), withIv);
+
+            testMode(new BufferedBlockCipher(new OFBBlockCipher(cipher1, blockSize)), withIv);
+            testMode(new BufferedBlockCipher(new CFBBlockCipher(cipher1, blockSize)), withIv);
+            testMode(new BufferedBlockCipher(new SICBlockCipher(cipher1)), withIv);
+        }
+        // CTS requires at least one block
+        if (blockSize <= 16 && streamSize >= blockSize)
+        {
+            testMode(new CTSBlockCipher(cipher1), key);
+        }
+        if (blockSize <= 16 && streamSize >= blockSize)
+        {
+            testMode(new NISTCTSBlockCipher(NISTCTSBlockCipher.CS1, cipher1), key);
+            testMode(new NISTCTSBlockCipher(NISTCTSBlockCipher.CS2, cipher1), key);
+            testMode(new NISTCTSBlockCipher(NISTCTSBlockCipher.CS3, cipher1), key);
+        }
+        if (blockSize == 8 || blockSize == 16)
+        {
+            testMode(new EAXBlockCipher(cipher1), withIv);
+        }
+        if (blockSize == 16)
+        {
+            testMode(new CCMBlockCipher(cipher1), new ParametersWithIV(key, new byte[7]));
+            testMode(new GCMBlockCipher(cipher1), withIv);
+            testMode(new OCBBlockCipher(cipher1, cipher2), new ParametersWithIV(key, new byte[15]));
+        }
+    }
+
+    private void testSkipping(StreamCipher cipher, CipherParameters params)
+        throws Exception
+    {
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+        init(cipher, true, params);
+
+        OutputStream cOut = createCipherOutputStream(bOut, cipher);
+        byte[] data = new byte[5000];
+
+        new SecureRandom().nextBytes(data);
+
+        cOut.write(data);
+
+        cOut.close();
+
+        init(cipher, false, params);
+
+        InputStream cIn = createCipherInputStream(bOut.toByteArray(), cipher);
+
+        long skip = cIn.skip(50);
+        if (skip != 50)
+        {
+            fail("wrong number of bytes skipped: " + skip);
+        }
+
+        byte[] block = new byte[50];
+
+        cIn.read(block);
+
+        if (!areEqual(data, 50, block, 0))
+        {
+            fail("initial skip mismatch");
+        }
+
+        skip = cIn.skip(3000);
+        if (skip != 3000)
+        {
+            fail("wrong number of bytes skipped: " + skip);
+        }
+
+        cIn.read(block);
+
+        if (!areEqual(data, 3100, block, 0))
+        {
+            fail("second skip mismatch");
+        }
+
+        cipher.reset();
+
+        cIn = createCipherInputStream(bOut.toByteArray(), cipher);
+        if (!cIn.markSupported())
+        {
+            fail("marking not supported");
+        }
+
+        cIn.mark(100);
+
+        cIn.read(block);
+
+        if (!areEqual(data, 0, block, 0))
+        {
+            fail("initial mark read failed");
+        }
+
+        cIn.reset();
+
+        cIn.read(block);
+
+        if (!areEqual(data, 0, block, 0))
+        {
+            fail(cipher.getAlgorithmName() + " initial reset read failed");
+        }
+
+        cIn.reset();
+
+        cIn.read(block);
+
+        cIn.mark(100);
+
+        cIn.read(block);
+
+        if (!areEqual(data, 50, block, 0))
+        {
+            fail("second mark read failed");
+        }
+
+        cIn.reset();
+
+        cIn.read(block);
+
+        if (!areEqual(data, 50, block, 0))
+        {
+            fail(cipher.getAlgorithmName() + " second reset read failed");
+        }
+
+        cIn.mark(3000);
+
+        skip = cIn.skip(2050);
+        if (skip != 2050)
+        {
+            fail("wrong number of bytes skipped: " + skip);
+        }
+
+        cIn.reset();
+
+        cIn.read(block);
+
+        if (!areEqual(data, 100, block, 0))
+        {
+            fail(cipher.getAlgorithmName() + " third reset read failed");
+        }
+
+        cIn.read(new byte[2150]);
+
+        cIn.reset();
+
+        cIn.read(block);
+
+        if (!areEqual(data, 100, block, 0))
+        {
+            fail(cipher.getAlgorithmName() + " fourth reset read failed");
+        }
+
+        cIn.close();
+    }
+
+    private boolean areEqual(byte[] a, int aOff, byte[] b, int bOff)
+    {
+        for (int i = bOff; i != b.length; i++)
+        {
+            if (a[aOff + i - bOff] != b[i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new CipherStreamTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CipherTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CipherTest.java
new file mode 100644
index 0000000..407a044
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CipherTest.java
@@ -0,0 +1,117 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.test.SimpleTest;
+
+public abstract class CipherTest
+    extends SimpleTest
+{
+    private SimpleTest[]      _tests;
+    private BlockCipher _engine;
+    private KeyParameter _validKey;
+
+//    protected CipherTest(
+//        SimpleTest[]  tests)
+//    {
+//        _tests = tests;
+//    }
+
+    protected CipherTest(
+        SimpleTest[]   tests,
+        BlockCipher  engine,
+        KeyParameter validKey)
+    {
+        _tests = tests;
+        _engine = engine;
+        _validKey = validKey;
+    }
+    
+    public abstract String getName();
+
+    public void performTest()
+        throws Exception
+    {
+        for (int i = 0; i != _tests.length; i++)
+        {
+            _tests[i].performTest();
+        }
+
+        if (_engine != null)
+        {
+            //
+            // state tests
+            //
+            byte[]      buf = new byte[128];
+            
+            try
+            {   
+                _engine.processBlock(buf, 0, buf, 0);
+                
+                fail("failed initialisation check");
+            }
+            catch (IllegalStateException e)
+            {
+                // expected 
+            }
+            
+            bufferSizeCheck((_engine));
+        }
+    }
+    
+    private void bufferSizeCheck(
+        BlockCipher engine)
+    {
+        byte[] correctBuf = new byte[engine.getBlockSize()];
+        byte[] shortBuf = new byte[correctBuf.length / 2];
+        
+        engine.init(true, _validKey);
+        
+        try
+        {   
+            engine.processBlock(shortBuf, 0, correctBuf, 0);
+            
+            fail("failed short input check");
+        }
+        catch (DataLengthException e)
+        {
+            // expected 
+        }
+        
+        try
+        {   
+            engine.processBlock(correctBuf, 0, shortBuf, 0);
+            
+            fail("failed short output check");
+        }
+        catch (DataLengthException e)
+        {
+            // expected 
+        }
+        
+        engine.init(false, _validKey);
+        
+        try
+        {   
+            engine.processBlock(shortBuf, 0, correctBuf, 0);
+            
+            fail("failed short input check");
+        }
+        catch (DataLengthException e)
+        {
+            // expected 
+        }
+        
+        try
+        {   
+            engine.processBlock(correctBuf, 0, shortBuf, 0);
+            
+            fail("failed short output check");
+        }
+        catch (DataLengthException e)
+        {
+            // expected 
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/CramerShoupTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/CramerShoupTest.java
new file mode 100644
index 0000000..e963357
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/CramerShoupTest.java
@@ -0,0 +1,147 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.agreement.DHStandardGroups;
+import org.bouncycastle.crypto.engines.CramerShoupCiphertext;
+import org.bouncycastle.crypto.engines.CramerShoupCoreEngine;
+import org.bouncycastle.crypto.engines.CramerShoupCoreEngine.CramerShoupCiphertextException;
+import org.bouncycastle.crypto.generators.CramerShoupKeyPairGenerator;
+import org.bouncycastle.crypto.generators.CramerShoupParametersGenerator;
+import org.bouncycastle.crypto.params.CramerShoupKeyGenerationParameters;
+import org.bouncycastle.crypto.params.CramerShoupParameters;
+import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class CramerShoupTest
+    extends SimpleTest
+{
+    private static final BigInteger ONE = BigInteger.valueOf(1);
+
+    private static final SecureRandom RND = new SecureRandom();
+
+    private AsymmetricCipherKeyPair keyPair;
+
+    public static void main(String[] args)
+    {
+        runTest(new CramerShoupTest());
+    }
+
+    public String getName()
+    {
+        return "CramerShoup";
+    }
+
+
+    public void performTest()
+        throws Exception
+    {
+        BigInteger pSubOne = DHStandardGroups.rfc3526_2048.getP().subtract(ONE);
+        for (int i = 0; i < 10; ++i)
+        {
+            BigInteger message = BigIntegers.createRandomInRange(ONE, pSubOne, RND);
+
+            BigInteger m1 = encDecTest(message);
+            BigInteger m2 = labelledEncDecTest(message, "myRandomLabel");
+            BigInteger m3 = encDecEncodingTest(message);
+            BigInteger m4 = labelledEncDecEncodingTest(message, "myOtherCoolLabel");
+
+            if (!message.equals(m1) || !message.equals(m2) || !message.equals(m3) || !message.equals(m4))
+            {
+                fail("decrypted message != original message");
+            }
+        }
+    }
+
+    private BigInteger encDecEncodingTest(BigInteger m)
+    {
+        CramerShoupCiphertext ciphertext = encrypt(m);
+        byte[] c = ciphertext.toByteArray();
+        CramerShoupCiphertext decC = new CramerShoupCiphertext(c);
+        return decrypt(decC);
+    }
+
+    private BigInteger labelledEncDecEncodingTest(BigInteger m, String l)
+    {
+        byte[] c = encrypt(m, l).toByteArray();
+        return decrypt(new CramerShoupCiphertext(c), l);
+    }
+
+    private BigInteger encDecTest(BigInteger m)
+    {
+        CramerShoupCiphertext c = encrypt(m);
+        return decrypt(c);
+    }
+
+    private BigInteger labelledEncDecTest(BigInteger m, String l)
+    {
+        CramerShoupCiphertext c = encrypt(m, l);
+        return decrypt(c, l);
+    }
+
+
+    private BigInteger decrypt(CramerShoupCiphertext ciphertext)
+    {
+        return decrypt(ciphertext, null);
+    }
+
+    private BigInteger decrypt(CramerShoupCiphertext ciphertext, String label)
+    {
+
+        CramerShoupCoreEngine engine = new CramerShoupCoreEngine();
+        if (label != null)
+        {
+            engine.init(false, keyPair.getPrivate(), label);
+        }
+        else
+        {
+            engine.init(false, keyPair.getPrivate());
+        }
+        try
+        {
+            BigInteger m = engine.decryptBlock(ciphertext);
+
+            return m;
+        }
+        catch (CramerShoupCiphertextException e)
+        {
+            e.printStackTrace();
+        }
+
+        return null;
+    }
+
+    private CramerShoupCiphertext encrypt(BigInteger message)
+    {
+        return encrypt(message, null);
+    }
+
+    private CramerShoupCiphertext encrypt(BigInteger message, String label)
+    {
+        CramerShoupKeyPairGenerator kpGen = new CramerShoupKeyPairGenerator();
+        CramerShoupParametersGenerator pGen = new CramerShoupParametersGenerator();
+
+        pGen.init(2048, 1, RND);
+        CramerShoupParameters params = pGen.generateParameters(DHStandardGroups.rfc3526_2048);
+        CramerShoupKeyGenerationParameters param = new CramerShoupKeyGenerationParameters(RND, params);
+
+        kpGen.init(param);
+        keyPair = kpGen.generateKeyPair();
+
+        CramerShoupCoreEngine engine = new CramerShoupCoreEngine();
+        if (label != null)
+        {
+            engine.init(true, keyPair.getPublic(), label);
+        }
+        else
+        {
+            engine.init(true, keyPair.getPublic());
+        }
+
+        CramerShoupCiphertext ciphertext = engine.encryptBlock(message);
+
+        return ciphertext;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/DESTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/DESTest.java
new file mode 100644
index 0000000..08056fc
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/DESTest.java
@@ -0,0 +1,206 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.generators.DESKeyGenerator;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.crypto.params.DESParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+import java.security.SecureRandom;
+
+class DESParityTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "DESParityTest";
+    }
+
+    public void performTest()
+    {
+        byte[]  k1In = { (byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff,
+                        (byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff };
+        byte[]  k1Out = { (byte)0xfe, (byte)0xfe, (byte)0xfe, (byte)0xfe,
+                        (byte)0xfe, (byte)0xfe, (byte)0xfe, (byte)0xfe };
+
+        byte[]  k2In = { (byte)0xef, (byte)0xcb, (byte)0xda, (byte)0x4f,
+                        (byte)0xaa, (byte)0x99, (byte)0x7f, (byte)0x63 };
+        byte[]  k2Out = { (byte)0xef, (byte)0xcb, (byte)0xda, (byte)0x4f,
+                        (byte)0xab, (byte)0x98, (byte)0x7f, (byte)0x62 };
+
+        DESParameters.setOddParity(k1In);
+
+        for (int i = 0; i != k1In.length; i++)
+        {
+            if (k1In[i] != k1Out[i])
+            {
+                fail("Failed " 
+                    + "got " + new String(Hex.encode(k1In))
+                    + " expected " + new String(Hex.encode(k1Out)));
+            }
+        }
+
+        DESParameters.setOddParity(k2In);
+
+        for (int i = 0; i != k2In.length; i++)
+        {
+            if (k2In[i] != k2Out[i])
+            {
+                fail("Failed " 
+                    + "got " + new String(Hex.encode(k2In))
+                    + " expected " + new String(Hex.encode(k2Out)));
+            }
+        }
+    }
+}
+
+class KeyGenTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "KeyGenTest";
+    }
+
+    public void performTest()
+    {
+        DESKeyGenerator keyGen = new DESKeyGenerator();
+        
+        keyGen.init(new KeyGenerationParameters(new SecureRandom(), 56));
+        
+        byte[] kB = keyGen.generateKey();
+        
+        if (kB.length != 8)
+        {
+            fail("DES bit key wrong length.");
+        }
+    }
+}
+
+class DESParametersTest
+    extends SimpleTest
+{
+    static private byte[] weakKeys =
+     {
+         (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01, (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01,
+         (byte)0x1f,(byte)0x1f,(byte)0x1f,(byte)0x1f, (byte)0x0e,(byte)0x0e,(byte)0x0e,(byte)0x0e,
+         (byte)0xe0,(byte)0xe0,(byte)0xe0,(byte)0xe0, (byte)0xf1,(byte)0xf1,(byte)0xf1,(byte)0xf1,
+         (byte)0xfe,(byte)0xfe,(byte)0xfe,(byte)0xfe, (byte)0xfe,(byte)0xfe,(byte)0xfe,(byte)0xfe,
+         /* semi-weak keys */
+         (byte)0x01,(byte)0xfe,(byte)0x01,(byte)0xfe, (byte)0x01,(byte)0xfe,(byte)0x01,(byte)0xfe,
+         (byte)0x1f,(byte)0xe0,(byte)0x1f,(byte)0xe0, (byte)0x0e,(byte)0xf1,(byte)0x0e,(byte)0xf1,
+         (byte)0x01,(byte)0xe0,(byte)0x01,(byte)0xe0, (byte)0x01,(byte)0xf1,(byte)0x01,(byte)0xf1,
+         (byte)0x1f,(byte)0xfe,(byte)0x1f,(byte)0xfe, (byte)0x0e,(byte)0xfe,(byte)0x0e,(byte)0xfe,
+         (byte)0x01,(byte)0x1f,(byte)0x01,(byte)0x1f, (byte)0x01,(byte)0x0e,(byte)0x01,(byte)0x0e,
+         (byte)0xe0,(byte)0xfe,(byte)0xe0,(byte)0xfe, (byte)0xf1,(byte)0xfe,(byte)0xf1,(byte)0xfe,
+         (byte)0xfe,(byte)0x01,(byte)0xfe,(byte)0x01, (byte)0xfe,(byte)0x01,(byte)0xfe,(byte)0x01,
+         (byte)0xe0,(byte)0x1f,(byte)0xe0,(byte)0x1f, (byte)0xf1,(byte)0x0e,(byte)0xf1,(byte)0x0e,
+         (byte)0xe0,(byte)0x01,(byte)0xe0,(byte)0x01, (byte)0xf1,(byte)0x01,(byte)0xf1,(byte)0x01,
+         (byte)0xfe,(byte)0x1f,(byte)0xfe,(byte)0x1f, (byte)0xfe,(byte)0x0e,(byte)0xfe,(byte)0x0e,
+         (byte)0x1f,(byte)0x01,(byte)0x1f,(byte)0x01, (byte)0x0e,(byte)0x01,(byte)0x0e,(byte)0x01,
+         (byte)0xfe,(byte)0xe0,(byte)0xfe,(byte)0xe0, (byte)0xfe,(byte)0xf1,(byte)0xfe,(byte)0xf1
+     };
+
+    public String getName()
+    {
+        return "DESParameters";
+    }
+
+    public void performTest() throws Exception
+    {
+        try
+        {
+            DESParameters.isWeakKey(new byte[4], 0);
+            fail("no exception on small key");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("key material too short."))
+            {
+                fail("wrong exception");
+            }
+        }
+
+        try
+        {
+            new DESParameters(weakKeys);
+            fail("no exception on weak key");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("attempt to create weak DES key"))
+            {
+                fail("wrong exception");
+            }
+        }
+
+        for (int i = 0; i != weakKeys.length; i += 8)
+        {
+            if (!DESParameters.isWeakKey(weakKeys, i))
+            {
+                fail("weakKey test failed");
+            }
+        }
+    }
+}
+
+/**
+ * DES tester - vectors from <a href=http://www.itl.nist.gov/fipspubs/fip81.htm>FIPS 81</a>
+ */
+public class DESTest
+    extends CipherTest
+{
+    static String   input1 = "4e6f77206973207468652074696d6520666f7220616c6c20";
+    static String   input2 = "4e6f7720697320746865";
+    static String   input3 = "4e6f7720697320746865aabbcc";
+
+    static SimpleTest[]   tests = 
+            {
+                new BlockCipherVectorTest(0, new DESEngine(),
+                        new KeyParameter(Hex.decode("0123456789abcdef")),
+                        input1, "3fa40e8a984d48156a271787ab8883f9893d51ec4b563b53"),
+                new BlockCipherVectorTest(1, new CBCBlockCipher(new DESEngine()),
+                        new ParametersWithIV(new KeyParameter(Hex.decode("0123456789abcdef")), Hex.decode("1234567890abcdef")),
+                        input1, "e5c7cdde872bf27c43e934008c389c0f683788499a7c05f6"),
+                new BlockCipherVectorTest(2, new CFBBlockCipher(new DESEngine(), 8),
+                        new ParametersWithIV(new KeyParameter(Hex.decode("0123456789abcdef")), Hex.decode("1234567890abcdef")),
+                        input2, "f31fda07011462ee187f"),
+                new BlockCipherVectorTest(3, new CFBBlockCipher(new DESEngine(), 64),
+                        new ParametersWithIV(new KeyParameter(Hex.decode("0123456789abcdef")), Hex.decode("1234567890abcdef")),
+                        input1, "f3096249c7f46e51a69e839b1a92f78403467133898ea622"),
+                new BlockCipherVectorTest(4, new OFBBlockCipher(new DESEngine(), 8),
+                        new ParametersWithIV(new KeyParameter(Hex.decode("0123456789abcdef")), Hex.decode("1234567890abcdef")),
+                        input2, "f34a2850c9c64985d684"),
+                new BlockCipherVectorTest(5, new CFBBlockCipher(new DESEngine(), 64),
+                        new ParametersWithIV(new KeyParameter(Hex.decode("0123456789abcdef")), Hex.decode("1234567890abcdef")),
+                        input3, "f3096249c7f46e51a69e0954bf"),
+                new BlockCipherVectorTest(6, new OFBBlockCipher(new DESEngine(), 64),
+                        new ParametersWithIV(new KeyParameter(Hex.decode("0123456789abcdef")), Hex.decode("1234567890abcdef")),
+                        input3, "f3096249c7f46e5135f2c0eb8b"),
+                new DESParityTest(),
+                new DESParametersTest(),
+                new KeyGenTest()
+            };
+
+    public DESTest()
+    {
+        super(tests, new DESEngine(), new KeyParameter(new byte[8]));
+    }
+
+    public String getName()
+    {
+        return "DES";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new DESTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/DESedeTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/DESedeTest.java
new file mode 100644
index 0000000..b14897f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/DESedeTest.java
@@ -0,0 +1,177 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.Wrapper;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.engines.DESedeWrapEngine;
+import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
+import org.bouncycastle.crypto.params.DESedeParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+import java.security.SecureRandom;
+
+/**
+ * DESede tester
+ */
+public class DESedeTest
+    extends CipherTest
+{
+    static private byte[] weakKey =     // first 8 bytes non-weak
+         {
+             (byte)0x06,(byte)0x01,(byte)0x01,(byte)0x01, (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01,
+             (byte)0x1f,(byte)0x1f,(byte)0x1f,(byte)0x1f, (byte)0x0e,(byte)0x0e,(byte)0x0e,(byte)0x0e,
+             (byte)0xe0,(byte)0xe0,(byte)0xe0,(byte)0xe0, (byte)0xf1,(byte)0xf1,(byte)0xf1,(byte)0xf1,
+         };
+
+    static String   input1 = "4e6f77206973207468652074696d6520666f7220616c6c20";
+    static String   input2 = "4e6f7720697320746865";
+
+    static SimpleTest[]  tests =
+            {
+                new BlockCipherVectorTest(0, new DESedeEngine(),
+                        new DESedeParameters(Hex.decode("0123456789abcdef0123456789abcdef")),
+                        input1, "3fa40e8a984d48156a271787ab8883f9893d51ec4b563b53"),
+                new BlockCipherVectorTest(1, new DESedeEngine(),
+                        new DESedeParameters(Hex.decode("0123456789abcdeffedcba9876543210")),
+                        input1, "d80a0d8b2bae5e4e6a0094171abcfc2775d2235a706e232c"),
+                new BlockCipherVectorTest(2, new DESedeEngine(),
+                        new DESedeParameters(Hex.decode("0123456789abcdef0123456789abcdef0123456789abcdef")),
+                        input1, "3fa40e8a984d48156a271787ab8883f9893d51ec4b563b53"),
+                new BlockCipherVectorTest(3, new DESedeEngine(),
+                        new DESedeParameters(Hex.decode("0123456789abcdeffedcba98765432100123456789abcdef")),
+                        input1, "d80a0d8b2bae5e4e6a0094171abcfc2775d2235a706e232c")
+            };
+
+    DESedeTest()
+    {
+        super(tests, new DESedeEngine(), new KeyParameter(new byte[16]));
+    }
+
+    private void wrapTest(
+        int     id,
+        byte[]  kek,
+        byte[]  iv,
+        byte[]  in,
+        byte[]  out)
+    {
+        Wrapper wrapper = new DESedeWrapEngine();
+
+        wrapper.init(true, new ParametersWithIV(new KeyParameter(kek), iv));
+
+        try
+        {
+            byte[]  cText = wrapper.wrap(in, 0, in.length);
+            if (!areEqual(cText, out))
+            {
+                fail(": failed wrap test " + id  + " expected " + new String(Hex.encode(out)) + " got " + new String(Hex.encode(cText)));
+            }
+        }
+        catch (Exception e)
+        {
+            fail("failed wrap test exception: " + e.toString(), e);
+        }
+
+        wrapper.init(false, new KeyParameter(kek));
+
+        try
+        {
+            byte[]  pText = wrapper.unwrap(out, 0, out.length);
+            if (!areEqual(pText, in))
+            {
+                fail("failed unwrap test " + id  + " expected " + new String(Hex.encode(in)) + " got " + new String(Hex.encode(pText)));
+            }
+        }
+        catch (Exception e)
+        {
+            fail("failed unwrap test exception: " + e.toString(), e);
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        super.performTest();
+
+        byte[]  kek1 = Hex.decode("255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f");
+        byte[]  iv1 = Hex.decode("5dd4cbfc96f5453b");
+        byte[]  in1 = Hex.decode("2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98");
+        byte[]  out1 = Hex.decode("690107618ef092b3b48ca1796b234ae9fa33ebb4159604037db5d6a84eb3aac2768c632775a467d4");
+        
+        wrapTest(1, kek1, iv1, in1, out1);
+
+        //
+        // key generation
+        //
+        SecureRandom       random = new SecureRandom();
+        DESedeKeyGenerator keyGen = new DESedeKeyGenerator();
+        
+        keyGen.init(new KeyGenerationParameters(random, 112));
+        
+        byte[] kB = keyGen.generateKey();
+        
+        if (kB.length != 16)
+        {
+            fail("112 bit key wrong length.");
+        }
+        
+        keyGen.init(new KeyGenerationParameters(random, 168));
+        
+        kB = keyGen.generateKey();
+        
+        if (kB.length != 24)
+        {
+            fail("168 bit key wrong length.");
+        }
+        
+        try
+        {
+            keyGen.init(new KeyGenerationParameters(random, 200));
+            
+            fail("invalid key length not detected.");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+
+        try
+        {
+            DESedeParameters.isWeakKey(new byte[4], 0);
+            fail("no exception on small key");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("key material too short."))
+            {
+                fail("wrong exception");
+            }
+        }
+
+        try
+        {
+            new DESedeParameters(weakKey);
+            fail("no exception on weak key");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("attempt to create weak DESede key"))
+            {
+                fail("wrong exception");
+            }
+        }
+    }
+
+    public String getName()
+    {
+        return "DESede";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new DESedeTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/DHKEKGeneratorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/DHKEKGeneratorTest.java
new file mode 100644
index 0000000..8a83d2a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/DHKEKGeneratorTest.java
@@ -0,0 +1,70 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.crypto.DerivationFunction;
+import org.bouncycastle.crypto.DerivationParameters;
+import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
+import org.bouncycastle.crypto.agreement.kdf.DHKEKGenerator;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * DHKEK Generator tests - from RFC 2631.
+ */
+public class DHKEKGeneratorTest
+    extends SimpleTest
+{
+    private byte[] seed1 = Hex.decode("000102030405060708090a0b0c0d0e0f10111213");
+    private ASN1ObjectIdentifier alg1 = PKCSObjectIdentifiers.id_alg_CMS3DESwrap;
+    private byte[] result1 = Hex.decode("a09661392376f7044d9052a397883246b67f5f1ef63eb5fb");
+
+    private byte[] seed2 = Hex.decode("000102030405060708090a0b0c0d0e0f10111213");
+    private ASN1ObjectIdentifier alg2 = PKCSObjectIdentifiers.id_alg_CMSRC2wrap;
+    private byte[] partyAInfo = Hex.decode(
+                                     "0123456789abcdeffedcba9876543201"
+                                   + "0123456789abcdeffedcba9876543201"
+                                   + "0123456789abcdeffedcba9876543201"
+                                   + "0123456789abcdeffedcba9876543201");
+    private byte[] result2 = Hex.decode("48950c46e0530075403cce72889604e0");
+
+    public DHKEKGeneratorTest()
+    {
+    }
+
+    public void performTest()
+    {
+        checkMask(1, new DHKEKGenerator(new SHA1Digest()), new DHKDFParameters(alg1, 192, seed1), result1);
+        checkMask(2, new DHKEKGenerator(new SHA1Digest()), new DHKDFParameters(alg2, 128, seed2, partyAInfo), result2);
+    }
+
+    private void checkMask(
+        int                count,
+        DerivationFunction kdf,
+        DerivationParameters params,
+        byte[]             result)
+    {
+        byte[]             data = new byte[result.length];
+
+        kdf.init(params);
+
+        kdf.generateBytes(data, 0, data.length);
+
+        if (!areEqual(result, data))
+        {
+            fail("DHKEKGenerator failed generator test " + count);
+        }
+    }
+
+    public String getName()
+    {
+        return "DHKEKGenerator";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new DHKEKGeneratorTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/DHTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/DHTest.java
new file mode 100644
index 0000000..862b9f2
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/DHTest.java
@@ -0,0 +1,414 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.agreement.DHAgreement;
+import org.bouncycastle.crypto.agreement.DHBasicAgreement;
+import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator;
+import org.bouncycastle.crypto.generators.DHKeyPairGenerator;
+import org.bouncycastle.crypto.generators.DHParametersGenerator;
+import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
+import org.bouncycastle.crypto.params.DHParameters;
+import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
+import org.bouncycastle.crypto.params.DHPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class DHTest
+    extends SimpleTest
+{
+    private BigInteger g512 = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16);
+    private BigInteger p512 = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16);
+
+    private BigInteger g768 = new BigInteger("7c240073c1316c621df461b71ebb0cdcc90a6e5527e5e126633d131f87461c4dc4afc60c2cb0f053b6758871489a69613e2a8b4c8acde23954c08c81cbd36132cfd64d69e4ed9f8e51ed6e516297206672d5c0a69135df0a5dcf010d289a9ca1", 16);
+    private BigInteger p768 = new BigInteger("8c9dd223debed1b80103b8b309715be009d48860ed5ae9b9d5d8159508efd802e3ad4501a7f7e1cfec78844489148cd72da24b21eddd01aa624291c48393e277cfc529e37075eccef957f3616f962d15b44aeab4039d01b817fde9eaa12fd73f", 16);
+
+    private BigInteger  g1024 = new BigInteger("1db17639cdf96bc4eabba19454f0b7e5bd4e14862889a725c96eb61048dcd676ceb303d586e30f060dbafd8a571a39c4d823982117da5cc4e0f89c77388b7a08896362429b94a18a327604eb7ff227bffbc83459ade299e57b5f77b50fb045250934938efa145511166e3197373e1b5b1e52de713eb49792bedde722c6717abf", 16);
+    private BigInteger  p1024 = new BigInteger("a00e283b3c624e5b2b4d9fbc2653b5185d99499b00fd1bf244c6f0bb817b4d1c451b2958d62a0f8a38caef059fb5ecd25d75ed9af403f5b5bdab97a642902f824e3c13789fed95fa106ddfe0ff4a707c85e2eb77d49e68f2808bcea18ce128b178cd287c6bc00efa9a1ad2a673fe0dceace53166f75b81d6709d5f8af7c66bb7", 16);
+
+    public String getName()
+    {
+        return "DH";
+    }
+
+    private void testDH(
+        int         size,
+        BigInteger  g,
+        BigInteger  p)
+    {
+        DHKeyPairGenerator kpGen = getDHKeyPairGenerator(g, p);
+
+        //
+        // generate first pair
+        //
+        AsymmetricCipherKeyPair     pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu1 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv1 = (DHPrivateKeyParameters)pair.getPrivate();
+        //
+        // generate second pair
+        //
+        pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu2 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv2 = (DHPrivateKeyParameters)pair.getPrivate();
+
+        //
+        // two way
+        //
+        DHAgreement    e1 = new DHAgreement();
+        DHAgreement    e2 = new DHAgreement();
+
+        e1.init(pv1);
+        e2.init(pv2);
+
+        BigInteger  m1 = e1.calculateMessage();
+        BigInteger  m2 = e2.calculateMessage();
+
+        BigInteger   k1 = e1.calculateAgreement(pu2, m2);
+        BigInteger   k2 = e2.calculateAgreement(pu1, m1);
+
+        if (!k1.equals(k2))
+        {
+            fail(size + " bit 2-way test failed");
+        }
+    }
+
+    private void testDHBasic(
+        int         size,
+        int         privateValueSize,
+        BigInteger  g,
+        BigInteger  p)
+    {
+        DHBasicKeyPairGenerator kpGen = getDHBasicKeyPairGenerator(g, p, privateValueSize);
+
+        //
+        // generate first pair
+        //
+        AsymmetricCipherKeyPair     pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu1 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv1 = (DHPrivateKeyParameters)pair.getPrivate();
+
+        checkKeySize(privateValueSize, pv1);
+        //
+        // generate second pair
+        //
+        pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu2 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv2 = (DHPrivateKeyParameters)pair.getPrivate();
+
+        checkKeySize(privateValueSize, pv2);
+        //
+        // two way
+        //
+        DHBasicAgreement    e1 = new DHBasicAgreement();
+        DHBasicAgreement    e2 = new DHBasicAgreement();
+
+        e1.init(pv1);
+        e2.init(pv2);
+
+        BigInteger   k1 = e1.calculateAgreement(pu2);
+        BigInteger   k2 = e2.calculateAgreement(pu1);
+
+        if (!k1.equals(k2))
+        {
+            fail("basic " + size + " bit 2-way test failed");
+        }
+    }
+
+    private void checkKeySize(
+        int privateValueSize,
+        DHPrivateKeyParameters priv)
+    {
+        if (privateValueSize != 0)
+        {
+            if (priv.getX().bitLength() != privateValueSize)
+            {
+                fail("limited key check failed for key size " + privateValueSize);
+            }
+        }
+    }
+
+    private void testGPWithRandom(
+        DHKeyPairGenerator kpGen)
+    {
+        //
+        // generate first pair
+        //
+        AsymmetricCipherKeyPair     pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu1 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv1 = (DHPrivateKeyParameters)pair.getPrivate();
+        //
+        // generate second pair
+        //
+        pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu2 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv2 = (DHPrivateKeyParameters)pair.getPrivate();
+
+        //
+        // two way
+        //
+        DHAgreement    e1 = new DHAgreement();
+        DHAgreement    e2 = new DHAgreement();
+
+        e1.init(new ParametersWithRandom(pv1, new SecureRandom()));
+        e2.init(new ParametersWithRandom(pv2, new SecureRandom()));
+
+        BigInteger   m1 = e1.calculateMessage();
+        BigInteger   m2 = e2.calculateMessage();
+
+        BigInteger   k1 = e1.calculateAgreement(pu2, m2);
+        BigInteger   k2 = e2.calculateAgreement(pu1, m1);
+        
+        if (!k1.equals(k2))
+        {
+            fail("basic with random 2-way test failed");
+        }
+    }
+    
+    private void testSimpleWithRandom(
+        DHBasicKeyPairGenerator kpGen)
+    {
+        //
+        // generate first pair
+        //
+        AsymmetricCipherKeyPair     pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu1 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv1 = (DHPrivateKeyParameters)pair.getPrivate();
+        //
+        // generate second pair
+        //
+        pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu2 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv2 = (DHPrivateKeyParameters)pair.getPrivate();
+
+        //
+        // two way
+        //
+        DHBasicAgreement    e1 = new DHBasicAgreement();
+        DHBasicAgreement    e2 = new DHBasicAgreement();
+
+        e1.init(new ParametersWithRandom(pv1, new SecureRandom()));
+        e2.init(new ParametersWithRandom(pv2, new SecureRandom()));
+
+        BigInteger   k1 = e1.calculateAgreement(pu2);
+        BigInteger   k2 = e2.calculateAgreement(pu1);
+
+        if (!k1.equals(k2))
+        {
+            fail("basic with random 2-way test failed");
+        }
+    }
+
+    private DHBasicKeyPairGenerator getDHBasicKeyPairGenerator(
+        BigInteger g,
+        BigInteger p,
+        int        privateValueSize)
+    {
+        DHParameters                dhParams = new DHParameters(p, g, null, privateValueSize);
+        DHKeyGenerationParameters   params = new DHKeyGenerationParameters(new SecureRandom(), dhParams);
+        DHBasicKeyPairGenerator     kpGen = new DHBasicKeyPairGenerator();
+
+        kpGen.init(params);
+        
+        return kpGen;
+    }
+    
+    private DHKeyPairGenerator getDHKeyPairGenerator(
+        BigInteger g,
+        BigInteger p)
+    {
+        DHParameters                dhParams = new DHParameters(p, g);
+        DHKeyGenerationParameters   params = new DHKeyGenerationParameters(new SecureRandom(), dhParams);
+        DHKeyPairGenerator          kpGen = new DHKeyPairGenerator();
+
+        kpGen.init(params);
+        
+        return kpGen;
+    }
+    
+    /**
+     * this test is can take quiet a while
+     */
+    private void testGeneration(
+        int         size)
+    {
+        DHParametersGenerator       pGen = new DHParametersGenerator();
+
+        pGen.init(size, 10, new SecureRandom());
+
+        DHParameters                dhParams = pGen.generateParameters();
+
+        if (dhParams.getL() != 0)
+        {
+            fail("DHParametersGenerator failed to set J to 0 in generated DHParameters");
+        }
+
+        DHKeyGenerationParameters   params = new DHKeyGenerationParameters(new SecureRandom(), dhParams);
+
+        DHBasicKeyPairGenerator     kpGen = new DHBasicKeyPairGenerator();
+
+        kpGen.init(params);
+
+        //
+        // generate first pair
+        //
+        AsymmetricCipherKeyPair     pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu1 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv1 = (DHPrivateKeyParameters)pair.getPrivate();
+        
+        //
+        // generate second pair
+        //
+        params = new DHKeyGenerationParameters(new SecureRandom(), pu1.getParameters());
+
+        kpGen.init(params);
+
+        pair = kpGen.generateKeyPair();
+
+        DHPublicKeyParameters       pu2 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv2 = (DHPrivateKeyParameters)pair.getPrivate();
+
+        //
+        // two way
+        //
+        DHBasicAgreement    e1 = new DHBasicAgreement();
+        DHBasicAgreement    e2 = new DHBasicAgreement();
+
+        e1.init(new ParametersWithRandom(pv1, new SecureRandom()));
+        e2.init(new ParametersWithRandom(pv2, new SecureRandom()));
+
+        BigInteger   k1 = e1.calculateAgreement(pu2);
+        BigInteger   k2 = e2.calculateAgreement(pu1);
+
+        if (!k1.equals(k2))
+        {
+            fail("basic with " + size + " bit 2-way test failed");
+        }
+    }
+    private void testBounds()
+    {
+         BigInteger p1 = new BigInteger("00C8028E9151C6B51BCDB35C1F6B2527986A72D8546AE7A4BF41DC4289FF9837EE01592D36C324A0F066149B8B940C86C87D194206A39038AE3396F8E12435BB74449B70222D117B8A2BB77CB0D67A5D664DDE7B75E0FEC13CE0CAF258DAF3ADA0773F6FF0F2051D1859929AAA53B07809E496B582A89C3D7DA8B6E38305626621", 16);
+         BigInteger g1 = new BigInteger("1F869713181464577FE4026B47102FA0D7675503A4FCDA810881FAEC3524E6DBAEA9B96561EF7F8BEA76466DF11C2F3EB1A90CC5851735BF860606481257EECE6418C0204E61004E85D7131CE54BCBC7AD67E53C79DCB715E7C8D083DCD85D728283EC8F96839B4C9FA7C0727C472BEB94E4613CAFA8D580119C0AF4BF8AF252", 16);
+         int l1 = 1023;
+
+         BigInteger p2 = new BigInteger("00B333C98720220CC3946F494E25231B3E19F9AD5F6B19F4E7ABF80D8826C491C3224D4F7415A14A7C11D1BE584405FED12C3554F103E56A72D986CA5E325BB9DE07AC37D1EAE5E5AC724D32EF638F0E4462D4C1FC7A45B9FD3A5DF5EC36A1FA4DAA3FBB66AA42B1B71DF416AB547E987513426C7BB8634F5F4D37705514FDC1E1", 16);
+         BigInteger g2 = new BigInteger("2592F5A99FE46313650CCE66C94C15DBED9F4A45BD05C329986CF5D3E12139F0405A47C6385FEA27BFFEDC4CBABC5BB151F3BEE7CC3D51567F1E2B12A975AA9F48A70BDAAE7F5B87E70ADCF902490A3CBEFEDA41EBA8E12E02B56120B5FDEFBED07F5EAD3AE020DF3C8233216F8F0D35E13A7AE4DA5CBCC0D91EADBF20C281C6", 16);
+         int l2 = 1024;
+
+        DHKeyGenerationParameters   params1 = new DHKeyGenerationParameters(new SecureRandom(), new DHParameters(p1, g1, null, l1));
+        DHKeyGenerationParameters   params2 = new DHKeyGenerationParameters(new SecureRandom(), new DHParameters(p2, g2, null, l2));
+
+        DHBasicKeyPairGenerator     kpGen = new DHBasicKeyPairGenerator();
+
+        kpGen.init(params1);
+        kpGen.init(params2);
+    }
+
+    public void performTest()
+    {
+        testDHBasic(512, 0, g512, p512);
+        testDHBasic(768, 0, g768, p768);
+        testDHBasic(1024, 0, g1024, p1024);
+
+        testDHBasic(512, 64, g512, p512);
+        testDHBasic(768, 128, g768, p768);
+        testDHBasic(1024, 256, g1024, p1024);
+
+        testDH(512, g512, p512);
+        testDH(768, g768, p768);
+        testDH(1024, g1024, p1024);
+
+        testBounds();
+
+        //
+        // generation test.
+        //
+        testGeneration(256);
+        
+        //
+        // with random test
+        //
+        DHBasicKeyPairGenerator     kpBasicGen = getDHBasicKeyPairGenerator(g512, p512, 0);
+        
+        testSimpleWithRandom(kpBasicGen);
+        
+        DHKeyPairGenerator          kpGen = getDHKeyPairGenerator(g512, p512);
+        
+        testGPWithRandom(kpGen);
+        
+        //
+        // parameter tests
+        //
+        DHAgreement             dh = new DHAgreement();
+        AsymmetricCipherKeyPair dhPair = kpGen.generateKeyPair();
+        
+        try
+        {
+            dh.init(dhPair.getPublic());
+            fail("DHAgreement key check failed");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // ignore
+        }
+        
+        DHKeyPairGenerator      kpGen768 = getDHKeyPairGenerator(g768, p768);
+        
+        try
+        {
+            dh.init(dhPair.getPrivate());
+            
+            dh.calculateAgreement((DHPublicKeyParameters)kpGen768.generateKeyPair().getPublic(), BigInteger.valueOf(100));
+            
+            fail("DHAgreement agreement check failed");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // ignore
+        }
+        
+        DHBasicAgreement        dhBasic = new DHBasicAgreement();
+        AsymmetricCipherKeyPair dhBasicPair = kpBasicGen.generateKeyPair();
+ 
+        try
+        {
+            dhBasic.init(dhBasicPair.getPublic());
+            fail("DHBasicAgreement key check failed");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        DHBasicKeyPairGenerator      kpBasicGen768 = getDHBasicKeyPairGenerator(g768, p768, 0);
+        
+        try
+        {
+            dhBasic.init(dhPair.getPrivate());
+            
+            dhBasic.calculateAgreement((DHPublicKeyParameters)kpBasicGen768.generateKeyPair().getPublic());
+            
+            fail("DHBasicAgreement agreement check failed");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new DHTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/DSATest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/DSATest.java
new file mode 100644
index 0000000..02c748f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/DSATest.java
@@ -0,0 +1,602 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.digests.SHA224Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
+import org.bouncycastle.crypto.generators.DSAParametersGenerator;
+import org.bouncycastle.crypto.params.DSAKeyGenerationParameters;
+import org.bouncycastle.crypto.params.DSAParameterGenerationParameters;
+import org.bouncycastle.crypto.params.DSAParameters;
+import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
+import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
+import org.bouncycastle.crypto.params.DSAValidationParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.signers.DSASigner;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.FixedSecureRandom;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test based on FIPS 186-2, Appendix 5, an example of DSA, and FIPS 168-3 test vectors.
+ */
+public class DSATest
+    extends SimpleTest
+{
+    byte[] k1 = Hex.decode("d5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
+    byte[] k2 = Hex.decode("345e8d05c075c3a508df729a1685690e68fcfb8c8117847e89063bca1f85d968fd281540b6e13bd1af989a1fbf17e06462bf511f9d0b140fb48ac1b1baa5bded");
+
+    SecureRandom    random = new FixedSecureRandom(new byte[][] { k1, k2});
+
+    byte[] keyData = Hex.decode("b5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
+    
+    SecureRandom    keyRandom = new FixedSecureRandom(new byte[][] { keyData, keyData });
+    
+    BigInteger  pValue = new BigInteger("8df2a494492276aa3d25759bb06869cbeac0d83afb8d0cf7cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac49693dfbf83724c2ec0736ee31c80291", 16);
+    BigInteger  qValue = new BigInteger("c773218c737ec8ee993b4f2ded30f48edace915f", 16);
+
+    public String getName()
+    {
+        return "DSA";
+    }
+
+    public void performTest()
+    {
+        BigInteger              r = new BigInteger("68076202252361894315274692543577577550894681403");
+        BigInteger              s = new BigInteger("1089214853334067536215539335472893651470583479365");
+        DSAParametersGenerator  pGen = new DSAParametersGenerator();
+
+        pGen.init(512, 80, random);
+
+        DSAParameters           params = pGen.generateParameters();
+        DSAValidationParameters pValid = params.getValidationParameters();
+
+        if (pValid.getCounter() != 105)
+        {
+            fail("Counter wrong");
+        }
+
+        if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+        {
+            fail("p or q wrong");
+        }
+
+        DSAKeyPairGenerator         dsaKeyGen = new DSAKeyPairGenerator();
+        DSAKeyGenerationParameters  genParam = new DSAKeyGenerationParameters(keyRandom, params);
+
+        dsaKeyGen.init(genParam);
+
+        AsymmetricCipherKeyPair  pair = dsaKeyGen.generateKeyPair();
+
+        ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), keyRandom);
+
+        DSASigner dsa = new DSASigner();
+
+        dsa.init(true, param);
+
+        byte[] message = BigIntegers.asUnsignedByteArray(new BigInteger("968236873715988614170569073515315707566766479517"));
+        BigInteger[] sig = dsa.generateSignature(message);
+
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong.", r, sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong.", s, sig[1]);
+        }
+
+        dsa.init(false, pair.getPublic());
+
+        if (!dsa.verifySignature(message, sig[0], sig[1]))
+        {
+            fail("verification fails");
+        }
+
+        dsa2Test1();
+        dsa2Test2();
+        dsa2Test3();
+        dsa2Test4();
+    }
+
+    private void dsa2Test1()
+    {
+        byte[] seed = Hex.decode("ED8BEE8D1CB89229D2903CBF0E51EE7377F48698");
+
+        DSAParametersGenerator pGen = new DSAParametersGenerator();
+
+        pGen.init(new DSAParameterGenerationParameters(1024, 160, 80, new DSATestSecureRandom(seed)));
+
+        DSAParameters params = pGen.generateParameters();
+
+        DSAValidationParameters pv = params.getValidationParameters();
+
+        if (pv.getCounter() != 5)
+        {
+            fail("counter incorrect");
+        }
+
+        if (!Arrays.areEqual(seed, pv.getSeed()))
+        {
+            fail("seed incorrect");
+        }
+
+        if (!params.getQ().equals(new BigInteger("E950511EAB424B9A19A2AEB4E159B7844C589C4F", 16)))
+        {
+            fail("Q incorrect");
+        }
+
+        if (!params.getP().equals(new BigInteger(
+            "E0A67598CD1B763B" +
+            "C98C8ABB333E5DDA0CD3AA0E5E1FB5BA8A7B4EABC10BA338" +
+            "FAE06DD4B90FDA70D7CF0CB0C638BE3341BEC0AF8A7330A3" +
+            "307DED2299A0EE606DF035177A239C34A912C202AA5F83B9" +
+            "C4A7CF0235B5316BFC6EFB9A248411258B30B839AF172440" +
+            "F32563056CB67A861158DDD90E6A894C72A5BBEF9E286C6B", 16)))
+        {
+            fail("P incorrect");
+        }
+
+        if (!params.getG().equals(new BigInteger(
+            "D29D5121B0423C27" +
+            "69AB21843E5A3240FF19CACC792264E3BB6BE4F78EDD1B15" +
+            "C4DFF7F1D905431F0AB16790E1F773B5CE01C804E509066A" +
+            "9919F5195F4ABC58189FD9FF987389CB5BEDF21B4DAB4F8B" +
+            "76A055FFE2770988FE2EC2DE11AD92219F0B351869AC24DA" +
+            "3D7BA87011A701CE8EE7BFE49486ED4527B7186CA4610A75", 16)))
+        {
+            fail("G incorrect");
+        }
+
+        DSAKeyPairGenerator kpGen = new DSAKeyPairGenerator();
+
+        kpGen.init(new DSAKeyGenerationParameters(new FixedSecureRandom(Hex.decode("D0EC4E50BB290A42E9E355C73D8809345DE2E139")), params));
+
+        AsymmetricCipherKeyPair kp = kpGen.generateKeyPair();
+
+        DSAPublicKeyParameters pub = (DSAPublicKeyParameters)kp.getPublic();
+        DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)kp.getPrivate();
+
+        if (!pub.getY().equals(new BigInteger(
+            "25282217F5730501" +
+            "DD8DBA3EDFCF349AAFFEC20921128D70FAC44110332201BB" +
+            "A3F10986140CBB97C726938060473C8EC97B4731DB004293" +
+            "B5E730363609DF9780F8D883D8C4D41DED6A2F1E1BBBDC97" +
+            "9E1B9D6D3C940301F4E978D65B19041FCF1E8B518F5C0576" +
+            "C770FE5A7A485D8329EE2914A2DE1B5DA4A6128CEAB70F79", 16)))
+        {
+            fail("Y value incorrect");
+        }
+
+        if (!priv.getX().equals(
+            new BigInteger("D0EC4E50BB290A42E9E355C73D8809345DE2E139", 16)))
+        {
+            fail("X value incorrect");
+        }
+
+        DSASigner signer = new DSASigner();
+
+        signer.init(true, new ParametersWithRandom(kp.getPrivate(), new FixedSecureRandom(Hex.decode("349C55648DCF992F3F33E8026CFAC87C1D2BA075"))));
+
+        byte[] msg = Hex.decode("A9993E364706816ABA3E25717850C26C9CD0D89D");
+
+        BigInteger[] sig = signer.generateSignature(msg);
+
+        if (!sig[0].equals(new BigInteger("636155AC9A4633B4665D179F9E4117DF68601F34", 16)))
+        {
+            fail("R value incorrect");
+        }
+
+        if (!sig[1].equals(new BigInteger("6C540B02D9D4852F89DF8CFC99963204F4347704", 16)))
+        {
+            fail("S value incorrect");
+        }
+
+        signer.init(false, kp.getPublic());
+
+        if (!signer.verifySignature(msg, sig[0], sig[1]))
+        {
+            fail("signature not verified");
+        }
+
+    }
+
+    private void dsa2Test2()
+        {
+            byte[] seed = Hex.decode("5AFCC1EFFC079A9CCA6ECA86D6E3CC3B18642D9BE1CC6207C84002A9");
+
+            DSAParametersGenerator pGen = new DSAParametersGenerator(new SHA224Digest());
+
+            pGen.init(new DSAParameterGenerationParameters(2048, 224, 80, new DSATestSecureRandom(seed)));
+
+            DSAParameters params = pGen.generateParameters();
+
+            DSAValidationParameters pv = params.getValidationParameters();
+
+            if (pv.getCounter() != 21)
+            {
+                fail("counter incorrect");
+            }
+
+            if (!Arrays.areEqual(seed, pv.getSeed()))
+            {
+                fail("seed incorrect");
+            }
+
+            if (!params.getQ().equals(new BigInteger("90EAF4D1AF0708B1B612FF35E0A2997EB9E9D263C9CE659528945C0D", 16)))
+            {
+                fail("Q incorrect");
+            }
+
+            if (!params.getP().equals(new BigInteger(
+                "C196BA05AC29E1F9C3C72D56DFFC6154" +
+                "A033F1477AC88EC37F09BE6C5BB95F51C296DD20D1A28A06" +
+                "7CCC4D4316A4BD1DCA55ED1066D438C35AEBAABF57E7DAE4" +
+                "28782A95ECA1C143DB701FD48533A3C18F0FE23557EA7AE6" +
+                "19ECACC7E0B51652A8776D02A425567DED36EABD90CA33A1" +
+                "E8D988F0BBB92D02D1D20290113BB562CE1FC856EEB7CDD9" +
+                "2D33EEA6F410859B179E7E789A8F75F645FAE2E136D252BF" +
+                "FAFF89528945C1ABE705A38DBC2D364AADE99BE0D0AAD82E" +
+                "5320121496DC65B3930E38047294FF877831A16D5228418D" +
+                "E8AB275D7D75651CEFED65F78AFC3EA7FE4D79B35F62A040" +
+                "2A1117599ADAC7B269A59F353CF450E6982D3B1702D9CA83", 16)))
+            {
+                fail("P incorrect");
+            }
+
+            if (!params.getG().equals(new BigInteger(
+                "A59A749A11242C58C894E9E5A91804E8"+
+                "FA0AC64B56288F8D47D51B1EDC4D65444FECA0111D78F35F"+
+                "C9FDD4CB1F1B79A3BA9CBEE83A3F811012503C8117F98E50"+
+                "48B089E387AF6949BF8784EBD9EF45876F2E6A5A495BE64B"+
+                "6E770409494B7FEE1DBB1E4B2BC2A53D4F893D418B715959"+
+                "2E4FFFDF6969E91D770DAEBD0B5CB14C00AD68EC7DC1E574"+
+                "5EA55C706C4A1C5C88964E34D09DEB753AD418C1AD0F4FDF"+
+                "D049A955E5D78491C0B7A2F1575A008CCD727AB376DB6E69"+
+                "5515B05BD412F5B8C2F4C77EE10DA48ABD53F5DD498927EE"+
+                "7B692BBBCDA2FB23A516C5B4533D73980B2A3B60E384ED20"+
+                "0AE21B40D273651AD6060C13D97FD69AA13C5611A51B9085", 16)))
+            {
+                fail("G incorrect");
+            }
+
+            DSAKeyPairGenerator kpGen = new DSAKeyPairGenerator();
+
+            kpGen.init(new DSAKeyGenerationParameters(new FixedSecureRandom(Hex.decode("00D0F09ED3E2568F6CADF9224117DA2AEC5A4300E009DE1366023E17")), params));
+
+            AsymmetricCipherKeyPair kp = kpGen.generateKeyPair();
+
+            DSAPublicKeyParameters pub = (DSAPublicKeyParameters)kp.getPublic();
+            DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)kp.getPrivate();
+
+            if (!pub.getY().equals(new BigInteger(
+                "70035C9A3B225B258F16741F3941FBF0" +
+                "6F3D056CD7BD864604CBB5EE9DD85304EE8E8E4ABD5E9032" +
+                "11DDF25CE149075510ACE166970AFDC7DF552B7244F342FA" +
+                "02F7A621405B754909D757F97290E1FE5036E904CF593446" +
+                "0C046D95659821E1597ED9F2B1F0E20863A6BBD0CE74DACB" +
+                "A5D8C68A90B29C2157CDEDB82EC12B81EE3068F9BF5F7F34" +
+                "6ECA41ED174CCCD7D154FA4F42F80FFE1BF46AE9D8125DEB" +
+                "5B4BA08A72BDD86596DBEDDC9550FDD650C58F5AE5133509" +
+                "A702F79A31ECB490F7A3C5581631F7C5BE4FF7F9E9F27FA3" +
+                "90E47347AD1183509FED6FCF198BA9A71AB3335B4F38BE8D" +
+                "15496A00B6DC2263E20A5F6B662320A3A1EC033AA61E3B68", 16)))
+            {
+                fail("Y value incorrect");
+            }
+
+            if (!priv.getX().equals(
+                new BigInteger("00D0F09ED3E2568F6CADF9224117DA2AEC5A4300E009DE1366023E17", 16)))
+            {
+                fail("X value incorrect");
+            }
+
+            DSASigner signer = new DSASigner();
+
+            signer.init(true, new ParametersWithRandom(kp.getPrivate(), new FixedSecureRandom(Hex.decode("735959CC4463B8B440E407EECA8A473BF6A6D1FE657546F67D401F05"))));
+
+            byte[] msg = Hex.decode("23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7");
+
+            BigInteger[] sig = signer.generateSignature(msg);
+
+            if (!sig[0].equals(new BigInteger("4400138D05F9639CAF54A583CAAF25D2B76D0C3EAD752CE17DBC85FE", 16)))
+            {
+                fail("R value incorrect");
+            }
+
+            if (!sig[1].equals(new BigInteger("874D4F12CB13B61732D398445698CFA9D92381D938AA57EE2C9327B3", 16)))
+            {
+                fail("S value incorrect");
+            }
+
+            signer.init(false, kp.getPublic());
+
+            if (!signer.verifySignature(msg, sig[0], sig[1]))
+            {
+                fail("signature not verified");
+            }
+        }
+
+    private void dsa2Test3()
+    {
+        byte[] seed = Hex.decode("4783081972865EA95D43318AB2EAF9C61A2FC7BBF1B772A09017BDF5A58F4FF0");
+
+        DSAParametersGenerator pGen = new DSAParametersGenerator(new SHA256Digest());
+
+        pGen.init(new DSAParameterGenerationParameters(2048, 256, 80, new DSATestSecureRandom(seed)));
+
+        DSAParameters params = pGen.generateParameters();
+
+        DSAValidationParameters pv = params.getValidationParameters();
+
+        if (pv.getCounter() != 12)
+        {
+            fail("counter incorrect");
+        }
+
+        if (!Arrays.areEqual(seed, pv.getSeed()))
+        {
+            fail("seed incorrect");
+        }
+
+        if (!params.getQ().equals(new BigInteger("C24ED361870B61E0D367F008F99F8A1F75525889C89DB1B673C45AF5867CB467", 16)))
+        {
+            fail("Q incorrect");
+        }
+
+        if (!params.getP().equals(new BigInteger(
+            "F56C2A7D366E3EBDEAA1891FD2A0D099" +
+            "436438A673FED4D75F594959CFFEBCA7BE0FC72E4FE67D91" +
+            "D801CBA0693AC4ED9E411B41D19E2FD1699C4390AD27D94C" +
+            "69C0B143F1DC88932CFE2310C886412047BD9B1C7A67F8A2" +
+            "5909132627F51A0C866877E672E555342BDF9355347DBD43" +
+            "B47156B2C20BAD9D2B071BC2FDCF9757F75C168C5D9FC431" +
+            "31BE162A0756D1BDEC2CA0EB0E3B018A8B38D3EF2487782A" +
+            "EB9FBF99D8B30499C55E4F61E5C7DCEE2A2BB55BD7F75FCD" +
+            "F00E48F2E8356BDB59D86114028F67B8E07B127744778AFF" +
+            "1CF1399A4D679D92FDE7D941C5C85C5D7BFF91BA69F9489D" +
+            "531D1EBFA727CFDA651390F8021719FA9F7216CEB177BD75", 16)))
+        {
+            fail("P incorrect");
+        }
+
+        if (!params.getG().equals(new BigInteger(
+            "8DC6CC814CAE4A1C05A3E186A6FE27EA" +
+            "BA8CDB133FDCE14A963A92E809790CBA096EAA26140550C1" +
+            "29FA2B98C16E84236AA33BF919CD6F587E048C52666576DB" +
+            "6E925C6CBE9B9EC5C16020F9A44C9F1C8F7A8E611C1F6EC2" +
+            "513EA6AA0B8D0F72FED73CA37DF240DB57BBB27431D61869" +
+            "7B9E771B0B301D5DF05955425061A30DC6D33BB6D2A32BD0" +
+            "A75A0A71D2184F506372ABF84A56AEEEA8EB693BF29A6403" +
+            "45FA1298A16E85421B2208D00068A5A42915F82CF0B858C8" +
+            "FA39D43D704B6927E0B2F916304E86FB6A1B487F07D8139E" +
+            "428BB096C6D67A76EC0B8D4EF274B8A2CF556D279AD267CC" +
+            "EF5AF477AFED029F485B5597739F5D0240F67C2D948A6279", 16)))
+        {
+            fail("G incorrect");
+        }
+
+        DSAKeyPairGenerator kpGen = new DSAKeyPairGenerator();
+
+        kpGen.init(new DSAKeyGenerationParameters(new FixedSecureRandom(Hex.decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C")), params));
+
+        AsymmetricCipherKeyPair kp = kpGen.generateKeyPair();
+
+        DSAPublicKeyParameters pub = (DSAPublicKeyParameters)kp.getPublic();
+        DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)kp.getPrivate();
+
+        if (!pub.getY().equals(new BigInteger(
+            "2828003D7C747199143C370FDD07A286" +
+            "1524514ACC57F63F80C38C2087C6B795B62DE1C224BF8D1D" +
+            "1424E60CE3F5AE3F76C754A2464AF292286D873A7A30B7EA" +
+            "CBBC75AAFDE7191D9157598CDB0B60E0C5AA3F6EBE425500" +
+            "C611957DBF5ED35490714A42811FDCDEB19AF2AB30BEADFF" +
+            "2907931CEE7F3B55532CFFAEB371F84F01347630EB227A41" +
+            "9B1F3F558BC8A509D64A765D8987D493B007C4412C297CAF" +
+            "41566E26FAEE475137EC781A0DC088A26C8804A98C23140E" +
+            "7C936281864B99571EE95C416AA38CEEBB41FDBFF1EB1D1D" +
+            "C97B63CE1355257627C8B0FD840DDB20ED35BE92F08C49AE" +
+            "A5613957D7E5C7A6D5A5834B4CB069E0831753ECF65BA02B", 16)))
+        {
+            fail("Y value incorrect");
+        }
+
+        if (!priv.getX().equals(
+            new BigInteger("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C", 16)))
+        {
+            fail("X value incorrect");
+        }
+
+        DSASigner signer = new DSASigner();
+
+        signer.init(true, new ParametersWithRandom(kp.getPrivate(), new FixedSecureRandom(Hex.decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C"))));
+
+        byte[] msg = Hex.decode("BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
+
+        BigInteger[] sig = signer.generateSignature(msg);
+
+        if (!sig[0].equals(new BigInteger("315C875DCD4850E948B8AC42824E9483A32D5BA5ABE0681B9B9448D444F2BE3C", 16)))
+        {
+            fail("R value incorrect");
+        }
+
+        if (!sig[1].equals(new BigInteger("89718D12E54A8D9ED066E4A55F7ED5A2229CD23B9A3CEE78F83ED6AA61F6BCB9", 16)))
+        {
+            fail("S value incorrect");
+        }
+
+        signer.init(false, kp.getPublic());
+
+        if (!signer.verifySignature(msg, sig[0], sig[1]))
+        {
+            fail("signature not verified");
+        }
+    }
+
+    private void dsa2Test4()
+    {
+        byte[] seed = Hex.decode("193AFCA7C1E77B3C1ECC618C81322E47B8B8B997C9C83515C59CC446C2D9BD47");
+
+        DSAParametersGenerator pGen = new DSAParametersGenerator(new SHA256Digest());
+
+        pGen.init(new DSAParameterGenerationParameters(3072, 256, 80, new DSATestSecureRandom(seed)));
+
+        DSAParameters params = pGen.generateParameters();
+
+        DSAValidationParameters pv = params.getValidationParameters();
+
+        if (pv.getCounter() != 20)
+        {
+            fail("counter incorrect");
+        }
+
+        if (!Arrays.areEqual(seed, pv.getSeed()))
+        {
+            fail("seed incorrect");
+        }
+
+        if (!params.getQ().equals(new BigInteger("CFA0478A54717B08CE64805B76E5B14249A77A4838469DF7F7DC987EFCCFB11D", 16)))
+        {
+            fail("Q incorrect");
+        }
+
+        if (!params.getP().equals(new BigInteger(
+            "90066455B5CFC38F9CAA4A48B4281F292C260FEEF01FD610" +
+            "37E56258A7795A1C7AD46076982CE6BB956936C6AB4DCFE0" +
+            "5E6784586940CA544B9B2140E1EB523F009D20A7E7880E4E" +
+            "5BFA690F1B9004A27811CD9904AF70420EEFD6EA11EF7DA1" +
+            "29F58835FF56B89FAA637BC9AC2EFAAB903402229F491D8D" +
+            "3485261CD068699B6BA58A1DDBBEF6DB51E8FE34E8A78E54" +
+            "2D7BA351C21EA8D8F1D29F5D5D15939487E27F4416B0CA63" +
+            "2C59EFD1B1EB66511A5A0FBF615B766C5862D0BD8A3FE7A0" +
+            "E0DA0FB2FE1FCB19E8F9996A8EA0FCCDE538175238FC8B0E" +
+            "E6F29AF7F642773EBE8CD5402415A01451A840476B2FCEB0" +
+            "E388D30D4B376C37FE401C2A2C2F941DAD179C540C1C8CE0" +
+            "30D460C4D983BE9AB0B20F69144C1AE13F9383EA1C08504F" +
+            "B0BF321503EFE43488310DD8DC77EC5B8349B8BFE97C2C56" +
+            "0EA878DE87C11E3D597F1FEA742D73EEC7F37BE43949EF1A" +
+            "0D15C3F3E3FC0A8335617055AC91328EC22B50FC15B941D3" +
+            "D1624CD88BC25F3E941FDDC6200689581BFEC416B4B2CB73", 16)))
+        {
+            fail("P incorrect");
+        }
+
+        if (!params.getG().equals(new BigInteger(
+            "5E5CBA992E0A680D885EB903AEA78E4A45A469103D448EDE" +
+            "3B7ACCC54D521E37F84A4BDD5B06B0970CC2D2BBB715F7B8" +
+            "2846F9A0C393914C792E6A923E2117AB805276A975AADB52" +
+            "61D91673EA9AAFFEECBFA6183DFCB5D3B7332AA19275AFA1" +
+            "F8EC0B60FB6F66CC23AE4870791D5982AAD1AA9485FD8F4A" +
+            "60126FEB2CF05DB8A7F0F09B3397F3937F2E90B9E5B9C9B6" +
+            "EFEF642BC48351C46FB171B9BFA9EF17A961CE96C7E7A7CC" +
+            "3D3D03DFAD1078BA21DA425198F07D2481622BCE45969D9C" +
+            "4D6063D72AB7A0F08B2F49A7CC6AF335E08C4720E31476B6" +
+            "7299E231F8BD90B39AC3AE3BE0C6B6CACEF8289A2E2873D5" +
+            "8E51E029CAFBD55E6841489AB66B5B4B9BA6E2F784660896" +
+            "AFF387D92844CCB8B69475496DE19DA2E58259B090489AC8" +
+            "E62363CDF82CFD8EF2A427ABCD65750B506F56DDE3B98856" +
+            "7A88126B914D7828E2B63A6D7ED0747EC59E0E0A23CE7D8A" +
+            "74C1D2C2A7AFB6A29799620F00E11C33787F7DED3B30E1A2" +
+            "2D09F1FBDA1ABBBFBF25CAE05A13F812E34563F99410E73B", 16)))
+        {
+            fail("G incorrect");
+        }
+
+        DSAKeyPairGenerator kpGen = new DSAKeyPairGenerator();
+
+        kpGen.init(new DSAKeyGenerationParameters(new FixedSecureRandom(Hex.decode("3ABC1587297CE7B9EA1AD6651CF2BC4D7F92ED25CABC8553F567D1B40EBB8764")), params));
+
+        AsymmetricCipherKeyPair kp = kpGen.generateKeyPair();
+
+        DSAPublicKeyParameters pub = (DSAPublicKeyParameters)kp.getPublic();
+        DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)kp.getPrivate();
+
+        if (!pub.getY().equals(new BigInteger(
+            "8B891C8692D3DE875879390F2698B26FBECCA6B075535DCE" +
+            "6B0C862577F9FA0DEF6074E7A7624121224A595896ABD4CD" +
+            "A56B2CEFB942E025D2A4282FFAA98A48CDB47E1A6FCB5CFB" +
+            "393EF35AF9DF913102BB303C2B5C36C3F8FC04ED7B8B69FE" +
+            "FE0CF3E1FC05CFA713B3435B2656E913BA8874AEA9F93600" +
+            "6AEB448BCD005D18EC3562A33D04CF25C8D3D69844343442" +
+            "FA3DB7DE618C5E2DA064573E61E6D5581BFB694A23AC87FD" +
+            "5B52D62E954E1376DB8DDB524FFC0D469DF978792EE44173" +
+            "8E5DB05A7DC43E94C11A2E7A4FBE383071FA36D2A7EC8A93" +
+            "88FE1C4F79888A99D3B6105697C2556B79BB4D7E781CEBB3" +
+            "D4866AD825A5E830846072289FDBC941FA679CA82F5F78B7" +
+            "461B2404DB883D215F4E0676CF5493950AC5591697BFEA8D" +
+            "1EE6EC016B89BA51CAFB5F9C84C989FA117375E94578F28B" +
+            "E0B34CE0545DA46266FD77F62D8F2CEE92AB77012AFEBC11" +
+            "008985A821CD2D978C7E6FE7499D1AAF8DE632C21BB48CA5" +
+            "CBF9F31098FD3FD3854C49A65D9201744AACE540354974F9", 16)))
+        {
+            fail("Y value incorrect");
+        }
+
+        if (!priv.getX().equals(
+            new BigInteger("3ABC1587297CE7B9EA1AD6651CF2BC4D7F92ED25CABC8553F567D1B40EBB8764", 16)))
+        {
+            fail("X value incorrect");
+        }
+
+        DSASigner signer = new DSASigner();
+
+        signer.init(true, new ParametersWithRandom(kp.getPrivate(), new FixedSecureRandom(Hex.decode("A6902C1E6E3943C5628061588A8B007BCCEA91DBF12915483F04B24AB0678BEE"))));
+
+        byte[] msg = Hex.decode("BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
+
+        BigInteger[] sig = signer.generateSignature(msg);
+
+        if (!sig[0].equals(new BigInteger("5F184E645A38BE8FB4A6871B6503A9D12924C7ABE04B71410066C2ECA6E3BE3E", 16)))
+        {
+            fail("R value incorrect");
+        }
+
+        if (!sig[1].equals(new BigInteger("91EB0C7BA3D4B9B60B825C3D9F2CADA8A2C9D7723267B033CBCDCF8803DB9C18", 16)))
+        {
+            fail("S value incorrect");
+        }
+
+        signer.init(false, kp.getPublic());
+
+        if (!signer.verifySignature(msg, sig[0], sig[1]))
+        {
+            fail("signature not verified");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new DSATest());
+    }
+
+    private class DSATestSecureRandom
+        extends FixedSecureRandom
+    {
+        private boolean first = true;
+
+        public DSATestSecureRandom(byte[] value)
+        {
+            super(value);
+        }
+
+       public void nextBytes(byte[] bytes)
+       {
+           if (first)
+           {
+               super.nextBytes(bytes);
+               first = false;
+           }
+           else
+           {
+               bytes[bytes.length - 1] = 2;
+           }
+       }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/DSTU4145Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/DSTU4145Test.java
new file mode 100644
index 0000000..2d3013d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/DSTU4145Test.java
@@ -0,0 +1,278 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.signers.DSTU4145Signer;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.FixedSecureRandom;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class DSTU4145Test
+    extends SimpleTest
+{
+    private static final BigInteger ZERO = BigInteger.valueOf(0);
+    private static final BigInteger ONE = BigInteger.valueOf(1);
+
+    public static void main(String[] args)
+    {
+        runTest(new DSTU4145Test());
+    }
+
+    public String getName()
+    {
+        return "DSTU4145";
+    }
+
+    private void test163()
+        throws Exception
+    {
+        SecureRandom random = new FixedSecureRandom(Hex.decode("01025e40bd97db012b7a1d79de8e12932d247f61c6"));
+
+        byte[] hash = Hex.decode("09c9c44277910c9aaee486883a2eb95b7180166ddf73532eeb76edaef52247ff");
+        for (int i = 0; i < hash.length / 2; i++)
+        {
+            byte tmp = hash[i];
+            hash[i] = hash[hash.length - 1 - i];
+            hash[hash.length - 1 - i] = tmp;
+        }
+
+        BigInteger r = new BigInteger("274ea2c0caa014a0d80a424f59ade7a93068d08a7", 16);
+        BigInteger s = new BigInteger("2100d86957331832b8e8c230f5bd6a332b3615aca", 16);
+
+        ECCurve.F2m curve = new ECCurve.F2m(163, 3, 6, 7, ONE, new BigInteger("5FF6108462A2DC8210AB403925E638A19C1455D21", 16));
+        ECPoint P = curve.createPoint(new BigInteger("72d867f93a93ac27df9ff01affe74885c8c540420", 16), new BigInteger("0224a9c3947852b97c5599d5f4ab81122adc3fd9b", 16));
+        BigInteger n = new BigInteger("400000000000000000002BEC12BE2262D39BCF14D", 16);
+
+        BigInteger d = new BigInteger("183f60fdf7951ff47d67193f8d073790c1c9b5a3e", 16);
+        ECPoint Q = P.multiply(d).negate();
+
+        ECDomainParameters domain = new ECDomainParameters(curve, P, n);
+        CipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
+
+        DSTU4145Signer dstuSigner = new DSTU4145Signer();
+        dstuSigner.init(true, privKey);
+        BigInteger[] rs = dstuSigner.generateSignature(hash);
+
+        if (rs[0].compareTo(r) != 0)
+        {
+            fail("r component wrong");
+        }
+
+        if (rs[1].compareTo(s) != 0)
+        {
+            fail("s component wrong");
+        }
+
+        dstuSigner.init(false, pubKey);
+        if (!dstuSigner.verifySignature(hash, r, s))
+        {
+            fail("verification fails");
+        }
+    }
+
+    private void test173()
+        throws Exception
+    {
+        SecureRandom random = new FixedSecureRandom(Hex.decode("0000137449348C1249971759D99C252FFE1E14D8B31F"));
+
+        byte[] hash = Hex.decode("0137187EA862117EF1484289470ECAC802C5A651FDA8");
+        for (int i = 0; i < hash.length / 2; i++)
+        {
+            byte tmp = hash[i];
+            hash[i] = hash[hash.length - 1 - i];
+            hash[hash.length - 1 - i] = tmp;
+        }
+
+        BigInteger r = new BigInteger("13ae89746386709cdbd237cc5ec20ca30004a82ead8", 16);
+        BigInteger s = new BigInteger("3597912cdd093b3e711ccb74a79d3c4ab4c7cccdc60", 16);
+
+        ECCurve.F2m curve = new ECCurve.F2m(173, 1, 2, 10, ZERO, new BigInteger("108576C80499DB2FC16EDDF6853BBB278F6B6FB437D9", 16));
+        ECPoint P = curve.createPoint(new BigInteger("BE6628EC3E67A91A4E470894FBA72B52C515F8AEE9", 16), new BigInteger("D9DEEDF655CF5412313C11CA566CDC71F4DA57DB45C", 16));
+        BigInteger n = new BigInteger("800000000000000000000189B4E67606E3825BB2831", 16);
+
+        BigInteger d = new BigInteger("955CD7E344303D1034E66933DC21C8044D42ADB8", 16);
+        ECPoint Q = P.multiply(d).negate();
+
+        ECDomainParameters domain = new ECDomainParameters(curve, P, n);
+        CipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
+
+        DSTU4145Signer dstuSigner = new DSTU4145Signer();
+        dstuSigner.init(true, privKey);
+        BigInteger[] rs = dstuSigner.generateSignature(hash);
+
+        if (rs[0].compareTo(r) != 0)
+        {
+            fail("r component wrong");
+        }
+
+        if (rs[1].compareTo(s) != 0)
+        {
+            fail("s component wrong");
+        }
+
+        dstuSigner.init(false, pubKey);
+        if (!dstuSigner.verifySignature(hash, r, s))
+        {
+            fail("verification fails");
+        }
+    }
+
+    private void test283()
+        throws Exception
+    {
+        SecureRandom random = new FixedSecureRandom(Hex.decode("00000000245383CB3AD41BF30F5F7E8FBA858509B2D5558C92D539A6D994BFA98BC6940E"));
+
+        byte[] hash = Hex.decode("0137187EA862117EF1484289470ECAC802C5A651FDA8");
+        for (int i = 0; i < hash.length / 2; i++)
+        {
+            byte tmp = hash[i];
+            hash[i] = hash[hash.length - 1 - i];
+            hash[hash.length - 1 - i] = tmp;
+        }
+
+        BigInteger r = new BigInteger("12a5edcc38d92208ff23036d75b000c7e4bc0f9af2d40b35f15d6fd15e01234e67781a8", 16);
+        BigInteger s = new BigInteger("2de0775577f75b643cf5afc80d4fe10b21100690f17e2cab7bdc9b50ec87c5727aeb515", 16);
+
+        ECCurve.F2m curve = new ECCurve.F2m(283, 5, 7, 12, ONE, new BigInteger("27B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", 16));
+        ECPoint P = curve.createPoint(new BigInteger("4D95820ACE761110824CE425C8089129487389B7F0E0A9D043DDC0BB0A4CC9EB25", 16), new BigInteger("954C9C4029B2C62DE35C2B9C2A164984BF1101951E3A68ED03DF234DDE5BB2013152F2", 16));
+        BigInteger n = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", 16);
+
+        BigInteger d = new BigInteger("B844EEAF15213E4BAD4FB84796D68F2448DB8EB7B4621EC0D51929874892C43E", 16);
+        ECPoint Q = P.multiply(d).negate();
+
+        ECDomainParameters domain = new ECDomainParameters(curve, P, n);
+        CipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
+
+        DSTU4145Signer dstuSigner = new DSTU4145Signer();
+        dstuSigner.init(true, privKey);
+        BigInteger[] rs = dstuSigner.generateSignature(hash);
+
+        if (rs[0].compareTo(r) != 0)
+        {
+            fail("r component wrong");
+        }
+
+        if (rs[1].compareTo(s) != 0)
+        {
+            fail("s component wrong");
+        }
+
+        dstuSigner.init(false, pubKey);
+        if (!dstuSigner.verifySignature(hash, r, s))
+        {
+            fail("verification fails");
+        }
+    }
+
+    private void test431()
+        throws Exception
+    {
+        SecureRandom random = new FixedSecureRandom(Hex.decode("0000C4224DBBD800988DBAA39DE838294C345CDA5F5929D1174AA8D9340A5E79D10ACADE6B53CF873E7301A3871C2073AD75AB530457"));
+
+        byte[] hash = Hex.decode("0137187EA862117EF1484289470ECAC802C5A651FDA8");
+        for (int i = 0; i < hash.length / 2; i++)
+        {
+            byte tmp = hash[i];
+            hash[i] = hash[hash.length - 1 - i];
+            hash[hash.length - 1 - i] = tmp;
+        }
+
+        BigInteger r = new BigInteger("1911fefb1f494bebcf8dffdf5276946ff9c9f662192ee18c718db47310a439c784fe07577b16e1edbe16179876e0792a634f1c9c3a2e", 16);
+        BigInteger s = new BigInteger("3852170ee801c2083c52f1ea77b987a5432acecd9c654f064e87bf179e0a397151edbca430082e43bd38a67b55424b5bbc7f2713f620", 16);
+
+        ECCurve.F2m curve = new ECCurve.F2m(431, 1, 3, 5, ONE, new BigInteger("3CE10490F6A708FC26DFE8C3D27C4F94E690134D5BFF988D8D28AAEAEDE975936C66BAC536B18AE2DC312CA493117DAA469C640CAF3", 16));
+        ECPoint P = curve.createPoint(new BigInteger("9548BCDF314CEEEAF099C780FFEFBF93F9FE5B5F55547603C9C8FC1A2774170882B3BE35E892C6D4296B8DEA282EC30FB344272791", 16), new BigInteger("4C6CBD7C62A8EEEFDE17A8B5E196E49A22CE6DE128ABD9FBD81FA4411AD5A38E2A810BEDE09A7C6226BCDCB4A4A5DA37B4725E00AA74", 16));
+        BigInteger n = new BigInteger("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBA3175458009A8C0A724F02F81AA8A1FCBAF80D90C7A95110504CF", 16);
+
+        BigInteger d = new BigInteger("D0F97354E314191FD773E2404F478C8AEE0FF5109F39E6F37D1FEEC8B2ED1691D84C9882CC729E716A71CC013F66CAC60E29E22C", 16);
+        ECPoint Q = P.multiply(d).negate();
+
+        ECDomainParameters domain = new ECDomainParameters(curve, P, n);
+        CipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
+
+        DSTU4145Signer dstuSigner = new DSTU4145Signer();
+        dstuSigner.init(true, privKey);
+        BigInteger[] rs = dstuSigner.generateSignature(hash);
+
+        if (rs[0].compareTo(r) != 0)
+        {
+            fail("r component wrong");
+        }
+
+        if (rs[1].compareTo(s) != 0)
+        {
+            fail("s component wrong");
+        }
+
+        dstuSigner.init(false, pubKey);
+        if (!dstuSigner.verifySignature(hash, r, s))
+        {
+            fail("verification fails");
+        }
+    }
+
+    private void testTruncation()
+    {
+        SecureRandom random = new FixedSecureRandom(Hex.decode("0000C4224DBBD800988DBAA39DE838294C345CDA5F5929D1174AA8D9340A5E79D10ACADE6B53CF873E7301A3871C2073AD75AB530457"));
+
+        // use extra long "hash" with set bits...
+        byte[] hash = Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
+
+        ECCurve.F2m curve = new ECCurve.F2m(173, 1, 2, 10, ZERO, new BigInteger("108576C80499DB2FC16EDDF6853BBB278F6B6FB437D9", 16));
+        ECPoint P = curve.createPoint(new BigInteger("BE6628EC3E67A91A4E470894FBA72B52C515F8AEE9", 16), new BigInteger("D9DEEDF655CF5412313C11CA566CDC71F4DA57DB45C", 16));
+        BigInteger n = new BigInteger("800000000000000000000189B4E67606E3825BB2831", 16);
+
+        BigInteger d = new BigInteger("955CD7E344303D1034E66933DC21C8044D42ADB8", 16);
+        ECPoint Q = P.multiply(d).negate();
+
+        ECDomainParameters domain = new ECDomainParameters(curve, P, n);
+        CipherParameters privKey = new ParametersWithRandom(new ECPrivateKeyParameters(d, domain), random);
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(Q, domain);
+
+        DSTU4145Signer dstuSigner = new DSTU4145Signer();
+        dstuSigner.init(true, privKey);
+        BigInteger[] rs = dstuSigner.generateSignature(hash);
+
+        BigInteger r = new BigInteger("6bb5c0cb82e5067485458ebfe81025f03b687c63a27", 16);
+        BigInteger s = new BigInteger("34d6b1868969b86ecf934167c8fe352c63d1074bd", 16);
+
+        if (rs[0].compareTo(r) != 0)
+        {
+            fail("r component wrong");
+        }
+
+        if (rs[1].compareTo(s) != 0)
+        {
+            fail("s component wrong");
+        }
+
+        dstuSigner.init(false, pubKey);
+        if (!dstuSigner.verifySignature(hash, rs[0], rs[1]))
+        {
+            fail("verification fails");
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        test163();
+        test173();
+        test283();
+        test431();
+        testTruncation();
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/DeterministicDSATest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/DeterministicDSATest.java
new file mode 100644
index 0000000..c47cf8e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/DeterministicDSATest.java
@@ -0,0 +1,513 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA224Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.digests.SHA384Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.params.DSAParameters;
+import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.signers.DSASigner;
+import org.bouncycastle.crypto.signers.ECDSASigner;
+import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Tests are taken from RFC 6979 - "Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)"
+ */
+public class DeterministicDSATest
+    extends SimpleTest
+{
+
+    public static final byte[] SAMPLE = Hex.decode("73616d706c65"); // "sample"
+    public static final byte[] TEST = Hex.decode("74657374"); // "test"
+
+    // test vectors from appendix in RFC 6979
+    private void testHMacDeterministic()
+    {
+        DSAParameters dsaParameters = new DSAParameters(
+            new BigInteger("86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447" +
+                           "E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88" +
+                           "73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C" +
+                           "881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779", 16),
+            new BigInteger("996F967F6C8E388D9E28D01E205FBA957A5698B1", 16),
+            new BigInteger("07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D" +
+                           "89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD" +
+                           "87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4" +
+                           "17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD", 16));
+
+        DSAPrivateKeyParameters privKey = new DSAPrivateKeyParameters(new BigInteger("411602CB19A6CCC34494D79D98EF1E7ED5AF25F7", 16), dsaParameters);
+
+        doTestHMACDetDSASample(new SHA1Digest(), privKey, new BigInteger("2E1A0C2562B2912CAAF89186FB0F42001585DA55", 16), new BigInteger("29EFB6B0AFF2D7A68EB70CA313022253B9A88DF5", 16));
+        doTestHMACDetDSASample(new SHA224Digest(), privKey, new BigInteger("4BC3B686AEA70145856814A6F1BB53346F02101E", 16), new BigInteger("410697B92295D994D21EDD2F4ADA85566F6F94C1", 16));
+        doTestHMACDetDSASample(new SHA256Digest(), privKey, new BigInteger("81F2F5850BE5BC123C43F71A3033E9384611C545", 16), new BigInteger("4CDD914B65EB6C66A8AAAD27299BEE6B035F5E89", 16));
+        doTestHMACDetDSASample(new SHA384Digest(), privKey, new BigInteger("07F2108557EE0E3921BC1774F1CA9B410B4CE65A", 16), new BigInteger("54DF70456C86FAC10FAB47C1949AB83F2C6F7595", 16));
+        doTestHMACDetDSASample(new SHA512Digest(), privKey, new BigInteger("16C3491F9B8C3FBBDD5E7A7B667057F0D8EE8E1B", 16), new BigInteger("02C36A127A7B89EDBB72E4FFBC71DABC7D4FC69C", 16));
+
+        doTestHMACDetDSATest(new SHA1Digest(), privKey, new BigInteger("42AB2052FD43E123F0607F115052A67DCD9C5C77", 16), new BigInteger("183916B0230D45B9931491D4C6B0BD2FB4AAF088", 16));
+        doTestHMACDetDSATest(new SHA224Digest(), privKey, new BigInteger("6868E9964E36C1689F6037F91F28D5F2C30610F2", 16), new BigInteger("49CEC3ACDC83018C5BD2674ECAAD35B8CD22940F", 16));
+        doTestHMACDetDSATest(new SHA256Digest(), privKey, new BigInteger("22518C127299B0F6FDC9872B282B9E70D0790812", 16), new BigInteger("6837EC18F150D55DE95B5E29BE7AF5D01E4FE160", 16));
+        doTestHMACDetDSATest(new SHA384Digest(), privKey, new BigInteger("854CF929B58D73C3CBFDC421E8D5430CD6DB5E66", 16), new BigInteger("91D0E0F53E22F898D158380676A871A157CDA622", 16));
+        doTestHMACDetDSATest(new SHA512Digest(), privKey, new BigInteger("8EA47E475BA8AC6F2D821DA3BD212D11A3DEB9A0", 16), new BigInteger("7C670C7AD72B6C050C109E1790008097125433E8", 16));
+
+        dsaParameters = new DSAParameters(
+                                new BigInteger("9DB6FB5951B66BB6FE1E140F1D2CE5502374161FD6538DF1648218642F0B5C48" +
+                                    "C8F7A41AADFA187324B87674FA1822B00F1ECF8136943D7C55757264E5A1A44F" +
+                                    "FE012E9936E00C1D3E9310B01C7D179805D3058B2A9F4BB6F9716BFE6117C6B5" +
+                                    "B3CC4D9BE341104AD4A80AD6C94E005F4B993E14F091EB51743BF33050C38DE2" +
+                                    "35567E1B34C3D6A5C0CEAA1A0F368213C3D19843D0B4B09DCB9FC72D39C8DE41" +
+                                    "F1BF14D4BB4563CA28371621CAD3324B6A2D392145BEBFAC748805236F5CA2FE" +
+                                    "92B871CD8F9C36D3292B5509CA8CAA77A2ADFC7BFD77DDA6F71125A7456FEA15" +
+                                    "3E433256A2261C6A06ED3693797E7995FAD5AABBCFBE3EDA2741E375404AE25B", 16),
+                                new BigInteger("F2C3119374CE76C9356990B465374A17F23F9ED35089BD969F61C6DDE9998C1F", 16),
+                                new BigInteger("5C7FF6B06F8F143FE8288433493E4769C4D988ACE5BE25A0E24809670716C613" +
+                                    "D7B0CEE6932F8FAA7C44D2CB24523DA53FBE4F6EC3595892D1AA58C4328A06C4" +
+                                    "6A15662E7EAA703A1DECF8BBB2D05DBE2EB956C142A338661D10461C0D135472" +
+                                    "085057F3494309FFA73C611F78B32ADBB5740C361C9F35BE90997DB2014E2EF5" +
+                                    "AA61782F52ABEB8BD6432C4DD097BC5423B285DAFB60DC364E8161F4A2A35ACA" +
+                                    "3A10B1C4D203CC76A470A33AFDCBDD92959859ABD8B56E1725252D78EAC66E71" +
+                                    "BA9AE3F1DD2487199874393CD4D832186800654760E1E34C09E4D155179F9EC0" +
+                                    "DC4473F996BDCE6EED1CABED8B6F116F7AD9CF505DF0F998E34AB27514B0FFE7", 16));
+
+        privKey = new DSAPrivateKeyParameters(new BigInteger("69C7548C21D0DFEA6B9A51C9EAD4E27C33D3B3F180316E5BCAB92C933F0E4DBC", 16), dsaParameters);
+
+        doTestHMACDetDSASample(new SHA1Digest(), privKey, new BigInteger("3A1B2DBD7489D6ED7E608FD036C83AF396E290DBD602408E8677DAABD6E7445A", 16), new BigInteger("D26FCBA19FA3E3058FFC02CA1596CDBB6E0D20CB37B06054F7E36DED0CDBBCCF", 16));
+        doTestHMACDetDSASample(new SHA224Digest(), privKey, new BigInteger("DC9F4DEADA8D8FF588E98FED0AB690FFCE858DC8C79376450EB6B76C24537E2C", 16), new BigInteger("A65A9C3BC7BABE286B195D5DA68616DA8D47FA0097F36DD19F517327DC848CEC", 16));
+        doTestHMACDetDSASample(new SHA256Digest(), privKey, new BigInteger("EACE8BDBBE353C432A795D9EC556C6D021F7A03F42C36E9BC87E4AC7932CC809", 16), new BigInteger("7081E175455F9247B812B74583E9E94F9EA79BD640DC962533B0680793A38D53", 16));
+        doTestHMACDetDSASample(new SHA384Digest(), privKey, new BigInteger("B2DA945E91858834FD9BF616EBAC151EDBC4B45D27D0DD4A7F6A22739F45C00B", 16), new BigInteger("19048B63D9FD6BCA1D9BAE3664E1BCB97F7276C306130969F63F38FA8319021B", 16));
+        doTestHMACDetDSASample(new SHA512Digest(), privKey, new BigInteger("2016ED092DC5FB669B8EFB3D1F31A91EECB199879BE0CF78F02BA062CB4C942E", 16), new BigInteger("D0C76F84B5F091E141572A639A4FB8C230807EEA7D55C8A154A224400AFF2351", 16));
+
+        doTestHMACDetDSATest(new SHA1Digest(), privKey, new BigInteger("C18270A93CFC6063F57A4DFA86024F700D980E4CF4E2CB65A504397273D98EA0", 16), new BigInteger("414F22E5F31A8B6D33295C7539C1C1BA3A6160D7D68D50AC0D3A5BEAC2884FAA", 16));
+        doTestHMACDetDSATest(new SHA224Digest(), privKey, new BigInteger("272ABA31572F6CC55E30BF616B7A265312018DD325BE031BE0CC82AA17870EA3", 16), new BigInteger("E9CC286A52CCE201586722D36D1E917EB96A4EBDB47932F9576AC645B3A60806", 16));
+        doTestHMACDetDSATest(new SHA256Digest(), privKey, new BigInteger("8190012A1969F9957D56FCCAAD223186F423398D58EF5B3CEFD5A4146A4476F0", 16), new BigInteger("7452A53F7075D417B4B013B278D1BB8BBD21863F5E7B1CEE679CF2188E1AB19E", 16));
+        doTestHMACDetDSATest(new SHA384Digest(), privKey, new BigInteger("239E66DDBE8F8C230A3D071D601B6FFBDFB5901F94D444C6AF56F732BEB954BE", 16), new BigInteger("6BD737513D5E72FE85D1C750E0F73921FE299B945AAD1C802F15C26A43D34961", 16));
+        doTestHMACDetDSATest(new SHA512Digest(), privKey, new BigInteger("89EC4BB1400ECCFF8E7D9AA515CD1DE7803F2DAFF09693EE7FD1353E90A68307", 16), new BigInteger("C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1", 16));
+    }
+
+    private void doTestHMACDetDSASample(Digest digest, DSAPrivateKeyParameters privKey, BigInteger r, BigInteger s)
+    {
+        doTestHMACDetECDSA(new DSASigner(new HMacDSAKCalculator(digest)), digest, SAMPLE, privKey, r, s);
+    }
+
+    private void doTestHMACDetDSATest(Digest digest, DSAPrivateKeyParameters privKey, BigInteger r, BigInteger s)
+    {
+        doTestHMACDetECDSA(new DSASigner(new HMacDSAKCalculator(digest)), digest, TEST, privKey, r, s);
+    }
+
+    // test vectors from appendix in RFC 6979
+    private void testECHMacDeterministic()
+    {
+        X9ECParameters x9ECParameters = NISTNamedCurves.getByName("P-192");
+        ECDomainParameters ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        ECPrivateKeyParameters privKey = new ECPrivateKeyParameters(new BigInteger("6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey,   new BigInteger("98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF", 16), new BigInteger("57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64", 16));
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5", 16), new BigInteger("E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A", 16));
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55", 16), new BigInteger("CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85", 16));
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5", 16), new BigInteger("C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8", 16), new BigInteger("3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey,   new BigInteger("0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D", 16), new BigInteger("EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7", 16));
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34", 16), new BigInteger("B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293", 16));
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE", 16), new BigInteger("5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F", 16));
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367", 16), new BigInteger("7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739", 16), new BigInteger("74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290", 16));
+
+        x9ECParameters = NISTNamedCurves.getByName("P-224");
+        ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        privKey = new ECPrivateKeyParameters(new BigInteger("F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey,   new BigInteger("22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC", 16), new BigInteger("66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69", 16));
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E", 16), new BigInteger("A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC", 16));
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA", 16), new BigInteger("BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101", 16));
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953", 16), new BigInteger("830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("074BD1D979D5F32BF958DDC61E4FB4872ADCAFEB2256497CDAC30397", 16), new BigInteger("A4CECA196C3D5A1FF31027B33185DC8EE43F288B21AB342E5D8EB084", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey,   new BigInteger("DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C", 16), new BigInteger("95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2", 16));
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019", 16), new BigInteger("902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4", 16));
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("AD04DDE87B84747A243A631EA47A1BA6D1FAA059149AD2440DE6FBA6", 16), new BigInteger("178D49B1AE90E3D8B629BE3DB5683915F4E8C99FDF6E666CF37ADCFD", 16));
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("389B92682E399B26518A95506B52C03BC9379A9DADF3391A21FB0EA4", 16), new BigInteger("414A718ED3249FF6DBC5B50C27F71F01F070944DA22AB1F78F559AAB", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("049F050477C5ADD858CAC56208394B5A55BAEBBE887FDF765047C17C", 16), new BigInteger("077EB13E7005929CEFA3CD0403C7CDCC077ADF4E44F3C41B2F60ECFF", 16));
+
+        x9ECParameters = NISTNamedCurves.getByName("P-256");
+        ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        privKey = new ECPrivateKeyParameters(new BigInteger("C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey,   new BigInteger("61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32", 16), new BigInteger("6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB", 16));
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F", 16), new BigInteger("B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C", 16));
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716", 16), new BigInteger("F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8", 16));
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF7719", 16), new BigInteger("4861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F00", 16), new BigInteger("2362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey,   new BigInteger("0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89", 16), new BigInteger("01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1", 16));
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692", 16), new BigInteger("C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D", 16));
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367", 16), new BigInteger("019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083", 16));
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB6", 16), new BigInteger("8DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04", 16), new BigInteger("39AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55", 16));
+
+        x9ECParameters = NISTNamedCurves.getByName("P-384");
+        ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        privKey = new ECPrivateKeyParameters(new BigInteger("6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8" +
+                                                            "96D5724E4C70A825F872C9EA60D2EDF5", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey, new BigInteger("EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA3" +
+                                                                    "7B9BA002899F6FDA3A4A9386790D4EB2", 16),
+                                                            new BigInteger("A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF" +
+                                                                    "26F49CA031D4857570CCB5CA4424A443", 16));
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366" +
+                                                                        "450F76EE3DE43F5A125333A6BE060122", 16),
+                                                              new BigInteger("9DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E483" +
+                                                                        "4C082C03D83028EFBF93A3C23940CA8D", 16));
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33" +
+                                                                        "BDE1E888E63355D92FA2B3C36D8FB2CD", 16),
+                                                                new BigInteger("F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB" +
+                                                                        "EFDC63ECCD1AC42EC0CB8668A4FA0AB0", 16));
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C" +
+                                                                        "81A648152E44ACF96E36DD1E80FABE46", 16),
+                                                                new BigInteger("99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F" +
+                                                                        "A329C145786E679E7B82C71A38628AC8", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C" +
+                                                                        "FE30F35CC900056D7C99CD7882433709", 16),
+                                                                new BigInteger("512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112" +
+                                                                        "DC7CC3EF3446DEFCEB01A45C2667FDD5", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey, new BigInteger("4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678" +
+                                                                    "ACD9D29876DAF46638645F7F404B11C7", 16),
+                                                            new BigInteger("D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A29916" +
+                                                                    "95BA1C84541327E966FA7B50F7382282", 16));
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E624" +
+                                                                    "64A9A817C47FF78B8C11066B24080E72", 16),
+                                                            new BigInteger("07041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C614" +
+                                                                    "1C53EA5ABEF0D8231077A04540A96B66", 16));
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559" +
+                                                                    "F918EEDAF2293BE5B475CC8F0188636B", 16),
+                                                            new BigInteger("2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D" +
+                                                                    "51AB373F9845C0514EEFB14024787265", 16));
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB" +
+                                                                    "0542A7F0812998DA8F1DD3CA3CF023DB", 16),
+                                                            new BigInteger("DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E0" +
+                                                                    "6A739F040649A667BF3B828246BAA5A5", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D0" +
+                                                                    "6FB6495CD21B4B6E340FC236584FB277", 16),
+                                                            new BigInteger("976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B22463" +
+                                                                    "4A2092CD3792E0159AD9CEE37659C736", 16));
+
+        x9ECParameters = NISTNamedCurves.getByName("P-521");
+        ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        privKey = new ECPrivateKeyParameters(new BigInteger("0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C" +
+                                                            "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83" +
+                                                            "538", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey,   new BigInteger("0343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910" +
+                                                                             "FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D" +
+                                                                             "75D", 16),
+                                                              new BigInteger("0E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D" +
+                                                                             "5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5" +
+                                                                             "D16", 16));
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("1776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A3" +
+                                                                            "0715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2E" +
+                                                                            "D2E", 16),
+                                                              new BigInteger("050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17B" +
+                                                                            "A41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B" +
+                                                                            "41F", 16));
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659" +
+                                                                             "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E" +
+                                                                             "1A7", 16),
+                                                              new BigInteger("04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916" +
+                                                                              "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E" +
+                                                                              "CFC", 16));
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4" +
+                                                                            "B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67" +
+                                                                            "451", 16),
+                                                              new BigInteger("1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5" +
+                                                                              "FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65" +
+                                                                              "D61", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1" +
+                                                                            "74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37" +
+                                                                            "7FA", 16),
+                                                              new BigInteger("0617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF2" +
+                                                                              "82623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A" +
+                                                                              "67A", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey,   new BigInteger("13BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0" +
+                                                                    "693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0" +
+                                                                    "367", 16),
+                                                              new BigInteger("1E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90" +
+                                                                  "F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC91679" +
+                                                                  "7FF", 16));
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("1C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086" +
+                                                                    "BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE1" +
+                                                                    "7FB", 16),
+                                                              new BigInteger("177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5" +
+                                                                  "BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD51" +
+                                                                  "9A4", 16));
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("00E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D807104" +
+                                                                    "2EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656" +
+                                                                    "AA8", 16),
+                                                              new BigInteger("0CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9" +
+                                                                  "FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694" +
+                                                                  "E86", 16));
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("14BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C" +
+                                                                    "89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF60755" +
+                                                                    "78C", 16),
+                                                              new BigInteger("133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0E" +
+                                                                  "D94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B" +
+                                                                  "979", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10" +
+                                                                    "CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47E" +
+                                                                    "E6D", 16),
+                                                              new BigInteger("1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78" +
+                                                                  "A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4D" +
+                                                                  "CE3", 16));
+
+        x9ECParameters = NISTNamedCurves.getByName("B-163");
+        ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        privKey = new ECPrivateKeyParameters(new BigInteger("35318FC447D48D7E6BC93B48617DDDEDF26AA658F", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey,   new BigInteger("153FEBD179A69B6122DEBF5BC61EB947B24C93526", 16), new BigInteger("37AC9C670F8CF18045049BAE7DD35553545C19E49", 16));
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("0A379E69C44F9C16EA3215EA39EB1A9B5D58CC955", 16), new BigInteger("04BAFF5308DA2A7FE2C1742769265AD3ED1D24E74", 16));
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("134E00F78FC1CB9501675D91C401DE20DDF228CDC", 16), new BigInteger("373273AEC6C36CB7BAFBB1903A5F5EA6A1D50B624", 16));
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("29430B935AF8E77519B0CA4F6903B0B82E6A21A66", 16), new BigInteger("1EA1415306E9353FA5AA54BC7C2581DFBB888440D", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("0B2F177A99F9DF2D51CCAF55F015F326E4B65E7A0", 16), new BigInteger("0DF1FB4487E9B120C5E970EFE48F55E406306C3A1", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey,   new BigInteger("256D4079C6C7169B8BC92529D701776A269D56308", 16), new BigInteger("341D3FFEC9F1EB6A6ACBE88E3C86A1C8FDEB8B8E1", 16));
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("28ECC6F1272CE80EA59DCF32F7AC2D861BA803393", 16), new BigInteger("0AD4AE2C06E60183C1567D2B82F19421FE3053CE2", 16));
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("227DF377B3FA50F90C1CB3CDCBBDBA552C1D35104", 16), new BigInteger("1F7BEAD92583FE920D353F368C1960D0E88B46A56", 16));
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("11811DAFEEA441845B6118A0DFEE8A0061231337D", 16), new BigInteger("36258301865EE48C5C6F91D63F62695002AB55B57", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("3B6BB95CA823BE2ED8E3972FF516EB8972D765571", 16), new BigInteger("13DC6F420628969DF900C3FCC48220B38BE24A541", 16));
+
+        x9ECParameters = NISTNamedCurves.getByName("B-233");
+        ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        privKey = new ECPrivateKeyParameters(new BigInteger("07ADC13DD5BF34D1DDEEB50B2CE23B5F5E6D18067306D60C5F6FF11E5D3", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey,   new BigInteger("015CC6FD78BB06E0878E71465515EA5A21A2C18E6FC77B4B158DBEB3944", 16), new BigInteger("0822A4A6C2EB2DF213A5E90BF40377956365EE8C4B4A5A4E2EB9270CB6A", 16));
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("05D9920B53471148E10502AB49AB7A3F11084820A074FD89883CF51BC1A", 16), new BigInteger("04D3938900C0A9AAA7080D1DFEB56CFB0FADABE4214536C7ED5117ED13A", 16));
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("0A797F3B8AEFCE7456202DF1E46CCC291EA5A49DA3D4BDDA9A4B62D5E0D", 16), new BigInteger("01F6F81DA55C22DA4152134C661588F4BD6F82FDBAF0C5877096B070DC2", 16));
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("015E85A8D46225DD7E314A1C4289731FC14DECE949349FE535D11043B85", 16), new BigInteger("03F189D37F50493EFD5111A129443A662AB3C6B289129AD8C0CAC85119C", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("03B62A4BF783919098B1E42F496E65F7621F01D1D466C46940F0F132A95", 16), new BigInteger("0F4BE031C6E5239E7DAA014CBBF1ED19425E49DAEB426EC9DF4C28A2E30", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey,   new BigInteger("02F1FEDC57BE203E4C8C6B8C1CEB35E13C1FCD956AB41E3BD4C8A6EFB1F", 16), new BigInteger("05738EC8A8EDEA8E435EE7266AD3EDE1EEFC2CEBE2BE1D614008D5D2951", 16));
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("0CCE175124D3586BA7486F7146894C65C2A4A5A1904658E5C7F9DF5FA5D", 16), new BigInteger("08804B456D847ACE5CA86D97BF79FD6335E5B17F6C0D964B5D0036C867E", 16));
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("035C3D6DFEEA1CFB29B93BE3FDB91A7B130951770C2690C16833A159677", 16), new BigInteger("0600F7301D12AB376B56D4459774159ADB51F97E282FF384406AFD53A02", 16));
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("061602FC8068BFD5FB86027B97455D200EC603057446CCE4D76DB8EF42C", 16), new BigInteger("03396DD0D59C067BB999B422D9883736CF9311DFD6951F91033BD03CA8D", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("07E12CB60FDD614958E8E34B3C12DDFF35D85A9C5800E31EA2CC2EF63B1", 16), new BigInteger("0E8970FD99D836F3CC1C807A2C58760DE6EDAA23705A82B9CB1CE93FECC", 16));
+
+        x9ECParameters = NISTNamedCurves.getByName("B-283");
+        ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        privKey = new ECPrivateKeyParameters(new BigInteger("14510D4BC44F2D26F4553942C98073C1BD35545CEABB5CC138853C5158D2729EA408836", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey,   new BigInteger("201E18D48C6DB3D5D097C4DCE1E25587E1501FC3CF47BDB5B4289D79E273D6A9" +
+            "ACB8285", 16), new BigInteger("151AE05712B024CE617358260774C8CA8B0E7A7E72EF8229BF2ACE7609560CB3" +
+            "0322C4F", 16));
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("143E878DDFD4DF40D97B8CD638B3C4706501C2201CF7108F2FB91478C11D6947" +
+            "3246925", 16), new BigInteger("0CBF1B9717FEEA3AABB09D9654110144267098E0E1E8D0289A6211BE0EEDFDD8" +
+            "6A3DB79", 16));
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("29FD82497FB3E5CEF65579272138DE59E2B666B8689466572B3B69A172CEE83B" +
+            "E145659", 16), new BigInteger("05A89D9166B40795AF0FE5958201B9C0523E500013CA12B4840EA2BC53F25F9B" +
+            "3CE87C0", 16));
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("2F00689C1BFCD2A8C7A41E0DE55AE182E6463A152828EF89FE3525139B660329" +
+            "4E69353", 16), new BigInteger("1744514FE0A37447250C8A329EAAADA81572226CABA16F39270EE5DD03F27B1F" +
+            "665EB5D", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("0DA43A9ADFAA6AD767998A054C6A8F1CF77A562924628D73C62761847AD8286E" +
+            "0D91B47", 16), new BigInteger("1D118733AE2C88357827CAFC6F68ABC25C80C640532925E95CFE66D40F8792F3" +
+            "AC44C42", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey,   new BigInteger("05A408133919F2CDCDBE5E4C14FBC706C1F71BADAFEF41F5DE4EC27272FC1CA9" +
+            "366FBB2", 16), new BigInteger("012966272872C097FEA7BCE64FAB1A81982A773E26F6E4EF7C99969846E67CA9" +
+            "CBE1692", 16));
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("08F3824E40C16FF1DDA8DC992776D26F4A5981AB5092956C4FDBB4F1AE0A711E" +
+            "EAA10E5", 16), new BigInteger("0A64B91EFADB213E11483FB61C73E3EF63D3B44EEFC56EA401B99DCC60CC28E9" +
+            "9F0F1FA", 16));
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("3597B406F5329D11A79E887847E5EC60861CCBB19EC61F252DB7BD549C699951" +
+            "C182796", 16), new BigInteger("0A6A100B997BC622D91701D9F5C6F6D3815517E577622DA69D3A0E8917C1CBE6" +
+            "3ACD345", 16));
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("1BB490926E5A1FDC7C5AA86D0835F9B994EDA315CA408002AF54A298728D422E" +
+            "BF59E4C", 16), new BigInteger("36C682CFC9E2C89A782BFD3A191609D1F0C1910D5FD6981442070393159D65FB" +
+            "CC0A8BA", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("19944AA68F9778C2E3D6E240947613E6DA60EFCE9B9B2C063FF5466D72745B5A" +
+            "0B25BA2", 16), new BigInteger("03F1567B3C5B02DF15C874F0EE22850824693D5ADC4663BAA19E384E550B1DD4" +
+            "1F31EE6", 16));
+
+        x9ECParameters = NISTNamedCurves.getByName("B-409");
+        ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        privKey = new ECPrivateKeyParameters(new BigInteger("0494994CC325B08E7B4CE038BD9436F90B5E59A2C13C3140CD3AE07C04A01FC489F572CE0569A6DB7B8060393DE76330C624177", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey,   new BigInteger("0D8783188E1A540E2022D389E1D35B32F56F8C2BB5636B8ABF7718806B27A713" +
+            "EBAE37F63ECD4B61445CEF5801B62594EF3E982", 16), new BigInteger("03A6B4A80E204DB0DE12E7415C13C9EC091C52935658316B4A0C591216A38791" +
+            "54BEB1712560E346E7EF26517707435B55C3141", 16));
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("0EE4F39ACC2E03CE96C3D9FCBAFA5C22C89053662F8D4117752A9B10F09ADFDA" +
+            "59DB061E247FE5321D6B170EE758ACE1BE4D157", 16), new BigInteger("00A2B83265B456A430A8BF27DCC8A9488B3F126C10F0D6D64BF7B8A218FAAF20" +
+            "E51A295A3AE78F205E5A4A6AE224C3639F1BB34", 16));
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("02D8B1B31E33E74D7EB46C30FDE5AD2CA04EC8FE08FBA0E73BA5E568953AC5EA" +
+            "307C072942238DFC07F4A4D7C7C6A9F86436D17", 16), new BigInteger("079F7D471E6CB73234AF7F7C381D2CE15DE35BAF8BB68393B73235B3A26EC2DF" +
+            "4842CE433FB492D6E074E604D4870024D42189A", 16));
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("07BC638B7E7CE6FEE5E9C64A0F966D722D01BB4BC3F3A35F30D4CDDA92DFC5F7" +
+            "F0B4BBFE8065D9AD452FD77A1914BE3A2440C18", 16), new BigInteger("06D904429850521B28A32CBF55C7C0FDF35DC4E0BDA2552C7BF68A171E970E67" +
+            "88ACC0B9521EACB4796E057C70DD9B95FED5BFB", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("05D178DECAFD2D02A3DA0D8BA1C4C1D95EE083C760DF782193A9F7B4A8BE6FC5" +
+            "C21FD60613BCA65C063A61226E050A680B3ABD4", 16), new BigInteger("013B7581E98F6A63FBBCB3E49BCDA60F816DB230B888506D105DC229600497C3" +
+            "B46588C784BE3AA9343BEF82F7C9C80AEB63C3B", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey, new BigInteger("049F54E7C10D2732B4638473053782C6919218BBEFCEC8B51640FC193E832291" +
+            "F05FA12371E9B448417B3290193F08EE9319195", 16), new BigInteger("0499E267DEC84E02F6F108B10E82172C414F15B1B7364BE8BFD66ADC0C5DE23F" +
+            "EE3DF0D811134C25AFE0E05A6672F98889F28F1", 16));
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("0B1527FFAA7DD7C7E46B628587A5BEC0539A2D04D3CF27C54841C2544E1BBDB4" +
+            "2FDBDAAF8671A4CA86DFD619B1E3732D7BB56F2", 16), new BigInteger("0442C68C044868DF4832C807F1EDDEBF7F5052A64B826FD03451440794063F52" +
+            "B022DF304F47403D4069234CA9EB4C964B37C02", 16));
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("0BB27755B991D6D31757BCBF68CB01225A38E1CFA20F775E861055DD108ED7EA" +
+            "455E4B96B2F6F7CD6C6EC2B3C70C3EDDEB9743B", 16), new BigInteger("0C5BE90980E7F444B5F7A12C9E9AC7A04CA81412822DD5AD1BE7C45D5032555E" +
+            "A070864245CF69266871FEB8CD1B7EDC30EF6D5", 16));
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("04EFEB7098772187907C87B33E0FBBA4584226C50C11E98CA7AAC6986F8D3BE0" +
+            "44E5B52D201A410B852536527724CA5F8CE6549", 16), new BigInteger("09574102FEB3EF87E6D66B94119F5A6062950FF4F902EA1E6BD9E2037F33FF99" +
+            "1E31F5956C23AFE48FCDC557FD6F088C7C9B2B3", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("07E0249C68536AE2AEC2EC30090340DA49E6DC9E9EEC8F85E5AABFB234B6DA7D" +
+            "2E9524028CF821F21C6019770474CC40B01FAF6", 16), new BigInteger("08125B5A03FB44AE81EA46D446130C2A415ECCA265910CA69D55F2453E16CD7B" +
+            "2DFA4E28C50FA8137F9C0C6CEE4CD37ABCCF6D8", 16));
+
+        x9ECParameters = NISTNamedCurves.getByName("B-571");
+        ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
+
+        privKey = new ECPrivateKeyParameters(new BigInteger("028A04857F24C1C082DF0D909C0E72F453F2E2340CCB071F0E389BCA2575DA19" +
+                                                            "124198C57174929AD26E348CF63F78D28021EF5A9BF2D5CBEAF6B7CCB6C4DA82" +
+                                                            "4DD5C82CFB24E11", 16), ecDomainParameters);
+
+        doTestHMACDetECDSASample(new SHA1Digest(), privKey, new BigInteger("147D3EB0EDA9F2152DFD014363D6A9CE816D7A1467D326A625FC4AB0C786E1B7" +
+                                                                            "4DDF7CD4D0E99541391B266C704BB6B6E8DCCD27B460802E0867143727AA4155" +
+                                                                            "55454321EFE5CB6", 16),
+                                                              new BigInteger("17319571CAF533D90D2E78A64060B9C53169AB7FC908947B3EDADC54C79CCF0A" +
+                                                                              "7920B4C64A4EAB6282AFE9A459677CDA37FD6DD50BEF18709590FE18B923BDF7" +
+                                                                              "4A66B189A850819", 16));
+
+        doTestHMACDetECDSASample(new SHA224Digest(), privKey, new BigInteger("10F4B63E79B2E54E4F4F6A2DBC786D8F4A143ECA7B2AD97810F6472AC6AE2085" +
+                                                                            "3222854553BE1D44A7974599DB7061AE8560DF57F2675BE5F9DD94ABAF3D47F1" +
+                                                                            "582B318E459748B", 16),
+                                                              new BigInteger("3BBEA07C6B269C2B7FE9AE4DDB118338D0C2F0022920A7F9DCFCB7489594C03B" +
+                                                                              "536A9900C4EA6A10410007222D3DAE1A96F291C4C9275D75D98EB290DC0EEF17" +
+                                                                              "6037B2C7A7A39A3", 16));
+
+        doTestHMACDetECDSASample(new SHA256Digest(), privKey, new BigInteger("213EF9F3B0CFC4BF996B8AF3A7E1F6CACD2B87C8C63820000800AC787F17EC99" +
+                                                                            "C04BCEDF29A8413CFF83142BB88A50EF8D9A086AF4EB03E97C567500C21D8657" +
+                                                                            "14D832E03C6D054", 16),
+                                                              new BigInteger("3D32322559B094E20D8935E250B6EC139AC4AAB77920812C119AF419FB62B332" +
+                                                                              "C8D226C6C9362AE3C1E4AABE19359B8428EA74EC8FBE83C8618C2BCCB6B43FBA" +
+                                                                              "A0F2CCB7D303945", 16));
+
+        doTestHMACDetECDSASample(new SHA384Digest(), privKey, new BigInteger("375D8F49C656A0BBD21D3F54CDA287D853C4BB1849983CD891EF6CD6BB56A62B" +
+                                                                            "687807C16685C2C9BCA2663C33696ACCE344C45F3910B1DF806204FF731ECB28" +
+                                                                            "9C100EF4D1805EC", 16),
+                                                              new BigInteger("1CDEC6F46DFEEE44BCE71D41C60550DC67CF98D6C91363625AC2553E4368D2DF" +
+                                                                            "B734A8E8C72E118A76ACDB0E58697940A0F3DF49E72894BD799450FC9E550CC0" +
+                                                                            "4B9FF9B0380021C", 16));
+        doTestHMACDetECDSASample(new SHA512Digest(), privKey, new BigInteger("1C26F40D940A7EAA0EB1E62991028057D91FEDA0366B606F6C434C361F04E545" +
+                                                                            "A6A51A435E26416F6838FFA260C617E798E946B57215284182BE55F29A355E60" +
+                                                                            "24FE32A47289CF0", 16),
+                                                              new BigInteger("3691DE4369D921FE94EDDA67CB71FBBEC9A436787478063EB1CC778B3DCDC1C4" +
+                                                                            "162662752D28DEEDF6F32A269C82D1DB80C87CE4D3B662E03AC347806E3F19D1" +
+                                                                            "8D6D4DE7358DF7E", 16));
+
+        doTestHMACDetECDSATest(new SHA1Digest(), privKey, new BigInteger("133F5414F2A9BC41466D339B79376038A64D045E5B0F792A98E5A7AA87E0AD01" +
+            "6419E5F8D176007D5C9C10B5FD9E2E0AB8331B195797C0358BA05ECBF24ACE59" +
+            "C5F368A6C0997CC", 16),
+            new BigInteger("3D16743AE9F00F0B1A500F738719C5582550FEB64689DA241665C4CE4F328BA0" +
+                "E34A7EF527ED13BFA5889FD2D1D214C11EB17D6BC338E05A56F41CAFF1AF7B8D" +
+                "574DB62EF0D0F21", 16));
+
+        doTestHMACDetECDSATest(new SHA224Digest(), privKey, new BigInteger("3048E76506C5C43D92B2E33F62B33E3111CEEB87F6C7DF7C7C01E3CDA28FA5E8" +
+            "BE04B5B23AA03C0C70FEF8F723CBCEBFF0B7A52A3F5C8B84B741B4F6157E69A5" +
+            "FB0524B48F31828", 16),
+            new BigInteger("2C99078CCFE5C82102B8D006E3703E020C46C87C75163A2CD839C885550BA5CB" +
+                "501AC282D29A1C26D26773B60FBE05AAB62BFA0BA32127563D42F7669C97784C" +
+                "8897C22CFB4B8FA", 16));
+
+        doTestHMACDetECDSATest(new SHA256Digest(), privKey, new BigInteger("184BC808506E11A65D628B457FDA60952803C604CC7181B59BD25AEE1411A66D" +
+                                                                    "12A777F3A0DC99E1190C58D0037807A95E5080FA1B2E5CCAA37B50D401CFFC34" +
+                                                                    "17C005AEE963469", 16),
+                                                              new BigInteger("27280D45F81B19334DBDB07B7E63FE8F39AC7E9AE14DE1D2A6884D2101850289" +
+                                                                  "D70EE400F26ACA5E7D73F534A14568478E59D00594981ABE6A1BA18554C13EB5" +
+                                                                  "E03921E4DC98333", 16));
+
+        doTestHMACDetECDSATest(new SHA384Digest(), privKey, new BigInteger("319EE57912E7B0FAA1FBB145B0505849A89C6DB1EC06EA20A6A7EDE072A6268A" +
+            "F6FD9C809C7E422A5F33C6C3326EAD7402467DF3272A1B2726C1C20975950F0F" +
+            "50D8324578F13EC", 16),
+            new BigInteger("2CF3EA27EADD0612DD2F96F46E89AB894B01A10DF985C5FC099CFFE0EA083EB4" +
+                "4BE682B08BFE405DAD5F37D0A2C59015BA41027E24B99F8F75A70B6B7385BF39" +
+                "BBEA02513EB880C", 16));
+        doTestHMACDetECDSATest(new SHA512Digest(), privKey, new BigInteger("2AA1888EAB05F7B00B6A784C4F7081D2C833D50794D9FEAF6E22B8BE728A2A90" +
+            "BFCABDC803162020AA629718295A1489EE7ED0ECB8AAA197B9BDFC49D18DDD78" +
+            "FC85A48F9715544", 16),
+            new BigInteger("0AA5371FE5CA671D6ED9665849C37F394FED85D51FEF72DA2B5F28EDFB2C6479" +
+                "CA63320C19596F5E1101988E2C619E302DD05112F47E8823040CE540CD3E90DC" +
+                "F41DBC461744EE9", 16));
+
+    }
+
+    private void doTestHMACDetECDSASample(Digest digest, ECPrivateKeyParameters privKey, BigInteger r, BigInteger s)
+    {
+        doTestHMACDetECDSA(new ECDSASigner(new HMacDSAKCalculator(digest)), digest, SAMPLE, privKey, r, s);
+    }
+
+    private void doTestHMACDetECDSATest(Digest digest, ECPrivateKeyParameters privKey, BigInteger r, BigInteger s)
+    {
+        doTestHMACDetECDSA(new ECDSASigner(new HMacDSAKCalculator(digest)), digest, TEST, privKey, r, s);
+    }
+
+    private void doTestHMACDetECDSA(DSA detSigner, Digest digest, byte[] data, CipherParameters privKey, BigInteger r, BigInteger s)
+    {
+        byte[] m = new byte[digest.getDigestSize()];
+
+        digest.update(data, 0, data.length);
+
+        digest.doFinal(m, 0);
+
+        detSigner.init(true, privKey);
+
+        BigInteger[] rs = detSigner.generateSignature(m);
+
+        if (!r.equals(rs[0]))
+        {
+            fail("r value wrong");
+        }
+        if (!s.equals(rs[1]))
+        {
+            fail("s value wrong");
+        }
+    }
+
+    public String getName()
+    {
+        return "DeterministicDSA";
+    }
+
+    public void performTest()
+    {
+        testHMacDeterministic();
+        testECHMacDeterministic();
+    }
+
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new DeterministicDSATest());
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/DigestRandomNumberTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/DigestRandomNumberTest.java
new file mode 100644
index 0000000..7bcaea8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/DigestRandomNumberTest.java
@@ -0,0 +1,152 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.util.test.SimpleTest;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.crypto.prng.DigestRandomGenerator;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.Digest;
+
+public class DigestRandomNumberTest
+    extends SimpleTest
+{
+    private static final byte[] ZERO_SEED = { 0, 0, 0, 0, 0, 0, 0, 0 };
+
+    private static final byte[] TEST_SEED = Hex.decode("81dcfafc885914057876");
+
+    private static final byte[] expected0SHA1 = Hex.decode("95bca677b3d4ff793213c00892d2356ec729ee02");
+    private static final byte[] noCycle0SHA1 = Hex.decode("d57ccd0eb12c3938d59226412bc1268037b6b846");
+    private static final byte[] expected0SHA256 = Hex.decode("587e2dfd597d086e47ddcd343eac983a5c913bef8c6a1a560a5c1bc3a74b0991");
+    private static final byte[] noCycle0SHA256 = Hex.decode("e5776c4483486ba7be081f4e1b9dafbab25c8fae290fd5474c1ceda2c16f9509");
+    private static final byte[] expected100SHA1 = Hex.decode("b9d924092546e0876cafd4937d7364ebf9efa4be");
+    private static final byte[] expected100SHA256 = Hex.decode("fbc4aa54b948b99de104c44563a552899d718bb75d1941cc62a2444b0506abaf");
+    private static final byte[] expectedTestSHA1 = Hex.decode("e9ecef9f5306daf1ac51a89a211a64cb24415649");
+    private static final byte[] expectedTestSHA256 = Hex.decode("bdab3ca831b472a2fa09bd1bade541ef16c96640a91fcec553679a136061de98");
+
+    private static final byte[] sha1Xors = Hex.decode("7edcc1216934f3891b03ffa65821611a3e2b1f79");
+    private static final byte[] sha256Xors = Hex.decode("5ec48189cc0aa71e79c707bc3c33ffd47bbba368a83d6cfebf3cd3969d7f3eed");
+
+    public String getName()
+    {
+        return "DigestRandomNumber";
+    }
+
+    private void doExpectedTest(Digest digest, int seed, byte[] expected)
+    {
+        doExpectedTest(digest, seed, expected, null);
+    }
+    
+    private void doExpectedTest(Digest digest, int seed, byte[] expected, byte[] noCycle)
+    {
+        DigestRandomGenerator rGen = new DigestRandomGenerator(digest);
+        byte[] output = new byte[digest.getDigestSize()];
+
+        rGen.addSeedMaterial(seed);
+
+        for (int i = 0; i != 1024; i++)
+        {
+             rGen.nextBytes(output);
+        }
+
+        if (noCycle != null)
+        {
+            if (Arrays.areEqual(noCycle, output))
+            {
+                fail("seed not being cycled!");
+            }
+        }
+
+        if (!Arrays.areEqual(expected, output))
+        {
+            fail("expected output doesn't match");
+        }
+    }
+
+    private void doExpectedTest(Digest digest, byte[] seed, byte[] expected)
+    {
+        DigestRandomGenerator rGen = new DigestRandomGenerator(digest);
+        byte[] output = new byte[digest.getDigestSize()];
+
+        rGen.addSeedMaterial(seed);
+
+        for (int i = 0; i != 1024; i++)
+        {
+             rGen.nextBytes(output);
+        }
+
+        if (!Arrays.areEqual(expected, output))
+        {
+            fail("expected output doesn't match");
+        }
+    }
+
+    private void doCountTest(Digest digest, byte[] seed, byte[] expectedXors)
+    {
+        DigestRandomGenerator rGen = new DigestRandomGenerator(digest);
+        byte[] output = new byte[digest.getDigestSize()];
+        int[] averages = new int[digest.getDigestSize()];
+        byte[] ands = new byte[digest.getDigestSize()];
+        byte[] xors = new byte[digest.getDigestSize()];
+        byte[] ors = new byte[digest.getDigestSize()];
+
+        rGen.addSeedMaterial(seed);
+
+        for (int i = 0; i != 1000000; i++)
+        {
+             rGen.nextBytes(output);
+             for (int j = 0; j != output.length; j++)
+             {
+                 averages[j] += output[j] & 0xff;
+                 ands[j] &= output[j];
+                 xors[j] ^= output[j];
+                 ors[j] |= output[j];
+             }
+        }
+               
+        for (int i = 0; i != output.length; i++)
+        {
+            if ((averages[i] / 1000000) != 127)
+            {
+                fail("average test failed for " + digest.getAlgorithmName());
+            }
+            if (ands[i] != 0)
+            {
+                fail("and test failed for " + digest.getAlgorithmName());
+            }
+            if ((ors[i] & 0xff) != 0xff)
+            {
+                fail("or test failed for " + digest.getAlgorithmName());
+            }
+            if (xors[i] != expectedXors[i])
+            {
+                fail("xor test failed for " + digest.getAlgorithmName());
+            }
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        doExpectedTest(new SHA1Digest(), 0, expected0SHA1, noCycle0SHA1);
+        doExpectedTest(new SHA256Digest(), 0, expected0SHA256, noCycle0SHA256);
+
+        doExpectedTest(new SHA1Digest(), 100, expected100SHA1);
+        doExpectedTest(new SHA256Digest(), 100, expected100SHA256);
+
+        doExpectedTest(new SHA1Digest(), ZERO_SEED, expected0SHA1);
+        doExpectedTest(new SHA256Digest(), ZERO_SEED, expected0SHA256);
+
+        doExpectedTest(new SHA1Digest(), TEST_SEED, expectedTestSHA1);
+        doExpectedTest(new SHA256Digest(), TEST_SEED, expectedTestSHA256);
+
+        doCountTest(new SHA1Digest(), TEST_SEED, sha1Xors);
+        doCountTest(new SHA256Digest(), TEST_SEED, sha256Xors);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new DigestRandomNumberTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/DigestTest.java
new file mode 100644
index 0000000..db9b490
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/DigestTest.java
@@ -0,0 +1,226 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.EncodableDigest;
+import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public abstract class DigestTest
+    extends SimpleTest
+{
+    private Digest digest;
+    private String[] input;
+    private String[] results;
+
+    DigestTest(
+        Digest digest,
+        String[] input,
+        String[] results)
+    {
+        this.digest = digest;
+        this.input = input;
+        this.results = results;
+    }
+    
+    public String getName()
+    {
+        return digest.getAlgorithmName();
+    }
+    
+    public void performTest()
+    {
+        byte[] resBuf = new byte[digest.getDigestSize()];
+    
+        for (int i = 0; i < input.length - 1; i++)
+        {
+            byte[] m = toByteArray(input[i]);
+            
+            vectorTest(digest, i, resBuf, m, Hex.decode(results[i]));
+        }
+        
+        byte[] lastV = toByteArray(input[input.length - 1]);
+        byte[] lastDigest = Hex.decode(results[input.length - 1]);
+        
+        vectorTest(digest, input.length - 1, resBuf, lastV, Hex.decode(results[input.length - 1]));
+
+        testClone(resBuf, lastV, lastDigest);
+        testMemo(resBuf, lastV, lastDigest);
+        if (digest instanceof EncodableDigest)
+        {
+            testEncodedState(resBuf, lastV, lastDigest);
+        }
+    }
+
+    private void testEncodedState(byte[] resBuf, byte[] input, byte[] expected)
+    {
+        // test state encoding;
+        digest.update(input, 0, input.length / 2);
+
+        // copy the Digest
+        Digest copy1 = cloneDigest(((EncodableDigest)digest).getEncodedState());
+        Digest copy2 = cloneDigest(((EncodableDigest)copy1).getEncodedState());
+
+        digest.update(input, input.length / 2, input.length - input.length / 2);
+
+        digest.doFinal(resBuf, 0);
+
+        if (!areEqual(expected, resBuf))
+        {
+            fail("failing state vector test", expected, new String(Hex.encode(resBuf)));
+        }
+
+        copy1.update(input, input.length / 2, input.length - input.length / 2);
+        copy1.doFinal(resBuf, 0);
+
+        if (!areEqual(expected, resBuf))
+        {
+            fail("failing state copy1 vector test", expected, new String(Hex.encode(resBuf)));
+        }
+
+        copy2.update(input, input.length / 2, input.length - input.length / 2);
+        copy2.doFinal(resBuf, 0);
+
+        if (!areEqual(expected, resBuf))
+        {
+            fail("failing state copy2 vector test", expected, new String(Hex.encode(resBuf)));
+        }
+    }
+
+    private void testMemo(byte[] resBuf, byte[] input, byte[] expected)
+    {
+        Memoable m = (Memoable)digest;
+
+        digest.update(input, 0, input.length/2);
+
+        // copy the Digest
+        Memoable copy1 = m.copy();
+        Memoable copy2 = copy1.copy();
+
+        digest.update(input, input.length/2, input.length - input.length/2);
+        digest.doFinal(resBuf, 0);
+
+        if (!areEqual(expected, resBuf))
+        {
+            fail("failing memo vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
+        }
+
+        m.reset(copy1);
+
+        digest.update(input, input.length/2, input.length - input.length/2);
+        digest.doFinal(resBuf, 0);
+
+        if (!areEqual(expected, resBuf))
+        {
+            fail("failing memo reset vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
+        }
+
+        Digest md = (Digest)copy2;
+
+        md.update(input, input.length/2, input.length - input.length/2);
+        md.doFinal(resBuf, 0);
+
+        if (!areEqual(expected, resBuf))
+        {
+            fail("failing memo copy vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
+        }
+    }
+
+    private void testClone(byte[] resBuf, byte[] input, byte[] expected)
+    {
+        digest.update(input, 0, input.length/2);
+
+        // clone the Digest
+        Digest d = cloneDigest(digest);
+
+        digest.update(input, input.length/2, input.length - input.length/2);
+        digest.doFinal(resBuf, 0);
+
+        if (!areEqual(expected, resBuf))
+        {
+            fail("failing clone vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
+        }
+
+        d.update(input, input.length/2, input.length - input.length/2);
+        d.doFinal(resBuf, 0);
+
+        if (!areEqual(expected, resBuf))
+        {
+            fail("failing second clone vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
+        }
+    }
+
+    protected byte[] toByteArray(String input)
+    {
+        byte[] bytes = new byte[input.length()];
+        
+        for (int i = 0; i != bytes.length; i++)
+        {
+            bytes[i] = (byte)input.charAt(i);
+        }
+        
+        return bytes;
+    }
+    
+    private void vectorTest(
+        Digest digest,
+        int count,
+        byte[] resBuf,
+        byte[] input,
+        byte[] expected)
+    {
+        digest.update(input, 0, input.length);
+        digest.doFinal(resBuf, 0);
+
+        if (!areEqual(resBuf, expected))
+        {
+            fail("Vector " + count + " failed got " + new String(Hex.encode(resBuf)));
+        }
+    }
+    
+    protected abstract Digest cloneDigest(Digest digest);
+
+    protected Digest cloneDigest(byte[] encodedState)
+    {
+        throw new IllegalStateException("Unsupported");
+    }
+
+    //
+    // optional tests
+    //
+    protected void millionATest(
+        String expected)
+    {
+        byte[] resBuf = new byte[digest.getDigestSize()];
+        
+        for (int i = 0; i < 1000000; i++)
+        {
+            digest.update((byte)'a');
+        }
+        
+        digest.doFinal(resBuf, 0);
+
+        if (!areEqual(resBuf, Hex.decode(expected)))
+        {
+            fail("Million a's failed", expected, new String(Hex.encode(resBuf)));
+        }
+    }
+    
+    protected void sixtyFourKTest(
+        String expected)
+    {
+        byte[] resBuf = new byte[digest.getDigestSize()];
+        
+        for (int i = 0; i < 65536; i++)
+        {
+            digest.update((byte)(i & 0xff));
+        }
+        
+        digest.doFinal(resBuf, 0);
+
+        if (!areEqual(resBuf, Hex.decode(expected)))
+        {
+            fail("64k test failed", expected, new String(Hex.encode(resBuf)));
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/EAXTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/EAXTest.java
new file mode 100644
index 0000000..401d9fa
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/EAXTest.java
@@ -0,0 +1,355 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.modes.AEADBlockCipher;
+import org.bouncycastle.crypto.modes.EAXBlockCipher;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class EAXTest
+    extends SimpleTest
+{
+    private byte[] K1 = Hex.decode("233952DEE4D5ED5F9B9C6D6FF80FF478");
+    private byte[] N1 = Hex.decode("62EC67F9C3A4A407FCB2A8C49031A8B3");
+    private byte[] A1 = Hex.decode("6BFB914FD07EAE6B");
+    private byte[] P1 = Hex.decode("");
+    private byte[] C1 = Hex.decode("E037830E8389F27B025A2D6527E79D01");
+    private byte[] T1 = Hex.decode("E037830E8389F27B025A2D6527E79D01");
+
+    private byte[] K2 = Hex.decode("91945D3F4DCBEE0BF45EF52255F095A4");
+    private byte[] N2 = Hex.decode("BECAF043B0A23D843194BA972C66DEBD");
+    private byte[] A2 = Hex.decode("FA3BFD4806EB53FA");
+    private byte[] P2 = Hex.decode("F7FB");
+    private byte[] C2 = Hex.decode("19DD5C4C9331049D0BDAB0277408F67967E5");
+    private byte[] T2 = Hex.decode("5C4C9331049D0BDAB0277408F67967E5");
+
+    private byte[] K3 = Hex.decode("01F74AD64077F2E704C0F60ADA3DD523");
+    private byte[] N3 = Hex.decode("70C3DB4F0D26368400A10ED05D2BFF5E");
+    private byte[] A3 = Hex.decode("234A3463C1264AC6");
+    private byte[] P3 = Hex.decode("1A47CB4933");
+    private byte[] C3 = Hex.decode("D851D5BAE03A59F238A23E39199DC9266626C40F80");
+    private byte[] T3 = Hex.decode("3A59F238A23E39199DC9266626C40F80");
+
+    private byte[] K4 = Hex.decode("D07CF6CBB7F313BDDE66B727AFD3C5E8");
+    private byte[] N4 = Hex.decode("8408DFFF3C1A2B1292DC199E46B7D617");
+    private byte[] A4 = Hex.decode("33CCE2EABFF5A79D");
+    private byte[] P4 = Hex.decode("481C9E39B1");
+    private byte[] C4 = Hex.decode("632A9D131AD4C168A4225D8E1FF755939974A7BEDE");
+    private byte[] T4 = Hex.decode("D4C168A4225D8E1FF755939974A7BEDE");
+
+    private byte[] K5 = Hex.decode("35B6D0580005BBC12B0587124557D2C2");
+    private byte[] N5 = Hex.decode("FDB6B06676EEDC5C61D74276E1F8E816");
+    private byte[] A5 = Hex.decode("AEB96EAEBE2970E9");
+    private byte[] P5 = Hex.decode("40D0C07DA5E4");
+    private byte[] C5 = Hex.decode("071DFE16C675CB0677E536F73AFE6A14B74EE49844DD");
+    private byte[] T5 = Hex.decode("CB0677E536F73AFE6A14B74EE49844DD");
+
+    private byte[] K6 = Hex.decode("BD8E6E11475E60B268784C38C62FEB22");
+    private byte[] N6 = Hex.decode("6EAC5C93072D8E8513F750935E46DA1B");
+    private byte[] A6 = Hex.decode("D4482D1CA78DCE0F");
+    private byte[] P6 = Hex.decode("4DE3B35C3FC039245BD1FB7D");
+    private byte[] C6 = Hex.decode("835BB4F15D743E350E728414ABB8644FD6CCB86947C5E10590210A4F");
+    private byte[] T6 = Hex.decode("ABB8644FD6CCB86947C5E10590210A4F");
+
+    private byte[] K7 = Hex.decode("7C77D6E813BED5AC98BAA417477A2E7D");
+    private byte[] N7 = Hex.decode("1A8C98DCD73D38393B2BF1569DEEFC19");
+    private byte[] A7 = Hex.decode("65D2017990D62528");
+    private byte[] P7 = Hex.decode("8B0A79306C9CE7ED99DAE4F87F8DD61636");
+    private byte[] C7 = Hex.decode("02083E3979DA014812F59F11D52630DA30137327D10649B0AA6E1C181DB617D7F2");
+    private byte[] T7 = Hex.decode("137327D10649B0AA6E1C181DB617D7F2");
+
+    private byte[] K8 = Hex.decode("5FFF20CAFAB119CA2FC73549E20F5B0D");
+    private byte[] N8 = Hex.decode("DDE59B97D722156D4D9AFF2BC7559826");
+    private byte[] A8 = Hex.decode("54B9F04E6A09189A");
+    private byte[] P8 = Hex.decode("1BDA122BCE8A8DBAF1877D962B8592DD2D56");
+    private byte[] C8 = Hex.decode("2EC47B2C4954A489AFC7BA4897EDCDAE8CC33B60450599BD02C96382902AEF7F832A");
+    private byte[] T8 = Hex.decode("3B60450599BD02C96382902AEF7F832A");
+
+    private byte[] K9 = Hex.decode("A4A4782BCFFD3EC5E7EF6D8C34A56123");
+    private byte[] N9 = Hex.decode("B781FCF2F75FA5A8DE97A9CA48E522EC");
+    private byte[] A9 = Hex.decode("899A175897561D7E");
+    private byte[] P9 = Hex.decode("6CF36720872B8513F6EAB1A8A44438D5EF11");
+    private byte[] C9 = Hex.decode("0DE18FD0FDD91E7AF19F1D8EE8733938B1E8E7F6D2231618102FDB7FE55FF1991700");
+    private byte[] T9 = Hex.decode("E7F6D2231618102FDB7FE55FF1991700");
+
+    private byte[] K10 = Hex.decode("8395FCF1E95BEBD697BD010BC766AAC3");
+    private byte[] N10 = Hex.decode("22E7ADD93CFC6393C57EC0B3C17D6B44");
+    private byte[] A10 = Hex.decode("126735FCC320D25A");
+    private byte[] P10 = Hex.decode("CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7");
+    private byte[] C10 = Hex.decode("CB8920F87A6C75CFF39627B56E3ED197C552D295A7CFC46AFC253B4652B1AF3795B124AB6E");
+    private byte[] T10 = Hex.decode("CFC46AFC253B4652B1AF3795B124AB6E");
+
+    private byte[] K11 = Hex.decode("8395FCF1E95BEBD697BD010BC766AAC3");
+    private byte[] N11 = Hex.decode("22E7ADD93CFC6393C57EC0B3C17D6B44");
+    private byte[] A11 = Hex.decode("126735FCC320D25A");
+    private byte[] P11 = Hex.decode("CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7");
+    private byte[] C11 = Hex.decode("CB8920F87A6C75CFF39627B56E3ED197C552D295A7CFC46AFC");
+    private byte[] T11 = Hex.decode("CFC46AFC");
+
+    private static final int NONCE_LEN = 8;
+    private static final int MAC_LEN = 8;
+    private static final int AUTHEN_LEN = 20;
+
+    public String getName()
+    {
+        return "EAX";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        checkVectors(1, K1, 128, N1, A1, P1, T1, C1);
+        checkVectors(2, K2, 128, N2, A2, P2, T2, C2);
+        checkVectors(3, K3, 128, N3, A3, P3, T3, C3);
+        checkVectors(4, K4, 128, N4, A4, P4, T4, C4);
+        checkVectors(5, K5, 128, N5, A5, P5, T5, C5);
+        checkVectors(6, K6, 128, N6, A6, P6, T6, C6);
+        checkVectors(7, K7, 128, N7, A7, P7, T7, C7);
+        checkVectors(8, K8, 128, N8, A8, P8, T8, C8);
+        checkVectors(9, K9, 128, N9, A9, P9, T9, C9);
+        checkVectors(10, K10, 128, N10, A10, P10, T10, C10);
+        checkVectors(11, K11, 32, N11, A11, P11, T11, C11);
+
+        EAXBlockCipher eax = new EAXBlockCipher(new AESFastEngine());
+        ivParamTest(1, eax, K1, N1);
+
+        //
+        // exception tests
+        //
+
+        try
+        {
+            eax.init(false, new AEADParameters(new KeyParameter(K1), 32, N2, A2));
+
+            byte[] enc = new byte[C2.length];
+            int len = eax.processBytes(C2, 0, C2.length, enc, 0);
+
+            len += eax.doFinal(enc, len);
+
+            fail("invalid cipher text not picked up");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            // expected
+        }
+
+        try
+        {
+            eax.init(false, new KeyParameter(K1));
+
+            fail("illegal argument not picked up");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+
+        randomTests();
+        AEADTestUtil.testReset(this, new EAXBlockCipher(new AESEngine()), new EAXBlockCipher(new AESEngine()), new AEADParameters(new KeyParameter(K1), 32, N2));
+        AEADTestUtil.testTampering(this, eax, new AEADParameters(new KeyParameter(K1), 32, N2));
+        AEADTestUtil.testOutputSizes(this, new EAXBlockCipher(new AESEngine()), new AEADParameters(
+                new KeyParameter(K1), 32, N2));
+        AEADTestUtil.testBufferSizeChecks(this, new EAXBlockCipher(new AESEngine()), new AEADParameters(
+                new KeyParameter(K1), 32, N2));
+    }
+
+    private void checkVectors(
+        int count,
+        byte[] k,
+        int macSize,
+        byte[] n,
+        byte[] a,
+        byte[] p,
+        byte[] t,
+        byte[] c)
+        throws InvalidCipherTextException
+    {
+        byte[] fa = new byte[a.length / 2];
+        byte[] la = new byte[a.length - (a.length / 2)];
+        System.arraycopy(a, 0, fa, 0, fa.length);
+        System.arraycopy(a, fa.length, la, 0, la.length);
+
+        checkVectors(count, "all initial associated data", k, macSize, n, a, null, p, t, c);
+        checkVectors(count, "subsequent associated data", k, macSize, n, null, a, p, t, c);
+        checkVectors(count, "split associated data", k, macSize, n, fa, la, p, t, c);
+    }
+
+    private void checkVectors(
+        int count,
+        String additionalDataType,
+        byte[] k,
+        int macSize,
+        byte[] n,
+        byte[] a,
+        byte[] sa,
+        byte[] p,
+        byte[] t,
+        byte[] c)
+        throws InvalidCipherTextException
+    {
+        EAXBlockCipher encEax = new EAXBlockCipher(new AESFastEngine());
+        EAXBlockCipher decEax = new EAXBlockCipher(new AESFastEngine());
+
+        AEADParameters parameters = new AEADParameters(new KeyParameter(k), macSize, n, a);
+        encEax.init(true, parameters);
+        decEax.init(false, parameters);
+
+        runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c);
+        runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c);
+
+        // key reuse test
+        parameters = new AEADParameters(null, macSize, n, a);
+        encEax.init(true, parameters);
+        decEax.init(false, parameters);
+
+        runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c);
+        runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c);
+    }
+
+    private void runCheckVectors(
+        int count,
+        EAXBlockCipher encEax,
+        EAXBlockCipher decEax,
+        String additionalDataType,
+        byte[] sa,
+        byte[] p,
+        byte[] t,
+        byte[] c)
+        throws InvalidCipherTextException
+    {
+        byte[] enc = new byte[c.length];
+
+        if (sa != null)
+        {
+            encEax.processAADBytes(sa, 0, sa.length);
+        }
+
+        int len = encEax.processBytes(p, 0, p.length, enc, 0);
+
+        len += encEax.doFinal(enc, len);
+
+        if (!areEqual(c, enc))
+        {
+            fail("encrypted stream fails to match in test " + count + " with " + additionalDataType);
+        }
+
+        byte[] tmp = new byte[enc.length];
+
+        if (sa != null)
+        {
+            decEax.processAADBytes(sa, 0, sa.length);
+        }
+
+        len = decEax.processBytes(enc, 0, enc.length, tmp, 0);
+
+        len += decEax.doFinal(tmp, len);
+
+        byte[] dec = new byte[len];
+
+        System.arraycopy(tmp, 0, dec, 0, len);
+
+        if (!areEqual(p, dec))
+        {
+            fail("decrypted stream fails to match in test " + count + " with " + additionalDataType);
+        }
+
+        if (!areEqual(t, decEax.getMac()))
+        {
+            fail("MAC fails to match in test " + count + " with " + additionalDataType);
+        }
+    }
+
+    private void ivParamTest(
+        int count,
+        AEADBlockCipher eax,
+        byte[] k,
+        byte[] n)
+        throws InvalidCipherTextException
+    {
+        byte[] p = Strings.toByteArray("hello world!!");
+
+        eax.init(true, new ParametersWithIV(new KeyParameter(k), n));
+
+        byte[] enc = new byte[p.length + 8];
+
+        int len = eax.processBytes(p, 0, p.length, enc, 0);
+
+        len += eax.doFinal(enc, len);
+
+        eax.init(false, new ParametersWithIV(new KeyParameter(k), n));
+
+        byte[] tmp = new byte[enc.length];
+
+        len = eax.processBytes(enc, 0, enc.length, tmp, 0);
+
+        len += eax.doFinal(tmp, len);
+
+        byte[] dec = new byte[len];
+
+        System.arraycopy(tmp, 0, dec, 0, len);
+
+        if (!areEqual(p, dec))
+        {
+            fail("decrypted stream fails to match in test " + count);
+        }
+    }
+
+    private void randomTests()
+        throws InvalidCipherTextException
+    {
+        SecureRandom srng = new SecureRandom();
+        for (int i = 0; i < 10; ++i)
+        {
+            randomTest(srng);
+        }
+    }
+
+    private void randomTest(
+        SecureRandom srng)
+        throws InvalidCipherTextException
+    {
+        int DAT_LEN = srng.nextInt() >>> 22; // Note: JDK1.0 compatibility
+        byte[] nonce = new byte[NONCE_LEN];
+        byte[] authen = new byte[AUTHEN_LEN];
+        byte[] datIn = new byte[DAT_LEN];
+        byte[] key = new byte[16];
+        srng.nextBytes(nonce);
+        srng.nextBytes(authen);
+        srng.nextBytes(datIn);
+        srng.nextBytes(key);
+
+        AESFastEngine engine = new AESFastEngine();
+        KeyParameter sessKey = new KeyParameter(key);
+        EAXBlockCipher eaxCipher = new EAXBlockCipher(engine);
+
+        AEADParameters params = new AEADParameters(sessKey, MAC_LEN * 8, nonce, authen);
+        eaxCipher.init(true, params);
+
+        byte[] intrDat = new byte[eaxCipher.getOutputSize(datIn.length)];
+        int outOff = eaxCipher.processBytes(datIn, 0, DAT_LEN, intrDat, 0);
+        outOff += eaxCipher.doFinal(intrDat, outOff);
+
+        eaxCipher.init(false, params);
+        byte[] datOut = new byte[eaxCipher.getOutputSize(outOff)];
+        int resultLen = eaxCipher.processBytes(intrDat, 0, outOff, datOut, 0);
+        eaxCipher.doFinal(datOut, resultLen);
+
+        if (!areEqual(datIn, datOut))
+        {
+            fail("EAX roundtrip failed to match");
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new EAXTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ECDHKEKGeneratorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECDHKEKGeneratorTest.java
new file mode 100644
index 0000000..d75b139
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECDHKEKGeneratorTest.java
@@ -0,0 +1,71 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.crypto.DerivationFunction;
+import org.bouncycastle.crypto.DerivationParameters;
+import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
+import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * ECDHKEK Generator tests.
+ */
+public class ECDHKEKGeneratorTest
+    extends SimpleTest
+{
+    private byte[] seed1 = Hex.decode("db4a8daba1f98791d54e940175dd1a5f3a0826a1066aa9b668d4dc1e1e0790158dcad1533c03b44214d1b61fefa8b579");
+    private ASN1ObjectIdentifier alg1 = NISTObjectIdentifiers.id_aes256_wrap;
+    private byte[] result1 = Hex.decode("8ecc6d85caf25eaba823a7d620d4ab0d33e4c645f2");
+
+    private byte[] seed2 = Hex.decode("75d7487b5d3d2bfb3c69ce0365fe64e3bfab5d0d63731628a9f47eb8fddfa28c65decaf228a0b38f0c51c6a3356d7c56");
+    private ASN1ObjectIdentifier alg2 = NISTObjectIdentifiers.id_aes128_wrap;
+    private byte[] result2 = Hex.decode("042be1faca3a4a8fc859241bfb87ba35");
+
+    private byte[] seed3 = Hex.decode("fdeb6d809f997e8ac174d638734dc36d37aaf7e876e39967cd82b1cada3de772449788461ee7f856bad9305627f8e48b");
+    private ASN1ObjectIdentifier alg3 = PKCSObjectIdentifiers.id_alg_CMS3DESwrap;
+    private byte[] result3 = Hex.decode("bcd701fc92109b1b9d6f3b6497ad5ca9627fa8a597010305");
+
+    public ECDHKEKGeneratorTest()
+    {
+    }
+
+    public void performTest()
+    {
+        checkMask(1, new ECDHKEKGenerator(new SHA1Digest()), new DHKDFParameters(alg1, 256, seed1), result1);
+        checkMask(2, new ECDHKEKGenerator(new SHA1Digest()), new DHKDFParameters(alg2, 128, seed2), result2);
+        checkMask(3, new ECDHKEKGenerator(new SHA1Digest()), new DHKDFParameters(alg3, 192, seed3), result3);
+    }
+
+    private void checkMask(
+        int                count,
+        DerivationFunction kdf,
+        DerivationParameters params,
+        byte[]             result)
+    {
+        byte[]             data = new byte[result.length];
+
+        kdf.init(params);
+
+        kdf.generateBytes(data, 0, data.length);
+
+        if (!areEqual(result, data))
+        {
+            fail("ECDHKEKGenerator failed generator test " + count);
+        }
+    }
+
+    public String getName()
+    {
+        return "ECDHKEKGenerator";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ECDHKEKGeneratorTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ECGOST3410Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECGOST3410Test.java
new file mode 100644
index 0000000..175835c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECGOST3410Test.java
@@ -0,0 +1,327 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.digests.GOST3411Digest;
+import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.signers.ECGOST3410Signer;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.FixedSecureRandom;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ *  ECGOST3410 tests are taken from GOST R 34.10-2001.
+ */
+public class ECGOST3410Test
+    extends SimpleTest
+ {
+    byte[] hashmessage = Hex.decode("3042453136414534424341374533364339313734453431443642453241453435");
+    
+     /**
+     * ECGOST3410 over the field Fp<br>
+     */
+    BigInteger r = new BigInteger("29700980915817952874371204983938256990422752107994319651632687982059210933395");
+    BigInteger s = new BigInteger("574973400270084654178925310019147038455227042649098563933718999175515839552");
+
+    byte[] kData = new BigInteger("53854137677348463731403841147996619241504003434302020712960838528893196233395").toByteArray();
+
+    SecureRandom    k = new FixedSecureRandom(kData);
+
+    private void ecGOST3410_TEST()
+    {
+        BigInteger mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564821041"); //p
+        BigInteger mod_q = new BigInteger("57896044618658097711785492504343953927082934583725450622380973592137631069619");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            mod_p, // p
+            new BigInteger("7"), // a
+            new BigInteger("43308876546767276905765904595650931995942111794451039583252968842033849580414"), // b
+            mod_q, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.createPoint(
+                new BigInteger("2"), // x
+                new BigInteger("4018974056539037503335449422937059775635739389905545080690979365213431566280")), // y
+            mod_q);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("55441196065363246126355624130324183196576709222340016572108097750006097525544"), // d
+            params);
+
+        ParametersWithRandom param = new ParametersWithRandom(priKey, k);
+
+        ECGOST3410Signer ecgost3410 = new ECGOST3410Signer();
+
+        ecgost3410.init(true, param);
+
+        byte[] mVal = new BigInteger("20798893674476452017134061561508270130637142515379653289952617252661468872421").toByteArray();
+        byte[] message = new byte[mVal.length];
+        
+        for (int i = 0; i != mVal.length; i++)
+        {
+            message[i] = mVal[mVal.length - 1 - i];
+        }
+        
+        BigInteger[] sig = ecgost3410.generateSignature(message);
+
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong.", r, sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong.", s, sig[1]);
+        }
+
+        // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            curve.createPoint(
+                new BigInteger("57520216126176808443631405023338071176630104906313632182896741342206604859403"), // x
+                new BigInteger("17614944419213781543809391949654080031942662045363639260709847859438286763994")), // y
+            params);
+
+        ecgost3410.init(false, pubKey);
+        if (!ecgost3410.verifySignature(message, sig[0], sig[1]))
+        {
+            fail("verification fails");
+        }
+    }
+
+    /**
+     * Test Sign & Verify with test parameters
+     * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
+     * gostR3410-2001-TestParamSet  P.46
+     */
+    private void ecGOST3410_TestParam()
+    {
+        SecureRandom    random = new SecureRandom();
+
+        BigInteger mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564821041"); //p
+        BigInteger mod_q = new BigInteger("57896044618658097711785492504343953927082934583725450622380973592137631069619");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            mod_p, // p
+            new BigInteger("7"), // a
+            new BigInteger("43308876546767276905765904595650931995942111794451039583252968842033849580414"), // b
+            mod_q, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.createPoint(
+                new BigInteger("2"), // x
+                new BigInteger("4018974056539037503335449422937059775635739389905545080690979365213431566280")), // y
+            mod_q);
+
+        ECKeyPairGenerator          pGen = new ECKeyPairGenerator();
+        ECKeyGenerationParameters   genParam = new ECKeyGenerationParameters(
+                                        params,
+                                        random);
+
+        pGen.init(genParam);
+
+        AsymmetricCipherKeyPair  pair = pGen.generateKeyPair();
+
+        ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+        ECGOST3410Signer ecgost3410 = new ECGOST3410Signer();
+
+        ecgost3410.init(true, param);
+
+        //get hash message using the digest GOST3411.
+        byte[] message = "Message for sign".getBytes();
+        GOST3411Digest  gost3411 = new GOST3411Digest();
+        gost3411.update(message, 0, message.length);
+        byte[] hashmessage = new byte[gost3411.getDigestSize()];
+        gost3411.doFinal(hashmessage, 0);
+
+        BigInteger[] sig = ecgost3410.generateSignature(hashmessage);
+
+        ecgost3410.init(false, pair.getPublic());
+
+        if (!ecgost3410.verifySignature(hashmessage, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    /**
+     * Test Sign & Verify with A parameters
+     * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
+     * gostR3410-2001-CryptoPro-A-ParamSet  P.47
+     */
+    public void ecGOST3410_AParam()
+    {
+        SecureRandom random = new SecureRandom();
+
+        BigInteger mod_p = new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639319"); //p
+        BigInteger mod_q = new BigInteger("115792089237316195423570985008687907853073762908499243225378155805079068850323");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            mod_p, // p
+            new BigInteger("115792089237316195423570985008687907853269984665640564039457584007913129639316"), // a
+            new BigInteger("166"), // b
+            mod_q, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.createPoint(
+                new BigInteger("1"), // x
+                new BigInteger("64033881142927202683649881450433473985931760268884941288852745803908878638612")), // y
+            mod_q);
+
+        ECKeyPairGenerator          pGen = new ECKeyPairGenerator();
+        ECKeyGenerationParameters   genParam = new ECKeyGenerationParameters(
+                                        params,
+                                        random);
+
+        pGen.init(genParam);
+
+        AsymmetricCipherKeyPair  pair = pGen.generateKeyPair();
+
+        ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+        ECGOST3410Signer ecgost3410 = new ECGOST3410Signer();
+
+        ecgost3410.init(true, param);
+
+        BigInteger[] sig = ecgost3410.generateSignature(hashmessage);
+
+        ecgost3410.init(false, pair.getPublic());
+
+        if (!ecgost3410.verifySignature(hashmessage, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    /**
+     * Test Sign & Verify with B parameters
+     * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
+     * gostR3410-2001-CryptoPro-B-ParamSet  P.47-48
+     */
+    private void ecGOST3410_BParam()
+    {
+        SecureRandom    random = new SecureRandom();
+
+        BigInteger mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564823193"); //p
+        BigInteger mod_q = new BigInteger("57896044618658097711785492504343953927102133160255826820068844496087732066703");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            mod_p, // p
+            new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564823190"), // a
+            new BigInteger("28091019353058090096996979000309560759124368558014865957655842872397301267595"), // b
+            mod_q, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.createPoint(
+                new BigInteger("1"), // x
+                new BigInteger("28792665814854611296992347458380284135028636778229113005756334730996303888124")), // y
+            mod_q);
+
+        ECKeyPairGenerator          pGen = new ECKeyPairGenerator();
+        ECKeyGenerationParameters   genParam = new ECKeyGenerationParameters(
+                                        params,
+                                        random);
+
+        pGen.init(genParam);
+
+        AsymmetricCipherKeyPair  pair = pGen.generateKeyPair();
+
+        ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+        ECGOST3410Signer ecgost3410 = new ECGOST3410Signer();
+
+        ecgost3410.init(true, param);
+
+        BigInteger[] sig = ecgost3410.generateSignature(hashmessage);
+
+        ecgost3410.init(false, pair.getPublic());
+
+        if (!ecgost3410.verifySignature(hashmessage, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    /**
+     * Test Sign & Verify with C parameters
+     * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
+     * gostR3410-2001-CryptoPro-C-ParamSet  P.48
+     */
+    private void ecGOST3410_CParam()
+    {
+        SecureRandom    random = new SecureRandom();
+
+        BigInteger mod_p = new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502619"); //p
+        BigInteger mod_q = new BigInteger("70390085352083305199547718019018437840920882647164081035322601458352298396601");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            mod_p, // p
+            new BigInteger("70390085352083305199547718019018437841079516630045180471284346843705633502616"), // a
+            new BigInteger("32858"), // b
+            mod_q, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.createPoint(
+                new BigInteger("0"), // x
+                new BigInteger("29818893917731240733471273240314769927240550812383695689146495261604565990247")), // y
+            mod_q);
+
+        ECKeyPairGenerator          pGen = new ECKeyPairGenerator();
+        ECKeyGenerationParameters   genParam = new ECKeyGenerationParameters(
+                                        params,
+                                        random);
+
+        pGen.init(genParam);
+
+        AsymmetricCipherKeyPair  pair = pGen.generateKeyPair();
+
+        ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+        ECGOST3410Signer ecgost3410 = new ECGOST3410Signer();
+
+        ecgost3410.init(true, param);
+
+        BigInteger[] sig = ecgost3410.generateSignature(hashmessage);
+
+        ecgost3410.init(false, pair.getPublic());
+
+        if (!ecgost3410.verifySignature(hashmessage, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    public String getName()
+    {
+        return "ECGOST3410";
+    }
+
+    public void performTest()
+    {
+        ecGOST3410_TEST();
+        ecGOST3410_TestParam();
+        ecGOST3410_AParam();
+        ecGOST3410_BParam();
+        ecGOST3410_CParam();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ECGOST3410Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ECIESKeyEncapsulationTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECIESKeyEncapsulationTest.java
new file mode 100644
index 0000000..64d19f5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECIESKeyEncapsulationTest.java
@@ -0,0 +1,138 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
+import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
+import org.bouncycastle.crypto.kems.ECIESKeyEncapsulation;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Tests for the ECIES Key Encapsulation Mechanism
+ */
+public class ECIESKeyEncapsulationTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "ECIESKeyEncapsulation";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        
+        // Set EC domain parameters and generate key pair
+        X9ECParameters            spec     = SECNamedCurves.getByName("secp224r1");
+        ECDomainParameters        ecDomain = new ECDomainParameters(spec.getCurve(), spec.getG(), spec.getN());
+        ECKeyPairGenerator        ecGen    = new ECKeyPairGenerator();
+
+        ecGen.init(new ECKeyGenerationParameters(ecDomain, new SecureRandom()));
+
+        AsymmetricCipherKeyPair    keys      = ecGen.generateKeyPair();
+        
+        // Set ECIES-KEM parameters
+        ECIESKeyEncapsulation     kem;
+        KDF2BytesGenerator        kdf = new KDF2BytesGenerator(new SHA1Digest());
+        SecureRandom            rnd = new SecureRandom();
+        byte[]                    out = new byte[57];
+        KeyParameter            key1, key2;
+        
+        // Test basic ECIES-KEM
+        kem = new ECIESKeyEncapsulation(kdf, rnd);
+        
+        kem.init(keys.getPublic());
+        key1 = (KeyParameter)kem.encrypt(out, 128);
+        
+        kem.init(keys.getPrivate());
+        key2 = (KeyParameter)kem.decrypt(out, 128);
+
+        if (!areEqual(key1.getKey(), key2.getKey()))
+        {
+            fail("failed basic test");
+        }
+
+        // Test ECIES-KEM using new cofactor mode
+        kem = new ECIESKeyEncapsulation(kdf, rnd, true, false, false);
+        
+        kem.init(keys.getPublic());
+        key1 = (KeyParameter)kem.encrypt(out, 128);
+        
+        kem.init(keys.getPrivate());
+        key2 = (KeyParameter)kem.decrypt(out, 128);
+
+        if (!areEqual(key1.getKey(), key2.getKey()))
+        {
+            fail("failed cofactor test");
+        }
+
+        // Test ECIES-KEM using old cofactor mode
+        kem = new ECIESKeyEncapsulation(kdf, rnd, false, true, false);
+        
+        kem.init(keys.getPublic());
+        key1 = (KeyParameter)kem.encrypt(out, 128);
+    
+        kem.init(keys.getPrivate());
+        key2 = (KeyParameter)kem.decrypt(out, 128);
+
+        if (!areEqual(key1.getKey(), key2.getKey()))
+        {
+            fail("failed old cofactor test");
+        }
+
+        // Test ECIES-KEM using single hash mode
+        kem = new ECIESKeyEncapsulation(kdf, rnd, false, false, true);
+        
+        kem.init(keys.getPublic());
+        key1 = (KeyParameter)kem.encrypt(out, 128);
+        
+        kem.init(keys.getPrivate());
+        key2 = (KeyParameter)kem.decrypt(out, 128);
+
+        if (!areEqual(key1.getKey(), key2.getKey()))
+        {
+            fail("failed single hash test");
+        }
+
+        // Test ECIES-KEM using new cofactor mode and single hash mode
+        kem = new ECIESKeyEncapsulation(kdf, rnd, true, false, true);
+        
+        kem.init(keys.getPublic());
+        key1 = (KeyParameter)kem.encrypt(out, 128);
+        
+        kem.init(keys.getPrivate());
+        key2 = (KeyParameter)kem.decrypt(out, 128);
+
+        if (!areEqual(key1.getKey(), key2.getKey()))
+        {
+            fail("failed cofactor and single hash test");
+        }
+
+        // Test ECIES-KEM using old cofactor mode and single hash mode
+        kem = new ECIESKeyEncapsulation(kdf, rnd, false, true, true);
+        
+        kem.init(keys.getPublic());
+        key1 = (KeyParameter)kem.encrypt(out, 128);
+        
+        kem.init(keys.getPrivate());
+        key2 = (KeyParameter)kem.decrypt(out, 128);
+
+        if (!areEqual(key1.getKey(), key2.getKey()))
+        {
+            fail("failed old cofactor and single hash test");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ECIESKeyEncapsulationTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ECIESTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECIESTest.java
new file mode 100644
index 0000000..8cf100b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECIESTest.java
@@ -0,0 +1,379 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.KeyEncoder;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.engines.IESEngine;
+import org.bouncycastle.crypto.engines.TwofishEngine;
+import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
+import org.bouncycastle.crypto.generators.EphemeralKeyPairGenerator;
+import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.IESParameters;
+import org.bouncycastle.crypto.params.IESWithCipherParameters;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.crypto.parsers.ECIESPublicKeyParser;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * test for ECIES - Elliptic Curve Integrated Encryption Scheme
+ */
+public class ECIESTest
+    extends SimpleTest
+{
+    private static byte[] TWOFISH_IV = Hex.decode("000102030405060708090a0b0c0d0e0f");
+
+    ECIESTest()
+    {
+    }
+
+    public String getName()
+    {
+        return "ECIES";
+    }
+
+    private void doStaticTest(byte[] iv)
+        throws Exception
+    {
+        BigInteger n = new BigInteger("6277101735386680763835789423176059013767194773182842284081");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
+            new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
+            new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+                curve,
+                curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
+                n);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
+            params);
+
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            curve.decodePoint(Hex.decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
+            params);
+
+        AsymmetricCipherKeyPair  p1 = new AsymmetricCipherKeyPair(pubKey, priKey);
+        AsymmetricCipherKeyPair  p2 = new AsymmetricCipherKeyPair(pubKey, priKey);
+
+        //
+        // stream test
+        //
+        IESEngine i1 = new IESEngine(
+                                   new ECDHBasicAgreement(),
+                                   new KDF2BytesGenerator(new SHA1Digest()),
+                                   new HMac(new SHA1Digest()));
+        IESEngine i2 = new IESEngine(
+                                   new ECDHBasicAgreement(),
+                                   new KDF2BytesGenerator(new SHA1Digest()),
+                                   new HMac(new SHA1Digest()));
+        byte[]         d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
+        byte[]         e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
+        CipherParameters p = new IESParameters(d, e, 64);
+
+        i1.init(true, p1.getPrivate(), p2.getPublic(), p);
+        i2.init(false, p2.getPrivate(), p1.getPublic(), p);
+
+        byte[] message = Hex.decode("1234567890abcdef");
+
+        byte[]   out1 = i1.processBlock(message, 0, message.length);
+
+        if (!areEqual(out1, Hex.decode("468d89877e8238802403ec4cb6b329faeccfa6f3a730f2cdb3c0a8e8")))
+        {
+            fail("stream cipher test failed on enc");
+        }
+
+        byte[]   out2 = i2.processBlock(out1, 0, out1.length);
+
+        if (!areEqual(out2, message))
+        {
+            fail("stream cipher test failed");
+        }
+
+        //
+        // twofish with CBC
+        //
+        BufferedBlockCipher c1 = new PaddedBufferedBlockCipher(
+                                    new CBCBlockCipher(new TwofishEngine()));
+        BufferedBlockCipher c2 = new PaddedBufferedBlockCipher(
+                                    new CBCBlockCipher(new TwofishEngine()));
+        i1 = new IESEngine(
+                       new ECDHBasicAgreement(),
+                       new KDF2BytesGenerator(new SHA1Digest()),
+                       new HMac(new SHA1Digest()),
+                       c1);
+        i2 = new IESEngine(
+                       new ECDHBasicAgreement(),
+                       new KDF2BytesGenerator(new SHA1Digest()),
+                       new HMac(new SHA1Digest()),
+                       c2);
+        d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
+        e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
+        p = new IESWithCipherParameters(d, e, 64, 128);
+
+        if (iv != null)
+        {
+            p = new ParametersWithIV(p, iv);
+        }
+
+        i1.init(true, p1.getPrivate(), p2.getPublic(), p);
+        i2.init(false, p2.getPrivate(), p1.getPublic(), p);
+
+        message = Hex.decode("1234567890abcdef");
+
+        out1 = i1.processBlock(message, 0, message.length);
+
+        if (!areEqual(out1, (iv == null) ?
+                                  Hex.decode("b8a06ea5c2b9df28b58a0a90a734cde8c9c02903e5c220021fe4417410d1e53a32a71696")
+                                : Hex.decode("f246b0e26a2711992cac9c590d08e45c5e730b7c0f4218bb064e27b7dd7c8a3bd8bf01c3")))
+        {
+            fail("twofish cipher test failed on enc");
+        }
+
+        out2 = i2.processBlock(out1, 0, out1.length);
+
+        if (!areEqual(out2, message))
+        {
+            fail("twofish cipher test failed");
+        }
+    }
+
+    private void doEphemeralTest(byte[] iv, final boolean usePointCompression)
+        throws Exception
+    {
+        BigInteger n = new BigInteger("6277101735386680763835789423176059013767194773182842284081");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
+            new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
+            new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+                curve,
+                curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
+                n);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
+            params);
+
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            curve.decodePoint(Hex.decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
+            params);
+
+        AsymmetricCipherKeyPair  p1 = new AsymmetricCipherKeyPair(pubKey, priKey);
+        AsymmetricCipherKeyPair  p2 = new AsymmetricCipherKeyPair(pubKey, priKey);
+
+        // Generate the ephemeral key pair
+        ECKeyPairGenerator gen = new ECKeyPairGenerator();
+        gen.init(new ECKeyGenerationParameters(params, new SecureRandom()));
+
+        EphemeralKeyPairGenerator ephKeyGen = new EphemeralKeyPairGenerator(gen, new KeyEncoder()
+        {
+            public byte[] getEncoded(AsymmetricKeyParameter keyParameter)
+            {
+                return ((ECPublicKeyParameters)keyParameter).getQ().getEncoded(usePointCompression);
+            }
+        });
+
+        //
+        // stream test
+        //
+        IESEngine i1 = new IESEngine(
+                                   new ECDHBasicAgreement(),
+                                   new KDF2BytesGenerator(new SHA1Digest()),
+                                   new HMac(new SHA1Digest()));
+        IESEngine i2 = new IESEngine(
+                                   new ECDHBasicAgreement(),
+                                   new KDF2BytesGenerator(new SHA1Digest()),
+                                   new HMac(new SHA1Digest()));
+
+        byte[]            d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
+        byte[]            e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
+        CipherParameters  p = new IESParameters(d, e, 64);
+
+        i1.init(p2.getPublic(), p, ephKeyGen);
+        i2.init(p2.getPrivate(), p, new ECIESPublicKeyParser(params));
+
+        byte[] message = Hex.decode("1234567890abcdef");
+
+        byte[]   out1 = i1.processBlock(message, 0, message.length);
+
+        byte[]   out2 = i2.processBlock(out1, 0, out1.length);
+
+        if (!areEqual(out2, message))
+        {
+            fail("stream cipher test failed");
+        }
+
+        //
+        // twofish with CBC
+        //
+        BufferedBlockCipher c1 = new PaddedBufferedBlockCipher(
+                                    new CBCBlockCipher(new TwofishEngine()));
+        BufferedBlockCipher c2 = new PaddedBufferedBlockCipher(
+                                    new CBCBlockCipher(new TwofishEngine()));
+        i1 = new IESEngine(
+                       new ECDHBasicAgreement(),
+                       new KDF2BytesGenerator(new SHA1Digest()),
+                       new HMac(new SHA1Digest()),
+                       c1);
+        i2 = new IESEngine(
+                       new ECDHBasicAgreement(),
+                       new KDF2BytesGenerator(new SHA1Digest()),
+                       new HMac(new SHA1Digest()),
+                       c2);
+        d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
+        e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
+        p = new IESWithCipherParameters(d, e, 64, 128);
+
+        if (iv != null)
+        {
+            p = new ParametersWithIV(p, iv);
+        }
+
+        i1.init(p2.getPublic(), p, ephKeyGen);
+        i2.init(p2.getPrivate(), p, new ECIESPublicKeyParser(params));
+
+        message = Hex.decode("1234567890abcdef");
+
+        out1 = i1.processBlock(message, 0, message.length);
+
+        out2 = i2.processBlock(out1, 0, out1.length);
+
+        if (!areEqual(out2, message))
+        {
+            fail("twofish cipher test failed");
+        }
+    }
+
+    private void doTest(AsymmetricCipherKeyPair p1, AsymmetricCipherKeyPair p2)
+        throws Exception
+    {
+        //
+        // stream test
+        //
+        IESEngine i1 = new IESEngine(
+                                   new ECDHBasicAgreement(),
+                                   new KDF2BytesGenerator(new SHA1Digest()),
+                                   new HMac(new SHA1Digest()));
+        IESEngine i2 = new IESEngine(
+                                   new ECDHBasicAgreement(),
+                                   new KDF2BytesGenerator(new SHA1Digest()),
+                                   new HMac(new SHA1Digest()));
+        byte[]         d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
+        byte[]         e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
+        IESParameters  p = new IESParameters(d, e, 64);
+
+        i1.init(true, p1.getPrivate(), p2.getPublic(), p);
+        i2.init(false, p2.getPrivate(), p1.getPublic(), p);
+
+        byte[] message = Hex.decode("1234567890abcdef");
+
+        byte[]   out1 = i1.processBlock(message, 0, message.length);
+ 
+        byte[]   out2 = i2.processBlock(out1, 0, out1.length);
+
+        if (!areEqual(out2, message))
+        {
+            fail("stream cipher test failed");
+        }
+
+        //
+        // twofish with CBC
+        //
+        BufferedBlockCipher c1 = new PaddedBufferedBlockCipher(
+                                    new CBCBlockCipher(new TwofishEngine()));
+        BufferedBlockCipher c2 = new PaddedBufferedBlockCipher(
+                                    new CBCBlockCipher(new TwofishEngine()));
+        i1 = new IESEngine(
+                       new ECDHBasicAgreement(),
+                       new KDF2BytesGenerator(new SHA1Digest()),
+                       new HMac(new SHA1Digest()),
+                       c1);
+        i2 = new IESEngine(
+                       new ECDHBasicAgreement(),
+                       new KDF2BytesGenerator(new SHA1Digest()),
+                       new HMac(new SHA1Digest()),
+                       c2);
+        d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
+        e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
+        p = new IESWithCipherParameters(d, e, 64, 128);
+
+        i1.init(true, p1.getPrivate(), p2.getPublic(), p);
+        i2.init(false, p2.getPrivate(), p1.getPublic(), p);
+
+        message = Hex.decode("1234567890abcdef");
+
+        out1 = i1.processBlock(message, 0, message.length);
+
+        out2 = i2.processBlock(out1, 0, out1.length);
+
+        if (!areEqual(out2, message))
+        {
+            fail("twofish cipher test failed");
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        doStaticTest(null);
+        doStaticTest(TWOFISH_IV);
+
+        BigInteger n = new BigInteger("6277101735386680763835789423176059013767194773182842284081");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
+            new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
+            new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+                curve,
+                curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
+                n);
+
+        ECKeyPairGenerator eGen = new ECKeyPairGenerator();
+        KeyGenerationParameters gParam = new ECKeyGenerationParameters(params, new SecureRandom());
+
+        eGen.init(gParam);
+
+        AsymmetricCipherKeyPair p1 = eGen.generateKeyPair();
+        AsymmetricCipherKeyPair p2 = eGen.generateKeyPair();
+
+        doTest(p1, p2);
+
+        doEphemeralTest(null, false);
+        doEphemeralTest(null, true);
+        doEphemeralTest(TWOFISH_IV, false);
+        doEphemeralTest(TWOFISH_IV, true);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ECIESTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ECNRTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECNRTest.java
new file mode 100644
index 0000000..d4cf741
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECNRTest.java
@@ -0,0 +1,99 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.signers.ECNRSigner;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.FixedSecureRandom;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * ECNR tests.
+ */
+public class ECNRTest
+    extends SimpleTest
+{
+    /**
+     * a basic regression test with 239 bit prime
+     */
+    BigInteger r = new BigInteger("308636143175167811492623515537541734843573549327605293463169625072911693");
+    BigInteger s = new BigInteger("852401710738814635664888632022555967400445256405412579597015412971797143");
+
+    byte[] kData = BigIntegers.asUnsignedByteArray(new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655"));
+
+    SecureRandom    k = new FixedSecureRandom(true, kData);
+
+    private void ecNR239bitPrime()
+    {
+        BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
+            new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
+            new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
+            n);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
+            params);
+
+        ECNRSigner ecnr = new ECNRSigner();
+        ParametersWithRandom param = new ParametersWithRandom(priKey, k);
+
+        ecnr.init(true, param);
+
+        byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").toByteArray();
+        BigInteger[] sig = ecnr.generateSignature(message);
+
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong.", r, sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong.", s, sig[1]);
+        }
+
+        // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            curve.decodePoint(Hex.decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
+            params);
+
+        ecnr.init(false, pubKey);
+        if (!ecnr.verifySignature(message, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    public String getName()
+    {
+        return "ECNR";
+    }
+
+    public void performTest()
+    {
+        ecNR239bitPrime();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ECNRTest());
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ECTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECTest.java
new file mode 100644
index 0000000..fc11276
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ECTest.java
@@ -0,0 +1,926 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.BasicAgreement;
+import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
+import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
+import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
+import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.MQVPrivateParameters;
+import org.bouncycastle.crypto.params.MQVPublicParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.signers.ECDSASigner;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.FixedSecureRandom;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * ECDSA tests are taken from X9.62.
+ */
+public class ECTest
+    extends SimpleTest
+{   
+    /**
+     * X9.62 - 1998,<br>
+     * J.3.1, Page 152, ECDSA over the field Fp<br>
+     * an example with 192 bit prime
+     */
+    private void testECDSA192bitPrime()
+    {
+        BigInteger r = new BigInteger("3342403536405981729393488334694600415596881826869351677613");
+        BigInteger s = new BigInteger("5735822328888155254683894997897571951568553642892029982342");
+
+        byte[] kData = BigIntegers.asUnsignedByteArray(new BigInteger("6140507067065001063065065565667405560006161556565665656654"));
+
+        SecureRandom k = new FixedSecureRandom(kData);
+
+        BigInteger n = new BigInteger("6277101735386680763835789423176059013767194773182842284081");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
+            new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
+            new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+                curve,
+                curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")), // G
+                n);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("651056770906015076056810763456358567190100156695615665659"), // d
+            params);
+
+        ParametersWithRandom param = new ParametersWithRandom(priKey, k);
+
+        ECDSASigner ecdsa = new ECDSASigner();
+
+        ecdsa.init(true, param);
+
+        byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").toByteArray();
+        BigInteger[] sig = ecdsa.generateSignature(message);
+
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+
+        // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            curve.decodePoint(Hex.decode("0262b12d60690cdcf330babab6e69763b471f994dd702d16a5")), // Q
+            params);
+
+        ecdsa.init(false, pubKey);
+        if (!ecdsa.verifySignature(message, sig[0], sig[1]))
+        {
+            fail("verification fails");
+        }
+    }
+
+    private void decodeTest()
+    {
+        ECCurve.Fp curve = new ECCurve.Fp(
+                new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q
+                new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a
+                new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b
+        
+        ECPoint p = curve.decodePoint(Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")).normalize();
+
+        if (!p.getAffineXCoord().toBigInteger().equals(new BigInteger("188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012", 16)))
+        {
+            fail("x uncompressed incorrectly");
+        }
+
+        if (!p.getAffineYCoord().toBigInteger().equals(new BigInteger("7192b95ffc8da78631011ed6b24cdd573f977a11e794811", 16)))
+        {
+            fail("y uncompressed incorrectly");
+        }
+
+        byte[] encoding = p.getEncoded();
+
+        if (!areEqual(encoding, Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")))
+        {
+            fail("point compressed incorrectly");
+        }
+    }
+    
+    /**
+     * X9.62 - 1998,<br>
+     * J.3.2, Page 155, ECDSA over the field Fp<br>
+     * an example with 239 bit prime
+     */
+    private void testECDSA239bitPrime()
+    {
+        BigInteger r = new BigInteger("308636143175167811492622547300668018854959378758531778147462058306432176");
+        BigInteger s = new BigInteger("323813553209797357708078776831250505931891051755007842781978505179448783");
+
+        byte[] kData = BigIntegers.asUnsignedByteArray(new BigInteger("700000017569056646655505781757157107570501575775705779575555657156756655"));
+
+        SecureRandom k = new FixedSecureRandom(true, kData);
+
+        BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
+            new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
+            new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
+            n);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
+            params);
+
+        ECDSASigner ecdsa = new ECDSASigner();
+        ParametersWithRandom param = new ParametersWithRandom(priKey, k);
+
+        ecdsa.init(true, param);
+
+        byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").toByteArray();
+        BigInteger[] sig = ecdsa.generateSignature(message);
+
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+
+        // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            curve.decodePoint(Hex.decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
+            params);
+
+        ecdsa.init(false, pubKey);
+        if (!ecdsa.verifySignature(message, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+
+    /**
+     * X9.62 - 1998,<br>
+     * J.2.1, Page 100, ECDSA over the field F2m<br>
+     * an example with 191 bit binary field
+     */
+    private void testECDSA191bitBinary()
+    {
+        BigInteger r = new BigInteger("87194383164871543355722284926904419997237591535066528048");
+        BigInteger s = new BigInteger("308992691965804947361541664549085895292153777025772063598");
+    
+        byte[] kData = BigIntegers.asUnsignedByteArray(new BigInteger("1542725565216523985789236956265265265235675811949404040041"));
+        
+        SecureRandom k = new FixedSecureRandom(kData);
+
+        BigInteger n = new BigInteger("1569275433846670190958947355803350458831205595451630533029");
+        BigInteger h = BigInteger.valueOf(2);
+
+        ECCurve.F2m curve = new ECCurve.F2m(
+            191, // m
+            9, //k
+            new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16), // a
+            new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16), // b
+            n, h);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.decodePoint(Hex.decode("0436B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB")), // G
+            n, h);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("1275552191113212300012030439187146164646146646466749494799"), // d
+            params);
+    
+        ECDSASigner ecdsa = new ECDSASigner();
+        ParametersWithRandom param = new ParametersWithRandom(priKey, k);
+    
+        ecdsa.init(true, param);
+    
+        byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").toByteArray();
+        BigInteger[] sig = ecdsa.generateSignature(message);
+    
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+    
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+    
+        // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            curve.decodePoint(Hex.decode("045DE37E756BD55D72E3768CB396FFEB962614DEA4CE28A2E755C0E0E02F5FB132CAF416EF85B229BBB8E1352003125BA1")), // Q
+            params);
+
+        ecdsa.init(false, pubKey);
+        if (!ecdsa.verifySignature(message, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+
+    /**
+     * X9.62 - 1998,<br>
+     * J.2.1, Page 100, ECDSA over the field F2m<br>
+     * an example with 191 bit binary field
+     */
+    private void testECDSA239bitBinary()
+    {
+        BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
+        BigInteger s = new BigInteger("197030374000731686738334997654997227052849804072198819102649413465737174");
+    
+        byte[] kData = BigIntegers.asUnsignedByteArray(new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
+        
+        SecureRandom k = new FixedSecureRandom(kData);
+
+        BigInteger n = new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783");
+        BigInteger h = BigInteger.valueOf(4);
+
+        ECCurve.F2m curve = new ECCurve.F2m(
+            239, // m
+            36, //k
+            new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
+            new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16), // b
+            n, h);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.decodePoint(Hex.decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
+            n, h);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
+            params);
+    
+        ECDSASigner ecdsa = new ECDSASigner();
+        ParametersWithRandom param = new ParametersWithRandom(priKey, k);
+    
+        ecdsa.init(true, param);
+    
+        byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").toByteArray();
+        BigInteger[] sig = ecdsa.generateSignature(message);
+    
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+    
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+    
+        // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            curve.decodePoint(Hex.decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
+            params);
+
+        ecdsa.init(false, pubKey);
+        if (!ecdsa.verifySignature(message, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    // L 4.1  X9.62 2005
+    private void testECDSAP224sha224()
+    {
+        X9ECParameters p = NISTNamedCurves.getByName("P-224");
+        ECDomainParameters params = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH());
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("6081831502424510080126737029209236539191290354021104541805484120491"), // d
+            params);
+        SecureRandom    k = new FixedSecureRandom(BigIntegers.asUnsignedByteArray(new BigInteger("15456715103636396133226117016818339719732885723579037388121116732601")));
+        
+        byte[] M = Hex.decode("8797A3C693CC292441039A4E6BAB7387F3B4F2A63D00ED384B378C79");
+
+        ECDSASigner dsa = new ECDSASigner();
+
+        dsa.init(true, new ParametersWithRandom(priKey, k));
+
+        BigInteger[] sig = dsa.generateSignature(M);
+
+        BigInteger r = new BigInteger("26477406756127720855365980332052585411804331993436302005017227573742");
+        BigInteger s = new BigInteger("17694958233103667059888193972742186995283044672015112738919822429978");
+        
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+
+                // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            params.getCurve().decodePoint(Hex.decode("03FD44EC11F9D43D9D23B1E1D1C9ED6519B40ECF0C79F48CF476CC43F1")), // Q
+            params);
+
+        dsa.init(false, pubKey);
+        if (!dsa.verifySignature(M, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    private void testECDSASecP224k1sha256()
+    {
+        X9ECParameters p = SECNamedCurves.getByName("secp224k1");
+        ECDomainParameters params = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH());
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("BE6F6E91FE96840A6518B56F3FE21689903A64FA729057AB872A9F51", 16), // d
+            params);
+        SecureRandom    k = new FixedSecureRandom(Hex.decode("00c39beac93db21c3266084429eb9b846b787c094f23a4de66447efbb3"));
+       
+        byte[] M = Hex.decode("E5D5A7ADF73C5476FAEE93A2C76CE94DC0557DB04CDC189504779117920B896D");
+
+        ECDSASigner dsa = new ECDSASigner();
+
+        dsa.init(true, new ParametersWithRandom(priKey, k));
+
+        BigInteger[] sig = dsa.generateSignature(M);
+
+        BigInteger r = new BigInteger("8163E5941BED41DA441B33E653C632A55A110893133351E20CE7CB75", 16);
+        BigInteger s = new BigInteger("D12C3FC289DDD5F6890DCE26B65792C8C50E68BF551D617D47DF15A8", 16);
+
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+
+                // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            params.getCurve().decodePoint(Hex.decode("04C5C9B38D3603FCCD6994CBB9594E152B658721E483669BB42728520F484B537647EC816E58A8284D3B89DFEDB173AFDC214ECA95A836FA7C")), // Q
+            params);
+
+        dsa.init(false, pubKey);
+        if (!dsa.verifySignature(M, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    // L4.2  X9.62 2005
+    private void testECDSAP256sha256()
+    {
+        X9ECParameters p = NISTNamedCurves.getByName("P-256");
+        ECDomainParameters params = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH());
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("20186677036482506117540275567393538695075300175221296989956723148347484984008"), // d
+            params);
+        SecureRandom    k = new FixedSecureRandom(BigIntegers.asUnsignedByteArray(new BigInteger("72546832179840998877302529996971396893172522460793442785601695562409154906335")));
+
+        byte[] M = Hex.decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
+
+        ECDSASigner dsa = new ECDSASigner();
+
+        dsa.init(true, new ParametersWithRandom(priKey, k));
+
+        BigInteger[] sig = dsa.generateSignature(M);
+
+        BigInteger r = new BigInteger("97354732615802252173078420023658453040116611318111190383344590814578738210384");
+        BigInteger s = new BigInteger("98506158880355671805367324764306888225238061309262649376965428126566081727535");
+
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+
+                // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            params.getCurve().decodePoint(Hex.decode("03596375E6CE57E0F20294FC46BDFCFD19A39F8161B58695B3EC5B3D16427C274D")), // Q
+            params);
+
+        dsa.init(false, pubKey);
+        if (!dsa.verifySignature(M, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    private void testECDSAP224OneByteOver()
+    {
+        X9ECParameters p = NISTNamedCurves.getByName("P-224");
+        ECDomainParameters params = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH());
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("6081831502424510080126737029209236539191290354021104541805484120491"), // d
+            params);
+        SecureRandom    k = new FixedSecureRandom(BigIntegers.asUnsignedByteArray(new BigInteger("15456715103636396133226117016818339719732885723579037388121116732601")));
+
+        byte[] M = Hex.decode("8797A3C693CC292441039A4E6BAB7387F3B4F2A63D00ED384B378C79FF");
+
+        ECDSASigner dsa = new ECDSASigner();
+
+        dsa.init(true, new ParametersWithRandom(priKey, k));
+
+        BigInteger[] sig = dsa.generateSignature(M);
+
+        BigInteger r = new BigInteger("26477406756127720855365980332052585411804331993436302005017227573742");
+        BigInteger s = new BigInteger("17694958233103667059888193972742186995283044672015112738919822429978");
+
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+
+                // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            params.getCurve().decodePoint(Hex.decode("03FD44EC11F9D43D9D23B1E1D1C9ED6519B40ECF0C79F48CF476CC43F1")), // Q
+            params);
+
+        dsa.init(false, pubKey);
+        if (!dsa.verifySignature(M, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    // L4.3  X9.62 2005
+    private void testECDSAP521sha512()
+    {
+        X9ECParameters p = NISTNamedCurves.getByName("P-521");
+        ECDomainParameters params = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH());
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("617573726813476282316253885608633222275541026607493641741273231656161177732180358888434629562647985511298272498852936680947729040673640492310550142822667389"), // d
+            params);
+        SecureRandom    k = new FixedSecureRandom(BigIntegers.asUnsignedByteArray(new BigInteger("6806532878215503520845109818432174847616958675335397773700324097584974639728725689481598054743894544060040710846048585856076812050552869216017728862957612913")));
+
+        byte[] M = Hex.decode("6893B64BD3A9615C39C3E62DDD269C2BAAF1D85915526083183CE14C2E883B48B193607C1ED871852C9DF9C3147B574DC1526C55DE1FE263A676346A20028A66");
+
+        ECDSASigner dsa = new ECDSASigner();
+
+        dsa.init(true, new ParametersWithRandom(priKey, k));
+
+        BigInteger[] sig = dsa.generateSignature(M);
+
+        BigInteger r = new BigInteger("1368926195812127407956140744722257403535864168182534321188553460365652865686040549247096155740756318290773648848859639978618869784291633651685766829574104630");
+        BigInteger s = new BigInteger("1624754720348883715608122151214003032398685415003935734485445999065609979304811509538477657407457976246218976767156629169821116579317401249024208611945405790");
+
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+
+                // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            params.getCurve().decodePoint(Hex.decode("020145E221AB9F71C5FE740D8D2B94939A09E2816E2167A7D058125A06A80C014F553E8D6764B048FB6F2B687CEC72F39738F223D4CE6AFCBFF2E34774AA5D3C342CB3")), // Q
+            params);
+
+        dsa.init(false, pubKey);
+        if (!dsa.verifySignature(M, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    /**
+     * General test for long digest.
+     */
+    private void testECDSA239bitBinaryAndLargeDigest()
+    {
+        BigInteger r = new BigInteger("21596333210419611985018340039034612628818151486841789642455876922391552");
+        BigInteger s = new BigInteger("144940322424411242416373536877786566515839911620497068645600824084578597");
+
+        byte[] kData = BigIntegers.asUnsignedByteArray(new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
+        
+        SecureRandom    k = new FixedSecureRandom(kData);
+
+        BigInteger n = new BigInteger("220855883097298041197912187592864814557886993776713230936715041207411783");
+        BigInteger h = BigInteger.valueOf(4);
+
+        ECCurve.F2m curve = new ECCurve.F2m(
+            239, // m
+            36, //k
+            new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), // a
+            new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16), // b
+            n, h);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.decodePoint(Hex.decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
+            n, h);
+
+        ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(
+            new BigInteger("145642755521911534651321230007534120304391871461646461466464667494947990"), // d
+            params);
+    
+        ECDSASigner ecdsa = new ECDSASigner();
+        ParametersWithRandom param = new ParametersWithRandom(priKey, k);
+    
+        ecdsa.init(true, param);
+    
+        byte[] message = new BigInteger("968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517968236873715988614170569073515315707566766479517").toByteArray();
+        BigInteger[] sig = ecdsa.generateSignature(message);
+    
+        if (!r.equals(sig[0]))
+        {
+            fail("r component wrong." + System.getProperty("line.separator")
+                + " expecting: " + r + System.getProperty("line.separator")
+                + " got      : " + sig[0]);
+        }
+    
+        if (!s.equals(sig[1]))
+        {
+            fail("s component wrong." + System.getProperty("line.separator")
+                + " expecting: " + s + System.getProperty("line.separator")
+                + " got      : " + sig[1]);
+        }
+    
+        // Verify the signature
+        ECPublicKeyParameters pubKey = new ECPublicKeyParameters(
+            curve.decodePoint(Hex.decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
+            params);
+
+        ecdsa.init(false, pubKey);
+        if (!ecdsa.verifySignature(message, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    /**
+     * key generation test
+     */
+    private void testECDSAKeyGenTest()
+    {
+        SecureRandom random = new SecureRandom();
+
+        BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
+            new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
+            new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
+            n);
+
+        ECKeyPairGenerator          pGen = new ECKeyPairGenerator();
+        ECKeyGenerationParameters   genParam = new ECKeyGenerationParameters(
+                                        params,
+                                        random);
+
+        pGen.init(genParam);
+
+        AsymmetricCipherKeyPair  pair = pGen.generateKeyPair();
+    
+        ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+        ECDSASigner ecdsa = new ECDSASigner();
+
+        ecdsa.init(true, param);
+
+        byte[] message = new BigInteger("968236873715988614170569073515315707566766479517").toByteArray();
+        BigInteger[] sig = ecdsa.generateSignature(message);
+
+        ecdsa.init(false, pair.getPublic());
+
+        if (!ecdsa.verifySignature(message, sig[0], sig[1]))
+        {
+            fail("signature fails");
+        }
+    }
+
+    /**
+     * Basic Key Agreement Test
+     */
+    private void testECBasicAgreementTest()
+    {
+        SecureRandom random = new SecureRandom();
+
+        BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307");
+
+        ECCurve.Fp curve = new ECCurve.Fp(
+            new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
+            new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
+            new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b
+            n, ECConstants.ONE);
+
+        ECDomainParameters params = new ECDomainParameters(
+            curve,
+            curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
+            n);
+
+        ECKeyPairGenerator          pGen = new ECKeyPairGenerator();
+        ECKeyGenerationParameters   genParam = new ECKeyGenerationParameters(
+                                        params,
+                                        random);
+
+        pGen.init(genParam);
+
+        AsymmetricCipherKeyPair  p1 = pGen.generateKeyPair();
+        AsymmetricCipherKeyPair  p2 = pGen.generateKeyPair();
+    
+        //
+        // two way
+        //
+        BasicAgreement    e1 = new ECDHBasicAgreement();
+        BasicAgreement    e2 = new ECDHBasicAgreement();
+
+        e1.init(p1.getPrivate());
+        e2.init(p2.getPrivate());
+
+        BigInteger   k1 = e1.calculateAgreement(p2.getPublic());
+        BigInteger   k2 = e2.calculateAgreement(p1.getPublic());
+
+        if (!k1.equals(k2))
+        {
+            fail("calculated agreement test failed");
+        }
+
+        //
+        // two way
+        //
+        e1 = new ECDHCBasicAgreement();
+        e2 = new ECDHCBasicAgreement();
+
+        e1.init(p1.getPrivate());
+        e2.init(p2.getPrivate());
+
+        k1 = e1.calculateAgreement(p2.getPublic());
+        k2 = e2.calculateAgreement(p1.getPublic());
+
+        if (!k1.equals(k2))
+        {
+            fail("calculated agreement test failed");
+        }
+    }
+
+     private void testECMQVTestVector1()
+     {
+         // Test Vector from GEC-2
+
+         X9ECParameters x9 = SECNamedCurves.getByName("secp160r1");
+         ECDomainParameters p = new ECDomainParameters(
+             x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
+
+         AsymmetricCipherKeyPair U1 = new AsymmetricCipherKeyPair(
+             new ECPublicKeyParameters(
+                 p.getCurve().decodePoint(Hex.decode("0251B4496FECC406ED0E75A24A3C03206251419DC0")), p),
+             new ECPrivateKeyParameters(
+                 new BigInteger("AA374FFC3CE144E6B073307972CB6D57B2A4E982", 16), p));
+
+         AsymmetricCipherKeyPair U2 = new AsymmetricCipherKeyPair(
+             new ECPublicKeyParameters(
+                 p.getCurve().decodePoint(Hex.decode("03D99CE4D8BF52FA20BD21A962C6556B0F71F4CA1F")), p),
+             new ECPrivateKeyParameters(
+                 new BigInteger("149EC7EA3A220A887619B3F9E5B4CA51C7D1779C", 16), p));
+
+         AsymmetricCipherKeyPair V1 = new AsymmetricCipherKeyPair(
+             new ECPublicKeyParameters(
+                 p.getCurve().decodePoint(Hex.decode("0349B41E0E9C0369C2328739D90F63D56707C6E5BC")), p),
+             new ECPrivateKeyParameters(
+                 new BigInteger("45FB58A92A17AD4B15101C66E74F277E2B460866", 16), p));
+
+         AsymmetricCipherKeyPair V2 = new AsymmetricCipherKeyPair(
+             new ECPublicKeyParameters(
+                 p.getCurve().decodePoint(Hex.decode("02706E5D6E1F640C6E9C804E75DBC14521B1E5F3B5")), p),
+             new ECPrivateKeyParameters(
+                 new BigInteger("18C13FCED9EADF884F7C595C8CB565DEFD0CB41E", 16), p));
+
+         BigInteger x = calculateAgreement(U1, U2, V1, V2);
+
+         if (x == null
+             || !x.equals(new BigInteger("5A6955CEFDB4E43255FB7FCF718611E4DF8E05AC", 16)))
+         {
+             fail("MQV Test Vector #1 agreement failed");
+         }
+     }
+
+     private void testECMQVTestVector2()
+     {
+         // Test Vector from GEC-2
+
+         X9ECParameters x9 = SECNamedCurves.getByName("sect163k1");
+         ECDomainParameters p = new ECDomainParameters(
+             x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
+
+         AsymmetricCipherKeyPair U1 = new AsymmetricCipherKeyPair(
+             new ECPublicKeyParameters(
+                 p.getCurve().decodePoint(Hex.decode("03037D529FA37E42195F10111127FFB2BB38644806BC")), p),
+             new ECPrivateKeyParameters(
+                 new BigInteger("03A41434AA99C2EF40C8495B2ED9739CB2155A1E0D", 16), p));
+
+         AsymmetricCipherKeyPair U2 = new AsymmetricCipherKeyPair(
+             new ECPublicKeyParameters(
+                 p.getCurve().decodePoint(Hex.decode("02015198E74BC2F1E5C9A62B80248DF0D62B9ADF8429")), p),
+             new ECPrivateKeyParameters(
+                 new BigInteger("032FC4C61A8211E6A7C4B8B0C03CF35F7CF20DBD52", 16), p));
+
+         AsymmetricCipherKeyPair V1 = new AsymmetricCipherKeyPair(
+             new ECPublicKeyParameters(
+                 p.getCurve().decodePoint(Hex.decode("03072783FAAB9549002B4F13140B88132D1C75B3886C")), p),
+             new ECPrivateKeyParameters(
+                 new BigInteger("57E8A78E842BF4ACD5C315AA0569DB1703541D96", 16), p));
+
+         AsymmetricCipherKeyPair V2 = new AsymmetricCipherKeyPair(
+             new ECPublicKeyParameters(
+                 p.getCurve().decodePoint(Hex.decode("03067E3AEA3510D69E8EDD19CB2A703DDC6CF5E56E32")), p),
+             new ECPrivateKeyParameters(
+                 new BigInteger("02BD198B83A667A8D908EA1E6F90FD5C6D695DE94F", 16), p));
+
+         BigInteger x = calculateAgreement(U1, U2, V1, V2);
+
+         if (x == null
+             || !x.equals(new BigInteger("038359FFD30C0D5FC1E6154F483B73D43E5CF2B503", 16)))
+         {
+             fail("MQV Test Vector #2 agreement failed");
+         }
+     }
+
+     private void testECMQVRandom()
+     {
+         SecureRandom random = new SecureRandom();
+
+         BigInteger n = new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307");
+
+         ECCurve.Fp curve = new ECCurve.Fp(
+             new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
+             new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
+             new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), // b
+             n, ECConstants.ONE);
+
+         ECDomainParameters parameters = new ECDomainParameters(
+             curve,
+             curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
+             n);
+
+         ECKeyPairGenerator pGen = new ECKeyPairGenerator();
+
+         pGen.init(new ECKeyGenerationParameters(parameters, random));
+
+
+         // Pre-established key pairs
+         AsymmetricCipherKeyPair U1 = pGen.generateKeyPair();
+         AsymmetricCipherKeyPair V1 = pGen.generateKeyPair();
+
+         // Ephemeral key pairs
+         AsymmetricCipherKeyPair U2 = pGen.generateKeyPair();
+         AsymmetricCipherKeyPair V2 = pGen.generateKeyPair();
+
+         BigInteger x = calculateAgreement(U1, U2, V1, V2);
+
+         if (x == null)
+         {
+             fail("MQV Test Vector (random) agreement failed");
+         }
+     }
+
+     private static BigInteger calculateAgreement(
+         AsymmetricCipherKeyPair U1,
+         AsymmetricCipherKeyPair U2,
+         AsymmetricCipherKeyPair V1,
+         AsymmetricCipherKeyPair V2)
+     {
+         ECMQVBasicAgreement u = new ECMQVBasicAgreement();
+         u.init(new MQVPrivateParameters(
+             (ECPrivateKeyParameters)U1.getPrivate(),
+             (ECPrivateKeyParameters)U2.getPrivate(),
+             (ECPublicKeyParameters)U2.getPublic()));
+         BigInteger ux = u.calculateAgreement(new MQVPublicParameters(
+             (ECPublicKeyParameters)V1.getPublic(),
+             (ECPublicKeyParameters)V2.getPublic()));
+
+         ECMQVBasicAgreement v = new ECMQVBasicAgreement();
+         v.init(new MQVPrivateParameters(
+             (ECPrivateKeyParameters)V1.getPrivate(),
+             (ECPrivateKeyParameters)V2.getPrivate(),
+             (ECPublicKeyParameters)V2.getPublic()));
+         BigInteger vx = v.calculateAgreement(new MQVPublicParameters(
+             (ECPublicKeyParameters)U1.getPublic(),
+             (ECPublicKeyParameters)U2.getPublic()));
+
+         if (ux.equals(vx))
+         {
+             return ux;
+         }
+
+         return null;
+     }
+
+    public String getName()
+    {
+        return "EC";
+    }
+
+    public void performTest()
+    {
+        decodeTest();
+        testECDSA192bitPrime();
+        testECDSA239bitPrime();
+        testECDSA191bitBinary();
+        testECDSA239bitBinary();
+        testECDSAKeyGenTest();
+        testECBasicAgreementTest();
+
+        testECDSAP224sha224();
+        testECDSAP224OneByteOver();
+        testECDSAP256sha256();
+        testECDSAP521sha512();
+        testECDSASecP224k1sha256();
+        testECDSA239bitBinaryAndLargeDigest();
+        
+        testECMQVTestVector1();
+        testECMQVTestVector2();
+        testECMQVRandom();
+    }
+
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ECTest());
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ElGamalTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ElGamalTest.java
new file mode 100644
index 0000000..fb93699
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ElGamalTest.java
@@ -0,0 +1,285 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.engines.ElGamalEngine;
+import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator;
+import org.bouncycastle.crypto.generators.ElGamalParametersGenerator;
+import org.bouncycastle.crypto.params.ElGamalKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ElGamalParameters;
+import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class ElGamalTest
+    extends SimpleTest
+{
+    private BigInteger g512 = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16);
+    private BigInteger p512 = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16);
+
+    private BigInteger g768 = new BigInteger("7c240073c1316c621df461b71ebb0cdcc90a6e5527e5e126633d131f87461c4dc4afc60c2cb0f053b6758871489a69613e2a8b4c8acde23954c08c81cbd36132cfd64d69e4ed9f8e51ed6e516297206672d5c0a69135df0a5dcf010d289a9ca1", 16);
+    private BigInteger p768 = new BigInteger("8c9dd223debed1b80103b8b309715be009d48860ed5ae9b9d5d8159508efd802e3ad4501a7f7e1cfec78844489148cd72da24b21eddd01aa624291c48393e277cfc529e37075eccef957f3616f962d15b44aeab4039d01b817fde9eaa12fd73f", 16);
+
+    private BigInteger  g1024 = new BigInteger("1db17639cdf96bc4eabba19454f0b7e5bd4e14862889a725c96eb61048dcd676ceb303d586e30f060dbafd8a571a39c4d823982117da5cc4e0f89c77388b7a08896362429b94a18a327604eb7ff227bffbc83459ade299e57b5f77b50fb045250934938efa145511166e3197373e1b5b1e52de713eb49792bedde722c6717abf", 16);
+    private BigInteger  p1024 = new BigInteger("a00e283b3c624e5b2b4d9fbc2653b5185d99499b00fd1bf244c6f0bb817b4d1c451b2958d62a0f8a38caef059fb5ecd25d75ed9af403f5b5bdab97a642902f824e3c13789fed95fa106ddfe0ff4a707c85e2eb77d49e68f2808bcea18ce128b178cd287c6bc00efa9a1ad2a673fe0dceace53166f75b81d6709d5f8af7c66bb7", 16);
+
+    private BigInteger yPgpBogusPSamp = new BigInteger("de4688497cc05b45fe8559bc9918c45afcad69b74123a7236eba409fd9de8ea34c7869839ee9df35e3d97576145d089841aa65b5b4e061fae52c37e430354269a02496b8ed8456f2d0d7c9b0db985fbcb21ae9f78507ed6e3a29db595b201b1a4f931c7d791eede65ccf918e8a61cf146859151c78c41ad48853694623467d78", 16);
+    private BigInteger xPgpBogusPSamp = new BigInteger("cbaf780f2cfe4f987bbc5fcb0738bbd7912060ccfdf37cbfeea65c0fd857e74a8df6cc359375f28cf5725d081813c614410a78cbe4b06d677beea9ff0fa10b1dbc47a6ed8c5b8466d6a95d6574029dbdf72596392e1b6b230faf9916dc8455821c10527a375a4d1c8a54947d1fe714d321aca25ad486b4b456506999fd2fd11a", 16);
+    private BigInteger gPgpBogusPSamp = new BigInteger("153ffe9522076d1cbd6e75f0816a0fc2ebd8b0e0091406587387a1763022088a03b411eed07ff50efb82b21f1608c352d10f63ba7e7e981a2f3387cec8af2915953d00493857663ae8919f517fe90f1d2abe7af4305a344b10d1a25d75f65902cd7fd775853d3ac43d7c5253ad666e1e63ee98cdcb10af81273d4ff053ff07d51", 16);
+    private BigInteger pPgpBogusPSamp = new BigInteger("15061b26cdab4e865098a01c86f13b03220104c5443e950658b36b85245aa0c616a0c0d8d99c454bea087c172315e45b3bc9b925443948a2b6ba47608a6035b9a79a4ef34a78d7274a12ede8364f02d5030db864988643d7e92753df603bd69fbd2682ab0af64d1a866d1131a2cb13333cedb0a9e6eefddd9fff8154d34c2daab", 16);
+    private int lPgpBogusPSamp = 0;
+
+    public String getName()
+    {
+        return "ElGamal";
+    }
+
+    private void testEnc(
+        int         size,
+        int         privateValueSize,
+        BigInteger  g,
+        BigInteger  p)
+    {
+        ElGamalParameters                dhParams = new ElGamalParameters(p, g, privateValueSize);
+        ElGamalKeyGenerationParameters   params = new ElGamalKeyGenerationParameters(new SecureRandom(), dhParams);
+        ElGamalKeyPairGenerator          kpGen = new ElGamalKeyPairGenerator();
+
+        kpGen.init(params);
+
+        //
+        // generate pair
+        //
+        AsymmetricCipherKeyPair         pair = kpGen.generateKeyPair();
+
+        ElGamalPublicKeyParameters      pu = (ElGamalPublicKeyParameters)pair.getPublic();
+        ElGamalPrivateKeyParameters     pv = (ElGamalPrivateKeyParameters)pair.getPrivate();
+
+        checkKeySize(privateValueSize, pv);
+
+        ElGamalEngine    e = new ElGamalEngine();
+
+        e.init(true, pu);
+        
+        if (e.getOutputBlockSize() != size / 4)
+        {
+            fail(size + " getOutputBlockSize() on encryption failed.");
+        }
+
+        byte[]  message = Hex.decode("5468697320697320612074657374");
+
+        byte[]  pText = message;
+        byte[]  cText = e.processBlock(pText, 0, pText.length);
+
+        e.init(false, pv);
+
+        if (e.getOutputBlockSize() != (size / 8) - 1)
+        {
+            fail(size + " getOutputBlockSize() on decryption failed.");
+        }
+        
+        pText = e.processBlock(cText, 0, cText.length);
+
+        if (!Arrays.areEqual(message, pText))
+        {
+            fail(size + " bit test failed");
+        }
+        
+        e.init(true, pu);
+
+        byte[] bytes = new byte[e.getInputBlockSize() + 2];
+        
+        try
+        {
+            e.processBlock(bytes, 0, bytes.length);
+            
+            fail("out of range block not detected");
+        }
+        catch (DataLengthException ex)
+        {
+            // expected
+        }
+        
+        try
+        {
+            bytes[0] = (byte)0xff;
+            
+            e.processBlock(bytes, 0, bytes.length - 1);
+            
+            fail("out of range block not detected");
+        }
+        catch (DataLengthException ex)
+        {
+            // expected
+        }
+        
+        try
+        {
+            bytes[0] = (byte)0x7f;
+
+            e.processBlock(bytes, 0, bytes.length - 1);
+        }
+        catch (DataLengthException ex)
+        {
+            fail("in range block failed");
+        }
+
+        try
+        {
+            bytes = BigIntegers.asUnsignedByteArray(p);
+
+            e.processBlock(bytes, 0, bytes.length);
+
+            fail("out of range block not detected");
+        }
+        catch (DataLengthException ex)
+        {
+            // expected
+        }
+
+        try
+        {
+            bytes = BigIntegers.asUnsignedByteArray(p.subtract(BigInteger.valueOf(1)));
+
+            e.processBlock(bytes, 0, bytes.length);
+        }
+        catch (DataLengthException ex)
+        {
+            fail("boundary block rejected");
+        }
+    }
+
+    private void checkKeySize(
+        int privateValueSize,
+        ElGamalPrivateKeyParameters priv)
+    {
+        if (privateValueSize != 0)
+        {
+            if (priv.getX().bitLength() != privateValueSize)
+            {
+                fail("limited key check failed for key size " + privateValueSize);
+            }
+        }
+    }
+
+    /**
+     * this test is can take quiet a while
+     *
+     * @param size size of key in bits.
+     */
+    private void testGeneration(
+        int         size)
+    {
+        ElGamalParametersGenerator       pGen = new ElGamalParametersGenerator();
+
+        pGen.init(size, 10, new SecureRandom());
+
+        ElGamalParameters                elParams = pGen.generateParameters();
+
+        if (elParams.getL() != 0)
+        {
+            fail("ElGamalParametersGenerator failed to set L to 0 in generated ElGamalParameters");
+        }
+
+        ElGamalKeyGenerationParameters   params = new ElGamalKeyGenerationParameters(new SecureRandom(), elParams);
+
+        ElGamalKeyPairGenerator          kpGen = new ElGamalKeyPairGenerator();
+
+        kpGen.init(params);
+
+        //
+        // generate first pair
+        //
+        AsymmetricCipherKeyPair         pair = kpGen.generateKeyPair();
+
+        ElGamalPublicKeyParameters      pu = (ElGamalPublicKeyParameters)pair.getPublic();
+        ElGamalPrivateKeyParameters     pv = (ElGamalPrivateKeyParameters)pair.getPrivate();
+
+        ElGamalEngine    e = new ElGamalEngine();
+
+        e.init(true, new ParametersWithRandom(pu, new SecureRandom()));
+
+        byte[]  message = Hex.decode("5468697320697320612074657374");
+
+        byte[]  pText = message;
+        byte[]  cText = e.processBlock(pText, 0, pText.length);
+
+        e.init(false, pv);
+
+        pText = e.processBlock(cText, 0, cText.length);
+
+        if (!Arrays.areEqual(message, pText))
+        {
+            fail("generation test failed");
+        }
+    }
+
+    private void testInitCheck()
+    {
+        try
+        {
+            new ElGamalEngine().processBlock(new byte[]{ 1 }, 0, 1);
+            fail("failed initialisation check");
+        }
+        catch (IllegalStateException e)
+        {
+            // expected
+        }
+    }
+
+    private void testInvalidP()
+    {
+        ElGamalParameters               dhParams = new ElGamalParameters(pPgpBogusPSamp, gPgpBogusPSamp, lPgpBogusPSamp);
+        ElGamalPublicKeyParameters      pu = new ElGamalPublicKeyParameters(yPgpBogusPSamp, dhParams);
+        ElGamalPrivateKeyParameters     pv = new ElGamalPrivateKeyParameters(xPgpBogusPSamp, dhParams);
+
+        ElGamalEngine    e = new ElGamalEngine();
+
+        e.init(true, pu);
+
+        byte[]  message = Hex.decode("5468697320697320612074657374");
+
+        byte[]  pText = message;
+        byte[]  cText = e.processBlock(pText, 0, pText.length);
+
+        e.init(false, pv);
+
+        pText = e.processBlock(cText, 0, cText.length);
+
+        if (Arrays.areEqual(message, pText))
+        {
+            fail("invalid test failed");
+        }
+    }
+
+    public void performTest()
+    {
+        testInvalidP();
+
+        testEnc(512, 0, g512, p512);
+        testEnc(768, 0, g768, p768);
+        testEnc(1024, 0, g1024, p1024);
+
+        testEnc(512, 64, g512, p512);
+        testEnc(768, 128, g768, p768);
+
+        //
+        // generation test.
+        //
+        testGeneration(258);
+
+        testInitCheck();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ElGamalTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/EqualsHashCodeTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/EqualsHashCodeTest.java
new file mode 100644
index 0000000..1ab7cc4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/EqualsHashCodeTest.java
@@ -0,0 +1,261 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.generators.DHKeyPairGenerator;
+import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator;
+import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
+import org.bouncycastle.crypto.params.DHKeyParameters;
+import org.bouncycastle.crypto.params.DHParameters;
+import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
+import org.bouncycastle.crypto.params.DHPublicKeyParameters;
+import org.bouncycastle.crypto.params.DHValidationParameters;
+import org.bouncycastle.crypto.params.DSAParameters;
+import org.bouncycastle.crypto.params.DSAValidationParameters;
+import org.bouncycastle.crypto.params.ElGamalKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ElGamalKeyParameters;
+import org.bouncycastle.crypto.params.ElGamalParameters;
+import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
+import org.bouncycastle.crypto.params.GOST3410Parameters;
+import org.bouncycastle.crypto.params.GOST3410ValidationParameters;
+import org.bouncycastle.util.test.SimpleTest;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+class DHTestKeyParameters
+    extends DHKeyParameters
+{
+    protected DHTestKeyParameters(boolean isPrivate, DHParameters params)
+    {
+        super(isPrivate, params);
+    }
+}
+
+class ElGamalTestKeyParameters
+    extends ElGamalKeyParameters
+{
+    protected ElGamalTestKeyParameters(boolean isPrivate, ElGamalParameters params)
+    {
+        super(isPrivate, params);
+    }
+}
+
+public class EqualsHashCodeTest
+        extends SimpleTest
+{
+    private static Object OTHER = new Object();
+
+    public String getName()
+    {
+        return "EqualsHashCode";
+    }
+
+    private void doTest(Object a, Object equalsA, Object notEqualsA)
+    {
+        if (a.equals(null))
+        {
+            fail("a equaled null");
+        }
+
+        if (!a.equals(equalsA) || !equalsA.equals(a))
+        {
+            fail("equality failed");
+        }
+
+        if (a.equals(OTHER))
+        {
+            fail("other inequality failed");
+        }
+
+        if (a.equals(notEqualsA) || notEqualsA.equals(a))
+        {
+            fail("inequality failed");
+        }
+
+        if (a.hashCode() != equalsA.hashCode())
+        {
+            fail("hashCode equality failed");
+        }
+    }
+
+    private void dhTest()
+    {
+        BigInteger g512 = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16);
+        BigInteger p512 = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16);
+
+        DHParameters                dhParams = new DHParameters(p512, g512);
+        DHKeyGenerationParameters   params = new DHKeyGenerationParameters(new SecureRandom(), dhParams);         DHKeyPairGenerator          kpGen = new DHKeyPairGenerator();
+
+        kpGen.init(params);
+
+        AsymmetricCipherKeyPair     pair = kpGen.generateKeyPair();
+        DHPublicKeyParameters       pu1 = (DHPublicKeyParameters)pair.getPublic();
+        DHPrivateKeyParameters      pv1 = (DHPrivateKeyParameters)pair.getPrivate();
+
+        DHPublicKeyParameters       pu2 = new DHPublicKeyParameters(pu1.getY(), pu1.getParameters());
+        DHPrivateKeyParameters      pv2 = new DHPrivateKeyParameters(pv1.getX(), pv1.getParameters());
+        DHPublicKeyParameters       pu3 = new DHPublicKeyParameters(pv1.getX(), pu1.getParameters());
+        DHPrivateKeyParameters      pv3 = new DHPrivateKeyParameters(pu1.getY(), pu1.getParameters());
+
+        doTest(pu1, pu2, pu3);
+        doTest(pv1, pv2, pv3);
+
+        DHParameters                pr1 = pu1.getParameters();
+        DHParameters                pr2 = new DHParameters(pr1.getP(), pr1.getG(), pr1.getQ(), pr1.getM(), pr1.getL(), pr1.getJ(), pr1.getValidationParameters());
+        DHParameters                pr3 = new DHParameters(pr1.getG(), pr1.getP(), pr1.getQ(), pr1.getM(), pr1.getL(), pr1.getJ(), pr1.getValidationParameters());
+
+        doTest(pr1, pr2, pr3);
+
+        pr3 = new DHParameters(pr1.getG(), pr1.getP(), null, pr1.getM(), pr1.getL(), pr1.getJ(), pr1.getValidationParameters());
+
+        doTest(pr1, pr2, pr3);        
+
+        pu2 = new DHPublicKeyParameters(pu1.getY(), pr2);
+        pv2 = new DHPrivateKeyParameters(pv1.getX(), pr2);
+
+        doTest(pu1, pu2, pu3);
+        doTest(pv1, pv2, pv3);
+
+        DHValidationParameters vp1 = new DHValidationParameters(new byte[20], 1024);
+        DHValidationParameters vp2 = new DHValidationParameters(new byte[20], 1024);
+        DHValidationParameters vp3 = new DHValidationParameters(new byte[24], 1024);
+
+        doTest(vp1, vp1, vp3);
+        doTest(vp1, vp2, vp3);
+
+        byte[] bytes = new byte[20];
+        bytes[0] = 1;
+
+        vp3 = new DHValidationParameters(bytes, 1024);
+
+        doTest(vp1, vp2, vp3);
+
+        vp3 = new DHValidationParameters(new byte[20], 2048);
+
+        doTest(vp1, vp2, vp3);
+
+        DHTestKeyParameters k1 = new DHTestKeyParameters(false, null);
+        DHTestKeyParameters k2 = new DHTestKeyParameters(false, null);
+        DHTestKeyParameters k3 = new DHTestKeyParameters(false, pu1.getParameters());
+
+        doTest(k1, k2, k3);
+    }
+
+    private void elGamalTest()
+    {
+        BigInteger g512 = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16);
+        BigInteger p512 = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16);
+
+        ElGamalParameters dhParams = new ElGamalParameters(p512, g512);
+        ElGamalKeyGenerationParameters params = new ElGamalKeyGenerationParameters(new SecureRandom(), dhParams);         ElGamalKeyPairGenerator kpGen = new ElGamalKeyPairGenerator();
+
+        kpGen.init(params);
+
+        AsymmetricCipherKeyPair     pair = kpGen.generateKeyPair();
+        ElGamalPublicKeyParameters       pu1 = (ElGamalPublicKeyParameters)pair.getPublic();
+        ElGamalPrivateKeyParameters      pv1 = (ElGamalPrivateKeyParameters)pair.getPrivate();
+
+        ElGamalPublicKeyParameters       pu2 = new ElGamalPublicKeyParameters(pu1.getY(), pu1.getParameters());
+        ElGamalPrivateKeyParameters      pv2 = new ElGamalPrivateKeyParameters(pv1.getX(), pv1.getParameters());
+        ElGamalPublicKeyParameters       pu3 = new ElGamalPublicKeyParameters(pv1.getX(), pu1.getParameters());
+        ElGamalPrivateKeyParameters      pv3 = new ElGamalPrivateKeyParameters(pu1.getY(), pu1.getParameters());
+
+        doTest(pu1, pu2, pu3);
+        doTest(pv1, pv2, pv3);
+
+        ElGamalParameters                pr1 = pu1.getParameters();
+        ElGamalParameters                pr2 = new ElGamalParameters(pr1.getP(), pr1.getG());
+        ElGamalParameters                pr3 = new ElGamalParameters(pr1.getG(), pr1.getP());
+
+        doTest(pr1, pr2, pr3);
+
+        pu2 = new ElGamalPublicKeyParameters(pu1.getY(), pr2);
+        pv2 = new ElGamalPrivateKeyParameters(pv1.getX(), pr2);
+
+        doTest(pu1, pu2, pu3);
+        doTest(pv1, pv2, pv3);
+
+        ElGamalTestKeyParameters k1 = new ElGamalTestKeyParameters(false, null);
+        ElGamalTestKeyParameters k2 = new ElGamalTestKeyParameters(false, null);
+        ElGamalTestKeyParameters k3 = new ElGamalTestKeyParameters(false, pu1.getParameters());
+
+        doTest(k1, k2, k3);
+    }
+
+    private void dsaTest()
+    {
+        BigInteger a = BigInteger.valueOf(1), b = BigInteger.valueOf(2), c = BigInteger.valueOf(3);
+
+        DSAParameters dsaP1 = new DSAParameters(a, b, c);
+        DSAParameters dsaP2 = new DSAParameters(a, b, c);
+        DSAParameters dsaP3 = new DSAParameters(b, c, a);
+
+        doTest(dsaP1, dsaP2, dsaP3);
+
+        DSAValidationParameters vp1 = new DSAValidationParameters(new byte[20], 1024);
+        DSAValidationParameters vp2 = new DSAValidationParameters(new byte[20], 1024);
+        DSAValidationParameters vp3 = new DSAValidationParameters(new byte[24], 1024);
+
+        doTest(vp1, vp1, vp3);
+        doTest(vp1, vp2, vp3);
+
+        byte[] bytes = new byte[20];
+        bytes[0] = 1;
+
+        vp3 = new DSAValidationParameters(bytes, 1024);
+
+        doTest(vp1, vp2, vp3);
+
+        vp3 = new DSAValidationParameters(new byte[20], 2048);
+
+        doTest(vp1, vp2, vp3);
+    }
+
+    private void gost3410Test()
+    {
+        BigInteger a = BigInteger.valueOf(1), b = BigInteger.valueOf(2), c = BigInteger.valueOf(3);
+
+        GOST3410Parameters g1 = new GOST3410Parameters(a, b, c);
+        GOST3410Parameters g2 = new GOST3410Parameters(a, b, c);
+        GOST3410Parameters g3 = new GOST3410Parameters(a, c, c);
+
+        doTest(g1, g2, g3);
+
+        GOST3410ValidationParameters v1 = new GOST3410ValidationParameters(100, 1);
+        GOST3410ValidationParameters v2 = new GOST3410ValidationParameters(100, 1);
+        GOST3410ValidationParameters v3 = new GOST3410ValidationParameters(101, 1);
+
+        doTest(v1, v2, v3);
+
+        v3 = new GOST3410ValidationParameters(100, 2);
+
+        doTest(v1, v2, v3);
+
+        v1 = new GOST3410ValidationParameters(100L, 1L);
+        v2 = new GOST3410ValidationParameters(100L, 1L);
+        v3 = new GOST3410ValidationParameters(101L, 1L);
+
+        doTest(v1, v2, v3);
+
+        v3 = new GOST3410ValidationParameters(100L, 2L);
+
+        doTest(v1, v2, v3);
+
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        dhTest();
+        elGamalTest();
+        gost3410Test();
+        dsaTest();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new EqualsHashCodeTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/GCMReorderTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/GCMReorderTest.java
new file mode 100644
index 0000000..efac338
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/GCMReorderTest.java
@@ -0,0 +1,347 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import org.bouncycastle.crypto.modes.gcm.GCMExponentiator;
+import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
+import org.bouncycastle.crypto.modes.gcm.Tables1kGCMExponentiator;
+import org.bouncycastle.crypto.modes.gcm.Tables64kGCMMultiplier;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
+import org.bouncycastle.util.encoders.Hex;
+
+public class GCMReorderTest
+    extends TestCase
+{
+    private static final byte[] H;
+    private static final SecureRandom random = new SecureRandom(); 
+    private static final GCMMultiplier mul = new Tables64kGCMMultiplier();
+    private static final GCMExponentiator exp = new Tables1kGCMExponentiator();
+    private static final byte[] EMPTY = new byte[0];
+
+    static
+    {
+        H = new byte[16];
+        random.nextBytes(H);
+        mul.init(Arrays.clone(H));
+        exp.init(Arrays.clone(H));
+    }
+
+    public void testCombine() throws Exception
+    {
+        for (int count = 0; count < 10; ++count)
+        {
+            byte[] A = randomBytes(1000);
+            byte[] C = randomBytes(1000);
+
+            byte[] ghashA_ = GHASH(A, EMPTY);
+            byte[] ghash_C = GHASH(EMPTY, C);
+            byte[] ghashAC = GHASH(A, C);
+
+            byte[] ghashCombine = combine_GHASH(ghashA_, (long)A.length * 8, ghash_C, (long)C.length * 8);
+
+            assertTrue(Arrays.areEqual(ghashAC, ghashCombine));
+        }
+    }
+
+    public void testConcatAuth() throws Exception
+    {
+        for (int count = 0; count < 10; ++count)
+        {
+            byte[] P = randomBlocks(100);
+            byte[] A = randomBytes(1000);
+            byte[] PA = concatArrays(P, A);
+
+            byte[] ghashP_ = GHASH(P, EMPTY);
+            byte[] ghashA_ = GHASH(A, EMPTY);
+            byte[] ghashPA_ = GHASH(PA, EMPTY);
+            byte[] ghashConcat = concatAuth_GHASH(ghashP_, (long)P.length * 8, ghashA_, (long)A.length * 8);
+
+            assertTrue(Arrays.areEqual(ghashPA_, ghashConcat));
+        }
+    }
+
+    public void testConcatCrypt() throws Exception
+    {
+        for (int count = 0; count < 10; ++count)
+        {
+            byte[] P = randomBlocks(100);
+            byte[] A = randomBytes(1000);
+            byte[] PA = concatArrays(P, A);
+    
+            byte[] ghash_P = GHASH(EMPTY, P);
+            byte[] ghash_A = GHASH(EMPTY, A);
+            byte[] ghash_PA = GHASH(EMPTY, PA);
+            byte[] ghashConcat = concatCrypt_GHASH(ghash_P, (long)P.length * 8, ghash_A, (long)A.length * 8);
+
+            assertTrue(Arrays.areEqual(ghash_PA, ghashConcat));
+        }
+    }
+
+    public void testExp()
+    {
+        {
+            byte[] buf1 = new byte[16];
+            buf1[0] = (byte)0x80;
+    
+            byte[] buf2 = new byte[16];
+    
+            for (int pow = 0; pow != 100; ++pow)
+            {
+                exp.exponentiateX(pow, buf2);
+    
+                assertTrue(Arrays.areEqual(buf1, buf2));
+
+                mul.multiplyH(buf1);
+            }
+        }
+
+        long[] testPow = new long[]{ 10, 1, 8, 17, 24, 13, 2, 13, 2, 3 };
+        byte[][] testData = new byte[][]{
+            Hex.decode("9185848a877bd87ba071e281f476e8e7"),
+            Hex.decode("697ce3052137d80745d524474fb6b290"),
+            Hex.decode("2696fc47198bb23b11296e4f88720a17"),
+            Hex.decode("01f2f0ead011a4ae0cf3572f1b76dd8e"),
+            Hex.decode("a53060694a044e4b7fa1e661c5a7bb6b"),
+            Hex.decode("39c0392e8b6b0e04a7565c85394c2c4c"),
+            Hex.decode("519c362d502e07f2d8b7597a359a5214"),
+            Hex.decode("5a527a393675705e19b2117f67695af4"),
+            Hex.decode("27fc0901d1d332a53ba4d4386c2109d2"),
+            Hex.decode("93ca9b57174aabedf8220e83366d7df6"),
+        };
+
+        for (int i = 0; i != 10; ++i)
+        {
+            long pow = testPow[i];
+            byte[] data = Arrays.clone(testData[i]);
+
+            byte[] expected = Arrays.clone(data);
+            for (int j = 0; j < pow; ++j)
+            {
+                mul.multiplyH(expected);
+            }
+
+            byte[] H_a = new byte[16];
+            exp.exponentiateX(pow, H_a);
+            byte[] actual = multiply(data, H_a);
+
+            assertTrue(Arrays.areEqual(expected, actual));
+        }
+    }
+
+    public void testMultiply()
+    {
+        byte[] expected = Arrays.clone(H);
+        mul.multiplyH(expected);
+
+        assertTrue(Arrays.areEqual(expected, multiply(H, H)));
+
+        for (int count = 0; count < 10; ++count)
+        {
+            byte[] a = new byte[16];
+            random.nextBytes(a);
+
+            byte[] b = new byte[16];
+            random.nextBytes(b);
+
+            expected = Arrays.clone(a);
+            mul.multiplyH(expected);
+            assertTrue(Arrays.areEqual(expected, multiply(a, H)));
+            assertTrue(Arrays.areEqual(expected, multiply(H, a)));
+
+            expected = Arrays.clone(b);
+            mul.multiplyH(expected);
+            assertTrue(Arrays.areEqual(expected, multiply(b, H)));
+            assertTrue(Arrays.areEqual(expected, multiply(H, b)));
+
+            assertTrue(Arrays.areEqual(multiply(a, b), multiply(b, a)));
+        }
+    }
+
+    private byte[] randomBlocks(int upper)
+    {
+        byte[] bs = new byte[16 * random.nextInt(upper)];
+        random.nextBytes(bs);
+        return bs;
+    }
+
+    private byte[] randomBytes(int upper)
+    {
+        byte[] bs = new byte[random.nextInt(upper)];
+        random.nextBytes(bs);
+        return bs;
+    }
+
+    private byte[] concatArrays(byte[] a, byte[] b) throws IOException
+    {
+        byte[] ab = new byte[a.length + b.length];
+        System.arraycopy(a, 0, ab, 0, a.length);
+        System.arraycopy(b, 0, ab, a.length, b.length);
+        return ab;
+    }
+
+    private byte[] combine_GHASH(byte[] ghashA_, long bitlenA, byte[] ghash_C, long bitlenC)
+    {
+        // Note: bitlenA must be aligned to the block size
+
+        long c = (bitlenC + 127) >>> 7;
+
+        byte[] H_c = new byte[16];
+        exp.exponentiateX(c, H_c);
+
+        byte[] tmp1 = lengthBlock(bitlenA, 0);
+        mul.multiplyH(tmp1);
+
+        byte[] ghashAC = Arrays.clone(ghashA_);
+        xor(ghashAC, tmp1);
+        ghashAC = multiply(ghashAC, H_c);
+        // No need to touch the len(C) part (second 8 bytes)
+        xor(ghashAC, tmp1);
+        xor(ghashAC, ghash_C);
+
+        return ghashAC;
+    }
+
+    private byte[] concatAuth_GHASH(byte[] ghashP, long bitlenP, byte[] ghashA, long bitlenA)
+    {
+        // Note: bitlenP must be aligned to the block size
+
+        long a = (bitlenA + 127) >>> 7;
+
+        byte[] tmp1 = lengthBlock(bitlenP, 0);
+        mul.multiplyH(tmp1);
+
+        byte[] tmp2 = lengthBlock(bitlenA ^ (bitlenP + bitlenA), 0);
+        mul.multiplyH(tmp2);
+
+        byte[] H_a = new byte[16];
+        exp.exponentiateX(a, H_a);
+        
+        byte[] ghashC = Arrays.clone(ghashP);
+        xor(ghashC, tmp1);
+        ghashC = multiply(ghashC, H_a);
+        xor(ghashC, tmp2);
+        xor(ghashC, ghashA);
+        return ghashC;
+    }
+
+    private byte[] concatCrypt_GHASH(byte[] ghashP, long bitlenP, byte[] ghashA, long bitlenA)
+    {
+        // Note: bitlenP must be aligned to the block size
+
+        long a = (bitlenA + 127) >>> 7;
+
+        byte[] tmp1 = lengthBlock(0, bitlenP);
+        mul.multiplyH(tmp1);
+
+        byte[] tmp2 = lengthBlock(0, bitlenA ^ (bitlenP + bitlenA));
+        mul.multiplyH(tmp2);
+
+        byte[] H_a = new byte[16];
+        exp.exponentiateX(a, H_a);
+        
+        byte[] ghashC = Arrays.clone(ghashP);
+        xor(ghashC, tmp1);
+        ghashC = multiply(ghashC, H_a);
+        xor(ghashC, tmp2);
+        xor(ghashC, ghashA);
+        return ghashC;
+    }
+
+    private byte[] GHASH(byte[] A, byte[] C)
+    {
+        byte[] X = new byte[16];
+
+        {
+            for (int pos = 0; pos < A.length; pos += 16)
+            {
+                byte[] tmp = new byte[16];
+                int num = Math.min(A.length - pos, 16);
+                System.arraycopy(A, pos, tmp, 0, num);
+                xor(X, tmp);
+                mul.multiplyH(X);
+            }
+        }
+
+        {
+            for (int pos = 0; pos < C.length; pos += 16)
+            {
+                byte[] tmp = new byte[16];
+                int num = Math.min(C.length - pos, 16);
+                System.arraycopy(C, pos, tmp, 0, num);
+                xor(X, tmp);
+                mul.multiplyH(X);
+            }
+        }
+
+        {
+            xor(X, lengthBlock((long)A.length * 8, (long)C.length * 8));
+            mul.multiplyH(X);
+        }
+
+        return X;
+    }
+
+    private static byte[] lengthBlock(long bitlenA, long bitlenC)
+    {
+        byte[] tmp = new byte[16];
+        Pack.longToBigEndian(bitlenA, tmp, 0);
+        Pack.longToBigEndian(bitlenC, tmp, 8);
+        return tmp;
+    }
+
+    private static void xor(byte[] block, byte[] val)
+    {
+        for (int i = 15; i >= 0; --i)
+        {
+            block[i] ^= val[i];
+        }
+    }
+
+    private static byte[] multiply(byte[] a, byte[] b)
+    {
+        byte[] c = new byte[16];
+        byte[] tmp = Arrays.clone(b);
+
+        for (int i = 0; i < 16; ++i)
+        {
+            byte bits = a[i];
+            for (int j = 7; j >= 0; --j)
+            {
+                if ((bits & (1 << j)) != 0)
+                {
+                    xor(c, tmp);
+                }
+
+                boolean lsb = (tmp[15] & 1) != 0;
+                shiftRight(tmp);
+                if (lsb)
+                {
+                    // R = new byte[]{ 0xe1, ... };
+//                    GCMUtil.xor(v, R);
+                    tmp[0] ^= (byte)0xe1;
+                }
+            }
+        }
+
+        return c;
+    }
+
+    private static void shiftRight(byte[] block)
+    {
+        int i = 0;
+        int bit = 0;
+        for (;;)
+        {
+            int b = block[i] & 0xff;
+            block[i] = (byte) ((b >>> 1) | bit);
+            if (++i == 16)
+            {
+                break;
+            }
+            bit = (b & 1) << 7;
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/GCMTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/GCMTest.java
new file mode 100644
index 0000000..b34cc4e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/GCMTest.java
@@ -0,0 +1,687 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.modes.GCMBlockCipher;
+import org.bouncycastle.crypto.modes.gcm.BasicGCMMultiplier;
+import org.bouncycastle.crypto.modes.gcm.GCMMultiplier;
+import org.bouncycastle.crypto.modes.gcm.Tables64kGCMMultiplier;
+import org.bouncycastle.crypto.modes.gcm.Tables8kGCMMultiplier;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Times;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test vectors from "The Galois/Counter Mode of Operation (GCM)", McGrew/Viega, Appendix B
+ */
+public class GCMTest
+    extends SimpleTest
+{
+    private static final String[][] TEST_VECTORS = new String[][] {
+        {
+            "Test Case 1",
+            "00000000000000000000000000000000",
+            "",
+            "",
+            "000000000000000000000000",
+            "",
+            "58e2fccefa7e3061367f1d57a4e7455a",
+        },
+        {
+            "Test Case 2",
+            "00000000000000000000000000000000",
+            "00000000000000000000000000000000",
+            "",
+            "000000000000000000000000",
+            "0388dace60b6a392f328c2b971b2fe78",
+            "ab6e47d42cec13bdf53a67b21257bddf",
+        },
+        {
+            "Test Case 3",
+            "feffe9928665731c6d6a8f9467308308",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b391aafd255",
+            "",
+            "cafebabefacedbaddecaf888",
+            "42831ec2217774244b7221b784d0d49c"
+            + "e3aa212f2c02a4e035c17e2329aca12e"
+            + "21d514b25466931c7d8f6a5aac84aa05"
+            + "1ba30b396a0aac973d58e091473f5985",
+            "4d5c2af327cd64a62cf35abd2ba6fab4",
+        },
+        {
+            "Test Case 4",
+            "feffe9928665731c6d6a8f9467308308",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b39",
+            "feedfacedeadbeeffeedfacedeadbeef"
+            + "abaddad2",
+            "cafebabefacedbaddecaf888",
+            "42831ec2217774244b7221b784d0d49c"
+            + "e3aa212f2c02a4e035c17e2329aca12e"
+            + "21d514b25466931c7d8f6a5aac84aa05"
+            + "1ba30b396a0aac973d58e091",
+            "5bc94fbc3221a5db94fae95ae7121a47",
+        },
+        {
+            "Test Case 5",
+            "feffe9928665731c6d6a8f9467308308",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b39",
+            "feedfacedeadbeeffeedfacedeadbeef"
+            + "abaddad2",
+            "cafebabefacedbad",
+            "61353b4c2806934a777ff51fa22a4755"
+            + "699b2a714fcdc6f83766e5f97b6c7423"
+            + "73806900e49f24b22b097544d4896b42"
+            + "4989b5e1ebac0f07c23f4598",
+            "3612d2e79e3b0785561be14aaca2fccb",
+        },
+        {
+            "Test Case 6",
+            "feffe9928665731c6d6a8f9467308308",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b39",
+            "feedfacedeadbeeffeedfacedeadbeef"
+            + "abaddad2",
+            "9313225df88406e555909c5aff5269aa"
+            + "6a7a9538534f7da1e4c303d2a318a728"
+            + "c3c0c95156809539fcf0e2429a6b5254"
+            + "16aedbf5a0de6a57a637b39b",
+            "8ce24998625615b603a033aca13fb894"
+            + "be9112a5c3a211a8ba262a3cca7e2ca7"
+            + "01e4a9a4fba43c90ccdcb281d48c7c6f"
+            + "d62875d2aca417034c34aee5",
+            "619cc5aefffe0bfa462af43c1699d050",
+        },
+        {
+            "Test Case 7",
+            "00000000000000000000000000000000"
+            + "0000000000000000",
+            "",
+            "",
+            "000000000000000000000000",
+            "",
+            "cd33b28ac773f74ba00ed1f312572435",
+        },
+        {
+            "Test Case 8",
+            "00000000000000000000000000000000"
+            + "0000000000000000",
+            "00000000000000000000000000000000",
+            "",
+            "000000000000000000000000",
+            "98e7247c07f0fe411c267e4384b0f600",
+            "2ff58d80033927ab8ef4d4587514f0fb",
+        },
+        {
+            "Test Case 9",
+            "feffe9928665731c6d6a8f9467308308"
+            + "feffe9928665731c",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b391aafd255",
+            "",
+            "cafebabefacedbaddecaf888",
+            "3980ca0b3c00e841eb06fac4872a2757"
+            + "859e1ceaa6efd984628593b40ca1e19c"
+            + "7d773d00c144c525ac619d18c84a3f47"
+            + "18e2448b2fe324d9ccda2710acade256",
+            "9924a7c8587336bfb118024db8674a14",
+        },
+        {
+            "Test Case 10",
+            "feffe9928665731c6d6a8f9467308308"
+            + "feffe9928665731c",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b39",
+            "feedfacedeadbeeffeedfacedeadbeef"
+            + "abaddad2",
+            "cafebabefacedbaddecaf888",
+            "3980ca0b3c00e841eb06fac4872a2757"
+            + "859e1ceaa6efd984628593b40ca1e19c"
+            + "7d773d00c144c525ac619d18c84a3f47"
+            + "18e2448b2fe324d9ccda2710",
+            "2519498e80f1478f37ba55bd6d27618c",
+        },
+        {
+            "Test Case 11",
+            "feffe9928665731c6d6a8f9467308308"
+            + "feffe9928665731c",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b39",
+            "feedfacedeadbeeffeedfacedeadbeef"
+            + "abaddad2",
+            "cafebabefacedbad",
+            "0f10f599ae14a154ed24b36e25324db8"
+            + "c566632ef2bbb34f8347280fc4507057"
+            + "fddc29df9a471f75c66541d4d4dad1c9"
+            + "e93a19a58e8b473fa0f062f7",
+            "65dcc57fcf623a24094fcca40d3533f8",
+        },
+        {
+            "Test Case 12",
+            "feffe9928665731c6d6a8f9467308308"
+            + "feffe9928665731c",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b39",
+            "feedfacedeadbeeffeedfacedeadbeef"
+            + "abaddad2",
+            "9313225df88406e555909c5aff5269aa"
+            + "6a7a9538534f7da1e4c303d2a318a728"
+            + "c3c0c95156809539fcf0e2429a6b5254"
+            + "16aedbf5a0de6a57a637b39b",
+            "d27e88681ce3243c4830165a8fdcf9ff"
+            + "1de9a1d8e6b447ef6ef7b79828666e45"
+            + "81e79012af34ddd9e2f037589b292db3"
+            + "e67c036745fa22e7e9b7373b",
+            "dcf566ff291c25bbb8568fc3d376a6d9",
+        },
+        {
+            "Test Case 13",
+            "00000000000000000000000000000000"
+            + "00000000000000000000000000000000",
+            "",
+            "",
+            "000000000000000000000000",
+            "",
+            "530f8afbc74536b9a963b4f1c4cb738b",
+        },
+        {
+            "Test Case 14",
+            "00000000000000000000000000000000"
+            + "00000000000000000000000000000000",
+            "00000000000000000000000000000000",
+            "",
+            "000000000000000000000000",
+            "cea7403d4d606b6e074ec5d3baf39d18",
+            "d0d1c8a799996bf0265b98b5d48ab919",
+        },
+        {
+            "Test Case 15",
+            "feffe9928665731c6d6a8f9467308308"
+            + "feffe9928665731c6d6a8f9467308308",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b391aafd255",
+            "",
+            "cafebabefacedbaddecaf888",
+            "522dc1f099567d07f47f37a32a84427d"
+            + "643a8cdcbfe5c0c97598a2bd2555d1aa"
+            + "8cb08e48590dbb3da7b08b1056828838"
+            + "c5f61e6393ba7a0abcc9f662898015ad",
+            "b094dac5d93471bdec1a502270e3cc6c",
+        },
+        {
+            "Test Case 16",
+            "feffe9928665731c6d6a8f9467308308"
+            + "feffe9928665731c6d6a8f9467308308",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b39",
+            "feedfacedeadbeeffeedfacedeadbeef"
+            + "abaddad2",
+            "cafebabefacedbaddecaf888",
+            "522dc1f099567d07f47f37a32a84427d"
+            + "643a8cdcbfe5c0c97598a2bd2555d1aa"
+            + "8cb08e48590dbb3da7b08b1056828838"
+            + "c5f61e6393ba7a0abcc9f662",
+            "76fc6ece0f4e1768cddf8853bb2d551b",
+        },
+        {
+            "Test Case 17",
+            "feffe9928665731c6d6a8f9467308308"
+            + "feffe9928665731c6d6a8f9467308308",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b39",
+            "feedfacedeadbeeffeedfacedeadbeef"
+            + "abaddad2",
+            "cafebabefacedbad",
+            "c3762df1ca787d32ae47c13bf19844cb"
+            + "af1ae14d0b976afac52ff7d79bba9de0"
+            + "feb582d33934a4f0954cc2363bc73f78"
+            + "62ac430e64abe499f47c9b1f",
+            "3a337dbf46a792c45e454913fe2ea8f2",
+        },
+        {
+            "Test Case 18",
+            "feffe9928665731c6d6a8f9467308308"
+            + "feffe9928665731c6d6a8f9467308308",
+            "d9313225f88406e5a55909c5aff5269a"
+            + "86a7a9531534f7da2e4c303d8a318a72"
+            + "1c3c0c95956809532fcf0e2449a6b525"
+            + "b16aedf5aa0de657ba637b39",
+            "feedfacedeadbeeffeedfacedeadbeef"
+            + "abaddad2",
+            "9313225df88406e555909c5aff5269aa"
+            + "6a7a9538534f7da1e4c303d2a318a728"
+            + "c3c0c95156809539fcf0e2429a6b5254"
+            + "16aedbf5a0de6a57a637b39b",
+            "5a8def2f0c9e53f1f75d7853659e2a20"
+            + "eeb2b22aafde6419a058ab4f6f746bf4"
+            + "0fc0c3b780f244452da3ebf1c5d82cde"
+            + "a2418997200ef82e44ae7e3f",
+            "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
+        },
+    };
+
+    public String getName()
+    {
+        return "GCM";
+    }
+
+    public void performTest() throws Exception
+    {
+        for (int i = 0; i < TEST_VECTORS.length; ++i)
+        {
+            runTestCase(TEST_VECTORS[i]);
+        }
+
+        randomTests();
+        outputSizeTests();
+        testExceptions();
+    }
+
+    protected BlockCipher createAESEngine()
+    {
+        return new AESFastEngine();
+    }
+
+    private void testExceptions() throws InvalidCipherTextException
+    {
+        GCMBlockCipher gcm = new GCMBlockCipher(createAESEngine());
+
+        try
+        {
+            gcm = new GCMBlockCipher(new DESEngine());
+
+            fail("incorrect block size not picked up");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+
+        try
+        {
+            gcm.init(false, new KeyParameter(new byte[16]));
+
+            fail("illegal argument not picked up");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+
+        AEADTestUtil.testReset(this, new GCMBlockCipher(createAESEngine()), new GCMBlockCipher(createAESEngine()), new AEADParameters(new KeyParameter(new byte[16]), 128, new byte[16]));
+        AEADTestUtil.testTampering(this, gcm, new AEADParameters(new KeyParameter(new byte[16]), 128, new byte[16]));
+        AEADTestUtil.testOutputSizes(this, new GCMBlockCipher(createAESEngine()), new AEADParameters(new KeyParameter(
+                new byte[16]), 128, new byte[16]));
+        AEADTestUtil.testBufferSizeChecks(this, new GCMBlockCipher(createAESEngine()), new AEADParameters(
+                new KeyParameter(new byte[16]), 128, new byte[16]));
+    }
+
+    private void runTestCase(String[] testVector)
+        throws InvalidCipherTextException
+    {
+        for (int macLength = 12; macLength <= 16; ++macLength)
+        {
+            runTestCase(testVector, macLength);
+        }
+    }
+
+    private void runTestCase(String[] testVector, int macLength)
+        throws InvalidCipherTextException
+    {
+        int pos = 0;
+        String testName = testVector[pos++];
+        byte[] K = Hex.decode(testVector[pos++]);
+        byte[] P = Hex.decode(testVector[pos++]);
+        byte[] A = Hex.decode(testVector[pos++]);
+        byte[] IV = Hex.decode(testVector[pos++]);
+        byte[] C = Hex.decode(testVector[pos++]);
+
+        // For short MAC, take leading bytes
+        byte[] t = Hex.decode(testVector[pos++]);
+        byte[] T = new byte[macLength];
+        System.arraycopy(t, 0, T, 0, T.length);
+
+        // Default multiplier
+        runTestCase(null, null, testName, K, IV, A, P, C, T);
+
+        runTestCase(new BasicGCMMultiplier(), new BasicGCMMultiplier(), testName, K, IV, A, P, C, T);
+        runTestCase(new Tables8kGCMMultiplier(), new Tables8kGCMMultiplier(), testName, K, IV, A, P, C, T);
+        runTestCase(new Tables64kGCMMultiplier(), new Tables64kGCMMultiplier(), testName, K, IV, A, P, C, T);
+    }
+
+    private void runTestCase(
+        GCMMultiplier   encM,
+        GCMMultiplier   decM,
+        String          testName,
+        byte[]          K,
+        byte[]          IV,
+        byte[]          A,
+        byte[]          P,
+        byte[]          C,
+        byte[]          T)
+        throws InvalidCipherTextException
+    {
+        byte[] fa = new byte[A.length / 2];
+        byte[] la = new byte[A.length - (A.length / 2)];
+        System.arraycopy(A, 0, fa, 0, fa.length);
+        System.arraycopy(A, fa.length, la, 0, la.length);
+
+        runTestCase(encM, decM, testName + " all initial associated data", K, IV, A, null, P, C, T);
+        runTestCase(encM, decM, testName + " all subsequent associated data", K, IV, null, A, P, C, T);
+        runTestCase(encM, decM, testName + " split associated data", K, IV, fa, la, P, C, T);
+    }
+
+    private void runTestCase(
+        GCMMultiplier   encM,
+        GCMMultiplier   decM,
+        String          testName,
+        byte[]          K,
+        byte[]          IV,
+        byte[]          A,
+        byte[]          SA,
+        byte[]          P,
+        byte[]          C,
+        byte[]          T)
+        throws InvalidCipherTextException
+    {
+        AEADParameters parameters = new AEADParameters(new KeyParameter(K), T.length * 8, IV, A);
+        GCMBlockCipher encCipher = initCipher(encM, true, parameters);
+        GCMBlockCipher decCipher = initCipher(decM, false, parameters);
+        checkTestCase(encCipher, decCipher, testName, SA, P, C, T);
+        checkTestCase(encCipher, decCipher, testName + " (reused)", SA, P, C, T);
+
+        // Key reuse
+        AEADParameters keyReuseParams = AEADTestUtil.reuseKey(parameters);
+        encCipher.init(true, keyReuseParams);
+        decCipher.init(false, keyReuseParams);
+        checkTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T);
+    }
+
+    private GCMBlockCipher initCipher(GCMMultiplier m, boolean forEncryption, AEADParameters parameters)
+    {
+        GCMBlockCipher c = new GCMBlockCipher(createAESEngine(), m);
+        c.init(forEncryption, parameters);
+        return c;
+    }
+
+    private void checkTestCase(
+        GCMBlockCipher  encCipher,
+        GCMBlockCipher  decCipher,
+        String          testName,
+        byte[]          SA,
+        byte[]          P,
+        byte[]          C,
+        byte[]          T)
+        throws InvalidCipherTextException
+    {
+        byte[] enc = new byte[encCipher.getOutputSize(P.length)];
+        if (SA != null)
+        {
+            encCipher.processAADBytes(SA, 0, SA.length);
+        }
+        int len = encCipher.processBytes(P, 0, P.length, enc, 0);
+        len += encCipher.doFinal(enc, len);
+
+        if (enc.length != len)
+        {
+//            System.out.println("" + enc.length + "/" + len);
+            fail("encryption reported incorrect length: " + testName);
+        }
+
+        byte[] mac = encCipher.getMac();
+
+        byte[] data = new byte[P.length];
+        System.arraycopy(enc, 0, data, 0, data.length);
+        byte[] tail = new byte[enc.length - P.length];
+        System.arraycopy(enc, P.length, tail, 0, tail.length);
+
+        if (!areEqual(C, data))
+        {
+            fail("incorrect encrypt in: " + testName);
+        }
+
+        if (!areEqual(T, mac))
+        {
+            fail("getMac() returned wrong mac in: " + testName);
+        }
+
+        if (!areEqual(T, tail))
+        {
+            fail("stream contained wrong mac in: " + testName);
+        }
+
+        byte[] dec = new byte[decCipher.getOutputSize(enc.length)];
+        if (SA != null)
+        {
+            decCipher.processAADBytes(SA, 0, SA.length);
+        }
+        len = decCipher.processBytes(enc, 0, enc.length, dec, 0);
+        len += decCipher.doFinal(dec, len);
+        mac = decCipher.getMac();
+
+        data = new byte[C.length];
+        System.arraycopy(dec, 0, data, 0, data.length);
+
+        if (!areEqual(P, data))
+        {
+            fail("incorrect decrypt in: " + testName);
+        }
+    }
+
+    private void randomTests()
+        throws InvalidCipherTextException
+    {
+        SecureRandom srng = new SecureRandom();
+        srng.setSeed(Times.nanoTime());
+        randomTests(srng, null);
+        randomTests(srng, new BasicGCMMultiplier());
+        randomTests(srng, new Tables8kGCMMultiplier());
+        randomTests(srng, new Tables64kGCMMultiplier());
+    }
+
+    private void randomTests(SecureRandom srng, GCMMultiplier m)
+        throws InvalidCipherTextException
+    {
+        for (int i = 0; i < 10; ++i)
+        {
+            randomTest(srng, m);
+        }
+    }
+
+    private void randomTest(SecureRandom srng, GCMMultiplier m)
+        throws InvalidCipherTextException
+    {
+        int kLength = 16 + 8 * (Math.abs(srng.nextInt()) % 3);
+        byte[] K = new byte[kLength];
+        srng.nextBytes(K);
+
+        int pLength = srng.nextInt() >>> 16;
+        byte[] P = new byte[pLength];
+        srng.nextBytes(P);
+
+        int aLength = srng.nextInt() >>> 24;
+        byte[] A = new byte[aLength];
+        srng.nextBytes(A);
+
+        int saLength = srng.nextInt() >>> 24;
+        byte[] SA = new byte[saLength];
+        srng.nextBytes(SA);
+
+        int ivLength = 1 + (srng.nextInt() >>> 24);
+        byte[] IV = new byte[ivLength];
+        srng.nextBytes(IV);
+
+        AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A);
+        GCMBlockCipher cipher = initCipher(m, true, parameters);
+        byte[] C = new byte[cipher.getOutputSize(P.length)];
+        int predicted = cipher.getUpdateOutputSize(P.length);
+
+        int split = nextInt(srng, SA.length + 1);
+        cipher.processAADBytes(SA, 0, split);
+        int len = cipher.processBytes(P, 0, P.length, C, 0);
+        cipher.processAADBytes(SA, split, SA.length - split);
+
+        if (predicted != len)
+        {
+            fail("encryption reported incorrect update length in randomised test");
+        }
+
+        len += cipher.doFinal(C, len);
+
+        if (C.length != len)
+        {
+            fail("encryption reported incorrect length in randomised test");
+        }
+
+        byte[] encT = cipher.getMac();
+        byte[] tail = new byte[C.length - P.length];
+        System.arraycopy(C, P.length, tail, 0, tail.length);
+
+        if (!areEqual(encT, tail))
+        {
+            fail("stream contained wrong mac in randomised test");
+        }
+
+        cipher.init(false, parameters);
+        byte[] decP = new byte[cipher.getOutputSize(C.length)];
+        predicted = cipher.getUpdateOutputSize(C.length);
+
+        split = nextInt(srng, SA.length + 1);
+        cipher.processAADBytes(SA, 0, split);
+        len = cipher.processBytes(C, 0, C.length, decP, 0);
+        cipher.processAADBytes(SA, split, SA.length - split);
+
+        if (predicted != len)
+        {
+            fail("decryption reported incorrect update length in randomised test");
+        }
+
+        len += cipher.doFinal(decP, len);
+
+        if (!areEqual(P, decP))
+        {
+            fail("incorrect decrypt in randomised test");
+        }
+
+        byte[] decT = cipher.getMac();
+        if (!areEqual(encT, decT))
+        {
+            fail("decryption produced different mac from encryption");
+        }
+
+        //
+        // key reuse test
+        //
+        cipher.init(false, AEADTestUtil.reuseKey(parameters));
+        decP = new byte[cipher.getOutputSize(C.length)];
+
+        split = nextInt(srng, SA.length + 1);
+        cipher.processAADBytes(SA, 0, split);
+        len = cipher.processBytes(C, 0, C.length, decP, 0);
+        cipher.processAADBytes(SA, split, SA.length - split);
+
+        len += cipher.doFinal(decP, len);
+
+        if (!areEqual(P, decP))
+        {
+            fail("incorrect decrypt in randomised test");
+        }
+
+        decT = cipher.getMac();
+        if (!areEqual(encT, decT))
+        {
+            fail("decryption produced different mac from encryption");
+        }
+    }
+
+    private void outputSizeTests()
+    {
+        byte[] K = new byte[16];
+        byte[] A = null;
+        byte[] IV = new byte[16];
+
+        AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A);
+        GCMBlockCipher cipher = initCipher(null, true, parameters);
+
+        if (cipher.getUpdateOutputSize(0) != 0)
+        {
+            fail("incorrect getUpdateOutputSize for initial 0 bytes encryption");
+        }
+
+        if (cipher.getOutputSize(0) != 16)
+        {
+            fail("incorrect getOutputSize for initial 0 bytes encryption");
+        }
+
+        cipher.init(false, parameters);
+
+        if (cipher.getUpdateOutputSize(0) != 0)
+        {
+            fail("incorrect getUpdateOutputSize for initial 0 bytes decryption");
+        }
+
+        // NOTE: 0 bytes would be truncated data, but we want it to fail in the doFinal, not here
+        if (cipher.getOutputSize(0) != 0)
+        {
+            fail("fragile getOutputSize for initial 0 bytes decryption");
+        }
+
+        if (cipher.getOutputSize(16) != 0)
+        {
+            fail("incorrect getOutputSize for initial MAC-size bytes decryption");
+        }
+    }
+
+    private static int nextInt(SecureRandom rand, int n)
+    {
+        if ((n & -n) == n)  // i.e., n is a power of 2
+        {
+            return (int)((n * (long)(rand.nextInt() >>> 1)) >> 31);
+        }
+
+        int bits, value;
+        do
+        {
+            bits = rand.nextInt() >>> 1;
+            value = bits % n;
+        }
+        while (bits - value + (n - 1) < 0);
+
+        return value;
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new GCMTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/GMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/GMacTest.java
new file mode 100644
index 0000000..082aac6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/GMacTest.java
@@ -0,0 +1,174 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.macs.GMac;
+import org.bouncycastle.crypto.modes.GCMBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test vectors for AES-GMAC, extracted from <a
+ * href="http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip">NIST CAVP GCM test
+ * vectors</a>.
+ *
+ */
+public class GMacTest extends SimpleTest
+{
+    private static class TestCase
+    {
+        private byte[] key;
+        private byte[] iv;
+        private byte[] ad;
+        private byte[] tag;
+        private String name;
+
+        private TestCase(final String name, final String key, final String iv, final String ad, final String tag)
+        {
+            this.name = name;
+            this.key = Hex.decode(key);
+            this.iv = Hex.decode(iv);
+            this.ad = Hex.decode(ad);
+            this.tag = Hex.decode(tag);
+        }
+
+        public String getName()
+        {
+            return name;
+        }
+
+        public byte[] getKey()
+        {
+            return key;
+        }
+
+        public byte[] getIv()
+        {
+            return iv;
+        }
+
+        public byte[] getAd()
+        {
+            return ad;
+        }
+
+        public byte[] getTag()
+        {
+            return tag;
+        }
+    }
+
+    private static TestCase[] TEST_VECTORS = new TestCase[] {
+            // Count = 0, from each of the PTlen = 0 test vector sequences
+            new TestCase("128/96/0/128", "11754cd72aec309bf52f7687212e8957", "3c819d9a9bed087615030b65", "",
+                    "250327c674aaf477aef2675748cf6971"),
+            new TestCase("128/96/0/120", "272f16edb81a7abbea887357a58c1917", "794ec588176c703d3d2a7a07", "",
+                    "b6e6f197168f5049aeda32dafbdaeb"),
+            new TestCase("128/96/0/112", "81b6844aab6a568c4556a2eb7eae752f", "ce600f59618315a6829bef4d", "",
+                    "89b43e9dbc1b4f597dbbc7655bb5"),
+            new TestCase("128/96/0/104", "cde2f9a9b1a004165ef9dc981f18651b", "29512c29566c7322e1e33e8e", "",
+                    "2e58ce7dabd107c82759c66a75"),
+            new TestCase("128/96/0/96", "b01e45cc3088aaba9fa43d81d481823f", "5a2c4a66468713456a4bd5e1", "",
+                    "014280f944f53c681164b2ff"),
+
+            new TestCase("128/96/128/128", "77be63708971c4e240d1cb79e8d77feb", "e0e00f19fed7ba0136a797f3",
+                    "7a43ec1d9c0a5a78a0b16533a6213cab", "209fcc8d3675ed938e9c7166709dd946"),
+            new TestCase("128/96/128/96", "bea48ae4980d27f357611014d4486625", "32bddb5c3aa998a08556454c",
+                    "8a50b0b8c7654bced884f7f3afda2ead", "8e0f6d8bf05ffebe6f500eb1"),
+
+            new TestCase("128/96/384/128", "99e3e8793e686e571d8285c564f75e2b", "c2dd0ab868da6aa8ad9c0d23",
+                    "b668e42d4e444ca8b23cfdd95a9fedd5178aa521144890b093733cf5cf22526c5917ee476541809ac6867a8c399309fc",
+                    "3f4fba100eaf1f34b0baadaae9995d85"),
+            new TestCase("128/96/384/96", "c77acd1b0918e87053cb3e51651e7013", "39ff857a81745d10f718ac00",
+                    "407992f82ea23b56875d9a3cb843ceb83fd27cb954f7c5534d58539fe96fb534502a1b38ea4fac134db0a42de4be1137",
+                    "2a5dc173285375dc82835876"),
+
+            new TestCase(
+                    "128/1024/0/128",
+                    "d0f1f4defa1e8c08b4b26d576392027c",
+                    "42b4f01eb9f5a1ea5b1eb73b0fb0baed54f387ecaa0393c7d7dffc6af50146ecc021abf7eb9038d4303d91f8d741a11743166c0860208bcc02c6258fd9511a2fa626f96d60b72fcff773af4e88e7a923506e4916ecbd814651e9f445adef4ad6a6b6c7290cc13b956130eef5b837c939fcac0cbbcc9656cd75b13823ee5acdac",
+                    "", "7ab49b57ddf5f62c427950111c5c4f0d"),
+            new TestCase(
+                    "128/1024/384/96",
+                    "3cce72d37933394a8cac8a82deada8f0",
+                    "aa2f0d676d705d9733c434e481972d4888129cf7ea55c66511b9c0d25a92a174b1e28aa072f27d4de82302828955aadcb817c4907361869bd657b45ff4a6f323871987fcf9413b0702d46667380cd493ed24331a28b9ce5bbfa82d3a6e7679fcce81254ba64abcad14fd18b22c560a9d2c1cd1d3c42dac44c683edf92aced894",
+                    "5686b458e9c176f4de8428d9ebd8e12f569d1c7595cf49a4b0654ab194409f86c0dd3fdb8eb18033bb4338c70f0b97d1",
+                    "a3a9444b21f330c3df64c8b6"), };
+
+    public void performTest()
+    {
+        for (int i = 0; i < TEST_VECTORS.length; i++)
+        {
+            TestCase testCase = TEST_VECTORS[i];
+
+            Mac mac = new GMac(new GCMBlockCipher(new AESFastEngine()), testCase.getTag().length * 8);
+            CipherParameters key = new KeyParameter(testCase.getKey());
+            mac.init(new ParametersWithIV(key, testCase.getIv()));
+
+            testSingleByte(mac, testCase);
+            testMultibyte(mac, testCase);
+        }
+
+        // Invalid mac size
+        testInvalidMacSize(97);
+        testInvalidMacSize(136);
+        testInvalidMacSize(24);
+    }
+
+    private void testInvalidMacSize(int size)
+    {
+        try
+        {
+            GMac mac = new GMac(new GCMBlockCipher(new AESFastEngine()), size);
+            mac.init(new ParametersWithIV(null, new byte[16]));
+            fail("Expected failure for illegal mac size " + size);
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().startsWith("Invalid value for MAC size"))
+            {
+                fail("Illegal mac size failed with unexpected message");
+            }
+        }
+    }
+
+    private void testMultibyte(Mac mac, TestCase testCase)
+    {
+        mac.update(testCase.getAd(), 0, testCase.getAd().length);
+        checkMac(mac, testCase);
+    }
+
+    private void testSingleByte(Mac mac, TestCase testCase)
+    {
+        final byte[] ad = testCase.getAd();
+        for (int i = 0; i < ad.length; i++)
+        {
+            mac.update(ad[i]);
+        }
+        checkMac(mac, testCase);
+    }
+
+    private void checkMac(Mac mac, TestCase testCase)
+    {
+        final byte[] generatedMac = new byte[mac.getMacSize()];
+        mac.doFinal(generatedMac, 0);
+        if (!areEqual(testCase.getTag(), generatedMac))
+        {
+            fail("Failed " + testCase.getName() + " - expected " + new String(Hex.encode(testCase.getTag())) + " got "
+                + new String(Hex.encode(generatedMac)));
+        }
+    }
+
+    public String getName()
+    {
+        return "GMac";
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new GMacTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST28147MacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST28147MacTest.java
new file mode 100644
index 0000000..8faaca1
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST28147MacTest.java
@@ -0,0 +1,89 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.engines.GOST28147Engine;
+import org.bouncycastle.crypto.macs.GOST28147Mac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithSBox;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * GOST 28147 MAC tester 
+ */
+public class GOST28147MacTest
+    implements Test
+{
+    //
+    // these GOSTMac for testing.
+    //
+    static byte[]   gkeyBytes1 = Hex.decode("6d145dc993f4019e104280df6fcd8cd8e01e101e4c113d7ec4f469ce6dcd9e49");
+    static byte[]   gkeyBytes2 = Hex.decode("6d145dc993f4019e104280df6fcd8cd8e01e101e4c113d7ec4f469ce6dcd9e49");
+
+    static byte[]   input3 = Hex.decode("7768617420646f2079612077616e7420666f72206e6f7468696e673f");
+    static byte[]   input4 = Hex.decode("7768617420646f2079612077616e7420666f72206e6f7468696e673f");
+
+    static byte[]   output7 = Hex.decode("93468a46");
+    static byte[]   output8 = Hex.decode("93468a46");
+
+    public GOST28147MacTest()
+    {
+    }
+
+    public TestResult perform()
+    {
+        // test1
+        Mac          mac = new GOST28147Mac();
+        KeyParameter key = new KeyParameter(gkeyBytes1);
+
+        mac.init(key);
+
+        mac.update(input3, 0, input3.length);
+
+        byte[] out = new byte[4];
+
+        mac.doFinal(out, 0);
+
+        if (!Arrays.areEqual(out, output7))
+        {
+            return new SimpleTestResult(false, getName() + ": Failed test 1 - expected " + new String(Hex.encode(output7)) + " got " + new String(Hex.encode(out)));
+        }
+
+        // test2
+        key = new KeyParameter(gkeyBytes2);
+
+        ParametersWithSBox gparam = new ParametersWithSBox(key, GOST28147Engine.getSBox("E-A"));
+
+        mac.init(gparam);
+
+        mac.update(input4, 0, input4.length);
+
+        out = new byte[4];
+
+        mac.doFinal(out, 0);
+
+        if (!Arrays.areEqual(out, output8))
+        {
+            return new SimpleTestResult(false, getName() + ": Failed test 2 - expected " + new String(Hex.encode(output8)) + " got " + new String(Hex.encode(out)));
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public String getName()
+    {
+        return "GOST28147Mac";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        GOST28147MacTest    test = new GOST28147MacTest();
+        TestResult result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST28147Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST28147Test.java
new file mode 100644
index 0000000..8de8440
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST28147Test.java
@@ -0,0 +1,328 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.digests.GOST3411Digest;
+import org.bouncycastle.crypto.engines.GOST28147Engine;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.GOFBBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.crypto.params.ParametersWithSBox;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class GOST28147Test
+     extends CipherTest
+{
+    static String   input1 =  "0000000000000000";
+    static String   output1 = "1b0bbc32cebcab42";
+    static String   input2 =  "bc350e71aac5f5c2";
+    static String   output2 = "d35ab653493b49f5";
+    static String   input3 =  "bc350e71aa11345709acde";
+    static String   output3 = "8824c124c4fd14301fb1e8";
+    static String   input4 =  "000102030405060708090a0b0c0d0e0fff0102030405060708090a0b0c0d0e0f";
+    static String   output4 = "29b7083e0a6d955ca0ec5b04fdb4ea41949f1dd2efdf17baffc1780b031f3934";
+
+    static byte TestSBox[] = {
+            0x0,0x1,0x2,0x3,0x4,0x5,0x6,0x7,0x8,0x9,0xA,0xB,0xC,0xD,0xE,0xF,
+            0xF,0xE,0xD,0xC,0xB,0xA,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0,
+            0x0,0x1,0x2,0x3,0x4,0x5,0x6,0x7,0x8,0x9,0xA,0xB,0xC,0xD,0xE,0xF,
+            0xF,0xE,0xD,0xC,0xB,0xA,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0,
+            0x0,0x1,0x2,0x3,0x4,0x5,0x6,0x7,0x8,0x9,0xA,0xB,0xC,0xD,0xE,0xF,
+            0xF,0xE,0xD,0xC,0xB,0xA,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0,
+            0x0,0x1,0x2,0x3,0x4,0x5,0x6,0x7,0x8,0x9,0xA,0xB,0xC,0xD,0xE,0xF,
+            0xF,0xE,0xD,0xC,0xB,0xA,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+    };
+
+    static SimpleTest[]   tests =
+    {   new BlockCipherVectorTest(1, new GOST28147Engine(),
+            new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")),
+                input1, output1),
+        new BlockCipherVectorTest(2, new CBCBlockCipher(new GOST28147Engine()),
+            new ParametersWithIV(new KeyParameter(Hex.decode("00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF")),
+                                 Hex.decode("1234567890abcdef")), input2, output2),
+        new BlockCipherVectorTest(3, new GOFBBlockCipher(new GOST28147Engine()),
+            new ParametersWithIV(new KeyParameter(Hex.decode("0011223344556677889900112233445566778899001122334455667788990011")),
+                                     Hex.decode("1234567890abcdef")), //IV
+                                     input3, output3),
+        new BlockCipherVectorTest(4, new CFBBlockCipher(new GOST28147Engine(), 64),
+            new ParametersWithIV(new KeyParameter(Hex.decode("aafd12f659cae63489b479e5076ddec2f06cb58faafd12f659cae63489b479e5")),
+                                 Hex.decode("aafd12f659cae634")), input4, output4),
+
+        //tests with parameters, set S-box.
+        new BlockCipherVectorTest(5, new GOST28147Engine(),
+            new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")),//key , default parameter S-box set to D-Test
+                input1, output1),
+        new BlockCipherVectorTest(6, new CFBBlockCipher(new GOST28147Engine(), 64),
+            new ParametersWithIV(
+                new ParametersWithSBox(
+                       new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")), //key
+                       GOST28147Engine.getSBox("D-Test")), //type S-box
+                Hex.decode("1234567890abcdef")), //IV
+                "0000000000000000", //input message
+                "b587f7a0814c911d"), //encrypt message
+        new BlockCipherVectorTest(7, new CFBBlockCipher(new GOST28147Engine(), 64),
+            new ParametersWithIV(
+                new ParametersWithSBox(
+                       new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")), //key
+                       GOST28147Engine.getSBox("E-Test")), //type S-box
+                Hex.decode("1234567890abcdef")), //IV
+                "0000000000000000", //input message
+                "e8287f53f991d52b"), //encrypt message
+        new BlockCipherVectorTest(8, new CFBBlockCipher(new GOST28147Engine(), 64),
+            new ParametersWithIV(
+                new ParametersWithSBox(
+                       new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")), //key
+                       GOST28147Engine.getSBox("E-A")), //type S-box
+                Hex.decode("1234567890abcdef")), //IV
+                "0000000000000000", //input message
+                "c41009dba22ebe35"), //encrypt message
+        new BlockCipherVectorTest(9, new CFBBlockCipher(new GOST28147Engine(), 8),
+            new ParametersWithIV(
+                new ParametersWithSBox(
+                       new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")), //key
+                       GOST28147Engine.getSBox("E-B")), //type S-box
+                Hex.decode("1234567890abcdef")), //IV
+                "0000000000000000", //input message
+                "80d8723fcd3aba28"), //encrypt message
+        new BlockCipherVectorTest(10, new CFBBlockCipher(new GOST28147Engine(), 8),
+            new ParametersWithIV(
+                new ParametersWithSBox(
+                       new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")), //key
+                       GOST28147Engine.getSBox("E-C")), //type S-box
+                Hex.decode("1234567890abcdef")), //IV
+                "0000000000000000", //input message
+                "739f6f95068499b5"), //encrypt message
+        new BlockCipherVectorTest(11, new CFBBlockCipher(new GOST28147Engine(), 8),
+            new ParametersWithIV(
+                new ParametersWithSBox(
+                       new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")), //key
+                       GOST28147Engine.getSBox("E-D")), //type S-box
+                Hex.decode("1234567890abcdef")), //IV
+                "0000000000000000", //input message
+                "4663f720f4340f57"), //encrypt message
+        new BlockCipherVectorTest(12, new CFBBlockCipher(new GOST28147Engine(), 8),
+            new ParametersWithIV(
+                new ParametersWithSBox(
+                       new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")), //key
+                       GOST28147Engine.getSBox("D-A")), //type S-box
+                Hex.decode("1234567890abcdef")), //IV
+                "0000000000000000", //input message
+                "5bb0a31d218ed564"), //encrypt message
+        new BlockCipherVectorTest(13, new CFBBlockCipher(new GOST28147Engine(), 8),
+            new ParametersWithIV(
+                new ParametersWithSBox(
+                       new KeyParameter(Hex.decode("546d203368656c326973652073736e62206167796967747473656865202c3d73")), //key
+                       TestSBox), //set own S-box
+                Hex.decode("1234567890abcdef")), //IV
+                "0000000000000000", //input message
+                "c3af96ef788667c5"), //encrypt message
+        new BlockCipherVectorTest(14, new GOFBBlockCipher(new GOST28147Engine()),
+            new ParametersWithIV(
+                new ParametersWithSBox(
+                        new KeyParameter(Hex.decode("4ef72b778f0b0bebeef4f077551cb74a927b470ad7d7f2513454569a247e989d")), //key
+                        GOST28147Engine.getSBox("E-A")), //type S-box
+                Hex.decode("1234567890abcdef")), //IV
+                "bc350e71aa11345709acde",  //input message
+                "1bcc2282707c676fb656dc"), //encrypt message
+
+    };
+
+    static private final int GOST28147_KEY_LENGTH = 32;
+    
+    private byte[] generateKey(byte[] startkey)
+    {
+        byte[]  newKey = new byte[GOST28147_KEY_LENGTH];
+
+        GOST3411Digest digest = new GOST3411Digest();
+        
+        digest.update(startkey, 0, startkey.length);
+        digest.doFinal(newKey, 0);
+
+        return newKey;
+    }
+    
+    GOST28147Test()
+    {
+        super(tests, new GOST28147Engine(), new KeyParameter(new byte[32]));
+    }
+    
+    public void performTest()
+        throws Exception
+    {
+        super.performTest();
+
+        //advanced tests with GOST28147KeyGenerator:
+        //encrypt on hesh message; ECB mode:
+        byte[] in     = Hex.decode("4e6f77206973207468652074696d6520666f7220616c6c20");
+        byte[] output = Hex.decode("8ad3c8f56b27ff1fbd46409359bdc796bc350e71aac5f5c0");
+        byte[] out    = new byte[in.length];
+
+        byte[] key = generateKey(Hex.decode("0123456789abcdef"));  //!!! heshing start_key - get 256 bits !!!
+//        System.out.println(new String(Hex.encode(key)));
+        CipherParameters  param = new ParametersWithSBox(new KeyParameter(key), GOST28147Engine.getSBox("E-A"));
+        //CipherParameters  param = new GOST28147Parameters(key,"D-Test");
+        BufferedBlockCipher cipher = new BufferedBlockCipher(new GOST28147Engine());
+
+        cipher.init(true, param);
+        int len1 = cipher.processBytes(in, 0, in.length, out, 0);
+        try
+        {
+            cipher.doFinal(out, len1);
+        }
+        catch (CryptoException e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+        if (out.length != output.length)
+        {
+            fail("failed - "
+                    + "expected " + new String(Hex.encode(output)) + " got "
+                    + new String(Hex.encode(out)));
+        }
+        for (int i = 0; i != out.length; i++)
+        {
+            if (out[i] != output[i])
+            {
+                fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+            }
+        }
+
+
+        //encrypt on hesh message; CFB mode:
+        in     = Hex.decode("bc350e71aac5f5c2");
+        output = Hex.decode("0ebbbafcf38f14a5");
+        out    = new byte[in.length];
+
+        key = generateKey(Hex.decode("0123456789abcdef"));  //!!! heshing start_key - get 256 bits !!!
+        param = new ParametersWithIV(new ParametersWithSBox(
+                                                             new KeyParameter(key), //key
+                                                             GOST28147Engine.getSBox("E-A")), //type S-box
+                                     Hex.decode("1234567890abcdef")); //IV
+
+        cipher = new BufferedBlockCipher(new CFBBlockCipher(new GOST28147Engine(), 64));
+
+        cipher.init(true, param);
+        len1 = cipher.processBytes(in, 0, in.length, out, 0);
+        try
+        {
+            cipher.doFinal(out, len1);
+        }
+        catch (CryptoException e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+        if (out.length != output.length)
+        {
+            fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+        }
+        for (int i = 0; i != out.length; i++)
+        {
+            if (out[i] != output[i])
+            {
+                fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+            }
+        }
+
+
+        //encrypt on hesh message; CFB mode:
+        in     = Hex.decode("000102030405060708090a0b0c0d0e0fff0102030405060708090a0b0c0d0e0f");
+        output = Hex.decode("64988982819f0a1655e226e19ecad79d10cc73bac95c5d7da034786c12294225");
+        out    = new byte[in.length];
+
+        key = generateKey(Hex.decode("aafd12f659cae63489b479e5076ddec2f06cb58faafd12f659cae63489b479e5"));  //!!! heshing start_key - get 256 bits !!!
+        param = new ParametersWithIV(new ParametersWithSBox(
+                                                             new KeyParameter(key), //key
+                                                             GOST28147Engine.getSBox("E-A")), //type S-box
+                                     Hex.decode("aafd12f659cae634")); //IV
+
+        cipher = new BufferedBlockCipher(new CFBBlockCipher(new GOST28147Engine(), 64));
+
+        cipher.init(true, param);
+        len1 = cipher.processBytes(in, 0, in.length, out, 0);
+
+        cipher.doFinal(out, len1);
+
+        if (out.length != output.length)
+        {
+            fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+        }
+        
+        for (int i = 0; i != out.length; i++)
+        {
+            if (out[i] != output[i])
+            {
+                fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+            }
+        }
+
+        //encrypt on hesh message; OFB mode:
+        in     = Hex.decode("bc350e71aa11345709acde");
+        output = Hex.decode("1bcc2282707c676fb656dc");
+        out    = new byte[in.length];
+
+        key = generateKey(Hex.decode("0123456789abcdef"));  //!!! heshing start_key - get 256 bits !!!
+        param = new ParametersWithIV(new ParametersWithSBox(
+                                                             new KeyParameter(key), //key
+                                                             GOST28147Engine.getSBox("E-A")), //type S-box
+                                     Hex.decode("1234567890abcdef")); //IV
+
+        cipher = new BufferedBlockCipher(new GOFBBlockCipher(new GOST28147Engine()));
+
+        cipher.init(true, param);
+        len1 = cipher.processBytes(in, 0, in.length, out, 0);
+
+        cipher.doFinal(out, len1);
+
+        if (out.length != output.length)
+        {
+            fail("failed - " + "expected "
+                    + new String(Hex.encode(output)) + " got "
+                    + new String(Hex.encode(out)));
+        }
+        for (int i = 0; i != out.length; i++)
+        {
+            if (out[i] != output[i])
+            {
+                fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+            }
+        }
+
+        // key reuse test
+        param = new ParametersWithIV(null, // key and sbox reused
+                           Hex.decode("1234567890abcdef")); //IV
+
+        cipher.init(true, param);
+        len1 = cipher.processBytes(in, 0, in.length, out, 0);
+
+        cipher.doFinal(out, len1);
+
+        if (out.length != output.length)
+        {
+            fail("failed - " + "expected "
+                    + new String(Hex.encode(output)) + " got "
+                    + new String(Hex.encode(out)));
+        }
+        for (int i = 0; i != out.length; i++)
+        {
+            if (out[i] != output[i])
+            {
+                fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+            }
+        }
+    }
+
+    public String getName()
+    {
+        return "GOST28147";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new GOST28147Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST3410Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST3410Test.java
new file mode 100644
index 0000000..17de3fe
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST3410Test.java
@@ -0,0 +1,1570 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.generators.GOST3410KeyPairGenerator;
+import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator;
+import org.bouncycastle.crypto.params.GOST3410KeyGenerationParameters;
+import org.bouncycastle.crypto.params.GOST3410Parameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.signers.GOST3410Signer;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.FixedSecureRandom;
+import org.bouncycastle.util.test.NumberParsing;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+public class GOST3410Test
+        implements Test
+{
+    byte[] hashmessage = Hex.decode("3042453136414534424341374533364339313734453431443642453241453435");
+    
+    private byte[] zeroTwo(int length)
+    {
+        byte[] data = new byte[length];
+        data[data.length - 1] = 0x02;
+        return data;
+    }
+    
+    private class GOST3410_TEST1_512
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-TEST1-512";
+        }
+
+        FixedSecureRandom    init_random = new FixedSecureRandom(new byte[][] { Hex.decode("00005EC900007341"), zeroTwo(64) });
+        FixedSecureRandom    random = new FixedSecureRandom(Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A"));
+        FixedSecureRandom    keyRandom = new FixedSecureRandom(Hex.decode("3036314538303830343630454235324435324234314132373832433138443046"));
+
+        BigInteger  pValue = new BigInteger("EE8172AE8996608FB69359B89EB82A69854510E2977A4D63BC97322CE5DC3386EA0A12B343E9190F23177539845839786BB0C345D165976EF2195EC9B1C379E3", 16);
+        BigInteger  qValue = new BigInteger("98915E7EC8265EDFCDA31E88F24809DDB064BDC7285DD50D7289F0AC6F49DD2D", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("3e5f895e276d81d2d52c0763270a458157b784c57abdbd807bc44fd43a32ac06",16);
+            BigInteger              s = new BigInteger("3f0dd5d4400d47c08e4ce505ff7434b6dbf729592e37c74856dab85115a60955",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(512, 1, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (params.getValidationParameters() == null)
+            {
+                return new SimpleTestResult(false, getName() + "validation parameters wrong");
+            }
+            if (params.getValidationParameters().getC() != 29505
+                ||  params.getValidationParameters().getX0() != 24265)
+            {
+                return new SimpleTestResult(false, getName() + "validation parameters values wrong");
+            }
+            if (!init_random.isExhausted())
+            {
+                return new SimpleTestResult(false, getName()
+                        + ": unexpected number of bytes used from 'init_random'.");
+            }
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            if (!keyRandom.isExhausted())
+            {
+                return new SimpleTestResult(false, getName()
+                        + ": unexpected number of bytes used from 'keyRandom'.");
+            }
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer gost3410 = new GOST3410Signer();
+
+            gost3410.init(true, param);
+            
+            BigInteger[] sig = gost3410.generateSignature(hashmessage);
+
+            if (!random.isExhausted())
+            {
+                return new SimpleTestResult(false, getName()
+                        + ": unexpected number of bytes used from 'random'.");
+            }
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            gost3410.init(false, pair.getPublic());
+
+            if (gost3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_TEST2_512
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-TEST2-512";
+        }
+
+        FixedSecureRandom    init_random = new FixedSecureRandom(new byte[][] { Hex.decode("000000003DFC46F1000000000000000D"), zeroTwo(64) });
+        FixedSecureRandom    random = new FixedSecureRandom(Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A"));
+        FixedSecureRandom    keyRandom = new FixedSecureRandom(Hex.decode("3036314538303830343630454235324435324234314132373832433138443046"));
+
+        BigInteger  pValue = new BigInteger("8b08eb135af966aab39df294538580c7da26765d6d38d30cf1c06aae0d1228c3316a0e29198460fad2b19dc381c15c888c6dfd0fc2c565abb0bf1faff9518f85", 16);
+        BigInteger  qValue = new BigInteger("931a58fb6f0dcdf2fe7549bc3f19f4724b56898f7f921a076601edb18c93dc75", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("7c07c8cf035c2a1cb2b7fae5807ac7cd623dfca7a1a68f6d858317822f1ea00d",16);
+            BigInteger              s = new BigInteger("7e9e036a6ff87dbf9b004818252b1f6fc310bdd4d17cb8c37d9c36c7884de60c",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(512, 2, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!init_random.isExhausted())
+            {
+                return new SimpleTestResult(false, getName()
+                        + ": unexpected number of bytes used from 'init_random'.");
+            }
+
+            if (params.getValidationParameters() == null)
+            {
+                return new SimpleTestResult(false, getName() + ": validation parameters wrong");
+            }
+
+            if (params.getValidationParameters().getCL() != 13
+                ||  params.getValidationParameters().getX0L() != 1039943409)
+            {
+                return new SimpleTestResult(false, getName() + ": validation parameters values wrong");
+            }
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            if (!keyRandom.isExhausted())
+            {
+                return new SimpleTestResult(false, getName()
+                        + ": unexpected number of bytes used from 'keyRandom'.");
+            }
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+            
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!random.isExhausted())
+            {
+                return new SimpleTestResult(false, getName()
+                        + ": unexpected number of bytes used from 'random'.");
+            }
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_TEST1_1024
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-TEST1-1024";
+        }
+
+        SecureRandom    init_random = new SecureRandom()
+        {
+            boolean firstInt = true;
+
+            public int nextInt()
+            {
+                String x0 = "0xA565";
+                String c =  "0x538B";
+
+                if (firstInt)
+                {
+                    firstInt = false;
+                    return NumberParsing.decodeIntFromHex(x0);
+                }
+                return NumberParsing.decodeIntFromHex(c);
+            }
+
+            public void nextBytes(byte[] bytes)
+            {
+
+                byte[] d = Hex.decode("02");
+
+                System.arraycopy(d, 0, bytes, bytes.length-d.length, d.length);
+            }
+        };
+
+        SecureRandom    random = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] k = Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - k.length); i += k.length)
+                {
+                    System.arraycopy(k, 0, bytes, i, k.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(k, 0, bytes, i - k.length, bytes.length - (i - k.length));
+                }
+                else
+                {
+                    System.arraycopy(k, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        SecureRandom    keyRandom = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] x = Hex.decode("3036314538303830343630454235324435324234314132373832433138443046");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - x.length); i += x.length)
+                {
+                    System.arraycopy(x, 0, bytes, i, x.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(x, 0, bytes, i - x.length, bytes.length - (i - x.length));
+                }
+                else
+                {
+                    System.arraycopy(x, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        BigInteger  pValue = new BigInteger("ab8f37938356529e871514c1f48c5cbce77b2f4fc9a2673ac2c1653da8984090c0ac73775159a26bef59909d4c9846631270e16653a6234668f2a52a01a39b921490e694c0f104b58d2e14970fccb478f98d01e975a1028b9536d912de5236d2dd2fc396b77153594d4178780e5f16f718471e2111c8ce64a7d7e196fa57142d", 16);
+        BigInteger  qValue = new BigInteger("bcc02ca0ce4f0753ec16105ee5d530aa00d39f3171842ab2c334a26b5f576e0f", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("a8790aabbd5a998ff524bad048ac69cd1faff2dab048265c8d60d1471c44a9ee",16);
+            BigInteger              s = new BigInteger("30df5ba32ac77170b9632559bef7d37620017756dff3fea1088b4267db0944b8",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(1024, 1, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+            
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_TEST2_1024
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-TEST2-1024";
+        }
+
+        SecureRandom    init_random = new SecureRandom()
+        {
+            boolean firstLong = true;
+
+            public long nextLong()
+            {
+                String x0 = "0x3DFC46F1";
+                String c =  "0xD";
+
+                if (firstLong)
+                {
+                    firstLong = false;
+                    return NumberParsing.decodeLongFromHex(x0);
+                }
+                return NumberParsing.decodeLongFromHex(c);
+            }
+
+            public void nextBytes(byte[] bytes)
+            {
+
+                byte[] d = Hex.decode("02");
+
+                System.arraycopy(d, 0, bytes, bytes.length-d.length, d.length);
+            }
+        };
+
+        SecureRandom    random = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] k = Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - k.length); i += k.length)
+                {
+                    System.arraycopy(k, 0, bytes, i, k.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(k, 0, bytes, i - k.length, bytes.length - (i - k.length));
+                }
+                else
+                {
+                    System.arraycopy(k, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        SecureRandom    keyRandom = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] x = Hex.decode("3036314538303830343630454235324435324234314132373832433138443046");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - x.length); i += x.length)
+                {
+                    System.arraycopy(x, 0, bytes, i, x.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(x, 0, bytes, i - x.length, bytes.length - (i - x.length));
+                }
+                else
+                {
+                    System.arraycopy(x, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        BigInteger  pValue = new BigInteger("e2c4191c4b5f222f9ac2732562f6d9b4f18e7fb67a290ea1e03d750f0b9806755fc730d975bf3faa606d05c218b35a6c3706919aab92e0c58b1de4531c8fa8e7af43c2bff016251e21b2870897f6a27ac4450bca235a5b748ad386e4a0e4dfcb09152435abcfe48bd0b126a8122c7382f285a9864615c66decddf6afd355dfb7", 16);
+        BigInteger  qValue = new BigInteger("931a58fb6f0dcdf2fe7549bc3f19f4724b56898f7f921a076601edb18c93dc75", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("81d69a192e9c7ac21fc07da41bd07e230ba6a94eb9f3c1fd104c7bd976733ca5",16);
+            BigInteger              s = new BigInteger("315c879c8414f35feb4deb15e7cc0278c48e6ca1596325d6959338d860b0c47a",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(1024, 2, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+           
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_AParam
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-AParam";
+        }
+
+        SecureRandom    init_random = new SecureRandom()
+        {
+            boolean firstLong = true;
+
+            public long nextLong()
+            {
+                String x0 = "0x520874F5";
+                String c =  "0xEE39ADB3";
+
+                if (firstLong)
+                {
+                    firstLong = false;
+                    return NumberParsing.decodeLongFromHex(x0);
+                }
+                return NumberParsing.decodeLongFromHex(c);
+            }
+
+            public void nextBytes(byte[] bytes)
+            {
+
+                byte[] d = Hex.decode("02");
+
+                System.arraycopy(d, 0, bytes, bytes.length-d.length, d.length);
+            }
+        };
+
+        SecureRandom    random = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] k = Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - k.length); i += k.length)
+                {
+                    System.arraycopy(k, 0, bytes, i, k.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(k, 0, bytes, i - k.length, bytes.length - (i - k.length));
+                }
+                else
+                {
+                    System.arraycopy(k, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        SecureRandom    keyRandom = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] x = Hex.decode("3036314538303830343630454235324435324234314132373832433138443046");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - x.length); i += x.length)
+                {
+                    System.arraycopy(x, 0, bytes, i, x.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(x, 0, bytes, i - x.length, bytes.length - (i - x.length));
+                }
+                else
+                {
+                    System.arraycopy(x, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        BigInteger  pValue = new BigInteger("b4e25efb018e3c8b87505e2a67553c5edc56c2914b7e4f89d23f03f03377e70a2903489dd60e78418d3d851edb5317c4871e40b04228c3b7902963c4b7d85d52b9aa88f2afdbeb28da8869d6df846a1d98924e925561bd69300b9ddd05d247b5922d967cbb02671881c57d10e5ef72d3e6dad4223dc82aa1f7d0294651a480df", 16);
+        BigInteger  qValue = new BigInteger("972432a437178b30bd96195b773789ab2fff15594b176dd175b63256ee5af2cf", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("64a8856628e5669d85f62cd763dd4a99bc56d33dc0e1859122855d141e9e4774",16);
+            BigInteger              s = new BigInteger("319ebac97092b288d469a4b988248794f60c865bc97858d9a3135c6d1a1bf2dd",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(1024, 2, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_BParam
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-BParam";
+        }
+
+        SecureRandom    init_random = new SecureRandom()
+        {
+            boolean firstLong = true;
+
+            public long nextLong()
+            {
+                String x0 = "0x5B977CDB";
+                String c =  "0x6E9692DD";
+
+                if (firstLong)
+                {
+                    firstLong = false;
+                    return NumberParsing.decodeLongFromHex(x0);
+                }
+                return NumberParsing.decodeLongFromHex(c);
+            }
+
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] d = Hex.decode("bc3cbbdb7e6f848286e19ad9a27a8e297e5b71c53dd974cdf60f937356df69cbc97a300ccc71685c553046147f11568c4fddf363d9d886438345a62c3b75963d6546adfabf31b31290d12cae65ecb8309ef66782");
+
+                System.arraycopy(d, 0, bytes, bytes.length-d.length, d.length);
+            }
+        };
+
+        SecureRandom    random = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] k = Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - k.length); i += k.length)
+                {
+                    System.arraycopy(k, 0, bytes, i, k.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(k, 0, bytes, i - k.length, bytes.length - (i - k.length));
+                }
+                else
+                {
+                    System.arraycopy(k, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        SecureRandom    keyRandom = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] x = Hex.decode("3036314538303830343630454235324435324234314132373832433138443046");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - x.length); i += x.length)
+                {
+                    System.arraycopy(x, 0, bytes, i, x.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(x, 0, bytes, i - x.length, bytes.length - (i - x.length));
+                }
+                else
+                {
+                    System.arraycopy(x, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        BigInteger  pValue = new BigInteger("c6971fc57524b30c9018c5e621de15499736854f56a6f8aee65a7a404632b3540f09020f67f04dc2e6783b141dceffd21a703035b7d0187c6e12cb4229922bafdb2225b73e6b23a0de36e20047065aea000c1a374283d0ad8dc1981e3995f0bb8c72526041fcb98ae6163e1e71a669d8364e9c4c3188f673c5f8ee6fadb41abf", 16);
+        BigInteger  qValue = new BigInteger("b09d634c10899cd7d4c3a7657403e05810b07c61a688bab2c37f475e308b0607", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("860d82c60e9502cd00c0e9e1f6563feafec304801974d745c5e02079946f729e",16);
+            BigInteger              s = new BigInteger("7ef49264ef022801aaa03033cd97915235fbab4c823ed936b0f360c22114688a",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(1024, 2, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_CParam
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-CParam";
+        }
+
+        SecureRandom    init_random = new SecureRandom()
+        {
+            boolean firstLong = true;
+
+            public long nextLong()
+            {
+                String x0 = "0x43848744";
+                String c =  "0xB50A826D";
+
+                if (firstLong)
+                {
+                    firstLong = false;
+                    return NumberParsing.decodeLongFromHex(x0);
+                }
+                return NumberParsing.decodeLongFromHex(c);
+            }
+
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] d = Hex.decode("7F575E8194BC5BDF");
+
+                System.arraycopy(d, 0, bytes, bytes.length-d.length, d.length);
+            }
+        };
+
+        SecureRandom    random = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] k = Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - k.length); i += k.length)
+                {
+                    System.arraycopy(k, 0, bytes, i, k.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(k, 0, bytes, i - k.length, bytes.length - (i - k.length));
+                }
+                else
+                {
+                    System.arraycopy(k, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        SecureRandom    keyRandom = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] x = Hex.decode("3036314538303830343630454235324435324234314132373832433138443046");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - x.length); i += x.length)
+                {
+                    System.arraycopy(x, 0, bytes, i, x.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(x, 0, bytes, i - x.length, bytes.length - (i - x.length));
+                }
+                else
+                {
+                    System.arraycopy(x, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        BigInteger  pValue = new BigInteger("9d88e6d7fe3313bd2e745c7cdd2ab9ee4af3c8899e847de74a33783ea68bc30588ba1f738c6aaf8ab350531f1854c3837cc3c860ffd7e2e106c3f63b3d8a4c034ce73942a6c3d585b599cf695ed7a3c4a93b2b947b7157bb1a1c043ab41ec8566c6145e938a611906de0d32e562494569d7e999a0dda5c879bdd91fe124df1e9", 16);
+        BigInteger  qValue = new BigInteger("fadd197abd19a1b4653eecf7eca4d6a22b1f7f893b641f901641fbb555354faf", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("4deb95a0b35e7ed7edebe9bef5a0f93739e16b7ff27fe794d989d0c13159cfbc",16);
+            BigInteger              s = new BigInteger("e1d0d30345c24cfeb33efde3deee5fbbda78ddc822b719d860cd0ba1fb6bd43b",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(1024, 2, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_DParam
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-DParam";
+        }
+
+        SecureRandom    init_random = new SecureRandom()
+        {
+            boolean firstLong = true;
+
+            public long nextLong()
+            {
+                String x0 = "0x13DA8B9D";
+                String c =  "0xA0E9DE4B";
+
+                if (firstLong)
+                {
+                    firstLong = false;
+                    return NumberParsing.decodeLongFromHex(x0);
+                }
+                return NumberParsing.decodeLongFromHex(c);
+            }
+
+            public void nextBytes(byte[] bytes)
+            {
+
+                byte[] d = Hex.decode("41ab97857f42614355d32db0b1069f109a4da283676c7c53a68185b4");
+
+                System.arraycopy(d, 0, bytes, bytes.length-d.length, d.length);
+            }
+        };
+
+        SecureRandom    random = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] k = Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - k.length); i += k.length)
+                {
+                    System.arraycopy(k, 0, bytes, i, k.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(k, 0, bytes, i - k.length, bytes.length - (i - k.length));
+                }
+                else
+                {
+                    System.arraycopy(k, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        SecureRandom    keyRandom = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] x = Hex.decode("3036314538303830343630454235324435324234314132373832433138443046");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - x.length); i += x.length)
+                {
+                    System.arraycopy(x, 0, bytes, i, x.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(x, 0, bytes, i - x.length, bytes.length - (i - x.length));
+                }
+                else
+                {
+                    System.arraycopy(x, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        BigInteger  pValue = new BigInteger("80f102d32b0fd167d069c27a307adad2c466091904dbaa55d5b8cc7026f2f7a1919b890cb652c40e054e1e9306735b43d7b279eddf9102001cd9e1a831fe8a163eed89ab07cf2abe8242ac9dedddbf98d62cddd1ea4f5f15d3a42a6677bdd293b24260c0f27c0f1d15948614d567b66fa902baa11a69ae3bceadbb83e399c9b5", 16);
+        BigInteger  qValue = new BigInteger("f0f544c418aac234f683f033511b65c21651a6078bda2d69bb9f732867502149", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("712592d285b792e33b8a9a11e8e6c4f512ddf0042972bbfd1abb0a93e8fc6f54",16);
+            BigInteger              s = new BigInteger("2cf26758321258b130d5612111339f09ceb8668241f3482e38baa56529963f07",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(1024, 2, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_AExParam
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-AExParam";
+        }
+
+        SecureRandom    init_random = new SecureRandom()
+        {
+            boolean firstLong = true;
+
+            public long nextLong()
+            {
+                String x0 = "0xD05E9F14";
+                String c =  "0x46304C5F";
+
+                if (firstLong)
+                {
+                    firstLong = false;
+                    return NumberParsing.decodeLongFromHex(x0);
+                }
+                return NumberParsing.decodeLongFromHex(c);
+            }
+
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] d = Hex.decode("35ab875399cda33c146ca629660e5a5e5c07714ca326db032dd6751995cdb90a612b9228932d8302704ec24a5def7739c5813d83");
+
+                System.arraycopy(d, 0, bytes, bytes.length-d.length, d.length);
+            }
+        };
+
+        SecureRandom    random = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] k = Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - k.length); i += k.length)
+                {
+                    System.arraycopy(k, 0, bytes, i, k.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(k, 0, bytes, i - k.length, bytes.length - (i - k.length));
+                }
+                else
+                {
+                    System.arraycopy(k, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        SecureRandom    keyRandom = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] x = Hex.decode("3036314538303830343630454235324435324234314132373832433138443046");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - x.length); i += x.length)
+                {
+                    System.arraycopy(x, 0, bytes, i, x.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(x, 0, bytes, i - x.length, bytes.length - (i - x.length));
+                }
+                else
+                {
+                    System.arraycopy(x, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        BigInteger  pValue = new BigInteger("ca3b3f2eee9fd46317d49595a9e7518e6c63d8f4eb4d22d10d28af0b8839f079f8289e603b03530784b9bb5a1e76859e4850c670c7b71c0df84ca3e0d6c177fe9f78a9d8433230a883cd82a2b2b5c7a3306980278570cdb79bf01074a69c9623348824b0c53791d53c6a78cab69e1cfb28368611a397f50f541e16db348dbe5f", 16);
+        BigInteger  qValue = new BigInteger("cae4d85f80c147704b0ca48e85fb00a9057aa4acc44668e17f1996d7152690d9", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("90892707282f433398488f19d31ac48523a8e2ded68944e0da91c6895ee7045e",16);
+            BigInteger              s = new BigInteger("3be4620ee88f1ee8f9dd63c7d145b7e554839feeca125049118262ea4651e9de",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(1024, 2, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_BExParam
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-BExParam";
+        }
+
+        SecureRandom    init_random = new SecureRandom()
+        {
+            boolean firstLong = true;
+
+            public long nextLong()
+            {
+                String x0 = "0x7A007804";
+                String c =  "0xD31A4FF7";
+
+                if (firstLong)
+                {
+                    firstLong = false;
+                    return NumberParsing.decodeLongFromHex(x0);
+                }
+                return NumberParsing.decodeLongFromHex(c);
+            }
+
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] d = Hex.decode("7ec123d161477762838c2bea9dbdf33074af6d41d108a066a1e7a07ab3048de2");
+
+                System.arraycopy(d, 0, bytes, bytes.length-d.length, d.length);
+            }
+        };
+
+        SecureRandom    random = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] k = Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - k.length); i += k.length)
+                {
+                    System.arraycopy(k, 0, bytes, i, k.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(k, 0, bytes, i - k.length, bytes.length - (i - k.length));
+                }
+                else
+                {
+                    System.arraycopy(k, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        SecureRandom    keyRandom = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] x = Hex.decode("3036314538303830343630454235324435324234314132373832433138443046");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - x.length); i += x.length)
+                {
+                    System.arraycopy(x, 0, bytes, i, x.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(x, 0, bytes, i - x.length, bytes.length - (i - x.length));
+                }
+                else
+                {
+                    System.arraycopy(x, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        BigInteger  pValue = new BigInteger("9286dbda91eccfc3060aa5598318e2a639f5ba90a4ca656157b2673fb191cd0589ee05f4cef1bd13508408271458c30851ce7a4ef534742bfb11f4743c8f787b11193ba304c0e6bca25701bf88af1cb9b8fd4711d89f88e32b37d95316541bf1e5dbb4989b3df13659b88c0f97a3c1087b9f2d5317d557dcd4afc6d0a754e279", 16);
+        BigInteger  qValue = new BigInteger("c966e9b3b8b7cdd82ff0f83af87036c38f42238ec50a876cd390e43d67b6013f", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("8f79a582513df84dc247bcb624340cc0e5a34c4324a20ce7fe3ab8ff38a9db71",16);
+            BigInteger              s = new BigInteger("7508d22fd6cbb45efd438cb875e43f137247088d0f54b29a7c91f68a65b5fa85",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(1024, 2, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    private class GOST3410_CExParam
+        implements Test
+    {
+        public String getName()
+        {
+            return "GOST3410-CExParam";
+        }
+
+        SecureRandom    init_random = new SecureRandom()
+        {
+            boolean firstLong = true;
+
+            public long nextLong()
+            {
+                String x0 = "0x162AB910";
+                String c =  "0x93F828D3";
+
+                if (firstLong)
+                {
+                    firstLong = false;
+                    return NumberParsing.decodeLongFromHex(x0);
+                }
+                return NumberParsing.decodeLongFromHex(c);
+            }
+
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] d = Hex.decode("ca82cce78a738bc46f103d53b9bf809745ec845e4f6da462606c51f60ecf302e31204b81");
+
+                System.arraycopy(d, 0, bytes, bytes.length-d.length, d.length);
+            }
+        };
+
+        SecureRandom    random = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] k = Hex.decode("90F3A564439242F5186EBB224C8E223811B7105C64E4F5390807E6362DF4C72A");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - k.length); i += k.length)
+                {
+                    System.arraycopy(k, 0, bytes, i, k.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(k, 0, bytes, i - k.length, bytes.length - (i - k.length));
+                }
+                else
+                {
+                    System.arraycopy(k, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        SecureRandom    keyRandom = new SecureRandom()
+        {
+            public void nextBytes(byte[] bytes)
+            {
+                byte[] x = Hex.decode("3036314538303830343630454235324435324234314132373832433138443046");
+
+                int i;
+
+                for (i = 0; i < (bytes.length - x.length); i += x.length)
+                {
+                    System.arraycopy(x, 0, bytes, i, x.length);
+                }
+
+                if (i > bytes.length)
+                {
+                    System.arraycopy(x, 0, bytes, i - x.length, bytes.length - (i - x.length));
+                }
+                else
+                {
+                    System.arraycopy(x, 0, bytes, i, bytes.length - i);
+                }
+            }
+        };
+
+        BigInteger  pValue = new BigInteger("b194036ace14139d36d64295ae6c50fc4b7d65d8b340711366ca93f383653908ee637be428051d86612670ad7b402c09b820fa77d9da29c8111a8496da6c261a53ed252e4d8a69a20376e6addb3bdcd331749a491a184b8fda6d84c31cf05f9119b5ed35246ea4562d85928ba1136a8d0e5a7e5c764ba8902029a1336c631a1d", 16);
+        BigInteger  qValue = new BigInteger("96120477df0f3896628e6f4a88d83c93204c210ff262bccb7dae450355125259", 16);
+
+        public TestResult perform()
+        {
+            BigInteger              r = new BigInteger("169fdb2dc09f690b71332432bfec806042e258fa9a21dafe73c6abfbc71407d9",16);
+            BigInteger              s = new BigInteger("9002551808ae40d19f6f31fb67e4563101243cf07cffd5f2f8ff4c537b0c9866",16);
+            GOST3410ParametersGenerator  pGen = new GOST3410ParametersGenerator();
+
+            pGen.init(1024, 2, init_random);
+
+            GOST3410Parameters           params = pGen.generateParameters();
+
+            if (!pValue.equals(params.getP()) || !qValue.equals(params.getQ()))
+            {
+                return new SimpleTestResult(false, getName() + ": p or q wrong");
+            }
+
+            GOST3410KeyPairGenerator         GOST3410KeyGen = new GOST3410KeyPairGenerator();
+            GOST3410KeyGenerationParameters  genParam = new GOST3410KeyGenerationParameters(keyRandom, params);
+
+            GOST3410KeyGen.init(genParam);
+
+            AsymmetricCipherKeyPair  pair = GOST3410KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), random);
+
+            GOST3410Signer GOST3410 = new GOST3410Signer();
+
+            GOST3410.init(true, param);
+
+            BigInteger[] sig = GOST3410.generateSignature(hashmessage);
+
+            if (!r.equals(sig[0]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": r component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + r.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[0].toString(16));
+            }
+
+            if (!s.equals(sig[1]))
+            {
+                return new SimpleTestResult(false, getName()
+                    + ": s component wrong." + System.getProperty("line.separator")
+                    + " expecting: " + s.toString(16) + System.getProperty("line.separator")
+                    + " got      : " + sig[1].toString(16));
+            }
+
+            GOST3410.init(false, pair.getPublic());
+
+            if (GOST3410.verifySignature(hashmessage, sig[0], sig[1]))
+            {
+                return new SimpleTestResult(true, getName() + ": Okay");
+            }
+            else
+            {
+                return new SimpleTestResult(false, getName() + ": verification fails");
+            }
+        }
+    }
+
+    Test tests[] =
+    {
+        new GOST3410_TEST1_512(),
+        new GOST3410_TEST2_512(),
+//        new GOST3410_TEST1_1024(),
+//        new GOST3410_TEST2_1024(),
+//        new GOST3410_AParam(),
+//        new GOST3410_BParam(),
+//        new GOST3410_CParam(),
+//        new GOST3410_DParam(),
+//        new GOST3410_AExParam(),
+//        new GOST3410_BExParam(),
+//        new GOST3410_CExParam()
+    };
+
+    public String getName()
+    {
+        return "GOST3410";
+    }
+
+    public TestResult perform()
+    {
+        for (int i = 0; i != tests.length; i++)
+        {
+            TestResult  result = tests[i].perform();
+
+            if (!result.isSuccessful())
+            {
+                return result;
+            }
+        }
+
+        return new SimpleTestResult(true, "GOST3410: Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        GOST3410Test         test = new GOST3410Test();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST3411DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST3411DigestTest.java
new file mode 100644
index 0000000..45962fe
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/GOST3411DigestTest.java
@@ -0,0 +1,74 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.GOST3411Digest;
+import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+
+public class GOST3411DigestTest
+    extends DigestTest
+{
+    private static final String[] messages =
+    {
+        "",
+        "This is message, length=32 bytes",
+        "Suppose the original message has length = 50 bytes",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+    };
+    
+//  If S-box = D-A (see: digest/GOST3411Digest.java; function: E(byte[] in, byte[] key); string: CipherParameters  param = new GOST28147Parameters(key,"D-A");)
+    private static final String[] digests =
+    {
+        "981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0",
+        "2cefc2f7b7bdc514e18ea57fa74ff357e7fa17d652c75f69cb1be7893ede48eb",
+        "c3730c5cbccacf915ac292676f21e8bd4ef75331d9405e5f1a61dc3130a65011",
+        "73b70a39497de53a6e08c67b6d4db853540f03e9389299d9b0156ef7e85d0f61"
+    };
+
+//  If S-box = D-Test (see: digest/GOST3411Digest.java; function:E(byte[] in, byte[] key); string: CipherParameters  param = new GOST28147Parameters(key,"D-Test");)
+//    private static final String[] digests =
+//    {
+//        "ce85b99cc46752fffee35cab9a7b0278abb4c2d2055cff685af4912c49490f8d",
+//        "b1c466d37519b82e8319819ff32595e047a28cb6f83eff1c6916a815a637fffa",
+//        "471aba57a60a770d3a76130635c1fbea4ef14de51f78b4ae57dd893b62f55208",
+//        "95c1af627c356496d80274330b2cff6a10c67b5f597087202f94d06d2338cf8e"
+//    };
+    
+    // 1 million 'a'
+    static private String  million_a_digest = "8693287aa62f9478f7cb312ec0866b6c4e4a0f11160441e8f4ffcd2715dd554f";
+
+    GOST3411DigestTest()
+    {
+        super(new GOST3411Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+        
+        millionATest(million_a_digest);
+
+        HMac gMac = new HMac(new GOST3411Digest());
+
+        gMac.init(new KeyParameter(PKCS5S1ParametersGenerator.PKCS5PasswordToUTF8Bytes("1".toCharArray())));
+
+        byte[] data = "fred".getBytes();
+
+        gMac.update(data, 0, data.length);
+        byte[] mac = new byte[gMac.getMacSize()];
+
+        gMac.doFinal(mac, 0);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new GOST3411Digest((GOST3411Digest)digest);
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new GOST3411DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/Grain128Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/Grain128Test.java
new file mode 100644
index 0000000..afac2e0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/Grain128Test.java
@@ -0,0 +1,117 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.engines.Grain128Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Grain-128 Test
+ */
+public class Grain128Test
+    extends SimpleTest
+{
+
+    String keyStream1 = "f09b7bf7d7f6b5c2de2ffc73ac21397f";
+    String keyStream2 = "afb5babfa8de896b4b9c6acaf7c4fbfd";
+
+    public String getName()
+    {
+        return "Grain-128";
+    }
+
+    public void performTest()
+    {
+        Grain128Test1(new ParametersWithIV(new KeyParameter(Hex
+            .decode("00000000000000000000000000000000")), Hex
+            .decode("000000000000000000000000")));
+        Grain128Test2(new ParametersWithIV(new KeyParameter(Hex
+            .decode("0123456789abcdef123456789abcdef0")), Hex
+            .decode("0123456789abcdef12345678")));
+        Grain128Test3(new ParametersWithIV(new KeyParameter(Hex
+            .decode("0123456789abcdef123456789abcdef0")), Hex
+            .decode("0123456789abcdef12345678")));
+    }
+
+    private void Grain128Test1(CipherParameters params)
+    {
+        StreamCipher grain = new Grain128Engine();
+        byte[] in = new byte[16];
+        byte[] out = new byte[16];
+
+        grain.init(true, params);
+
+        grain.processBytes(in, 0, in.length, out, 0);
+
+        if (!areEqual(out, Hex.decode(keyStream1)))
+        {
+            mismatch("Keystream 1", keyStream1, out);
+        }
+
+        grain.reset();
+
+        grain.processBytes(in, 0, in.length, out, 0);
+
+        if (!areEqual(out, Hex.decode(keyStream1)))
+        {
+            mismatch("Keystream 1", keyStream1, out);
+        }
+    }
+
+    private void Grain128Test2(CipherParameters params)
+    {
+        StreamCipher grain = new Grain128Engine();
+        byte[] in = new byte[16];
+        byte[] out = new byte[16];
+
+        grain.init(true, params);
+
+        grain.processBytes(in, 0, in.length, out, 0);
+
+        if (!areEqual(out, Hex.decode(keyStream2)))
+        {
+            mismatch("Keystream 2", keyStream2, out);
+        }
+
+        grain.reset();
+
+        grain.processBytes(in, 0, in.length, out, 0);
+
+        if (!areEqual(out, Hex.decode(keyStream2)))
+        {
+            mismatch("Keystream 2", keyStream2, out);
+        }
+    }
+
+    private void Grain128Test3(CipherParameters params)
+    {
+        StreamCipher grain = new Grain128Engine();
+        byte[] in = "Encrypt me!".getBytes();
+        byte[] cipher = new byte[in.length];
+        byte[] clear = new byte[in.length];
+
+        grain.init(true, params);
+
+        grain.processBytes(in, 0, in.length, cipher, 0);
+        grain.reset();
+        grain.processBytes(cipher, 0, cipher.length, clear, 0);
+
+        if (!areEqual(in, clear))
+        {
+            mismatch("Test 3", new String(Hex.encode(in)), clear);
+        }
+    }
+
+    private void mismatch(String name, String expected, byte[] found)
+    {
+        fail("mismatch on " + name, expected, new String(Hex.encode(found)));
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new Grain128Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/Grainv1Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/Grainv1Test.java
new file mode 100644
index 0000000..b76c1f2
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/Grainv1Test.java
@@ -0,0 +1,140 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.engines.Grainv1Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Grain v1 Test
+ */
+public class Grainv1Test
+    extends SimpleTest
+{
+
+    String keyStream1 = "dee931cf1662a72f77d0";
+    String keyStream2 = "7f362bd3f7abae203664";
+    String keyStream4 = "017D13ECB20AE0C9ACF784CB06525F72"
+        + "CE6D52BEBB948F124668C35064559024"
+        + "49EEA505C19F3EE4D052C3D19DA9C4D1"
+        + "B92DBC7F07AFEA6A3D845DE60D8471FD";
+
+    public String getName()
+    {
+        return "Grain v1";
+    }
+
+    public void performTest()
+    {
+        Grainv1Test1(new ParametersWithIV(new KeyParameter(Hex
+            .decode("00000000000000000000")), Hex
+            .decode("0000000000000000")));
+        Grainv1Test2(new ParametersWithIV(new KeyParameter(Hex
+            .decode("0123456789abcdef1234")), Hex
+            .decode("0123456789abcdef")));
+        Grainv1Test3(new ParametersWithIV(new KeyParameter(Hex
+            .decode("0123456789abcdef1234")), Hex
+            .decode("0123456789abcdef")));
+        Grainv1Test4(new ParametersWithIV(new KeyParameter(Hex
+            .decode("0F62B5085BAE0154A7FA")), Hex
+            .decode("288FF65DC42B92F9")));
+    }
+
+    private void Grainv1Test1(CipherParameters params)
+    {
+        StreamCipher grain = new Grainv1Engine();
+        byte[] in = new byte[10];
+        byte[] out = new byte[10];
+
+        grain.init(true, params);
+
+        grain.processBytes(in, 0, in.length, out, 0);
+
+        if (!areEqual(out, Hex.decode(keyStream1)))
+        {
+            mismatch("Keystream 1", keyStream1, out);
+        }
+
+        grain.reset();
+
+        grain.processBytes(in, 0, in.length, out, 0);
+
+        if (!areEqual(out, Hex.decode(keyStream1)))
+        {
+            mismatch("Keystream 1", keyStream1, out);
+        }
+    }
+
+    private void Grainv1Test2(CipherParameters params)
+    {
+        StreamCipher grain = new Grainv1Engine();
+        byte[] in = new byte[10];
+        byte[] out = new byte[10];
+
+        grain.init(true, params);
+
+        grain.processBytes(in, 0, in.length, out, 0);
+
+        if (!areEqual(out, Hex.decode(keyStream2)))
+        {
+            mismatch("Keystream 2", keyStream2, out);
+        }
+
+        grain.reset();
+
+        grain.processBytes(in, 0, in.length, out, 0);
+
+        if (!areEqual(out, Hex.decode(keyStream2)))
+        {
+            mismatch("Keystream 2", keyStream2, out);
+        }
+    }
+
+    private void Grainv1Test3(CipherParameters params)
+    {
+        StreamCipher grain = new Grainv1Engine();
+        byte[] in = "Encrypt me!".getBytes();
+        byte[] cipher = new byte[in.length];
+        byte[] clear = new byte[in.length];
+
+        grain.init(true, params);
+
+        grain.processBytes(in, 0, in.length, cipher, 0);
+        grain.reset();
+        grain.processBytes(cipher, 0, cipher.length, clear, 0);
+
+        if (!areEqual(in, clear))
+        {
+            mismatch("Test 3", new String(Hex.encode(in)), clear);
+        }
+    }
+
+    private void Grainv1Test4(CipherParameters params)
+    {
+        StreamCipher grain = new Grainv1Engine();
+        byte[] in = new byte[keyStream4.length() / 2];
+        byte[] out = new byte[in.length];
+
+        grain.init(true, params);
+
+        grain.processBytes(in, 0, in.length, out, 0);
+
+        if (!areEqual(out, Hex.decode(keyStream4)))
+        {
+            mismatch("Keystream 4", keyStream4, out);
+        }
+    }
+
+    private void mismatch(String name, String expected, byte[] found)
+    {
+        fail("mismatch on " + name, expected, new String(Hex.encode(found)));
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new Grainv1Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/HCFamilyTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/HCFamilyTest.java
new file mode 100644
index 0000000..5604d9c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/HCFamilyTest.java
@@ -0,0 +1,192 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.engines.HC128Engine;
+import org.bouncycastle.crypto.engines.HC256Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * HC-128 and HC-256 Tests. Based on the test vectors in the official reference
+ * papers, respectively:
+ * <pre>
+ * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
+ * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
+ * </pre>
+ * See HCFamilyVecTest for a more exhaustive test based on the ecrypt vectors.
+ */
+public class HCFamilyTest
+    extends SimpleTest
+{
+    private static final byte[] MSG = new byte[64];
+
+    private static String[][] HC128_VerifiedTest =
+        {
+            {
+                "Set 2, vector#  0",
+                "00000000000000000000000000000000",
+                "00000000000000000000000000000000",
+                "82001573A003FD3B7FD72FFB0EAF63AA" +
+                "C62F12DEB629DCA72785A66268EC758B" +
+                "1EDB36900560898178E0AD009ABF1F49" +
+                "1330DC1C246E3D6CB264F6900271D59C"
+            },
+            {
+                "Set 6, vector#  0",
+                "0053A6F94C9FF24598EB3E91E4378ADD",
+                "0D74DB42A91077DE45AC137AE148AF16",
+                "2E1ED12A8551C05AF41FF39D8F9DF933" +
+                "122B5235D48FC2A6F20037E69BDBBCE8" +
+                "05782EFC16C455A4B3FF06142317535E" +
+                "F876104C32445138CB26EBC2F88A684C"
+            },
+            {
+                "Set 6, vector#  1",
+                "0558ABFE51A4F74A9DF04396E93C8FE2",
+                "167DE44BB21980E74EB51C83EA51B81F",
+                "4F864BF3C96D0363B1903F0739189138" +
+                "F6ED2BC0AF583FEEA0CEA66BA7E06E63" +
+                "FB28BF8B3CA0031D24ABB511C57DD17B" +
+                "FC2861C32400072CB680DF2E58A5CECC"
+            },
+            {
+                "Set 6, vector#  2",
+                "0A5DB00356A9FC4FA2F5489BEE4194E7",
+                "1F86ED54BB2289F057BE258CF35AC128",
+                "82168AB0023B79AAF1E6B4D823855E14" +
+                "A7084378036A951B1CFEF35173875ED8" +
+                "6CB66AB8410491A08582BE40080C3102" +
+                "193BA567F9E95D096C3CC60927DD7901"
+            },
+            {
+                "Set 6, vector#  3",
+                "0F62B5085BAE0154A7FA4DA0F34699EC",
+                "288FF65DC42B92F960C72E95FC63CA31",
+                "1CD8AEDDFE52E217E835D0B7E84E2922" +
+                "D04B1ADBCA53C4522B1AA604C42856A9" +
+                "0AF83E2614BCE65C0AECABDD8975B557" +
+                "00D6A26D52FFF0888DA38F1DE20B77B7"
+            }
+        };
+
+    private static String[][] HC256_VerifiedTest =
+        {
+            {
+                "Set 2, vector#  0",
+                "00000000000000000000000000000000",
+                "00000000000000000000000000000000",
+                "5B078985D8F6F30D42C5C02FA6B67951" +
+                "53F06534801F89F24E74248B720B4818" +
+                "CD9227ECEBCF4DBF8DBF6977E4AE14FA" +
+                "E8504C7BC8A9F3EA6C0106F5327E6981"
+            },
+            {
+                "Set 2, vector#  9",
+                "09090909090909090909090909090909",
+                "00000000000000000000000000000000",
+                "F5C2926651AEED9AF1A9C2F04C03D081" +
+                "2145B56AEA46EB283A25A4C9E3D8BEB4" +
+                "821B418F06F2B9DCDF1A85AB8C02CD14" +
+                "62E1BBCAEC9AB0E99AA6AFF918BA627C"
+            },
+            {
+                "Set 2, vector#135",
+                "87878787878787878787878787878787",
+                "00000000000000000000000000000000",
+                "CEC0C3852E3B98233EBCB975C10B1191" +
+                "3C69F2275EB97A1402EDF16C6FBE19BE" +
+                "79D65360445BCB63676E6553B609A065" +
+                "0155C3B22DD1975AC0F3F65063A2E16E"
+            },
+            {
+                "Set 6, vector#  0",
+                "0053A6F94C9FF24598EB3E91E4378ADD" +
+                "3083D6297CCF2275C81B6EC11467BA0D",
+                "0D74DB42A91077DE45AC137AE148AF16" +
+                "7DE44BB21980E74EB51C83EA51B81F86",
+                "23D9E70A45EB0127884D66D9F6F23C01" +
+                "D1F88AFD629270127247256C1FFF91E9" +
+                "1A797BD98ADD23AE15BEE6EEA3CEFDBF" +
+                "A3ED6D22D9C4F459DB10C40CDF4F4DFF"
+            },
+            {
+                "Set 6, vector#  1",
+                "0558ABFE51A4F74A9DF04396E93C8FE2" +
+                "3588DB2E81D4277ACD2073C6196CBF12",
+                "167DE44BB21980E74EB51C83EA51B81F" +
+                "86ED54BB2289F057BE258CF35AC1288F",
+                "C44B5262F2EAD9C018213127686DB742" +
+                "A72D3F2D61D18F0F4E7DE5B4F7ADABE0" +
+                "7E0C82033B139F02BAACB4E2F2D0BE30" +
+                "110C3A8A2B621523756692877C905DD0"
+            },
+            {
+                "Set 6, vector#  2",
+                "0A5DB00356A9FC4FA2F5489BEE4194E7" +
+                "3A8DE03386D92C7FD22578CB1E71C417",
+                "1F86ED54BB2289F057BE258CF35AC128" +
+                "8FF65DC42B92F960C72E95FC63CA3198",
+                "9D13AA06122F4F03AE60D507701F1ED0" +
+                "63D7530FF35EE76CAEDCBFB01D8A239E" +
+                "FA4A44B272DE9B4092E2AD56E87C3A60" +
+                "89F5A074D1F6E5B8FC6FABEE0C936F06"
+            },
+            {
+                "Set 6, vector#  3",
+                "0F62B5085BAE0154A7FA4DA0F34699EC" +
+                "3F92E5388BDE3184D72A7DD02376C91C",
+                "288FF65DC42B92F960C72E95FC63CA31" +
+                "98FF66CD349B0269D0379E056CD33AA1",
+                "C8632038DA61679C4685288B37D3E232" +
+                "7BC2D28C266B041FE0CA0D3CFEED8FD5" +
+                "753259BAB757168F85EA96ADABD823CA" +
+                "4684E918423E091565713FEDDE2CCFE0"
+            }
+        };
+
+    public String getName()
+    {
+        return "HC-128 and HC-256";
+    }
+
+    public void performTest()
+    {
+        StreamCipher hc = new HC256Engine();
+
+        for (int i = 0; i != HC256_VerifiedTest.length; i++)
+        {
+            String[] test = HC256_VerifiedTest[i];
+            HCTest(hc, "HC-256 - " + test[0], Hex.decode(test[1]), Hex.decode(test[2]), Hex.decode(test[3]));
+        }
+
+        hc = new HC128Engine();
+
+        for (int i = 0; i != HC128_VerifiedTest.length; i++)
+        {
+            String[] test = HC128_VerifiedTest[i];
+            HCTest(hc, "HC-128 - " + test[0], Hex.decode(test[1]), Hex.decode(test[2]), Hex.decode(test[3]));
+        }
+    }
+
+    private void HCTest(StreamCipher hc, String test, byte[] key, byte[] IV, byte[] expected)
+    {
+        KeyParameter kp = new KeyParameter(key);
+        ParametersWithIV ivp = new ParametersWithIV(kp, IV);
+
+        hc.init(true, ivp);
+        for (int i = 0; i < 64; i++)
+        {
+            if (hc.returnByte(MSG[i]) != expected[i])
+            {
+                fail(test + " failure at byte " + i);
+            }
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new HCFamilyTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/HCFamilyVecTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/HCFamilyVecTest.java
new file mode 100644
index 0000000..51247e6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/HCFamilyVecTest.java
@@ -0,0 +1,199 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.Reader;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.engines.HC128Engine;
+import org.bouncycastle.crypto.engines.HC256Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * HC-128 and HC-256 Tests. Based on the test vectors in the official reference
+ * papers, respectively:
+ * 
+ * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
+ * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
+ */
+public class HCFamilyVecTest
+    extends SimpleTest
+{
+    private static class PeekableLineReader extends BufferedReader
+    {
+        public PeekableLineReader(Reader r) throws IOException
+        {
+            super(r);
+
+            peek = super.readLine();
+        }
+
+        public String peekLine()
+        {
+            return peek;
+        }
+
+        public String readLine() throws IOException
+        {
+            String tmp = peek;
+            peek = super.readLine();
+            return tmp;
+        }
+
+        private String peek; 
+    }
+
+    public String getName()
+    {
+        return "HC-128 and HC-256 (ecrypt)";
+    }
+
+    public void performTest() throws Exception
+    {
+        runTests(new HC128Engine(), "ecrypt_HC-128.txt");
+        runTests(new HC256Engine(), "ecrypt_HC-256_128K_128IV.txt");
+        runTests(new HC256Engine(), "ecrypt_HC-256_256K_128IV.txt");
+        runTests(new HC256Engine(), "ecrypt_HC-256_128K_256IV.txt");
+        runTests(new HC256Engine(), "ecrypt_HC-256_256K_256IV.txt");
+    }
+
+    private void runTests(StreamCipher hc, String fileName) throws IOException
+    {
+        Reader resource = new InputStreamReader(getClass().getResourceAsStream(fileName));
+        PeekableLineReader r = new PeekableLineReader(resource);
+        runAllVectors(hc, fileName, r);
+    }
+
+    private void runAllVectors(StreamCipher hc, String fileName, PeekableLineReader r)
+        throws IOException
+    {
+        for (;;)
+        {
+            String line = r.readLine();
+            if (line == null)
+            {
+                break;
+            }
+
+            line = line.trim();
+
+            if (line.startsWith("Set "))
+            {
+                runVector(hc, fileName, r, dellChar(line, ':'));
+            }
+        }
+    }
+
+    private String dellChar(String s, char c)
+    {
+        StringBuffer b = new StringBuffer();
+
+        for (int i = 0; i != s.length(); i++)
+        {
+            if (s.charAt(i) != c)
+            {
+                b.append(s.charAt(i));
+            }
+        }
+
+        return b.toString();
+    }
+
+    private void runVector(StreamCipher hc, String fileName, PeekableLineReader r, String vectorName)
+        throws IOException
+    {
+//        System.out.println(fileName + " => " + vectorName);
+        String hexKey = readBlock(r);
+        String hexIV = readBlock(r);
+
+        CipherParameters cp = new KeyParameter(Hex.decode(hexKey));
+        cp = new ParametersWithIV(cp, Hex.decode(hexIV));
+        hc.init(true, cp);
+
+        byte[] input = new byte[64];
+        byte[] output = new byte[64];
+        byte[] digest = new byte[64];
+        int pos = 0;
+
+        for (;;)
+        {
+            String line1 = r.peekLine().trim();
+            int equalsPos = line1.indexOf('=');
+            String lead = line1.substring(0, equalsPos - 1);
+
+            String hexData = readBlock(r);
+            byte[] data = Hex.decode(hexData);
+
+            if (lead.equals("xor-digest"))
+            {
+                if (!Arrays.areEqual(data, digest))
+                {
+                    fail("Failed in " + fileName + " for test vector: " + vectorName + " at " + lead);
+//                  System.out.println(fileName + " => " + vectorName + " failed at " + lead); return;
+                }
+                break;
+            }
+
+            int posA = lead.indexOf('[');
+            int posB = lead.indexOf("..");
+            int posC = lead.indexOf(']');
+            int start = Integer.parseInt(lead.substring(posA + 1, posB));
+            int end = Integer.parseInt(lead.substring(posB + 2, posC));
+
+            if (start % 64 != 0 || (end - start != 63))
+            {
+                throw new IllegalStateException(vectorName + ": " + lead + " not on 64 byte boundaries");
+            }
+
+            while (pos < end)
+            {
+                hc.processBytes(input, 0, input.length, output, 0);
+                xor(digest, output);
+                pos += 64;
+            }
+
+            if (!Arrays.areEqual(data, output))
+            {
+                fail("Failed in " + fileName + " for test vector: " + vectorName + " at " + lead);
+//              System.out.println(fileName + " => " + vectorName + " failed at " + lead); return;
+            }
+        }
+    }
+
+    private static String readBlock(PeekableLineReader r) throws IOException
+    {
+        String first = r.readLine().trim();
+        String result = first.substring(first.lastIndexOf(' ') + 1);
+
+        for (;;)
+        {
+            String peek = r.peekLine().trim();
+            if (peek.length() < 1 || peek.indexOf('=') >= 0)
+            {
+                break;
+            }
+            result += r.readLine().trim();
+        }
+
+        return result;
+    }
+
+    private static void xor(byte[] digest, byte[] block)
+    {
+        for (int i = 0; i < digest.length; ++i)
+        {
+            digest[i] ^= block[i];
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new HCFamilyVecTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/HKDFGeneratorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/HKDFGeneratorTest.java
new file mode 100644
index 0000000..9513517
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/HKDFGeneratorTest.java
@@ -0,0 +1,304 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
+import org.bouncycastle.crypto.params.HKDFParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * HKDF tests - vectors from RFC 5869, + 2 more, 101 and 102
+ */
+public class HKDFGeneratorTest
+    extends SimpleTest
+{
+
+    public HKDFGeneratorTest()
+    {
+    }
+
+    private void compareOKM(int test, byte[] calculatedOKM, byte[] testOKM)
+    {
+
+        if (!areEqual(calculatedOKM, testOKM))
+        {
+            fail("HKDF failed generator test " + test);
+        }
+    }
+
+    public void performTest()
+    {
+        {
+            // === A.1. Test Case 1 - Basic test case with SHA-256 ===
+
+            Digest hash = new SHA256Digest();
+            byte[] ikm = Hex
+                .decode("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+            byte[] salt = Hex.decode("000102030405060708090a0b0c");
+            byte[] info = Hex.decode("f0f1f2f3f4f5f6f7f8f9");
+            int l = 42;
+            byte[] okm = new byte[l];
+
+            HKDFParameters params = new HKDFParameters(ikm, salt, info);
+
+            HKDFBytesGenerator hkdf = new HKDFBytesGenerator(hash);
+            hkdf.init(params);
+            hkdf.generateBytes(okm, 0, l);
+
+            compareOKM(1, okm, Hex.decode(
+                "3cb25f25faacd57a90434f64d0362f2a" +
+                    "2d2d0a90cf1a5a4c5db02d56ecc4c5bf" +
+                    "34007208d5b887185865"));
+        }
+
+        // === A.2. Test Case 2 - Test with SHA-256 and longer inputs/outputs
+        // ===
+        {
+            Digest hash = new SHA256Digest();
+            byte[] ikm = Hex.decode("000102030405060708090a0b0c0d0e0f"
+                + "101112131415161718191a1b1c1d1e1f"
+                + "202122232425262728292a2b2c2d2e2f"
+                + "303132333435363738393a3b3c3d3e3f"
+                + "404142434445464748494a4b4c4d4e4f");
+            byte[] salt = Hex.decode("606162636465666768696a6b6c6d6e6f"
+                + "707172737475767778797a7b7c7d7e7f"
+                + "808182838485868788898a8b8c8d8e8f"
+                + "909192939495969798999a9b9c9d9e9f"
+                + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf");
+            byte[] info = Hex.decode("b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
+                + "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
+                + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
+                + "e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
+                + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
+            int l = 82;
+            byte[] okm = new byte[l];
+
+            HKDFParameters params = new HKDFParameters(ikm, salt, info);
+
+            HKDFBytesGenerator hkdf = new HKDFBytesGenerator(hash);
+            hkdf.init(params);
+            hkdf.generateBytes(okm, 0, l);
+
+            compareOKM(2, okm, Hex.decode(
+                "b11e398dc80327a1c8e7f78c596a4934" +
+                    "4f012eda2d4efad8a050cc4c19afa97c" +
+                    "59045a99cac7827271cb41c65e590e09" +
+                    "da3275600c2f09b8367793a9aca3db71" +
+                    "cc30c58179ec3e87c14c01d5c1f3434f" +
+                    "1d87"));
+        }
+
+        {
+            // === A.3. Test Case 3 - Test with SHA-256 and zero-length
+            // salt/info ===
+
+            // setting salt to an empty byte array means that the salt is set to
+            // HashLen zero valued bytes
+            // setting info to null generates an empty byte array as info
+            // structure
+
+            Digest hash = new SHA256Digest();
+            byte[] ikm = Hex
+                .decode("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+            byte[] salt = new byte[0];
+            byte[] info = null;
+            int l = 42;
+            byte[] okm = new byte[l];
+
+            HKDFParameters params = new HKDFParameters(ikm, salt, info);
+
+            HKDFBytesGenerator hkdf = new HKDFBytesGenerator(hash);
+            hkdf.init(params);
+            hkdf.generateBytes(okm, 0, l);
+
+            compareOKM(3, okm, Hex.decode(
+                "8da4e775a563c18f715f802a063c5a31" +
+                    "b8a11f5c5ee1879ec3454e5f3c738d2d" +
+                    "9d201395faa4b61a96c8"));
+        }
+
+        {
+            // === A.4. Test Case 4 - Basic test case with SHA-1 ===
+
+            Digest hash = new SHA1Digest();
+            byte[] ikm = Hex.decode("0b0b0b0b0b0b0b0b0b0b0b");
+            byte[] salt = Hex.decode("000102030405060708090a0b0c");
+            byte[] info = Hex.decode("f0f1f2f3f4f5f6f7f8f9");
+            int l = 42;
+            byte[] okm = new byte[l];
+
+            HKDFParameters params = new HKDFParameters(ikm, salt, info);
+
+            HKDFBytesGenerator hkdf = new HKDFBytesGenerator(hash);
+            hkdf.init(params);
+            hkdf.generateBytes(okm, 0, l);
+
+            compareOKM(4, okm, Hex.decode(
+                "085a01ea1b10f36933068b56efa5ad81" +
+                    "a4f14b822f5b091568a9cdd4f155fda2" +
+                    "c22e422478d305f3f896"));
+        }
+
+        // === A.5. Test Case 5 - Test with SHA-1 and longer inputs/outputs ===
+        {
+            Digest hash = new SHA1Digest();
+            byte[] ikm = Hex.decode("000102030405060708090a0b0c0d0e0f"
+                + "101112131415161718191a1b1c1d1e1f"
+                + "202122232425262728292a2b2c2d2e2f"
+                + "303132333435363738393a3b3c3d3e3f"
+                + "404142434445464748494a4b4c4d4e4f");
+            byte[] salt = Hex.decode("606162636465666768696a6b6c6d6e6f"
+                + "707172737475767778797a7b7c7d7e7f"
+                + "808182838485868788898a8b8c8d8e8f"
+                + "909192939495969798999a9b9c9d9e9f"
+                + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf");
+            byte[] info = Hex.decode("b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
+                + "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
+                + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
+                + "e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
+                + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
+            int l = 82;
+            byte[] okm = new byte[l];
+
+            HKDFParameters params = new HKDFParameters(ikm, salt, info);
+
+            HKDFBytesGenerator hkdf = new HKDFBytesGenerator(hash);
+            hkdf.init(params);
+            hkdf.generateBytes(okm, 0, l);
+
+            compareOKM(5, okm, Hex.decode(
+                "0bd770a74d1160f7c9f12cd5912a06eb" +
+                    "ff6adcae899d92191fe4305673ba2ffe" +
+                    "8fa3f1a4e5ad79f3f334b3b202b2173c" +
+                    "486ea37ce3d397ed034c7f9dfeb15c5e" +
+                    "927336d0441f4c4300e2cff0d0900b52" +
+                    "d3b4"));
+        }
+
+        {
+            // === A.6. Test Case 6 - Test with SHA-1 and zero-length salt/info
+            // ===
+
+            // setting salt to null should generate a new salt of HashLen zero
+            // valued bytes
+
+            Digest hash = new SHA1Digest();
+            byte[] ikm = Hex
+                .decode("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+            byte[] salt = null;
+            byte[] info = new byte[0];
+            int l = 42;
+            byte[] okm = new byte[l];
+
+            HKDFParameters params = new HKDFParameters(ikm, salt, info);
+
+            HKDFBytesGenerator hkdf = new HKDFBytesGenerator(hash);
+            hkdf.init(params);
+            hkdf.generateBytes(okm, 0, l);
+
+            compareOKM(6, okm, Hex.decode(
+                "0ac1af7002b3d761d1e55298da9d0506" +
+                    "b9ae52057220a306e07b6b87e8df21d0" +
+                    "ea00033de03984d34918"));
+        }
+
+        {
+            // === A.7. Test Case 7 - Test with SHA-1, salt not provided,
+            // zero-length info ===
+            // (salt defaults to HashLen zero octets)
+
+            // this test is identical to test 6 in all ways bar the IKM value
+
+            Digest hash = new SHA1Digest();
+            byte[] ikm = Hex
+                .decode("0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
+            byte[] salt = null;
+            byte[] info = new byte[0];
+            int l = 42;
+            byte[] okm = new byte[l];
+
+            HKDFParameters params = new HKDFParameters(ikm, salt, info);
+
+            HKDFBytesGenerator hkdf = new HKDFBytesGenerator(hash);
+            hkdf.init(params);
+            hkdf.generateBytes(okm, 0, l);
+
+            compareOKM(7, okm, Hex.decode(
+                "2c91117204d745f3500d636a62f64f0a" +
+                    "b3bae548aa53d423b0d1f27ebba6f5e5" +
+                    "673a081d70cce7acfc48"));
+        }
+
+        {
+            // === A.101. Additional Test Case - Test with SHA-1, skipping extract
+            // zero-length info ===
+            // (salt defaults to HashLen zero octets)
+
+            // this test is identical to test 7 in all ways bar the IKM value
+            // which is set to the PRK value
+
+            Digest hash = new SHA1Digest();
+            byte[] ikm = Hex
+                .decode("2adccada18779e7c2077ad2eb19d3f3e731385dd");
+            byte[] info = new byte[0];
+            int l = 42;
+            byte[] okm = new byte[l];
+
+            HKDFParameters params = HKDFParameters.skipExtractParameters(ikm, info);
+
+            HKDFBytesGenerator hkdf = new HKDFBytesGenerator(hash);
+            hkdf.init(params);
+            hkdf.generateBytes(okm, 0, l);
+
+            compareOKM(101, okm, Hex.decode(
+                "2c91117204d745f3500d636a62f64f0a" +
+                    "b3bae548aa53d423b0d1f27ebba6f5e5" +
+                    "673a081d70cce7acfc48"));
+        }
+
+        // === A.102. Additional Test Case - Test with SHA-1, maximum output ===
+        // (salt defaults to HashLen zero octets)
+
+        // this test is identical to test 7 in all ways bar the IKM value
+
+        Digest hash = new SHA1Digest();
+        byte[] ikm = Hex
+            .decode("2adccada18779e7c2077ad2eb19d3f3e731385dd");
+        byte[] info = new byte[0];
+        int l = 255 * hash.getDigestSize();
+        byte[] okm = new byte[l];
+
+        HKDFParameters params = HKDFParameters.skipExtractParameters(ikm, info);
+
+        HKDFBytesGenerator hkdf = new HKDFBytesGenerator(hash);
+        hkdf.init(params);
+        hkdf.generateBytes(okm, 0, l);
+
+        int zeros = 0;
+        for (int i = 0; i < hash.getDigestSize(); i++)
+        {
+            if (okm[i] == 0)
+            {
+                zeros++;
+            }
+        }
+
+        if (zeros == hash.getDigestSize())
+        {
+            fail("HKDF failed generator test " + 102);
+        }
+    }
+
+    public String getName()
+    {
+        return "HKDF";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new HKDFGeneratorTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/HashCommitmentTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/HashCommitmentTest.java
new file mode 100644
index 0000000..ed83c64
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/HashCommitmentTest.java
@@ -0,0 +1,152 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.Commitment;
+import org.bouncycastle.crypto.Committer;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.commitments.GeneralHashCommitter;
+import org.bouncycastle.crypto.commitments.HashCommitter;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class HashCommitmentTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "HashCommitmentTest";
+    }
+
+    public void performBasicTest()
+        throws Exception
+    {
+        byte[] data = Hex.decode("4e6f77206973207468652074696d6520666f7220616c6c20");
+
+        Committer committer = new HashCommitter(new SHA256Digest(), new SecureRandom());
+
+        Commitment c = committer.commit(data);
+
+        committer = new HashCommitter(new SHA256Digest(), new SecureRandom());
+
+        if (!committer.isRevealed(c, data))
+        {
+            fail("commitment failed to validate");
+        }
+
+        committer = new HashCommitter(new SHA1Digest(), new SecureRandom());
+
+        if (committer.isRevealed(c, data))
+        {
+            fail("commitment validated!!");
+        }
+
+        try
+        {
+            committer.isRevealed(c, new byte[data.length + 1]);
+        }
+        catch (Exception e)
+        {
+            if (!e.getMessage().equals("Message and witness secret lengths do not match."))
+            {
+                fail("exception thrown but wrong message");
+            }
+        }
+
+        // SHA1 has a block size of 512 bits, try a message that's too big
+
+        try
+        {
+            c = committer.commit(new byte[33]);
+        }
+        catch (DataLengthException e)
+        {
+            if (!e.getMessage().equals("Message to be committed to too large for digest."))
+            {
+                fail("exception thrown but wrong message");
+            }
+        }
+    }
+
+    public void performGeneralTest()
+        throws Exception
+    {
+        byte[] data = Hex.decode("4e6f77206973207468652074696d6520666f7220616c6c20");
+
+        Committer committer = new GeneralHashCommitter(new SHA256Digest(), new SecureRandom());
+
+        Commitment c = committer.commit(data);
+
+        committer = new GeneralHashCommitter(new SHA256Digest(), new SecureRandom());
+
+        if (!committer.isRevealed(c, data))
+        {
+            fail("general commitment failed to validate");
+        }
+
+        committer = new GeneralHashCommitter(new SHA1Digest(), new SecureRandom());
+
+        if (committer.isRevealed(c, data))
+        {
+            fail("general commitment validated!!");
+        }
+
+        c = committer.commit(data);
+
+        // try and fool it.
+        byte[] s = c.getSecret();
+        byte[] newS = Arrays.copyOfRange(s, 0, s.length - 1);
+        byte[] newData = new byte[data.length + 1];
+
+        newData[0] = s[s.length - 1];
+        System.arraycopy(data, 0, newData, 1, data.length);
+
+        c = new Commitment(newS, c.getCommitment());
+
+        if (committer.isRevealed(c, newData))
+        {
+            fail("general commitment validated!!");
+        }
+
+        try
+        {
+            committer.isRevealed(c, new byte[data.length + 1]);
+        }
+        catch (Exception e)
+        {
+            if (!e.getMessage().equals("Message and witness secret lengths do not match."))
+            {
+                fail("exception thrown but wrong message");
+            }
+        }
+
+        // SHA1 has a block size of 512 bits, try a message that's too big
+
+        try
+        {
+            c = committer.commit(new byte[33]);
+        }
+        catch (DataLengthException e)
+        {
+            if (!e.getMessage().equals("Message to be committed to too large for digest."))
+            {
+                fail("exception thrown but wrong message");
+            }
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        performBasicTest();
+        performGeneralTest();
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new HashCommitmentTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/IDEATest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/IDEATest.java
new file mode 100644
index 0000000..64c673e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/IDEATest.java
@@ -0,0 +1,38 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.IDEAEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ */
+public class IDEATest
+    extends CipherTest
+{
+    static SimpleTest[] tests =
+            {
+                new BlockCipherVectorTest(0, new IDEAEngine(),
+                        new KeyParameter(Hex.decode("00112233445566778899AABBCCDDEEFF")),
+                        "000102030405060708090a0b0c0d0e0f", "ed732271a7b39f475b4b2b6719f194bf"),
+                new BlockCipherVectorTest(0, new IDEAEngine(),
+                        new KeyParameter(Hex.decode("00112233445566778899AABBCCDDEEFF")),
+                        "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "b8bc6ed5c899265d2bcfad1fc6d4287d")
+            };
+
+    IDEATest()
+    {
+        super(tests, new IDEAEngine(), new KeyParameter(new byte[32]));
+    }
+
+    public String getName()
+    {
+        return "IDEA";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new IDEATest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ISAACTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ISAACTest.java
new file mode 100644
index 0000000..02319a3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ISAACTest.java
@@ -0,0 +1,180 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.ISAACEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * ISAAC Test - see http://www.burtleburtle.net/bob/rand/isaacafa.html
+ */
+public class ISAACTest
+    extends SimpleTest
+{
+    byte[] out = Hex.decode(
+        "f650e4c8e448e96d98db2fb4f5fad54f433f1afbedec154ad837048746ca4f9a" +
+        "5de3743e88381097f1d444eb823cedb66a83e1e04a5f6355c744243325890e2e" +
+        "7452e31957161df638a824f3002ed71329f5544951c08d83d78cb99ea0cc74f3" +
+        "8f651659cbc8b7c2f5f71c6912ad6419e5792e1b860536b809b3ce98d45d6d81" +
+        "f3b2612917e38f8529cf72ce349947b0c998f9ffb5e13dae32ae2a2bf7cf814c" +
+        "8ebfa303cf22e0640b923200eca4d58aef53cec4d0f7b37d9c411a2affdf8a80" +
+        "b40e27bcb4d2f97644b89b08f37c71d51a70e7e90bdb9c3060dc5207b3c3f24b" +
+        "d7386806229749b54e232cd091dabc65a70e11018b87437e5781414fcdbc62e2" +
+        "8107c9ff69d2e4ae3b18e752b143b6886f4e077295138769943c3c74afc17a97" +
+        "0fd439636a529b0bd8c58a6aa8bcc22d2db35dfea7a2f4026cb167db538e1f4e" +
+        "7275e2771d3b8e97ecc5dc9115e3a5b90369661430ab93ecac9fe69d7bc76811" +
+        "60eda8da28833522d5295ebc5adb60e7f7e1cdd097166d14b67ec13a210f3925" +
+        "64af0fef0d0286843aea3decb058bafbb8b0ccfcf2b5cc05e3a662d9814bc24c" +
+        "2364a1aa37c0ed052b36505c451e7ec85d2a542fe43d0fbb91c8d92560d4d5f8" +
+        "12a0594b9e8a51dacd49ebdb1b0dcdc1cd57c7f7e63444517ded386f2f36fa86" +
+        "a6d1210133bc405db388d96cdb6dbe96fe29661c13edc0cbcb0eee4a70cc94ae" +
+        "de11ed340606cf9f3a6ce38923d74f4ea37f63ff917bdec2d73f72d40e7e0e67" +
+        "3d77d9a213add9228891b3db01a9bd7056a001e3d51f093dcc033ce35ad0d3b0" +
+        "34105a8c6a123f57bd2e50247364944be89b1a3b21835c4d9f39e2d9d405ded8" +
+        "294d37e5bccaaeed35a124b56708a2bcb00960ba2a98121a4d8fae820bb3263f" +
+        "12595a196a1075890809e49421c171ec884d682514c8009bb0b84e7b03fb88f4" +
+        "28e7cb789388b13bdd2dc1d5848f520a07c28cd168a3935872c9137d127dd430" +
+        "c613f1578c2f0d55f7d3f39f309bfb788406b13746c0a6f53718d59708607f04" +
+        "76904b6d04db4e13cd7411a7b510ce0ebfc7f7ccb83f957afdfef62dc35e4580" +
+        "3ff1e5244112d96c02c9b944d5990dfbe7e265810d9c7e7e826dfa8966f1e0ab" +
+        "30bcc764eadebeaced35e5ee0c571a7de4f3a26af7f58f7badf6bc235d023e65" +
+        "1ed3ff4eec46b0b6d2a93b51e75b41c97e315aeb61119a5a53245b7933f6d7b1" +
+        "cae8deba50fc8194afa92a6dc87c80064188bfcd8bace62e78ffa5685597ec0f" +
+        "b4415f7d08294766ad56764309c36f903dde9f394a0a283c18080c8e080c79ec" +
+        "79ae4c10cb9e15637cdd662f62d31911a4ca0cf15cf824cd3b708f991e16614c" +
+        "b6b9d7665de87abb7229ea81d5b2d75056e6cd21fe1e42d596da2655c2b9aa36" +
+        "b8f6fd4a6a158d1001913fd3af7d1fb80b5e435f90c107576554abda7a68710f" +
+        "82ac484fd7e1c7be95c85eaa94a302f44d3cfbda786b29081010b27582d53d12" +
+        "21e2a51c3d1e9150b059261dd0638e1a31860f0581f2864dff4cfc350451516d" +
+        "bd086f26bc5654c165dfa427a82427f5582e3014b8d2486dc79a17499a1d7745" +
+        "8766bb541e04a7f73d3dff8ad5ec6bf4dbef7d9f36ec0ea31feb2e4f15cfcc5c" +
+        "d8c423fbd0ef3cc9eb244925ba5590c8a5f48ac433c5321c613b67b2479c3a22" +
+        "e21339cc10d210aa931dd7e2ef05ee06b82f2703a385cb2c5d67133c877eb7b4" +
+        "1e3437f75afb43ae53c078f394d904811d96458908063a85e13222281956b1e5" +
+        "31860f132e7b022f21182ca396f703ac46819e2e0d28fe523724d4dca0eabe6b" +
+        "c66699fdc6112fdd19c1e69c04d3658a4b55dd9931907d62f854b5224d678f26" +
+        "22ae0582eafed133e4a51d2184bd6dd6c1a513753f28ee63fb737b1a70a1660e" +
+        "8a8dfaa31be79937f7476978513c1764531ac6bf12c06908001cdb951a4b6a53" +
+        "d067fce512b2cfb69ddb477f740e006639ddf25acc8bfa2df1b20eaf64f2632c" +
+        "9783cdee63bfd4d80084cfe575f4e9e219b48fd06c48ddd87a36af9371865c4c" +
+        "9ce0199d867027d72cb7b77f84ef01da72f5972f040f7074df9afa29c921f94e" +
+        "75c08a3618c1ef9ad649a428c5b719378a30738ad97cd348858129a6239e3b0a" +
+        "bbb8abc480fac4c2ecfcf20bd9d711f9e2a4ef71b5fe87c0be8b06b2aafef5a7" +
+        "9c15db3b0aeb81654389a84a253b1d7a19047c797cdc78a2d20adf0356f55a71" +
+        "3e730fa8fd8650d8959e234eb7546681dad1b22a142a6e858ef4bce668235b9d" +
+        "85a13f8574096ae7a949bea229322d0dd568385882846526403dae086dd1943a" +
+        "e1279bff9e7e4f041c3a4524484525e481d4cc5fe24124c0037464c0bf1bd691" +
+        "26ceb003275ead3ac5bde90826414ff3a30519add7b43abe2ce5d3d588412761" +
+        "97ca2070e5fbb9c7276df0b4308f751f37a97df6c9cd808cfe4cb3803d469303" +
+        "aee19096c0d5d42a4e823ad3f5f9cc3b4286619c9ca45e1c66c97340891aec49" +
+        "45bae606c798f04752649d6cce86fdfc80c6e402d6ec2f2b27c822821fe26ce0" +
+        "92f57ea7de462f4d07497cae5a48755c721502dd6cbe7935836d80039ead7f70" +
+        "9ab3a42f4c8652d632e39273e8fa38601da4f25a0cd6ef8102503f7d8854a0a1" +
+        "9a30c4e88815715305efe29457c4c9252887d96fc1a71e3ce9f841632d0985de" +
+        "d21e796c6fb5ce5602614abfc3c7be2cb54fed6fa617a083c3142d8f6079e4ce" +
+        "ceffc1471d0cb81bdc153e5fe36ef5bbd531161a165b10157aa114ed3f7579b3" +
+        "f7f395f1bc6172c7a86f875e0e6c51b3cdfec2af73c0e762824c2009c5a87748" +
+        "94d401258aba3ffbd32be0608c17eff021e2547e07cffad905340e15f3310c92" +
+        "9d8d190886ba527ff943f672ef73fbf046d95ca5c54cd95b9d855e894bb5af29");
+
+        byte[] outFFFFFFFF = Hex.decode(
+            "de3b3f3c19e0629c1fc8b7836695d523e7804edd86ff7ce9b106f52caebae9d9" +
+            "72f845d49ce17d7da44e49bae954aac0d0b1284b98a88eec1524fb6bc91a16b5" +
+            "1192ac5334131446ac2442de9ff3d5867b9b9148881ee30a6e87dd88e5d1f7cd" +
+            "98db31ff36f70d9850cfefaef42abb00ecc39ed308bf4b8030cdc2b6b7e42f0e" +
+            "908030dd282f96edacc888b3a986e109c129998f89baa1b5da8970b07a6ab012" +
+            "f10264f23c315c9c8e0c164955c68517b6a4f982b2626db70787f869ac6d551b" +
+            "e34931627c7058e965c502e18d2cd370e6db3b70d947d61aa9717cf8394f48c6" +
+            "3c796f3a154950846badb28b70d982f29bc670254e3e5e0f8e36b0a5f6da0a04" +
+            "6b235ed6a42988c012bde74d879fa8eb5d59f5f40ed5e76601c9847b3edb2690");
+
+        byte[] outFFFF0000 = Hex.decode(
+            "26c54b1f8c4e3fc582e9e8180f7aba5380463dcf58b03cbeda0ecc8ba90ccff8" +
+            "5bd50896313d7efed44015faeac6964b241a7fb8a2e37127a7cbea0fd7c020f2" +
+            "406371b87ef5185089504751e5e44352eff63e00e5c28f5dff0616a9a3a00f1f" +
+            "4a1350e3a17be9abddfc2c94571450a0dc4c3c0c7c7f98e80c95f607d50c676a" +
+            "9a3006f9d279a79a4d66b2ab0c52930c9ee84bc09895e70fa041b1a3a2966f11" +
+            "6a47fd09705124b1f5c7ae055e54536e66584b1608f3612d81b72f109a385831" +
+            "121945b207b90ac72437a248f27a121c2801f4153a8699fb047e193f7ba69e1b" +
+            "b117869675d4c963e6070c2ca3d332ce830cb5e3d9ed2eee7faf0acc20fbe154" +
+            "188ae789e95bd5c1f459dbd150aab6eb833170257084bc5d44e9df09f5624f9d" +
+            "afecd0c9340ac8587f8625d343f7efd1cc8abcf7a6f90eabd4e8e2d906278d6e" +
+            "431fcade165c8c467887fbf5c26d341557b064b98c60dd40ab262dc046d69647" +
+            "56f3ddc1a07ae5f87be878b9334fcde40add68d2ca1dc05fb1670f998c7c4607" +
+            "9a6e48bdb330ad8d30b61b5cc8dc156f5733905931949783f89ac396b65aa4b8" +
+            "51f746b53ed8ea66130e1d75e8eab136e60450e3e600226bc8e17d03744ce94c" +
+            "0eec9234fea5f18eef65d81f2f10cfbc0b112b8cde17c32eb33ed81d7356eac3" +
+            "eb1cb9cefa6604c2d707949b6e5a83e60705bf6aae76dcc7d35d68ff149c1ac5" +
+            "424bb4a39e2f496f886637fce3db4ba4ad12c1a32d25e1606f6635ff636486f6" +
+            "714997b45477f38813c02afce4bebf196b813332f0decd567c745f441e736364");
+
+       byte[] out0000FFFF = Hex.decode(
+        "bc31712f2a2f467a5abc737c57ce0f8d49d2f775eb850fc8f856daf19310fee2"+
+        "5bab40e78403c9ef4ccd971418992faf4e85ca643fa6b482f30c4659066158a6"+
+        "5bc3e620ba7ea5c34dd0eac5aabb2cf078d915fd1f8c437ed00423076c10f701"+
+        "eefa7fc7c461aca5db8a87be29d925c4212d4adcfa71ff5b06af15c048aa0dfd"+
+        "f0e645bc09fea200c430a88eb38c466ff358b836f1159656a078f6fc752f6db1"+
+        "6680bb30fc771a6a785bbb2298e947d7b3500e557775962248bedf4e82c16e66"+
+        "f39283ccb95e5399061056a11c4a280f00f7487888199487905273c7aa13012b"+
+        "4849eca626cbf071c782e084f9fded57de92313e5f61a6e81117fb1115eff275"+
+        "66fd5c755bb3b01bba69aeb8f1b1b1cc9709734be31b35bc707d372ba6fe70d1"+
+        "e2c3b0e5e74a7058faff6b11d3a168f19fecc9fcb36b3e6a5f828c01c22ac0c2"+
+        "5da2a3a9eec7e0ebbbf51472e430ed4cf1c7ab57ef9aea511e40250846d260b6"+
+        "17a3fdeba16cf4afaf700144d3296b58b22a3c79ed96f3e2fc8d9e3c660ae153"+
+        "8e0c285ccdc48b59117e80413bd0ad24c6a8d4f133fe1496f14351bb89904fa5"+
+        "e10c4b8d50e0604578389c336a9ab3d292beb90ce640fc028e697cf54e021e2f"+
+        "c0ca3fe0471fde5e5462f221739a74f5a13ae0621fe2a82e752bc294f63de48d"+
+        "e85430af71307a30441b861ab5380e6a6dbe1251c9baa567da14e38e5a0ccddf"+
+        "0127205c38fc3b77065e98101d219246103438d223ec7f8f533d4bb3a3d3407a"+
+        "944910f11e8e5492e86de7a0471250eca32f0838b3db02fffe71898712af3261");
+
+    public String getName()
+    {
+        return "ISAAC";
+    }
+
+    public void performTest()
+    {
+        ISAACEngine engine = new ISAACEngine();
+
+        doTest(engine, Hex.decode("00000000"), out);
+        doTest(engine, Hex.decode("ffffffff"), outFFFFFFFF);
+
+        byte[] k = new byte[256 * 4];
+        for (int i = 0; i != k.length; i++)
+        {
+            k[i] = (byte)((i % 4 == 0 || i % 4 == 1) ? 0xff : 0x00);
+        }
+        doTest(engine, k, outFFFF0000);
+        k = new byte[256 * 4];
+        for (int i = 0; i != k.length; i++)
+        {
+            k[i] = (byte)((i % 4 == 2 || i % 4 == 3) ? 0xff : 0x00);
+        }
+        doTest(engine, k, out0000FFFF);
+    }
+
+    private void doTest(ISAACEngine engine, byte[] key, byte[] output)
+    {
+        byte[] in = new byte[output.length];
+        byte[] enc = new byte[output.length];
+        engine.init(true, new KeyParameter(key));
+        engine.processBytes(in, 0, in.length, enc, 0);
+        if (!areEqual(enc, output))
+        {
+            fail("ciphertext mismatch");
+        }
+        engine.init(false, new KeyParameter(key));
+        engine.processBytes(enc, 0, enc.length, enc, 0);
+        if (!areEqual(enc, in))
+        {
+            fail("plaintext mismatch");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ISAACTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ISO9796Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ISO9796Test.java
new file mode 100644
index 0000000..88d41aa
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ISO9796Test.java
@@ -0,0 +1,972 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricBlockCipher;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.RIPEMD128Digest;
+import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
+import org.bouncycastle.crypto.engines.RSABlindedEngine;
+import org.bouncycastle.crypto.engines.RSAEngine;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithSalt;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.signers.ISO9796d2PSSSigner;
+import org.bouncycastle.crypto.signers.ISO9796d2Signer;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * test vectors from ISO 9796-1 and ISO 9796-2 edition 1.
+ */
+public class ISO9796Test
+    extends SimpleTest
+{
+    static BigInteger mod1 = new BigInteger("0100000000000000000000000000000000bba2d15dbb303c8a21c5ebbcbae52b7125087920dd7cdf358ea119fd66fb064012ec8ce692f0a0b8e8321b041acd40b7", 16);
+
+    static BigInteger pub1 = new BigInteger("03", 16);
+
+    static BigInteger pri1 = new BigInteger("2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaac9f0783a49dd5f6c5af651f4c9d0dc9281c96a3f16a85f9572d7cc3f2d0f25a9dbf1149e4cdc32273faadd3fda5dcda7", 16);
+
+    static BigInteger mod2 = new BigInteger("ffffff7fa27087c35ebead78412d2bdffe0301edd494df13458974ea89b364708f7d0f5a00a50779ddf9f7d4cb80b8891324da251a860c4ec9ef288104b3858d", 16);
+
+    static BigInteger pub2 = new BigInteger("03", 16);
+
+    static BigInteger pri2 = new BigInteger("2aaaaa9545bd6bf5e51fc7940adcdca5550080524e18cfd88b96e8d1c19de6121b13fac0eb0495d47928e047724d91d1740f6968457ce53ec8e24c9362ce84b5", 16);
+
+    static byte msg1[] = Hex.decode("0cbbaa99887766554433221100");
+
+    //
+    // you'll need to see the ISO 9796 to make sense of this
+    //
+    static byte sig1[] = mod1.subtract(new BigInteger("309f873d8ded8379490f6097eaafdabc137d3ebfd8f25ab5f138d56a719cdc526bdd022ea65dabab920a81013a85d092e04d3e421caab717c90d89ea45a8d23a", 16)).toByteArray();
+
+    static byte msg2[] = Hex.decode("fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210");
+
+    static byte sig2[] = new BigInteger("319bb9becb49f3ed1bca26d0fcf09b0b0a508e4d0bd43b350f959b72cd25b3af47d608fdcd248eada74fbe19990dbeb9bf0da4b4e1200243a14e5cab3f7e610c", 16).toByteArray();
+
+    static byte msg3[] = Hex.decode("0112233445566778899aabbccd");
+
+    static byte sig3[] = mod2.subtract(new BigInteger("58e59ffb4b1fb1bcdbf8d1fe9afa3730c78a318a1134f5791b7313d480ff07ac319b068edf8f212945cb09cf33df30ace54f4a063fcca0b732f4b662dc4e2454", 16)).toByteArray();
+
+    //
+    // ISO 9796-2
+    //
+    static BigInteger mod3 = new BigInteger("ffffffff78f6c55506c59785e871211ee120b0b5dd644aa796d82413a47b24573f1be5745b5cd9950f6b389b52350d4e01e90009669a8720bf265a2865994190a661dea3c7828e2e7ca1b19651adc2d5", 16);
+
+    static BigInteger pub3 = new BigInteger("03", 16);
+
+    static BigInteger pri3 = new BigInteger("2aaaaaaa942920e38120ee965168302fd0301d73a4e60c7143ceb0adf0bf30b9352f50e8b9e4ceedd65343b2179005b2f099915e4b0c37e41314bb0821ad8330d23cba7f589e0f129b04c46b67dfce9d", 16);
+
+    static BigInteger mod4 = new BigInteger("FFFFFFFF45f1903ebb83d4d363f70dc647b839f2a84e119b8830b2dec424a1ce0c9fd667966b81407e89278283f27ca8857d40979407fc6da4cc8a20ecb4b8913b5813332409bc1f391a94c9c328dfe46695daf922259174544e2bfbe45cc5cd", 16);
+    static BigInteger pub4 = new BigInteger("02", 16);
+    static BigInteger pri4 = new BigInteger("1fffffffe8be3207d7707a9a6c7ee1b8c8f7073e5509c2337106165bd8849439c193faccf2cd70280fd124f0507e4f94cb66447680c6b87b6599d1b61c8f3600854a618262e9c1cb1438e485e47437be036d94b906087a61ee74ab0d9a1accd8", 16);
+
+    static byte msg4[] = Hex.decode("6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071");
+    static byte sig4[] = Hex.decode("374695b7ee8b273925b4656cc2e008d41463996534aa5aa5afe72a52ffd84e118085f8558f36631471d043ad342de268b94b080bee18a068c10965f581e7f32899ad378835477064abed8ef3bd530fce");
+
+    static byte msg5[] = Hex.decode("fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210");
+    static byte sig5[] = Hex.decode("5cf9a01854dbacaec83aae8efc563d74538192e95466babacd361d7c86000fe42dcb4581e48e4feb862d04698da9203b1803b262105104d510b365ee9c660857ba1c001aa57abfd1c8de92e47c275cae");
+
+    //
+    // scheme 2 data
+    //
+    static BigInteger mod6 = new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16);
+    static BigInteger pub6 = new BigInteger("11", 16);
+    static BigInteger pri6 = new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16);
+
+    static byte sig6[] = new BigInteger("0073FEAF13EB12914A43FE635022BB4AB8188A8F3ABD8D8A9E4AD6C355EE920359C7F237AE36B1212FE947F676C68FE362247D27D1F298CA9302EB21F4A64C26CE44471EF8C0DFE1A54606F0BA8E63E87CDACA993BFA62973B567473B4D38FAE73AB228600934A9CC1D3263E632E21FD52D2B95C5F7023DA63DE9509C01F6C7BBC", 16).modPow(pri6, mod6).toByteArray();
+
+    static byte msg7[] = Hex.decode("6162636462636465636465666465666765666768666768696768696A68696A6B696A6B6C6A6B6C6D6B6C6D6E6C6D6E6F6D6E6F706E6F70716F70717270717273");
+    static byte sig7[] = new BigInteger("296B06224010E1EC230D4560A5F88F03550AAFCE31C805CE81E811E5E53E5F71AE64FC2A2A486B193E87972D90C54B807A862F21A21919A43ECF067240A8C8C641DE8DCDF1942CF790D136728FFC0D98FB906E7939C1EC0E64C0E067F0A7443D6170E411DF91F797D1FFD74009C4638462E69D5923E7433AEC028B9A90E633CC", 16).modPow(pri6, mod6).toByteArray();
+
+    static byte msg8[] = Hex.decode("FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA98");
+    static byte sig8[] = new BigInteger("01402B29ABA104079677CE7FC3D5A84DB24494D6F9508B4596484F5B3CC7E8AFCC4DDE7081F21CAE9D4F94D6D2CCCB43FCEDA0988FFD4EF2EAE72CFDEB4A2638F0A34A0C49664CD9DB723315759D758836C8BA26AC4348B66958AC94AE0B5A75195B57ABFB9971E21337A4B517F2E820B81F26BCE7C66F48A2DB12A8F3D731CC", 16).modPow(pri6, mod6).toByteArray();
+
+    static byte msg9[] = Hex.decode("6162636462636465636465666465666765666768666768696768696A68696A6B696A6B6C6A6B6C6D6B6C6D6E6C6D6E6F6D6E6F706E6F70716F707172707172737172737472737475737475767475767775767778767778797778797A78797A61797A61627A6162636162636462636465");
+    static byte sig9[] = new BigInteger("6F2BB97571FE2EF205B66000E9DD06656655C1977F374E8666D636556A5FEEEEAF645555B25F45567C4EE5341F96FED86508C90A9E3F11B26E8D496139ED3E55ECE42860A6FB3A0817DAFBF13019D93E1D382DA07264FE99D9797D2F0B7779357CA7E74EE440D8855B7DDF15F000AC58EE3FFF144845E771907C0C83324A6FBC", 16).modPow(pri6, mod6).toByteArray();
+
+    public String getName()
+    {
+        return "ISO9796";
+    }
+
+    private boolean isSameAs(
+        byte[] a,
+        int off,
+        byte[] b)
+    {
+        if ((a.length - off) != b.length)
+        {
+            return false;
+        }
+
+        for (int i = 0; i != b.length; i++)
+        {
+            if (a[i + off] != b[i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private boolean startsWith(
+        byte[] a,
+        byte[] b)
+    {
+        if (a.length < b.length)
+        {
+            return false;
+        }
+
+        for (int i = 0; i != b.length; i++)
+        {
+            if (a[i] != b[i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private void doTest1()
+        throws Exception
+    {
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod1, pub1);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod1, pri1);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-1 - public encrypt, private decrypt
+        //
+        ISO9796d1Encoding eng = new ISO9796d1Encoding(rsa);
+
+        eng.init(true, privParameters);
+
+        eng.setPadBits(4);
+
+        data = eng.processBlock(msg1, 0, msg1.length);
+
+        eng.init(false, pubParameters);
+
+        if (!areEqual(sig1, data))
+        {
+            fail("failed ISO9796-1 generation Test 1");
+        }
+
+        data = eng.processBlock(data, 0, data.length);
+
+        if (!areEqual(msg1, data))
+        {
+            fail("failed ISO9796-1 retrieve Test 1");
+        }
+    }
+
+    private void doTest2()
+        throws Exception
+    {
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod1, pub1);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod1, pri1);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-1 - public encrypt, private decrypt
+        //
+        ISO9796d1Encoding eng = new ISO9796d1Encoding(rsa);
+
+        eng.init(true, privParameters);
+
+        data = eng.processBlock(msg2, 0, msg2.length);
+
+        eng.init(false, pubParameters);
+
+        if (!isSameAs(data, 1, sig2))
+        {
+            fail("failed ISO9796-1 generation Test 2");
+        }
+
+        data = eng.processBlock(data, 0, data.length);
+
+
+        if (!areEqual(msg2, data))
+        {
+            fail("failed ISO9796-1 retrieve Test 2");
+        }
+    }
+
+    public void doTest3()
+        throws Exception
+    {
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod2, pub2);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod2, pri2);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-1 - public encrypt, private decrypt
+        //
+        ISO9796d1Encoding eng = new ISO9796d1Encoding(rsa);
+
+        eng.init(true, privParameters);
+
+        eng.setPadBits(4);
+
+        data = eng.processBlock(msg3, 0, msg3.length);
+
+        eng.init(false, pubParameters);
+
+        if (!isSameAs(sig3, 1, data))
+        {
+            fail("failed ISO9796-1 generation Test 3");
+        }
+
+        data = eng.processBlock(data, 0, data.length);
+
+        if (!isSameAs(msg3, 0, data))
+        {
+            fail("failed ISO9796-1 retrieve Test 3");
+        }
+    }
+
+    public void doTest4()
+        throws Exception
+    {
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod3, pub3);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod3, pri3);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-2 - Signing
+        //
+        ISO9796d2Signer eng = new ISO9796d2Signer(rsa, new RIPEMD128Digest());
+
+        eng.init(true, privParameters);
+
+        eng.update(msg4[0]);
+        eng.update(msg4, 1, msg4.length - 1);
+
+        data = eng.generateSignature();
+
+        eng.init(false, pubParameters);
+
+        if (!isSameAs(sig4, 0, data))
+        {
+            fail("failed ISO9796-2 generation Test 4");
+        }
+
+        eng.update(msg4[0]);
+        eng.update(msg4, 1, msg4.length - 1);
+
+        if (!eng.verifySignature(sig4))
+        {
+            fail("failed ISO9796-2 verify Test 4");
+        }
+
+        if (eng.hasFullMessage())
+        {
+            eng = new ISO9796d2Signer(rsa, new RIPEMD128Digest());
+
+            eng.init(false, pubParameters);
+
+            if (!eng.verifySignature(sig4))
+            {
+                fail("failed ISO9796-2 verify and recover Test 4");
+            }
+
+            if (!isSameAs(eng.getRecoveredMessage(), 0, msg4))
+            {
+                fail("failed ISO9796-2 recovered message Test 4");
+            }
+
+            // try update with recovered
+            eng.updateWithRecoveredMessage(sig4);
+
+            if (!isSameAs(eng.getRecoveredMessage(), 0, msg4))
+            {
+                fail("failed ISO9796-2 updateWithRecovered recovered message Test 4");
+            }
+
+            if (!eng.verifySignature(sig4))
+            {
+                fail("failed ISO9796-2 updateWithRecovered verify and recover Test 4");
+            }
+
+            if (!isSameAs(eng.getRecoveredMessage(), 0, msg4))
+            {
+                fail("failed ISO9796-2 updateWithRecovered recovered verify message Test 4");
+            }
+
+            // should fail
+            eng.updateWithRecoveredMessage(sig4);
+
+            eng.update(msg4, 0, msg4.length);
+
+            if (eng.verifySignature(sig4))
+            {
+                fail("failed ISO9796-2 updateWithRecovered verify and recover Test 4");
+            }
+        }
+        else
+        {
+            fail("full message flag false - Test 4");
+        }
+    }
+
+    public void doTest5()
+        throws Exception
+    {
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod3, pub3);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod3, pri3);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-2 - Signing
+        //
+        ISO9796d2Signer eng = new ISO9796d2Signer(rsa, new RIPEMD160Digest(), true);
+
+        eng.init(true, privParameters);
+
+        eng.update(msg5[0]);
+        eng.update(msg5, 1, msg5.length - 1);
+
+        data = eng.generateSignature();
+
+        eng.init(false, pubParameters);
+
+        if (!isSameAs(sig5, 0, data))
+        {
+            fail("failed ISO9796-2 generation Test 5");
+        }
+
+        eng.update(msg5[0]);
+        eng.update(msg5, 1, msg5.length - 1);
+
+        if (!eng.verifySignature(sig5))
+        {
+            fail("failed ISO9796-2 verify Test 5");
+        }
+
+        if (eng.hasFullMessage())
+        {
+            fail("fullMessage true - Test 5");
+        }
+
+        if (!startsWith(msg5, eng.getRecoveredMessage()))
+        {
+            fail("failed ISO9796-2 partial recovered message Test 5");
+        }
+
+        int length = eng.getRecoveredMessage().length;
+
+        if (length >= msg5.length)
+        {
+            fail("Test 5 recovered message too long");
+        }
+
+        eng = new ISO9796d2Signer(rsa, new RIPEMD160Digest(), true);
+
+        eng.init(false, pubParameters);
+
+        eng.updateWithRecoveredMessage(sig5);
+
+        if (!startsWith(msg5, eng.getRecoveredMessage()))
+        {
+            fail("failed ISO9796-2 updateWithRecovered partial recovered message Test 5");
+        }
+
+        if (eng.hasFullMessage())
+        {
+            fail("fullMessage updateWithRecovered true - Test 5");
+        }
+
+        for (int i = length; i != msg5.length; i++)
+        {
+            eng.update(msg5[i]);
+        }
+
+        if (!eng.verifySignature(sig5))
+        {
+            fail("failed ISO9796-2 verify Test 5");
+        }
+
+        if (eng.hasFullMessage())
+        {
+            fail("fullMessage updateWithRecovered true - Test 5");
+        }
+
+        // should fail
+        eng.updateWithRecoveredMessage(sig5);
+
+        eng.update(msg5, 0, msg5.length);
+
+        if (eng.verifySignature(sig5))
+        {
+            fail("failed ISO9796-2 updateWithRecovered verify fail Test 5");
+        }
+    }
+
+    //
+    // against a zero length string
+    //
+
+    public void doTest6()
+        throws Exception
+    {
+        byte[] salt = Hex.decode("61DF870C4890FE85D6E3DD87C3DCE3723F91DB49");
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod6, pub6);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod6, pri6);
+        ParametersWithSalt sigParameters = new ParametersWithSalt(privParameters, salt);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-2 - PSS Signing
+        //
+        ISO9796d2PSSSigner eng = new ISO9796d2PSSSigner(rsa, new RIPEMD160Digest(), 20, true);
+
+        eng.init(true, sigParameters);
+
+        data = eng.generateSignature();
+
+        eng.init(false, pubParameters);
+
+        if (!isSameAs(sig6, 1, data))
+        {
+            fail("failed ISO9796-2 generation Test 6");
+        }
+
+        if (!eng.verifySignature(data))
+        {
+            fail("failed ISO9796-2 verify Test 6");
+        }
+    }
+
+    public void doTest7()
+        throws Exception
+    {
+        byte[] salt = new byte[0];
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod6, pub6);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod6, pri6);
+        ParametersWithSalt sigParameters = new ParametersWithSalt(privParameters, salt);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-2 - PSS Signing
+        //
+        ISO9796d2PSSSigner eng = new ISO9796d2PSSSigner(rsa, new SHA1Digest(), 0, false);
+
+        eng.init(true, sigParameters);
+
+        eng.update(msg7[0]);
+        eng.update(msg7, 1, msg7.length - 1);
+
+        data = eng.generateSignature();
+
+        eng.init(false, pubParameters);
+
+        if (!isSameAs(sig7, 0, data))
+        {
+            fail("failed ISO9796-2 generation Test 7");
+        }
+
+        eng.update(msg7[0]);
+        eng.update(msg7, 1, msg7.length - 1);
+
+        if (!eng.verifySignature(sig7))
+        {
+            fail("failed ISO9796-2 verify Test 7");
+        }
+
+        if (!isSameAs(msg7, 0, eng.getRecoveredMessage()))
+        {
+            fail("failed ISO9796-2 recovery Test 7");
+        }
+    }
+
+    public void doTest8()
+        throws Exception
+    {
+        byte[] salt = Hex.decode("78E293203CBA1B7F92F05F4D171FF8CA3E738FF8");
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod6, pub6);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod6, pri6);
+        ParametersWithSalt sigParameters = new ParametersWithSalt(privParameters, salt);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-2 - PSS Signing
+        //
+        ISO9796d2PSSSigner eng = new ISO9796d2PSSSigner(rsa, new RIPEMD160Digest(), 20, false);
+
+        eng.init(true, sigParameters);
+
+        eng.update(msg8[0]);
+        eng.update(msg8, 1, msg8.length - 1);
+
+        data = eng.generateSignature();
+
+        eng.init(false, pubParameters);
+
+        if (!isSameAs(sig8, 0, data))
+        {
+            fail("failed ISO9796-2 generation Test 8");
+        }
+
+        eng.update(msg8[0]);
+        eng.update(msg8, 1, msg8.length - 1);
+
+        if (!eng.verifySignature(sig8))
+        {
+            fail("failed ISO9796-2 verify Test 8");
+        }
+    }
+
+    public void doTest9()
+        throws Exception
+    {
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod6, pub6);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod6, pri6);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-2 - PSS Signing
+        //
+        ISO9796d2PSSSigner eng = new ISO9796d2PSSSigner(rsa, new RIPEMD160Digest(), 0, true);
+
+        eng.init(true, privParameters);
+
+        eng.update(msg9[0]);
+        eng.update(msg9, 1, msg9.length - 1);
+
+        data = eng.generateSignature();
+
+        eng.init(false, pubParameters);
+
+        if (!isSameAs(sig9, 0, data))
+        {
+            fail("failed ISO9796-2 generation Test 9");
+        }
+
+        eng.update(msg9[0]);
+        eng.update(msg9, 1, msg9.length - 1);
+
+        if (!eng.verifySignature(sig9))
+        {
+            fail("failed ISO9796-2 verify Test 9");
+        }
+    }
+
+    public void doTest10()
+        throws Exception
+    {
+        BigInteger mod = new BigInteger("B3ABE6D91A4020920F8B3847764ECB34C4EB64151A96FDE7B614DC986C810FF2FD73575BDF8532C06004C8B4C8B64F700A50AEC68C0701ED10E8D211A4EA554D", 16);
+        BigInteger pubExp = new BigInteger("65537", 10);
+        BigInteger priExp = new BigInteger("AEE76AE4716F77C5782838F328327012C097BD67E5E892E75C1356E372CCF8EE1AA2D2CBDFB4DA19F703743F7C0BA42B2D69202BA7338C294D1F8B6A5771FF41", 16);
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod, pubExp);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod, priExp);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+
+        //
+        // ISO 9796-2 - PSS Signing
+        //
+        Digest dig = new SHA1Digest();
+        ISO9796d2PSSSigner eng = new ISO9796d2PSSSigner(rsa, dig, dig.getDigestSize());
+
+        //
+        // as the padding is random this test needs to repeat a few times to
+        // make sure
+        //
+        for (int i = 0; i != 500; i++)
+        {
+            eng.init(true, privParameters);
+
+            eng.update(msg9[0]);
+            eng.update(msg9, 1, msg9.length - 1);
+
+            data = eng.generateSignature();
+
+            eng.init(false, pubParameters);
+
+            eng.update(msg9[0]);
+            eng.update(msg9, 1, msg9.length - 1);
+
+            if (!eng.verifySignature(data))
+            {
+                fail("failed ISO9796-2 verify Test 10");
+            }
+        }
+    }
+
+    public void doTest11()
+        throws Exception
+    {
+        BigInteger mod = new BigInteger("B3ABE6D91A4020920F8B3847764ECB34C4EB64151A96FDE7B614DC986C810FF2FD73575BDF8532C06004C8B4C8B64F700A50AEC68C0701ED10E8D211A4EA554D", 16);
+        BigInteger pubExp = new BigInteger("65537", 10);
+        BigInteger priExp = new BigInteger("AEE76AE4716F77C5782838F328327012C097BD67E5E892E75C1356E372CCF8EE1AA2D2CBDFB4DA19F703743F7C0BA42B2D69202BA7338C294D1F8B6A5771FF41", 16);
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod, pubExp);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod, priExp);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+        byte[] m1 = {1, 2, 3, 4, 5, 6, 7, 8, 9};
+        byte[] m2 = {1, 2, 3, 4, 5, 6, 7, 8, 9, 0};
+        byte[] m3 = {1, 2, 3, 4, 5, 6, 7, 8};
+
+        //
+        // ISO 9796-2 - PSS Signing
+        //
+        Digest dig = new SHA1Digest();
+        ISO9796d2PSSSigner eng = new ISO9796d2PSSSigner(rsa, dig, dig.getDigestSize());
+
+        //
+        // check message bounds
+        //
+        eng.init(true, privParameters);
+
+        eng.update(m1, 0, m1.length);
+
+        data = eng.generateSignature();
+
+        eng.init(false, pubParameters);
+
+        eng.update(m2, 0, m2.length);
+
+        if (eng.verifySignature(data))
+        {
+            fail("failed ISO9796-2 m2 verify Test 11");
+        }
+
+        eng.init(false, pubParameters);
+
+        eng.update(m3, 0, m3.length);
+
+        if (eng.verifySignature(data))
+        {
+            fail("failed ISO9796-2 m3 verify Test 11");
+        }
+
+        eng.init(false, pubParameters);
+
+        eng.update(m1, 0, m1.length);
+
+        if (!eng.verifySignature(data))
+        {
+            fail("failed ISO9796-2 verify Test 11");
+        }
+    }
+
+    public void doTest12()
+        throws Exception
+    {
+        BigInteger mod = new BigInteger("B3ABE6D91A4020920F8B3847764ECB34C4EB64151A96FDE7B614DC986C810FF2FD73575BDF8532C06004C8B4C8B64F700A50AEC68C0701ED10E8D211A4EA554D", 16);
+        BigInteger pubExp = new BigInteger("65537", 10);
+        BigInteger priExp = new BigInteger("AEE76AE4716F77C5782838F328327012C097BD67E5E892E75C1356E372CCF8EE1AA2D2CBDFB4DA19F703743F7C0BA42B2D69202BA7338C294D1F8B6A5771FF41", 16);
+        RSAKeyParameters pubParameters = new RSAKeyParameters(false, mod, pubExp);
+        RSAKeyParameters privParameters = new RSAKeyParameters(true, mod, priExp);
+        RSAEngine rsa = new RSAEngine();
+        byte[] data;
+        byte[] m1 = {1, 2, 3, 4, 5, 6, 7, 8, 9};
+        byte[] m2 = {1, 2, 3, 4, 5, 6, 7, 8, 9, 0};
+        byte[] m3 = {1, 2, 3, 4, 5, 6, 7, 8};
+
+        //
+        // ISO 9796-2 - Signing
+        //
+        Digest dig = new SHA1Digest();
+        ISO9796d2Signer eng = new ISO9796d2Signer(rsa, dig);
+
+        //
+        // check message bounds
+        //
+        eng.init(true, privParameters);
+
+        eng.update(m1, 0, m1.length);
+
+        data = eng.generateSignature();
+
+        eng.init(false, pubParameters);
+
+        eng.update(m2, 0, m2.length);
+
+        if (eng.verifySignature(data))
+        {
+            fail("failed ISO9796-2 m2 verify Test 12");
+        }
+
+        eng.init(false, pubParameters);
+
+        eng.update(m3, 0, m3.length);
+
+        if (eng.verifySignature(data))
+        {
+            fail("failed ISO9796-2 m3 verify Test 12");
+        }
+
+        eng.init(false, pubParameters);
+
+        eng.update(m1, 0, m1.length);
+
+        if (!eng.verifySignature(data))
+        {
+            fail("failed ISO9796-2 verify Test 12");
+        }
+    }
+
+    private void doTest13()
+        throws Exception
+    {
+        BigInteger modulus = new BigInteger(1, Hex.decode("CDCBDABBF93BE8E8294E32B055256BBD0397735189BF75816341BB0D488D05D627991221DF7D59835C76A4BB4808ADEEB779E7794504E956ADC2A661B46904CDC71337DD29DDDD454124EF79CFDD7BC2C21952573CEFBA485CC38C6BD2428809B5A31A898A6B5648CAA4ED678D9743B589134B7187478996300EDBA16271A861"));
+        BigInteger pubExp = new BigInteger(1, Hex.decode("010001"));
+        BigInteger privExp = new BigInteger(1, Hex.decode("4BA6432AD42C74AA5AFCB6DF60FD57846CBC909489994ABD9C59FE439CC6D23D6DE2F3EA65B8335E796FD7904CA37C248367997257AFBD82B26F1A30525C447A236C65E6ADE43ECAAF7283584B2570FA07B340D9C9380D88EAACFFAEEFE7F472DBC9735C3FF3A3211E8A6BBFD94456B6A33C17A2C4EC18CE6335150548ED126D"));
+
+        RSAKeyParameters pubParams = new RSAKeyParameters(false, modulus, pubExp);
+        RSAKeyParameters privParams = new RSAKeyParameters(true, modulus, privExp);
+
+        AsymmetricBlockCipher rsaEngine = new RSABlindedEngine();
+        Digest digest = new SHA256Digest();
+
+        // set challenge to all zero's for verification
+        byte[] challenge = new byte[8];
+
+        // DOES NOT USE FINAL BOOLEAN TO INDICATE RECOVERY
+        ISO9796d2Signer signer = new ISO9796d2Signer(rsaEngine, digest, false);
+
+        // sign
+        signer.init(true, privParams);
+        signer.update(challenge, 0, challenge.length);
+
+        byte[]  sig = signer.generateSignature();
+
+        // verify
+        signer.init(false, pubParams);
+        signer.update(challenge, 0, challenge.length);
+
+        if (!signer.verifySignature(sig))
+        {
+            fail("basic verification failed");
+        }
+
+        // === LETS ACTUALLY DO SOME RECOVERY, USING INPUT FROM INTERNAL AUTHENTICATE ===
+
+        signer.reset();
+
+        final String args0 = "482E20D1EDDED34359C38F5E7C01203F9D6B2641CDCA5C404D49ADAEDE034C7481D781D043722587761C90468DE69C6585A1E8B9C322F90E1B580EEDAB3F6007D0C366CF92B4DB8B41C8314929DCE2BE889C0129123484D2FD3D12763D2EBFD12AC8E51D7061AFCA1A53DEDEC7B9A617472A78C952CCC72467AE008E5F132994";
+
+        digest = new SHA1Digest();
+
+        signer = new ISO9796d2Signer(rsaEngine, digest, true);
+
+
+        signer.init(false, pubParams);
+        final byte[] signature = Hex.decode(args0);
+        signer.updateWithRecoveredMessage(signature);
+        signer.update(challenge, 0, challenge.length);
+
+        if (!signer.verifySignature(signature))
+        {
+            fail("recovered + challenge signature failed");
+        }
+
+        // === FINALLY, USING SHA-256 ===
+
+        signer.reset();
+
+        digest = new SHA256Digest();
+
+        // NOTE setting implit to false does not actually do anything for verification !!!
+        signer = new ISO9796d2Signer(rsaEngine, digest, false);
+
+
+        signer.init(true, privParams);
+        // generate NONCE of correct length using some inner knowledge
+        int nonceLength = modulus.bitLength() / 8 - 1 - digest.getDigestSize() - 2;
+        final byte[] nonce = new byte[nonceLength];
+        SecureRandom rnd = new SecureRandom();
+
+        rnd.nextBytes(nonce);
+
+        signer.update(nonce, 0, nonce.length);
+        signer.update(challenge, 0, challenge.length);
+        byte[] sig3 = signer.generateSignature();
+
+        signer.init(false, pubParams);
+        signer.updateWithRecoveredMessage(sig3);
+        signer.update(challenge, 0, challenge.length);
+        if (signer.verifySignature(sig3))
+        {
+            if (signer.hasFullMessage())
+            {
+                fail("signer indicates full message");
+            }
+            byte[] recoverableMessage = signer.getRecoveredMessage();
+
+            // sanity check, normally the nonce is ignored in eMRTD specs (PKI Technical Report)
+            if (!Arrays.areEqual(nonce, recoverableMessage))
+            {
+                fail("Nonce compare with recoverable part of message failed");
+            }
+        }
+        else
+        {
+            fail("recoverable + nonce failed.");
+        }
+    }
+
+    private static final byte[] longMessage = Base64.decode(
+        "VVNIKzErU0U2ODAxNTMyOTcxOSsyKzErNisyKzErMTo6OTk5OTk5OTk5OTk5"
+      + "OTo6OSsyOjo3Nzc3Nzc3Nzc3Nzc3Ojo5Kys1OjIwMTMwNDA1OjExMzUyMCdV"
+      + "U0ErMTo6OjE2OjEnVVNDKzRmYjk3YzFhNDI5ZGIyZDYnVVNBKzY6MTY6MTox"
+      + "MDoxKzE0OjIwNDgrMTI6/vn3S0h96eNhfmPN6OZUxXhd815h0tP871Hl+V1r"
+      + "fHHUXvrPXmjHV0vdb8fYY1zxwvnQUcFBWXT43PFi7Xbow0/9e9l6/mhs1UJq"
+      + "VPvp+ELbeXfn4Nj02ttk0e3H5Hfa69NYRuHv1WBO6lfizNnM9m9XYmh9TOrg"
+      + "f9rDRtd+ZNbf4lz9fPTt9OXyxOJWRPr/0FLzxUVsddplfHxM3ndETFD7ffjI"
+      + "/mhRYuL8WXZ733LeWFRCeOzKzmDz/HvT3GZx/XJMbFpqyOZjedzh6vZr1vrD"
+      + "615TQfN7wtJJ29bN2Hvzb2f1xGHaXl7af0/w9dpR2dr7/HzuZEJKYc7JSkv4"
+      + "/k37yERIbcrfbVTeVtR+dcVoeeRT41fmzMfzf8RnWOX4YMNifl0rMTM68EFA"
+      + "QSdCR00rMzgwKzk5OTk5OTk5J0RUTSsxMzc6MjAxMzA0MDU6MTAyJ0ZUWCtB"
+      + "QUkrKytJTlZPSUNFIFRFU1QnUkZGK09OOjEyMzQ1NidSRkYrRFE6MjIyMjIy"
+      + "MjIyJ0RUTSsxNzE6MjAxMzA0MDE6MTAyJ05BRCtTVSs5OTk5OTk5OTk5OTk5"
+      + "Ojo5KytURVNUIFNVUFBMSUVSOjpUcmFzZSByZWdpc3RlciBYWFhYWFhYK1Rl"
+      + "c3QgYWRkcmVzcyBzdXBwbGllcitDaXR5KysxMjM0NStERSdSRkYrVkE6QTEy"
+      + "MzQ1Njc4J05BRCtTQ08rOTk5OTk5OTk5OTk5OTo6OSsrVEVTVCBTVVBQTElF"
+      + "Ujo6VHJhc2UgcmVnaXN0ZXIgWFhYWFhYWCtUZXN0IGFkZHJlc3Mgc3VwcGxp"
+      + "ZXIrQ2l0eSsrMTIzNDUrREUnUkZGK1ZBOkExMjM0NTY3OCdOQUQrQlkrODg4"
+      + "ODg4ODg4ODg4ODo6OSdOQUQrSVYrNzc3Nzc3Nzc3Nzc3Nzo6OSsrVEVTVCBC"
+      + "VVlFUitUZXN0IGFkZHJlc3MgYnV5ZXIrQ2l0eTIrKzU0MzIxK0RFJ1JGRitW"
+      + "QTpKODc2NTQzMjEnTkFEK0JDTys3Nzc3Nzc3Nzc3Nzc3Ojo5KytURVNUIEJV"
+      + "WUVSK1Rlc3QgYWRkcmVzcyBidXllcitDaXR5MisrNTQzMjErREUnUkZGK1ZB"
+      + "Oko4NzY1NDMyMSdOQUQrRFArODg4ODg4ODg4ODg4ODo6OSdOQUQrUFIrNzc3"
+      + "Nzc3Nzc3Nzc3Nzo6OSdDVVgrMjpFVVI6NCdQQVQrMzUnRFRNKzEzOjIwMTMw"
+      + "NjI0OjEwMidMSU4rMSsrMTExMTExMTExMTExMTpFTidQSUErMStBQUFBQUFB"
+      + "OlNBJ0lNRCtGK00rOjo6UFJPRFVDVCBURVNUIDEnUVRZKzQ3OjEwLjAwMCdN"
+      + "T0ErNjY6Ny4wMCdQUkkrQUFCOjEuMDAnUFJJK0FBQTowLjcwJ1JGRitPTjox"
+      + "MjM0NTYnUkZGK0RROjIyMjIyMjIyMidUQVgrNytWQVQrKys6OjoyMS4wMDAn"
+      + "QUxDK0ErKysxK1REJ1BDRCsxOjMwLjAwMCdNT0ErMjA0OjMuMDAnTElOKzIr"
+      + "KzIyMjIyMjIyMjIyMjI6RU4nUElBKzErQkJCQkJCQjpTQSdJTUQrRitNKzo6"
+      + "OlBST0RVQ1QgVEVTVCAyJ1FUWSs0NzoyMC4wMDAnTU9BKzY2OjgwLjAwJ1BS"
+      + "SStBQUI6NS4wMCdQUkkrQUFBOjQuMDAnUkZGK09OOjEyMzQ1NidSRkYrRFE6"
+      + "MjIyMjIyMjIyJ1RBWCs3K1ZBVCsrKzo6OjIxLjAwMCdBTEMrQSsrKzErVEQn"
+      + "UENEKzE6MjAuMDAwJ01PQSsyMDQ6MjAuMDAnVU5TK1MnQ05UKzI6MidNT0Er"
+      + "Nzk6ODcuMDAnTU9BKzEzOToxMDUuMjcnTU9BKzEyNTo4Ny4wMCdNT0ErMjYw"
+      + "OjAuMDAnTU9BKzI1OTowLjAwJ01PQSsxNzY6MTguMjcnVEFYKzcrVkFUKysr"
+      + "Ojo6MjEuMDAwJ01PQSsxNzY6MTguMjcnTU9BKzEyNTo4Ny4wMCc=");
+
+    private static final byte[] shortPartialSig = Base64.decode(
+        "sb8yyKk6HM1cJhICScMx7QRQunRyrZ1fbI42+T+TBGNjOknvzKuvG7aftGX7"
+      + "O/RXuYgk6LTxpXv7+O5noUhMBsR2PKaHveuylU1WSPmDxDCui3kp4frqVH0w"
+      + "8Vjpl5CsKqBsmKkbGCKE+smM0xFXhYxV8QUTB2XsWNCQiFiHPgwbpfWzZUNY"
+      + "QPWd0A99P64EuUIYz1tkkDnLFmwQ19/PJu1a8orIQInmkVYWSsBsZ/7Ks6lx"
+      + "nDHpAvgiRe+OXmJ/yuQy1O3FJYdyoqvjYRPBu3qYeBK9+9L3lExLilImH5aD"
+      + "nJznaXcO8QFOxVPbrF2s4GdPIMDonEyAHdrnzoghlg==");
+
+    private void doShortPartialTest()
+        throws Exception
+    {
+        byte[]     recovered = Hex.decode("5553482b312b534536383031353332393731392b322b312b362b322b312b313a3a393939393939393939393939393a3a392b323a3a373737373737373737373737373a3a392b2b353a32303133303430353a313133");
+        BigInteger exp = new BigInteger("10001", 16);
+        BigInteger mod = new BigInteger("b9b70b083da9e37e23cde8e654855db31e21d2d3fc11a5f91d2b3c311efa8f5e28c757dd6fc798631cb1b9d051c14119749cb122ad76e8c3fd7bd93abe282c026a14fba9f8023977a7a0d8b49a24d1ad87e4379a931846a1ef9520ea57e28c998cf65722683d0caaa0da8306973e2496a25cbd3cb4adb4b284e25604fabf12f385456c75da7c3c4cde37440cfb7db8c8fe6851e2bc59767b9f7218540238ac8acef3bc7bd3dc6671320c2c1a2ac8a6799ce1eaf62b9683ab1e1341b37b9249dbd6cd987b2f27b5c4619a1eda7f0fb0b59a519afbbc3cee640261cec90a4bb8fefbc844082dca9f549e56943e758579a453a357e6ccb37fc46718a5b8c3227e5d", 16);
+
+        AsymmetricKeyParameter pubKey = new RSAKeyParameters(false, mod, exp);
+
+        ISO9796d2PSSSigner pssSign = new ISO9796d2PSSSigner(new RSAEngine(), new SHA1Digest(), 20);
+
+        pssSign.init(false, pubKey);
+
+        pssSign.updateWithRecoveredMessage(shortPartialSig);
+
+        pssSign.update(longMessage, pssSign.getRecoveredMessage().length, longMessage.length - pssSign.getRecoveredMessage().length);
+
+        if (!pssSign.verifySignature(shortPartialSig))
+        {
+            fail("short partial PSS sig verification failed.");
+        }
+
+        byte[] mm = pssSign.getRecoveredMessage();
+
+        if (!Arrays.areEqual(recovered, mm))
+        {
+            fail("short partial PSS recovery failed");
+        }
+    }
+
+    private void doFullMessageTest()
+        throws Exception
+    {
+        BigInteger modulus = new BigInteger(1, Hex.decode("CDCBDABBF93BE8E8294E32B055256BBD0397735189BF75816341BB0D488D05D627991221DF7D59835C76A4BB4808ADEEB779E7794504E956ADC2A661B46904CDC71337DD29DDDD454124EF79CFDD7BC2C21952573CEFBA485CC38C6BD2428809B5A31A898A6B5648CAA4ED678D9743B589134B7187478996300EDBA16271A861"));
+        BigInteger pubExp = new BigInteger(1, Hex.decode("010001"));
+        BigInteger privExp = new BigInteger(1, Hex.decode("4BA6432AD42C74AA5AFCB6DF60FD57846CBC909489994ABD9C59FE439CC6D23D6DE2F3EA65B8335E796FD7904CA37C248367997257AFBD82B26F1A30525C447A236C65E6ADE43ECAAF7283584B2570FA07B340D9C9380D88EAACFFAEEFE7F472DBC9735C3FF3A3211E8A6BBFD94456B6A33C17A2C4EC18CE6335150548ED126D"));
+
+        RSAKeyParameters pubParams = new RSAKeyParameters(false, modulus, pubExp);
+        RSAKeyParameters privParams = new RSAKeyParameters(true, modulus, privExp);
+
+        AsymmetricBlockCipher rsaEngine = new RSABlindedEngine();
+
+        // set challenge to all zero's for verification
+        byte[] challenge = new byte[8];
+
+        ISO9796d2PSSSigner pssSign = new ISO9796d2PSSSigner(new RSAEngine(), new SHA256Digest(), 20, true);
+
+        pssSign.init(true, privParams);
+
+        pssSign.update(challenge, 0, challenge.length);
+
+        byte[] sig = pssSign.generateSignature();
+
+        pssSign.init(false, pubParams);
+
+        pssSign.updateWithRecoveredMessage(sig);
+
+        if (!pssSign.verifySignature(sig))
+        {
+            fail("challenge PSS sig verification failed.");
+        }
+
+        byte[] mm = pssSign.getRecoveredMessage();
+
+        if (!Arrays.areEqual(challenge, mm))
+        {
+            fail("challenge partial PSS recovery failed");
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        doTest1();
+        doTest2();
+        doTest3();
+        doTest4();
+        doTest5();
+        doTest6();
+        doTest7();
+        doTest8();
+        doTest9();
+        doTest10();
+        doTest11();
+        doTest12();
+        doTest13();
+        doShortPartialTest();
+        doFullMessageTest();
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new ISO9796Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ISO9797Alg3MacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ISO9797Alg3MacTest.java
new file mode 100644
index 0000000..96b5fc4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ISO9797Alg3MacTest.java
@@ -0,0 +1,126 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
+import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class ISO9797Alg3MacTest
+    extends SimpleTest
+{
+    static byte[] keyBytes = Hex.decode("7CA110454A1A6E570131D9619DC1376E");
+
+    static byte[] input1 = "Hello World !!!!".getBytes();
+
+    static byte[] output1 = Hex.decode("F09B856213BAB83B");
+
+    public ISO9797Alg3MacTest()
+    {
+    }
+
+    public void performTest()
+    {
+        KeyParameter key = new KeyParameter(keyBytes);
+        BlockCipher cipher = new DESEngine();
+        Mac mac = new ISO9797Alg3Mac(cipher);
+
+        //
+        // standard DAC - zero IV
+        //
+        mac.init(key);
+
+        mac.update(input1, 0, input1.length);
+
+        byte[] out = new byte[8];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output1))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output1)) + " got " + new String(Hex.encode(out)));
+        }
+
+        //
+        //  reset
+        //
+        mac.reset();
+
+        mac.init(key);
+
+        for (int i = 0; i != input1.length / 2; i++)
+        {
+            mac.update(input1[i]);
+        }
+
+        mac.update(input1, input1.length / 2, input1.length - (input1.length / 2));
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output1))
+        {
+            fail("Reset failed - expected " + new String(Hex.encode(output1)) + " got " + new String(Hex.encode(out)));
+        }
+
+        testMacWithIv();
+    }
+
+    private void testMacWithIv()
+    {
+        byte[] inputData = new byte[]{0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8};
+        byte[] key = new byte[]{0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8};
+        byte[] zeroIv = new byte[8];
+        byte[] nonZeroIv = new byte[]{0x5, 0x6, 0x7, 0x8, 0x1, 0x2, 0x3, 0x4};
+
+        KeyParameter simpleParameter = new KeyParameter(key);
+        ParametersWithIV zeroIvParameter = new ParametersWithIV(new KeyParameter(key), zeroIv);
+
+        ISO9797Alg3Mac mac1 = new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding());
+
+        // we calculate a reference MAC with a null IV
+        mac1.init(simpleParameter);
+        mac1.update(inputData, 0, inputData.length);
+        byte[] output1 = new byte[mac1.getMacSize()];
+        mac1.doFinal(output1, 0);
+
+        // we then check that passing a vector of 0s is the same as not using any IV
+        ISO9797Alg3Mac mac2 = new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding());
+        mac2.init(zeroIvParameter);
+        mac2.update(inputData, 0, inputData.length);
+        byte[] output2 = new byte[mac2.getMacSize()];
+        mac2.doFinal(output2, 0);
+        if (!Arrays.areEqual(output1, output2))
+        {
+            fail("zero IV test failed");
+        }
+
+        // and then check that a non zero IV parameter produces a different results.
+        ParametersWithIV nonZeroIvParameter = new ParametersWithIV(new KeyParameter(key), nonZeroIv);
+        mac2 = new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding());
+        mac2.init(nonZeroIvParameter);
+        mac2.update(inputData, 0, inputData.length);
+        output2 = new byte[mac2.getMacSize()];
+        mac2.doFinal(output2, 0);
+        if (Arrays.areEqual(output1, output2))
+        {
+            fail("non-zero IV test failed");
+        }
+    }
+
+    public String getName()
+    {
+        return "ISO9797Alg3Mac";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new ISO9797Alg3MacTest());
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/KDF1GeneratorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDF1GeneratorTest.java
new file mode 100644
index 0000000..62f9997
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDF1GeneratorTest.java
@@ -0,0 +1,93 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.DerivationFunction;
+import org.bouncycastle.crypto.digests.ShortenedDigest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.generators.KDF1BytesGenerator;
+import org.bouncycastle.crypto.params.ISO18033KDFParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * KDF1 tests - vectors from ISO 18033.
+ */
+public class KDF1GeneratorTest
+    extends SimpleTest
+{
+    private byte[] seed1 = Hex.decode("d6e168c5f256a2dcff7ef12facd390f393c7a88d");
+    private byte[] mask1 = Hex.decode(
+            "0742ba966813af75536bb6149cc44fc256fd6406df79665bc31dc5"
+          + "a62f70535e52c53015b9d37d412ff3c1193439599e1b628774c50d9c"
+          + "cb78d82c425e4521ee47b8c36a4bcffe8b8112a89312fc04420a39de"
+          + "99223890e74ce10378bc515a212b97b8a6447ba6a8870278");
+
+    private byte[] seed2 = Hex.decode(
+             "032e45326fa859a72ec235acff929b15d1372e30b207255f0611b8f785d7643741" 
+           + "52e0ac009e509e7ba30cd2f1778e113b64e135cf4e2292c75efe5288edfda4");
+    private byte[] mask2 = Hex.decode(
+             "5f8de105b5e96b2e490ddecbd147dd1def7e3b8e0e6a26eb7b956ccb8b3bdc1ca9" 
+           + "75bc57c3989e8fbad31a224655d800c46954840ff32052cdf0d640562bdfadfa263c" 
+           + "fccf3c52b29f2af4a1869959bc77f854cf15bd7a25192985a842dbff8e13efee5b7e" 
+           + "7e55bbe4d389647c686a9a9ab3fb889b2d7767d3837eea4e0a2f04");
+    
+    private byte[] seed3 = seed2;
+    private byte[] mask3= Hex.decode(
+             "09e2decf2a6e1666c2f6071ff4298305e2643fd510a2403db42a8743cb989de86e"
+           + "668d168cbe604611ac179f819a3d18412e9eb45668f2923c087c12fee0c5a0d2a8aa"
+           + "70185401fbbd99379ec76c663e875a60b4aacb1319fa11c3365a8b79a44669f26fb5"
+           + "55c80391847b05eca1cb5cf8c2d531448d33fbaca19f6410ee1fcb");
+
+
+    public KDF1GeneratorTest()
+    {
+    }
+    
+    public void performTest()
+    {
+        checkMask(1, new KDF1BytesGenerator(new ShortenedDigest(new SHA256Digest(), 20)), seed1, mask1);
+        checkMask(2, new KDF1BytesGenerator(new SHA1Digest()), seed2, mask2);
+        checkMask(3, new KDF1BytesGenerator(new ShortenedDigest(new SHA256Digest(), 20)), seed3, mask3);
+        
+        try
+        {
+            new KDF1BytesGenerator(new SHA1Digest()).generateBytes(new byte[10], 0, 20);
+            
+            fail("short input array not caught");
+        }
+        catch (DataLengthException e)
+        {
+            // expected 
+        }
+    }
+    
+    private void checkMask(
+        int                count,
+        DerivationFunction kdf,
+        byte[]             seed,
+        byte[]             result)
+    {
+        byte[]             data = new byte[result.length];
+        
+        kdf.init(new ISO18033KDFParameters(seed));
+        
+        kdf.generateBytes(data, 0, data.length);
+        
+        if (!areEqual(result, data))
+        {
+            fail("KDF1 failed generator test " + count);
+        }
+    }
+
+    public String getName()
+    {
+        return "KDF1";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new KDF1GeneratorTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/KDF2GeneratorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDF2GeneratorTest.java
new file mode 100644
index 0000000..84a435a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDF2GeneratorTest.java
@@ -0,0 +1,105 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.DerivationFunction;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.digests.ShortenedDigest;
+import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
+import org.bouncycastle.crypto.params.KDFParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * KDF2 tests - vectors from ISO 18033.
+ */
+public class KDF2GeneratorTest
+    extends SimpleTest
+{
+    private byte[] seed1 = Hex.decode("d6e168c5f256a2dcff7ef12facd390f393c7a88d");
+    private byte[] mask1 = Hex.decode(
+            "df79665bc31dc5a62f70535e52c53015b9d37d412ff3c119343959"
+          + "9e1b628774c50d9ccb78d82c425e4521ee47b8c36a4bcffe8b8112a8"
+          + "9312fc04420a39de99223890e74ce10378bc515a212b97b8a6447ba6"
+          + "a8870278f0262727ca041fa1aa9f7b5d1cf7f308232fe861");
+    
+    private byte[] seed2 = Hex.decode(
+             "032e45326fa859a72ec235acff929b15d1372e30b207255f0611b8f785d7643741" 
+           + "52e0ac009e509e7ba30cd2f1778e113b64e135cf4e2292c75efe5288edfda4");
+    private byte[] mask2 = Hex.decode(
+             "10a2403db42a8743cb989de86e668d168cbe604611ac179f819a3d18412e9eb456" 
+           + "68f2923c087c12fee0c5a0d2a8aa70185401fbbd99379ec76c663e875a60b4aacb13"
+           + "19fa11c3365a8b79a44669f26fb555c80391847b05eca1cb5cf8c2d531448d33fbac"
+           + "a19f6410ee1fcb260892670e0814c348664f6a7248aaf998a3acc6");
+    private byte[] adjustedMask2 = Hex.decode(
+             "10a2403db42a8743cb989de86e668d168cbe6046e23ff26f741e87949a3bba1311ac1"
+           + "79f819a3d18412e9eb45668f2923c087c1299005f8d5fd42ca257bc93e8fee0c5a0d2"
+           + "a8aa70185401fbbd99379ec76c663e9a29d0b70f3fe261a59cdc24875a60b4aacb131"
+           + "9fa11c3365a8b79a44669f26fba933d012db213d7e3b16349");
+
+    private byte[] sha1Mask = Hex.decode(
+             "0e6a26eb7b956ccb8b3bdc1ca975bc57c3989e8fbad31a224655d800c46954840ff32"
+           + "052cdf0d640562bdfadfa263cfccf3c52b29f2af4a1869959bc77f854cf15bd7a2519"
+           + "2985a842dbff8e13efee5b7e7e55bbe4d389647c686a9a9ab3fb889b2d7767d3837ee"
+           + "a4e0a2f04b53ca8f50fb31225c1be2d0126c8c7a4753b0807");
+
+    private byte[] seed3 = Hex.decode("CA7C0F8C3FFA87A96E1B74AC8E6AF594347BB40A");
+    private byte[] mask3 = Hex.decode("744AB703F5BC082E59185F6D049D2D367DB245C2");
+
+    private byte[] seed4 = Hex.decode("0499B502FC8B5BAFB0F4047E731D1F9FD8CD0D8881");
+    private byte[] mask4 = Hex.decode("03C62280C894E103C680B13CD4B4AE740A5EF0C72547292F82DC6B1777F47D63BA9D1EA732DBF386");
+
+    public KDF2GeneratorTest()
+    {
+    }
+    
+    public void performTest()
+    {
+        checkMask(1, new KDF2BytesGenerator(new ShortenedDigest(new SHA256Digest(), 20)), seed1, mask1);
+        checkMask(2, new KDF2BytesGenerator(new ShortenedDigest(new SHA256Digest(), 20)), seed2, mask2);
+        checkMask(3, new KDF2BytesGenerator(new SHA256Digest()), seed2, adjustedMask2);
+        checkMask(4, new KDF2BytesGenerator(new SHA1Digest()), seed2, sha1Mask);
+        checkMask(5, new KDF2BytesGenerator(new SHA1Digest()), seed3, mask3);
+        checkMask(6, new KDF2BytesGenerator(new SHA1Digest()), seed4, mask4);
+        
+        try
+        {
+            new KDF2BytesGenerator(new SHA1Digest()).generateBytes(new byte[10], 0, 20);
+            
+            fail("short input array not caught");
+        }
+        catch (DataLengthException e)
+        {
+            // expected 
+        }
+    }
+    
+    private void checkMask(
+        int                count,
+        DerivationFunction kdf,
+        byte[]             seed,
+        byte[]             result)
+    {
+        byte[]             data = new byte[result.length];
+        
+        kdf.init(new KDFParameters(seed, new byte[0]));
+        
+        kdf.generateBytes(data, 0, data.length);
+        
+        if (!areEqual(result, data))
+        {
+            fail("KDF2 failed generator test " + count);
+        }
+    }
+
+    public String getName()
+    {
+        return "KDF2";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new KDF2GeneratorTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/KDFCounterGeneratorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDFCounterGeneratorTest.java
new file mode 100644
index 0000000..7078da2
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDFCounterGeneratorTest.java
@@ -0,0 +1,51 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.nio.charset.Charset;
+
+import org.bouncycastle.crypto.test.cavp.CAVPReader;
+import org.bouncycastle.crypto.test.cavp.KDFCounterTests;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class KDFCounterGeneratorTest
+    extends SimpleTest
+{
+
+    private static void testCounter()
+    {
+
+        CAVPReader cavpReader = new CAVPReader(new KDFCounterTests());
+
+        final InputStream stream = CAVPReader.class.getResourceAsStream("KDFCTR_gen.rsp");
+        final Reader reader = new InputStreamReader(stream, Charset.forName("UTF-8"));
+        cavpReader.setInput("KDFCounter", reader);
+
+        try
+        {
+            cavpReader.readAll();
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("Something is rotten in the state of Denmark", e);
+        }
+    }
+
+    public String getName()
+    {
+        return this.getClass().getSimpleName();
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        testCounter();
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new KDFCounterGeneratorTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/KDFDoublePipelineIteratorGeneratorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDFDoublePipelineIteratorGeneratorTest.java
new file mode 100644
index 0000000..37aaf66
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDFDoublePipelineIteratorGeneratorTest.java
@@ -0,0 +1,72 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.nio.charset.Charset;
+
+import org.bouncycastle.crypto.test.cavp.CAVPReader;
+import org.bouncycastle.crypto.test.cavp.KDFDoublePipelineCounterTests;
+import org.bouncycastle.crypto.test.cavp.KDFDoublePipelineIterationNoCounterTests;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class KDFDoublePipelineIteratorGeneratorTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return this.getClass().getSimpleName();
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        testDoublePipelineIterationCounter();
+        testDoublePipelineIterationNoCounter();
+    }
+
+    private static void testDoublePipelineIterationCounter()
+    {
+
+        CAVPReader cavpReader = new CAVPReader(new KDFDoublePipelineCounterTests());
+
+        final InputStream stream = CAVPReader.class.getResourceAsStream("KDFDblPipelineCounter_gen.rsp");
+        final Reader reader = new InputStreamReader(stream, Charset.forName("UTF-8"));
+        cavpReader.setInput("KDFDoublePipelineIterationCounter", reader);
+
+        try
+        {
+            cavpReader.readAll();
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("Something is rotten in the state of Denmark", e);
+        }
+    }
+
+    private static void testDoublePipelineIterationNoCounter()
+    {
+
+        CAVPReader cavpReader = new CAVPReader(new KDFDoublePipelineIterationNoCounterTests());
+
+        final InputStream stream = CAVPReader.class.getResourceAsStream("KDFDblPipelineNoCounter_gen.rsp");
+        final Reader reader = new InputStreamReader(stream, Charset.forName("UTF-8"));
+        cavpReader.setInput("KDFDblPipelineIterationNoCounter", reader);
+
+        try
+        {
+            cavpReader.readAll();
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("Something is rotten in the state of Denmark", e);
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new KDFDoublePipelineIteratorGeneratorTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/KDFFeedbackGeneratorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDFFeedbackGeneratorTest.java
new file mode 100644
index 0000000..0eba706
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/KDFFeedbackGeneratorTest.java
@@ -0,0 +1,71 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.nio.charset.Charset;
+
+import org.bouncycastle.crypto.test.cavp.CAVPReader;
+import org.bouncycastle.crypto.test.cavp.KDFFeedbackCounterTests;
+import org.bouncycastle.crypto.test.cavp.KDFFeedbackNoCounterTests;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class KDFFeedbackGeneratorTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return this.getClass().getSimpleName();
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        testFeedbackCounter();
+        testFeedbackNoCounter();
+    }
+
+    private static void testFeedbackCounter()
+    {
+
+        CAVPReader cavpReader = new CAVPReader(new KDFFeedbackCounterTests());
+
+        final InputStream stream = CAVPReader.class.getResourceAsStream("KDFFeedbackCounter_gen.rsp");
+        final Reader reader = new InputStreamReader(stream, Charset.forName("UTF-8"));
+        cavpReader.setInput("KDFFeedbackCounter", reader);
+
+        try
+        {
+            cavpReader.readAll();
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("Something is rotten in the state of Denmark ", e);
+        }
+    }
+
+    private static void testFeedbackNoCounter()
+    {
+
+        CAVPReader cavpReader = new CAVPReader(new KDFFeedbackNoCounterTests());
+
+        final InputStream stream = CAVPReader.class.getResourceAsStream("KDFFeedbackNoCounter_gen.rsp");
+        final Reader reader = new InputStreamReader(stream, Charset.forName("UTF-8"));
+        cavpReader.setInput("KDFFeedbackNoCounter", reader);
+
+        try
+        {
+            cavpReader.readAll();
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("Something is rotten in the state of Denmark", e);
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new KDFDoublePipelineIteratorGeneratorTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/MD2DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/MD2DigestTest.java
new file mode 100644
index 0000000..443ec2e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/MD2DigestTest.java
@@ -0,0 +1,52 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.MD2Digest;
+
+/**
+ * standard vector test for MD2
+ * from RFC1319 by B.Kaliski of RSA Laboratories April 1992
+ *
+ */
+public class MD2DigestTest
+    extends DigestTest
+{
+    static final String messages[] =
+    {
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+    };
+    
+    static final String digests[] =
+    { 
+        "8350e5a3e24c153df2275c9f80692773",
+        "32ec01ec4a6dac72c0ab96fb34c0b5d1",
+        "da853b0d3f88d99b30283a69e6ded6bb",
+        "ab4f496bfb2a530b219ff33031fe06b0",
+        "4e8ddff3650292ab5a4108c3aa47940b",
+        "da33def2a42df13975352846c30338cd",
+        "d5976f79d83d3a0dc9806c3c66f3efd8" 
+    };
+    
+    MD2DigestTest()
+    {
+        super(new MD2Digest(), messages, digests);
+    }
+ 
+    protected Digest cloneDigest(
+        Digest digest)
+    {
+        return new MD2Digest((MD2Digest)digest);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new MD2DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/MD4DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/MD4DigestTest.java
new file mode 100644
index 0000000..d57a29c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/MD4DigestTest.java
@@ -0,0 +1,43 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.MD4Digest;
+
+/**
+ * standard vector test for MD4 from RFC 1320.
+ */
+public class MD4DigestTest
+    extends DigestTest
+{
+    static private String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+    };
+    
+    static private String[] digests =
+    {
+        "31d6cfe0d16ae931b73c59d7e0c089c0",
+        "bde52cb31de33e46245e05fbdbd6fb24",
+        "a448017aaf21d8525fc10ae87aa6729d",
+        "e33b4ddc9c38f2199c3e7b164fcc0536"
+    };
+
+    MD4DigestTest()
+    {
+        super(new MD4Digest(), messages, digests);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new MD4Digest((MD4Digest)digest);
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new MD4DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/MD5DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/MD5DigestTest.java
new file mode 100644
index 0000000..ab9cab2
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/MD5DigestTest.java
@@ -0,0 +1,43 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.MD5Digest;
+
+/**
+ * standard vector test for MD5 from "Handbook of Applied Cryptography", page 345.
+ */
+public class MD5DigestTest
+    extends DigestTest
+{
+    static final String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "abcdefghijklmnopqrstuvwxyz"
+    };
+    
+    static final String[] digests =
+    {
+        "d41d8cd98f00b204e9800998ecf8427e",
+        "0cc175b9c0f1b6a831c399e269772661",
+        "900150983cd24fb0d6963f7d28e17f72",
+        "c3fcd3d76192e4007dfb496cca67e13b"
+    };
+
+    MD5DigestTest()
+    {
+        super(new MD5Digest(), messages, digests);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new MD5Digest((MD5Digest)digest);
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new MD5DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/MD5HMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/MD5HMacTest.java
new file mode 100644
index 0000000..cfce1d9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/MD5HMacTest.java
@@ -0,0 +1,98 @@
+
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.digests.MD5Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * MD5 HMac Test, test vectors from RFC 2202
+ */
+public class MD5HMacTest
+    extends SimpleTest
+{
+    final static String[] keys = {
+        "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+        "4a656665",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "0102030405060708090a0b0c0d0e0f10111213141516171819",
+        "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+    };
+
+    final static String[] digests = {
+        "9294727a3638bb1c13f48ef8158bfc9d",
+        "750c783e6ab0b503eaa86e310a5db738",
+        "56be34521d144c88dbb8c733f0e8b3f6",
+        "697eaf0aca3a3aea3a75164746ffaa79",
+        "56461ef2342edc00f9bab995690efd4c",
+        "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd",
+        "6f630fad67cda0ee1fb1f562db3aa53e"
+    };
+
+    final static String[] messages = {
+        "Hi There",
+        "what do ya want for nothing?",
+        "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+        "0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "Test With Truncation",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+        "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"
+    };
+        
+    public String getName()
+    {
+        return "MD5HMac";
+    }
+
+    public void performTest()
+    {
+        HMac hmac = new HMac(new MD5Digest());
+        byte[] resBuf = new byte[hmac.getMacSize()];
+
+        for (int i = 0; i < messages.length; i++)
+        {
+            byte[] m = messages[i].getBytes();
+            if (messages[i].startsWith("0x"))
+            {
+                m = Hex.decode(messages[i].substring(2));
+            }
+            hmac.init(new KeyParameter(Hex.decode(keys[i])));
+            hmac.update(m, 0, m.length);
+            hmac.doFinal(resBuf, 0);
+
+            if (!areEqual(resBuf, Hex.decode(digests[i])))
+            {
+                fail("Vector " + i + " failed");
+            }
+        }
+
+        // test reset
+        int vector = 0; // vector used for test
+        byte[] m = messages[vector].getBytes();
+        if (messages[vector].startsWith("0x"))
+        {
+            m = Hex.decode(messages[vector].substring(2));
+        }
+        hmac.init(new KeyParameter(Hex.decode(keys[vector])));
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+        hmac.reset();
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+
+        if (!areEqual(resBuf, Hex.decode(digests[vector])))
+        {
+            fail("Reset with vector " + vector + " failed");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new MD5HMacTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/MGF1GeneratorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/MGF1GeneratorTest.java
new file mode 100644
index 0000000..e7e99fe
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/MGF1GeneratorTest.java
@@ -0,0 +1,88 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.DerivationFunction;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.digests.ShortenedDigest;
+import org.bouncycastle.crypto.generators.MGF1BytesGenerator;
+import org.bouncycastle.crypto.params.MGFParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * MGF1 tests - vectors from ISO 18033 for KDF1 (equivalent).
+ */
+public class MGF1GeneratorTest
+    extends SimpleTest
+{
+    private byte[] seed1 = Hex.decode("d6e168c5f256a2dcff7ef12facd390f393c7a88d");
+    private byte[] mask1 = Hex.decode(
+            "0742ba966813af75536bb6149cc44fc256fd6406df79665bc31dc5"
+          + "a62f70535e52c53015b9d37d412ff3c1193439599e1b628774c50d9c"
+          + "cb78d82c425e4521ee47b8c36a4bcffe8b8112a89312fc04420a39de"
+          + "99223890e74ce10378bc515a212b97b8a6447ba6a8870278");
+
+    private byte[] seed2 = Hex.decode(
+             "032e45326fa859a72ec235acff929b15d1372e30b207255f0611b8f785d7643741" 
+           + "52e0ac009e509e7ba30cd2f1778e113b64e135cf4e2292c75efe5288edfda4");
+    private byte[] mask2 = Hex.decode(
+             "5f8de105b5e96b2e490ddecbd147dd1def7e3b8e0e6a26eb7b956ccb8b3bdc1ca9" 
+           + "75bc57c3989e8fbad31a224655d800c46954840ff32052cdf0d640562bdfadfa263c" 
+           + "fccf3c52b29f2af4a1869959bc77f854cf15bd7a25192985a842dbff8e13efee5b7e" 
+           + "7e55bbe4d389647c686a9a9ab3fb889b2d7767d3837eea4e0a2f04");
+    
+    private byte[] seed3 = seed2;
+    private byte[] mask3= Hex.decode(
+             "09e2decf2a6e1666c2f6071ff4298305e2643fd510a2403db42a8743cb989de86e"
+           + "668d168cbe604611ac179f819a3d18412e9eb45668f2923c087c12fee0c5a0d2a8aa"
+           + "70185401fbbd99379ec76c663e875a60b4aacb1319fa11c3365a8b79a44669f26fb5"
+           + "55c80391847b05eca1cb5cf8c2d531448d33fbaca19f6410ee1fcb");
+    
+    public void performTest()
+    {
+        checkMask(1, new MGF1BytesGenerator(new ShortenedDigest(new SHA256Digest(), 20)), seed1, mask1);
+        checkMask(2, new MGF1BytesGenerator(new SHA1Digest()), seed2, mask2);
+        checkMask(3, new MGF1BytesGenerator(new ShortenedDigest(new SHA256Digest(), 20)), seed3, mask3);
+        
+        try
+        {
+            new MGF1BytesGenerator(new SHA1Digest()).generateBytes(new byte[10], 0, 20);
+            
+            fail("short input array not caught");
+        }
+        catch (DataLengthException e)
+        {
+            // expected 
+        }
+    }
+    
+    private void checkMask(
+        int                count,
+        DerivationFunction kdf,
+        byte[]             seed,
+        byte[]             result)
+    {
+        byte[]             data = new byte[result.length];
+        
+        kdf.init(new MGFParameters(seed));
+        
+        kdf.generateBytes(data, 0, data.length);
+        
+        if (!areEqual(result, data))
+        {
+            fail("MGF1 failed generator test " + count);
+        }
+    }
+
+    public String getName()
+    {
+        return "MGF1";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new MGF1GeneratorTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/MacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/MacTest.java
new file mode 100644
index 0000000..5b05a60
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/MacTest.java
@@ -0,0 +1,181 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
+import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.crypto.paddings.PKCS7Padding;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * MAC tester - vectors from 
+ * <a href=http://www.itl.nist.gov/fipspubs/fip81.htm>FIP 81</a> and 
+ * <a href=http://www.itl.nist.gov/fipspubs/fip113.htm>FIP 113</a>.
+ */
+public class MacTest
+    extends SimpleTest
+{
+    static byte[]   keyBytes = Hex.decode("0123456789abcdef");
+    static byte[]   ivBytes = Hex.decode("1234567890abcdef");
+
+    static byte[]   input1 = Hex.decode("37363534333231204e6f77206973207468652074696d6520666f7220");
+
+    static byte[]   output1 = Hex.decode("f1d30f68");
+    static byte[]   output2 = Hex.decode("58d2e77e");
+    static byte[]   output3 = Hex.decode("cd647403");
+
+    //
+    // these aren't NIST vectors, just for regression testing.
+    //
+    static byte[]   input2 = Hex.decode("3736353433323120");
+
+    static byte[]   output4 = Hex.decode("3af549c9");
+    static byte[]   output5 = Hex.decode("188fbdd5");
+    static byte[]   output6 = Hex.decode("7045eecd");
+
+    public MacTest()
+    {
+    }
+
+    public void performTest()
+    {
+        KeyParameter        key = new KeyParameter(keyBytes);
+        BlockCipher         cipher = new DESEngine();
+        Mac                 mac = new CBCBlockCipherMac(cipher);
+
+        //
+        // standard DAC - zero IV
+        //
+        mac.init(key);
+
+        mac.update(input1, 0, input1.length);
+
+        byte[]  out = new byte[4];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output1))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output1)) + " got " + new String(Hex.encode(out)));
+        }
+        
+        //
+        // mac with IV.
+        //
+        ParametersWithIV    param = new ParametersWithIV(key, ivBytes);
+
+        mac.init(param);
+
+        mac.update(input1, 0, input1.length);
+
+        out = new byte[4];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output2))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output2)) + " got " + new String(Hex.encode(out)));
+        }
+        
+        //
+        // CFB mac with IV - 8 bit CFB mode
+        //
+        param = new ParametersWithIV(key, ivBytes);
+
+        mac = new CFBBlockCipherMac(cipher);
+
+        mac.init(param);
+
+        mac.update(input1, 0, input1.length);
+
+        out = new byte[4];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output3))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output3)) + " got " + new String(Hex.encode(out)));
+        }
+
+        //
+        // word aligned data - zero IV
+        //
+        mac.init(key);
+
+        mac.update(input2, 0, input2.length);
+
+        out = new byte[4];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output4))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output4)) + " got " + new String(Hex.encode(out)));
+        }
+
+        //
+        // word aligned data - zero IV - CBC padding
+        //
+        mac = new CBCBlockCipherMac(cipher, new PKCS7Padding());
+
+        mac.init(key);
+
+        mac.update(input2, 0, input2.length);
+
+        out = new byte[4];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output5))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output5)) + " got " + new String(Hex.encode(out)));
+        }
+
+        //
+        // non-word aligned data - zero IV - CBC padding
+        //
+        mac.reset();
+
+        mac.update(input1, 0, input1.length);
+
+        out = new byte[4];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output6))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output6)) + " got " + new String(Hex.encode(out)));
+        }
+
+        //
+        // non-word aligned data - zero IV - CBC padding
+        //
+        mac.init(key);
+
+        mac.update(input1, 0, input1.length);
+
+        out = new byte[4];
+
+        mac.doFinal(out, 0);
+
+        if (!areEqual(out, output6))
+        {
+            fail("Failed - expected " + new String(Hex.encode(output6)) + " got " + new String(Hex.encode(out)));
+        }
+    }
+
+    public String getName()
+    {
+        return "Mac";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new MacTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ModeTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ModeTest.java
new file mode 100644
index 0000000..6619b65
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ModeTest.java
@@ -0,0 +1,115 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * CFB/OFB Mode test of IV padding.
+ */
+public class ModeTest
+    implements Test
+{
+    public ModeTest()
+    {
+    }
+
+    private boolean isEqualTo(
+        byte[]  a,
+        byte[]  b)
+    {
+        for (int i = 0; i != a.length; i++)
+        {
+            if (a[i] != b[i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    public TestResult perform()
+    {
+        KeyParameter    key = new KeyParameter(Hex.decode("0011223344556677"));
+        byte[]          input = Hex.decode("4e6f7720");
+        byte[]          out1 = new byte[4];
+        byte[]          out2 = new byte[4];
+
+
+        BlockCipher ofb = new OFBBlockCipher(new DESEngine(), 32);
+
+        ofb.init(true, new ParametersWithIV(key, Hex.decode("1122334455667788")));
+
+        ofb.processBlock(input, 0, out1, 0);
+
+        ofb.init(false, new ParametersWithIV(key, Hex.decode("1122334455667788")));
+        ofb.processBlock(out1, 0, out2, 0);
+
+        if (!isEqualTo(out2, input))
+        {
+            return new SimpleTestResult(false, getName() + ": test 1 - in != out");
+        }
+
+        ofb.init(true, new ParametersWithIV(key, Hex.decode("11223344")));
+
+        ofb.processBlock(input, 0, out1, 0);
+
+        ofb.init(false, new ParametersWithIV(key, Hex.decode("0000000011223344")));
+        ofb.processBlock(out1, 0, out2, 0);
+
+        if (!isEqualTo(out2, input))
+        {
+            return new SimpleTestResult(false, getName() + ": test 2 - in != out");
+        }
+
+        BlockCipher cfb = new CFBBlockCipher(new DESEngine(), 32);
+
+        cfb.init(true, new ParametersWithIV(key, Hex.decode("1122334455667788")));
+
+        cfb.processBlock(input, 0, out1, 0);
+
+        cfb.init(false, new ParametersWithIV(key, Hex.decode("1122334455667788")));
+        cfb.processBlock(out1, 0, out2, 0);
+
+        if (!isEqualTo(out2, input))
+        {
+            return new SimpleTestResult(false, getName() + ": test 3 - in != out");
+        }
+
+        cfb.init(true, new ParametersWithIV(key, Hex.decode("11223344")));
+
+        cfb.processBlock(input, 0, out1, 0);
+
+        cfb.init(false, new ParametersWithIV(key, Hex.decode("0000000011223344")));
+        cfb.processBlock(out1, 0, out2, 0);
+
+        if (!isEqualTo(out2, input))
+        {
+            return new SimpleTestResult(false, getName() + ": test 4 - in != out");
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public String getName()
+    {
+        return "ModeTest";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        ModeTest    test = new ModeTest();
+        TestResult result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/NISTCTSTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/NISTCTSTest.java
new file mode 100644
index 0000000..8e3df1c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/NISTCTSTest.java
@@ -0,0 +1,160 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.modes.NISTCTSBlockCipher;
+import org.bouncycastle.crypto.modes.SICBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * CTS tester
+ */
+public class NISTCTSTest
+    extends SimpleTest
+{
+    private static KeyParameter key = new KeyParameter(Hex.decode("000102030405060708090a0b0c0d0e0f"));
+    private static byte[] iv = Hex.decode("101112131415161718191a1b1c1d1e1f");
+
+    private static byte[] singleBlock = Hex.decode("4920616d206f6e6520626c6f636b2e2e");
+    private static byte[] singleOut = Hex.decode("8aad2098847a2d74ac87de22745d2537");
+
+    private static byte[] twoBlock = Hex.decode("4920616d206174206c656173742074776f20626c6f636b73206c6f6e672e2e2e");
+
+    private static byte[] cs1TwoBlockOut = Hex.decode("3f07fd5816c3b96349eb9f6a074909d67237eb8aa9a7467b8a388c61d0e8f35a");
+    private static byte[] cs2TwoBlockOut = Hex.decode("3f07fd5816c3b96349eb9f6a074909d67237eb8aa9a7467b8a388c61d0e8f35a");
+    private static byte[] cs3TwoBlockOut = Hex.decode("7237eb8aa9a7467b8a388c61d0e8f35a3f07fd5816c3b96349eb9f6a074909d6");
+
+    private static byte[] notQuiteTwo = Hex.decode("4920616d206e6f742071756974652074776f2e2e2e");
+
+    private static byte[] cs1NotQuiteTwoBlockOut = Hex.decode("22ecf2ac77f098097ca69b72e3a46e9ca21bb5ebbc");
+    private static byte[] cs2NotQuiteTwoBlockOut = Hex.decode("f098097ca69b72e3a46e9ca21bb5ebbc22ecf2ac77");
+    private static byte[] cs3NotQuiteTwoBlockOut = Hex.decode("f098097ca69b72e3a46e9ca21bb5ebbc22ecf2ac77");
+
+    static byte[]   in1 = Hex.decode("4e6f7720697320746865207420");
+    static byte[]   in2 = Hex.decode("000102030405060708090a0b0c0d0e0fff0102030405060708090a0b0c0d0e0f0aaa");
+    static byte[]   out1 = Hex.decode("9952f131588465033fa40e8a98");
+    static byte[]   out2 = Hex.decode("358f84d01eb42988dc34efb994");
+    static byte[]   out3 = Hex.decode("170171cfad3f04530c509b0c1f0be0aefbd45a8e3755a873bff5ea198504b71683c6");
+    
+    private void testCTS(
+        int                 id,
+        int                 type,
+        BlockCipher         cipher,
+        CipherParameters    params,
+        byte[]              input,
+        byte[]              output)
+        throws Exception
+    {
+        byte[]                  out = new byte[input.length];
+        BufferedBlockCipher     engine = new NISTCTSBlockCipher(type, cipher);
+
+        engine.init(true, params);
+
+        int len = engine.processBytes(input, 0, input.length, out, 0);
+
+        engine.doFinal(out, len);
+
+        if (!areEqual(output, out))
+        {
+            fail(id + " failed encryption expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+        }
+
+        engine.init(false, params);
+
+        len = engine.processBytes(output, 0, output.length, out, 0);
+
+        engine.doFinal(out, len);
+
+        if (!areEqual(input, out))
+        {
+            fail(id + " failed decryption expected " + new String(Hex.encode(input)) + " got " + new String(Hex.encode(out)));
+        }
+    }
+
+    private void testExceptions() throws InvalidCipherTextException
+    {
+        BufferedBlockCipher engine = new NISTCTSBlockCipher(NISTCTSBlockCipher.CS1, new AESEngine());
+        CipherParameters params = new KeyParameter(new byte[engine.getBlockSize()]);
+        engine.init(true, params);
+
+        byte[] out = new byte[engine.getOutputSize(engine.getBlockSize())];
+        
+        engine.processBytes(new byte[engine.getBlockSize() - 1], 0, engine.getBlockSize() - 1, out, 0);
+        try 
+        {
+            engine.doFinal(out, 0);
+            fail("Expected CTS encrypt error on < 1 block input");
+        } catch(DataLengthException e)
+        {
+            // Expected
+        }
+
+        engine.init(true, params);
+        engine.processBytes(new byte[engine.getBlockSize()], 0, engine.getBlockSize(), out, 0);
+        try 
+        {
+            engine.doFinal(out, 0);
+        } catch(DataLengthException e)
+        {
+            fail("Unexpected CTS encrypt error on == 1 block input");
+        }
+
+        engine.init(false, params);
+        engine.processBytes(new byte[engine.getBlockSize() - 1], 0, engine.getBlockSize() - 1, out, 0);
+        try 
+        {
+            engine.doFinal(out, 0);
+            fail("Expected CTS decrypt error on < 1 block input");
+        } catch(DataLengthException e)
+        {
+            // Expected
+        }
+
+        engine.init(false, params);
+        engine.processBytes(new byte[engine.getBlockSize()], 0, engine.getBlockSize(), out, 0);
+        try 
+        {
+            engine.doFinal(out, 0);
+        } catch(DataLengthException e)
+        {
+            fail("Unexpected CTS decrypt error on == 1 block input");
+        }
+
+    }
+
+    public String getName()
+    {
+        return "CTS";
+    }
+
+    public void performTest() 
+        throws Exception
+    {
+        testCTS(1, NISTCTSBlockCipher.CS1, new AESEngine(), new ParametersWithIV(key, iv), singleBlock, singleOut);
+        testCTS(2, NISTCTSBlockCipher.CS2, new AESEngine(), new ParametersWithIV(key, iv), singleBlock, singleOut);
+        testCTS(3, NISTCTSBlockCipher.CS3, new AESEngine(), new ParametersWithIV(key, iv), singleBlock, singleOut);
+
+        testCTS(4, NISTCTSBlockCipher.CS1, new AESEngine(), new ParametersWithIV(key, iv), twoBlock, cs1TwoBlockOut);
+        testCTS(5, NISTCTSBlockCipher.CS2, new AESEngine(), new ParametersWithIV(key, iv), twoBlock, cs2TwoBlockOut);
+        testCTS(6, NISTCTSBlockCipher.CS3, new AESEngine(), new ParametersWithIV(key, iv), twoBlock, cs3TwoBlockOut);
+
+        testCTS(7, NISTCTSBlockCipher.CS1, new AESEngine(), new ParametersWithIV(key, iv), notQuiteTwo, cs1NotQuiteTwoBlockOut);
+        testCTS(8, NISTCTSBlockCipher.CS2, new AESEngine(), new ParametersWithIV(key, iv), notQuiteTwo, cs2NotQuiteTwoBlockOut);
+        testCTS(9, NISTCTSBlockCipher.CS3, new AESEngine(), new ParametersWithIV(key, iv), notQuiteTwo, cs3NotQuiteTwoBlockOut);
+
+        testExceptions();
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new NISTCTSTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/NaccacheSternTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/NaccacheSternTest.java
new file mode 100644
index 0000000..9055855
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/NaccacheSternTest.java
@@ -0,0 +1,354 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+import java.util.Vector;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.NaccacheSternEngine;
+import org.bouncycastle.crypto.generators.NaccacheSternKeyPairGenerator;
+import org.bouncycastle.crypto.params.NaccacheSternKeyGenerationParameters;
+import org.bouncycastle.crypto.params.NaccacheSternKeyParameters;
+import org.bouncycastle.crypto.params.NaccacheSternPrivateKeyParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test case for NaccacheStern cipher. For details on this cipher, please see
+ * 
+ * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
+ *
+ * Performs the following tests: 
+ *  <ul>
+ *  <li> Toy example from the NaccacheSternPaper </li>
+ *  <li> 768 bit test with text "Now is the time for all good men." (ripped from RSA test) and
+ *     the same test with the first byte replaced by 0xFF </li>
+ *  <li> 1024 bit test analog to 768 bit test </li>
+ *  </ul>
+ */
+public class NaccacheSternTest
+    extends SimpleTest
+{
+    static final boolean debug = false;
+
+    static final NaccacheSternEngine cryptEng = new NaccacheSternEngine();
+
+    static final NaccacheSternEngine decryptEng = new NaccacheSternEngine();
+
+    static
+    {
+        cryptEng.setDebug(debug);
+        decryptEng.setDebug(debug);
+    }
+
+    // Values from NaccacheStern paper
+    static final BigInteger a = BigInteger.valueOf(101);
+
+    static final BigInteger u1 = BigInteger.valueOf(3);
+
+    static final BigInteger u2 = BigInteger.valueOf(5);
+
+    static final BigInteger u3 = BigInteger.valueOf(7);
+
+    static final BigInteger b = BigInteger.valueOf(191);
+
+    static final BigInteger v1 = BigInteger.valueOf(11);
+
+    static final BigInteger v2 = BigInteger.valueOf(13);
+
+    static final BigInteger v3 = BigInteger.valueOf(17);
+
+    static final BigInteger ONE = BigInteger.valueOf(1);
+
+    static final BigInteger TWO = BigInteger.valueOf(2);
+
+    static final BigInteger sigma = u1.multiply(u2).multiply(u3).multiply(v1)
+            .multiply(v2).multiply(v3);
+
+    static final BigInteger p = TWO.multiply(a).multiply(u1).multiply(u2)
+            .multiply(u3).add(ONE);
+
+    static final BigInteger q = TWO.multiply(b).multiply(v1).multiply(v2)
+            .multiply(v3).add(ONE);
+
+    static final BigInteger n = p.multiply(q);
+
+    static final BigInteger phi_n = p.subtract(ONE).multiply(q.subtract(ONE));
+
+    static final BigInteger g = BigInteger.valueOf(131);
+
+    static final Vector smallPrimes = new Vector();
+
+    // static final BigInteger paperTest = BigInteger.valueOf(202);
+
+    static final String input = "4e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e";
+
+    static final BigInteger paperTest = BigInteger.valueOf(202);
+
+    //
+    // to check that we handling byte extension by big number correctly.
+    //
+    static final String edgeInput = "ff6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e";
+
+    public String getName()
+    {
+        return "NaccacheStern";
+    }
+
+    public void performTest()
+    {
+        // Test with given key from NaccacheSternPaper (totally insecure)
+
+        // First the Parameters from the NaccacheStern Paper
+        // (see http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf )
+
+        smallPrimes.addElement(u1);
+        smallPrimes.addElement(u2);
+        smallPrimes.addElement(u3);
+        smallPrimes.addElement(v1);
+        smallPrimes.addElement(v2);
+        smallPrimes.addElement(v3);
+
+        NaccacheSternKeyParameters pubParameters = new NaccacheSternKeyParameters(false, g, n, sigma.bitLength());
+
+        NaccacheSternPrivateKeyParameters privParameters = new NaccacheSternPrivateKeyParameters(g, n, sigma.bitLength(), smallPrimes, phi_n);
+
+        AsymmetricCipherKeyPair pair = new AsymmetricCipherKeyPair(pubParameters, privParameters);
+
+        // Initialize Engines with KeyPair
+
+        if (debug)
+        {
+            System.out.println("initializing encryption engine");
+        }
+        cryptEng.init(true, pair.getPublic());
+
+        if (debug)
+        {
+            System.out.println("initializing decryption engine");
+        }
+        decryptEng.init(false, pair.getPrivate());
+
+        byte[] data = paperTest.toByteArray();
+
+        if (!new BigInteger(data).equals(new BigInteger(enDeCrypt(data))))
+        {
+            fail("failed NaccacheStern paper test");
+        }
+
+        //
+        // key generation test
+        //
+
+        // 
+        // 768 Bit test
+        //
+
+        if (debug)
+        {
+            System.out.println();
+            System.out.println("768 Bit TEST");
+        }
+
+        // specify key generation parameters
+        NaccacheSternKeyGenerationParameters genParam
+            = new NaccacheSternKeyGenerationParameters(new SecureRandom(), 768, 8, 30, debug);
+
+        // Initialize Key generator and generate key pair
+        NaccacheSternKeyPairGenerator pGen = new NaccacheSternKeyPairGenerator();
+        pGen.init(genParam);
+
+        pair = pGen.generateKeyPair();
+
+        if (((NaccacheSternKeyParameters)pair.getPublic()).getModulus().bitLength() < 768)
+        {
+            System.out.println("FAILED: key size is <786 bit, exactly "
+                            + ((NaccacheSternKeyParameters)pair.getPublic()).getModulus().bitLength() + " bit");
+            fail("failed key generation (768) length test");
+        }
+
+        // Initialize Engines with KeyPair
+
+        if (debug)
+        {
+            System.out.println("initializing " + genParam.getStrength() + " bit encryption engine");
+        }
+        cryptEng.init(true, pair.getPublic());
+
+        if (debug)
+        {
+            System.out.println("initializing " + genParam.getStrength() + " bit decryption engine");
+        }
+        decryptEng.init(false, pair.getPrivate());
+
+        // Basic data input
+        data = Hex.decode(input);
+
+        if (!new BigInteger(1, data).equals(new BigInteger(1, enDeCrypt(data))))
+        {
+            fail("failed encryption decryption (" + genParam.getStrength() + ") basic test");
+        }
+
+        // Data starting with FF byte (would be interpreted as negative
+        // BigInteger)
+
+        data = Hex.decode(edgeInput);
+
+        if (!new BigInteger(1, data).equals(new BigInteger(1, enDeCrypt(data))))
+        {
+            fail("failed encryption decryption (" + genParam.getStrength() + ") edgeInput test");
+        }
+
+        // 
+        // 1024 Bit Test
+        // 
+/*
+        if (debug)
+        {
+            System.out.println();
+            System.out.println("1024 Bit TEST");
+        }
+
+        // specify key generation parameters
+        genParam = new NaccacheSternKeyGenerationParameters(new SecureRandom(), 1024, 8, 40);
+
+        pGen.init(genParam);
+        pair = pGen.generateKeyPair();
+
+        if (((NaccacheSternKeyParameters)pair.getPublic()).getModulus().bitLength() < 1024)
+        {
+            if (debug)
+            {
+                System.out.println("FAILED: key size is <1024 bit, exactly "
+                                + ((NaccacheSternKeyParameters)pair.getPublic()).getModulus().bitLength() + " bit");
+            }
+            fail("failed key generation (1024) length test");
+        }
+
+        // Initialize Engines with KeyPair
+
+        if (debug)
+        {
+            System.out.println("initializing " + genParam.getStrength() + " bit encryption engine");
+        }
+        cryptEng.init(true, pair.getPublic());
+
+        if (debug)
+        {
+            System.out.println("initializing " + genParam.getStrength() + " bit decryption engine");
+        }
+        decryptEng.init(false, pair.getPrivate());
+
+        if (debug)
+        {
+            System.out.println("Data is           " + new BigInteger(1, data));
+        }
+
+        // Basic data input
+        data = Hex.decode(input);
+
+        if (!new BigInteger(1, data).equals(new BigInteger(1, enDeCrypt(data))))
+        {
+            fail("failed encryption decryption (" + genParam.getStrength() + ") basic test");
+        }
+
+        // Data starting with FF byte (would be interpreted as negative
+        // BigInteger)
+
+        data = Hex.decode(edgeInput);
+
+        if (!new BigInteger(1, data).equals(new BigInteger(1, enDeCrypt(data))))
+        {
+            fail("failed encryption decryption (" + genParam.getStrength() + ") edgeInput test");
+        }
+*/
+        // END OF TEST CASE
+
+        try
+        {
+            new NaccacheSternEngine().processBlock(new byte[]{ 1 }, 0, 1);
+            fail("failed initialisation check");
+        }
+        catch (IllegalStateException e)
+        {
+            // expected
+        }
+        catch (InvalidCipherTextException e)
+        {
+            fail("failed initialisation check");
+        }
+
+        if (debug)
+        {
+            System.out.println("All tests successful");
+        }
+    }
+
+    private byte[] enDeCrypt(byte[] input)
+    {
+
+        // create work array
+        byte[] data = new byte[input.length];
+        System.arraycopy(input, 0, data, 0, data.length);
+
+        // Perform encryption like in the paper from Naccache-Stern
+        if (debug)
+        {
+            System.out.println("encrypting data. Data representation\n"
+            //                    + "As String:.... " + new String(data) + "\n"
+                            + "As BigInteger: " + new BigInteger(1, data));
+            System.out.println("data length is " + data.length);
+        }
+
+        try
+        {
+            data = cryptEng.processData(data);
+        }
+        catch (InvalidCipherTextException e)
+        {
+            if (debug)
+            {
+                System.out.println("failed - exception " + e.toString() + "\n" + e.getMessage());
+            }
+            fail("failed - exception " + e.toString() + "\n" + e.getMessage());
+        }
+
+        if (debug)
+        {
+            System.out.println("enrypted data representation\n"
+            //                    + "As String:.... " + new String(data) + "\n"
+                            + "As BigInteger: " + new BigInteger(1, data));
+            System.out.println("data length is " + data.length);
+        }
+
+        try
+        {
+            data = decryptEng.processData(data);
+        }
+        catch (InvalidCipherTextException e)
+        {
+            if (debug)
+            {
+                System.out.println("failed - exception " + e.toString() + "\n" + e.getMessage());
+            }
+            fail("failed - exception " + e.toString() + "\n" + e.getMessage());
+        }
+
+        if (debug)
+        {
+            System.out.println("decrypted data representation\n"
+            //                    + "As String:.... " + new String(data) + "\n"
+                            + "As BigInteger: " + new BigInteger(1, data));
+            System.out.println("data length is " + data.length);
+        }
+
+        return data;
+
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new NaccacheSternTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/NoekeonTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/NoekeonTest.java
new file mode 100644
index 0000000..ebebbd6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/NoekeonTest.java
@@ -0,0 +1,45 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.NoekeonEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Noekeon tester
+ */
+public class NoekeonTest
+    extends CipherTest
+{
+    static SimpleTest[]  tests =
+    {
+        new BlockCipherVectorTest(0, new NoekeonEngine(),
+            new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+            "00000000000000000000000000000000",
+            "b1656851699e29fa24b70148503d2dfc"),
+        new BlockCipherVectorTest(1, new NoekeonEngine(),
+            new KeyParameter(Hex.decode("ffffffffffffffffffffffffffffffff")),
+            "ffffffffffffffffffffffffffffffff",
+            "2a78421b87c7d0924f26113f1d1349b2"),
+        new BlockCipherVectorTest(2, new NoekeonEngine(),
+            new KeyParameter(Hex.decode("b1656851699e29fa24b70148503d2dfc")),
+            "2a78421b87c7d0924f26113f1d1349b2",
+            "e2f687e07b75660ffc372233bc47532c")
+    };
+
+    NoekeonTest()
+    {
+        super(tests, new NoekeonEngine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "Noekeon";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new NoekeonTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/NonMemoableDigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/NonMemoableDigestTest.java
new file mode 100644
index 0000000..d332393
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/NonMemoableDigestTest.java
@@ -0,0 +1,112 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.digests.NonMemoableDigest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * SHA1 HMac Test, test vectors from RFC 2202
+ */
+public class NonMemoableDigestTest
+    implements Test
+{
+    final static String[] keys = {
+        "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+        "4a656665",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "0102030405060708090a0b0c0d0e0f10111213141516171819",
+        "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+    };
+
+    final static String[] digests = {
+        "b617318655057264e28bc0b6fb378c8ef146be00",
+        "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79",
+        "125d7342b9ac11cd91a39af48aa17b4f63f175d3",
+        "4c9007f4026250c6bc8414f9bf50c86c2d7235da",
+        "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04",
+        "aa4ae5e15272d00e95705637ce8a3b55ed402112",
+        "e8e99d0f45237d786d6bbaa7965c7808bbff1a91",
+        "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04",
+        "aa4ae5e15272d00e95705637ce8a3b55ed402112",
+        "e8e99d0f45237d786d6bbaa7965c7808bbff1a91"
+    };
+
+    final static String[] messages = {
+        "Hi There",
+        "what do ya want for nothing?",
+        "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+        "0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "Test With Truncation",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+        "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"
+    };
+        
+    public String getName()
+    {
+        return "NonMemoableDigest";
+    }
+
+    public TestResult perform()
+    {
+        HMac hmac = new HMac(new NonMemoableDigest(new SHA1Digest()));
+        byte[] resBuf = new byte[hmac.getMacSize()];
+
+        for (int i = 0; i < messages.length; i++)
+        {
+            byte[] m = messages[i].getBytes();
+            if (messages[i].startsWith("0x"))
+            {
+                m = Hex.decode(messages[i].substring(2));
+            }
+            hmac.init(new KeyParameter(Hex.decode(keys[i])));
+            hmac.update(m, 0, m.length);
+            hmac.doFinal(resBuf, 0);
+
+            if (!Arrays.areEqual(resBuf, Hex.decode(digests[i])))
+            {
+                return new SimpleTestResult(false, getName() + ": Vector " + i + " failed");
+            }
+        }
+
+        //
+        // test reset
+        //
+        int vector = 0; // vector used for test
+        byte[] m = messages[vector].getBytes();
+        if (messages[vector].startsWith("0x"))
+        {
+            m = Hex.decode(messages[vector].substring(2));
+        }
+        hmac.init(new KeyParameter(Hex.decode(keys[vector])));
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+        hmac.reset();
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+
+        if (!Arrays.areEqual(resBuf, Hex.decode(digests[vector])))
+        {
+            return new SimpleTestResult(false, getName() +
+                    "Reset with vector " + vector + " failed");
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        NonMemoableDigestTest test = new NonMemoableDigestTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/NullTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/NullTest.java
new file mode 100644
index 0000000..ef8ff4b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/NullTest.java
@@ -0,0 +1,77 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.engines.NullEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class NullTest 
+    extends CipherTest
+{
+    static SimpleTest[]  tests = 
+    {
+        new BlockCipherVectorTest(0, new NullEngine(),
+                new KeyParameter(Hex.decode("00")), "00", "00")
+    };
+    
+    NullTest()
+    {
+        super(tests, new NullEngine(), new KeyParameter(new byte[2]));
+    }
+
+    public String getName()
+    {
+        return "Null";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        super.performTest();
+        
+        BlockCipher engine = new NullEngine();
+        
+        engine.init(true, null);
+        
+        byte[] buf = new byte[1];
+        
+        engine.processBlock(buf, 0, buf, 0);
+        
+        if (buf[0] != 0)
+        {
+            fail("NullCipher changed data!");
+        }
+        
+        byte[] shortBuf = new byte[0];
+        
+        try
+        {   
+            engine.processBlock(shortBuf, 0, buf, 0);
+            
+            fail("failed short input check");
+        }
+        catch (DataLengthException e)
+        {
+            // expected 
+        }
+        
+        try
+        {   
+            engine.processBlock(buf, 0, shortBuf, 0);
+            
+            fail("failed short output check");
+        }
+        catch (DataLengthException e)
+        {
+            // expected 
+        }
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new NullTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/OAEPTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/OAEPTest.java
new file mode 100644
index 0000000..9d6b0cb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/OAEPTest.java
@@ -0,0 +1,830 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.ByteArrayInputStream;
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
+import org.bouncycastle.asn1.pkcs.RSAPublicKey;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.crypto.AsymmetricBlockCipher;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.encodings.OAEPEncoding;
+import org.bouncycastle.crypto.engines.RSAEngine;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class OAEPTest
+    extends SimpleTest
+{
+    static byte[] pubKeyEnc1 =
+        {
+          (byte)0x30, (byte)0x5a, (byte)0x30, (byte)0x0d, (byte)0x06, (byte)0x09, (byte)0x2a, (byte)0x86,
+          (byte)0x48, (byte)0x86, (byte)0xf7, (byte)0x0d, (byte)0x01, (byte)0x01, (byte)0x01, (byte)0x05,
+          (byte)0x00, (byte)0x03, (byte)0x49, (byte)0x00, (byte)0x30, (byte)0x46, (byte)0x02, (byte)0x41,
+          (byte)0x00, (byte)0xaa, (byte)0x36, (byte)0xab, (byte)0xce, (byte)0x88, (byte)0xac, (byte)0xfd,
+          (byte)0xff, (byte)0x55, (byte)0x52, (byte)0x3c, (byte)0x7f, (byte)0xc4, (byte)0x52, (byte)0x3f,
+          (byte)0x90, (byte)0xef, (byte)0xa0, (byte)0x0d, (byte)0xf3, (byte)0x77, (byte)0x4a, (byte)0x25,
+          (byte)0x9f, (byte)0x2e, (byte)0x62, (byte)0xb4, (byte)0xc5, (byte)0xd9, (byte)0x9c, (byte)0xb5,
+          (byte)0xad, (byte)0xb3, (byte)0x00, (byte)0xa0, (byte)0x28, (byte)0x5e, (byte)0x53, (byte)0x01,
+          (byte)0x93, (byte)0x0e, (byte)0x0c, (byte)0x70, (byte)0xfb, (byte)0x68, (byte)0x76, (byte)0x93,
+          (byte)0x9c, (byte)0xe6, (byte)0x16, (byte)0xce, (byte)0x62, (byte)0x4a, (byte)0x11, (byte)0xe0,
+          (byte)0x08, (byte)0x6d, (byte)0x34, (byte)0x1e, (byte)0xbc, (byte)0xac, (byte)0xa0, (byte)0xa1,
+          (byte)0xf5, (byte)0x02, (byte)0x01, (byte)0x11
+        };
+
+    static byte[] privKeyEnc1 =
+        {
+          (byte)0x30, (byte)0x82, (byte)0x01, (byte)0x52, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0x30,
+          (byte)0x0d, (byte)0x06, (byte)0x09, (byte)0x2a, (byte)0x86, (byte)0x48, (byte)0x86, (byte)0xf7,
+          (byte)0x0d, (byte)0x01, (byte)0x01, (byte)0x01, (byte)0x05, (byte)0x00, (byte)0x04, (byte)0x82,
+          (byte)0x01, (byte)0x3c, (byte)0x30, (byte)0x82, (byte)0x01, (byte)0x38, (byte)0x02, (byte)0x01,
+          (byte)0x00, (byte)0x02, (byte)0x41, (byte)0x00, (byte)0xaa, (byte)0x36, (byte)0xab, (byte)0xce,
+          (byte)0x88, (byte)0xac, (byte)0xfd, (byte)0xff, (byte)0x55, (byte)0x52, (byte)0x3c, (byte)0x7f,
+          (byte)0xc4, (byte)0x52, (byte)0x3f, (byte)0x90, (byte)0xef, (byte)0xa0, (byte)0x0d, (byte)0xf3,
+          (byte)0x77, (byte)0x4a, (byte)0x25, (byte)0x9f, (byte)0x2e, (byte)0x62, (byte)0xb4, (byte)0xc5,
+          (byte)0xd9, (byte)0x9c, (byte)0xb5, (byte)0xad, (byte)0xb3, (byte)0x00, (byte)0xa0, (byte)0x28,
+          (byte)0x5e, (byte)0x53, (byte)0x01, (byte)0x93, (byte)0x0e, (byte)0x0c, (byte)0x70, (byte)0xfb,
+          (byte)0x68, (byte)0x76, (byte)0x93, (byte)0x9c, (byte)0xe6, (byte)0x16, (byte)0xce, (byte)0x62,
+          (byte)0x4a, (byte)0x11, (byte)0xe0, (byte)0x08, (byte)0x6d, (byte)0x34, (byte)0x1e, (byte)0xbc,
+          (byte)0xac, (byte)0xa0, (byte)0xa1, (byte)0xf5, (byte)0x02, (byte)0x01, (byte)0x11, (byte)0x02,
+          (byte)0x40, (byte)0x0a, (byte)0x03, (byte)0x37, (byte)0x48, (byte)0x62, (byte)0x64, (byte)0x87,
+          (byte)0x69, (byte)0x5f, (byte)0x5f, (byte)0x30, (byte)0xbc, (byte)0x38, (byte)0xb9, (byte)0x8b,
+          (byte)0x44, (byte)0xc2, (byte)0xcd, (byte)0x2d, (byte)0xff, (byte)0x43, (byte)0x40, (byte)0x98,
+          (byte)0xcd, (byte)0x20, (byte)0xd8, (byte)0xa1, (byte)0x38, (byte)0xd0, (byte)0x90, (byte)0xbf,
+          (byte)0x64, (byte)0x79, (byte)0x7c, (byte)0x3f, (byte)0xa7, (byte)0xa2, (byte)0xcd, (byte)0xcb,
+          (byte)0x3c, (byte)0xd1, (byte)0xe0, (byte)0xbd, (byte)0xba, (byte)0x26, (byte)0x54, (byte)0xb4,
+          (byte)0xf9, (byte)0xdf, (byte)0x8e, (byte)0x8a, (byte)0xe5, (byte)0x9d, (byte)0x73, (byte)0x3d,
+          (byte)0x9f, (byte)0x33, (byte)0xb3, (byte)0x01, (byte)0x62, (byte)0x4a, (byte)0xfd, (byte)0x1d,
+          (byte)0x51, (byte)0x02, (byte)0x21, (byte)0x00, (byte)0xd8, (byte)0x40, (byte)0xb4, (byte)0x16,
+          (byte)0x66, (byte)0xb4, (byte)0x2e, (byte)0x92, (byte)0xea, (byte)0x0d, (byte)0xa3, (byte)0xb4,
+          (byte)0x32, (byte)0x04, (byte)0xb5, (byte)0xcf, (byte)0xce, (byte)0x33, (byte)0x52, (byte)0x52,
+          (byte)0x4d, (byte)0x04, (byte)0x16, (byte)0xa5, (byte)0xa4, (byte)0x41, (byte)0xe7, (byte)0x00,
+          (byte)0xaf, (byte)0x46, (byte)0x12, (byte)0x0d, (byte)0x02, (byte)0x21, (byte)0x00, (byte)0xc9,
+          (byte)0x7f, (byte)0xb1, (byte)0xf0, (byte)0x27, (byte)0xf4, (byte)0x53, (byte)0xf6, (byte)0x34,
+          (byte)0x12, (byte)0x33, (byte)0xea, (byte)0xaa, (byte)0xd1, (byte)0xd9, (byte)0x35, (byte)0x3f,
+          (byte)0x6c, (byte)0x42, (byte)0xd0, (byte)0x88, (byte)0x66, (byte)0xb1, (byte)0xd0, (byte)0x5a,
+          (byte)0x0f, (byte)0x20, (byte)0x35, (byte)0x02, (byte)0x8b, (byte)0x9d, (byte)0x89, (byte)0x02,
+          (byte)0x20, (byte)0x59, (byte)0x0b, (byte)0x95, (byte)0x72, (byte)0xa2, (byte)0xc2, (byte)0xa9,
+          (byte)0xc4, (byte)0x06, (byte)0x05, (byte)0x9d, (byte)0xc2, (byte)0xab, (byte)0x2f, (byte)0x1d,
+          (byte)0xaf, (byte)0xeb, (byte)0x7e, (byte)0x8b, (byte)0x4f, (byte)0x10, (byte)0xa7, (byte)0x54,
+          (byte)0x9e, (byte)0x8e, (byte)0xed, (byte)0xf5, (byte)0xb4, (byte)0xfc, (byte)0xe0, (byte)0x9e,
+          (byte)0x05, (byte)0x02, (byte)0x21, (byte)0x00, (byte)0x8e, (byte)0x3c, (byte)0x05, (byte)0x21,
+          (byte)0xfe, (byte)0x15, (byte)0xe0, (byte)0xea, (byte)0x06, (byte)0xa3, (byte)0x6f, (byte)0xf0,
+          (byte)0xf1, (byte)0x0c, (byte)0x99, (byte)0x52, (byte)0xc3, (byte)0x5b, (byte)0x7a, (byte)0x75,
+          (byte)0x14, (byte)0xfd, (byte)0x32, (byte)0x38, (byte)0xb8, (byte)0x0a, (byte)0xad, (byte)0x52,
+          (byte)0x98, (byte)0x62, (byte)0x8d, (byte)0x51, (byte)0x02, (byte)0x20, (byte)0x36, (byte)0x3f,
+          (byte)0xf7, (byte)0x18, (byte)0x9d, (byte)0xa8, (byte)0xe9, (byte)0x0b, (byte)0x1d, (byte)0x34,
+          (byte)0x1f, (byte)0x71, (byte)0xd0, (byte)0x9b, (byte)0x76, (byte)0xa8, (byte)0xa9, (byte)0x43,
+          (byte)0xe1, (byte)0x1d, (byte)0x10, (byte)0xb2, (byte)0x4d, (byte)0x24, (byte)0x9f, (byte)0x2d,
+          (byte)0xea, (byte)0xfe, (byte)0xf8, (byte)0x0c, (byte)0x18, (byte)0x26
+        };
+
+    static byte[] output1 = 
+    { 
+        (byte)0x1b, (byte)0x8f, (byte)0x05, (byte)0xf9, (byte)0xca, (byte)0x1a, (byte)0x79, (byte)0x52,
+        (byte)0x6e, (byte)0x53, (byte)0xf3, (byte)0xcc, (byte)0x51, (byte)0x4f, (byte)0xdb, (byte)0x89,
+        (byte)0x2b, (byte)0xfb, (byte)0x91, (byte)0x93, (byte)0x23, (byte)0x1e, (byte)0x78, (byte)0xb9,
+        (byte)0x92, (byte)0xe6, (byte)0x8d, (byte)0x50, (byte)0xa4, (byte)0x80, (byte)0xcb, (byte)0x52,
+        (byte)0x33, (byte)0x89, (byte)0x5c, (byte)0x74, (byte)0x95, (byte)0x8d, (byte)0x5d, (byte)0x02,
+        (byte)0xab, (byte)0x8c, (byte)0x0f, (byte)0xd0, (byte)0x40, (byte)0xeb, (byte)0x58, (byte)0x44,
+        (byte)0xb0, (byte)0x05, (byte)0xc3, (byte)0x9e, (byte)0xd8, (byte)0x27, (byte)0x4a, (byte)0x9d,
+        (byte)0xbf, (byte)0xa8, (byte)0x06, (byte)0x71, (byte)0x40, (byte)0x94, (byte)0x39, (byte)0xd2
+    };
+
+    static byte[] pubKeyEnc2 =
+        {
+        (byte)0x30, (byte)0x4c, (byte)0x30, (byte)0x0d, (byte)0x06, (byte)0x09, (byte)0x2a, (byte)0x86,
+        (byte)0x48, (byte)0x86, (byte)0xf7, (byte)0x0d, (byte)0x01, (byte)0x01, (byte)0x01, (byte)0x05,
+        (byte)0x00, (byte)0x03, (byte)0x3b, (byte)0x00, (byte)0x30, (byte)0x38, (byte)0x02, (byte)0x33,
+        (byte)0x00, (byte)0xa3, (byte)0x07, (byte)0x9a, (byte)0x90, (byte)0xdf, (byte)0x0d, (byte)0xfd,
+        (byte)0x72, (byte)0xac, (byte)0x09, (byte)0x0c, (byte)0xcc, (byte)0x2a, (byte)0x78, (byte)0xb8,
+        (byte)0x74, (byte)0x13, (byte)0x13, (byte)0x3e, (byte)0x40, (byte)0x75, (byte)0x9c, (byte)0x98,
+        (byte)0xfa, (byte)0xf8, (byte)0x20, (byte)0x4f, (byte)0x35, (byte)0x8a, (byte)0x0b, (byte)0x26,
+        (byte)0x3c, (byte)0x67, (byte)0x70, (byte)0xe7, (byte)0x83, (byte)0xa9, (byte)0x3b, (byte)0x69,
+        (byte)0x71, (byte)0xb7, (byte)0x37, (byte)0x79, (byte)0xd2, (byte)0x71, (byte)0x7b, (byte)0xe8,
+        (byte)0x34, (byte)0x77, (byte)0xcf, (byte)0x02, (byte)0x01, (byte)0x03
+        };
+
+    static byte[] privKeyEnc2 =
+        {
+        (byte)0x30, (byte)0x82, (byte)0x01, (byte)0x13, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0x30,
+        (byte)0x0d, (byte)0x06, (byte)0x09, (byte)0x2a, (byte)0x86, (byte)0x48, (byte)0x86, (byte)0xf7,
+        (byte)0x0d, (byte)0x01, (byte)0x01, (byte)0x01, (byte)0x05, (byte)0x00, (byte)0x04, (byte)0x81,
+        (byte)0xfe, (byte)0x30, (byte)0x81, (byte)0xfb, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0x02,
+        (byte)0x33, (byte)0x00, (byte)0xa3, (byte)0x07, (byte)0x9a, (byte)0x90, (byte)0xdf, (byte)0x0d,
+        (byte)0xfd, (byte)0x72, (byte)0xac, (byte)0x09, (byte)0x0c, (byte)0xcc, (byte)0x2a, (byte)0x78,
+        (byte)0xb8, (byte)0x74, (byte)0x13, (byte)0x13, (byte)0x3e, (byte)0x40, (byte)0x75, (byte)0x9c,
+        (byte)0x98, (byte)0xfa, (byte)0xf8, (byte)0x20, (byte)0x4f, (byte)0x35, (byte)0x8a, (byte)0x0b,
+        (byte)0x26, (byte)0x3c, (byte)0x67, (byte)0x70, (byte)0xe7, (byte)0x83, (byte)0xa9, (byte)0x3b,
+        (byte)0x69, (byte)0x71, (byte)0xb7, (byte)0x37, (byte)0x79, (byte)0xd2, (byte)0x71, (byte)0x7b,
+        (byte)0xe8, (byte)0x34, (byte)0x77, (byte)0xcf, (byte)0x02, (byte)0x01, (byte)0x03, (byte)0x02,
+        (byte)0x32, (byte)0x6c, (byte)0xaf, (byte)0xbc, (byte)0x60, (byte)0x94, (byte)0xb3, (byte)0xfe,
+        (byte)0x4c, (byte)0x72, (byte)0xb0, (byte)0xb3, (byte)0x32, (byte)0xc6, (byte)0xfb, (byte)0x25,
+        (byte)0xa2, (byte)0xb7, (byte)0x62, (byte)0x29, (byte)0x80, (byte)0x4e, (byte)0x68, (byte)0x65,
+        (byte)0xfc, (byte)0xa4, (byte)0x5a, (byte)0x74, (byte)0xdf, (byte)0x0f, (byte)0x8f, (byte)0xb8,
+        (byte)0x41, (byte)0x3b, (byte)0x52, (byte)0xc0, (byte)0xd0, (byte)0xe5, (byte)0x3d, (byte)0x9b,
+        (byte)0x59, (byte)0x0f, (byte)0xf1, (byte)0x9b, (byte)0xe7, (byte)0x9f, (byte)0x49, (byte)0xdd,
+        (byte)0x21, (byte)0xe5, (byte)0xeb, (byte)0x02, (byte)0x1a, (byte)0x00, (byte)0xcf, (byte)0x20,
+        (byte)0x35, (byte)0x02, (byte)0x8b, (byte)0x9d, (byte)0x86, (byte)0x98, (byte)0x40, (byte)0xb4,
+        (byte)0x16, (byte)0x66, (byte)0xb4, (byte)0x2e, (byte)0x92, (byte)0xea, (byte)0x0d, (byte)0xa3,
+        (byte)0xb4, (byte)0x32, (byte)0x04, (byte)0xb5, (byte)0xcf, (byte)0xce, (byte)0x91, (byte)0x02,
+        (byte)0x1a, (byte)0x00, (byte)0xc9, (byte)0x7f, (byte)0xb1, (byte)0xf0, (byte)0x27, (byte)0xf4,
+        (byte)0x53, (byte)0xf6, (byte)0x34, (byte)0x12, (byte)0x33, (byte)0xea, (byte)0xaa, (byte)0xd1,
+        (byte)0xd9, (byte)0x35, (byte)0x3f, (byte)0x6c, (byte)0x42, (byte)0xd0, (byte)0x88, (byte)0x66,
+        (byte)0xb1, (byte)0xd0, (byte)0x5f, (byte)0x02, (byte)0x1a, (byte)0x00, (byte)0x8a, (byte)0x15,
+        (byte)0x78, (byte)0xac, (byte)0x5d, (byte)0x13, (byte)0xaf, (byte)0x10, (byte)0x2b, (byte)0x22,
+        (byte)0xb9, (byte)0x99, (byte)0xcd, (byte)0x74, (byte)0x61, (byte)0xf1, (byte)0x5e, (byte)0x6d,
+        (byte)0x22, (byte)0xcc, (byte)0x03, (byte)0x23, (byte)0xdf, (byte)0xdf, (byte)0x0b, (byte)0x02,
+        (byte)0x1a, (byte)0x00, (byte)0x86, (byte)0x55, (byte)0x21, (byte)0x4a, (byte)0xc5, (byte)0x4d,
+        (byte)0x8d, (byte)0x4e, (byte)0xcd, (byte)0x61, (byte)0x77, (byte)0xf1, (byte)0xc7, (byte)0x36,
+        (byte)0x90, (byte)0xce, (byte)0x2a, (byte)0x48, (byte)0x2c, (byte)0x8b, (byte)0x05, (byte)0x99,
+        (byte)0xcb, (byte)0xe0, (byte)0x3f, (byte)0x02, (byte)0x1a, (byte)0x00, (byte)0x83, (byte)0xef,
+        (byte)0xef, (byte)0xb8, (byte)0xa9, (byte)0xa4, (byte)0x0d, (byte)0x1d, (byte)0xb6, (byte)0xed,
+        (byte)0x98, (byte)0xad, (byte)0x84, (byte)0xed, (byte)0x13, (byte)0x35, (byte)0xdc, (byte)0xc1,
+        (byte)0x08, (byte)0xf3, (byte)0x22, (byte)0xd0, (byte)0x57, (byte)0xcf, (byte)0x8d
+        };
+
+    static byte[] output2 =
+    {
+          (byte)0x14, (byte)0xbd, (byte)0xdd, (byte)0x28, (byte)0xc9, (byte)0x83, (byte)0x35, (byte)0x19,
+          (byte)0x23, (byte)0x80, (byte)0xe8, (byte)0xe5, (byte)0x49, (byte)0xb1, (byte)0x58, (byte)0x2a,
+          (byte)0x8b, (byte)0x40, (byte)0xb4, (byte)0x48, (byte)0x6d, (byte)0x03, (byte)0xa6, (byte)0xa5,
+          (byte)0x31, (byte)0x1f, (byte)0x1f, (byte)0xd5, (byte)0xf0, (byte)0xa1, (byte)0x80, (byte)0xe4,
+          (byte)0x17, (byte)0x53, (byte)0x03, (byte)0x29, (byte)0xa9, (byte)0x34, (byte)0x90, (byte)0x74,
+          (byte)0xb1, (byte)0x52, (byte)0x13, (byte)0x54, (byte)0x29, (byte)0x08, (byte)0x24, (byte)0x52,
+          (byte)0x62, (byte)0x51
+    };
+
+    static byte[] pubKeyEnc3 =
+    {
+          (byte)0x30, (byte)0x81, (byte)0x9d, (byte)0x30, (byte)0x0d, (byte)0x06, (byte)0x09, (byte)0x2a,
+          (byte)0x86, (byte)0x48, (byte)0x86, (byte)0xf7, (byte)0x0d, (byte)0x01, (byte)0x01, (byte)0x01,
+          (byte)0x05, (byte)0x00, (byte)0x03, (byte)0x81, (byte)0x8b, (byte)0x00, (byte)0x30, (byte)0x81,
+          (byte)0x87, (byte)0x02, (byte)0x81, (byte)0x81, (byte)0x00, (byte)0xbb, (byte)0xf8, (byte)0x2f,
+          (byte)0x09, (byte)0x06, (byte)0x82, (byte)0xce, (byte)0x9c, (byte)0x23, (byte)0x38, (byte)0xac,
+          (byte)0x2b, (byte)0x9d, (byte)0xa8, (byte)0x71, (byte)0xf7, (byte)0x36, (byte)0x8d, (byte)0x07,
+          (byte)0xee, (byte)0xd4, (byte)0x10, (byte)0x43, (byte)0xa4, (byte)0x40, (byte)0xd6, (byte)0xb6,
+          (byte)0xf0, (byte)0x74, (byte)0x54, (byte)0xf5, (byte)0x1f, (byte)0xb8, (byte)0xdf, (byte)0xba,
+          (byte)0xaf, (byte)0x03, (byte)0x5c, (byte)0x02, (byte)0xab, (byte)0x61, (byte)0xea, (byte)0x48,
+          (byte)0xce, (byte)0xeb, (byte)0x6f, (byte)0xcd, (byte)0x48, (byte)0x76, (byte)0xed, (byte)0x52,
+          (byte)0x0d, (byte)0x60, (byte)0xe1, (byte)0xec, (byte)0x46, (byte)0x19, (byte)0x71, (byte)0x9d,
+          (byte)0x8a, (byte)0x5b, (byte)0x8b, (byte)0x80, (byte)0x7f, (byte)0xaf, (byte)0xb8, (byte)0xe0,
+          (byte)0xa3, (byte)0xdf, (byte)0xc7, (byte)0x37, (byte)0x72, (byte)0x3e, (byte)0xe6, (byte)0xb4,
+          (byte)0xb7, (byte)0xd9, (byte)0x3a, (byte)0x25, (byte)0x84, (byte)0xee, (byte)0x6a, (byte)0x64,
+          (byte)0x9d, (byte)0x06, (byte)0x09, (byte)0x53, (byte)0x74, (byte)0x88, (byte)0x34, (byte)0xb2,
+          (byte)0x45, (byte)0x45, (byte)0x98, (byte)0x39, (byte)0x4e, (byte)0xe0, (byte)0xaa, (byte)0xb1,
+          (byte)0x2d, (byte)0x7b, (byte)0x61, (byte)0xa5, (byte)0x1f, (byte)0x52, (byte)0x7a, (byte)0x9a,
+          (byte)0x41, (byte)0xf6, (byte)0xc1, (byte)0x68, (byte)0x7f, (byte)0xe2, (byte)0x53, (byte)0x72,
+          (byte)0x98, (byte)0xca, (byte)0x2a, (byte)0x8f, (byte)0x59, (byte)0x46, (byte)0xf8, (byte)0xe5,
+          (byte)0xfd, (byte)0x09, (byte)0x1d, (byte)0xbd, (byte)0xcb, (byte)0x02, (byte)0x01, (byte)0x11
+    };
+
+    static byte[] privKeyEnc3 =
+    {
+        (byte)0x30, (byte)0x82, (byte)0x02, (byte)0x75, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0x30,
+        (byte)0x0d, (byte)0x06, (byte)0x09, (byte)0x2a, (byte)0x86, (byte)0x48, (byte)0x86, (byte)0xf7,
+        (byte)0x0d, (byte)0x01, (byte)0x01, (byte)0x01, (byte)0x05, (byte)0x00, (byte)0x04, (byte)0x82,
+        (byte)0x02, (byte)0x5f, (byte)0x30, (byte)0x82, (byte)0x02, (byte)0x5b, (byte)0x02, (byte)0x01,
+        (byte)0x00, (byte)0x02, (byte)0x81, (byte)0x81, (byte)0x00, (byte)0xbb, (byte)0xf8, (byte)0x2f,
+        (byte)0x09, (byte)0x06, (byte)0x82, (byte)0xce, (byte)0x9c, (byte)0x23, (byte)0x38, (byte)0xac,
+        (byte)0x2b, (byte)0x9d, (byte)0xa8, (byte)0x71, (byte)0xf7, (byte)0x36, (byte)0x8d, (byte)0x07,
+        (byte)0xee, (byte)0xd4, (byte)0x10, (byte)0x43, (byte)0xa4, (byte)0x40, (byte)0xd6, (byte)0xb6,
+        (byte)0xf0, (byte)0x74, (byte)0x54, (byte)0xf5, (byte)0x1f, (byte)0xb8, (byte)0xdf, (byte)0xba,
+        (byte)0xaf, (byte)0x03, (byte)0x5c, (byte)0x02, (byte)0xab, (byte)0x61, (byte)0xea, (byte)0x48,
+        (byte)0xce, (byte)0xeb, (byte)0x6f, (byte)0xcd, (byte)0x48, (byte)0x76, (byte)0xed, (byte)0x52,
+        (byte)0x0d, (byte)0x60, (byte)0xe1, (byte)0xec, (byte)0x46, (byte)0x19, (byte)0x71, (byte)0x9d,
+        (byte)0x8a, (byte)0x5b, (byte)0x8b, (byte)0x80, (byte)0x7f, (byte)0xaf, (byte)0xb8, (byte)0xe0,
+        (byte)0xa3, (byte)0xdf, (byte)0xc7, (byte)0x37, (byte)0x72, (byte)0x3e, (byte)0xe6, (byte)0xb4,
+        (byte)0xb7, (byte)0xd9, (byte)0x3a, (byte)0x25, (byte)0x84, (byte)0xee, (byte)0x6a, (byte)0x64,
+        (byte)0x9d, (byte)0x06, (byte)0x09, (byte)0x53, (byte)0x74, (byte)0x88, (byte)0x34, (byte)0xb2,
+        (byte)0x45, (byte)0x45, (byte)0x98, (byte)0x39, (byte)0x4e, (byte)0xe0, (byte)0xaa, (byte)0xb1,
+        (byte)0x2d, (byte)0x7b, (byte)0x61, (byte)0xa5, (byte)0x1f, (byte)0x52, (byte)0x7a, (byte)0x9a,
+        (byte)0x41, (byte)0xf6, (byte)0xc1, (byte)0x68, (byte)0x7f, (byte)0xe2, (byte)0x53, (byte)0x72,
+        (byte)0x98, (byte)0xca, (byte)0x2a, (byte)0x8f, (byte)0x59, (byte)0x46, (byte)0xf8, (byte)0xe5,
+        (byte)0xfd, (byte)0x09, (byte)0x1d, (byte)0xbd, (byte)0xcb, (byte)0x02, (byte)0x01, (byte)0x11,
+        (byte)0x02, (byte)0x81, (byte)0x81, (byte)0x00, (byte)0xa5, (byte)0xda, (byte)0xfc, (byte)0x53,
+        (byte)0x41, (byte)0xfa, (byte)0xf2, (byte)0x89, (byte)0xc4, (byte)0xb9, (byte)0x88, (byte)0xdb,
+        (byte)0x30, (byte)0xc1, (byte)0xcd, (byte)0xf8, (byte)0x3f, (byte)0x31, (byte)0x25, (byte)0x1e,
+        (byte)0x06, (byte)0x68, (byte)0xb4, (byte)0x27, (byte)0x84, (byte)0x81, (byte)0x38, (byte)0x01,
+        (byte)0x57, (byte)0x96, (byte)0x41, (byte)0xb2, (byte)0x94, (byte)0x10, (byte)0xb3, (byte)0xc7,
+        (byte)0x99, (byte)0x8d, (byte)0x6b, (byte)0xc4, (byte)0x65, (byte)0x74, (byte)0x5e, (byte)0x5c,
+        (byte)0x39, (byte)0x26, (byte)0x69, (byte)0xd6, (byte)0x87, (byte)0x0d, (byte)0xa2, (byte)0xc0,
+        (byte)0x82, (byte)0xa9, (byte)0x39, (byte)0xe3, (byte)0x7f, (byte)0xdc, (byte)0xb8, (byte)0x2e,
+        (byte)0xc9, (byte)0x3e, (byte)0xda, (byte)0xc9, (byte)0x7f, (byte)0xf3, (byte)0xad, (byte)0x59,
+        (byte)0x50, (byte)0xac, (byte)0xcf, (byte)0xbc, (byte)0x11, (byte)0x1c, (byte)0x76, (byte)0xf1,
+        (byte)0xa9, (byte)0x52, (byte)0x94, (byte)0x44, (byte)0xe5, (byte)0x6a, (byte)0xaf, (byte)0x68,
+        (byte)0xc5, (byte)0x6c, (byte)0x09, (byte)0x2c, (byte)0xd3, (byte)0x8d, (byte)0xc3, (byte)0xbe,
+        (byte)0xf5, (byte)0xd2, (byte)0x0a, (byte)0x93, (byte)0x99, (byte)0x26, (byte)0xed, (byte)0x4f,
+        (byte)0x74, (byte)0xa1, (byte)0x3e, (byte)0xdd, (byte)0xfb, (byte)0xe1, (byte)0xa1, (byte)0xce,
+        (byte)0xcc, (byte)0x48, (byte)0x94, (byte)0xaf, (byte)0x94, (byte)0x28, (byte)0xc2, (byte)0xb7,
+        (byte)0xb8, (byte)0x88, (byte)0x3f, (byte)0xe4, (byte)0x46, (byte)0x3a, (byte)0x4b, (byte)0xc8,
+        (byte)0x5b, (byte)0x1c, (byte)0xb3, (byte)0xc1, (byte)0x02, (byte)0x41, (byte)0x00, (byte)0xee,
+        (byte)0xcf, (byte)0xae, (byte)0x81, (byte)0xb1, (byte)0xb9, (byte)0xb3, (byte)0xc9, (byte)0x08,
+        (byte)0x81, (byte)0x0b, (byte)0x10, (byte)0xa1, (byte)0xb5, (byte)0x60, (byte)0x01, (byte)0x99,
+        (byte)0xeb, (byte)0x9f, (byte)0x44, (byte)0xae, (byte)0xf4, (byte)0xfd, (byte)0xa4, (byte)0x93,
+        (byte)0xb8, (byte)0x1a, (byte)0x9e, (byte)0x3d, (byte)0x84, (byte)0xf6, (byte)0x32, (byte)0x12,
+        (byte)0x4e, (byte)0xf0, (byte)0x23, (byte)0x6e, (byte)0x5d, (byte)0x1e, (byte)0x3b, (byte)0x7e,
+        (byte)0x28, (byte)0xfa, (byte)0xe7, (byte)0xaa, (byte)0x04, (byte)0x0a, (byte)0x2d, (byte)0x5b,
+        (byte)0x25, (byte)0x21, (byte)0x76, (byte)0x45, (byte)0x9d, (byte)0x1f, (byte)0x39, (byte)0x75,
+        (byte)0x41, (byte)0xba, (byte)0x2a, (byte)0x58, (byte)0xfb, (byte)0x65, (byte)0x99, (byte)0x02,
+        (byte)0x41, (byte)0x00, (byte)0xc9, (byte)0x7f, (byte)0xb1, (byte)0xf0, (byte)0x27, (byte)0xf4,
+        (byte)0x53, (byte)0xf6, (byte)0x34, (byte)0x12, (byte)0x33, (byte)0xea, (byte)0xaa, (byte)0xd1,
+        (byte)0xd9, (byte)0x35, (byte)0x3f, (byte)0x6c, (byte)0x42, (byte)0xd0, (byte)0x88, (byte)0x66,
+        (byte)0xb1, (byte)0xd0, (byte)0x5a, (byte)0x0f, (byte)0x20, (byte)0x35, (byte)0x02, (byte)0x8b,
+        (byte)0x9d, (byte)0x86, (byte)0x98, (byte)0x40, (byte)0xb4, (byte)0x16, (byte)0x66, (byte)0xb4,
+        (byte)0x2e, (byte)0x92, (byte)0xea, (byte)0x0d, (byte)0xa3, (byte)0xb4, (byte)0x32, (byte)0x04,
+        (byte)0xb5, (byte)0xcf, (byte)0xce, (byte)0x33, (byte)0x52, (byte)0x52, (byte)0x4d, (byte)0x04,
+        (byte)0x16, (byte)0xa5, (byte)0xa4, (byte)0x41, (byte)0xe7, (byte)0x00, (byte)0xaf, (byte)0x46,
+        (byte)0x15, (byte)0x03, (byte)0x02, (byte)0x40, (byte)0x54, (byte)0x49, (byte)0x4c, (byte)0xa6,
+        (byte)0x3e, (byte)0xba, (byte)0x03, (byte)0x37, (byte)0xe4, (byte)0xe2, (byte)0x40, (byte)0x23,
+        (byte)0xfc, (byte)0xd6, (byte)0x9a, (byte)0x5a, (byte)0xeb, (byte)0x07, (byte)0xdd, (byte)0xdc,
+        (byte)0x01, (byte)0x83, (byte)0xa4, (byte)0xd0, (byte)0xac, (byte)0x9b, (byte)0x54, (byte)0xb0,
+        (byte)0x51, (byte)0xf2, (byte)0xb1, (byte)0x3e, (byte)0xd9, (byte)0x49, (byte)0x09, (byte)0x75,
+        (byte)0xea, (byte)0xb7, (byte)0x74, (byte)0x14, (byte)0xff, (byte)0x59, (byte)0xc1, (byte)0xf7,
+        (byte)0x69, (byte)0x2e, (byte)0x9a, (byte)0x2e, (byte)0x20, (byte)0x2b, (byte)0x38, (byte)0xfc,
+        (byte)0x91, (byte)0x0a, (byte)0x47, (byte)0x41, (byte)0x74, (byte)0xad, (byte)0xc9, (byte)0x3c,
+        (byte)0x1f, (byte)0x67, (byte)0xc9, (byte)0x81, (byte)0x02, (byte)0x40, (byte)0x47, (byte)0x1e,
+        (byte)0x02, (byte)0x90, (byte)0xff, (byte)0x0a, (byte)0xf0, (byte)0x75, (byte)0x03, (byte)0x51,
+        (byte)0xb7, (byte)0xf8, (byte)0x78, (byte)0x86, (byte)0x4c, (byte)0xa9, (byte)0x61, (byte)0xad,
+        (byte)0xbd, (byte)0x3a, (byte)0x8a, (byte)0x7e, (byte)0x99, (byte)0x1c, (byte)0x5c, (byte)0x05,
+        (byte)0x56, (byte)0xa9, (byte)0x4c, (byte)0x31, (byte)0x46, (byte)0xa7, (byte)0xf9, (byte)0x80,
+        (byte)0x3f, (byte)0x8f, (byte)0x6f, (byte)0x8a, (byte)0xe3, (byte)0x42, (byte)0xe9, (byte)0x31,
+        (byte)0xfd, (byte)0x8a, (byte)0xe4, (byte)0x7a, (byte)0x22, (byte)0x0d, (byte)0x1b, (byte)0x99,
+        (byte)0xa4, (byte)0x95, (byte)0x84, (byte)0x98, (byte)0x07, (byte)0xfe, (byte)0x39, (byte)0xf9,
+        (byte)0x24, (byte)0x5a, (byte)0x98, (byte)0x36, (byte)0xda, (byte)0x3d, (byte)0x02, (byte)0x41,
+        (byte)0x00, (byte)0xb0, (byte)0x6c, (byte)0x4f, (byte)0xda, (byte)0xbb, (byte)0x63, (byte)0x01,
+        (byte)0x19, (byte)0x8d, (byte)0x26, (byte)0x5b, (byte)0xdb, (byte)0xae, (byte)0x94, (byte)0x23,
+        (byte)0xb3, (byte)0x80, (byte)0xf2, (byte)0x71, (byte)0xf7, (byte)0x34, (byte)0x53, (byte)0x88,
+        (byte)0x50, (byte)0x93, (byte)0x07, (byte)0x7f, (byte)0xcd, (byte)0x39, (byte)0xe2, (byte)0x11,
+        (byte)0x9f, (byte)0xc9, (byte)0x86, (byte)0x32, (byte)0x15, (byte)0x4f, (byte)0x58, (byte)0x83,
+        (byte)0xb1, (byte)0x67, (byte)0xa9, (byte)0x67, (byte)0xbf, (byte)0x40, (byte)0x2b, (byte)0x4e,
+        (byte)0x9e, (byte)0x2e, (byte)0x0f, (byte)0x96, (byte)0x56, (byte)0xe6, (byte)0x98, (byte)0xea,
+        (byte)0x36, (byte)0x66, (byte)0xed, (byte)0xfb, (byte)0x25, (byte)0x79, (byte)0x80, (byte)0x39,
+        (byte)0xf7
+    };
+
+    static byte[] output3 = Hex.decode(
+        "b8246b56a6ed5881aeb585d9a25b2ad790c417e080681bf1ac2bc3deb69d8bce"
+      + "f0c4366fec400af052a72e9b0effb5b3f2f192dbeaca03c12740057113bf1f06"
+      + "69ac22e9f3a7852e3c15d913cab0b8863a95c99294ce8674214954610346f4d4"
+      + "74b26f7c48b42ee68e1f572a1fc4026ac456b4f59f7b621ea1b9d88f64202fb1");
+
+    byte[]  seed = {
+                (byte)0xaa, (byte)0xfd, (byte)0x12, (byte)0xf6, (byte)0x59,
+                (byte)0xca, (byte)0xe6, (byte)0x34, (byte)0x89, (byte)0xb4,
+                (byte)0x79, (byte)0xe5, (byte)0x07, (byte)0x6d, (byte)0xde,
+                (byte)0xc2, (byte)0xf0, (byte)0x6c, (byte)0xb5, (byte)0x8f
+    };
+
+    private class VecRand extends SecureRandom
+    {
+        byte[] seed;
+
+        VecRand(byte[] seed)
+        {
+            this.seed = seed;
+        }
+
+        public void nextBytes(
+            byte[]  bytes)
+        {
+            System.arraycopy(seed, 0, bytes, 0, bytes.length);
+        }
+    }
+
+    private void baseOaepTest(
+        int     id,
+        byte[]  pubKeyEnc,
+        byte[]  privKeyEnc,
+        byte[]  output)
+        throws Exception
+    {
+        ByteArrayInputStream    bIn = new ByteArrayInputStream(pubKeyEnc);
+        ASN1InputStream         dIn = new ASN1InputStream(bIn);
+
+        //
+        // extract the public key info.
+        //
+        RSAPublicKey pubStruct;
+
+        pubStruct = RSAPublicKey.getInstance(new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject()).parsePublicKey());
+
+
+        bIn = new ByteArrayInputStream(privKeyEnc);
+        dIn = new ASN1InputStream(bIn);
+
+        //
+        // extract the private key info.
+        //
+        RSAPrivateKey privStruct;
+
+        privStruct = RSAPrivateKey.getInstance(new PrivateKeyInfo((ASN1Sequence)dIn.readObject()).parsePrivateKey());
+
+        RSAKeyParameters    pubParameters = new RSAKeyParameters(
+                                                    false,
+                                                    pubStruct.getModulus(),
+                                                    pubStruct.getPublicExponent());
+
+        RSAKeyParameters    privParameters = new RSAPrivateCrtKeyParameters(
+                                                    privStruct.getModulus(),
+                                                    privStruct.getPublicExponent(),
+                                                    privStruct.getPrivateExponent(),
+                                                    privStruct.getPrime1(),
+                                                    privStruct.getPrime2(),
+                                                    privStruct.getExponent1(),
+                                                    privStruct.getExponent2(),
+                                                    privStruct.getCoefficient());
+
+        byte[]  input = new byte[]
+                    { (byte)0x54, (byte)0x85, (byte)0x9b, (byte)0x34, (byte)0x2c, (byte)0x49, (byte)0xea, (byte)0x2a };
+
+        encDec("id(" + id + ")", pubParameters, privParameters, seed, input, output);
+
+    }
+
+    private void encDec(
+        String label,
+        RSAKeyParameters pubParameters,
+        RSAKeyParameters privParameters,
+        byte[] seed,
+        byte[] input,
+        byte[] output)
+        throws InvalidCipherTextException
+    {
+        AsymmetricBlockCipher cipher = new OAEPEncoding(new RSAEngine());
+
+        cipher.init(true, new ParametersWithRandom(pubParameters, new VecRand(seed)));
+
+        byte[]  out;
+
+        out = cipher.processBlock(input, 0, input.length);
+
+        for (int i = 0; i != output.length; i++)
+        {
+            if (out[i] != output[i])
+            {
+                fail(label + " failed encryption");
+            }
+        }
+
+        cipher.init(false, privParameters);
+
+        out = cipher.processBlock(output, 0, output.length);
+
+        for (int i = 0; i != input.length; i++)
+        {
+            if (out[i] != input[i])
+            {
+                fail(label + " failed decoding");
+            }
+        }
+    }
+
+    /*
+     * RSA vector tests from PKCS#1 page
+     */
+    byte[] modulus_1024 = Hex.decode(
+       "a8b3b284af8eb50b387034a860f146c4"
+     + "919f318763cd6c5598c8ae4811a1e0ab"
+     + "c4c7e0b082d693a5e7fced675cf46685"
+     + "12772c0cbc64a742c6c630f533c8cc72"
+     + "f62ae833c40bf25842e984bb78bdbf97"
+     + "c0107d55bdb662f5c4e0fab9845cb514"
+     + "8ef7392dd3aaff93ae1e6b667bb3d424"
+     + "7616d4f5ba10d4cfd226de88d39f16fb");
+
+    byte[] pubExp_1024 = Hex.decode(
+       "010001");
+
+    byte[] privExp_1024 = Hex.decode(
+       "53339cfdb79fc8466a655c7316aca85c"
+     + "55fd8f6dd898fdaf119517ef4f52e8fd"
+     + "8e258df93fee180fa0e4ab29693cd83b"
+     + "152a553d4ac4d1812b8b9fa5af0e7f55"
+     + "fe7304df41570926f3311f15c4d65a73"
+     + "2c483116ee3d3d2d0af3549ad9bf7cbf"
+     + "b78ad884f84d5beb04724dc7369b31de"
+     + "f37d0cf539e9cfcdd3de653729ead5d1");
+
+    byte[] prime1_1024 = Hex.decode(
+       "d32737e7267ffe1341b2d5c0d150a81b"
+     + "586fb3132bed2f8d5262864a9cb9f30a"
+     + "f38be448598d413a172efb802c21acf1"
+     + "c11c520c2f26a471dcad212eac7ca39d");
+
+    byte[] prime2_1024 = Hex.decode(
+       "cc8853d1d54da630fac004f471f281c7"
+     + "b8982d8224a490edbeb33d3e3d5cc93c"
+     + "4765703d1dd791642f1f116a0dd852be"
+     + "2419b2af72bfe9a030e860b0288b5d77");
+
+    byte[] primeExp1_1024 = Hex.decode(
+       "0e12bf1718e9cef5599ba1c3882fe804"
+     + "6a90874eefce8f2ccc20e4f2741fb0a3"
+     + "3a3848aec9c9305fbecbd2d76819967d"
+     + "4671acc6431e4037968db37878e695c1");
+
+    byte[] primeExp2_1024 = Hex.decode(
+        "95297b0f95a2fa67d00707d609dfd4fc"
+     +  "05c89dafc2ef6d6ea55bec771ea33373"
+     +  "4d9251e79082ecda866efef13c459e1a"
+     +  "631386b7e354c899f5f112ca85d71583");
+
+    byte[] crtCoef_1024 = Hex.decode(
+        "4f456c502493bdc0ed2ab756a3a6ed4d"
+     +  "67352a697d4216e93212b127a63d5411"
+     +  "ce6fa98d5dbefd73263e372814274381"
+     +  "8166ed7dd63687dd2a8ca1d2f4fbd8e1");
+
+    byte[] input_1024_1 = Hex.decode(
+        "6628194e12073db03ba94cda9ef95323"
+      + "97d50dba79b987004afefe34");
+
+    byte[] seed_1024_1 = Hex.decode(
+        "18b776ea21069d69776a33e96bad48e1"
+      + "dda0a5ef");
+
+    byte[] output_1024_1 = Hex.decode(
+        "354fe67b4a126d5d35fe36c777791a3f"
+      + "7ba13def484e2d3908aff722fad468fb"
+      + "21696de95d0be911c2d3174f8afcc201"
+      + "035f7b6d8e69402de5451618c21a535f"
+      + "a9d7bfc5b8dd9fc243f8cf927db31322"
+      + "d6e881eaa91a996170e657a05a266426"
+      + "d98c88003f8477c1227094a0d9fa1e8c"
+      + "4024309ce1ecccb5210035d47ac72e8a");
+
+    byte[] input_1024_2 = Hex.decode(
+        "750c4047f547e8e41411856523298ac9"
+      +  "bae245efaf1397fbe56f9dd5");
+
+    byte[] seed_1024_2 = Hex.decode(
+        "0cc742ce4a9b7f32f951bcb251efd925"
+      + "fe4fe35f");
+
+    byte[] output_1024_2 = Hex.decode(
+        "640db1acc58e0568fe5407e5f9b701df"
+      + "f8c3c91e716c536fc7fcec6cb5b71c11"
+      + "65988d4a279e1577d730fc7a29932e3f"
+      + "00c81515236d8d8e31017a7a09df4352"
+      + "d904cdeb79aa583adcc31ea698a4c052"
+      + "83daba9089be5491f67c1a4ee48dc74b"
+      + "bbe6643aef846679b4cb395a352d5ed1"
+      + "15912df696ffe0702932946d71492b44");
+
+    byte[] input_1024_3 = Hex.decode(
+        "d94ae0832e6445ce42331cb06d531a82"
+      + "b1db4baad30f746dc916df24d4e3c245"
+      + "1fff59a6423eb0e1d02d4fe646cf699d"
+      + "fd818c6e97b051");
+
+    byte[] seed_1024_3 = Hex.decode(
+        "2514df4695755a67b288eaf4905c36ee"
+      + "c66fd2fd");
+
+    byte[] output_1024_3 = Hex.decode(
+        "423736ed035f6026af276c35c0b3741b"
+      + "365e5f76ca091b4e8c29e2f0befee603"
+      + "595aa8322d602d2e625e95eb81b2f1c9"
+      + "724e822eca76db8618cf09c5343503a4"
+      + "360835b5903bc637e3879fb05e0ef326"
+      + "85d5aec5067cd7cc96fe4b2670b6eac3"
+      + "066b1fcf5686b68589aafb7d629b02d8"
+      + "f8625ca3833624d4800fb081b1cf94eb");
+
+    byte[] input_1024_4 = Hex.decode(
+        "52e650d98e7f2a048b4f86852153b97e"
+      + "01dd316f346a19f67a85");
+
+    byte[] seed_1024_4 = Hex.decode(
+        "c4435a3e1a18a68b6820436290a37cef"
+      + "b85db3fb");
+
+    byte[] output_1024_4 = Hex.decode(
+        "45ead4ca551e662c9800f1aca8283b05"
+      + "25e6abae30be4b4aba762fa40fd3d38e"
+      + "22abefc69794f6ebbbc05ddbb1121624"
+      + "7d2f412fd0fba87c6e3acd888813646f"
+      + "d0e48e785204f9c3f73d6d8239562722"
+      + "dddd8771fec48b83a31ee6f592c4cfd4"
+      + "bc88174f3b13a112aae3b9f7b80e0fc6"
+      + "f7255ba880dc7d8021e22ad6a85f0755");
+
+    byte[] input_1024_5 = Hex.decode(
+        "8da89fd9e5f974a29feffb462b49180f"
+      + "6cf9e802");
+
+    byte[] seed_1024_5 = Hex.decode(
+        "b318c42df3be0f83fea823f5a7b47ed5"
+      + "e425a3b5");
+
+    byte[] output_1024_5 = Hex.decode(
+        "36f6e34d94a8d34daacba33a2139d00a"
+      + "d85a9345a86051e73071620056b920e2"
+      + "19005855a213a0f23897cdcd731b4525"
+      + "7c777fe908202befdd0b58386b1244ea"
+      + "0cf539a05d5d10329da44e13030fd760"
+      + "dcd644cfef2094d1910d3f433e1c7c6d"
+      + "d18bc1f2df7f643d662fb9dd37ead905"
+      + "9190f4fa66ca39e869c4eb449cbdc439");
+
+    byte[] input_1024_6 = Hex.decode(
+        "26521050844271");
+
+    byte[] seed_1024_6 = Hex.decode(
+        "e4ec0982c2336f3a677f6a356174eb0c"
+      + "e887abc2");
+
+    byte[] output_1024_6 = Hex.decode(
+        "42cee2617b1ecea4db3f4829386fbd61"
+      + "dafbf038e180d837c96366df24c097b4"
+      + "ab0fac6bdf590d821c9f10642e681ad0"
+      + "5b8d78b378c0f46ce2fad63f74e0ad3d"
+      + "f06b075d7eb5f5636f8d403b9059ca76"
+      + "1b5c62bb52aa45002ea70baace08ded2"
+      + "43b9d8cbd62a68ade265832b56564e43"
+      + "a6fa42ed199a099769742df1539e8255");
+
+    byte[] modulus_1027 = Hex.decode(
+        "051240b6cc0004fa48d0134671c078c7"
+      + "c8dec3b3e2f25bc2564467339db38853"
+      + "d06b85eea5b2de353bff42ac2e46bc97"
+      + "fae6ac9618da9537a5c8f553c1e35762"
+      + "5991d6108dcd7885fb3a25413f53efca"
+      + "d948cb35cd9b9ae9c1c67626d113d57d"
+      + "de4c5bea76bb5bb7de96c00d07372e96"
+      + "85a6d75cf9d239fa148d70931b5f3fb0"
+      + "39");
+
+    byte[] pubExp_1027 = Hex.decode(
+        "010001");
+
+    byte[] privExp_1027 = Hex.decode(
+        "0411ffca3b7ca5e9e9be7fe38a85105e"
+      + "353896db05c5796aecd2a725161eb365"
+      + "1c8629a9b862b904d7b0c7b37f8cb5a1"
+      + "c2b54001018a00a1eb2cafe4ee4e9492"
+      + "c348bc2bedab4b9ebbf064e8eff322b9"
+      + "009f8eec653905f40df88a3cdc49d456"
+      + "7f75627d41aca624129b46a0b7c698e5"
+      + "e65f2b7ba102c749a10135b6540d0401");
+
+    byte[] prime1_1027 = Hex.decode(
+        "027458c19ec1636919e736c9af25d609"
+      + "a51b8f561d19c6bf6943dd1ee1ab8a4a"
+      + "3f232100bd40b88decc6ba235548b6ef"
+      + "792a11c9de823d0a7922c7095b6eba57"
+      + "01");
+
+    byte[] prime2_1027 = Hex.decode(
+        "0210ee9b33ab61716e27d251bd465f4b"
+      + "35a1a232e2da00901c294bf22350ce49"
+      + "0d099f642b5375612db63ba1f2038649"
+      + "2bf04d34b3c22bceb909d13441b53b51"
+      + "39");
+
+    byte[] primeExp1_1027 = Hex.decode(
+        "39fa028b826e88c1121b750a8b242fa9"
+      + "a35c5b66bdfd1fa637d3cc48a84a4f45"
+      + "7a194e7727e49f7bcc6e5a5a412657fc"
+      + "470c7322ebc37416ef458c307a8c0901");
+
+    byte[] primeExp2_1027 = Hex.decode(
+        "015d99a84195943979fa9e1be2c3c1b6"
+      + "9f432f46fd03e47d5befbbbfd6b1d137"
+      + "1d83efb330a3e020942b2fed115e5d02"
+      + "be24fd92c9019d1cecd6dd4cf1e54cc8"
+      + "99");
+
+    byte[] crtCoef_1027 = Hex.decode(
+        "01f0b7015170b3f5e42223ba30301c41"
+      + "a6d87cbb70e30cb7d3c67d25473db1f6"
+      + "cbf03e3f9126e3e97968279a865b2c2b"
+      + "426524cfc52a683d31ed30eb984be412"
+      + "ba");
+
+    byte[] input_1027_1 = Hex.decode(
+        "4a86609534ee434a6cbca3f7e962e76d"
+      + "455e3264c19f605f6e5ff6137c65c56d"
+      + "7fb344cd52bc93374f3d166c9f0c6f9c"
+      + "506bad19330972d2");
+
+    byte[] seed_1027_1 = Hex.decode(
+        "1cac19ce993def55f98203f6852896c9"
+      + "5ccca1f3");
+
+    byte[] output_1027_1 = Hex.decode(
+        "04cce19614845e094152a3fe18e54e33"
+      + "30c44e5efbc64ae16886cb1869014cc5"
+      + "781b1f8f9e045384d0112a135ca0d12e"
+      + "9c88a8e4063416deaae3844f60d6e96f"
+      + "e155145f4525b9a34431ca3766180f70"
+      + "e15a5e5d8e8b1a516ff870609f13f896"
+      + "935ced188279a58ed13d07114277d75c"
+      + "6568607e0ab092fd803a223e4a8ee0b1"
+      + "a8");
+
+    byte[] input_1027_2 = Hex.decode(
+        "b0adc4f3fe11da59ce992773d9059943"
+      + "c03046497ee9d9f9a06df1166db46d98"
+      + "f58d27ec074c02eee6cbe2449c8b9fc5"
+      + "080c5c3f4433092512ec46aa793743c8");
+
+    byte[] seed_1027_2 = Hex.decode(
+        "f545d5897585e3db71aa0cb8da76c51d"
+      + "032ae963");
+
+    byte[] output_1027_2 = Hex.decode(
+        "0097b698c6165645b303486fbf5a2a44"
+      + "79c0ee85889b541a6f0b858d6b6597b1"
+      + "3b854eb4f839af03399a80d79bda6578"
+      + "c841f90d645715b280d37143992dd186"
+      + "c80b949b775cae97370e4ec97443136c"
+      + "6da484e970ffdb1323a20847821d3b18"
+      + "381de13bb49aaea66530c4a4b8271f3e"
+      + "ae172cd366e07e6636f1019d2a28aed1"
+      + "5e");
+
+    byte[] input_1027_3 = Hex.decode(
+        "bf6d42e701707b1d0206b0c8b45a1c72"
+      + "641ff12889219a82bdea965b5e79a96b"
+      + "0d0163ed9d578ec9ada20f2fbcf1ea3c"
+      + "4089d83419ba81b0c60f3606da99");
+
+    byte[] seed_1027_3 = Hex.decode(
+        "ad997feef730d6ea7be60d0dc52e72ea"
+      + "cbfdd275");
+
+    byte[] output_1027_3 = Hex.decode(
+        "0301f935e9c47abcb48acbbe09895d9f"
+      + "5971af14839da4ff95417ee453d1fd77"
+      + "319072bb7297e1b55d7561cd9d1bb24c"
+      + "1a9a37c619864308242804879d86ebd0"
+      + "01dce5183975e1506989b70e5a834341"
+      + "54d5cbfd6a24787e60eb0c658d2ac193"
+      + "302d1192c6e622d4a12ad4b53923bca2"
+      + "46df31c6395e37702c6a78ae081fb9d0"
+      + "65");
+
+    byte[] input_1027_4 = Hex.decode(
+        "fb2ef112f5e766eb94019297934794f7"
+      + "be2f6fc1c58e");
+
+    byte[] seed_1027_4 = Hex.decode(
+        "136454df5730f73c807a7e40d8c1a312"
+      + "ac5b9dd3");
+
+    byte[] output_1027_4 = Hex.decode(
+        "02d110ad30afb727beb691dd0cf17d0a"
+      + "f1a1e7fa0cc040ec1a4ba26a42c59d0a"
+      + "796a2e22c8f357ccc98b6519aceb682e"
+      + "945e62cb734614a529407cd452bee3e4"
+      + "4fece8423cc19e55548b8b994b849c7e"
+      + "cde4933e76037e1d0ce44275b08710c6"
+      + "8e430130b929730ed77e09b015642c55"
+      + "93f04e4ffb9410798102a8e96ffdfe11"
+      + "e4");
+
+    byte[] input_1027_5 = Hex.decode(
+        "28ccd447bb9e85166dabb9e5b7d1adad"
+      + "c4b9d39f204e96d5e440ce9ad928bc1c"
+      + "2284");
+
+    byte[] seed_1027_5 = Hex.decode(
+        "bca8057f824b2ea257f2861407eef63d"
+      + "33208681");
+
+    byte[] output_1027_5 = Hex.decode(
+        "00dbb8a7439d90efd919a377c54fae8f"
+      + "e11ec58c3b858362e23ad1b8a4431079"
+      + "9066b99347aa525691d2adc58d9b06e3"
+      + "4f288c170390c5f0e11c0aa3645959f1"
+      + "8ee79e8f2be8d7ac5c23d061f18dd74b"
+      + "8c5f2a58fcb5eb0c54f99f01a8324756"
+      + "8292536583340948d7a8c97c4acd1e98"
+      + "d1e29dc320e97a260532a8aa7a758a1e"
+      + "c2");
+
+    byte[] input_1027_6 = Hex.decode(
+        "f22242751ec6b1");
+
+    byte[] seed_1027_6 = Hex.decode(
+        "2e7e1e17f647b5ddd033e15472f90f68"
+      + "12f3ac4e");
+
+    byte[] output_1027_6 = Hex.decode(
+        "00a5ffa4768c8bbecaee2db77e8f2eec"
+      + "99595933545520835e5ba7db9493d3e1"
+      + "7cddefe6a5f567624471908db4e2d83a"
+      + "0fbee60608fc84049503b2234a07dc83"
+      + "b27b22847ad8920ff42f674ef79b7628"
+      + "0b00233d2b51b8cb2703a9d42bfbc825"
+      + "0c96ec32c051e57f1b4ba528db89c37e"
+      + "4c54e27e6e64ac69635ae887d9541619"
+      + "a9");
+
+    private void oaepVecTest(
+        int keySize,
+        int no,
+        RSAKeyParameters pubParam,
+        RSAKeyParameters privParam,
+        byte[] seed,
+        byte[] input,
+        byte[] output)
+        throws Exception
+    {
+        encDec(keySize + " " + no, pubParam, privParam, seed, input, output);
+    }
+
+    public OAEPTest()
+    {
+    }
+
+    public String getName()
+    {
+        return "OAEP";
+    }
+
+    public void performTest() throws Exception
+    {
+        baseOaepTest(1, pubKeyEnc1, privKeyEnc1, output1);
+        baseOaepTest(2, pubKeyEnc2, privKeyEnc2, output2);
+        baseOaepTest(3, pubKeyEnc3, privKeyEnc3, output3);
+
+        RSAKeyParameters pubParam = new RSAKeyParameters(false, new BigInteger(1, modulus_1024), new BigInteger(1, pubExp_1024));
+        RSAKeyParameters privParam = new RSAPrivateCrtKeyParameters(pubParam.getModulus(), pubParam.getExponent(), new BigInteger(1, privExp_1024), new BigInteger(1, prime1_1024), new BigInteger(1, prime2_1024), new BigInteger(1, primeExp1_1024), new BigInteger(1, primeExp2_1024), new BigInteger(1, crtCoef_1024));
+
+        oaepVecTest(1024, 1, pubParam, privParam, seed_1024_1, input_1024_1, output_1024_1);
+        oaepVecTest(1024, 2, pubParam, privParam, seed_1024_2, input_1024_2, output_1024_2);
+        oaepVecTest(1024, 3, pubParam, privParam, seed_1024_3, input_1024_3, output_1024_3);
+        oaepVecTest(1024, 4, pubParam, privParam, seed_1024_4, input_1024_4, output_1024_4);
+        oaepVecTest(1024, 5, pubParam, privParam, seed_1024_5, input_1024_5, output_1024_5);
+        oaepVecTest(1024, 6, pubParam, privParam, seed_1024_6, input_1024_6, output_1024_6);
+
+        pubParam = new RSAKeyParameters(false, new BigInteger(1, modulus_1027), new BigInteger(1, pubExp_1027));
+        privParam = new RSAPrivateCrtKeyParameters(pubParam.getModulus(), pubParam.getExponent(), new BigInteger(1, privExp_1027), new BigInteger(1, prime1_1027), new BigInteger(1, prime2_1027), new BigInteger(1, primeExp1_1027), new BigInteger(1, primeExp2_1027), new BigInteger(1, crtCoef_1027));
+
+        oaepVecTest(1027, 1, pubParam, privParam, seed_1027_1, input_1027_1, output_1027_1);
+        oaepVecTest(1027, 2, pubParam, privParam, seed_1027_2, input_1027_2, output_1027_2);
+        oaepVecTest(1027, 3, pubParam, privParam, seed_1027_3, input_1027_3, output_1027_3);
+        oaepVecTest(1027, 4, pubParam, privParam, seed_1027_4, input_1027_4, output_1027_4);
+        oaepVecTest(1027, 5, pubParam, privParam, seed_1027_5, input_1027_5, output_1027_5);
+        oaepVecTest(1027, 6, pubParam, privParam, seed_1027_6, input_1027_6, output_1027_6);
+
+        //
+        // OAEP - public encrypt, private decrypt  differring hashes
+        //
+        AsymmetricBlockCipher cipher = new OAEPEncoding(new RSAEngine(), new SHA256Digest(), new SHA1Digest(), new byte[10]);
+
+        cipher.init(true, new ParametersWithRandom(pubParam, new SecureRandom()));
+
+        byte[] input = new byte[10];
+
+        byte[] out = cipher.processBlock(input, 0, input.length);
+
+        cipher.init(false, privParam);
+
+        out = cipher.processBlock(out, 0, out.length);
+
+        for (int i = 0; i != input.length; i++)
+        {
+            if (out[i] != input[i])
+            {
+                fail("mixed digest failed decoding");
+            }
+        }
+
+        cipher = new OAEPEncoding(new RSAEngine(), new SHA1Digest(), new SHA256Digest(), new byte[10]);
+
+        cipher.init(true, new ParametersWithRandom(pubParam, new SecureRandom()));
+
+        out = cipher.processBlock(input, 0, input.length);
+
+        cipher.init(false, privParam);
+
+        out = cipher.processBlock(out, 0, out.length);
+
+        for (int i = 0; i != input.length; i++)
+        {
+            if (out[i] != input[i])
+            {
+                fail("mixed digest failed decoding");
+            }
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new OAEPTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/OCBTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/OCBTest.java
new file mode 100644
index 0000000..26d7d12
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/OCBTest.java
@@ -0,0 +1,520 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.modes.AEADBlockCipher;
+import org.bouncycastle.crypto.modes.OCBBlockCipher;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Times;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test vectors from <a href="http://tools.ietf.org/html/rfc7253">RFC 7253 on The OCB
+ * Authenticated-Encryption Algorithm</a>
+ */
+public class OCBTest
+    extends SimpleTest
+{
+    private static final String KEY_128 = "000102030405060708090A0B0C0D0E0F";
+    private static final String KEY_96 = "0F0E0D0C0B0A09080706050403020100";
+
+    /*
+     * Test vectors from Appendix A of the specification, containing the strings N, A, P, C in order
+     */
+
+    private static final String[][] TEST_VECTORS_128 = new String[][]{
+        { "BBAA99887766554433221100",
+          "",
+          "",
+          "785407BFFFC8AD9EDCC5520AC9111EE6" },
+        { "BBAA99887766554433221101",
+          "0001020304050607",
+          "0001020304050607",
+          "6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009" },
+        { "BBAA99887766554433221102",
+          "0001020304050607",
+          "",
+          "81017F8203F081277152FADE694A0A00" },
+        { "BBAA99887766554433221103",
+          "",
+          "0001020304050607",
+          "45DD69F8F5AAE72414054CD1F35D82760B2CD00D2F99BFA9" },
+        { "BBAA99887766554433221104",
+          "000102030405060708090A0B0C0D0E0F",
+          "000102030405060708090A0B0C0D0E0F",
+          "571D535B60B277188BE5147170A9A22C3AD7A4FF3835B8C5701C1CCEC8FC3358" },
+        { "BBAA99887766554433221105",
+          "000102030405060708090A0B0C0D0E0F",
+          "",
+          "8CF761B6902EF764462AD86498CA6B97" },
+        { "BBAA99887766554433221106",
+          "",
+          "000102030405060708090A0B0C0D0E0F",
+          "5CE88EC2E0692706A915C00AEB8B2396F40E1C743F52436BDF06D8FA1ECA343D" },
+        { "BBAA99887766554433221107",
+          "000102030405060708090A0B0C0D0E0F1011121314151617",
+          "000102030405060708090A0B0C0D0E0F1011121314151617",
+          "1CA2207308C87C010756104D8840CE1952F09673A448A122C92C62241051F57356D7F3C90BB0E07F" },
+        { "BBAA99887766554433221108",
+          "000102030405060708090A0B0C0D0E0F1011121314151617",
+          "",
+          "6DC225A071FC1B9F7C69F93B0F1E10DE" },
+        { "BBAA99887766554433221109",
+          "",
+          "000102030405060708090A0B0C0D0E0F1011121314151617",
+          "221BD0DE7FA6FE993ECCD769460A0AF2D6CDED0C395B1C3CE725F32494B9F914D85C0B1EB38357FF" },
+        { "BBAA9988776655443322110A",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+          "BD6F6C496201C69296C11EFD138A467ABD3C707924B964DEAFFC40319AF5A48540FBBA186C5553C68AD9F592A79A4240" },
+        { "BBAA9988776655443322110B",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+          "",
+          "FE80690BEE8A485D11F32965BC9D2A32" },
+        { "BBAA9988776655443322110C",
+          "",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+          "2942BFC773BDA23CABC6ACFD9BFD5835BD300F0973792EF46040C53F1432BCDFB5E1DDE3BC18A5F840B52E653444D5DF" },
+        { "BBAA9988776655443322110D",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+          "D5CA91748410C1751FF8A2F618255B68A0A12E093FF454606E59F9C1D0DDC54B65E8628E568BAD7AED07BA06A4A69483A7035490C5769E60" },
+        { "BBAA9988776655443322110E",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+          "",
+          "C5CD9D1850C141E358649994EE701B68" },
+        { "BBAA9988776655443322110F",
+          "",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+          "4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15A5DDBFC5787E50B5CC55EE507BCB084E479AD363AC366B95A98CA5F3000B1479" },
+    };
+
+    private static final String[][] TEST_VECTORS_96 = new String[][]{
+        { "BBAA9988776655443322110D",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+          "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+          "1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FDAC4F02AA" },
+    };
+
+    public String getName()
+    {
+        return "OCB";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        byte[] K128 = Hex.decode(KEY_128);
+        for (int i = 0; i < TEST_VECTORS_128.length; ++i)
+        {
+            runTestCase("Test Case " + i, TEST_VECTORS_128[i], 128, K128);
+        }
+
+        byte[] K96 = Hex.decode(KEY_96);
+        for (int i = 0; i < TEST_VECTORS_96.length; ++i)
+        {
+            runTestCase("Test Case " + i, TEST_VECTORS_96[i], 96, K96);
+        }
+
+        runLongerTestCase(128, 128, "67E944D23256C5E0B6C61FA22FDF1EA2");
+        runLongerTestCase(192, 128, "F673F2C3E7174AAE7BAE986CA9F29E17");
+        runLongerTestCase(256, 128, "D90EB8E9C977C88B79DD793D7FFA161C");
+        runLongerTestCase(128, 96, "77A3D8E73589158D25D01209");
+        runLongerTestCase(192, 96, "05D56EAD2752C86BE6932C5E");
+        runLongerTestCase(256, 96, "5458359AC23B0CBA9E6330DD");
+        runLongerTestCase(128, 64, "192C9B7BD90BA06A");
+        runLongerTestCase(192, 64, "0066BC6E0EF34E24");
+        runLongerTestCase(256, 64, "7D4EA5D445501CBE");
+
+        randomTests();
+        outputSizeTests();
+        testExceptions();
+    }
+
+    private void testExceptions() throws InvalidCipherTextException
+    {
+        AEADBlockCipher ocb = createOCBCipher();
+
+        try
+        {
+            ocb = new OCBBlockCipher(new DESEngine(), new DESEngine());
+
+            fail("incorrect block size not picked up");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+
+        try
+        {
+            ocb.init(false, new KeyParameter(new byte[16]));
+
+            fail("illegal argument not picked up");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+
+        AEADTestUtil.testReset(this, createOCBCipher(), createOCBCipher(), new AEADParameters(new KeyParameter(new byte[16]), 128, new byte[15]));
+        AEADTestUtil.testTampering(this, ocb, new AEADParameters(new KeyParameter(new byte[16]), 128, new byte[15]));
+        AEADTestUtil.testOutputSizes(this, createOCBCipher(), new AEADParameters(new KeyParameter(new byte[16]), 128,
+                new byte[15]));
+        AEADTestUtil.testBufferSizeChecks(this, createOCBCipher(), new AEADParameters(new KeyParameter(new byte[16]),
+                128, new byte[15]));
+    }
+
+    private void runTestCase(String testName, String[] testVector, int macLengthBits, byte[] K)
+        throws InvalidCipherTextException
+    {
+        int pos = 0;
+        byte[] N = Hex.decode(testVector[pos++]);
+        byte[] A = Hex.decode(testVector[pos++]);
+        byte[] P = Hex.decode(testVector[pos++]);
+        byte[] C = Hex.decode(testVector[pos++]);
+
+        int macLengthBytes = macLengthBits / 8;
+
+        KeyParameter keyParameter = new KeyParameter(K);
+        AEADParameters parameters = new AEADParameters(keyParameter, macLengthBits, N, A);
+
+        AEADBlockCipher encCipher = initOCBCipher(true, parameters);
+        AEADBlockCipher decCipher = initOCBCipher(false, parameters);
+
+        checkTestCase(encCipher, decCipher, testName, macLengthBytes, P, C);
+        checkTestCase(encCipher, decCipher, testName + " (reused)", macLengthBytes, P, C);
+
+        // Key reuse
+        AEADParameters keyReuseParams = AEADTestUtil.reuseKey(parameters);
+        encCipher.init(true, keyReuseParams);
+        decCipher.init(false, keyReuseParams);
+        checkTestCase(encCipher, decCipher, testName + " (key reuse)", macLengthBytes, P, C);
+    }
+
+    private BlockCipher createUnderlyingCipher()
+    {
+        return new AESEngine();
+    }
+
+    private AEADBlockCipher createOCBCipher()
+    {
+        return new OCBBlockCipher(createUnderlyingCipher(), createUnderlyingCipher());
+    }
+
+    private AEADBlockCipher initOCBCipher(boolean forEncryption, AEADParameters parameters)
+    {
+        AEADBlockCipher c = createOCBCipher();
+        c.init(forEncryption, parameters);
+        return c;
+    }
+
+    private void checkTestCase(AEADBlockCipher encCipher, AEADBlockCipher decCipher, String testName,
+        int macLengthBytes, byte[] P, byte[] C)
+        throws InvalidCipherTextException
+    {
+        byte[] tag = Arrays.copyOfRange(C, C.length - macLengthBytes, C.length);
+
+        {
+            byte[] enc = new byte[encCipher.getOutputSize(P.length)];
+            int len = encCipher.processBytes(P, 0, P.length, enc, 0);
+            len += encCipher.doFinal(enc, len);
+
+            if (enc.length != len)
+            {
+                fail("encryption reported incorrect length: " + testName);
+            }
+
+            if (!areEqual(C, enc))
+            {
+                fail("incorrect encrypt in: " + testName);
+            }
+
+            if (!areEqual(tag, encCipher.getMac()))
+            {
+                fail("getMac() not the same as the appended tag: " + testName);
+            }
+        }
+
+        {
+            byte[] dec = new byte[decCipher.getOutputSize(C.length)];
+            int len = decCipher.processBytes(C, 0, C.length, dec, 0);
+            len += decCipher.doFinal(dec, len);
+
+            if (dec.length != len)
+            {
+                fail("decryption reported incorrect length: " + testName);
+            }
+
+            if (!areEqual(P, dec))
+            {
+                fail("incorrect decrypt in: " + testName);
+            }
+
+            if (!areEqual(tag, decCipher.getMac()))
+            {
+                fail("getMac() not the same as the appended tag: " + testName);
+            }
+        }
+    }
+
+    private void runLongerTestCase(int keyLen, int tagLen, String expectedOutputHex)
+        throws InvalidCipherTextException
+    {
+        byte[] expectedOutput = Hex.decode(expectedOutputHex);
+        byte[] keyBytes = new byte[keyLen / 8];
+        keyBytes[keyBytes.length - 1] = (byte)tagLen;
+        KeyParameter key = new KeyParameter(keyBytes);
+
+        AEADBlockCipher c1 = initOCBCipher(true, new AEADParameters(key, tagLen, createNonce(385)));
+        AEADBlockCipher c2 = createOCBCipher();
+
+        long total = 0;
+
+        byte[] S = new byte[128];
+
+        int n = 0;
+        for (int i = 0; i < 128; ++i)
+        {
+            c2.init(true, new AEADParameters(key, tagLen, createNonce(++n)));
+            total += updateCiphers(c1, c2, S, i, true, true);
+            c2.init(true, new AEADParameters(key, tagLen, createNonce(++n)));
+            total += updateCiphers(c1, c2, S, i, false, true);
+            c2.init(true, new AEADParameters(key, tagLen, createNonce(++n)));
+            total += updateCiphers(c1, c2, S, i, true, false);
+        }
+
+        long expectedTotal = 16256 + (48 * tagLen);
+
+        if (total != expectedTotal)
+        {
+            fail("test generated the wrong amount of input: " + total);
+        }
+
+        byte[] output = new byte[c1.getOutputSize(0)];
+        c1.doFinal(output, 0);
+
+        if (!areEqual(expectedOutput, output))
+        {
+            fail("incorrect encrypt in long-form test");
+        }
+    }
+
+    private byte[] createNonce(int n)
+    {
+        return new byte[]{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte)(n >>> 8), (byte)n };
+    }
+
+    private int updateCiphers(AEADBlockCipher c1, AEADBlockCipher c2, byte[] S, int i,
+        boolean includeAAD, boolean includePlaintext)
+        throws InvalidCipherTextException
+    {
+        int inputLen = includePlaintext ? i : 0;
+        int outputLen = c2.getOutputSize(inputLen);
+
+        byte[] output = new byte[outputLen];
+
+        int len = 0;
+
+        if (includeAAD)
+        {
+            c2.processAADBytes(S, 0, i);
+        }
+
+        if (includePlaintext)
+        {
+            len += c2.processBytes(S, 0, i, output, len);
+        }
+
+        len += c2.doFinal(output, len);
+
+        c1.processAADBytes(output, 0, len);
+
+        return len;
+    }
+
+    private void randomTests()
+        throws InvalidCipherTextException
+    {
+        SecureRandom srng = new SecureRandom();
+        srng.setSeed(Times.nanoTime());
+        for (int i = 0; i < 10; ++i)
+        {
+            randomTest(srng);
+        }
+    }
+
+    private void randomTest(SecureRandom srng)
+        throws InvalidCipherTextException
+    {
+        int kLength = 16 + 8 * (Math.abs(srng.nextInt()) % 3);
+        byte[] K = new byte[kLength];
+        srng.nextBytes(K);
+
+        int pLength = srng.nextInt() >>> 16;
+        byte[] P = new byte[pLength];
+        srng.nextBytes(P);
+
+        int aLength = srng.nextInt() >>> 24;
+        byte[] A = new byte[aLength];
+        srng.nextBytes(A);
+
+        int saLength = srng.nextInt() >>> 24;
+        byte[] SA = new byte[saLength];
+        srng.nextBytes(SA);
+
+        int ivLength = 1 + nextInt(srng, 15);
+        byte[] IV = new byte[ivLength];
+        srng.nextBytes(IV);
+
+        AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A);
+        AEADBlockCipher cipher = initOCBCipher(true, parameters);
+        byte[] C = new byte[cipher.getOutputSize(P.length)];
+        int predicted = cipher.getUpdateOutputSize(P.length);
+
+        int split = nextInt(srng, SA.length + 1);
+        cipher.processAADBytes(SA, 0, split);
+        int len = cipher.processBytes(P, 0, P.length, C, 0);
+        cipher.processAADBytes(SA, split, SA.length - split);
+
+        if (predicted != len)
+        {
+            fail("encryption reported incorrect update length in randomised test");
+        }
+
+        len += cipher.doFinal(C, len);
+
+        if (C.length != len)
+        {
+            fail("encryption reported incorrect length in randomised test");
+        }
+
+        byte[] encT = cipher.getMac();
+        byte[] tail = new byte[C.length - P.length];
+        System.arraycopy(C, P.length, tail, 0, tail.length);
+
+        if (!areEqual(encT, tail))
+        {
+            fail("stream contained wrong mac in randomised test");
+        }
+
+        cipher.init(false, parameters);
+        byte[] decP = new byte[cipher.getOutputSize(C.length)];
+        predicted = cipher.getUpdateOutputSize(C.length);
+
+        split = nextInt(srng, SA.length + 1);
+        cipher.processAADBytes(SA, 0, split);
+        len = cipher.processBytes(C, 0, C.length, decP, 0);
+        cipher.processAADBytes(SA, split, SA.length - split);
+
+        if (predicted != len)
+        {
+            fail("decryption reported incorrect update length in randomised test");
+        }
+
+        len += cipher.doFinal(decP, len);
+
+        if (!areEqual(P, decP))
+        {
+            fail("incorrect decrypt in randomised test");
+        }
+
+        byte[] decT = cipher.getMac();
+        if (!areEqual(encT, decT))
+        {
+            fail("decryption produced different mac from encryption");
+        }
+
+        //
+        // key reuse test
+        //
+        cipher.init(false, AEADTestUtil.reuseKey(parameters));
+        decP = new byte[cipher.getOutputSize(C.length)];
+
+        split = nextInt(srng, SA.length + 1);
+        cipher.processAADBytes(SA, 0, split);
+        len = cipher.processBytes(C, 0, C.length, decP, 0);
+        cipher.processAADBytes(SA, split, SA.length - split);
+
+        len += cipher.doFinal(decP, len);
+
+        if (!areEqual(P, decP))
+        {
+            fail("incorrect decrypt in randomised test");
+        }
+
+        decT = cipher.getMac();
+        if (!areEqual(encT, decT))
+        {
+            fail("decryption produced different mac from encryption");
+        }
+    }
+
+    private void outputSizeTests()
+    {
+        byte[] K = new byte[16];
+        byte[] A = null;
+        byte[] IV = new byte[15];
+
+        AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A);
+        AEADBlockCipher cipher = initOCBCipher(true, parameters);
+
+        if (cipher.getUpdateOutputSize(0) != 0)
+        {
+            fail("incorrect getUpdateOutputSize for initial 0 bytes encryption");
+        }
+
+        if (cipher.getOutputSize(0) != 16)
+        {
+            fail("incorrect getOutputSize for initial 0 bytes encryption");
+        }
+
+        cipher.init(false, parameters);
+
+        if (cipher.getUpdateOutputSize(0) != 0)
+        {
+            fail("incorrect getUpdateOutputSize for initial 0 bytes decryption");
+        }
+
+        // NOTE: 0 bytes would be truncated data, but we want it to fail in the doFinal, not here
+        if (cipher.getOutputSize(0) != 0)
+        {
+            fail("fragile getOutputSize for initial 0 bytes decryption");
+        }
+
+        if (cipher.getOutputSize(16) != 0)
+        {
+            fail("incorrect getOutputSize for initial MAC-size bytes decryption");
+        }
+    }
+
+    private static int nextInt(SecureRandom rand, int n)
+    {
+        if ((n & -n) == n)  // i.e., n is a power of 2
+        {
+            return (int)((n * (long)(rand.nextInt() >>> 1)) >> 31);
+        }
+
+        int bits, value;
+        do
+        {
+            bits = rand.nextInt() >>> 1;
+            value = bits % n;
+        }
+        while (bits - value + (n - 1) < 0);
+
+        return value;
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new OCBTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/OpenBSDBCryptTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/OpenBSDBCryptTest.java
new file mode 100644
index 0000000..1355f3a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/OpenBSDBCryptTest.java
@@ -0,0 +1,141 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.generators.OpenBSDBCrypt;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class OpenBSDBCryptTest
+    extends SimpleTest
+{
+
+    private final static String[][] bcryptTest1 = // vectors from http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/wrapper.c?rev=HEAD
+        {
+            {"$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW",
+                "U*U"},
+            {"$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK",
+                "U*U*"},
+            {"$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a",
+                "U*U*U"},
+            {"$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy",
+                ""},
+            {"$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui",
+                "0123456789abcdefghijklmnopqrstuvwxyz"
+                    + "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+                    + "chars after 72 are ignored"},
+        };
+
+    private final static String[] bcryptTest2 = { // from: http://openwall.info/wiki/john/sample-hashes
+        "$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe", "password"
+    };
+
+    private final static String[] bcryptTest2b = { // from: http://stackoverflow.com/questions/11654684/verifying-a-bcrypt-hash
+        "$2a$10$.TtQJ4Jr6isd4Hp.mVfZeuh6Gws4rOQ/vdBczhDx.19NFK0Y84Dle", "ππππππππ"
+    };
+
+    private final static String[][] bcryptTest3 = // from: https://bitbucket.org/vadim/bcrypt.net/src/464c41416dc9/BCrypt.Net.Test/TestBCrypt.cs - plain - salt - expected
+        {
+            {"", "$2a$06$DCq7YPn5Rq63x1Lad4cll.", "$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s."},
+            {"", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye"},
+            {"", "$2a$10$k1wbIrmNyFAPwPVPSVa/ze", "$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW"},
+            {"", "$2a$12$k42ZFHFWqBp3vWli.nIn8u", "$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO"},
+            {"a", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe"},
+            {"a", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfe", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V."},
+            {"a", "$2a$10$k87L/MF28Q673VKh8/cPi.", "$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u"},
+            {"a", "$2a$12$8NJH3LsPrANStV6XtBakCe", "$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS"},
+            {"abc", "$2a$06$If6bvum7DFjUnE9p2uDeDu", "$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i"},
+            {"abc", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7O", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm"},
+            {"abc", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi"},
+            {"abc", "$2a$12$EXRkfkdmXn2gzds2SSitu.", "$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q"},
+            {"abcdefghijklmnopqrstuvwxyz", "$2a$06$.rCVZVOThsIa97pEDOxvGu", "$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC"},
+            {"abcdefghijklmnopqrstuvwxyz", "$2a$08$aTsUwsyowQuzRrDqFflhge", "$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz."},
+            {"abcdefghijklmnopqrstuvwxyz", "$2a$10$fVH8e28OQRj9tqiDXs1e1u", "$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq"},
+            {"abcdefghijklmnopqrstuvwxyz", "$2a$12$D4G5f18o7aMMfwasBL7Gpu", "$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG"},
+            {"~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2a$06$fPIsBO8qRqkjj273rfaOI.", "$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO"},
+            {"~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2a$08$Eq2r4G/76Wv39MzSX262hu", "$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW"},
+            {"~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS"},
+            {"~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2a$12$WApznUOJfkEGSmYRfnkrPO", "$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC"},
+        };
+
+    private static final String[][] bcryptTest4 = { // from: https://github.com/ChrisMcKee/cryptsharp/blob/master/Tests/vectors/BCrypt.txt
+        {"n6HyjrYTo/r4lgjvM7L<`iM", "$2a$07$XPrYfnqc5ankSHnRfmPVu.A0trKq3VdczdbJjKaWIksKF.GfFCxv."},
+        {"~s0quB/K8zRtRT:QtZr`s|^O", "$2a$07$5zzz8omiaStXwOetWwlmuePPRwUt0jhNBPYGGgAMcUDvqsGVqv9Cy"},
+        {"r>8y3uE}6<7nI34?Q2rR0JEw", "$2a$07$k5AH9bO9aplPYdZMZ155qOcY1FewMXcupWewW6fViUtsVQ2Umg6LS"},
+        {">l_7}xxH3|Cr{dCR[HTUN@k~", "$2a$05$24xz81ZZsMUMm940bbWMCeHsO.s6A3MG0JZzm4y3.Ti6P96bz6RN6"},
+        {"D`lCFYTe9_8IW6nEB:oPjEk/S", "$2a$05$bA1xkp4NqFvDmtQJtDO9CugW0INxQLpMZha8AaHmBj9Zg9HlfQtBa"},
+        {"UBGYU6|a|RpA:bp[;}p.ZY4f1", "$2a$08$gu4KBnkla.bEqHiwaJ8.z.0ixfzE1Q0/iPfmpfRmUA.NUhUdZboxa"},
+        {"O9X[kP6{63F3rXKtN>n?zh2_", "$2a$04$yRZW9xEsqN9DL19jveqFyO1bljZ0r5KNCYqQzMqYpDB7XHWqDWNGC"},
+        {":Sa:BknepsG}\\5dOj>kh0KAk", "$2a$04$KhDTFUlakUsPNuLQSgyr7.xQZxkTSIvo0nFw0XyjvrH6n5kZkYDLG"},// extra escape sequence added
+        {"2_9J6k:{z?SSjCzL/GT/5CMgc", "$2a$05$eN1jCXDxN9HmuIARJlwH4ewsEyYbAmq7Cw99gEHqGRXtWyrRNLScy"},
+
+        {"2KNy`Kodau14?s8XVru<IIw0eDw|.64MM^Wtv;3sfZt~3`2QN6/U]0^1HtETqWHt<lMfD-LX::zo7AcNLQ.Q.@.g5kX`j7hRi", "$2a$04$xUNE1aUuNlpNwSOuz1VpjuBgW95ImLccIquQxyGLeinucvokg2Ale"},
+        {"0yWE>E;h/kdCRd@T]fQiv`Vz]KC0zaIAIeyY4zcooQ0^DfP{hHsw9?atO}CxbkbnK-LxUe;|FiBEluVqO@ysHhXQDdXPt0p", "$2a$07$pNHi/IxrSUohtsD5/eIv4O324ZPGfJE7mUAaNpIPkpyxjW9kqIk76"},
+        {"ilWj~2mLBa1Pq`sxrW8fNNq:XF0@KP5RLW9u?[E_wwkROmCSWudYoS5I2HGI-1-?Pd0zVxTIeNbF;nLDUGtce{8dHmx90:;N<8", "$2a$07$ePVgkQl8QKSG2Xv6o0bnOe4SZp4ejag5CP44tjxfmY17F5VzRgwF6"},
+        {"dj~OsXmQGj6FXnPGgwg9]G@75~L@G[|e<hgh2vaNqIyYZPh@M;I1DTgZS/~Q:i[6d]oei:hBw4}{}y7k9K^4SoN}wb8mrg[", "$2a$04$BZT7YoAYAgtNkD0/BOl.jOi0dDni7WtmB8.wAebHeHkOs.TpRgml."},
+        {"7;PjW]RYJoZXf.r2M^Mm1jVIe0wJ=Kdd2iUBuu1v3HGI1-S[TB6yg{0~:nbpeA08dysS5d}@Oxbrpj[~i-60mpq1WZqQmSVpnR", "$2a$07$fa9NDzoPKiSWC67cP/tj2OqE0PqvGwzRoJiCKj.czyqKyvpdtVpKe"},
+        {"8nv;PAN~-FQ]Emh@.TKG=^.t8R0EQC0T?x9|9g4xzxYmSbBO1qDx8kv-ehh0IBv>3KWhz.Z~jUF0tt8[5U@8;5:=[v6pf.IEJ", "$2a$08$eXo9KDc1BZyybBgMurpcD.GA1/ch3XhgBnIH10Xvjc2ogZaGg3t/m"},
+    };
+
+    public String getName()
+    {
+        return "OpenBSDBCrypt";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        for (int i = 0; i < bcryptTest1.length; i++)
+        {
+            String[] testString = bcryptTest1[i];
+            String encoded = testString[0];
+            String password = testString[1];
+            if (!OpenBSDBCrypt.checkPassword(encoded, password.toCharArray()))
+            {
+                fail("test1 mismatch: " + "[" + i + "] " + password);
+            }
+        }
+
+        String encoded = bcryptTest2[0];
+        String password = bcryptTest2[1];
+        if (!OpenBSDBCrypt.checkPassword(encoded, password.toCharArray()))
+        {
+            fail("bcryptTest2 mismatch: " + password);
+        }
+
+
+        encoded = bcryptTest2b[0];
+        password = bcryptTest2b[1];
+        if (!OpenBSDBCrypt.checkPassword(encoded, password.toCharArray()))
+        {
+            fail("bcryptTest2b mismatch: " + password);
+        }
+
+
+        for (int i = 0; i < bcryptTest3.length; i++)
+        {
+            String[] testString = bcryptTest3[i];
+            encoded = testString[2];
+            password = testString[0];
+            if (!OpenBSDBCrypt.checkPassword(encoded, password.toCharArray()))
+            {
+                fail("test3 mismatch: " + "[" + i + "] " + password);
+            }
+        }
+
+
+        for (int i = 0; i < bcryptTest4.length; i++)
+        {
+            String[] testString = bcryptTest4[i];
+            encoded = testString[1];
+            password = testString[0];
+            if (!OpenBSDBCrypt.checkPassword(encoded, password.toCharArray()))
+            {
+                fail("test4 mismatch: " + "[" + i + "] " + password);
+            }
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new OpenBSDBCryptTest());
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/PKCS12Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/PKCS12Test.java
new file mode 100644
index 0000000..c5c7aa3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/PKCS12Test.java
@@ -0,0 +1,206 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.PBEParametersGenerator;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * test for PKCS12 key generation - vectors from 
+ * <a href=http://www.drh-consultancy.demon.co.uk/test.txt>
+ * http://www.drh-consultancy.demon.co.uk/test.txt</a>
+ */
+public class PKCS12Test
+    implements Test
+{
+    char[]  password1 = { 's', 'm', 'e', 'g' };
+    char[]  password2 = { 'q', 'u', 'e', 'e', 'g' };
+
+    private boolean isEqual(
+        byte[]  a,
+        byte[]  b)
+    {
+        if (a.length != b.length)
+        {
+            return false;
+        }
+
+        for (int i = 0; i != a.length; i++)
+        {
+            if (a[i] != b[i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private TestResult run1(
+        int     id,
+        char[]  password,
+        byte[]  salt,
+        int     iCount,
+        byte[]  result)
+    {
+        PBEParametersGenerator  generator = new PKCS12ParametersGenerator(
+                                                    new SHA1Digest());
+
+        generator.init(
+                PBEParametersGenerator.PKCS12PasswordToBytes(password),
+                salt,
+                iCount);
+
+        CipherParameters  key = generator.generateDerivedParameters(24 * 8);
+
+        if (isEqual(result, ((KeyParameter)key).getKey()))
+        {
+            return new SimpleTestResult(true, "PKCS12Test: Okay");
+        }
+        else
+        {
+            return new SimpleTestResult(false, "PKCS12Test: id "
+                                                    + id + " Failed");
+        }
+    }
+
+    private TestResult run2(
+        int     id,
+        char[]  password,
+        byte[]  salt,
+        int     iCount,
+        byte[]  result)
+    {
+        PBEParametersGenerator  generator = new PKCS12ParametersGenerator(
+                                                    new SHA1Digest());
+
+        generator.init(
+                PBEParametersGenerator.PKCS12PasswordToBytes(password),
+                salt,
+                iCount);
+
+        ParametersWithIV params = (ParametersWithIV)generator.generateDerivedParameters(64, 64);
+
+        if (isEqual(result, params.getIV()))
+        {
+            return new SimpleTestResult(true, "PKCS12Test: Okay");
+        }
+        else
+        {
+            return new SimpleTestResult(false, "PKCS12Test: id "
+                                                    + id + " Failed");
+        }
+    }
+
+    private TestResult run3(
+        int     id,
+        char[]  password,
+        byte[]  salt,
+        int     iCount,
+        byte[]  result)
+    {
+        PBEParametersGenerator  generator = new PKCS12ParametersGenerator(
+                                                    new SHA1Digest());
+
+        generator.init(
+                PBEParametersGenerator.PKCS12PasswordToBytes(password),
+                salt,
+                iCount);
+
+        CipherParameters  key = generator.generateDerivedMacParameters(160);
+
+        if (isEqual(result, ((KeyParameter)key).getKey()))
+        {
+            return new SimpleTestResult(true, "PKCS12Test: Okay");
+        }
+        else
+        {
+            return new SimpleTestResult(false, "PKCS12Test: id "
+                                                    + id + " Failed");
+        }
+    }
+
+    public String getName()
+    {
+        return "PKCS12Test";
+    }
+
+    public TestResult perform()
+    {
+        TestResult  result;
+
+        result = run1(1, password1, Hex.decode("0A58CF64530D823F"), 1,
+                Hex.decode("8AAAE6297B6CB04642AB5B077851284EB7128F1A2A7FBCA3"));
+
+        if (result.isSuccessful())
+        {
+            result = run2(2, password1, Hex.decode("0A58CF64530D823F"), 1,
+                Hex.decode("79993DFE048D3B76"));
+        }
+
+        if (result.isSuccessful())
+        {
+            result = run1(3, password1, Hex.decode("642B99AB44FB4B1F"), 1,
+                Hex.decode("F3A95FEC48D7711E985CFE67908C5AB79FA3D7C5CAA5D966"));
+        }
+
+        if (result.isSuccessful())
+        {
+            result = run2(4, password1, Hex.decode("642B99AB44FB4B1F"), 1,
+                Hex.decode("C0A38D64A79BEA1D"));
+        }
+
+        if (result.isSuccessful())
+        {
+            result = run3(5, password1, Hex.decode("3D83C0E4546AC140"), 1,
+                Hex.decode("8D967D88F6CAA9D714800AB3D48051D63F73A312"));
+        }
+
+        if (result.isSuccessful())
+        {
+            result = run1(6, password2, Hex.decode("05DEC959ACFF72F7"), 1000,
+                Hex.decode("ED2034E36328830FF09DF1E1A07DD357185DAC0D4F9EB3D4"));
+        }
+
+        if (result.isSuccessful())
+        {
+            result = run2(7, password2, Hex.decode("05DEC959ACFF72F7"), 1000,
+                Hex.decode("11DEDAD7758D4860"));
+        }
+
+        if (result.isSuccessful())
+        {
+            result = run1(8, password2, Hex.decode("1682C0FC5B3F7EC5"), 1000,
+                Hex.decode("483DD6E919D7DE2E8E648BA8F862F3FBFBDC2BCB2C02957F"));
+        }
+
+        if (result.isSuccessful())
+        {
+            result = run2(9, password2, Hex.decode("1682C0FC5B3F7EC5"), 1000,
+                Hex.decode("9D461D1B00355C50"));
+        }
+
+        if (result.isSuccessful())
+        {
+            result = run3(10, password2, Hex.decode("263216FCC2FAB31C"), 1000,
+                Hex.decode("5EC4C7A80DF652294C3925B6489A7AB857C83476"));
+        }
+
+        return result;
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        PKCS12Test      test = new PKCS12Test();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/PKCS5Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/PKCS5Test.java
new file mode 100644
index 0000000..6145114
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/PKCS5Test.java
@@ -0,0 +1,265 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.ByteArrayInputStream;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.EncryptionScheme;
+import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
+import org.bouncycastle.asn1.pkcs.PBES2Parameters;
+import org.bouncycastle.asn1.pkcs.PBKDF2Params;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.PBEParametersGenerator;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.engines.RC2Engine;
+import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * A test class for PKCS5 PBES2 with PBKDF2 (PKCS5 v2.0) using
+ * test vectors provider at 
+ * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
+ * RSA's PKCS5 Page</a>
+ * <br>
+ * The vectors are Base 64 encoded and encrypted using the password "password"
+ * (without quotes). They should all yield the same PrivateKeyInfo object.
+ */
+public class PKCS5Test
+    extends SimpleTest
+{
+    /**
+     * encrypted using des-cbc.
+     */
+    static byte[] sample1 = Base64.decode(
+        "MIIBozA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIfWBDXwLp4K4CAggA"
+      + "MBEGBSsOAwIHBAiaCF/AvOgQ6QSCAWDWX4BdAzCRNSQSANSuNsT5X8mWYO27mr3Y"
+      + "9c9LoBVXGNmYWKA77MI4967f7SmjNcgXj3xNE/jmnVz6hhsjS8E5VPT3kfyVkpdZ"
+      + "0lr5e9Yk2m3JWpPU7++v5zBkZmC4V/MwV/XuIs6U+vykgzMgpxQg0oZKS9zgmiZo"
+      + "f/4dOCL0UtCDnyOSvqT7mCVIcMDIEKu8QbVlgZYBop08l60EuEU3gARUo8WsYQmO"
+      + "Dz/ldx0Z+znIT0SXVuOwc+RVItC5T/Qx+aijmmpt+9l14nmaGBrEkmuhmtdvU/4v"
+      + "aptewGRgmjOfD6cqK+zs0O5NrrJ3P/6ZSxXj91CQgrThGfOv72bUncXEMNtc8pks"
+      + "2jpHFjGMdKufnadAD7XuMgzkkaklEXZ4f5tU6heIIwr51g0GBEGF96gYPFnjnSQM"
+      + "75JE02Clo+DfcfXpcybPTwwFg2jd6JTTOfkdf6OdSlA/1XNK43FA");
+
+    /**
+     * encrypted using des-ede3-cbc.
+     */
+    static byte[] sample2 = Base64.decode(
+        "MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIeFeOWl1jywYCAggA"
+      + "MBQGCCqGSIb3DQMHBAjUJ5eGBhQGtQSCAWBrHrRgqO8UUMLcWzZEtpk1l3mjxiF/"
+      + "koCMkHsFwowgyWhEbgIkTgbSViK54LVK8PskekcGNLph+rB6bGZ7pPbL5pbXASJ8"
+      + "+MkQcG3FZdlS4Ek9tTJDApj3O1UubZGFG4uvTlJJFbF1BOJ3MkY3XQ9Gl1qwv7j5"
+      + "6e103Da7Cq9+oIDKmznza78XXQYrUsPo8mJGjUxPskEYlzwvHjKubRnYm/K6RKhi"
+      + "5f4zX4BQ/Dt3H812ZjRXrsjAJP0KrD/jyD/jCT7zNBVPH1izBds+RwizyQAHwfNJ"
+      + "BFR78TH4cgzB619X47FDVOnT0LqQNVd0O3cSwnPrXE9XR3tPayE+iOB15llFSmi8"
+      + "z0ByOXldEpkezCn92Umk++suzIVj1qfsK+bv2phZWJPbLEIWPDRHUbYf76q5ArAr"
+      + "u4xtxT/hoK3krEs/IN3d70qjlUJ36SEw1UaZ82PWhakQbdtu39ZraMJB");
+
+    /**
+     * encrypted using rc2-cbc.
+     */
+    static byte[] sample3 = Base64.decode(
+        "MIIBrjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIrHyQPBZqWLUCAggA"
+      + "AgEQMBkGCCqGSIb3DQMCMA0CAToECEhbh7YZKiPSBIIBYCT1zp6o5jpFlIkgwPop"
+      + "7bW1+8ACr4exqzkeb3WflQ8cWJ4cURxzVdvxUnXeW1VJdaQZtjS/QHs5GhPTG/0f"
+      + "wtvnaPfwrIJ3FeGaZfcg2CrYhalOFmEb4xrE4KyoEQmUN8tb/Cg94uzd16BOPw21"
+      + "RDnE8bnPdIGY7TyL95kbkqH23mK53pi7h+xWIgduW+atIqDyyt55f7WMZcvDvlj6"
+      + "VpN/V0h+qxBHL274WA4dj6GYgeyUFpi60HdGCK7By2TBy8h1ZvKGjmB9h8jZvkx1"
+      + "MkbRumXxyFsowTZawyYvO8Um6lbfEDP9zIEUq0IV8RqH2MRyblsPNSikyYhxX/cz"
+      + "tdDxRKhilySbSBg5Kr8OfcwKp9bpinN96nmG4xr3Tch1bnVvqJzOQ5+Vva2WwVvH"
+      + "2JkWvYm5WaANg4Q6bRxu9vz7DuhbJjQdZbxFezIAgrJdSe92B00jO/0Kny1WjiVO"
+      + "6DA=");
+
+    static byte[] result = Hex.decode(
+        "30820155020100300d06092a864886f70d01010105000482013f3082013b020100024100"
+      + "debbfc2c09d61bada2a9462f24224e54cc6b3cc0755f15ce318ef57e79df17026b6a85cc"
+      + "a12428027245045df2052a329a2f9ad3d17b78a10572ad9b22bf343b020301000102402d"
+      + "90a96adcec472743527bc023153d8f0d6e96b40c8ed228276d467d843306429f8670559b"
+      + "f376dd41857f6397c2fc8d95e0e53ed62de420b855430ee4a1b8a1022100ffcaf0838239"
+      + "31e073ff534f06a5d415b3d414bc614a4544a3dff7ed271817eb022100deea30242117db"
+      + "2d3b8837f58f1da530ff83cf9283680da33683ec4e583610f1022100e6026381adb0a683"
+      + "f16a8f4c096b462979b9e4277cc89f3ed8a905b46fa9ff9f02210097c146d4d1d2b3dbaf"
+      + "53a504ff51674c5c271800de84d003f4f10ac6ab36e38102202bfa141f10bda874e1017d"
+      + "845e82767c1c38e82745daf421f0c8cd09d7652387");
+
+    private class PBETest
+        extends SimpleTest
+    {
+        int                 id;
+        BufferedBlockCipher cipher;
+        byte[]              sample;
+        int                 keySize;
+
+        PBETest(
+            int                 id,
+            BufferedBlockCipher cipher,
+            byte[]              sample,
+            int                 keySize)
+        {
+            this.id = id;
+            this.cipher = cipher;
+            this.sample = sample;
+            this.keySize = keySize;
+        }
+
+        public String getName()
+        {
+            return cipher.getUnderlyingCipher().getAlgorithmName() + " PKCS5S2 Test " + id;
+        }
+
+        public void performTest()
+        {
+            char[]                  password = { 'p', 'a', 's', 's', 'w', 'o', 'r', 'd' };
+            PBEParametersGenerator  generator = new PKCS5S2ParametersGenerator();
+            ByteArrayInputStream    bIn = new ByteArrayInputStream(sample);
+            ASN1InputStream         dIn = new ASN1InputStream(bIn);
+            EncryptedPrivateKeyInfo info = null;
+
+            try
+            {
+                info = EncryptedPrivateKeyInfo.getInstance(dIn.readObject());
+            }
+            catch (Exception e)
+            {
+                fail("failed construction - exception " + e.toString(), e);
+            }
+
+            PBES2Parameters         alg = PBES2Parameters.getInstance(info.getEncryptionAlgorithm().getParameters());
+            PBKDF2Params            func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
+            EncryptionScheme        scheme = alg.getEncryptionScheme();
+    
+            if (func.getKeyLength() != null)
+            {
+                keySize = func.getKeyLength().intValue() * 8;
+            }
+    
+            int     iterationCount = func.getIterationCount().intValue();
+            byte[]  salt = func.getSalt();
+    
+            generator.init(
+                PBEParametersGenerator.PKCS5PasswordToBytes(password),
+                salt,
+                iterationCount);
+    
+            CipherParameters    param;
+    
+            if (scheme.getAlgorithm().equals(PKCSObjectIdentifiers.RC2_CBC))
+            {
+                RC2CBCParameter rc2Params = RC2CBCParameter.getInstance(scheme.getParameters());
+                byte[]  iv = rc2Params.getIV();
+    
+                param = new ParametersWithIV(generator.generateDerivedParameters(keySize), iv);
+            }
+            else
+            {
+                byte[]  iv = ASN1OctetString.getInstance(scheme.getParameters()).getOctets();
+
+                param = new ParametersWithIV(generator.generateDerivedParameters(keySize), iv);
+            }
+    
+            cipher.init(false, param);
+    
+            byte[]  data = info.getEncryptedData();
+            byte[]  out = new byte[cipher.getOutputSize(data.length)];
+            int     len = cipher.processBytes(data, 0, data.length, out, 0);
+        
+            try
+            {
+                len += cipher.doFinal(out, len);
+            }
+            catch (Exception e)
+            {
+                fail("failed doFinal - exception " + e.toString());
+            }
+
+            if (result.length != len)
+            {
+                fail("failed length");
+            }
+
+            for (int i = 0; i != len; i++)
+            {
+                if (out[i] != result[i])
+                {
+                    fail("failed comparison");
+                }
+            }
+        }
+    }
+
+    public String getName()
+    {
+        return "PKCS5S2";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESEngine()));
+        SimpleTest          test = new PBETest(0, cipher, sample1, 64);
+
+        test.performTest();
+
+        cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESedeEngine()));
+        test = new PBETest(1, cipher, sample2, 192);
+
+        test.performTest();
+
+        cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new RC2Engine()));
+        test = new PBETest(2, cipher, sample3, 0);
+        test.performTest();
+
+        //
+        // RFC 3211 tests
+        //
+        char[]                  password = { 'p', 'a', 's', 's', 'w', 'o', 'r', 'd' };
+        PBEParametersGenerator  generator = new PKCS5S2ParametersGenerator();
+
+        byte[]  salt = Hex.decode("1234567878563412");
+
+        generator.init(
+                PBEParametersGenerator.PKCS5PasswordToBytes(password),
+                salt,
+                5);
+
+        if (!areEqual(((KeyParameter)generator.generateDerivedParameters(64)).getKey(), Hex.decode("d1daa78615f287e6")))
+        {
+            fail("64 test failed");
+        }
+
+        password = "All n-entities must communicate with other n-entities via n-1 entiteeheehees".toCharArray();
+
+        generator.init(
+                PBEParametersGenerator.PKCS5PasswordToBytes(password),
+                salt,
+                500);
+
+        if (!areEqual(((KeyParameter)generator.generateDerivedParameters(192)).getKey(), Hex.decode("6a8970bf68c92caea84a8df28510858607126380cc47ab2d")))
+        {
+            fail("192 test failed");
+        }
+
+        generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt, 60000);
+        if (!areEqual(((KeyParameter)generator.generateDerivedParameters(192)).getKey(), Hex.decode("29aaef810c12ecd2236bbcfb55407f9852b5573dc1c095bb")))
+        {
+            fail("192 (60000) test failed");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new PKCS5Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/PSSBlindTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/PSSBlindTest.java
new file mode 100644
index 0000000..5e391ae
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/PSSBlindTest.java
@@ -0,0 +1,398 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.engines.RSABlindingEngine;
+import org.bouncycastle.crypto.engines.RSAEngine;
+import org.bouncycastle.crypto.generators.RSABlindingFactorGenerator;
+import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.params.RSABlindingParameters;
+import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.crypto.signers.PSSSigner;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+/*
+ * RSA PSS test vectors for PKCS#1 V2.1 with blinding
+ */
+public class PSSBlindTest
+    extends SimpleTest
+{
+    private final int DATA_LENGTH = 1000;
+    private final int NUM_TESTS = 50;
+    private final int NUM_TESTS_WITH_KEY_GENERATION = 10;
+
+    private class FixedRandom
+        extends SecureRandom
+    {
+        byte[]  vals;
+
+        FixedRandom(
+            byte[]  vals)
+        {
+            this.vals = vals;
+        }
+
+        public void nextBytes(
+            byte[]  bytes)
+        {
+            System.arraycopy(vals, 0, bytes, 0, vals.length);
+        }
+    }
+
+    //
+    // Example 1: A 1024-bit RSA keypair
+    //
+    private RSAKeyParameters pub1 = new RSAKeyParameters(false,
+                new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
+                new BigInteger("010001",16));
+
+    private RSAKeyParameters prv1 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
+                new BigInteger("010001",16),
+                new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
+                new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
+                new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
+                new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
+                new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
+                new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
+
+    // PSSExample1.1
+
+    private byte[] msg1a = Hex.decode("cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0");
+
+    private byte[] slt1a = Hex.decode("dee959c7e06411361420ff80185ed57f3e6776af");
+
+    private byte[] sig1a = Hex.decode("9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c");
+
+    // PSSExample1.2
+
+    private byte[] msg1b = Hex.decode("851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e");
+
+    private byte[] slt1b = Hex.decode("ef2869fa40c346cb183dab3d7bffc98fd56df42d");
+
+    private byte[] sig1b = Hex.decode("3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843");
+
+    //
+    // Example 2: A 1025-bit RSA keypair
+    //
+
+    private RSAKeyParameters pub2 = new RSAKeyParameters(false,
+                new BigInteger("01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9", 16),
+                new BigInteger("010001", 16));
+
+    private RSAKeyParameters prv2 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9", 16),
+                new BigInteger("010001", 16),
+                new BigInteger("027d147e4673057377fd1ea201565772176a7dc38358d376045685a2e787c23c15576bc16b9f444402d6bfc5d98a3e88ea13ef67c353eca0c0ddba9255bd7b8bb50a644afdfd1dd51695b252d22e7318d1b6687a1c10ff75545f3db0fe602d5f2b7f294e3601eab7b9d1cecd767f64692e3e536ca2846cb0c2dd486a39fa75b1", 16),
+                new BigInteger("016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1", 16),
+                new BigInteger("014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079", 16),
+                new BigInteger("e247cce504939b8f0a36090de200938755e2444b29539a7da7a902f6056835c0db7b52559497cfe2c61a8086d0213c472c78851800b171f6401de2e9c2756f31", 16),
+                new BigInteger("b12fba757855e586e46f64c38a70c68b3f548d93d787b399999d4c8f0bbd2581c21e19ed0018a6d5d3df86424b3abcad40199d31495b61309f27c1bf55d487c1", 16),
+                new BigInteger("564b1e1fa003bda91e89090425aac05b91da9ee25061e7628d5f51304a84992fdc33762bd378a59f030a334d532bd0dae8f298ea9ed844636ad5fb8cbdc03cad", 16));
+
+    // PSS Example 2.1
+
+    private byte[] msg2a = Hex.decode("daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360");
+    private byte[] slt2a = Hex.decode("57bf160bcb02bb1dc7280cf0458530b7d2832ff7");
+    private byte[] sig2a = Hex.decode("014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3");
+
+    // PSS Example 2.2
+
+    private byte[] msg2b = Hex.decode("e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe");
+    private byte[] slt2b = Hex.decode("7f6dd359e604e60870e898e47b19bf2e5a7b2a90");
+    private byte[] sig2b = Hex.decode("010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea");
+
+    //
+    //  Example 4: A 1027-bit RSA key pair
+    //
+
+    private RSAKeyParameters pub4 = new RSAKeyParameters(false,
+                new BigInteger("054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705", 16),
+                new BigInteger("010001", 16));
+
+    private RSAKeyParameters prv4 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705", 16),
+                new BigInteger("010001", 16),
+                new BigInteger("fa041f8cd9697ceed38ec8caa275523b4dd72b09a301d3541d72f5d31c05cbce2d6983b36183af10690bd46c46131e35789431a556771dd0049b57461bf060c1f68472e8a67c25f357e5b6b4738fa541a730346b4a07649a2dfa806a69c975b6aba64678acc7f5913e89c622f2d8abb1e3e32554e39df94ba60c002e387d9011", 16),
+                new BigInteger("029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995", 16),
+                new BigInteger("020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1", 16),
+                new BigInteger("026e7e28010ecf2412d9523ad704647fb4fe9b66b1a681581b0e15553a89b1542828898f27243ebab45ff5e1acb9d4df1b051fbc62824dbc6f6c93261a78b9a759", 16),
+                new BigInteger("012ddcc86ef655998c39ddae11718669e5e46cf1495b07e13b1014cd69b3af68304ad2a6b64321e78bf3bbca9bb494e91d451717e2d97564c6549465d0205cf421", 16),
+                new BigInteger("010600c4c21847459fe576703e2ebecae8a5094ee63f536bf4ac68d3c13e5e4f12ac5cc10ab6a2d05a199214d1824747d551909636b774c22cac0b837599abcc75", 16));
+
+    // PSS Example 4.1
+
+    private byte[] msg4a = Hex.decode("9fb03b827c8217d9");
+
+    private byte[] slt4a = Hex.decode("ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d");
+
+    private byte[] sig4a = Hex.decode("0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948");
+
+    // PSS Example 4.2
+
+    private byte[] msg4b = Hex.decode("0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f");
+
+    private byte[] slt4b = Hex.decode("22d71d54363a4217aa55113f059b3384e3e57e44");
+
+    private byte[] sig4b = Hex.decode("049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598");
+
+
+    //
+    // Example 8: A 1031-bit RSA key pair
+    //
+
+    private RSAKeyParameters pub8 = new RSAKeyParameters(false,
+                new BigInteger("495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f", 16),
+                new BigInteger("010001", 16));
+
+    private RSAKeyParameters prv8 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f", 16),
+                new BigInteger("010001", 16),
+                new BigInteger("6c66ffe98980c38fcdeab5159898836165f4b4b817c4f6a8d486ee4ea9130fe9b9092bd136d184f95f504a607eac565846d2fdd6597a8967c7396ef95a6eeebb4578a643966dca4d8ee3de842de63279c618159c1ab54a89437b6a6120e4930afb52a4ba6ced8a4947ac64b30a3497cbe701c2d6266d517219ad0ec6d347dbe9", 16),
+                new BigInteger("08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb", 16),
+                new BigInteger("0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d", 16),
+                new BigInteger("05c2a83c124b3621a2aa57ea2c3efe035eff4560f33ddebb7adab81fce69a0c8c2edc16520dda83d59a23be867963ac65f2cc710bbcfb96ee103deb771d105fd85", 16),
+                new BigInteger("04cae8aa0d9faa165c87b682ec140b8ed3b50b24594b7a3b2c220b3669bb819f984f55310a1ae7823651d4a02e99447972595139363434e5e30a7e7d241551e1b9", 16),
+                new BigInteger("07d3e47bf686600b11ac283ce88dbb3f6051e8efd04680e44c171ef531b80b2b7c39fc766320e2cf15d8d99820e96ff30dc69691839c4b40d7b06e45307dc91f3f", 16));
+
+    // PSS Example 8.1
+
+    private byte[] msg8a = Hex.decode("81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb");
+
+    private byte[] slt8a = Hex.decode("1d65491d79c864b373009be6f6f2467bac4c78fa");
+
+    private byte[] sig8a = Hex.decode("0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5");
+
+    // PSS Example 8.2
+
+    private byte[] msg8b = Hex.decode("e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08");
+
+    private byte[] slt8b = Hex.decode("435c098aa9909eb2377f1248b091b68987ff1838");
+
+    private byte[] sig8b = Hex.decode("2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e");
+
+    //
+    // Example 9: A 1536-bit RSA key pair
+    //
+
+    private RSAKeyParameters pub9 = new RSAKeyParameters(false,
+                new BigInteger("e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b", 16),
+                new BigInteger("010001", 16));
+
+    private RSAKeyParameters prv9 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b", 16),
+                new BigInteger("010001", 16),
+                new BigInteger("6a7fd84fb85fad073b34406db74f8d61a6abc12196a961dd79565e9da6e5187bce2d980250f7359575359270d91590bb0e427c71460b55d51410b191bcf309fea131a92c8e702738fa719f1e0041f52e40e91f229f4d96a1e6f172e15596b4510a6daec26105f2bebc53316b87bdf21311666070e8dfee69d52c71a976caae79c72b68d28580dc686d9f5129d225f82b3d615513a882b3db91416b48ce08888213e37eeb9af800d81cab328ce420689903c00c7b5fd31b75503a6d419684d629", 16),
+                new BigInteger("f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367", 16),
+                new BigInteger("ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d", 16),
+                new BigInteger("2bb68bddfb0c4f56c8558bffaf892d8043037841e7fa81cfa61a38c5e39b901c8ee71122a5da2227bd6cdeeb481452c12ad3d61d5e4f776a0ab556591befe3e59e5a7fddb8345e1f2f35b9f4cee57c32414c086aec993e9353e480d9eec6289f", 16),
+                new BigInteger("4ff897709fad079746494578e70fd8546130eeab5627c49b080f05ee4ad9f3e4b7cba9d6a5dff113a41c3409336833f190816d8a6bc42e9bec56b7567d0f3c9c696db619b245d901dd856db7c8092e77e9a1cccd56ee4dba42c5fdb61aec2669", 16),
+                new BigInteger("77b9d1137b50404a982729316efafc7dfe66d34e5a182600d5f30a0a8512051c560d081d4d0a1835ec3d25a60f4e4d6aa948b2bf3dbb5b124cbbc3489255a3a948372f6978496745f943e1db4f18382ceaa505dfc65757bb3f857a58dce52156", 16));
+
+    // PSS Example 9.1
+
+    private byte[] msg9a = Hex.decode("a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5");
+
+    private byte[] slt9a = Hex.decode("c0a425313df8d7564bd2434d311523d5257eed80");
+
+    private byte[] sig9a = Hex.decode("586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e");
+
+    // PSS Example 9.2
+
+    private byte[] msg9b = Hex.decode("c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e");
+
+    private byte[] slt9b = Hex.decode("b307c43b4850a8dac2f15f32e37839ef8c5c0e91");
+
+    private byte[] sig9b = Hex.decode("80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958");
+
+
+    public String getName()
+    {
+        return "PSSBlindTest";
+    }
+
+    private void testSig(
+        int                 id,
+        RSAKeyParameters    pub,
+        RSAKeyParameters    prv,
+        byte[]              slt,
+        byte[]              msg,
+        byte[]              sig)
+        throws Exception
+    {
+        RSABlindingFactorGenerator blindFactorGen = new RSABlindingFactorGenerator();
+        RSABlindingEngine blindingEngine = new RSABlindingEngine();
+        PSSSigner blindSigner = new PSSSigner(blindingEngine, new SHA1Digest(), 20);
+        PSSSigner signer = new PSSSigner(new RSAEngine(), new SHA1Digest(), 20);
+
+        blindFactorGen.init(pub);
+
+        BigInteger blindFactor = blindFactorGen.generateBlindingFactor();
+        RSABlindingParameters params = new RSABlindingParameters(pub, blindFactor);
+
+        // generate a blind signature
+        blindSigner.init(true, new ParametersWithRandom(params, new FixedRandom(slt)));
+
+        blindSigner.update(msg, 0, msg.length);
+
+        byte[] blindedData = blindSigner.generateSignature();
+
+        RSAEngine signerEngine = new RSAEngine();
+
+        signerEngine.init(true, prv);
+
+        byte[] blindedSig = signerEngine.processBlock(blindedData, 0, blindedData.length);
+
+        // unblind the signature
+        blindingEngine.init(false, params);
+
+        byte[] s = blindingEngine.processBlock(blindedSig, 0, blindedSig.length);
+
+        //signature verification
+        if (!areEqual(s, sig))
+        {
+            fail("test " + id + " failed generation");
+        }
+        
+        //verify signature with PSSSigner
+        signer.init(false, pub);
+        signer.update(msg, 0, msg.length);
+
+        if (!signer.verifySignature(s))
+        {
+            fail("test " + id + " failed PSSSigner verification");
+        }
+    }
+
+    private boolean isProcessingOkay(
+        RSAKeyParameters    pub,
+        RSAKeyParameters    prv,
+        byte[]              data,
+        SecureRandom        random)
+        throws Exception
+    {
+        RSABlindingFactorGenerator blindFactorGen = new RSABlindingFactorGenerator();
+        RSABlindingEngine blindingEngine = new RSABlindingEngine();
+        PSSSigner blindSigner = new PSSSigner(blindingEngine, new SHA1Digest(), 20);
+        PSSSigner pssEng = new PSSSigner(new RSAEngine(), new SHA1Digest(), 20);
+
+        random.nextBytes(data);
+
+        blindFactorGen.init(pub);
+
+        BigInteger blindFactor = blindFactorGen.generateBlindingFactor();
+        RSABlindingParameters params = new RSABlindingParameters(pub, blindFactor);
+
+        // generate a blind signature
+        blindSigner.init(true, new ParametersWithRandom(params, random));
+
+        blindSigner.update(data, 0, data.length);
+
+        byte[] blindedData = blindSigner.generateSignature();
+
+        RSAEngine signerEngine = new RSAEngine();
+
+        signerEngine.init(true, prv);
+
+        byte[] blindedSig = signerEngine.processBlock(blindedData, 0, blindedData.length);
+
+        // unblind the signature
+        blindingEngine.init(false, params);
+
+        byte[] s = blindingEngine.processBlock(blindedSig, 0, blindedSig.length);
+
+        //verify signature with PSSSigner
+        pssEng.init(false, pub);
+        pssEng.update(data, 0, data.length);
+
+        return pssEng.verifySignature(s);
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        testSig(1, pub1, prv1, slt1a, msg1a, sig1a);
+        testSig(2, pub1, prv1, slt1b, msg1b, sig1b);
+        testSig(3, pub2, prv2, slt2a, msg2a, sig2a);
+        testSig(4, pub2, prv2, slt2b, msg2b, sig2b);
+        testSig(5, pub4, prv4, slt4a, msg4a, sig4a);
+        testSig(6, pub4, prv4, slt4b, msg4b, sig4b);
+        testSig(7, pub8, prv8, slt8a, msg8a, sig8a);
+        testSig(8, pub8, prv8, slt8b, msg8b, sig8b);
+        testSig(9, pub9, prv9, slt9a, msg9a, sig9a);
+        testSig(10, pub9, prv9, slt9b, msg9b, sig9b);
+        
+        //
+        // loop test
+        //
+        int failed = 0;
+        byte[] data = new byte[DATA_LENGTH];
+
+        SecureRandom    random = new SecureRandom();
+
+
+        RSAKeyParameters[] kprv ={prv1, prv2, prv4, prv8, prv9};
+        RSAKeyParameters[] kpub ={pub1, pub2, pub4, pub8, pub9};
+
+        int i = 0;
+        for (int j = 0; j < NUM_TESTS; j++, i++)
+        {
+            if (i == kprv.length)
+            {
+                i = 0;
+            }
+
+            if (!isProcessingOkay(kpub[i], kprv[i], data, random))
+            {
+                failed++;
+            }
+        }
+
+        if (failed != 0)
+        {
+            fail("loop test failed - failures: " + failed);
+        }
+
+        //
+        // key generation test
+        //
+        RSAKeyPairGenerator  pGen = new RSAKeyPairGenerator();
+        RSAKeyGenerationParameters  genParam = new RSAKeyGenerationParameters(
+                                            BigInteger.valueOf(0x11), new SecureRandom(), 1024, 25);
+
+        pGen.init(genParam);
+        failed = 0;
+
+        for (int k = 0; k < NUM_TESTS_WITH_KEY_GENERATION; k++)
+        {
+            AsymmetricCipherKeyPair pair = pGen.generateKeyPair();
+
+            for (int j = 0; j < NUM_TESTS; j++)
+            {
+                if (!isProcessingOkay((RSAKeyParameters)pair.getPublic(), (RSAKeyParameters)pair.getPrivate(), data, random))
+                {
+                    failed++;
+                }
+            }
+
+        }
+        
+        if (failed != 0)
+        {
+            fail("loop test with key generation failed - failures: " + failed);
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new PSSBlindTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/PSSTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/PSSTest.java
new file mode 100644
index 0000000..a718f8c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/PSSTest.java
@@ -0,0 +1,332 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.engines.RSAEngine;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.crypto.signers.PSSSigner;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/*
+ * RSA PSS test vectors for PKCS#1 V2.1
+ */
+public class PSSTest
+    extends SimpleTest
+{
+    private final int DATA_LENGTH = 1000;
+    private final int NUM_TESTS = 500;
+
+    private class FixedRandom
+        extends SecureRandom
+    {
+        byte[]  vals;
+
+        FixedRandom(
+            byte[]  vals)
+        {
+            this.vals = vals;
+        }
+
+        public void nextBytes(
+            byte[]  bytes)
+        {
+            System.arraycopy(vals, 0, bytes, 0, vals.length);
+        }
+    }
+
+    //
+    // Example 1: A 1024-bit RSA keypair
+    //
+    private RSAKeyParameters pub1 = new RSAKeyParameters(false,
+                new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
+                new BigInteger("010001",16));
+
+    private RSAKeyParameters prv1 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
+                new BigInteger("010001",16),
+                new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
+                new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
+                new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
+                new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
+                new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
+                new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
+
+    // PSSExample1.1
+
+    private byte[] msg1a = Hex.decode("cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0");
+
+    private byte[] slt1a = Hex.decode("dee959c7e06411361420ff80185ed57f3e6776af");
+
+    private byte[] sig1a = Hex.decode("9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c");
+
+    // PSSExample1.2
+
+    private byte[] msg1b = Hex.decode("851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e");
+
+    private byte[] slt1b = Hex.decode("ef2869fa40c346cb183dab3d7bffc98fd56df42d");
+
+    private byte[] sig1b = Hex.decode("3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843");
+
+    //
+    // Example 2: A 1025-bit RSA keypair
+    //
+
+    private RSAKeyParameters pub2 = new RSAKeyParameters(false,
+                new BigInteger("01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9", 16),
+                new BigInteger("010001", 16));
+
+    private RSAKeyParameters prv2 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9", 16),
+                new BigInteger("010001", 16),
+                new BigInteger("027d147e4673057377fd1ea201565772176a7dc38358d376045685a2e787c23c15576bc16b9f444402d6bfc5d98a3e88ea13ef67c353eca0c0ddba9255bd7b8bb50a644afdfd1dd51695b252d22e7318d1b6687a1c10ff75545f3db0fe602d5f2b7f294e3601eab7b9d1cecd767f64692e3e536ca2846cb0c2dd486a39fa75b1", 16),
+                new BigInteger("016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1", 16),
+                new BigInteger("014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079", 16),
+                new BigInteger("e247cce504939b8f0a36090de200938755e2444b29539a7da7a902f6056835c0db7b52559497cfe2c61a8086d0213c472c78851800b171f6401de2e9c2756f31", 16),
+                new BigInteger("b12fba757855e586e46f64c38a70c68b3f548d93d787b399999d4c8f0bbd2581c21e19ed0018a6d5d3df86424b3abcad40199d31495b61309f27c1bf55d487c1", 16),
+                new BigInteger("564b1e1fa003bda91e89090425aac05b91da9ee25061e7628d5f51304a84992fdc33762bd378a59f030a334d532bd0dae8f298ea9ed844636ad5fb8cbdc03cad", 16));
+
+    // PSS Example 2.1
+
+    private byte[] msg2a = Hex.decode("daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360");
+    private byte[] slt2a = Hex.decode("57bf160bcb02bb1dc7280cf0458530b7d2832ff7");
+    private byte[] sig2a = Hex.decode("014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3");
+
+    // PSS Example 2.2
+
+    private byte[] msg2b = Hex.decode("e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe");
+    private byte[] slt2b = Hex.decode("7f6dd359e604e60870e898e47b19bf2e5a7b2a90");
+    private byte[] sig2b = Hex.decode("010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea");
+
+    //
+    //  Example 4: A 1027-bit RSA key pair
+    //
+
+    private RSAKeyParameters pub4 = new RSAKeyParameters(false,
+                new BigInteger("054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705", 16),
+                new BigInteger("010001", 16));
+
+    private RSAKeyParameters prv4 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705", 16),
+                new BigInteger("010001", 16),
+                new BigInteger("fa041f8cd9697ceed38ec8caa275523b4dd72b09a301d3541d72f5d31c05cbce2d6983b36183af10690bd46c46131e35789431a556771dd0049b57461bf060c1f68472e8a67c25f357e5b6b4738fa541a730346b4a07649a2dfa806a69c975b6aba64678acc7f5913e89c622f2d8abb1e3e32554e39df94ba60c002e387d9011", 16),
+                new BigInteger("029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995", 16),
+                new BigInteger("020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1", 16),
+                new BigInteger("026e7e28010ecf2412d9523ad704647fb4fe9b66b1a681581b0e15553a89b1542828898f27243ebab45ff5e1acb9d4df1b051fbc62824dbc6f6c93261a78b9a759", 16),
+                new BigInteger("012ddcc86ef655998c39ddae11718669e5e46cf1495b07e13b1014cd69b3af68304ad2a6b64321e78bf3bbca9bb494e91d451717e2d97564c6549465d0205cf421", 16),
+                new BigInteger("010600c4c21847459fe576703e2ebecae8a5094ee63f536bf4ac68d3c13e5e4f12ac5cc10ab6a2d05a199214d1824747d551909636b774c22cac0b837599abcc75", 16));
+
+    // PSS Example 4.1
+
+    private byte[] msg4a = Hex.decode("9fb03b827c8217d9");
+
+    private byte[] slt4a = Hex.decode("ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d");
+
+    private byte[] sig4a = Hex.decode("0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948");
+
+    // PSS Example 4.2
+
+    private byte[] msg4b = Hex.decode("0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f");
+
+    private byte[] slt4b = Hex.decode("22d71d54363a4217aa55113f059b3384e3e57e44");
+
+    private byte[] sig4b = Hex.decode("049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598");
+
+
+    //
+    // Example 8: A 1031-bit RSA key pair
+    //
+
+    private RSAKeyParameters pub8 = new RSAKeyParameters(false,
+                new BigInteger("495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f", 16),
+                new BigInteger("010001", 16));
+
+    private RSAKeyParameters prv8 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f", 16),
+                new BigInteger("010001", 16),
+                new BigInteger("6c66ffe98980c38fcdeab5159898836165f4b4b817c4f6a8d486ee4ea9130fe9b9092bd136d184f95f504a607eac565846d2fdd6597a8967c7396ef95a6eeebb4578a643966dca4d8ee3de842de63279c618159c1ab54a89437b6a6120e4930afb52a4ba6ced8a4947ac64b30a3497cbe701c2d6266d517219ad0ec6d347dbe9", 16),
+                new BigInteger("08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb", 16),
+                new BigInteger("0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d", 16),
+                new BigInteger("05c2a83c124b3621a2aa57ea2c3efe035eff4560f33ddebb7adab81fce69a0c8c2edc16520dda83d59a23be867963ac65f2cc710bbcfb96ee103deb771d105fd85", 16),
+                new BigInteger("04cae8aa0d9faa165c87b682ec140b8ed3b50b24594b7a3b2c220b3669bb819f984f55310a1ae7823651d4a02e99447972595139363434e5e30a7e7d241551e1b9", 16),
+                new BigInteger("07d3e47bf686600b11ac283ce88dbb3f6051e8efd04680e44c171ef531b80b2b7c39fc766320e2cf15d8d99820e96ff30dc69691839c4b40d7b06e45307dc91f3f", 16));
+
+    // PSS Example 8.1
+
+    private byte[] msg8a = Hex.decode("81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb");
+
+    private byte[] slt8a = Hex.decode("1d65491d79c864b373009be6f6f2467bac4c78fa");
+
+    private byte[] sig8a = Hex.decode("0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5");
+
+    // PSS Example 8.2
+
+    private byte[] msg8b = Hex.decode("e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08");
+
+    private byte[] slt8b = Hex.decode("435c098aa9909eb2377f1248b091b68987ff1838");
+
+    private byte[] sig8b = Hex.decode("2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e");
+
+    //
+    // Example 9: A 1536-bit RSA key pair
+    //
+
+    private RSAKeyParameters pub9 = new RSAKeyParameters(false,
+                new BigInteger("e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b", 16),
+                new BigInteger("010001", 16));
+
+    private RSAKeyParameters prv9 = new RSAPrivateCrtKeyParameters(
+                new BigInteger("e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b", 16),
+                new BigInteger("010001", 16),
+                new BigInteger("6a7fd84fb85fad073b34406db74f8d61a6abc12196a961dd79565e9da6e5187bce2d980250f7359575359270d91590bb0e427c71460b55d51410b191bcf309fea131a92c8e702738fa719f1e0041f52e40e91f229f4d96a1e6f172e15596b4510a6daec26105f2bebc53316b87bdf21311666070e8dfee69d52c71a976caae79c72b68d28580dc686d9f5129d225f82b3d615513a882b3db91416b48ce08888213e37eeb9af800d81cab328ce420689903c00c7b5fd31b75503a6d419684d629", 16),
+                new BigInteger("f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367", 16),
+                new BigInteger("ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d", 16),
+                new BigInteger("2bb68bddfb0c4f56c8558bffaf892d8043037841e7fa81cfa61a38c5e39b901c8ee71122a5da2227bd6cdeeb481452c12ad3d61d5e4f776a0ab556591befe3e59e5a7fddb8345e1f2f35b9f4cee57c32414c086aec993e9353e480d9eec6289f", 16),
+                new BigInteger("4ff897709fad079746494578e70fd8546130eeab5627c49b080f05ee4ad9f3e4b7cba9d6a5dff113a41c3409336833f190816d8a6bc42e9bec56b7567d0f3c9c696db619b245d901dd856db7c8092e77e9a1cccd56ee4dba42c5fdb61aec2669", 16),
+                new BigInteger("77b9d1137b50404a982729316efafc7dfe66d34e5a182600d5f30a0a8512051c560d081d4d0a1835ec3d25a60f4e4d6aa948b2bf3dbb5b124cbbc3489255a3a948372f6978496745f943e1db4f18382ceaa505dfc65757bb3f857a58dce52156", 16));
+
+    // PSS Example 9.1
+
+    private byte[] msg9a = Hex.decode("a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5");
+
+    private byte[] slt9a = Hex.decode("c0a425313df8d7564bd2434d311523d5257eed80");
+
+    private byte[] sig9a = Hex.decode("586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e");
+
+    // PSS Example 9.2
+
+    private byte[] msg9b = Hex.decode("c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e");
+
+    private byte[] slt9b = Hex.decode("b307c43b4850a8dac2f15f32e37839ef8c5c0e91");
+
+    private byte[] sig9b = Hex.decode("80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958");
+
+
+    public String getName()
+    {
+        return "PSSTest";
+    }
+
+    private void testSig(
+        int                 id,
+        RSAKeyParameters    pub,
+        RSAKeyParameters    prv,
+        byte[]              slt,
+        byte[]              msg,
+        byte[]              sig)
+        throws Exception
+    {
+        PSSSigner           eng = new PSSSigner(new RSAEngine(), new SHA1Digest(), 20);
+
+        eng.init(true, new ParametersWithRandom(prv, new FixedRandom(slt)));
+
+        eng.update(msg, 0, msg.length);
+
+        byte[]  s = eng.generateSignature();
+
+        if (!areEqual(s, sig))
+        {
+            fail("test " + id + " failed generation");
+        }
+
+        eng.init(false, pub);
+
+        eng.update(msg, 0, msg.length);
+
+        if (!eng.verifySignature(s))
+        {
+            fail("test " + id + " failed verification");
+        }
+    }
+        
+    public void performTest()
+        throws Exception
+    {
+        testSig(1, pub1, prv1, slt1a, msg1a, sig1a);
+        testSig(2, pub1, prv1, slt1b, msg1b, sig1b);
+        testSig(3, pub2, prv2, slt2a, msg2a, sig2a);
+        testSig(4, pub2, prv2, slt2b, msg2b, sig2b);
+        testSig(5, pub4, prv4, slt4a, msg4a, sig4a);
+        testSig(6, pub4, prv4, slt4b, msg4b, sig4b);
+        testSig(7, pub8, prv8, slt8a, msg8a, sig8a);
+        testSig(8, pub8, prv8, slt8b, msg8b, sig8b);
+        testSig(9, pub9, prv9, slt9a, msg9a, sig9a);
+        testSig(10, pub9, prv9, slt9b, msg9b, sig9b);
+
+        //
+        // loop test  - sha-1 only
+        //
+        PSSSigner           eng = new PSSSigner(new RSAEngine(), new SHA1Digest(), 20);
+        int failed = 0;
+        byte[] data = new byte[DATA_LENGTH];
+
+        SecureRandom    random = new SecureRandom();
+        random.nextBytes(data);
+        
+        for (int j = 0; j < NUM_TESTS; j++)
+        {
+            eng.init(true, new ParametersWithRandom(prv8, random));
+
+            eng.update(data, 0, data.length);
+
+            byte[] s = eng.generateSignature();
+
+            eng.init(false, pub8);
+
+            eng.update(data, 0, data.length);
+
+            if (!eng.verifySignature(s))
+            {
+                failed++;
+            }
+        }
+        
+        if (failed != 0)
+        {
+            fail("loop test failed - failures: " + failed);
+        }
+
+         //
+        // loop test - sha-256 and sha-1
+        //
+        eng = new PSSSigner(new RSAEngine(), new SHA256Digest(), new SHA1Digest(), 20);
+        failed = 0;
+        data = new byte[DATA_LENGTH];
+
+        random.nextBytes(data);
+
+        for (int j = 0; j < NUM_TESTS; j++)
+        {
+            eng.init(true, new ParametersWithRandom(prv8, random));
+
+            eng.update(data, 0, data.length);
+
+            byte[] s = eng.generateSignature();
+
+            eng.init(false, pub8);
+
+            eng.update(data, 0, data.length);
+
+            if (!eng.verifySignature(s))
+            {
+                failed++;
+            }
+        }
+
+        if (failed != 0)
+        {
+            fail("loop test failed - failures: " + failed);
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new PSSTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/PaddingTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/PaddingTest.java
new file mode 100644
index 0000000..c963b26
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/PaddingTest.java
@@ -0,0 +1,200 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.paddings.BlockCipherPadding;
+import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
+import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
+import org.bouncycastle.crypto.paddings.PKCS7Padding;
+import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
+import org.bouncycastle.crypto.paddings.TBCPadding;
+import org.bouncycastle.crypto.paddings.X923Padding;
+import org.bouncycastle.crypto.paddings.ZeroBytePadding;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * General Padding tests.
+ */
+public class PaddingTest
+    extends SimpleTest
+{
+    public PaddingTest()
+    {
+    }
+
+    private void blockCheck(
+        PaddedBufferedBlockCipher   cipher,
+        BlockCipherPadding          padding,
+        KeyParameter                key,
+        byte[]                      data)
+    {
+        byte[]  out = new byte[data.length + 8];
+        byte[]  dec = new byte[data.length];
+        
+        try
+        {                
+            cipher.init(true, key);
+            
+            int    len = cipher.processBytes(data, 0, data.length, out, 0);
+            
+            len += cipher.doFinal(out, len);
+            
+            cipher.init(false, key);
+            
+            int    decLen = cipher.processBytes(out, 0, len, dec, 0);
+            
+            decLen += cipher.doFinal(dec, decLen);
+            
+            if (!areEqual(data, dec))
+            {
+                fail("failed to decrypt - i = " + data.length + ", padding = " + padding.getPaddingName());
+            }
+        }
+        catch (Exception e)
+        {
+            fail("Exception - " + e.toString(), e);
+        }
+    }
+    
+    public void testPadding(
+        BlockCipherPadding  padding,
+        SecureRandom        rand,
+        byte[]              ffVector,
+        byte[]              ZeroVector)
+    {
+        PaddedBufferedBlockCipher    cipher = new PaddedBufferedBlockCipher(new DESEngine(), padding);
+        KeyParameter                 key = new KeyParameter(Hex.decode("0011223344556677"));
+        
+        //
+        // ff test
+        //
+        byte[]    data = { (byte)0xff, (byte)0xff, (byte)0xff, (byte)0, (byte)0, (byte)0, (byte)0, (byte)0 };
+        
+        if (ffVector != null)
+        {
+            padding.addPadding(data, 3);
+            
+            if (!areEqual(data, ffVector))
+            {
+                fail("failed ff test for " + padding.getPaddingName());
+            }
+        }
+        
+        //
+        // zero test
+        //
+        if (ZeroVector != null)
+        {
+            data = new byte[8];
+            padding.addPadding(data, 4);
+            
+            if (!areEqual(data, ZeroVector))
+            {
+                fail("failed zero test for " + padding.getPaddingName());
+            }
+        }
+        
+        for (int i = 1; i != 200; i++)
+        {
+            data = new byte[i];
+            
+            rand.nextBytes(data);
+
+            blockCheck(cipher, padding, key, data);
+        }
+    }
+    
+    private void testOutputSizes()
+    {
+        PaddedBufferedBlockCipher bc = new PaddedBufferedBlockCipher(new DESEngine(), new PKCS7Padding());
+        KeyParameter key = new KeyParameter(Hex.decode("0011223344556677"));
+
+        for (int i = 0; i < bc.getBlockSize() * 2; i++)
+        {
+            bc.init(true, key);
+            if (bc.getUpdateOutputSize(i) < 0)
+            {
+                fail("Padded cipher encrypt negative update output size for input size " + i);
+            }
+            if (bc.getOutputSize(i) < 0)
+            {
+                fail("Padded cipher encrypt negative output size for input size " + i);
+            }
+
+            bc.init(false, key);
+            if (bc.getUpdateOutputSize(i) < 0)
+            {
+                fail("Padded cipher decrypt negative update output size for input size " + i);
+            }
+            if (bc.getOutputSize(i) < 0)
+            {
+                fail("Padded cipher decrypt negative output size for input size " + i);
+            }
+
+        }
+    }
+
+    public void performTest()
+    {
+        SecureRandom    rand = new SecureRandom(new byte[20]);
+        
+        rand.setSeed(System.currentTimeMillis());
+        
+        testPadding(new PKCS7Padding(), rand,
+                                    Hex.decode("ffffff0505050505"),
+                                    Hex.decode("0000000004040404"));
+
+        PKCS7Padding padder = new PKCS7Padding();
+        try
+        {
+            padder.padCount(new byte[8]);
+
+            fail("invalid padding not detected");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            if (!"pad block corrupted".equals(e.getMessage()))
+            {
+                fail("wrong exception for corrupt padding: " + e);
+            }
+        } 
+
+        testPadding(new ISO10126d2Padding(), rand,
+                                    null,
+                                    null);
+        
+        testPadding(new X923Padding(), rand,
+                                    null,
+                                    null);
+
+        testPadding(new TBCPadding(), rand,
+                                    Hex.decode("ffffff0000000000"),
+                                    Hex.decode("00000000ffffffff"));
+
+        testPadding(new ZeroBytePadding(), rand,
+                                    Hex.decode("ffffff0000000000"),
+                                    null);
+        
+        testPadding(new ISO7816d4Padding(), rand,
+                                    Hex.decode("ffffff8000000000"),
+                                    Hex.decode("0000000080000000"));
+
+        testOutputSizes();
+
+    }
+
+    public String getName()
+    {
+        return "PaddingTest";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new PaddingTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/Poly1305Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/Poly1305Test.java
new file mode 100644
index 0000000..08ee8e1
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/Poly1305Test.java
@@ -0,0 +1,388 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
+import org.bouncycastle.crypto.macs.Poly1305;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/*
+ */
+public class Poly1305Test
+    extends SimpleTest
+{
+    private static final int MAXLEN = 1000;
+
+    private static class KeyEngine
+        implements BlockCipher
+    {
+
+        private byte[] key;
+        private final int blockSize;
+
+        public KeyEngine(int blockSize)
+        {
+            this.blockSize = blockSize;
+        }
+
+        public void init(boolean forEncryption, CipherParameters params)
+            throws IllegalArgumentException
+        {
+            if (params instanceof KeyParameter)
+            {
+                this.key = ((KeyParameter)params).getKey();
+            }
+        }
+
+        public String getAlgorithmName()
+        {
+            return "Key";
+        }
+
+        public int getBlockSize()
+        {
+            return blockSize;
+        }
+
+        public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
+            throws DataLengthException,
+            IllegalStateException
+        {
+            System.arraycopy(key, 0, out, outOff, key.length);
+            return key.length;
+        }
+
+        public void reset()
+        {
+        }
+
+    }
+
+    private static class TestCase
+    {
+        private final byte[] key;
+        private final byte[] nonce;
+        private final byte[] message;
+        private final byte[] expectedMac;
+
+        public TestCase(String key, String nonce, String message, String expectedMac)
+        {
+            this.key = Hex.decode(key);
+            // nacl test case keys are not pre-clamped
+            Poly1305KeyGenerator.clamp(this.key);
+            this.nonce = (nonce == null) ? null : Hex.decode(nonce);
+            this.message = Hex.decode(message);
+            this.expectedMac = Hex.decode(expectedMac);
+        }
+    }
+
+    private static TestCase[] CASES = {
+            // Raw Poly1305
+            // onetimeauth.c from nacl-20110221
+            new TestCase("2539121d8e234e652d651fa4c8cff880eea6a7251c1e72916d11c2cb214d3c25", null,
+                    "8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186a"
+                        + "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738"
+                        + "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da"
+                        + "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74e355a5",
+                    "f3ffc7703f9400e52a7dfb4b3d3305d9"),
+
+            // Poly1305-AES
+            // Loop 1 of test-poly1305aes from poly1305aes-20050218
+            new TestCase("0000000000000000000000000000000000000000000000000000000000000000",
+                    "00000000000000000000000000000000", "", "66e94bd4ef8a2c3b884cfa59ca342b2e"),
+            new TestCase("f795bd4a52e29ed713d313fa20e98dbcf795bd0a50e29e0710d3130a20e98d0c",
+                    "917cf69ebd68b2ec9b9fe9a3eadda692", "66f7", "5ca585c75e8f8f025e710cabc9a1508b"),
+            new TestCase("e69dae0aab9f91c03a325dcc9436fa903ef49901c8e11c000430d90ad45e7603",
+                    "166450152e2394835606a9d1dd2cdc8b", "66f75c0e0c7a406586", "2924f51b9c2eff5df09db61dd03a9ca1"),
+            new TestCase("85a4ea91a7de0b0d96eed0d4bf6ecf1cda4afc035087d90e503f8f0ea08c3e0d",
+                    "0b6ef7a0b8f8c738b0f8d5995415271f",
+                    "66f75c0e0c7a40658629e3392f7f8e3349a02191ffd49f39879a8d9d1d0e23ea",
+                    "3c5a13adb18d31c64cc29972030c917d"),
+            new TestCase(
+                    "25eb69bac5cdf7d6bfcee4d9d5507b82ca3c6a0da0a864024ca3090628c28e0d",
+                    "046772a4f0a8de92e4f0d628cdb04484",
+                    "66f75c0e0c7a40658629e3392f7f8e3349a02191ffd49f39879a8d9d1d0e23ea3caa4d240bd2ab8a8c4a6bb8d3288d9de4b793f05e97646dd4d98055de",
+                    "fc5fb58dc65daf19b14d1d05da1064e8"),
+
+            // Specific test cases generated from test-poly1305aes from poly1305aes-20050218 that
+            // expose Java unsigned integer problems
+            new TestCase(
+                    "95cc0e44d0b79a8856afcae1bec4fe3c" + "01bcb20bfc8b6e03609ddd09f44b060f",
+                    null,
+                    "66f75c0e0c7a40658629e3392f7f8e3349a02191ffd49f39879a8d9d1d0e23ea3caa4d240bd2ab8a8c4a6bb8d3288d9de4b793f05e97646dd4d98055de"
+                        + "fc3e0677d956b4c62664bac15962ab15d93ccbbc03aafdbde779162ed93b55361f0f8acaa41d50ef5175927fe79ea316186516eef15001cd04d3524a55"
+                        + "e4fa3c5ca479d3aaa8a897c21807f721b6270ffc68b6889d81a116799f6aaa35d8e04c7a7dd5e6da2519e8759f54e906696f5772fee093283bcef7b930"
+                        + "aed50323bcbc8c820c67422c1e16bdc022a9c0277c9d95fef0ea4ee11e2b27276da811523c5acb80154989f8a67ee9e3fa30b73b0c1c34bf46e3464d97"
+                        + "7cd7fcd0ac3b82721080bb0d9b982ee2c77feee983d7ba35da88ce86955002940652ab63bc56fb16f994da2b01d74356509d7d1b6d7956b0e5a557757b"
+                        + "d1ced2eef8650bc5b6d426108c1518abcbd0befb6a0d5fd57a3e2dbf31458eab63df66613653d4beae73f5c40eb438fbcfdcf4a4ba46320184b9ca0da4"
+                        + "dfae77de7ccc910356caea3243f33a3c81b064b3b7cedc7435c223f664227215715980e6e0bb570d459ba80d7512dbe458c8f0f3f52d659b6e8eef19ee"
+                        + "71aea2ced85c7a42ffca6522a62db49a2a46eff72bd7f7e0883acd087183f0627f3537a4d558754ed63358e8182bee196735b361dc9bd64d5e34e1074a"
+                        + "855655d2974cc6fa1653754cf40f561d8c7dc526aab2908ec2d2b977cde1a1fb1071e32f40e049ea20f30368ba1592b4fe57fb51595d23acbdace324cd"
+                        + "d78060a17187c662368854e915402d9b52fb21e984663e41c26a109437e162cfaf071b53f77e50000a5388ff183b82ce7a1af476c416d7d204157b3633"
+                        + "b2f4ec077b699b032816997e37bceded8d4a04976fd7d0c0b029f290794c3be504c5242287ea2f831f11ed5690d92775cd6e863d7731fd4da687ebfb13"
+                        + "df4c41dc0fb8", "ae345d555eb04d6947bb95c0965237e2"),
+            new TestCase(
+                    "76fb3635a2dc92a1f768163ab12f2187" + "cd07fd0ef8c0be0afcbdb30af4af0009",
+                    null,
+                    "f05204a74f0f88a7fa1a95b84ec3d8ffb36fcdc7723ea65dfe7cd464e86e0abf6b9d51db3220cfd8496ad6e6d36ebee8d990f9ce0d3bb7f72b7ab5b3ab0a73240d11efe772c857021ae859db4933cdde4387b471d2ce700fef4b81087f8f47c307881fd83017afcd15b8d21edf9b704677f46df97b07e5b83f87c8abd90af9b1d0f9e2710e8ebd0d4d1c6a055abea861f42368bed94d9373e909c1d3715b221c16bc524c55c31ec3eab204850bb2474a84f9917038eff9d921130951391b5c54f09b5e1de833ea2cd7d3b306740abb7096d1e173da83427da2adddd3631eda30b54dbf487f2b082e8646f07d6e0a87e97522ca38d4ace4954bf3db6dd3a93b06fa18eb56856627ed6cffcd7ae26374554ca18ab8905f26331d323fe10e6e70624c7bc07a70f06ecd804b48f8f7e75e910165e1beb554f1f0ec7949c9c8d429a206b4d5c0653102249b6098e6b45fac2a07ff0220b0b8ae8f4c6bcc0c813a7cd141fa8b398b42575fc395747c5a0257ac41d6c1f434cfbf5dfe8349f5347ef6b60e611f5d6c3cbc20ca2555274d1934325824cef4809da293ea13f181929e2af025bbd1c9abdc3af93afd4c50a2854ade3887f4d2c8c225168052c16e74d76d2dd3e9467a2c5b8e15c06ffbffa42b8536384139f07e195a8c9f70f514f31dca4eb2cf262c0dcbde53654b6250a29efe21d54e83c80e005a1cad36d5934ff01c32e4bc5fe06d03064ff4a268517df4a94c759289f323734318cfa5d859d4ce9c16e63d02dff0896976f521607638535d2ee8dd3312e1ddc80a55d34fe829ab954c1ebd54d929954770f1be9d32b4c05003c5c9e97943b6431e2afe820b1e967b19843e5985a131b1100517cdc363799104af91e2cf3f53cb8fd003653a6dd8a31a3f9d566a7124b0ffe9695bcb87c482eb60106f88198f766a40bc0f4873c23653c5f9e7a8e446f770beb8034cf01d21028ba15ccee21a8db918c4829d61c88bfa927bc5def831501796c5b401a60a6b1b433c9fb905c8cd40412fffee81ab",
+                    "045be28cc52009f506bdbfabedacf0b4"),
+
+    };
+
+    public String getName()
+    {
+        return "Poly1305";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        testKeyGenerator();
+        testInit();
+        for (int i = 0; i < CASES.length; i++)
+        {
+            testCase(i);
+        }
+        testSequential();
+        testReset();
+    }
+
+    private void testCase(int i)
+    {
+        byte[] out = new byte[16];
+        TestCase tc = CASES[i];
+
+        final Mac mac;
+        if (tc.nonce == null)
+        {
+            // Raw Poly1305 test - don't do any transform on AES key part
+            mac = new Poly1305(new KeyEngine(16));
+            mac.init(new ParametersWithIV(new KeyParameter(tc.key), new byte[16]));
+        }
+        else
+        {
+            mac = new Poly1305(new AESFastEngine());
+            mac.init(new ParametersWithIV(new KeyParameter(tc.key), tc.nonce));
+        }
+        mac.update(tc.message, 0, tc.message.length);
+        mac.doFinal(out, 0);
+
+        if (!Arrays.areEqual(out, tc.expectedMac))
+        {
+            fail("Mismatched output " + i, new String(Hex.encode(tc.expectedMac)), new String(Hex.encode(out)));
+        }
+    }
+
+    private void testSequential()
+    {
+        // Sequential test, adapted from test-poly1305aes
+        int len;
+        byte[] kr = new byte[32];
+        byte[] m = new byte[MAXLEN];
+        byte[] n = new byte[16];
+        byte[] out = new byte[16];
+
+        int c = 0;
+        final Mac mac = new Poly1305(new AESFastEngine());
+        for (int loop = 0; loop < 13; loop++)
+        {
+            len = 0;
+            for (;;)
+            {
+                c++;
+                mac.init(new ParametersWithIV(new KeyParameter(kr), n));
+                mac.update(m, 0, len);
+                mac.doFinal(out, 0);
+
+                // if (c == 678)
+                // {
+                // TestCase tc = CASES[0];
+                //
+                // if (!Arrays.areEqual(tc.key, kr))
+                // {
+                // System.err.println("Key bad");
+                // System.err.println(new String(Hex.encode(tc.key)));
+                // System.err.println(new String(Hex.encode(kr)));
+                // System.exit(1);
+                // }
+                // if (!Arrays.areEqual(tc.nonce, n))
+                // {
+                // System.err.println("Nonce bad");
+                // System.exit(1);
+                // }
+                // System.out.printf("[%d] m: %s\n", c, new String(Hex.encode(m, 0, len)));
+                // System.out.printf("[%d] K: %s\n", c, new String(Hex.encodje(kr)));
+                // System.out.printf("[%d] N: %s\n", c, new String(Hex.encode(n)));
+                // System.out.printf("[%d] M: ", c);
+                // }
+                // System.out.printf("%d/%s\n", c, new String(Hex.encode(out)));
+
+                if (len >= MAXLEN)
+                    break;
+                n[0] ^= loop;
+                for (int i = 0; i < 16; ++i)
+                    n[i] ^= out[i];
+                if (len % 2 != 0)
+                    for (int i = 0; i < 16; ++i)
+                        kr[i] ^= out[i];
+                if (len % 3 != 0)
+                    for (int i = 0; i < 16; ++i)
+                        kr[i + 16] ^= out[i];
+                Poly1305KeyGenerator.clamp(kr);
+                m[len++] ^= out[0];
+            }
+        }
+        // Output after 13 loops as generated by poly1305 ref
+        if (c != 13013 || !Arrays.areEqual(out, Hex.decode("c96f60a23701a5b0fd2016f58cbe4f7e")))
+        {
+            fail("Sequential Poly1305 " + c, "c96f60a23701a5b0fd2016f58cbe4f7e", new String(Hex.encode(out)));
+        }
+    }
+
+    private void testReset()
+    {
+        CipherKeyGenerator gen = new Poly1305KeyGenerator();
+        gen.init(new KeyGenerationParameters(new SecureRandom(), 256));
+        byte[] k = gen.generateKey();
+
+        byte[] m = new byte[10000];
+        byte[] check = new byte[16];
+        byte[] out = new byte[16];
+
+        // Generate baseline
+        Mac poly = new Poly1305(new AESFastEngine());
+        poly.init(new ParametersWithIV(new KeyParameter(k), new byte[16]));
+
+        poly.update(m, 0, m.length);
+        poly.doFinal(check, 0);
+
+        // Check reset after doFinal
+        poly.update(m, 0, m.length);
+        poly.doFinal(out, 0);
+
+        if (!Arrays.areEqual(check, out))
+        {
+            fail("Mac not reset after doFinal");
+        }
+
+        // Check reset
+        poly.update((byte)1);
+        poly.update((byte)2);
+        poly.reset();
+        poly.update(m, 0, m.length);
+        poly.doFinal(out, 0);
+
+        if (!Arrays.areEqual(check, out))
+        {
+            fail("Mac not reset after doFinal");
+        }
+
+        // Check init resets
+        poly.update((byte)1);
+        poly.update((byte)2);
+        poly.init(new ParametersWithIV(new KeyParameter(k), new byte[16]));
+        poly.update(m, 0, m.length);
+        poly.doFinal(out, 0);
+
+        if (!Arrays.areEqual(check, out))
+        {
+            fail("Mac not reset after doFinal");
+        }
+    }
+
+    private void testInit()
+    {
+        CipherKeyGenerator gen = new Poly1305KeyGenerator();
+        gen.init(new KeyGenerationParameters(new SecureRandom(), 256));
+        byte[] k = gen.generateKey();
+
+        Mac poly = new Poly1305(new AESFastEngine());
+        poly.init(new ParametersWithIV(new KeyParameter(k), new byte[16]));
+
+        try
+        {
+            poly.init(new ParametersWithIV(new KeyParameter(k), new byte[15]));
+            fail("16 byte nonce required");
+        } catch (IllegalArgumentException e)
+        {
+            // Expected
+        }
+
+        try
+        {
+            byte[] k2 = new byte[k.length - 1];
+            System.arraycopy(k, 0, k2, 0, k2.length);
+            poly.init(new ParametersWithIV(new KeyParameter(k2), new byte[16]));
+            fail("32 byte key required");
+        } catch (IllegalArgumentException e)
+        {
+            // Expected
+        }
+
+        try
+        {
+            k[19] = (byte)0xFF;
+            poly.init(new ParametersWithIV(new KeyParameter(k), new byte[16]));
+            fail("Unclamped key should not be accepted.");
+        } catch (IllegalArgumentException e)
+        {
+            // Expected
+        }
+
+    }
+
+    private void testKeyGenerator()
+    {
+        CipherKeyGenerator gen = new Poly1305KeyGenerator();
+        gen.init(new KeyGenerationParameters(new SecureRandom(), 256));
+        byte[] k = gen.generateKey();
+
+        if (k.length != 32)
+        {
+            fail("Poly1305 key should be 256 bits.");
+        }
+
+        try
+        {
+            Poly1305KeyGenerator.checkKey(k);
+        } catch (IllegalArgumentException e)
+        {
+            fail("Poly1305 key should be clamped on generation.");
+        }
+
+        byte[] k2 = new byte[k.length];
+        System.arraycopy(k, 0, k2, 0, k2.length);
+        Poly1305KeyGenerator.clamp(k);
+        if (!Arrays.areEqual(k, k2))
+        {
+            fail("Poly1305 key should be clamped on generation.");
+        }
+
+        try
+        {
+            k2[19] = (byte)0xff;
+            Poly1305KeyGenerator.checkKey(k2);
+            fail("Unclamped key should fail check.");
+        } catch (IllegalArgumentException e)
+        {
+            // Expected
+        }
+    }
+
+    public static void main(String[] args)
+        throws Exception
+    {
+        runTest(new Poly1305Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RC2Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC2Test.java
new file mode 100644
index 0000000..3c4e569
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC2Test.java
@@ -0,0 +1,66 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.RC2Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.RC2Parameters;
+import org.bouncycastle.util.encoders.Hex;
+
+/**
+ * RC2 tester - vectors from  ftp://ftp.isi.edu/in-notes/rfc2268.txt
+ *
+ * RFC 2268 "A Description of the RC2(r) Encryption Algorithm"
+ */
+public class RC2Test
+    extends CipherTest
+{
+    static BlockCipherVectorTest[] tests =
+    {
+        new BlockCipherVectorTest(0, new RC2Engine(),
+                new RC2Parameters(Hex.decode("0000000000000000"), 63),
+                "0000000000000000", "ebb773f993278eff"),
+
+        new BlockCipherVectorTest(1, new RC2Engine(),
+                new RC2Parameters(Hex.decode("ffffffffffffffff"), 64),
+                "ffffffffffffffff", "278b27e42e2f0d49"),
+
+        new BlockCipherVectorTest(2, new RC2Engine(),
+                new RC2Parameters(Hex.decode("3000000000000000"), 64),
+                "1000000000000001", "30649edf9be7d2c2"),
+
+        new BlockCipherVectorTest(3, new RC2Engine(),
+                new RC2Parameters(Hex.decode("88"), 64),
+                "0000000000000000", "61a8a244adacccf0"),
+
+        new BlockCipherVectorTest(4, new RC2Engine(),
+                new RC2Parameters(Hex.decode("88bca90e90875a"), 64),
+                "0000000000000000", "6ccf4308974c267f"),
+
+        new BlockCipherVectorTest(5, new RC2Engine(),
+                new RC2Parameters(Hex.decode("88bca90e90875a7f0f79c384627bafb2"), 64),
+                "0000000000000000", "1a807d272bbe5db1"),
+
+        new BlockCipherVectorTest(6, new RC2Engine(),
+                new RC2Parameters(Hex.decode("88bca90e90875a7f0f79c384627bafb2"), 128),
+                "0000000000000000", "2269552ab0f85ca6"),
+
+        new BlockCipherVectorTest(7, new RC2Engine(),
+                new RC2Parameters(Hex.decode("88bca90e90875a7f0f79c384627bafb216f80a6f85920584c42fceb0be255daf1e"), 129),
+                "0000000000000000", "5b78d3a43dfff1f1")
+    };
+
+    RC2Test()
+    {
+        super(tests, new RC2Engine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "RC2";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RC2Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RC2WrapTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC2WrapTest.java
new file mode 100644
index 0000000..0b52a60
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC2WrapTest.java
@@ -0,0 +1,111 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.Wrapper;
+import org.bouncycastle.crypto.engines.RC2WrapEngine;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.params.RC2Parameters;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * RC2 wrap tester
+ */
+public class RC2WrapTest
+    implements Test
+{
+    private class RFCRandom
+        extends SecureRandom
+    {
+        public void nextBytes(
+            byte[] nextBytes)
+        {
+            System.arraycopy(Hex.decode("4845cce7fd1250"), 0, nextBytes, 0, nextBytes.length);
+        }
+    }
+    
+    private TestResult wrapTest(
+        int     id,
+        CipherParameters paramsWrap,
+        CipherParameters paramsUnwrap,
+        byte[]  in,
+        byte[]  out)
+    {
+        Wrapper wrapper = new RC2WrapEngine();
+
+        wrapper.init(true, paramsWrap);
+
+        try
+        {
+            byte[]  cText = wrapper.wrap(in, 0, in.length);
+            if (!Arrays.areEqual(cText, out))
+            {
+                return new SimpleTestResult(false, getName() + ": failed wrap test " + id  + " expected " + new String(Hex.encode(out)) + " got " + new String(Hex.encode(cText)));
+            }
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": failed wrap test exception " + e.toString(), e);
+        }
+
+        wrapper.init(false, paramsUnwrap);
+
+        try
+        {
+            byte[]  pText = wrapper.unwrap(out, 0, out.length);
+            if (!Arrays.areEqual(pText, in))
+            {
+                return new SimpleTestResult(false, getName() + ": failed unwrap test " + id  + " expected " + new String(Hex.encode(in)) + " got " + new String(Hex.encode(pText)));
+            }
+        }
+        catch (Exception e)
+        {
+            return new SimpleTestResult(false, getName() + ": failed unwrap test exception " + e.toString(), e);
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public TestResult perform()
+    {
+        byte[]  kek1 = Hex.decode("fd04fd08060707fb0003fefffd02fe05");
+        byte[]  iv1 = Hex.decode("c7d90059b29e97f7");
+        byte[]  in1 = Hex.decode("b70a25fbc9d86a86050ce0d711ead4d9");
+        byte[]  out1 = Hex.decode("70e699fb5701f7833330fb71e87c85a420bdc99af05d22af5a0e48d35f3138986cbaafb4b28d4f35");
+        // 
+        // note the RFC 3217 test specifies a key to be used with an effective key size of
+        // 40 bits which is why it is done here - in practice nothing less than 128 bits should be used.
+        //
+        CipherParameters paramWrap = new ParametersWithRandom(new ParametersWithIV(new RC2Parameters(kek1, 40), iv1), new RFCRandom());
+        CipherParameters paramUnwrap = new RC2Parameters(kek1, 40);
+        
+        TestResult result = wrapTest(1, paramWrap, paramUnwrap, in1, out1);
+        
+        if (!result.isSuccessful())
+        {
+            return result;
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public String getName()
+    {
+        return "RC2Wrap";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        RC2WrapTest test = new RC2WrapTest();
+        TestResult result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RC4Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC4Test.java
new file mode 100644
index 0000000..e4d3974
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC4Test.java
@@ -0,0 +1,45 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.RC4Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * RC4 Test
+ */
+public class RC4Test
+    extends SimpleTest
+{
+    StreamCipherVectorTest[] tests =
+    {
+        new StreamCipherVectorTest(0, new RC4Engine(),
+                new KeyParameter(Hex.decode("0123456789ABCDEF")),
+                "4e6f772069732074", "3afbb5c77938280d"),
+        new StreamCipherVectorTest(0, new RC4Engine(),
+                new KeyParameter(Hex.decode("0123456789ABCDEF")),
+                "68652074696d6520", "1cf1e29379266d59"),
+        new StreamCipherVectorTest(0, new RC4Engine(),
+                new KeyParameter(Hex.decode("0123456789ABCDEF")),
+                "666f7220616c6c20", "12fbb0c771276459")
+    };
+
+    public String getName()
+    {
+        return "RC4";
+    }
+
+    public void performTest()
+    {
+        for (int i = 0; i != tests.length; i++)
+        {
+            tests[i].performTest();
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RC4Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RC5Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC5Test.java
new file mode 100644
index 0000000..0ffdc89
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC5Test.java
@@ -0,0 +1,188 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.RC532Engine;
+import org.bouncycastle.crypto.engines.RC564Engine;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.crypto.params.RC5Parameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * RC5 tester - vectors from ftp://ftp.nordu.net/rfc/rfc2040.txt
+ *
+ * RFC 2040 "The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms"
+ */
+public class RC5Test
+    implements Test
+{
+    BlockCipherVectorTest[] tests =
+    {
+        new BlockCipherVectorTest(0, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 0),
+                    Hex.decode("0000000000000000")),
+                "0000000000000000", "7a7bba4d79111d1e"), 
+        new BlockCipherVectorTest(1, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 0),
+                    Hex.decode("0000000000000000")),
+                "ffffffffffffffff", "797bba4d78111d1e"), 
+        new BlockCipherVectorTest(2, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 0),
+                    Hex.decode("0000000000000001")),
+                "0000000000000000", "7a7bba4d79111d1f"), 
+        new BlockCipherVectorTest(3, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 0),
+                    Hex.decode("0000000000000000")),
+                "0000000000000001", "7a7bba4d79111d1f"), 
+        new BlockCipherVectorTest(4, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 0),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "8b9ded91ce7794a6"),
+        new BlockCipherVectorTest(5, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("11"), 1),
+                    Hex.decode("0000000000000000")),
+                "0000000000000000", "2f759fe7ad86a378"),
+        new BlockCipherVectorTest(6, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 2),
+                    Hex.decode("0000000000000000")),
+                "0000000000000000", "dca2694bf40e0788"),
+        new BlockCipherVectorTest(7, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00000000"), 2),
+                    Hex.decode("0000000000000000")),
+                "0000000000000000", "dca2694bf40e0788"),
+        new BlockCipherVectorTest(8, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00000000"), 8),
+                    Hex.decode("0000000000000000")),
+                "0000000000000000", "dcfe098577eca5ff"),
+        new BlockCipherVectorTest(9, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 8),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "9646fb77638f9ca8"),
+        new BlockCipherVectorTest(10, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 12),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "b2b3209db6594da4"),
+        new BlockCipherVectorTest(11, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 16),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "545f7f32a5fc3836"),
+        new BlockCipherVectorTest(12, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("01020304"), 8),
+                    Hex.decode("0000000000000000")),
+                "ffffffffffffffff", "8285e7c1b5bc7402"),
+        new BlockCipherVectorTest(13, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("01020304"), 12),
+                    Hex.decode("0000000000000000")),
+                "ffffffffffffffff", "fc586f92f7080934"),
+        new BlockCipherVectorTest(14, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("01020304"), 16),
+                    Hex.decode("0000000000000000")),
+                "ffffffffffffffff", "cf270ef9717ff7c4"),
+        new BlockCipherVectorTest(15, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("0102030405060708"), 12),
+                    Hex.decode("0000000000000000")),
+                "ffffffffffffffff", "e493f1c1bb4d6e8c"),
+        new BlockCipherVectorTest(16, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("0102030405060708"), 8),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "5c4c041e0f217ac3"),
+        new BlockCipherVectorTest(17, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("0102030405060708"), 12),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "921f12485373b4f7"),
+        new BlockCipherVectorTest(18, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("0102030405060708"), 16),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "5ba0ca6bbe7f5fad"),
+        new BlockCipherVectorTest(19, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("01020304050607081020304050607080"), 8),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "c533771cd0110e63"),
+        new BlockCipherVectorTest(20, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("01020304050607081020304050607080"), 12),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "294ddb46b3278d60"),
+        new BlockCipherVectorTest(21, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("01020304050607081020304050607080"), 16),
+                    Hex.decode("0102030405060708")),
+                "1020304050607080", "dad6bda9dfe8f7e8"),
+        new BlockCipherVectorTest(22, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("0102030405"), 12),
+                    Hex.decode("0000000000000000")),
+                "ffffffffffffffff", "97e0787837ed317f"),
+        new BlockCipherVectorTest(23, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("0102030405"), 8),
+                    Hex.decode("0000000000000000")),
+                "ffffffffffffffff", "7875dbf6738c6478"),
+        new BlockCipherVectorTest(23, new CBCBlockCipher(new RC532Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("0102030405"), 8),
+                    Hex.decode("7875dbf6738c6478")),
+                "0808080808080808", "8f34c3c681c99695"),
+        new BlockCipherVectorTest(640, new CBCBlockCipher(new RC564Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 0),
+                    Hex.decode("00000000000000000000000000000000")),
+                "00000000000000000000000000000000", "9f09b98d3f6062d9d4d59973d00e0e63"),
+        new BlockCipherVectorTest(641, new CBCBlockCipher(new RC564Engine()),
+                new ParametersWithIV(
+                    new RC5Parameters(Hex.decode("00"), 0),
+                    Hex.decode("00000000000000000000000000000000")),
+                "ffffffffffffffffffffffffffffffff", "9e09b98d3f6062d9d3d59973d00e0e63")
+    };
+
+    public String getName()
+    {
+        return "RC5";
+    }
+
+    public TestResult perform()
+    {
+        for (int i = 0; i != tests.length; i++)
+        {
+            TestResult  res = tests[i].perform();
+
+            if (!res.isSuccessful())
+            {
+                return res;
+            }
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        RC5Test     test = new RC5Test();
+        TestResult  result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RC6Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC6Test.java
new file mode 100644
index 0000000..254c137
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RC6Test.java
@@ -0,0 +1,64 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.RC6Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * RC6 Test - test vectors from AES Submitted RSA Reference implementation.
+ * ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/aes/rc6-unix-refc.tar
+ */
+public class RC6Test
+    extends CipherTest
+{
+    static SimpleTest[]  tests = 
+            {
+                new BlockCipherVectorTest(0, new RC6Engine(),
+                        new KeyParameter(
+                            Hex.decode("00000000000000000000000000000000")),
+                        "80000000000000000000000000000000",
+                        "f71f65e7b80c0c6966fee607984b5cdf"),
+                new BlockCipherVectorTest(1, new RC6Engine(),
+                        new KeyParameter(
+                            Hex.decode("000000000000000000000000000000008000000000000000")),
+                        "00000000000000000000000000000000",
+                        "dd04c176440bbc6686c90aee775bd368"),
+                new BlockCipherVectorTest(2, new RC6Engine(),
+                        new KeyParameter(
+                            Hex.decode("000000000000000000000000000000000000001000000000")),
+                        "00000000000000000000000000000000",
+                        "937fe02d20fcb72f0f57201012b88ba4"),
+                new BlockCipherVectorTest(3, new RC6Engine(),
+                        new KeyParameter(
+                            Hex.decode("00000001000000000000000000000000")),
+                        "00000000000000000000000000000000",
+                        "8a380594d7396453771a1dfbe2914c8e"),
+                new BlockCipherVectorTest(4, new RC6Engine(),
+                        new KeyParameter(
+                            Hex.decode("1000000000000000000000000000000000000000000000000000000000000000")),
+                        "00000000000000000000000000000000",
+                        "11395d4bfe4c8258979ee2bf2d24dff4"),
+                new BlockCipherVectorTest(5, new RC6Engine(),
+                        new KeyParameter(
+                            Hex.decode("0000000000000000000000000000000000080000000000000000000000000000")),
+                        "00000000000000000000000000000000",
+                        "3d6f7e99f6512553bb983e8f75672b97")
+            };
+
+    RC6Test()
+    {
+        super(tests, new RC6Engine(), new KeyParameter(new byte[32]));
+    }
+
+    public String getName()
+    {
+        return "RC6";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RC6Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RFC3211WrapTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RFC3211WrapTest.java
new file mode 100644
index 0000000..f556cff
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RFC3211WrapTest.java
@@ -0,0 +1,220 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.Wrapper;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+import java.security.SecureRandom;
+
+/**
+ * Wrap Test based on RFC3211 test vectors
+ */
+public class RFC3211WrapTest
+    extends SimpleTest
+{
+    SecureRandom r1 = new SecureRandom()
+    {
+        int[] ints = { 0xC4, 0x36, 0xF5, 0x41 };
+        int count = 0;
+
+        public int nextInt()
+        {
+            return ints[count++];
+        }
+    };
+
+    SecureRandom r2 = new SecureRandom()
+    {
+        int[] ints = { 0xFA, 0x06, 0x0A, 0x45 };
+        int count = 0;
+
+        public int nextInt()
+        {
+            return ints[count++];
+        }
+    };
+
+    public String getName()
+    {
+        return "RFC3211Wrap";
+    }
+
+    private void wrapTest(
+        int          id,
+        BlockCipher  engine,
+        byte[]       kek,
+        byte[]       iv,
+        SecureRandom rand,
+        byte[]       in,
+        byte[]       out)
+        throws Exception
+    {
+        Wrapper wrapper = new RFC3211WrapEngine(engine);
+
+        wrapper.init(true, new ParametersWithRandom(new ParametersWithIV(new KeyParameter(kek), iv), rand));
+
+        byte[]  cText = wrapper.wrap(in, 0, in.length);
+        if (!Arrays.areEqual(cText, out))
+        {
+            fail("failed wrap test " + id  + " expected " + new String(Hex.encode(out)) + " got " + new String(Hex.encode(cText)));
+        }
+
+        wrapper.init(false, new ParametersWithIV(new KeyParameter(kek), iv));
+
+        byte[]  pText = wrapper.unwrap(out, 0, out.length);
+        if (!Arrays.areEqual(pText, in))
+        {
+            fail("rfailed unwrap test " + id  + " expected " + new String(Hex.encode(in)) + " got " + new String(Hex.encode(pText)));
+        }
+    }
+
+    private void testCorruption()
+        throws InvalidCipherTextException
+    {
+        byte[] kek = Hex.decode("D1DAA78615F287E6");
+        byte[] iv = Hex.decode("EFE598EF21B33D6D");
+
+        Wrapper wrapper = new RFC3211WrapEngine(new DESEngine());
+
+        wrapper.init(false, new ParametersWithIV(new KeyParameter(kek), iv));
+
+        byte[] block = Hex.decode("ff739D838C627C897323A2F8C436F541");
+        encryptBlock(kek, iv, block);
+
+        try
+        {
+            wrapper.unwrap(block, 0, block.length);
+
+            fail("bad length not detected");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            if (!e.getMessage().equals("wrapped key corrupted"))
+            {
+                fail("wrong exception on length");
+            }
+        }
+
+        block = Hex.decode("08639D838C627C897323A2F8C436F541");
+        testChecksum(kek, iv, block, wrapper);
+
+        block = Hex.decode("08736D838C627C897323A2F8C436F541");
+        testChecksum(kek, iv, block, wrapper);
+        
+        block = Hex.decode("08739D638C627C897323A2F8C436F541");
+        testChecksum(kek, iv, block, wrapper);
+    }
+
+    private void testChecksum(byte[] kek, byte[] iv, byte[] block, Wrapper wrapper)
+    {
+        encryptBlock(kek, iv, block);
+
+        try
+        {
+            wrapper.unwrap(block, 0, block.length);
+
+            fail("bad checksum not detected");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            if (!e.getMessage().equals("wrapped key fails checksum"))
+            {
+                fail("wrong exception");
+            }
+        }
+    }
+
+    private void encryptBlock(byte[] key, byte[] iv, byte[] cekBlock)
+    {
+        BlockCipher engine = new CBCBlockCipher(new DESEngine());
+
+        engine.init(true, new ParametersWithIV(new KeyParameter(key), iv));
+
+        for (int i = 0; i < cekBlock.length; i += 8)
+        {
+            engine.processBlock(cekBlock, i, cekBlock, i);
+        }
+
+        for (int i = 0; i < cekBlock.length; i += 8)
+        {
+            engine.processBlock(cekBlock, i, cekBlock, i);
+        }
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        wrapTest(1, new DESEngine(), Hex.decode("D1DAA78615F287E6"), Hex.decode("EFE598EF21B33D6D"), r1, Hex.decode("8C627C897323A2F8"), Hex.decode("B81B2565EE373CA6DEDCA26A178B0C10"));
+        wrapTest(2, new DESedeEngine(), Hex.decode("6A8970BF68C92CAEA84A8DF28510858607126380CC47AB2D"), Hex.decode("BAF1CA7931213C4E"), r2,
+                    Hex.decode("8C637D887223A2F965B566EB014B0FA5D52300A3F7EA40FFFC577203C71BAF3B"),
+                    Hex.decode("C03C514ABDB9E2C5AAC038572B5E24553876B377AAFB82ECA5A9D73F8AB143D9EC74E6CAD7DB260C"));
+
+        testCorruption();
+        
+        Wrapper          wrapper = new RFC3211WrapEngine(new DESEngine());
+        ParametersWithIV params = new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]);
+        byte[]           buf = new byte[16];
+
+        try
+        {
+            wrapper.init(true, params);
+
+            wrapper.unwrap(buf, 0, buf.length);
+
+            fail("failed unwrap state test.");
+        }
+        catch (IllegalStateException e)
+        {
+            // expected
+        }
+        catch (InvalidCipherTextException e)
+        {
+            fail("unexpected exception: " + e, e);
+        }
+
+        try
+        {
+            wrapper.init(false, params);
+
+            wrapper.wrap(buf, 0, buf.length);
+
+            fail("failed unwrap state test.");
+        }
+        catch (IllegalStateException e)
+        {
+            // expected
+        }
+
+        //
+        // short test
+        //
+        try
+        {
+            wrapper.init(false, params);
+
+            wrapper.unwrap(buf, 0, buf.length / 2);
+
+            fail("failed unwrap short test.");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            // expected
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RFC3211WrapTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD128DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD128DigestTest.java
new file mode 100644
index 0000000..bdd622c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD128DigestTest.java
@@ -0,0 +1,58 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.RIPEMD128Digest;
+
+/**
+ * RIPEMD128 Digest Test
+ */
+public class RIPEMD128DigestTest
+    extends DigestTest
+{
+    final static String[] messages = {
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+    };
+
+    final static String[] digests = {
+        "cdf26213a150dc3ecb610f18f6b38b46",
+        "86be7afa339d0fc7cfc785e72f578d33",
+        "c14a12199c66e4ba84636b0f69144c77",
+        "9e327b3d6e523062afc1132d7df9d1b8",
+        "fd2aa607f71dc8f510714922b371834e",
+        "a1aa0689d0fafa2ddc22e88b49133a06",
+        "d1e959eb179c911faea4624c60c5c702",
+        "3f45ef194732c2dbb2c4a2c769795fa3"
+    };
+
+    final static String million_a_digest = "4a7f5723f954eba1216c9d8f6320431f";
+        
+    RIPEMD128DigestTest()
+    {
+        super(new RIPEMD128Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+        
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new RIPEMD128Digest((RIPEMD128Digest)digest);
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RIPEMD128DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD128HMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD128HMacTest.java
new file mode 100644
index 0000000..cc042c9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD128HMacTest.java
@@ -0,0 +1,86 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.digests.RIPEMD128Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * RIPEMD128 HMac Test, test vectors from RFC 2286
+ */
+public class RIPEMD128HMacTest
+    implements Test
+{
+    final static String[] keys = {
+        "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+        "4a656665",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "0102030405060708090a0b0c0d0e0f10111213141516171819",
+        "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+    };
+
+    final static String[] digests = {
+        "fbf61f9492aa4bbf81c172e84e0734db",
+        "875f828862b6b334b427c55f9f7ff09b",
+        "09f0b2846d2f543da363cbec8d62a38d",
+        "bdbbd7cf03e44b5aa60af815be4d2294",
+        "e79808f24b25fd031c155f0d551d9a3a",
+        "dc732928de98104a1f59d373c150acbb",
+        "5c6bec96793e16d40690c237635f30c5"
+    };
+
+    final static String[] messages = {
+        "Hi There",
+        "what do ya want for nothing?",
+        "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+        "0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "Test With Truncation",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+        "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"
+    };
+        
+    public String getName()
+    {
+        return "RIPEMD128HMac";
+    }
+
+    public TestResult perform()
+    {
+        HMac hmac = new HMac(new RIPEMD128Digest());
+        byte[] resBuf = new byte[hmac.getMacSize()];
+
+        for (int i = 0; i < messages.length; i++)
+        {
+            byte[] m = messages[i].getBytes();
+            if (messages[i].startsWith("0x"))
+            {
+                m = Hex.decode(messages[i].substring(2));
+            }
+            hmac.init(new KeyParameter(Hex.decode(keys[i])));
+            hmac.update(m, 0, m.length);
+            hmac.doFinal(resBuf, 0);
+
+            if (!Arrays.areEqual(resBuf, Hex.decode(digests[i])))
+            {
+                return new SimpleTestResult(false, getName() + ": Vector " + i + " failed");
+            }
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        RIPEMD128HMacTest   test = new RIPEMD128HMacTest();
+        TestResult          result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD160DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD160DigestTest.java
new file mode 100644
index 0000000..e92693d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD160DigestTest.java
@@ -0,0 +1,58 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+
+/**
+ * RIPEMD160 Digest Test
+ */
+public class RIPEMD160DigestTest
+    extends DigestTest
+{
+    final static String[] messages = {
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+    };
+
+    final static String[] digests = {
+        "9c1185a5c5e9fc54612808977ee8f548b2258d31",
+        "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
+        "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
+        "5d0689ef49d2fae572b881b123a85ffa21595f36",
+        "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
+        "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
+        "b0e20b6e3116640286ed3a87a5713079b21f5189",
+        "9b752e45573d4b39f4dbd3323cab82bf63326bfb"
+    };
+
+    final static String million_a_digest = "52783243c1697bdbe16d37f97f68f08325dc1528";
+
+    RIPEMD160DigestTest()
+    {
+        super(new RIPEMD160Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+        
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new RIPEMD160Digest((RIPEMD160Digest)digest);
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RIPEMD160DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD160HMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD160HMacTest.java
new file mode 100644
index 0000000..7e6e813
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD160HMacTest.java
@@ -0,0 +1,86 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * RIPEMD160 HMac Test, test vectors from RFC 2286
+ */
+public class RIPEMD160HMacTest
+    implements Test
+{
+    final static String[] keys = {
+        "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+        "4a656665",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "0102030405060708090a0b0c0d0e0f10111213141516171819",
+        "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+    };
+
+    final static String[] digests = {
+        "24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668",
+        "dda6c0213a485a9e24f4742064a7f033b43c4069",
+        "b0b105360de759960ab4f35298e116e295d8e7c1",
+        "d5ca862f4d21d5e610e18b4cf1beb97a4365ecf4",
+        "7619693978f91d90539ae786500ff3d8e0518e39",
+        "6466ca07ac5eac29e1bd523e5ada7605b791fd8b",
+        "69ea60798d71616cce5fd0871e23754cd75d5a0a"
+    };
+
+    final static String[] messages = {
+        "Hi There",
+        "what do ya want for nothing?",
+        "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+        "0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "Test With Truncation",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+        "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"
+    };
+
+    public String getName()
+    {
+        return "RIPEMD160HMac";
+    }
+
+    public TestResult perform()
+    {
+        HMac hmac = new HMac(new RIPEMD160Digest());
+        byte[] resBuf = new byte[hmac.getMacSize()];
+
+        for (int i = 0; i < messages.length; i++)
+        {
+            byte[] m = messages[i].getBytes();
+            if (messages[i].startsWith("0x"))
+            {
+                m = Hex.decode(messages[i].substring(2));
+            }
+            hmac.init(new KeyParameter(Hex.decode(keys[i])));
+            hmac.update(m, 0, m.length);
+            hmac.doFinal(resBuf, 0);
+
+            if (!Arrays.areEqual(resBuf, Hex.decode(digests[i])))
+            {
+                return new SimpleTestResult(false, getName() + ": Vector " + i + " failed");
+            }
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        RIPEMD160HMacTest   test = new RIPEMD160HMacTest();
+        TestResult          result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD256DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD256DigestTest.java
new file mode 100644
index 0000000..4de70d8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD256DigestTest.java
@@ -0,0 +1,58 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.RIPEMD256Digest;
+
+/**
+ * RIPEMD128 Digest Test
+ */
+public class RIPEMD256DigestTest
+    extends DigestTest
+{
+    final static String[] messages = {
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+    };
+
+    final static String[] digests = {
+        "02ba4c4e5f8ecd1877fc52d64d30e37a2d9774fb1e5d026380ae0168e3c5522d",
+        "f9333e45d857f5d90a91bab70a1eba0cfb1be4b0783c9acfcd883a9134692925",
+        "afbd6e228b9d8cbbcef5ca2d03e6dba10ac0bc7dcbe4680e1e42d2e975459b65",
+        "87e971759a1ce47a514d5c914c392c9018c7c46bc14465554afcdf54a5070c0e",
+        "649d3034751ea216776bf9a18acc81bc7896118a5197968782dd1fd97d8d5133",
+        "3843045583aac6c8c8d9128573e7a9809afb2a0f34ccc36ea9e72f16f6368e3f",
+        "5740a408ac16b720b84424ae931cbb1fe363d1d0bf4017f1a89f7ea6de77a0b8",
+        "06fdcc7a409548aaf91368c06a6275b553e3f099bf0ea4edfd6778df89a890dd"
+    };
+
+    final static String million_a_digest = "ac953744e10e31514c150d4d8d7b677342e33399788296e43ae4850ce4f97978";
+
+    RIPEMD256DigestTest()
+    {
+        super(new RIPEMD256Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+        
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new RIPEMD256Digest((RIPEMD256Digest)digest);
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RIPEMD256DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD320DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD320DigestTest.java
new file mode 100644
index 0000000..351b1b7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RIPEMD320DigestTest.java
@@ -0,0 +1,58 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.RIPEMD320Digest;
+
+/**
+ * RIPEMD320 Digest Test
+ */
+public class RIPEMD320DigestTest
+    extends DigestTest
+{
+    final static String[] messages = {
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+    };
+
+    final static String[] digests = {
+        "22d65d5661536cdc75c1fdf5c6de7b41b9f27325ebc61e8557177d705a0ec880151c3a32a00899b8",
+        "ce78850638f92658a5a585097579926dda667a5716562cfcf6fbe77f63542f99b04705d6970dff5d",
+        "de4c01b3054f8930a79d09ae738e92301e5a17085beffdc1b8d116713e74f82fa942d64cdbc4682d",
+        "3a8e28502ed45d422f68844f9dd316e7b98533fa3f2a91d29f84d425c88d6b4eff727df66a7c0197",
+        "cabdb1810b92470a2093aa6bce05952c28348cf43ff60841975166bb40ed234004b8824463e6b009",
+        "d034a7950cf722021ba4b84df769a5de2060e259df4c9bb4a4268c0e935bbc7470a969c9d072a1ac",
+        "ed544940c86d67f250d232c30b7b3e5770e0c60c8cb9a4cafe3b11388af9920e1b99230b843c86a4",
+        "557888af5f6d8ed62ab66945c6d2a0a47ecd5341e915eb8fea1d0524955f825dc717e4a008ab2d42"
+    };
+
+    final static String million_a_digest = "bdee37f4371e20646b8b0d862dda16292ae36f40965e8c8509e63d1dbddecc503e2b63eb9245bb66";
+        
+    RIPEMD320DigestTest()
+    {
+        super(new RIPEMD320Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+        
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new RIPEMD320Digest((RIPEMD320Digest)digest);
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RIPEMD320DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RSABlindedTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RSABlindedTest.java
new file mode 100644
index 0000000..7cb6e98
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RSABlindedTest.java
@@ -0,0 +1,437 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.AsymmetricBlockCipher;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.encodings.OAEPEncoding;
+import org.bouncycastle.crypto.encodings.PKCS1Encoding;
+import org.bouncycastle.crypto.engines.RSABlindedEngine;
+import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
+import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+public class RSABlindedTest
+    extends SimpleTest
+{
+    static BigInteger mod = new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16);
+    static BigInteger  pubExp = new BigInteger("11", 16);
+    static BigInteger  privExp = new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16);
+    static BigInteger  p = new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16);
+    static BigInteger  q = new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16);
+    static BigInteger  pExp = new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16);
+    static BigInteger  qExp = new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16);
+    static BigInteger  crtCoef = new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16);
+
+    static String input = "4e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e";
+
+    //
+    // to check that we handling byte extension by big number correctly.
+    //
+    static String edgeInput = "ff6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e";
+
+    static byte[] oversizedSig = Hex.decode("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff004e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e");
+    static byte[] dudBlock = Hex.decode("000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff004e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e");
+    static byte[] truncatedDataBlock = Hex.decode("0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff004e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e");
+    static byte[] incorrectPadding = Hex.decode("0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff4e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e");
+    static byte[] missingDataBlock = Hex.decode("0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
+
+    public String getName()
+    {
+        return "RSABlinded";
+    }
+
+    private void testStrictPKCS1Length(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        AsymmetricBlockCipher eng = new RSABlindedEngine();
+
+        eng.init(true, privParameters);
+
+        byte[] data = null;
+
+        try
+        {
+            data = eng.processBlock(oversizedSig, 0, oversizedSig.length);
+        }
+        catch (Exception e)
+        {
+            fail("RSA: failed - exception " + e.toString(), e);
+        }
+
+        eng = new PKCS1Encoding(eng);
+
+        eng.init(false, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+
+            fail("oversized signature block not recognised");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            if (!e.getMessage().equals("block incorrect size"))
+            {
+                fail("RSA: failed - exception " + e.toString(), e);
+            }
+        }
+
+        //System.setProperty(PKCS1Encoding.STRICT_LENGTH_ENABLED_PROPERTY, "false");
+
+        System.getProperties().put(PKCS1Encoding.STRICT_LENGTH_ENABLED_PROPERTY, "false");
+        eng = new PKCS1Encoding(new RSABlindedEngine());
+
+        eng.init(false, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (InvalidCipherTextException e)
+        {
+            fail("RSA: failed - exception " + e.toString(), e);
+        }
+
+        System.getProperties().remove(PKCS1Encoding.STRICT_LENGTH_ENABLED_PROPERTY);
+    }
+
+    private void testTruncatedPKCS1Block(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        checkForPKCS1Exception(pubParameters, privParameters, truncatedDataBlock, "block truncated");
+    }
+
+    private void testDudPKCS1Block(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        checkForPKCS1Exception(pubParameters, privParameters, dudBlock, "unknown block type");
+    }
+
+    private void testWrongPaddingPKCS1Block(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        checkForPKCS1Exception(pubParameters, privParameters, incorrectPadding, "block padding incorrect");
+    }
+
+    private void testMissingDataPKCS1Block(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        checkForPKCS1Exception(pubParameters, privParameters, missingDataBlock, "no data in block");
+    }
+
+    private void checkForPKCS1Exception(RSAKeyParameters pubParameters, RSAKeyParameters privParameters, byte[] inputData, String expectedMessage)
+    {
+        AsymmetricBlockCipher   eng = new RSABlindedEngine();
+
+        eng.init(true, privParameters);
+
+        byte[] data = null;
+
+        try
+        {
+            data = eng.processBlock(inputData, 0, inputData.length);
+        }
+        catch (Exception e)
+        {
+            fail("RSA: failed - exception " + e.toString(), e);
+        }
+
+        eng = new PKCS1Encoding(eng);
+
+        eng.init(false, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+
+            fail("missing data block not recognised");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            if (!e.getMessage().equals(expectedMessage))
+            {
+                fail("RSA: failed - exception " + e.toString(), e);
+            }
+        }
+    }
+
+    private void testOAEP(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        //
+        // OAEP - public encrypt, private decrypt
+        //
+        AsymmetricBlockCipher eng = new OAEPEncoding(new RSABlindedEngine());
+        byte[] data = Hex.decode(input);
+
+        eng.init(true, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed OAEP Test");
+        }
+    }
+
+    public void performTest()
+    {
+        RSAKeyParameters    pubParameters = new RSAKeyParameters(false, mod, pubExp);
+        RSAKeyParameters    privParameters = new RSAPrivateCrtKeyParameters(mod, pubExp, privExp, p, q, pExp, qExp, crtCoef);
+        byte[]              data = Hex.decode(edgeInput);
+
+        //
+        // RAW
+        //
+        AsymmetricBlockCipher   eng = new RSABlindedEngine();
+
+        eng.init(true, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("RSA: failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!edgeInput.equals(new String(Hex.encode(data))))
+        {
+            fail("failed RAW edge Test");
+        }
+
+        data = Hex.decode(input);
+
+        eng.init(true, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed RAW Test");
+        }
+
+        //
+        // PKCS1 - public encrypt, private decrypt
+        //
+        eng = new PKCS1Encoding(eng);
+
+        eng.init(true, pubParameters);
+
+        if (eng.getOutputBlockSize() != ((PKCS1Encoding)eng).getUnderlyingCipher().getOutputBlockSize())
+        {
+            fail("PKCS1 output block size incorrect");
+        }
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed PKCS1 public/private Test");
+        }
+
+        //
+        // PKCS1 - private encrypt, public decrypt
+        //
+        eng = new PKCS1Encoding(((PKCS1Encoding)eng).getUnderlyingCipher());
+
+        eng.init(true, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed PKCS1 private/public Test");
+        }
+
+        //
+        // key generation test
+        //
+        RSAKeyPairGenerator pGen = new RSAKeyPairGenerator();
+        RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
+                                            BigInteger.valueOf(0x11), new SecureRandom(), 768, 25);
+
+        pGen.init(genParam);
+
+        AsymmetricCipherKeyPair pair = pGen.generateKeyPair();
+
+        eng = new RSABlindedEngine();
+
+        if (((RSAKeyParameters)pair.getPublic()).getModulus().bitLength() < 768)
+        {
+            fail("failed key generation (768) length test");
+        }
+
+        eng.init(true, pair.getPublic());
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, pair.getPrivate());
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed key generation (768) Test");
+        }
+
+        genParam = new RSAKeyGenerationParameters(BigInteger.valueOf(0x11), new SecureRandom(), 1024, 25);
+
+        pGen.init(genParam);
+        pair = pGen.generateKeyPair();
+
+        eng.init(true, pair.getPublic());
+
+        if (((RSAKeyParameters)pair.getPublic()).getModulus().bitLength() < 1024)
+        {
+            fail("failed key generation (1024) length test");
+        }
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, pair.getPrivate());
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed key generation (1024) test");
+        }
+
+        testOAEP(pubParameters, privParameters);
+        testStrictPKCS1Length(pubParameters, privParameters);
+        testDudPKCS1Block(pubParameters, privParameters);
+        testMissingDataPKCS1Block(pubParameters, privParameters);
+        testTruncatedPKCS1Block(pubParameters, privParameters);
+        testWrongPaddingPKCS1Block(pubParameters, privParameters);
+
+        try
+        {
+            new RSABlindedEngine().processBlock(new byte[]{ 1 }, 0, 1);
+            fail("failed initialisation check");
+        }
+        catch (IllegalStateException e)
+        {
+            // expected
+        }
+    }
+
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RSABlindedTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RSADigestSignerTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RSADigestSignerTest.java
new file mode 100644
index 0000000..605a2ca
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RSADigestSignerTest.java
@@ -0,0 +1,55 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.crypto.signers.RSADigestSigner;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTest;
+
+import java.math.BigInteger;
+
+public class RSADigestSignerTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "RSADigestSigner";
+    }
+
+    public void performTest() throws Exception
+    {
+        BigInteger rsaPubMod = new BigInteger(Base64.decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
+        BigInteger rsaPubExp = new BigInteger(Base64.decode("EQ=="));
+        BigInteger rsaPrivMod = new BigInteger(Base64.decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
+        BigInteger rsaPrivDP = new BigInteger(Base64.decode("JXzfzG5v+HtLJIZqYMUefJfFLu8DPuJGaLD6lI3cZ0babWZ/oPGoJa5iHpX4Ul/7l3s1PFsuy1GhzCdOdlfRcQ=="));
+        BigInteger rsaPrivDQ = new BigInteger(Base64.decode("YNdJhw3cn0gBoVmMIFRZzflPDNthBiWy/dUMSRfJCxoZjSnr1gysZHK01HteV1YYNGcwPdr3j4FbOfri5c6DUQ=="));
+        BigInteger rsaPrivExp = new BigInteger(Base64.decode("DxFAOhDajr00rBjqX+7nyZ/9sHWRCCp9WEN5wCsFiWVRPtdB+NeLcou7mWXwf1Y+8xNgmmh//fPV45G2dsyBeZbXeJwB7bzx9NMEAfedchyOwjR8PYdjK3NpTLKtZlEJ6Jkh4QihrXpZMO4fKZWUm9bid3+lmiq43FwW+Hof8/E="));
+        BigInteger rsaPrivP = new BigInteger(Base64.decode("AJ9StyTVW+AL/1s7RBtFwZGFBgd3zctBqzzwKPda6LbtIFDznmwDCqAlIQH9X14X7UPLokCDhuAa76OnDXb1OiE="));
+        BigInteger rsaPrivQ = new BigInteger(Base64.decode("AM3JfD79dNJ5A3beScSzPtWxx/tSLi0QHFtkuhtSizeXdkv5FSba7lVzwEOGKHmW829bRoNxThDy4ds1IihW1w0="));
+        BigInteger rsaPrivQinv = new BigInteger(Base64.decode("Lt0g7wrsNsQxuDdB8q/rH8fSFeBXMGLtCIqfOec1j7FEIuYA/ACiRDgXkHa0WgN7nLXSjHoy630wC5Toq8vvUg=="));
+        RSAKeyParameters rsaPublic = new RSAKeyParameters(false, rsaPubMod, rsaPubExp);
+        RSAPrivateCrtKeyParameters rsaPrivate = new RSAPrivateCrtKeyParameters(rsaPrivMod, rsaPubExp, rsaPrivExp, rsaPrivP, rsaPrivQ, rsaPrivDP, rsaPrivDQ, rsaPrivQinv);
+
+        byte[] msg = new byte[] { 1, 6, 3, 32, 7, 43, 2, 5, 7, 78, 4, 23 };
+
+        RSADigestSigner signer = new RSADigestSigner(new SHA1Digest());
+        signer.init(true, rsaPrivate);
+        signer.update(msg, 0, msg.length);
+        byte[] sig = signer.generateSignature();
+
+        signer = new RSADigestSigner(new SHA1Digest(), X509ObjectIdentifiers.id_SHA1);
+        signer.init(false, rsaPublic);
+        signer.update(msg, 0, msg.length);
+        if (!signer.verifySignature(sig))
+        {
+            fail("RSA Digest Signer failed.");
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new RSADigestSignerTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RSAKeyEncapsulationTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RSAKeyEncapsulationTest.java
new file mode 100644
index 0000000..058f468
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RSAKeyEncapsulationTest.java
@@ -0,0 +1,61 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
+import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
+import org.bouncycastle.crypto.kems.RSAKeyEncapsulation;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Tests for the RSA Key Encapsulation Mechanism
+ */
+public class RSAKeyEncapsulationTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "RSAKeyEncapsulation";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        // Generate RSA key pair
+        RSAKeyPairGenerator        rsaGen = new RSAKeyPairGenerator();
+        rsaGen.init(new RSAKeyGenerationParameters(BigInteger.valueOf(65537), new SecureRandom(), 1024, 5));
+        AsymmetricCipherKeyPair    keys   = rsaGen.generateKeyPair();
+        
+        // Set RSA-KEM parameters
+        RSAKeyEncapsulation     kem;
+        KDF2BytesGenerator        kdf = new KDF2BytesGenerator(new SHA1Digest());
+        SecureRandom            rnd = new SecureRandom();
+        byte[]                    out = new byte[128];
+        KeyParameter            key1, key2;
+        
+        // Test RSA-KEM
+        kem = new RSAKeyEncapsulation(kdf, rnd);
+        
+        kem.init(keys.getPublic());
+        key1 = (KeyParameter)kem.encrypt(out, 128);
+        
+        kem.init(keys.getPrivate());
+        key2 = (KeyParameter)kem.decrypt(out, 128);
+
+        if (!areEqual(key1.getKey(), key2.getKey()))
+        {
+            fail("failed test");
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RSAKeyEncapsulationTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RSATest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RSATest.java
new file mode 100644
index 0000000..a1ea399
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RSATest.java
@@ -0,0 +1,498 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricBlockCipher;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.encodings.OAEPEncoding;
+import org.bouncycastle.crypto.encodings.PKCS1Encoding;
+import org.bouncycastle.crypto.engines.RSAEngine;
+import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
+import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class RSATest
+    extends SimpleTest
+{
+    static BigInteger  mod = new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16);
+    static BigInteger  pubExp = new BigInteger("11", 16);
+    static BigInteger  privExp = new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16);
+    static BigInteger  p = new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16);
+    static BigInteger  q = new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16);
+    static BigInteger  pExp = new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16);
+    static BigInteger  qExp = new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16);
+    static BigInteger  crtCoef = new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16);
+
+    static String input = "4e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e";
+
+    //
+    // to check that we handling byte extension by big number correctly.
+    //
+    static String edgeInput = "ff6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e";
+    
+    static byte[] oversizedSig = Hex.decode("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff004e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e");
+    static byte[] dudBlock = Hex.decode("000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff004e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e");
+    static byte[] truncatedDataBlock = Hex.decode("0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff004e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e");
+    static byte[] incorrectPadding = Hex.decode("0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff4e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e");
+    static byte[] missingDataBlock = Hex.decode("0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
+
+    public String getName()
+    {
+        return "RSA";
+    }
+
+    private void testStrictPKCS1Length(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        AsymmetricBlockCipher   eng = new RSAEngine();
+
+        eng.init(true, privParameters);
+        
+        byte[] data = null;
+        
+        try
+        {
+            data = eng.processBlock(oversizedSig, 0, oversizedSig.length);
+        }
+        catch (Exception e)
+        {
+            fail("RSA: failed - exception " + e.toString(), e);
+        }
+        
+        eng = new PKCS1Encoding(eng);
+        
+        eng.init(false, pubParameters);
+        
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+            
+            fail("oversized signature block not recognised");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            if (!e.getMessage().equals("block incorrect size"))
+            {
+                fail("RSA: failed - exception " + e.toString(), e);
+            }
+        }
+        
+        //System.setProperty(PKCS1Encoding.STRICT_LENGTH_ENABLED_PROPERTY, "false");
+        
+        System.getProperties().put(PKCS1Encoding.STRICT_LENGTH_ENABLED_PROPERTY, "false");
+        eng = new PKCS1Encoding(new RSAEngine());
+        
+        eng.init(false, pubParameters);
+        
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (InvalidCipherTextException e)
+        {
+            fail("RSA: failed - exception " + e.toString(), e);
+        }
+        
+        System.getProperties().remove(PKCS1Encoding.STRICT_LENGTH_ENABLED_PROPERTY);
+    }
+        
+    private void testTruncatedPKCS1Block(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        checkForPKCS1Exception(pubParameters, privParameters, truncatedDataBlock, "block truncated");
+    }
+    
+    private void testDudPKCS1Block(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        checkForPKCS1Exception(pubParameters, privParameters, dudBlock, "unknown block type");
+    }
+
+    private void testWrongPaddingPKCS1Block(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        checkForPKCS1Exception(pubParameters, privParameters, incorrectPadding, "block padding incorrect");
+    }
+    
+    private void testMissingDataPKCS1Block(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        checkForPKCS1Exception(pubParameters, privParameters, missingDataBlock, "no data in block");
+    }
+
+    private void checkForPKCS1Exception(RSAKeyParameters pubParameters, RSAKeyParameters privParameters, byte[] inputData, String expectedMessage)
+    {
+        AsymmetricBlockCipher   eng = new RSAEngine();
+
+        eng.init(true, privParameters);
+        
+        byte[] data = null;
+        
+        try
+        {
+            data = eng.processBlock(inputData, 0, inputData.length);
+        }
+        catch (Exception e)
+        {
+            fail("RSA: failed - exception " + e.toString(), e);
+        }
+        
+        eng = new PKCS1Encoding(eng);
+        
+        eng.init(false, pubParameters);
+        
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+            
+            fail("missing data block not recognised");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            if (!e.getMessage().equals(expectedMessage))
+            {
+                fail("RSA: failed - exception " + e.toString(), e);
+            }
+        }
+    }
+    
+    private void testOAEP(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
+    {
+        //
+        // OAEP - public encrypt, private decrypt
+        //
+        AsymmetricBlockCipher eng = new OAEPEncoding(new RSAEngine());
+        byte[] data = Hex.decode(input);
+
+        eng.init(true, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed OAEP Test");
+        }
+    }
+
+    private void zeroBlockTest(CipherParameters encParameters, CipherParameters decParameters)
+    {
+        AsymmetricBlockCipher eng = new PKCS1Encoding(new RSAEngine());
+
+        eng.init(true, encParameters);
+
+        if (eng.getOutputBlockSize() != ((PKCS1Encoding)eng).getUnderlyingCipher().getOutputBlockSize())
+        {
+            fail("PKCS1 output block size incorrect");
+        }
+
+        byte[] zero = new byte[0];
+        byte[] data = null;
+
+        try
+        {
+            data = eng.processBlock(zero, 0, zero.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, decParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!Arrays.areEqual(zero, data))
+        {
+            fail("failed PKCS1 zero Test");
+        }
+    }
+
+    public void performTest()
+    {
+        RSAKeyParameters    pubParameters = new RSAKeyParameters(false, mod, pubExp);
+        RSAKeyParameters    privParameters = new RSAPrivateCrtKeyParameters(mod, pubExp, privExp, p, q, pExp, qExp, crtCoef);
+        byte[]              data = Hex.decode(edgeInput);
+
+        //
+        // RAW
+        //
+        AsymmetricBlockCipher   eng = new RSAEngine();
+
+        eng.init(true, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("RSA: failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!edgeInput.equals(new String(Hex.encode(data))))
+        {
+            fail("failed RAW edge Test");
+        }
+
+        data = Hex.decode(input);
+
+        eng.init(true, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed RAW Test");
+        }
+
+        //
+        // PKCS1 - public encrypt, private decrypt
+        //
+        eng = new PKCS1Encoding(eng);
+
+        eng.init(true, pubParameters);
+        
+        if (eng.getOutputBlockSize() != ((PKCS1Encoding)eng).getUnderlyingCipher().getOutputBlockSize())
+        {
+            fail("PKCS1 output block size incorrect");
+        }
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed PKCS1 public/private Test");
+        }
+
+        //
+        // PKCS1 - private encrypt, public decrypt
+        //
+        eng = new PKCS1Encoding(((PKCS1Encoding)eng).getUnderlyingCipher());
+
+        eng.init(true, privParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, pubParameters);
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed PKCS1 private/public Test");
+        }
+
+        zeroBlockTest(pubParameters, privParameters);
+        zeroBlockTest(privParameters, pubParameters);
+
+        //
+        // key generation test
+        //
+        RSAKeyPairGenerator  pGen = new RSAKeyPairGenerator();
+        RSAKeyGenerationParameters  genParam = new RSAKeyGenerationParameters(
+                                            BigInteger.valueOf(0x11), new SecureRandom(), 768, 25);
+
+        pGen.init(genParam);
+
+        AsymmetricCipherKeyPair  pair = pGen.generateKeyPair();
+        
+        eng = new RSAEngine();
+
+        if (((RSAKeyParameters)pair.getPublic()).getModulus().bitLength() < 768)
+        {
+            fail("failed key generation (768) length test");
+        }
+
+        eng.init(true, pair.getPublic());
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, pair.getPrivate());
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed key generation (768) Test");
+        }
+
+        genParam = new RSAKeyGenerationParameters(BigInteger.valueOf(0x11), new SecureRandom(), 1024, 25);
+
+        pGen.init(genParam);
+        pair = pGen.generateKeyPair();
+
+        eng.init(true, pair.getPublic());
+
+        if (((RSAKeyParameters)pair.getPublic()).getModulus().bitLength() < 1024)
+        {
+            fail("failed key generation (1024) length test");
+        }
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        eng.init(false, pair.getPrivate());
+
+        try
+        {
+            data = eng.processBlock(data, 0, data.length);
+        }
+        catch (Exception e)
+        {
+            fail("failed - exception " + e.toString(), e);
+        }
+
+        if (!input.equals(new String(Hex.encode(data))))
+        {
+            fail("failed key generation (1024) test");
+        }
+
+        genParam = new RSAKeyGenerationParameters(
+            BigInteger.valueOf(0x11), new SecureRandom(), 16, 25);
+        pGen.init(genParam);
+
+        for (int i = 0; i < 100; ++i)
+        {
+            pair = pGen.generateKeyPair();
+            RSAPrivateCrtKeyParameters privKey = (RSAPrivateCrtKeyParameters) pair.getPrivate();
+            BigInteger pqDiff = privKey.getP().subtract(privKey.getQ()).abs();
+
+            if (pqDiff.bitLength() < 5)
+            {
+                fail("P and Q too close in RSA key pair");
+            }
+        }
+        
+        testOAEP(pubParameters, privParameters);
+        testStrictPKCS1Length(pubParameters, privParameters);
+        testDudPKCS1Block(pubParameters, privParameters);
+        testMissingDataPKCS1Block(pubParameters, privParameters);
+        testTruncatedPKCS1Block(pubParameters, privParameters);
+        testWrongPaddingPKCS1Block(pubParameters, privParameters);
+
+        try
+        {
+            new RSAEngine().processBlock(new byte[]{ 1 }, 0, 1);
+            fail("failed initialisation check");
+        }
+        catch (IllegalStateException e)
+        {
+            // expected
+        }
+    }
+
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RSATest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RegressionTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RegressionTest.java
new file mode 100644
index 0000000..ea02a8f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RegressionTest.java
@@ -0,0 +1,161 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class RegressionTest
+{
+    public static Test[]    tests = 
+    {
+        new AESTest(),
+        new AESLightTest(),
+        new AESFastTest(),
+        new AESWrapTest(),
+        new AESWrapPadTest(),
+        new DESTest(),
+        new DESedeTest(),
+        new ModeTest(),
+        new PaddingTest(),
+        new DHTest(),
+        new ElGamalTest(),
+        new DSATest(),
+        new ECTest(),
+        new DeterministicDSATest(),
+        new GOST3410Test(),
+        new ECGOST3410Test(),
+        new ECIESTest(),
+        new ECNRTest(),
+        new MacTest(),
+        new GOST28147MacTest(),
+        new RC2Test(),
+        new RC2WrapTest(),
+        new RC4Test(),
+        new RC5Test(),
+        new RC6Test(),
+        new RijndaelTest(),
+        new SerpentTest(),
+        new CamelliaTest(),
+        new CamelliaLightTest(),
+        new DigestRandomNumberTest(),
+        new SkipjackTest(),
+        new BlowfishTest(),
+        new TwofishTest(),
+        new Threefish256Test(),
+        new Threefish512Test(),
+        new Threefish1024Test(),
+        new SkeinDigestTest(),
+        new SkeinMacTest(),
+        new CAST5Test(),
+        new CAST6Test(),
+        new GOST28147Test(),
+        new IDEATest(),
+        new RSATest(),
+        new RSABlindedTest(),
+        new RSADigestSignerTest(),
+        new PSSBlindTest(),
+        new ISO9796Test(),
+        new ISO9797Alg3MacTest(),
+        new MD2DigestTest(),
+        new MD4DigestTest(),
+        new MD5DigestTest(),
+        new SHA1DigestTest(),
+        new SHA224DigestTest(),
+        new SHA256DigestTest(),
+        new SHA384DigestTest(),
+        new SHA512DigestTest(),
+        new SHA512t224DigestTest(),
+        new SHA512t256DigestTest(),
+        new SHA3DigestTest(),
+        new RIPEMD128DigestTest(),
+        new RIPEMD160DigestTest(),
+        new RIPEMD256DigestTest(),
+        new RIPEMD320DigestTest(),
+        new TigerDigestTest(),
+        new GOST3411DigestTest(),
+        new WhirlpoolDigestTest(),
+        new MD5HMacTest(),
+        new SHA1HMacTest(),
+        new SHA224HMacTest(),
+        new SHA256HMacTest(),
+        new SHA384HMacTest(),
+        new SHA512HMacTest(),
+        new RIPEMD128HMacTest(),
+        new RIPEMD160HMacTest(),
+        new OAEPTest(),
+        new PSSTest(),
+        new CTSTest(),
+        new NISTCTSTest(),
+        new CCMTest(),
+        new PKCS5Test(),
+        new PKCS12Test(),
+        new KDF1GeneratorTest(),
+        new KDF2GeneratorTest(),
+        new MGF1GeneratorTest(),
+        new HKDFGeneratorTest(),
+        new DHKEKGeneratorTest(),
+        new ECDHKEKGeneratorTest(),
+        new ShortenedDigestTest(),
+        new EqualsHashCodeTest(),
+        new TEATest(),
+        new XTEATest(),
+        new RFC3211WrapTest(),
+        new SEEDTest(),
+        new Salsa20Test(),
+        new XSalsa20Test(),
+        new ChaChaTest(),
+        new CMacTest(),
+        new EAXTest(),
+        new GCMTest(),
+        new GMacTest(),
+        new HCFamilyTest(),
+        new HCFamilyVecTest(),
+        new ISAACTest(),
+        new NoekeonTest(),
+        new VMPCKSA3Test(),
+        new VMPCMacTest(),
+        new VMPCTest(),
+        new Grainv1Test(),
+        new Grain128Test(),
+        //new NaccacheSternTest(),
+        new SRP6Test(),
+        new SCryptTest(),
+        new ResetTest(),
+        new NullTest(),
+        new DSTU4145Test(),
+        new SipHashTest(),
+        new Poly1305Test(),
+        new OCBTest(),
+        new NonMemoableDigestTest(),
+        new RSAKeyEncapsulationTest(),
+        new ECIESKeyEncapsulationTest(),
+        new HashCommitmentTest(),
+        new CipherStreamTest(),
+        new BlockCipherResetTest(),
+        new StreamCipherResetTest(),
+        new SM3DigestTest(),
+        new Shacal2Test(),
+        new KDFCounterGeneratorTest(),
+        new KDFDoublePipelineIteratorGeneratorTest(),
+        new KDFFeedbackGeneratorTest(),
+        new CramerShoupTest(),
+        new BCryptTest(),
+        new OpenBSDBCryptTest(),
+        new X931SignerTest()
+    };
+
+    public static void main(
+        String[]    args)
+    {
+        for (int i = 0; i != tests.length; i++)
+        {
+            TestResult  result = tests[i].perform();
+            
+            if (result.getException() != null)
+            {
+                result.getException().printStackTrace();
+            }
+            
+            System.out.println(result);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ResetTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ResetTest.java
new file mode 100644
index 0000000..efd0e06
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ResetTest.java
@@ -0,0 +1,99 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.DESEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class ResetTest
+    extends SimpleTest
+{
+    private static final byte[]   input = Hex.decode("4e6f77206973207468652074696d6520666f7220616c6c20");
+    private static final byte[]   output = Hex.decode("3fa40e8a984d48156a271787ab8883f9893d51ec4b563b53");
+    public String getName()
+    {
+        return "Reset";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        BufferedBlockCipher cipher = new BufferedBlockCipher(new DESEngine());
+
+        KeyParameter param = new KeyParameter(Hex.decode("0123456789abcdef"));
+
+        basicTrial(cipher, param);
+
+        cipher.init(false, param);
+
+        byte[] out = new byte[input.length];
+        
+        int len2 = cipher.processBytes(output, 0, output.length - 1, out, 0);
+
+        try
+        {
+            cipher.doFinal(out, len2);
+            fail("no DataLengthException - short input");
+        }
+        catch (DataLengthException e)
+        {
+            // ignore
+        }
+
+        len2 = cipher.processBytes(output, 0, output.length, out, 0);
+
+        cipher.doFinal(out, len2);
+
+        if (!areEqual(input, out))
+        {
+            fail("failed reversal one got " + new String(Hex.encode(out)));
+        }
+
+        len2 = cipher.processBytes(output, 0, output.length - 1, out, 0);
+
+        try
+        {
+            cipher.doFinal(out, len2);
+            fail("no DataLengthException - short output");
+        }
+        catch (DataLengthException e)
+        {
+            // ignore
+        }
+
+        len2 = cipher.processBytes(output, 0, output.length, out, 0);
+
+        cipher.doFinal(out, len2);
+
+        if (!areEqual(input, out))
+        {
+            fail("failed reversal two got " + new String(Hex.encode(out)));
+        }
+    }
+
+    private void basicTrial(BufferedBlockCipher cipher, KeyParameter param)
+        throws InvalidCipherTextException
+    {
+        cipher.init(true, param);
+
+        byte[]  out = new byte[input.length];
+
+        int len1 = cipher.processBytes(input, 0, input.length, out, 0);
+
+        cipher.doFinal(out, len1);
+
+        if (!areEqual(out, output))
+        {
+            fail("failed - " + "expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ResetTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/RijndaelTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/RijndaelTest.java
new file mode 100644
index 0000000..ca81dfb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/RijndaelTest.java
@@ -0,0 +1,116 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.RijndaelEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test vectors from the NIST standard tests and Brian Gladman's vector set
+ * <a href="http://fp.gladman.plus.com/cryptography_technology/rijndael/">
+ * http://fp.gladman.plus.com/cryptography_technology/rijndael/</a>
+ */
+public class RijndaelTest
+    extends CipherTest
+{
+    static SimpleTest[]  tests = 
+            {
+                new BlockCipherVectorTest(0, new RijndaelEngine(128),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "0EDD33D3C621E546455BD8BA1418BEC8"),
+                new BlockCipherVectorTest(1, new RijndaelEngine(128),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000080")),
+                        "00000000000000000000000000000000", "172AEAB3D507678ECAF455C12587ADB7"),
+                new BlockCipherMonteCarloTest(2, 10000, new RijndaelEngine(128),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "C34C052CC0DA8D73451AFE5F03BE297F"),
+                new BlockCipherMonteCarloTest(3, 10000, new RijndaelEngine(128),
+                        new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
+                        "355F697E8B868B65B25A04E18D782AFA", "ACC863637868E3E068D2FD6E3508454A"),
+                new BlockCipherVectorTest(4, new RijndaelEngine(128),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "6CD02513E8D4DC986B4AFE087A60BD0C"),
+                new BlockCipherMonteCarloTest(5, 10000, new RijndaelEngine(128),
+                        new KeyParameter(Hex.decode("AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114")),
+                        "F3F6752AE8D7831138F041560631B114", "77BA00ED5412DFF27C8ED91F3C376172"),
+                new BlockCipherVectorTest(6, new RijndaelEngine(128),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "80000000000000000000000000000000", "DDC6BF790C15760D8D9AEB6F9A75FD4E"),
+                new BlockCipherMonteCarloTest(7, 10000, new RijndaelEngine(128),
+                        new KeyParameter(Hex.decode("28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386")),
+                        "C737317FE0846F132B23C8C2A672CE22", "E58B82BFBA53C0040DC610C642121168"),
+                new BlockCipherVectorTest(8, new RijndaelEngine(160),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c")),
+                        "3243f6a8885a308d313198a2e03707344a409382", "16e73aec921314c29df905432bc8968ab64b1f51"),
+                new BlockCipherVectorTest(8, new RijndaelEngine(160),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160")),
+                        "3243f6a8885a308d313198a2e03707344a409382", "0553eb691670dd8a5a5b5addf1aa7450f7a0e587"),
+                new BlockCipherVectorTest(8, new RijndaelEngine(160),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da5")),
+                        "3243f6a8885a308d313198a2e03707344a409382", "73cd6f3423036790463aa9e19cfcde894ea16623"),
+                new BlockCipherVectorTest(8, new RijndaelEngine(160),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d90")),
+                        "3243f6a8885a308d313198a2e03707344a409382", "601b5dcd1cf4ece954c740445340bf0afdc048df"),
+                new BlockCipherVectorTest(8, new RijndaelEngine(160),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe")),
+                        "3243f6a8885a308d313198a2e03707344a409382", "579e930b36c1529aa3e86628bacfe146942882cf"),
+                new BlockCipherVectorTest(8, new RijndaelEngine(192),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d", "b24d275489e82bb8f7375e0d5fcdb1f481757c538b65148a"),
+                new BlockCipherVectorTest(9, new RijndaelEngine(192),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da5")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d", "725ae43b5f3161de806a7c93e0bca93c967ec1ae1b71e1cf"),
+                new BlockCipherVectorTest(10, new RijndaelEngine(192),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d90")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d", "bbfc14180afbf6a36382a061843f0b63e769acdc98769130"),
+                new BlockCipherVectorTest(11, new RijndaelEngine(192),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d", "0ebacf199e3315c2e34b24fcc7c46ef4388aa475d66c194c"),
+                new BlockCipherVectorTest(12, new RijndaelEngine(224),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9", "b0a8f78f6b3c66213f792ffd2a61631f79331407a5e5c8d3793aceb1"),
+                new BlockCipherVectorTest(13, new RijndaelEngine(224),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9", "08b99944edfce33a2acb131183ab0168446b2d15e958480010f545e3"),
+                new BlockCipherVectorTest(14, new RijndaelEngine(224),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da5")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9", "be4c597d8f7efe22a2f7e5b1938e2564d452a5bfe72399c7af1101e2"),
+                new BlockCipherVectorTest(15, new RijndaelEngine(224),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d90")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9", "ef529598ecbce297811b49bbed2c33bbe1241d6e1a833dbe119569e8"),
+                new BlockCipherVectorTest(16, new RijndaelEngine(224),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa9", "02fafc200176ed05deb8edb82a3555b0b10d47a388dfd59cab2f6c11"),
+                new BlockCipherVectorTest(17, new RijndaelEngine(256),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8", "7d15479076b69a46ffb3b3beae97ad8313f622f67fedb487de9f06b9ed9c8f19"),
+                new BlockCipherVectorTest(18, new RijndaelEngine(256),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8", "514f93fb296b5ad16aa7df8b577abcbd484decacccc7fb1f18dc567309ceeffd"),
+                new BlockCipherVectorTest(19, new RijndaelEngine(256),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da5")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8", "5d7101727bb25781bf6715b0e6955282b9610e23a43c2eb062699f0ebf5887b2"),
+                new BlockCipherVectorTest(20, new RijndaelEngine(256),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d90")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8", "d56c5a63627432579e1dd308b2c8f157b40a4bfb56fea1377b25d3ed3d6dbf80"),
+                new BlockCipherVectorTest(21, new RijndaelEngine(256),
+                        new KeyParameter(Hex.decode("2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe")),
+                        "3243f6a8885a308d313198a2e03707344a4093822299f31d0082efa98ec4e6c8", "a49406115dfb30a40418aafa4869b7c6a886ff31602a7dd19c889dc64f7e4e7a")
+            };
+
+    RijndaelTest()
+    {
+        super(tests, new RijndaelEngine(128), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "Rijndael";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new RijndaelTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SCryptTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SCryptTest.java
new file mode 100644
index 0000000..b017a1d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SCryptTest.java
@@ -0,0 +1,144 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+
+import org.bouncycastle.crypto.generators.SCrypt;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/*
+ * scrypt test vectors from "Stronger Key Derivation Via Sequential Memory-hard Functions" Appendix B.
+ * (http://www.tarsnap.com/scrypt/scrypt.pdf)
+ */
+public class SCryptTest extends SimpleTest
+{
+    public String getName()
+    {
+        return "SCrypt";
+    }
+
+    public void performTest() throws Exception
+    {
+        testParameters();
+        testVectors();
+    }
+
+    public void testParameters()
+    {
+        checkOK("Minimal values", new byte[0], new byte[0], 2, 1, 1, 1);
+        checkIllegal("Cost parameter must be > 1", new byte[0], new byte[0], 1, 1, 1, 1);
+        checkOK("Cost parameter 65536 OK for r == 1", new byte[0], new byte[0], 65536, 1, 1, 1);
+        checkIllegal("Cost parameter must <= 65536 for r == 1", new byte[0], new byte[0], 65537, 1, 1, 1);
+        checkIllegal("Block size must be >= 1", new byte[0], new byte[0], 2, 0, 2, 1);
+        checkIllegal("Parallelisation parameter must be >= 1", new byte[0], new byte[0], 2, 1, 0, 1);
+        // checkOK("Parallelisation parameter 65535 OK for r = 4", new byte[0], new byte[0], 2, 32,
+        // 65535, 1);
+        checkIllegal("Parallelisation parameter must be < 65535 for r = 4", new byte[0], new byte[0], 2, 32, 65536, 1);
+
+        checkIllegal("Len parameter must be > 1", new byte[0], new byte[0], 2, 1, 1, 0);
+       }
+
+    private void checkOK(String msg, byte[] pass, byte[] salt, int N, int r, int p, int len)
+    {
+        try
+        {
+            SCrypt.generate(pass, salt, N, r, p, len);
+        }
+        catch (IllegalArgumentException e)
+        {
+            e.printStackTrace();
+            fail(msg);
+        }
+    }
+
+    private void checkIllegal(String msg, byte[] pass, byte[] salt, int N, int r, int p, int len)
+    {
+        try
+        {
+            SCrypt.generate(pass, salt, N, r, p, len);
+            fail(msg);
+        }
+        catch (IllegalArgumentException e)
+        {
+            // e.printStackTrace();
+        }
+    }
+
+    public void testVectors()
+        throws Exception
+    {
+        BufferedReader br = new BufferedReader(new InputStreamReader(
+            getClass().getResourceAsStream("SCryptTestVectors.txt")));
+
+        int count = 0;
+        String line = br.readLine();
+
+        while (line != null)
+        {
+            ++count;
+            String header = line;
+            StringBuffer data = new StringBuffer();
+
+            while (!isEndData(line = br.readLine()))
+            {
+                for (int i = 0; i != line.length(); i++)
+                {
+                    if (line.charAt(i) != ' ')
+                    {
+                        data.append(line.charAt(i));
+                    }
+                }
+            }
+
+            int start = header.indexOf('(') + 1;
+            int limit = header.lastIndexOf(')');
+            String argStr = header.substring(start, limit);
+            String[] args = Strings.split(argStr, ',');
+
+            byte[] P = extractQuotedString(args[0]);
+            byte[] S = extractQuotedString(args[1]);
+            int N = extractInteger(args[2]);
+            int r = extractInteger(args[3]);
+            int p = extractInteger(args[4]);
+            int dkLen = extractInteger(args[5]);
+            byte[] expected = Hex.decode(data.toString());
+
+            // This skips very expensive test case(s), remove check to re-enable
+            if (N <= 16384)
+            {
+                byte[] result = SCrypt.generate(P, S, N, r, p, dkLen);
+
+                if (!areEqual(expected, result))
+                {
+                    fail("Result does not match expected value in test case " + count);
+                }
+            }
+        }
+
+        br.close();
+    }
+
+    private static boolean isEndData(String line)
+    {
+        return line == null || line.startsWith("scrypt");
+    }
+
+    private static byte[] extractQuotedString(String arg)
+    {
+        arg = arg.trim();
+        arg = arg.substring(1, arg.length() - 1);
+        return Strings.toByteArray(arg);
+    }
+
+    private static int extractInteger(String arg)
+    {
+        return Integer.parseInt(arg.trim());
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new SCryptTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SEEDTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SEEDTest.java
new file mode 100644
index 0000000..4aa955b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SEEDTest.java
@@ -0,0 +1,53 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.SEEDEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * SEED tester - vectors http://www.ietf.org/rfc/rfc4009.txt
+ */
+public class SEEDTest
+    extends CipherTest
+{
+    static SimpleTest[]  tests =
+    {
+        new BlockCipherVectorTest(0, new SEEDEngine(),
+            new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+            "000102030405060708090a0b0c0d0e0f",
+            "5EBAC6E0054E166819AFF1CC6D346CDB"),
+        new BlockCipherVectorTest(0, new SEEDEngine(),
+            new KeyParameter(Hex.decode("000102030405060708090a0b0c0d0e0f")),
+            "00000000000000000000000000000000",
+            "c11f22f20140505084483597e4370f43"),
+        new BlockCipherVectorTest(0, new SEEDEngine(),
+            new KeyParameter(Hex.decode("4706480851E61BE85D74BFB3FD956185")),
+            "83A2F8A288641FB9A4E9A5CC2F131C7D",
+            "EE54D13EBCAE706D226BC3142CD40D4A"),
+        new BlockCipherVectorTest(0, new SEEDEngine(),
+            new KeyParameter(Hex.decode("28DBC3BC49FFD87DCFA509B11D422BE7")),
+            "B41E6BE2EBA84A148E2EED84593C5EC7",
+            "9B9B7BFCD1813CB95D0B3618F40F5122"),
+        new BlockCipherVectorTest(0, new SEEDEngine(),
+            new KeyParameter(Hex.decode("0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E")),
+            "0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E",
+            "8296F2F1B007AB9D533FDEE35A9AD850"),
+    };
+
+    SEEDTest()
+    {
+        super(tests, new SEEDEngine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "SEED";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SEEDTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA1DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA1DigestTest.java
new file mode 100644
index 0000000..38b9b80
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA1DigestTest.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+
+/**
+ * standard vector test for SHA-1 from "Handbook of Applied Cryptography", page 345.
+ */
+public class SHA1DigestTest
+    extends DigestTest
+{
+    private static String[] messages =
+    {
+         "",
+         "a",
+         "abc",
+         "abcdefghijklmnopqrstuvwxyz"
+    };
+    
+    private static String[] digests =
+    {
+        "da39a3ee5e6b4b0d3255bfef95601890afd80709",
+        "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
+        "a9993e364706816aba3e25717850c26c9cd0d89d",
+        "32d10c7b8cf96570ca04ce37f2a19d84240d3a89"
+    };
+    
+    SHA1DigestTest()
+    {
+        super(new SHA1Digest(), messages, digests);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new SHA1Digest((SHA1Digest)digest);
+    }
+
+    protected Digest cloneDigest(byte[] encodedState)
+    {
+        return new SHA1Digest(encodedState);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SHA1DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA1HMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA1HMacTest.java
new file mode 100644
index 0000000..72a5fdc
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA1HMacTest.java
@@ -0,0 +1,111 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * SHA1 HMac Test, test vectors from RFC 2202
+ */
+public class SHA1HMacTest
+    implements Test
+{
+    final static String[] keys = {
+        "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+        "4a656665",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "0102030405060708090a0b0c0d0e0f10111213141516171819",
+        "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F"
+    };
+
+    final static String[] digests = {
+        "b617318655057264e28bc0b6fb378c8ef146be00",
+        "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79",
+        "125d7342b9ac11cd91a39af48aa17b4f63f175d3",
+        "4c9007f4026250c6bc8414f9bf50c86c2d7235da",
+        "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04",
+        "aa4ae5e15272d00e95705637ce8a3b55ed402112",
+        "e8e99d0f45237d786d6bbaa7965c7808bbff1a91",
+        "5FD596EE78D5553C8FF4E72D266DFD192366DA29"
+    };
+
+    final static String[] messages = {
+        "Hi There",
+        "what do ya want for nothing?",
+        "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+        "0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "Test With Truncation",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+        "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
+        "Sample message for keylen=blocklen"
+    };
+        
+    public String getName()
+    {
+        return "SHA1HMac";
+    }
+
+    public TestResult perform()
+    {
+        HMac hmac = new HMac(new SHA1Digest());
+        byte[] resBuf = new byte[hmac.getMacSize()];
+
+        for (int i = 0; i < messages.length; i++)
+        {
+            byte[] m = messages[i].getBytes();
+            if (messages[i].startsWith("0x"))
+            {
+                m = Hex.decode(messages[i].substring(2));
+            }
+            hmac.init(new KeyParameter(Hex.decode(keys[i])));
+            hmac.update(m, 0, m.length);
+            hmac.doFinal(resBuf, 0);
+
+            if (!Arrays.areEqual(resBuf, Hex.decode(digests[i])))
+            {
+                return new SimpleTestResult(false, getName() + ": Vector " + i + " failed");
+            }
+        }
+
+        //
+        // test reset
+        //
+        int vector = 0; // vector used for test
+        byte[] m = messages[vector].getBytes();
+        if (messages[vector].startsWith("0x"))
+        {
+            m = Hex.decode(messages[vector].substring(2));
+        }
+        hmac.init(new KeyParameter(Hex.decode(keys[vector])));
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+        hmac.reset();
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+
+        if (!Arrays.areEqual(resBuf, Hex.decode(digests[vector])))
+        {
+            return new SimpleTestResult(false, getName() +
+                    "Reset with vector " + vector + " failed");
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        SHA1HMacTest    test = new SHA1HMacTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA224DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA224DigestTest.java
new file mode 100644
index 0000000..d14f87d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA224DigestTest.java
@@ -0,0 +1,59 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA224Digest;
+
+/**
+ * standard vector test for SHA-224 from RFC 3874 - only the last three are in
+ * the RFC.
+ */
+public class SHA224DigestTest
+    extends DigestTest
+{
+    private static String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+    };
+    
+    private static String[] digests =
+    {
+        "d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
+        "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5",
+        "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7",
+        "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525"
+    };
+    
+    // 1 million 'a'
+    static private String  million_a_digest = "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67";
+
+    SHA224DigestTest()
+    {
+        super(new SHA224Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new SHA224Digest((SHA224Digest)digest);
+    }
+
+    protected Digest cloneDigest(byte[] encodedState)
+    {
+        return new SHA224Digest(encodedState);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SHA224DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA224HMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA224HMacTest.java
new file mode 100644
index 0000000..52abb16
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA224HMacTest.java
@@ -0,0 +1,108 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.digests.SHA224Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * SHA224 HMac Test
+ */
+public class SHA224HMacTest
+    implements Test
+{
+    final static String[] keys = {
+        "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+        "4a656665",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "0102030405060708090a0b0c0d0e0f10111213141516171819",
+        "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+    };
+
+    final static String[] digests = {
+        "896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22",
+        "a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44",
+        "7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea",
+        "6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a",
+        "0e2aea68a90c8d37c988bcdb9fca6fa8099cd857c7ec4a1815cac54c",
+        "95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e",
+        "3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1"
+    };
+
+    final static String[] messages = {
+        "Hi There",
+        "what do ya want for nothing?",
+        "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+        "0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "Test With Truncation",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+        "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm."
+    };
+
+    public String getName()
+    {
+        return "SHA224HMac";
+    }
+
+    public TestResult perform()
+    {
+        HMac hmac = new HMac(new SHA224Digest());
+        byte[] resBuf = new byte[hmac.getMacSize()];
+
+        for (int i = 0; i < messages.length; i++)
+        {
+            byte[] m = messages[i].getBytes();
+            if (messages[i].startsWith("0x"))
+            {
+                m = Hex.decode(messages[i].substring(2));
+            }
+            hmac.init(new KeyParameter(Hex.decode(keys[i])));
+            hmac.update(m, 0, m.length);
+            hmac.doFinal(resBuf, 0);
+
+            if (!Arrays.areEqual(resBuf, Hex.decode(digests[i])))
+            {
+                return new SimpleTestResult(false, getName() + ": Vector " + i + " failed got -" + new String(Hex.encode(resBuf)));
+            }
+        }
+
+        //
+        // test reset
+        //
+        int vector = 0; // vector used for test
+        byte[] m = messages[vector].getBytes();
+        if (messages[vector].startsWith("0x"))
+        {
+            m = Hex.decode(messages[vector].substring(2));
+        }
+        hmac.init(new KeyParameter(Hex.decode(keys[vector])));
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+        hmac.reset();
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+
+        if (!Arrays.areEqual(resBuf, Hex.decode(digests[vector])))
+        {
+            return new SimpleTestResult(false, getName() +
+                    "Reset with vector " + vector + " failed");
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        SHA224HMacTest    test = new SHA224HMacTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA256DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA256DigestTest.java
new file mode 100644
index 0000000..8a35ce4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA256DigestTest.java
@@ -0,0 +1,60 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+
+/**
+ * standard vector test for SHA-256 from FIPS Draft 180-2.
+ *
+ * Note, the first two vectors are _not_ from the draft, the last three are.
+ */
+public class SHA256DigestTest
+    extends DigestTest
+{
+    private static String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+    };
+    
+    private static String[] digests =
+    {
+        "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+        "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb",
+        "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad",
+        "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1"
+    };
+    
+    // 1 million 'a'
+    static private String  million_a_digest = "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0";
+
+    SHA256DigestTest()
+    {
+        super(new SHA256Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new SHA256Digest((SHA256Digest)digest);
+    }
+
+    protected Digest cloneDigest(byte[] encodedState)
+    {
+        return new SHA256Digest(encodedState);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SHA256DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA256HMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA256HMacTest.java
new file mode 100644
index 0000000..82ab1dc
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA256HMacTest.java
@@ -0,0 +1,108 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * SHA256 HMac Test
+ */
+public class SHA256HMacTest
+    implements Test
+{
+    final static String[] keys = {
+        "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+        "4a656665",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "0102030405060708090a0b0c0d0e0f10111213141516171819",
+        "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+    };
+
+    final static String[] digests = {
+        "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7",
+        "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843",
+        "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe",
+        "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b",
+        "a3b6167473100ee06e0c796c2955552bfa6f7c0a6a8aef8b93f860aab0cd20c5",
+        "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54",
+        "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2"
+    };
+
+    final static String[] messages = {
+        "Hi There",
+        "what do ya want for nothing?",
+        "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+        "0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "Test With Truncation",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+        "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm."
+    };
+  
+    public String getName()
+    {
+        return "SHA256HMac";
+    }
+
+    public TestResult perform()
+    {
+        HMac hmac = new HMac(new SHA256Digest());
+        byte[] resBuf = new byte[hmac.getMacSize()];
+
+        for (int i = 0; i < messages.length; i++)
+        {
+            byte[] m = messages[i].getBytes();
+            if (messages[i].startsWith("0x"))
+            {
+                m = Hex.decode(messages[i].substring(2));
+            }
+            hmac.init(new KeyParameter(Hex.decode(keys[i])));
+            hmac.update(m, 0, m.length);
+            hmac.doFinal(resBuf, 0);
+
+            if (!Arrays.areEqual(resBuf, Hex.decode(digests[i])))
+            {
+                return new SimpleTestResult(false, getName() + ": Vector " + i + " failed got -" + new String(Hex.encode(resBuf)));
+            }
+        }
+
+        //
+        // test reset
+        //
+        int vector = 0; // vector used for test
+        byte[] m = messages[vector].getBytes();
+        if (messages[vector].startsWith("0x"))
+        {
+            m = Hex.decode(messages[vector].substring(2));
+        }
+        hmac.init(new KeyParameter(Hex.decode(keys[vector])));
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+        hmac.reset();
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+
+        if (!Arrays.areEqual(resBuf, Hex.decode(digests[vector])))
+        {
+            return new SimpleTestResult(false, getName() +
+                    "Reset with vector " + vector + " failed");
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        SHA256HMacTest    test = new SHA256HMacTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA384DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA384DigestTest.java
new file mode 100644
index 0000000..7b5f149
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA384DigestTest.java
@@ -0,0 +1,59 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA384Digest;
+
+/**
+ * standard vector test for SHA-384 from FIPS Draft 180-2.
+ *
+ * Note, the first two vectors are _not_ from the draft, the last three are.
+ */
+public class SHA384DigestTest
+    extends DigestTest
+{
+    private static String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+    };
+
+    private static String[] digests =
+    {
+        "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b",
+        "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31",
+        "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7",
+        "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039"
+    };
+
+    static private String  million_a_digest = "9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985";
+
+    SHA384DigestTest()
+    {
+        super(new SHA384Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new SHA384Digest((SHA384Digest)digest);
+    }
+
+    protected Digest cloneDigest(byte[] encodedState)
+    {
+        return new SHA384Digest(encodedState);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SHA384DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA384HMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA384HMacTest.java
new file mode 100644
index 0000000..fe903a3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA384HMacTest.java
@@ -0,0 +1,108 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.digests.SHA384Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * SHA384 HMac Test
+ */
+public class SHA384HMacTest
+    implements Test
+{
+    final static String[] keys = {
+        "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+        "4a656665",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "0102030405060708090a0b0c0d0e0f10111213141516171819",
+        "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+    };
+
+    final static String[] digests = {
+        "afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6",
+        "af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649",
+        "88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc13814b94e3ab6e101a34f27",
+        "3e8a69b7783c25851933ab6290af6ca77a9981480850009cc5577c6e1f573b4e6801dd23c4a7d679ccf8a386c674cffb",
+        "3abf34c3503b2a23a46efc619baef897f4c8e42c934ce55ccbae9740fcbc1af4ca62269e2a37cd88ba926341efe4aeea",
+        "4ece084485813e9088d2c63a041bc5b44f9ef1012a2b588f3cd11f05033ac4c60c2ef6ab4030fe8296248df163f44952",
+        "6617178e941f020d351e2f254e8fd32c602420feb0b8fb9adccebb82461e99c5a678cc31e799176d3860e6110c46523e"
+    };
+
+    final static String[] messages = {
+        "Hi There",
+        "what do ya want for nothing?",
+        "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+        "0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "Test With Truncation",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+        "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm."
+    };
+   
+    public String getName()
+    {
+        return "SHA384HMac";
+    }
+
+    public TestResult perform()
+    {
+        HMac hmac = new HMac(new SHA384Digest());
+        byte[] resBuf = new byte[hmac.getMacSize()];
+
+        for (int i = 0; i < messages.length; i++)
+        {
+            byte[] m = messages[i].getBytes();
+            if (messages[i].startsWith("0x"))
+            {
+                m = Hex.decode(messages[i].substring(2));
+            }
+            hmac.init(new KeyParameter(Hex.decode(keys[i])));
+            hmac.update(m, 0, m.length);
+            hmac.doFinal(resBuf, 0);
+
+            if (!Arrays.areEqual(resBuf, Hex.decode(digests[i])))
+            {
+                return new SimpleTestResult(false, getName() + ": Vector " + i + " failed got -" + new String(Hex.encode(resBuf)));
+            }
+        }
+
+        //
+        // test reset
+        //
+        int vector = 0; // vector used for test
+        byte[] m = messages[vector].getBytes();
+        if (messages[vector].startsWith("0x"))
+        {
+            m = Hex.decode(messages[vector].substring(2));
+        }
+        hmac.init(new KeyParameter(Hex.decode(keys[vector])));
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+        hmac.reset();
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+
+        if (!Arrays.areEqual(resBuf, Hex.decode(digests[vector])))
+        {
+            return new SimpleTestResult(false, getName() +
+                    "Reset with vector " + vector + " failed");
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        SHA384HMacTest    test = new SHA384HMacTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA3DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA3DigestTest.java
new file mode 100644
index 0000000..260d457
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA3DigestTest.java
@@ -0,0 +1,363 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.digests.SHA3Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * SHA3 Digest Test
+ */
+public class SHA3DigestTest
+    extends SimpleTest
+{
+    final static String[] messages = {
+        "",
+        "54686520717569636b2062726f776e20666f78206a756d7073206f76657220746865206c617a7920646f67",
+        "54686520717569636b2062726f776e20666f78206a756d7073206f76657220746865206c617a7920646f672e"
+    };
+
+    final static String[] digests288 = { // the default settings
+        "6753e3380c09e385d0339eb6b050a68f66cfd60a73476e6fd6adeb72f5edd7c6f04a5d01",  // message[0]    
+        "0bbe6afae0d7e89054085c1cc47b1689772c89a41796891e197d1ca1b76f288154933ded",  // message[1]
+        "82558a209b960ddeb531e6dcb281885b2400ca160472462486e79f071e88a3330a8a303d",  // message[2]
+        "94049e1ad7ef5d5b0df2b880489e7ab09ec937c3bfc1b04470e503e1ac7b1133c18f86da",  // 64k a-test
+        "a9cb5a75b5b81b7528301e72553ed6770214fa963956e790528afe420de33c074e6f4220",  // random alphabet test
+        "eadaf5ba2ad6a2f6f338fce0e1efdad2a61bb38f6be6068b01093977acf99e97a5d5827c"   // extremely long data test
+    };
+
+    final static String[] digests224 = {
+        "f71837502ba8e10837bdd8d365adb85591895602fc552b48b7390abd",
+        "310aee6b30c47350576ac2873fa89fd190cdc488442f3ef654cf23fe",
+        "c59d4eaeac728671c635ff645014e2afa935bebffdb5fbd207ffdeab",
+        "f621e11c142fbf35fa8c22841c3a812ba1e0151be4f38d80b9f1ff53",
+        "68b5fc8c87193155bba68a2485377e809ee4f81a85ef023b9e64add0",
+        "c42e4aee858e1a8ad2976896b9d23dd187f64436ee15969afdbc68c5"
+    };
+
+    final static String[] digests256 = {
+        "c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470",
+        "4d741b6f1eb29cb2a9b9911c82f56fa8d73b04959d3d9d222895df6c0b28aa15",
+        "578951e24efd62a3d63a86f7cd19aaa53c898fe287d2552133220370240b572d",
+        "0047a916daa1f92130d870b542e22d3108444f5a7e4429f05762fb647e6ed9ed",
+        "db368762253ede6d4f1db87e0b799b96e554eae005747a2ea687456ca8bcbd03",
+        "5f313c39963dcf792b5470d4ade9f3a356a3e4021748690a958372e2b06f82a4"
+    };
+
+    final static String[] digests384 = {
+        "2c23146a63a29acf99e73b88f8c24eaa7dc60aa771780ccc006afbfa8fe2479b2dd2b21362337441ac12b515911957ff",
+        "283990fa9d5fb731d786c5bbee94ea4db4910f18c62c03d173fc0a5e494422e8a0b3da7574dae7fa0baf005e504063b3",
+        "9ad8e17325408eddb6edee6147f13856ad819bb7532668b605a24a2d958f88bd5c169e56dc4b2f89ffd325f6006d820b",
+        "c704cfe7a1a53208ca9526cd24251e0acdc252ecd978eee05acd16425cfb404ea81f5a9e2e5e97784d63ee6a0618a398",
+        "d4fe8586fd8f858dd2e4dee0bafc19b4c12b4e2a856054abc4b14927354931675cdcaf942267f204ea706c19f7beefc4",
+        "9b7168b4494a80a86408e6b9dc4e5a1837c85dd8ff452ed410f2832959c08c8c0d040a892eb9a755776372d4a8732315"
+    };
+
+    final static String[] digests512 = {
+        "0eab42de4c3ceb9235fc91acffe746b29c29a8c366b7c60e4e67c466f36a4304c00fa9caf9d87976ba469bcbe06713b435f091ef2769fb160cdab33d3670680e",
+        "d135bb84d0439dbac432247ee573a23ea7d3c9deb2a968eb31d47c4fb45f1ef4422d6c531b5b9bd6f449ebcc449ea94d0a8f05f62130fda612da53c79659f609",
+        "ab7192d2b11f51c7dd744e7b3441febf397ca07bf812cceae122ca4ded6387889064f8db9230f173f6d1ab6e24b6e50f065b039f799f5592360a6558eb52d760",
+        "34341ead153aa1d1fdcf6cf624c2b4f6894b6fd16dc38bd4ec971ac0385ad54fafcb2e0ed86a1e509456f4246fdcb02c3172824cd649d9ad54c51f7fb49ea67c",
+        "dc44d4f4d36b07ab5fc04016cbe53548e5a7778671c58a43cb379fd00c06719b8073141fc22191ffc3db5f8b8983ae8341fa37f18c1c969664393aa5ceade64e",
+        "3e122edaf37398231cfaca4c7c216c9d66d5b899ec1d7ac617c40c7261906a45fc01617a021e5da3bd8d4182695b5cb785a28237cbb167590e34718e56d8aab8"
+    };
+
+    // test vectors from  http://www.di-mgt.com.au/hmac_sha3_testvectors.html
+    final static byte[][] macKeys =
+    {
+        Hex.decode("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"),
+        Hex.decode("4a656665"),
+        Hex.decode("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"),
+        Hex.decode("0102030405060708090a0b0c0d0e0f10111213141516171819"),
+        Hex.decode("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaa"),
+        Hex.decode("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaa"),
+        Hex.decode("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
+                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
+    };
+
+    final static String[] macData =
+    {
+        "4869205468657265",
+        "7768617420646f2079612077616e7420666f72206e6f7468696e673f",
+        "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd" +
+            "dddddddddddddddddddddddddddddddddddd",
+        "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd" +
+            "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a" +
+            "65204b6579202d2048617368204b6579204669727374",
+        "5468697320697320612074657374207573696e672061206c6172676572207468" +
+            "616e20626c6f636b2d73697a65206b657920616e642061206c61726765722074" +
+            "68616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565" +
+            "647320746f20626520686173686564206265666f7265206265696e6720757365" +
+            "642062792074686520484d414320616c676f726974686d2e",
+        "5468697320697320612074657374207573696e672061206c6172676572207468" +
+            "616e20626c6f636b2d73697a65206b657920616e642061206c61726765722074" +
+            "68616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565" +
+            "647320746f20626520686173686564206265666f7265206265696e6720757365\n" +
+            "642062792074686520484d414320616c676f726974686d2e"
+    };
+
+    final static String[] mac224 =
+    {
+        "b73d595a2ba9af815e9f2b4e53e78581ebd34a80b3bbaac4e702c4cc",
+        "e824fec96c074f22f99235bb942da1982664ab692ca8501053cbd414",
+        "770df38c99d6e2bacd68056dcfe07d4c89ae20b2686a6185e1faa449",
+        "305a8f2dfb94bad28861a03cbc4d590febe775c58cb4961c28428a0b",
+        "e7a52dfa45f95a217c100066b239aa8ad519be9b35d667268b1b57ff",
+        "ba13009405a929f398b348885caa5419191bb948ada32194afc84104",
+        "92649468be236c3c72c189909c063b13f994be05749dc91310db639e"
+    };
+
+    final static String[] mac256 =
+    {
+        "9663d10c73ee294054dc9faf95647cb99731d12210ff7075fb3d3395abfb9821",
+        "aa9aed448c7abc8b5e326ffa6a01cdedf7b4b831881468c044ba8dd4566369a1",
+        "95f43e50f8df80a21977d51a8db3ba572dcd71db24687e6f86f47c1139b26260",
+        "6331ba9b4af5804a68725b3663eb74814494b63c6093e35fb320a85d507936fd",
+        "b4d0cdee7ec2ba81a88b86918958312300a15622377929a054a9ce3ae1fac2b6",
+        "1fdc8cb4e27d07c10d897dec39c217792a6e64fa9c63a77ce42ad106ef284e02",
+        "fdaa10a0299aecff9bb411cf2d7748a4022e4a26be3fb5b11b33d8c2b7ef5484"
+    };
+
+    final static String[] mac384 =
+    {
+        "892dfdf5d51e4679bf320cd16d4c9dc6f749744608e003add7fba894acff87361efa4e5799be06b6461f43b60ae97048",
+        "5af5c9a77a23a6a93d80649e562ab77f4f3552e3c5caffd93bdf8b3cfc6920e3023fc26775d9df1f3c94613146ad2c9d",
+        "4243c29f2201992ff96441e3b91ff81d8c601d706fbc83252684a4bc51101ca9b2c06ddd03677303c502ac5331752a3c",
+        "b730724d3d4090cda1be799f63acbbe389fef7792fc18676fa5453aab398664650ed029c3498bbe8056f06c658e1e693",
+        "d62482ef601d7847439b55236e9679388ffcd53c62cd126f39be6ea63de762e26cd5974cb9a8de401b786b5555040f6f",
+        "4860ea191ac34994cf88957afe5a836ef36e4cc1a66d75bf77defb7576122d75f60660e4cf731c6effac06402787e2b9",
+        "fe9357e3cfa538eb0373a2ce8f1e26ad6590afdaf266f1300522e8896d27e73f654d0631c8fa598d4bb82af6b744f4f5"
+    };
+
+    final static String[] mac512 =
+    {
+        "8852c63be8cfc21541a4ee5e5a9a852fc2f7a9adec2ff3a13718ab4ed81aaea0b87b7eb397323548e261a64e7fc75198f6663a11b22cd957f7c8ec858a1c7755",
+        "c2962e5bbe1238007852f79d814dbbecd4682e6f097d37a363587c03bfa2eb0859d8d9c701e04cececfd3dd7bfd438f20b8b648e01bf8c11d26824b96cebbdcb",
+        "eb0ed9580e0ec11fc66cbb646b1be904eaff6da4556d9334f65ee4b2c85739157bae9027c51505e49d1bb81cfa55e6822db55262d5a252c088a29a5e95b84a66",
+        "b46193bb59f4f696bf702597616da91e2a4558a593f4b015e69141ba81e1e50ea580834c2b87f87baa25a3a03bfc9bb389847f2dc820beae69d30c4bb75369cb",
+        "d05888a6ebf8460423ea7bc85ea4ffda847b32df32291d2ce115fd187707325c7ce4f71880d91008084ce24a38795d20e6a28328a0f0712dc38253370da3ebb5",
+        "2c6b9748d35c4c8db0b4407dd2ed2381f133bdbd1dfaa69e30051eb6badfcca64299b88ae05fdbd3dd3dd7fe627e42e39e48b0fe8c7f1e85f2dbd52c2d753572",
+        "6adc502f14e27812402fc81a807b28bf8a53c87bea7a1df6256bf66f5de1a4cb741407ad15ab8abc136846057f881969fbb159c321c904bfb557b77afb7778c8"
+    };
+
+    final static KeyParameter truncKey = new KeyParameter(Hex.decode("0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c"));
+    final static byte[]       truncData = Hex.decode("546573742057697468205472756e636174696f6e");
+
+    final static byte[]       trunc224 = Hex.decode("f52bbcfd654264e7133085c5e69b72c3");
+    final static byte[]       trunc256 = Hex.decode("745e7e687f8335280d54202ef13cecc6");
+    final static byte[]       trunc384 = Hex.decode("fa9aea2bc1e181e47cbb8c3df243814d");
+    final static byte[]       trunc512 = Hex.decode("04c929fead434bba190dacfa554ce3f5");
+
+    final static byte[]       xtremeData = Hex.decode("61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f");
+
+    SHA3DigestTest()
+    {
+    }
+
+    public String getName()
+    {
+        return "SHA3";
+    }
+
+    private void testDigest(Digest digest, String[] expected)
+    {
+        byte[] hash = new byte[digest.getDigestSize()];
+
+        for (int i = 0; i != messages.length; i++)
+        {
+            if (messages.length != 0)
+            {
+                byte[] data = Hex.decode(messages[i]);
+
+                digest.update(data, 0, data.length);
+            }
+
+            digest.doFinal(hash, 0);
+
+            if (!Arrays.areEqual(Hex.decode(expected[i]), hash))
+            {
+                fail("sha3 mismatch on " + digest.getAlgorithmName() + " index " + i);
+            }
+        }
+
+        byte[] k64 = new byte[1024 * 64];
+
+        for (int i = 0; i != k64.length; i++)
+        {
+            k64[i] = (byte)'a';
+        }
+
+        digest.update(k64, 0, k64.length);
+
+        digest.doFinal(hash, 0);
+
+        if (!Arrays.areEqual(Hex.decode(expected[messages.length]), hash))
+        {
+            fail("sha3 mismatch on " + digest.getAlgorithmName() + " 64k a");
+        }
+
+        for (int i = 0; i != k64.length; i++)
+        {
+            digest.update((byte)'a');
+        }
+
+        digest.doFinal(hash, 0);
+
+        if (!Arrays.areEqual(Hex.decode(expected[messages.length]), hash))
+        {
+            fail("sha3 mismatch on " + digest.getAlgorithmName() + " 64k a single");
+        }
+
+
+        for (int i = 0; i != k64.length; i++)
+        {
+            k64[i] = (byte)('a' + (i % 26));
+        }
+
+        digest.update(k64, 0, k64.length);
+
+        digest.doFinal(hash, 0);
+
+        if (!Arrays.areEqual(Hex.decode(expected[messages.length + 1]), hash))
+        {
+            fail("sha3 mismatch on " + digest.getAlgorithmName() + " 64k alpha");
+        }
+
+        for (int i = 0; i != 64; i++)
+        {
+            digest.update(k64[i * 1024]);
+            digest.update(k64, i * 1024 + 1, 1023);
+        }
+
+        digest.doFinal(hash, 0);
+
+        if (!Arrays.areEqual(Hex.decode(expected[messages.length + 1]), hash))
+        {
+            fail("sha3 mismatch on " + digest.getAlgorithmName() + " 64k chunked alpha");
+        }
+
+        testDigestDoFinal(digest);
+        
+        //
+        // extremely long data test
+        //
+//        System.out.println("Starting very long");
+//        for (int i = 0; i != 16384; i++)
+//        {
+//            for (int j = 0; j != 1024; j++)
+//            {
+//                digest.update(xtremeData, 0, xtremeData.length);
+//            }
+//        }
+//
+//        digest.doFinal(hash, 0);
+//
+//        if (!Arrays.areEqual(Hex.decode(expected[messages.length + 2]), hash))
+//        {
+//            fail("sha3 mismatch on " + digest.getAlgorithmName() + " extreme data test");
+//        }
+//        System.out.println("Done");
+    }
+
+    private void testDigestDoFinal(Digest digest)
+    {
+        byte[] hash = new byte[digest.getDigestSize()];
+        digest.doFinal(hash, 0);
+
+        for (int i = 0; i <= digest.getDigestSize(); ++i)
+        {
+            byte[] cmp = new byte[2 * digest.getDigestSize()];
+            System.arraycopy(hash, 0, cmp, i, hash.length);
+
+            byte[] buf = new byte[2 * digest.getDigestSize()];
+            digest.doFinal(buf, i);
+
+            if (!Arrays.areEqual(cmp, buf))
+            {
+                fail("sha3 offset doFinal on " + digest.getAlgorithmName());
+            }
+        }
+    }
+
+    private void testMac(Digest digest, byte[][] keys, String[] data, String[] expected, byte[] truncExpected)
+    {
+        Mac mac = new HMac(digest);
+
+        for (int i = 0; i != keys.length; i++)
+        {
+            mac.init(new KeyParameter(keys[i]));
+
+            byte[] mData = Hex.decode(data[i]);
+
+            mac.update(mData, 0, mData.length);
+
+            byte[] macV = new byte[mac.getMacSize()];
+
+            mac.doFinal(macV, 0);
+
+            if (!Arrays.areEqual(Hex.decode(expected[i]), macV))
+            {
+                fail("sha3 HMAC mismatch on " + digest.getAlgorithmName());
+            }
+        }
+
+        mac = new HMac(digest);
+
+        mac.init(truncKey);
+
+        mac.update(truncData, 0, truncData.length);
+
+        byte[] macV = new byte[mac.getMacSize()];
+
+        mac.doFinal(macV, 0);
+
+        for (int i = 0; i != truncExpected.length; i++)
+        {
+            if (macV[i] != truncExpected[i])
+            {
+                fail("mismatch on truncated HMAC for " + digest.getAlgorithmName());
+            }
+        }
+    }
+
+    public void performTest()
+    {
+        testDigest(new SHA3Digest(), digests288);
+        testDigest(new SHA3Digest(224), digests224);
+        testDigest(new SHA3Digest(256), digests256);
+        testDigest(new SHA3Digest(384), digests384);
+        testDigest(new SHA3Digest(512), digests512);
+
+        testMac(new SHA3Digest(224), macKeys, macData, mac224, trunc224);
+        testMac(new SHA3Digest(256), macKeys, macData, mac256, trunc256);
+        testMac(new SHA3Digest(384), macKeys, macData, mac384, trunc384);
+        testMac(new SHA3Digest(512), macKeys, macData, mac512, trunc512);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new SHA3Digest((SHA3Digest)digest);
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SHA3DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512DigestTest.java
new file mode 100644
index 0000000..ffebaee
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512DigestTest.java
@@ -0,0 +1,60 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+
+/**
+ * standard vector test for SHA-512 from FIPS Draft 180-2.
+ *
+ * Note, the first two vectors are _not_ from the draft, the last three are.
+ */
+public class SHA512DigestTest
+    extends DigestTest
+{
+    private static String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+    };
+
+    private static String[] digests =
+    {
+        "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
+        "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75",
+        "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f",
+        "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909"
+    };
+
+    // 1 million 'a'
+    static private String  million_a_digest = "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b";
+
+    SHA512DigestTest()
+    {
+        super(new SHA512Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new SHA512Digest((SHA512Digest)digest);
+    }
+
+    protected Digest cloneDigest(byte[] encodedState)
+    {
+        return new SHA512Digest(encodedState);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SHA512DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512HMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512HMacTest.java
new file mode 100644
index 0000000..ee163eb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512HMacTest.java
@@ -0,0 +1,108 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTestResult;
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+/**
+ * SHA512 HMac Test
+ */
+public class SHA512HMacTest
+    implements Test
+{
+    final static String[] keys = {
+        "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+        "4a656665",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "0102030405060708090a0b0c0d0e0f10111213141516171819",
+        "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+    };
+
+    final static String[] digests = {
+        "87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854",
+        "164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737",
+        "fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb",
+        "b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd",
+        "415fad6271580a531d4179bc891d87a650188707922a4fbb36663a1eb16da008711c5b50ddd0fc235084eb9d3364a1454fb2ef67cd1d29fe6773068ea266e96b",
+        "80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598",
+        "e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58"
+    };
+
+    final static String[] messages = {
+        "Hi There",
+        "what do ya want for nothing?",
+        "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+        "0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
+        "Test With Truncation",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+        "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm."
+    };
+
+    public String getName()
+    {
+        return "SHA512HMac";
+    }
+
+    public TestResult perform()
+    {
+        HMac hmac = new HMac(new SHA512Digest());
+        byte[] resBuf = new byte[hmac.getMacSize()];
+
+        for (int i = 0; i < messages.length; i++)
+        {
+            byte[] m = messages[i].getBytes();
+            if (messages[i].startsWith("0x"))
+            {
+                m = Hex.decode(messages[i].substring(2));
+            }
+            hmac.init(new KeyParameter(Hex.decode(keys[i])));
+            hmac.update(m, 0, m.length);
+            hmac.doFinal(resBuf, 0);
+
+            if (!Arrays.areEqual(resBuf, Hex.decode(digests[i])))
+            {
+                return new SimpleTestResult(false, getName() + ": Vector " + i + " failed got -" + new String(Hex.encode(resBuf)));
+            }
+        }
+
+        //
+        // test reset
+        //
+        int vector = 0; // vector used for test
+        byte[] m = messages[vector].getBytes();
+        if (messages[vector].startsWith("0x"))
+        {
+            m = Hex.decode(messages[vector].substring(2));
+        }
+        hmac.init(new KeyParameter(Hex.decode(keys[vector])));
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+        hmac.reset();
+        hmac.update(m, 0, m.length);
+        hmac.doFinal(resBuf, 0);
+
+        if (!Arrays.areEqual(resBuf, Hex.decode(digests[vector])))
+        {
+            return new SimpleTestResult(false, getName() +
+                    "Reset with vector " + vector + " failed");
+        }
+
+        return new SimpleTestResult(true, getName() + ": Okay");
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        SHA512HMacTest    test = new SHA512HMacTest();
+        TestResult      result = test.perform();
+
+        System.out.println(result);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512t224DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512t224DigestTest.java
new file mode 100644
index 0000000..0c7bc95
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512t224DigestTest.java
@@ -0,0 +1,60 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA512tDigest;
+
+/**
+ * standard vector test for SHA-512/224 from FIPS 180-4.
+ *
+ * Note, only the last 2 message entries are FIPS originated..
+ */
+public class SHA512t224DigestTest
+    extends DigestTest
+{
+    private static String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+    };
+
+    private static String[] digests =
+    {
+        "6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4",
+        "d5cdb9ccc769a5121d4175f2bfdd13d6310e0d3d361ea75d82108327",
+        "4634270F707B6A54DAAE7530460842E20E37ED265CEEE9A43E8924AA",
+        "23FEC5BB94D60B23308192640B0C453335D664734FE40E7268674AF9"
+    };
+
+    // 1 million 'a'
+    static private String  million_a_digest = "37ab331d76f0d36de422bd0edeb22a28accd487b7a8453ae965dd287";
+
+    SHA512t224DigestTest()
+    {
+        super(new SHA512tDigest(224), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new SHA512tDigest((SHA512tDigest)digest);
+    }
+
+    protected Digest cloneDigest(byte[] encodedState)
+    {
+        return new SHA512tDigest(encodedState);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SHA512t224DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512t256DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512t256DigestTest.java
new file mode 100644
index 0000000..db019ae
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SHA512t256DigestTest.java
@@ -0,0 +1,60 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA512tDigest;
+
+/**
+ * standard vector test for SHA-512/256 from FIPS 180-4.
+ *
+ * Note, only the last 2 message entries are FIPS originated..
+ */
+public class SHA512t256DigestTest
+    extends DigestTest
+{
+    private static String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+    };
+
+    private static String[] digests =
+    {
+        "c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a",
+        "455e518824bc0601f9fb858ff5c37d417d67c2f8e0df2babe4808858aea830f8",
+        "53048E2681941EF99B2E29B76B4C7DABE4C2D0C634FC6D46E0E2F13107E7AF23",
+        "3928E184FB8690F840DA3988121D31BE65CB9D3EF83EE6146FEAC861E19B563A"
+    };
+
+    // 1 million 'a'
+    static private String  million_a_digest = "9a59a052930187a97038cae692f30708aa6491923ef5194394dc68d56c74fb21";
+
+    SHA512t256DigestTest()
+    {
+        super(new SHA512tDigest(256), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new SHA512tDigest((SHA512tDigest)digest);
+    }
+
+    protected Digest cloneDigest(byte[] encodedState)
+    {
+        return new SHA512tDigest(encodedState);
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SHA512t256DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SM3DigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SM3DigestTest.java
new file mode 100644
index 0000000..2d418cb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SM3DigestTest.java
@@ -0,0 +1,57 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SM3Digest;
+
+/**
+ * standard vector test for SM3 digest from chinese specification
+ */
+public class SM3DigestTest
+    extends DigestTest
+{
+    private static String[] messages = {
+        // Standard test vectors
+        "abc",
+        "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd",
+        // Non-standard test vectors
+        "",
+        "a",
+        "abcdefghijklmnopqrstuvwxyz",
+    };
+
+    private static String[] digests = {
+        // Standard test vectors
+        "66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0",
+        "debe9ff92275b8a138604889c18e5a4d6fdb70e5387e5765293dcba39c0c5732",
+        // Non-standard test vectors
+        "1ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b",
+        "623476ac18f65a2909e43c7fec61b49c7e764a91a18ccb82f1917a29c86c5e88",
+        "b80fe97a4da24afc277564f66a359ef440462ad28dcc6d63adb24d5c20a61595",
+    };
+
+    final static String sixtyFourKdigest = "97049bdc8f0736bc7300eafa9980aeb9cf00f24f7ec3a8f1f8884954d7655c1d";
+    final static String million_a_digest = "c8aaf89429554029e231941a2acc0ad61ff2a5acd8fadd25847a3a732b3b02c3";
+
+    SM3DigestTest()
+    {
+        super(new SM3Digest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+
+        sixtyFourKTest(sixtyFourKdigest);
+        millionATest(million_a_digest);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new SM3Digest((SM3Digest)digest);
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new SM3DigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SRP6Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SRP6Test.java
new file mode 100644
index 0000000..2409faf
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SRP6Test.java
@@ -0,0 +1,267 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.agreement.srp.SRP6Client;
+import org.bouncycastle.crypto.agreement.srp.SRP6Server;
+import org.bouncycastle.crypto.agreement.srp.SRP6StandardGroups;
+import org.bouncycastle.crypto.agreement.srp.SRP6Util;
+import org.bouncycastle.crypto.agreement.srp.SRP6VerifierGenerator;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.generators.DHParametersGenerator;
+import org.bouncycastle.crypto.params.DHParameters;
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class SRP6Test extends SimpleTest
+{
+    private static final BigInteger ZERO = BigInteger.valueOf(0);
+
+    private static BigInteger fromHex(String hex)
+    {
+        return new BigInteger(1, Hex.decode(hex));
+    }
+
+    private final SecureRandom random = new SecureRandom();
+
+    public String getName()
+    {
+        return "SRP6";
+    }
+
+    public void performTest() throws Exception
+    {
+        rfc5054AppendixBTestVectors();
+
+        testMutualVerification(SRP6StandardGroups.rfc5054_1024);
+        testClientCatchesBadB(SRP6StandardGroups.rfc5054_1024);
+        testServerCatchesBadA(SRP6StandardGroups.rfc5054_1024);
+
+        testWithRandomParams(256);
+        testWithRandomParams(384);
+        testWithRandomParams(512);
+    }
+
+    private void rfc5054AppendixBTestVectors() throws Exception
+    {
+        byte[] I = "alice".getBytes("UTF8");
+        byte[] P = "password123".getBytes("UTF8");
+        byte[] s = Hex.decode("BEB25379D1A8581EB5A727673A2441EE");
+        BigInteger N = SRP6StandardGroups.rfc5054_1024.getN();
+        BigInteger g = SRP6StandardGroups.rfc5054_1024.getG();
+        BigInteger a = fromHex("60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DDDA2D4393");
+        BigInteger b = fromHex("E487CB59D31AC550471E81F00F6928E01DDA08E974A004F49E61F5D105284D20");
+
+        BigInteger expect_k = fromHex("7556AA045AEF2CDD07ABAF0F665C3E818913186F");
+        BigInteger expect_x = fromHex("94B7555AABE9127CC58CCF4993DB6CF84D16C124");
+        BigInteger expect_v = fromHex("7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812"
+            + "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5"
+            + "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5"
+            + "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78"
+            + "E955A5E29E7AB245DB2BE315E2099AFB");
+        BigInteger expect_A = fromHex("61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4"
+            + "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC"
+            + "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44"
+            + "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA"
+            + "B349EF5D76988A3672FAC47B0769447B");
+        BigInteger expect_B = fromHex("BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011"
+            + "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99"
+            + "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA"
+            + "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE"
+            + "EB4012B7D7665238A8E3FB004B117B58");
+        BigInteger expect_u = fromHex("CE38B9593487DA98554ED47D70A7AE5F462EF019");
+        BigInteger expect_S = fromHex("B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D"
+            + "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C"
+            + "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F"
+            + "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D"
+            + "C346D7E474B29EDE8A469FFECA686E5A");
+
+        BigInteger k = SRP6Util.calculateK(new SHA1Digest(), N, g);
+        if (!k.equals(expect_k))
+        {
+            fail("wrong value of 'k'");
+        }
+
+        BigInteger x = SRP6Util.calculateX(new SHA1Digest(), N, s, I, P);
+        if (!x.equals(expect_x))
+        {
+            fail("wrong value of 'x'");
+        }
+
+        SRP6VerifierGenerator gen = new SRP6VerifierGenerator();
+        gen.init(N, g, new SHA1Digest());
+        BigInteger v = gen.generateVerifier(s, I, P);
+        if (!v.equals(expect_v))
+        {
+            fail("wrong value of 'v'");
+        }
+
+        final BigInteger aVal = a;
+        SRP6Client client = new SRP6Client()
+        {
+            protected BigInteger selectPrivateValue()
+            {
+                return aVal;
+            }
+        };
+        client.init(N, g, new SHA1Digest(), random);
+
+        BigInteger A = client.generateClientCredentials(s, I, P);
+        if (!A.equals(expect_A))
+        {
+            fail("wrong value of 'A'");
+        }
+
+        final BigInteger bVal = b;
+        SRP6Server server = new SRP6Server()
+        {
+            protected BigInteger selectPrivateValue()
+            {
+                return bVal;
+            }
+        };
+        server.init(N, g, v, new SHA1Digest(), random);
+
+        BigInteger B = server.generateServerCredentials();
+        if (!B.equals(expect_B))
+        {
+            fail("wrong value of 'B'");
+        }
+
+        BigInteger u = SRP6Util.calculateU(new SHA1Digest(), N, A, B);
+        if (!u.equals(expect_u))
+        {
+            fail("wrong value of 'u'");
+        }
+
+        BigInteger clientS = client.calculateSecret(B);
+        if (!clientS.equals(expect_S))
+        {
+            fail("wrong value of 'S' (client)");
+        }
+
+        BigInteger serverS = server.calculateSecret(A);
+        if (!serverS.equals(expect_S))
+        {
+            fail("wrong value of 'S' (server)");
+        }
+    }
+
+    private void testWithRandomParams(int bits) throws CryptoException
+    {
+        DHParametersGenerator paramGen = new DHParametersGenerator();
+        paramGen.init(bits, 25, random);
+        DHParameters parameters = paramGen.generateParameters();
+
+        testMutualVerification(new SRP6GroupParameters(parameters.getP(), parameters.getG()));
+    }
+
+    private void testMutualVerification(SRP6GroupParameters group) throws CryptoException
+    {
+        byte[] I = "username".getBytes();
+        byte[] P = "password".getBytes();
+        byte[] s = new byte[16];
+        random.nextBytes(s);
+
+        SRP6VerifierGenerator gen = new SRP6VerifierGenerator();
+        gen.init(group, new SHA256Digest());
+        BigInteger v = gen.generateVerifier(s, I, P);
+
+        SRP6Client client = new SRP6Client();
+        client.init(group, new SHA256Digest(), random);
+
+        SRP6Server server = new SRP6Server();
+        server.init(group, v, new SHA256Digest(), random);
+
+        BigInteger A = client.generateClientCredentials(s, I, P);
+        BigInteger B = server.generateServerCredentials();
+
+        BigInteger clientS = client.calculateSecret(B);
+        BigInteger serverS = server.calculateSecret(A);
+
+        if (!clientS.equals(serverS))
+        {
+            fail("SRP agreement failed - client/server calculated different secrets");
+        }
+    }
+
+    private void testClientCatchesBadB(SRP6GroupParameters group)
+    {
+        byte[] I = "username".getBytes();
+        byte[] P = "password".getBytes();
+        byte[] s = new byte[16];
+        random.nextBytes(s);
+
+        SRP6Client client = new SRP6Client();
+        client.init(group, new SHA256Digest(), random);
+
+        client.generateClientCredentials(s, I, P);
+
+        try
+        {
+            client.calculateSecret(ZERO);
+            fail("Client failed to detect invalid value for 'B'");
+        }
+        catch (CryptoException e)
+        {
+            // Expected
+        }
+
+        try
+        {
+            client.calculateSecret(group.getN());
+            fail("Client failed to detect invalid value for 'B'");
+        }
+        catch (CryptoException e)
+        {
+            // Expected
+        }
+    }
+
+    private void testServerCatchesBadA(SRP6GroupParameters group)
+    {
+        byte[] I = "username".getBytes();
+        byte[] P = "password".getBytes();
+        byte[] s = new byte[16];
+        random.nextBytes(s);
+
+        SRP6VerifierGenerator gen = new SRP6VerifierGenerator();
+        gen.init(group, new SHA256Digest());
+        BigInteger v = gen.generateVerifier(s, I, P);
+
+        SRP6Server server = new SRP6Server();
+        server.init(group, v, new SHA256Digest(), random);
+
+        server.generateServerCredentials();
+
+        try
+        {
+            server.calculateSecret(ZERO);
+            fail("Client failed to detect invalid value for 'A'");
+        }
+        catch (CryptoException e)
+        {
+            // Expected
+        }
+
+        try
+        {
+            server.calculateSecret(group.getN());
+            fail("Client failed to detect invalid value for 'A'");
+        }
+        catch (CryptoException e)
+        {
+            // Expected
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new SRP6Test());
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/Salsa20Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/Salsa20Test.java
new file mode 100644
index 0000000..2b73818
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/Salsa20Test.java
@@ -0,0 +1,400 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.engines.Salsa20Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Salsa20 Test
+ */
+public class Salsa20Test
+    extends SimpleTest
+{
+    byte[] zeroes = Hex.decode(
+                    "00000000000000000000000000000000"
+                  + "00000000000000000000000000000000"
+                  + "00000000000000000000000000000000"
+                  + "00000000000000000000000000000000");
+
+    String set1v0_0 = "4DFA5E481DA23EA09A31022050859936"
+        + "DA52FCEE218005164F267CB65F5CFD7F"
+        + "2B4F97E0FF16924A52DF269515110A07"
+        + "F9E460BC65EF95DA58F740B7D1DBB0AA";
+
+    String set1v0_192 = "DA9C1581F429E0A00F7D67E23B730676"
+        + "783B262E8EB43A25F55FB90B3E753AEF"
+        + "8C6713EC66C51881111593CCB3E8CB8F"
+        + "8DE124080501EEEB389C4BCB6977CF95";
+
+    String set1v0_256 = "7D5789631EB4554400E1E025935DFA7B"
+        + "3E9039D61BDC58A8697D36815BF1985C"
+        + "EFDF7AE112E5BB81E37ECF0616CE7147"
+        + "FC08A93A367E08631F23C03B00A8DA2F";
+
+    String set1v0_448 = "B375703739DACED4DD4059FD71C3C47F"
+        + "C2F9939670FAD4A46066ADCC6A564578"
+        + "3308B90FFB72BE04A6B147CBE38CC0C3"
+        + "B9267C296A92A7C69873F9F263BE9703";
+
+    String set1v9_0 = "0471076057830FB99202291177FBFE5D"
+        + "38C888944DF8917CAB82788B91B53D1C"
+        + "FB06D07A304B18BB763F888A61BB6B75"
+        + "5CD58BEC9C4CFB7569CB91862E79C459";
+
+    String set1v9_192 = "D1D7E97556426E6CFC21312AE3811425"
+        + "9E5A6FB10DACBD88E4354B0472556935"
+        + "2B6DA5ACAFACD5E266F9575C2ED8E6F2"
+        + "EFE4B4D36114C3A623DD49F4794F865B";
+
+    String set1v9_256 = "AF06FAA82C73291231E1BD916A773DE1"
+        + "52FD2126C40A10C3A6EB40F22834B8CC"
+        + "68BD5C6DBD7FC1EC8F34165C517C0B63"
+        + "9DB0C60506D3606906B8463AA0D0EC2F";
+
+    String set1v9_448 = "AB3216F1216379EFD5EC589510B8FD35"
+        + "014D0AA0B613040BAE63ECAB90A9AF79"
+        + "661F8DA2F853A5204B0F8E72E9D9EB4D"
+        + "BA5A4690E73A4D25F61EE7295215140C";
+
+    String set6v0_0 = "F5FAD53F79F9DF58C4AEA0D0ED9A9601"
+        + "F278112CA7180D565B420A48019670EA"
+        + "F24CE493A86263F677B46ACE1924773D"
+        + "2BB25571E1AA8593758FC382B1280B71";
+
+    String set6v0_65472 = "B70C50139C63332EF6E77AC54338A407"
+        + "9B82BEC9F9A403DFEA821B83F7860791"
+        + "650EF1B2489D0590B1DE772EEDA4E3BC"
+        + "D60FA7CE9CD623D9D2FD5758B8653E70";
+
+    String set6v0_65536 = "81582C65D7562B80AEC2F1A673A9D01C"
+        + "9F892A23D4919F6AB47B9154E08E699B"
+        + "4117D7C666477B60F8391481682F5D95"
+        + "D96623DBC489D88DAA6956B9F0646B6E";
+
+    String set6v1_0 = "3944F6DC9F85B128083879FDF190F7DE"
+        + "E4053A07BC09896D51D0690BD4DA4AC1"
+        + "062F1E47D3D0716F80A9B4D85E6D6085"
+        + "EE06947601C85F1A27A2F76E45A6AA87";
+
+    String set6v1_65472 = "36E03B4B54B0B2E04D069E690082C8C5"
+        + "92DF56E633F5D8C7682A02A65ECD1371"
+        + "8CA4352AACCB0DA20ED6BBBA62E177F2"
+        + "10E3560E63BB822C4158CAA806A88C82";
+
+    String set6v1_65536 = "1B779E7A917C8C26039FFB23CF0EF8E0"
+        + "8A1A13B43ACDD9402CF5DF38501098DF"
+        + "C945A6CC69A6A17367BC03431A86B3ED"
+        + "04B0245B56379BF997E25800AD837D7D";
+
+    // Salsa20/12
+    String salsa12_set1v0_0 = "FC207DBFC76C5E1774961E7A5AAD0906"
+            + "9B2225AC1CE0FE7A0CE77003E7E5BDF8"
+            + "B31AF821000813E6C56B8C1771D6EE70"
+            + "39B2FBD0A68E8AD70A3944B677937897";
+
+    String salsa12_set1v0_192 = "4B62A4881FA1AF9560586510D5527ED4"
+        + "8A51ECAFA4DECEEBBDDC10E9918D44AB"
+        + "26B10C0A31ED242F146C72940C6E9C37"
+        + "53F641DA84E9F68B4F9E76B6C48CA5AC";
+
+    String salsa12_set1v0_256 = "F52383D9DEFB20810325F7AEC9EADE34"
+        + "D9D883FEE37E05F74BF40875B2D0BE79"
+        + "ED8886E5BFF556CEA8D1D9E86B1F68A9"
+        + "64598C34F177F8163E271B8D2FEB5996";
+
+    String salsa12_set1v0_448 = "A52ED8C37014B10EC0AA8E05B5CEEE12"
+        + "3A1017557FB3B15C53E6C5EA8300BF74"
+        + "264A73B5315DC821AD2CAB0F3BB2F152"
+        + "BDAEA3AEE97BA04B8E72A7B40DCC6BA4";
+
+    // Salsa20/8
+    String salsa8_set1v0_0 = "A9C9F888AB552A2D1BBFF9F36BEBEB33"
+            + "7A8B4B107C75B63BAE26CB9A235BBA9D"
+            + "784F38BEFC3ADF4CD3E266687EA7B9F0"
+            + "9BA650AE81EAC6063AE31FF12218DDC5";
+    
+    String salsa8_set1v0_192 = "BB5B6BB2CC8B8A0222DCCC1753ED4AEB"
+            + "23377ACCBD5D4C0B69A8A03BB115EF71"
+            + "871BC10559080ACA7C68F0DEF32A80DD"
+            + "BAF497259BB76A3853A7183B51CC4B9F";
+    
+    String salsa8_set1v0_256 = "4436CDC0BE39559F5E5A6B79FBDB2CAE"
+            + "4782910F27FFC2391E05CFC78D601AD8"
+            + "CD7D87B074169361D997D1BED9729C0D"
+            + "EB23418E0646B7997C06AA84E7640CE3";
+    
+    String salsa8_set1v0_448 = "BEE85903BEA506B05FC04795836FAAAC"
+            + "7F93F785D473EB762576D96B4A65FFE4"
+            + "63B34AAE696777FC6351B67C3753B89B"
+            + "A6B197BD655D1D9CA86E067F4D770220";
+    
+
+    public String getName()
+    {
+        return "Salsa20";
+    }
+
+    public void performTest()
+    {
+        salsa20Test1(20, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")),
+                  set1v0_0, set1v0_192,  set1v0_256,  set1v0_448);
+        salsa20Test1(20, new ParametersWithIV(new KeyParameter(Hex.decode("00400000000000000000000000000000")), Hex.decode("0000000000000000")),
+                  set1v9_0, set1v9_192,  set1v9_256,  set1v9_448);
+        salsa20Test1(12, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")),
+                salsa12_set1v0_0, salsa12_set1v0_192,  salsa12_set1v0_256,  salsa12_set1v0_448);
+        salsa20Test1(8, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")),
+                salsa8_set1v0_0, salsa8_set1v0_192,  salsa8_set1v0_256,  salsa8_set1v0_448);
+        salsa20Test2(new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE")),
+                  set6v0_0, set6v0_65472, set6v0_65536);
+        salsa20Test2(new ParametersWithIV(new KeyParameter(Hex.decode("0558ABFE51A4F74A9DF04396E93C8FE23588DB2E81D4277ACD2073C6196CBF12")), Hex.decode("167DE44BB21980E7")),
+                  set6v1_0, set6v1_65472, set6v1_65536);
+        reinitBug();
+        skipTest();
+    }
+
+    private void salsa20Test1(int rounds, CipherParameters params, String v0, String v192, String v256, String v448)
+    {
+        StreamCipher salsa = new Salsa20Engine(rounds);
+        byte[]       buf = new byte[64];
+
+        salsa.init(true, params);
+
+        for (int i = 0; i != 7; i++)
+        {
+            salsa.processBytes(zeroes, 0, 64, buf, 0);
+            switch (i)
+            {
+            case 0:
+                if (!areEqual(buf, Hex.decode(v0)))
+                {
+                    mismatch("v0/" + rounds, v0, buf);
+                }
+                break;
+            case 3:
+                if (!areEqual(buf, Hex.decode(v192)))
+                {
+                    mismatch("v192/" + rounds, v192, buf);
+                }
+                break;
+            case 4:
+                if (!areEqual(buf, Hex.decode(v256)))
+                {
+                    mismatch("v256/" + rounds, v256, buf);
+                }
+                break;
+            default:
+                // ignore
+            }
+        }
+
+        for (int i = 0; i != 64; i++)
+        {
+            buf[i] = salsa.returnByte(zeroes[i]);
+        }
+
+        if (!areEqual(buf, Hex.decode(v448)))
+        {
+            mismatch("v448", v448, buf);
+        }       
+    }
+
+    private void salsa20Test2(CipherParameters params, String v0, String v65472, String v65536)
+    {
+        StreamCipher salsa = new Salsa20Engine();
+        byte[]       buf = new byte[64];
+
+        salsa.init(true, params);
+
+        for (int i = 0; i != 1025; i++)
+        {
+            salsa.processBytes(zeroes, 0, 64, buf, 0);
+            switch (i)
+            {
+            case 0:
+                if (!areEqual(buf, Hex.decode(v0)))
+                {
+                    mismatch("v0", v0, buf);
+                }
+                break;
+            case 1023:
+                if (!areEqual(buf, Hex.decode(v65472)))
+                {
+                    mismatch("v65472", v65472, buf);
+                }
+                break;
+            case 1024:
+                if (!areEqual(buf, Hex.decode(v65536)))
+                {
+                    mismatch("v65536", v65536, buf);
+                }
+                break;
+            default:
+                // ignore
+            }
+        }
+    }
+
+    private void mismatch(String name, String expected, byte[] found)
+    {
+        fail("mismatch on " + name, expected, new String(Hex.encode(found)));
+    }
+
+
+    private void reinitBug()
+    {
+        KeyParameter key = new KeyParameter(Hex.decode("80000000000000000000000000000000"));
+        ParametersWithIV parameters = new ParametersWithIV(key, Hex.decode("0000000000000000"));
+
+        StreamCipher salsa = new Salsa20Engine();
+
+        salsa.init(true, parameters);
+
+        try
+        {
+            salsa.init(true, key);
+            fail("Salsa20 should throw exception if no IV in Init");
+        }
+        catch (IllegalArgumentException e)
+        {
+        }
+    }
+
+    private boolean areEqual(byte[] a, int aOff, byte[] b, int bOff)
+    {
+        for (int i = bOff; i != b.length; i++)
+        {
+            if (a[aOff + i - bOff] != b[i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private void skipTest()
+    {
+        SecureRandom rand = new SecureRandom();
+        byte[]       plain = new byte[50000];
+        byte[]       cipher = new byte[50000];
+
+        rand.nextBytes(plain);
+
+        CipherParameters params = new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE"));
+        Salsa20Engine    engine = new Salsa20Engine();
+
+        engine.init(true, params);
+
+        engine.processBytes(plain, 0, plain.length, cipher, 0);
+
+        byte[]      fragment = new byte[20];
+
+        engine.init(true, params);
+
+        engine.skip(10);
+
+        engine.processBytes(plain, 10, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 10, fragment, 0))
+        {
+            fail("skip forward 10 failed");
+        }
+
+        engine.skip(1000);
+
+        engine.processBytes(plain, 1010 + fragment.length, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 1010 + fragment.length, fragment, 0))
+        {
+            fail("skip forward 1000 failed");
+        }
+
+        engine.skip(-10);
+
+        engine.processBytes(plain, 1010 + 2 * fragment.length - 10, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 1010 + 2 * fragment.length - 10, fragment, 0))
+        {
+            fail("skip back 10 failed");
+        }
+
+        engine.skip(-1000);
+
+        if (engine.getPosition() != 60)
+        {
+            fail("skip position incorrect - " + 60 + " got " + engine.getPosition());
+        }
+
+        engine.processBytes(plain, 60, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 60, fragment, 0))
+        {
+            fail("skip back 1000 failed");
+        }
+
+        long pos = engine.seekTo(1010);
+        if (pos != 1010)
+        {
+            fail("position wrong");
+        }
+
+        engine.processBytes(plain, 1010, fragment.length, fragment, 0);
+
+        if (!areEqual(cipher, 1010, fragment, 0))
+        {
+            fail("seek to 1010 failed");
+        }
+
+        engine.reset();
+
+        for (int i = 0; i != 5000; i++)
+        {
+            engine.skip(i);
+
+            if (engine.getPosition() != i)
+            {
+                fail("skip forward at wrong position");
+            }
+
+            engine.processBytes(plain, i, fragment.length, fragment, 0);
+
+            if (!areEqual(cipher, i, fragment, 0))
+            {
+                fail("skip forward i failed: " + i);
+            }
+
+            if (engine.getPosition() != i + fragment.length)
+            {
+                fail("cipher at wrong position: " + engine.getPosition() + " [" + i + "]");
+            }
+
+            engine.skip(-fragment.length);
+
+            if (engine.getPosition() != i)
+            {
+                fail("skip back at wrong position");
+            }
+
+            engine.processBytes(plain, i, fragment.length, fragment, 0);
+
+            if (!areEqual(cipher, i, fragment, 0))
+            {
+                fail("skip back i failed: " + i);
+            }
+
+            engine.reset();
+        }
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new Salsa20Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SerpentTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SerpentTest.java
new file mode 100644
index 0000000..3eac33a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SerpentTest.java
@@ -0,0 +1,103 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.SerpentEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ */
+public class SerpentTest
+    extends CipherTest
+{
+    static SimpleTest[]  tests = 
+            {
+               new BlockCipherVectorTest(0, new SerpentEngine(),
+                       new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                      "00000000000000000000000000000000", "8910494504181950f98dd998a82b6749"),
+                new BlockCipherVectorTest(1, new SerpentEngine(),
+                       new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                      "80000000000000000000000000000000", "10b5ffb720b8cb9002a1142b0ba2e94a"),
+                new BlockCipherVectorTest(2, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000008000000000000000000000", "4f057a42d8d5bd9746e434680ddcd5e5"),
+                new BlockCipherVectorTest(3, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+                        "00000000000000000000400000000000", "99407bf8582ef12550886ef5b6f169b9"),
+                new BlockCipherVectorTest(4, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "40000000000000000000000000000000", "d522a3b8d6d89d4d2a124fdd88f36896"),
+                new BlockCipherVectorTest(5, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "00000000000200000000000000000000", "189b8ec3470085b3da97e82ca8964e32"),
+                new BlockCipherVectorTest(6, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000000000000000000000000000")),
+                        "00000000000000000000008000000000", "f77d868cf760b9143a89809510ccb099"),
+                new BlockCipherVectorTest(7, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "08000000000000000000000000000000", "d43b7b981b829342fce0e3ec6f5f4c82"),
+                new BlockCipherVectorTest(8, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "00000000000000000100000000000000", "0bf30e1a0c33ccf6d5293177886912a7"),
+                new BlockCipherVectorTest(9, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")),
+                        "00000000000000000000000000000001", "6a7f3b805d2ddcba49b89770ade5e507"),
+                new BlockCipherVectorTest(10, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("80000000000000000000000000000000")),
+                        "00000000000000000000000000000000", "49afbfad9d5a34052cd8ffa5986bd2dd"),
+                new BlockCipherVectorTest(11, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("000000000000000000000000004000000000000000000000")),
+                        "00000000000000000000000000000000", "ba8829b1de058c4b48615d851fc74f17"),
+                new BlockCipherVectorTest(12, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("0000000000000000000000000000000000000000000000000000000100000000")),
+                        "00000000000000000000000000000000", "89f64377bf1e8a46c8247044e8056a98"),
+/*
+                new BlockCipherMonteCarloTest(13, 10000, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("47f5f881daab9b67b43bd1342e339c19")),
+                        "7a4f7db38c52a8b711b778a38d203b6b", "003380e19f10065740394f48e2fe80b7"),
+*/
+                new BlockCipherMonteCarloTest(13, 100, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("47f5f881daab9b67b43bd1342e339c19")),
+                        "7a4f7db38c52a8b711b778a38d203b6b", "4db75303d815c2f7cc6ca935d1c5a046"),
+/*
+                new BlockCipherMonteCarloTest(14, 10000, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("31fba879ebc5e80df35e6fa33eaf92d6")),
+                        "70a05e12f74589009692a337f53ff614", "afb5425426906db26b70bdf842ac5400"),
+*/
+                new BlockCipherMonteCarloTest(14, 100, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("31fba879ebc5e80df35e6fa33eaf92d6")),
+                        "70a05e12f74589009692a337f53ff614", "fc53a50f4d3bc9836001893d2f41742d"),
+/*
+                new BlockCipherMonteCarloTest(15, 10000, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("bde6dd392307984695aee80e574f9977caae9aa78eda53e8")),
+                        "9cc523d034a93740a0aa4e2054bb34d8", "1949d506ada7de1f1344986e8ea049b2"),
+*/
+                new BlockCipherMonteCarloTest(15, 100, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("bde6dd392307984695aee80e574f9977caae9aa78eda53e8")),
+                        "9cc523d034a93740a0aa4e2054bb34d8", "77117e6a9e80f40b2a36b7d755573c2d"),
+/*
+                new BlockCipherMonteCarloTest(16, 10000, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("60f6f8ad4290699dc50921a1bbcca92da914e7d9cf01a9317c79c0af8f2487a1")),
+                        "ee1a61106fae2d381d686cbf854bab65", "e57f45559027cb1f2ed9603d814e1c34"),
+*/
+                new BlockCipherMonteCarloTest(16, 100, new SerpentEngine(),
+                        new KeyParameter(Hex.decode("60f6f8ad4290699dc50921a1bbcca92da914e7d9cf01a9317c79c0af8f2487a1")),
+                        "ee1a61106fae2d381d686cbf854bab65", "dcd7f13ea0dcdfd0139d1a42e2ffb84b")
+            };
+
+    SerpentTest()
+    {
+        super(tests, new SerpentEngine(), new KeyParameter(new byte[32]));
+    }
+
+    public String getName()
+    {
+        return "Serpent";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SerpentTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/Shacal2Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/Shacal2Test.java
new file mode 100644
index 0000000..bd7a815
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/Shacal2Test.java
@@ -0,0 +1,200 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.engines.Shacal2Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Shacal2 tester - vectors from https://www.cosic.esat.kuleuven.be/nessie/testvectors/
+ */
+public class Shacal2Test
+    extends CipherTest
+{
+    static SimpleTest[]  tests =
+            {
+                // set 8.0
+                new BlockCipherVectorTest(0, new Shacal2Engine(),
+                        new KeyParameter(Hex.decode("000102030405060708090A0B0C0D0E0F" +
+                            "101112131415161718191A1B1C1D1E1F" +
+                            "202122232425262728292A2B2C2D2E2F" +
+                            "303132333435363738393A3B3C3D3E3F")),
+                        "98BCC10405AB0BFC686BECECAAD01AC1" +
+                        "9B452511BCEB9CB094F905C51CA45430",
+                        "00112233445566778899AABBCCDDEEFF" +
+                        "102132435465768798A9BACBDCEDFE0F"),
+                // set 8.1
+                new BlockCipherVectorTest(1, new Shacal2Engine(),
+                        new KeyParameter(Hex.decode("2BD6459F82C5B300952C49104881FF48" +
+                            "2BD6459F82C5B300952C49104881FF48" +
+                            "2BD6459F82C5B300952C49104881FF48" +
+                            "2BD6459F82C5B300952C49104881FF48")),
+                            "481F122A75F2C4C3395140B5A951EBBA" +
+                            "06D96BDFD9D8FF4FB59CBD1287808D5A",
+                            "EA024714AD5C4D84EA024714AD5C4D84" +
+                            "EA024714AD5C4D84EA024714AD5C4D84"),
+                 // 7.255
+                new BlockCipherVectorTest(2, new Shacal2Engine(),
+                        new KeyParameter(Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +
+                            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +
+                            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +
+                            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")),
+                            "94FEDFF2A0CFE3C983D340C88D73F8CF" +
+                            "4B79FC581797EC10B27D4DA1B51E1BC7",
+                            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +
+                            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"),
+                // 7.100
+                new BlockCipherVectorTest(3, new Shacal2Engine(),
+                        new KeyParameter(Hex.decode("64646464646464646464646464646464" +
+                            "64646464646464646464646464646464" +
+                            "64646464646464646464646464646464" +
+                            "64646464646464646464646464646464")),
+                            "6643CB84B3B3F126F5E50959EF4CE73D" +
+                            "B8500918ABE1056368DB06CA8C1C0D45",
+                            "64646464646464646464646464646464" +
+                            "64646464646464646464646464646464"),
+                // 7.50
+                new BlockCipherVectorTest(4, new Shacal2Engine(),
+                        new KeyParameter(Hex.decode("32323232323232323232323232323232" +
+                            "32323232323232323232323232323232" +
+                            "32323232323232323232323232323232" +
+                            "32323232323232323232323232323232")),
+                            "92E937285AB11FE3561542C43C918966" +
+                            "971DE722E9B9D38BD69EAC77899DCF81",
+                            "32323232323232323232323232323232" +
+                            "32323232323232323232323232323232"),
+                // 7.0
+                new BlockCipherVectorTest(5, new Shacal2Engine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000" +
+                            "00000000000000000000000000000000" +
+                            "00000000000000000000000000000000" +
+                            "00000000000000000000000000000000")),
+                            "F8C9259FA4F5D787B570AFA9219166A6" +
+                            "3636FC5C30AC289155D0CC4FFCB4B03D",
+                            "00000000000000000000000000000000" +
+                            "00000000000000000000000000000000"),
+                // 6.255
+                new BlockCipherVectorTest(6, new Shacal2Engine(),
+                        new KeyParameter(Hex.decode("00000000000000000000000000000000" +
+                            "00000000000000000000000000000000" +
+                            "00000000000000000000000000000000" +
+                            "00000000000000000000000000000000")),
+                            "F4E976DF0172CD961D4C8D466A12F676" +
+                            "5B9089046E747CD2A41BF43C18A8328E",
+                            "00000000000000000000000000000000" +
+                            "00000000000000000000000000000001"),
+                // 6.100
+                new BlockCipherVectorTest(7, new Shacal2Engine(),
+                    new KeyParameter(Hex.decode("00000000000000000000000000000000" +
+                        "00000000000000000000000000000000" +
+                        "00000000000000000000000000000000" +
+                        "00000000000000000000000000000000")),
+                        "3B929F0597E21D0076EC399D21B67713" +
+                        "B40E3AD559704219A26A3380212D5AD6",
+                        "00000000000000000000000008000000" +
+                        "00000000000000000000000000000000"),
+
+                // 6.0
+                new BlockCipherVectorTest(8, new Shacal2Engine(),
+                    new KeyParameter(Hex.decode("00000000000000000000000000000000" +
+                        "00000000000000000000000000000000" +
+                        "00000000000000000000000000000000" +
+                        "00000000000000000000000000000000")),
+                        "43A0DAD8307F19FBBCF166FE20BAC075" +
+                        "C56FF14042550E472094B042BE5963EE",
+                        "80000000000000000000000000000000" +
+                        "00000000000000000000000000000000"),
+            };
+
+    Shacal2Test()
+    {
+        super(tests, new Shacal2Engine(), new KeyParameter(new byte[16]));
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        super.performTest();
+
+        // 1.0
+        iteratedTest(0,
+            Hex.decode("80000000000000000000000000000000" +
+            "00000000000000000000000000000000" +
+            "00000000000000000000000000000000" +
+            "00000000000000000000000000000000"),
+            Hex.decode("00000000000000000000000000000000" +
+            "00000000000000000000000000000000"),
+            Hex.decode("361AB6322FA9E7A7BB23818D839E01BD" +
+                "DAFDF47305426EDD297AEDB9F6202BAE"),
+            Hex.decode("226A582DE04383D0F3E7DE655DD848AC" +
+            "3E14CCFB4E76F7B7069879F67C4D5420"),
+            Hex.decode("B05D5A18C0712082CFF5BA9DBBCD7269" +
+            "114FC3DF83B42DAC306D95BBC473D839"));
+
+        // 1.100
+        iteratedTest(1,
+            Hex.decode("00000000000000000000000008000000" +
+                "00000000000000000000000000000000" +
+                "00000000000000000000000000000000" +
+                "00000000000000000000000000000000"),
+            Hex.decode("00000000000000000000000000000000" +
+            "00000000000000000000000000000000"),
+            Hex.decode("F703282E54592A5617E10618027BB67F" +
+                "639E43A90767150D8B7F5E83054B3CBD"),
+            Hex.decode("3B442692B579485B8BA2F92CE3B90DE7" +
+                "D2EA03D8B3C8E7BE7BF6415F798EED90"),
+            Hex.decode("331B9B65F06230380BBEECFBFBA94BCF" +
+                "92AF6341F815D7651F996144A5377263"));
+    }
+
+    private void iteratedTest(int index, byte[] key, byte[] plain, byte[] cipher, byte[] cipher100, byte[] cipher1000)
+    {
+        BlockCipher engine = new Shacal2Engine();
+
+        engine.init(true, new KeyParameter(key));
+
+        byte[] buf = new byte[plain.length];
+
+        System.arraycopy(plain, 0, buf, 0, plain.length);
+
+        engine.processBlock(buf, 0, buf, 0);
+
+        if (!Arrays.areEqual(cipher, buf))
+        {
+            fail(index + " single count failed");
+        }
+
+        for (int i = 1; i != 100; i++)
+        {
+            engine.processBlock(buf, 0, buf, 0);
+        }
+
+        if (!Arrays.areEqual(cipher100, buf))
+        {
+            fail(index + " 100 count failed");
+        }
+
+        for (int i = 100; i != 1000; i++)
+        {
+            engine.processBlock(buf, 0, buf, 0);
+        }
+
+        if (!Arrays.areEqual(cipher1000, buf))
+        {
+            fail(index + " 1000 count failed");
+        }
+    }
+
+    public String getName()
+    {
+        return "Shacal2";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new Shacal2Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/ShortenedDigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/ShortenedDigestTest.java
new file mode 100644
index 0000000..20510c9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/ShortenedDigestTest.java
@@ -0,0 +1,89 @@
+/*
+ * Created on 6/05/2006
+ *
+ * To change the template for this generated file go to
+ * Window&gt;Preferences&gt;Java&gt;Code Generation&gt;Code and Comments
+ */
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.ExtendedDigest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.digests.ShortenedDigest;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class ShortenedDigestTest
+    extends SimpleTest
+{
+    public void performTest()
+    {
+        ExtendedDigest  d = new SHA1Digest();
+        ShortenedDigest sd = new ShortenedDigest(new SHA1Digest(), 10);
+        
+        if (sd.getDigestSize() != 10)
+        {
+            fail("size check wrong for SHA-1");
+        }
+        
+        if (sd.getByteLength() != d.getByteLength())
+        {
+            fail("byte length check wrong for SHA-1");
+        }
+        
+        //
+        // check output fits
+        //
+        sd.doFinal(new byte[10], 0);
+        
+        d = new SHA512Digest();
+        sd = new ShortenedDigest(new SHA512Digest(), 20);
+        
+        if (sd.getDigestSize() != 20)
+        {
+            fail("size check wrong for SHA-512");
+        }
+        
+        if (sd.getByteLength() != d.getByteLength())
+        {
+            fail("byte length check wrong for SHA-512");
+        }
+        
+        //
+        // check output fits
+        //
+        sd.doFinal(new byte[20], 0);
+        
+        try
+        {
+            new ShortenedDigest(null, 20);
+            
+            fail("null parameter not caught");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+        
+        try
+        {
+            new ShortenedDigest(new SHA1Digest(), 50);
+            
+            fail("short digest not caught");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // expected
+        }
+    }
+    
+    public String getName()
+    {
+        return "ShortenedDigest";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new ShortenedDigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SipHashTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SipHashTest.java
new file mode 100644
index 0000000..1c55411
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SipHashTest.java
@@ -0,0 +1,143 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.macs.SipHash;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Pack;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/*
+ * SipHash test values from "SipHash: a fast short-input PRF", by Jean-Philippe
+ * Aumasson and Daniel J. Bernstein (https://131002.net/siphash/siphash.pdf), Appendix A.
+ */
+public class SipHashTest
+    extends SimpleTest
+{
+    private static final int UPDATE_BYTES = 0;
+    private static final int UPDATE_FULL = 1;
+    private static final int UPDATE_MIX = 2;
+
+    public String getName()
+    {
+        return "SipHash";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        byte[] key = Hex.decode("000102030405060708090a0b0c0d0e0f");
+        byte[] input = Hex.decode("000102030405060708090a0b0c0d0e");
+
+        runMAC(key, input, UPDATE_BYTES);
+        runMAC(key, input, UPDATE_FULL);
+        runMAC(key, input, UPDATE_MIX);
+        
+        SecureRandom random = new SecureRandom();
+        for (int i = 0; i < 100; ++i)
+        {
+            randomTest(random);
+        }
+    }
+
+    private void runMAC(byte[] key, byte[] input, int updateType)
+        throws Exception
+    {
+        long expected = 0xa129ca6149be45e5L;
+
+        SipHash mac = new SipHash();
+        mac.init(new KeyParameter(key));
+
+        updateMAC(mac, input, updateType);
+
+        long result = mac.doFinal();
+        if (expected != result)
+        {
+            fail("Result does not match expected value for doFinal()");
+        }
+
+        byte[] expectedBytes = new byte[8];
+        Pack.longToLittleEndian(expected, expectedBytes, 0);
+
+        updateMAC(mac, input, updateType);
+
+        byte[] output = new byte[mac.getMacSize()];
+        int len = mac.doFinal(output, 0);
+        if (len != output.length)
+        {
+            fail("Result length does not equal getMacSize() for doFinal(byte[],int)");
+        }
+        if (!areEqual(expectedBytes, output))
+        {
+            fail("Result does not match expected value for doFinal(byte[],int)");
+        }
+    }
+
+    private void randomTest(SecureRandom random)
+    {
+        byte[] key = new byte[16];
+        random.nextBytes(key);
+
+        int length = 1 + random.nextInt(1024);
+        byte[] input = new byte[length];
+        random.nextBytes(input);
+
+        SipHash mac = new SipHash();
+        mac.init(new KeyParameter(key));
+
+        updateMAC(mac, input, UPDATE_BYTES);
+        long result1 = mac.doFinal();
+
+        updateMAC(mac, input, UPDATE_FULL);
+        long result2 = mac.doFinal();
+
+        updateMAC(mac, input, UPDATE_MIX);
+        long result3 = mac.doFinal();
+
+        if (result1 != result2 || result1 != result3)
+        {
+            fail("Inconsistent results in random test");
+        }
+    }
+
+    private void updateMAC(SipHash mac, byte[] input, int updateType)
+    {
+        switch (updateType)
+        {
+        case UPDATE_BYTES:
+        {
+            for (int i = 0; i < input.length; ++i)
+            {
+                mac.update(input[i]);
+            }
+            break;
+        }
+        case UPDATE_FULL:
+        {
+            mac.update(input, 0, input.length);
+            break;
+        }
+        case UPDATE_MIX:
+        {
+            int step = Math.max(1, input.length / 3);
+            int pos = 0;
+            while (pos < input.length)
+            {
+                mac.update(input[pos++]);
+                int len = Math.min(input.length - pos, step);
+                mac.update(input, pos, len);
+                pos += len;
+            }
+            break;
+        }
+        default:
+            throw new IllegalStateException();
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new SipHashTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SkeinDigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SkeinDigestTest.java
new file mode 100644
index 0000000..1a7dff6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SkeinDigestTest.java
@@ -0,0 +1,294 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SkeinDigest;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class SkeinDigestTest
+    extends SimpleTest
+{
+    private static class Case
+    {
+        private byte[] message;
+        private byte[] digest;
+        private int blockSize;
+        private int outputSize;
+
+        public Case(int blockSize, int outputSize, String message, String digest)
+        {
+            this.blockSize = blockSize;
+            this.outputSize = outputSize;
+            this.message = Hex.decode(message);
+            this.digest = Hex.decode(digest);
+        }
+
+        public int getOutputSize()
+        {
+            return outputSize;
+        }
+
+        public int getBlockSize()
+        {
+            return blockSize;
+        }
+
+        public byte[] getMessage()
+        {
+            return message;
+        }
+
+        public byte[] getDigest()
+        {
+            return digest;
+        }
+
+    }
+
+    // Test cases from skein_golden_kat.txt and skein_golden_kat_short.txt in Skein 1.3 NIST CD
+    private static final Case[] TEST_CASES = {
+        new Case(256, 256, "", "c8877087da56e072870daa843f176e9453115929094c3a40c463a196c29bf7ba"),
+        new Case(256, 256, "fb", "088eb23cc2bccfb8171aa64e966d4af937325167dfcd170700ffd21f8a4cbdac"),
+        new Case(256, 256, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8",
+            "5c3002ff57a627089ea2f97a5000d5678416389019e80e45a3bbcab118315d26"),
+        new Case(256, 256, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a129233",
+            "640c894a4bba6574c83e920ddf7dd2982fc634881bbbcb9d774eae0a285e89ce"),
+        new Case(256, 160, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "0cd491b7715704c3a15a45a1ca8d93f8f646d3a1"),
+        new Case(256, 224, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "afd1e2d0f5b6cd4e1f8b3935fa2497d27ee97e72060adac099543487"),
+        new Case(256, 256, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "4de6fe2bfdaa3717a4261030ef0e044ced9225d066354610842a24a3eafd1dcf"),
+        new Case(256, 384, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "954620fb31e8b782a2794c6542827026fe069d715df04261629fcbe81d7d529b"
+                + "95ba021fa4239fb00afaa75f5fd8e78b"),
+        new Case(256, 512, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "51347e27c7eabba514959f899a6715ef6ad5cf01c23170590e6a8af399470bf9"
+                + "0ea7409960a708c1dbaa90e86389df254abc763639bb8cdf7fb663b29d9557c3"),
+        new Case(256, 1024, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "6c9b6facbaf116b538aa655e0be0168084aa9f1be445f7e06714585e5999a6c9"
+                + "84fffa9d41a316028692d4aad18f573fbf27cf78e84de26da1928382b023987d"
+                + "cfe002b6201ea33713c54a8a5d9eb346f0365e04330d2faaf7bc8aba92a5d7fb"
+                + "6345c6fb26750bce65ab2045c233627679ac6e9acb33602e26fe3526063ecc8b"),
+
+        new Case(512, 512, "", "bc5b4c50925519c290cc634277ae3d6257212395cba733bbad37a4af0fa06af4"
+            + "1fca7903d06564fea7a2d3730dbdb80c1f85562dfcc070334ea4d1d9e72cba7a"),
+        new Case(512, 512, "fb", "c49e03d50b4b2cc46bd3b7ef7014c8a45b016399fd1714467b7596c86de98240"
+            + "e35bf7f9772b7d65465cd4cffab14e6bc154c54fc67b8bc340abf08eff572b9e"),
+        new Case(512, 512, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8",
+            "abefb179d52f68f86941acbbe014cc67ec66ad78b7ba9508eb1400ee2cbdb06f"
+                + "9fe7c2a260a0272d0d80e8ef5e8737c0c6a5f1c02ceb00fb2746f664b85fcef5"),
+        new Case(512, 512, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a129233",
+            "5c5b7956f9d973c0989aa40a71aa9c48a65af2757590e9a758343c7e23ea2df4"
+                + "057ce0b49f9514987feff97f648e1dd065926e2c371a0211ca977c213f14149f"),
+        new Case(512, 160, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "ef03079d61b57c6047e15fa2b35b46fa24279539"),
+        new Case(512, 224, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "d9e3219b214e15246a2038f76a573e018ef69b385b3bd0576b558231"),
+        new Case(512, 256, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "809dd3f763a11af90912bbb92bc0d94361cbadab10142992000c88b4ceb88648"),
+        new Case(512, 384, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "825f5cbd5da8807a7b4d3e7bd9cd089ca3a256bcc064cd73a9355bf3ae67f2bf"
+                + "93ac7074b3b19907a0665ba3a878b262"),
+        new Case(512, 512, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "1a0d5abf4432e7c612d658f8dcfa35b0d1ab68b8d6bd4dd115c23cc57b5c5bcd"
+                + "de9bff0ece4208596e499f211bc07594d0cb6f3c12b0e110174b2a9b4b2cb6a9"),
+
+        new Case(1024, 1024, "", "0fff9563bb3279289227ac77d319b6fff8d7e9f09da1247b72a0a265cd6d2a62"
+            + "645ad547ed8193db48cff847c06494a03f55666d3b47eb4c20456c9373c86297"
+            + "d630d5578ebd34cb40991578f9f52b18003efa35d3da6553ff35db91b81ab890"
+            + "bec1b189b7f52cb2a783ebb7d823d725b0b4a71f6824e88f68f982eefc6d19c6"),
+        new Case(1024, 1024, "fb", "6426bdc57b2771a6ef1b0dd39f8096a9a07554565743ac3de851d28258fcff22"
+            + "9993e11c4e6bebc8b6ecb0ad1b140276081aa390ec3875960336119427827473"
+            + "4770671b79f076771e2cfdaaf5adc9b10cbae43d8e6cd2b1c1f5d6c82dc96618"
+            + "00ddc476f25865b8748253173187d81da971c027d91d32fb390301c2110d2db2"),
+        new Case(1024, 1024, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8",
+            "140e93726ab0b0467c0b8a834ad8cda4d1769d273661902b70db0dcb5ee692ac"
+                + "b3f852d03b11f857850f2428432811309c1dcbe5724f00267ea3667e89fadb4e"
+                + "4911da6b0ba8a7eddf87c1c67152ef0f07b7fead3557318478bdef5ad1e5926d"
+                + "7071fdd4bfa5076d4b3253f8de479ebdf5357676f1641b2f097e9b785e9e528e"),
+        new Case(1024, 1024, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a129233",
+            "31105e1ef042c30b95b16e0f6e6a1a19172bb7d54a0597dd0c711194888efe1d"
+                + "bce82d47416df9577ca387219f06e45cd10964ff36f6711edbbea0e9595b0f66"
+                + "f72b755d70a46857e0aec98561a743d49370d8e572e212811273125f66cc30bf"
+                + "117d3221894c48012bf6e2219de91e064b01523517420a1e00f71c4cc04bab62"),
+        new Case(1024, 160, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "2e6a4cbf2ef05ea9c24b93e8d1de732ddf2739eb"),
+        new Case(1024, 224, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "1d6de19f37f7a3c265440eecb4b9fbd3300bb5ac60895cfc0d4d3c72"),
+        new Case(1024, 256, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "986a4d472b123e8148731a8eac9db23325f0058c4ccbc44a5bb6fe3a8db672d7"),
+        new Case(1024, 384, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "9c3d0648c11f31c18395d5e6c8ebd73f43d189843fc45235e2c35e345e12d62b"
+                + "c21a41f65896ddc6a04969654c2e2ce9"),
+        new Case(1024, 512, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "5d0416f49c2d08dfd40a1446169dc6a1d516e23b8b853be4933513051de8d5c2"
+                + "6baccffb08d3b16516ba3c6ccf3e9a6c78fff6ef955f2dbc56e1459a7cdba9a5"),
+        new Case(1024, 1024, "fbd17c26b61a82e12e125f0d459b96c91ab4837dff22b39b78439430cdfc5dc8"
+            + "78bb393a1a5f79bef30995a85a12923339ba8ab7d8fc6dc5fec6f4ed22c122bb"
+            + "e7eb61981892966de5cef576f71fc7a80d14dab2d0c03940b95b9fb3a727c66a"
+            + "6e1ff0dc311b9aa21a3054484802154c1826c2a27a0914152aeb76f1168d4410",
+            "96ca81f586c825d0360aef5acaec49ad55289e1797072eee198b64f349ce65b6"
+                + "e6ed804fe38f05135fe769cc56240ddda5098f620865ce4a4278c77fa2ec6bc3"
+                + "1c0f354ca78c7ca81665bfcc5dc54258c3b8310ed421d9157f36c093814d9b25"
+                + "103d83e0ddd89c52d0050e13a64c6140e6388431961685734b1f138fe2243086"),
+
+    };
+
+    public String getName()
+    {
+        return "SkeinDigest";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        runTest(TEST_CASES[7]);
+        for (int i = 0; i < TEST_CASES.length; i++)
+        {
+            Case test = TEST_CASES[i];
+            runTest(test);
+        }
+    }
+
+    private void runTest(Case dc)
+    {
+        SkeinDigest digest = new SkeinDigest(dc.getBlockSize(), dc.getOutputSize());
+
+        byte[] message = dc.getMessage();
+        digest.update(message, 0, message.length);
+
+        byte[] output = new byte[digest.getDigestSize()];
+        digest.doFinal(output, 0);
+
+        if (!Arrays.areEqual(output, dc.getDigest()))
+        {
+            fail(digest.getAlgorithmName() + " message mismatch.\n Message " + new String(Hex.encode(dc.getMessage())),
+                new String(Hex.encode(dc.getDigest())), new String(Hex.encode(output)));
+        }
+
+        // Clone test
+        digest.update(message, 0, message.length / 2);
+
+        // clone the Digest
+        Digest d = new SkeinDigest(digest);
+
+        digest.update(message, message.length / 2, message.length - message.length / 2);
+        digest.doFinal(output, 0);
+
+        if (!areEqual(dc.getDigest(), output))
+        {
+            fail("failing clone vector test", new String(Hex.encode(dc.getDigest())), new String(Hex.encode(output)));
+        }
+
+        d.update(message, message.length / 2, message.length - message.length / 2);
+        d.doFinal(output, 0);
+
+        if (!areEqual(dc.getDigest(), output))
+        {
+            fail("failing second clone vector test", new String(Hex.encode(dc.getDigest())), new String(Hex.encode(output)));
+        }
+
+        //
+        // memo test
+        //
+        Memoable m = (Memoable)digest;
+
+        digest.update(message, 0, message.length / 2);
+
+        // copy the Digest
+        Memoable copy1 = m.copy();
+        Memoable copy2 = copy1.copy();
+
+        digest.update(message, message.length / 2, message.length - message.length / 2);
+        digest.doFinal(output, 0);
+
+        if (!areEqual(dc.getDigest(), output))
+        {
+            fail("failing memo vector test", new String(Hex.encode(dc.getDigest())), new String(Hex.encode(output)));
+        }
+
+        m.reset(copy1);
+
+        digest.update(message, message.length / 2, message.length - message.length / 2);
+        digest.doFinal(output, 0);
+
+        if (!areEqual(dc.getDigest(), output))
+        {
+            fail("failing memo reset vector test", new String(Hex.encode(dc.getDigest())), new String(Hex.encode(output)));
+        }
+
+        Digest md = (Digest)copy2;
+
+        md.update(message, message.length / 2, message.length - message.length / 2);
+        md.doFinal(output, 0);
+
+        if (!areEqual(dc.getDigest(), output))
+        {
+            fail("failing memo copy vector test", new String(Hex.encode(dc.getDigest())), new String(Hex.encode(output)));
+        }
+    }
+
+    public static void main(String[] args)
+        throws IOException
+    {
+        // generateTests();
+        runTest(new SkeinDigestTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SkeinMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SkeinMacTest.java
new file mode 100644
index 0000000..68008b7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SkeinMacTest.java
@@ -0,0 +1,162 @@
+package org.bouncycastle.crypto.test;
+
+import java.io.IOException;
+
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.macs.SkeinMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class SkeinMacTest
+    extends SimpleTest
+{
+    private static class Case
+    {
+        private byte[] message;
+        private byte[] digest;
+        private byte[] key;
+        private int blockSize;
+        private int outputSize;
+
+        public Case(int blockSize, int outputSize, String message, String key, String digest)
+        {
+            this.blockSize = blockSize;
+            this.outputSize = outputSize;
+            this.message = Hex.decode(message);
+            this.key = Hex.decode(key);
+            this.digest = Hex.decode(digest);
+        }
+
+        public int getOutputSize()
+        {
+            return outputSize;
+        }
+
+        public int getBlockSize()
+        {
+            return blockSize;
+        }
+
+        public byte[] getMessage()
+        {
+            return message;
+        }
+
+        public byte[] getKey()
+        {
+            return key;
+        }
+
+        public byte[] getDigest()
+        {
+            return digest;
+        }
+
+        public String toString()
+        {
+            return "new Case(" + blockSize + ", " + outputSize + ", \"" + new String(Hex.encode(message)) + "\", \""
+                + new String(Hex.encode(key)) + "\", \"" + new String(Hex.encode(digest)) + "\"";
+        }
+
+    }
+
+    // Test cases from skein_golden_kat.txt in Skein 1.3 NIST CD
+    // Excludes empty '(none)' key 'random+MAC' tests, which are in effect digest 
+    private static final Case[] TEST_CASES = {
+        new Case(256, 256, "", "cb41f1706cde09651203c2d0efbaddf8", "886e4efefc15f06aa298963971d7a25398fffe5681c84db39bd00851f64ae29d"),
+        new Case(256, 256, "d3", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c193", "979422a94e3afaa46664124d4e5e8b9422b1d8baf11c6ae6725992ac72a112ca"),
+        new Case(256, 256, "d3090c72", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e", "1d658372cbea2f9928493cc47599d6f4ad8ce33536bedfa20b739f07516519d5"),
+        new Case(256, 256, "d3090c72167517f7", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e92", "41ef6b0f0fad81c040284f3b1a91e9c44e4c26a6d7207f3aac4362856ef12aca"),
+        new Case(256, 256, "d3090c72167517f7c7ad82a70c2fd3f6", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c193", "ca8208119b9e4e4057631ab31015cfd256f6763a0a34381633d97f640899b84f"),
+        new Case(256, 256, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e", "9e9980fcc16ee082cf164a5147d0e0692aeffe3dcb8d620e2bb542091162e2e9"),
+        new Case(256, 256, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc235", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c193", "c353a316558ec34f8245dd2f9c2c4961fbc7decc3b69053c103e4b8aaaf20394"),
+        new Case(256, 256, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdf", "cb41f1706cde09651203c2d0efbaddf8", "b1b8c18188e69a6ecae0b6018e6b638c6a91e6de6881e32a60858468c17b520d"),
+        new Case(256, 256, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e92", "1dfd2515a412e78852cd81a7f2167711b4ca19b2891c2ea36ba94f8451944793"),
+        new Case(256, 224, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf8", "a097340709b443ed2c0a921f5dcefef3ead65c4f0bcd5f13da54d7ed"),
+        new Case(256, 256, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e", "ac1b4fab6561c92d0c487e082daec53e0db4f505e08bf51cae4fd5375e37fc04"),
+        new Case(256, 384, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e92", "96e6cebb23573d0a70ce36a67aa05d2403148093f25c695e1254887cc97f9771d2518413af4286bf2a06b61a53f7fcec"),
+        new Case(256, 512, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c193", "0e95e597e71d6350f20b99c4179f54f43a4722705c06ba765a82cb0a314fe2fe87ef8090063b757e53182706ed18737dadc0da1e1c66518f08334052702c5ed7"),
+        new Case(256, 264, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf8", "064abd4896f460b1953f5a357e7f7c5256e29cdb62b8740d0b52295cfa2ef4c7a2"),
+        new Case(256, 520, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e", "edf220e43e048603bd16197d59b673b9974de5b8bcf7cb1558a4799f6fd3743eb5fb400cd6129afc0c60e7b741b7e5806f0e0b93eb8429fbc7efa222175a9c80fd"),
+        new Case(256, 1032, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e92", "f3f59fb07399c7b73aae02a8590883cb2fdfde75c55654e71846522301bde48d267169adcc559e038e8c2f28faa552b550d51874055384adea93c036c71a1f0af0c7bcc3bc923738d5307b9da7cb423d4e615c629c4aba71f70d4c9d1fa008176825e51bfa0203445a4083947ec19f6a0fbd082b5b970f2396fb67420639410447"),
+        new Case(256, 2056, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c193", "80eb80d9b8836b32fa576fc84ba08edfbdfd6979123d61914e610a70a372b37f560a10909484f9f4a377c93e29ba681dfe522c41dc83b5ee0567e5370007c7bbe4df0b2b4a25e088f80d72fc30734cdcd76d817b42fbd44dca881019afb25306f19d4e91848778af306517d2072cef72caa327e877c5b6554f83cec3d00877131b47c4d3b557f5a13541c4d5080ee3ce7a658993d083efd0db3496a8752060c3c8552f44b290cabdcc867f691ad605836c08dbd59c9528d885b600b85fdfc8a9d0e636ac3ad8b4295bcb0169e78dc358e77eacc8c4b61bddfa9e5f32d2268a006cfe05c57150fe8e68cabd21cf6cf6035aa1fe4db36c922b765aad0b64e82a2c37"),
+        new Case(256, 256, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed696e6c9db1e6abea026288954a9c2d5758d7c5db7c9e48aa3d21cae3d977a7c3926066aa393dbd538dd0c30da8916c8757f24c18488014668a2627163a37b261833dc2f8c3c56b1b2e0be21fd3fbdb507b2950b77a6cc02efb393e57419383a920767bca2c972107aa61384542d47cbfb82cfe5c415389d1b0a2d74e2c5da851", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e", "8f88de68f03cd2f396ccdd49c3a0f4ff15bcda7eb357da9753f6116b124de91d"),
+        new Case(512, 512, "", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c", "9bd43d2a2fcfa92becb9f69faab3936978f1b865b7e44338fc9c8f16aba949ba340291082834a1fc5aa81649e13d50cd98641a1d0883062bfe2c16d1faa7e3aa"),
+        new Case(512, 512, "d3", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1", "f0c0a10f031c8fc69cfabcd54154c318b5d6cd95d06b12cf20264402492211ee010d5cecc2dc37fd772afac0596b2bf71e6020ef2dee7c860628b6e643ed9ff6"),
+        new Case(512, 512, "d3090c72167517f7", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e", "0c1f1921253dd8e5c2d4c5f4099f851042d91147892705829161f5fc64d89785226eb6e187068493ee4c78a4b7c0f55a8cbbb1a5982c2daf638fc6a74b16b0d7"),
+        new Case(512, 512, "d3090c72167517f7c7ad82a70c2fd3f6", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1", "478d7b6c0cc6e35d9ebbdedf39128e5a36585db6222891692d1747d401de34ce3db6fcbab6c968b7f2620f4a844a2903b547775579993736d2493a75ff6752a1"),
+        new Case(512, 512, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e59", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c193", "13c170bac1de35e5fb843f65fabecf214a54a6e0458a4ff6ea5df91915468f4efcd371effa8965a9e82c5388d84730490dcf3976af157b8baf550655a5a6ab78"),
+        new Case(512, 512, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc235", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1", "a947812529a72fd3b8967ec391b298bee891babc8487a1ec4ea3d88f6b2b5be09ac6a780f30f8e8c3bbb4f18bc302a28f3e87d170ba0f858a8fefe3487478cca"),
+        new Case(512, 512, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdf", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c", "7690ba61f10e0bba312980b0212e6a9a51b0e9aadfde7ca535754a706e042335b29172aae29d8bad18efaf92d43e6406f3098e253f41f2931eda5911dc740352"),
+        new Case(512, 512, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e", "d10e3ba81855ac087fbf5a3bc1f99b27d05f98ba22441138026225d34a418b93fd9e8dfaf5120757451adabe050d0eb59d271b0fe1bbf04badbcf9ba25a8791b"),
+        new Case(512, 160, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c193", "5670b226156570dff3efe16661ab86eb24982cdf"),
+        new Case(512, 224, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c", "c41b9ff9753e6c0f8ed88866e320535e927fe4da552c289841a920db"),
+        new Case(512, 384, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e", "dfbf5c1319a1d9d70efb2f1600fbcf694f935907f31d24a16d6cd2fb2d7855a769681766c0a29da778eed346cd1d740f"),
+        new Case(512, 512, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1", "04d8cddb0ad931d54d195899a094684344e902286037272890bce98a41813edc37a3cee190a693fcca613ee30049ce7ec2bdff9613f56778a13f8c28a21d167a"),
+        new Case(512, 1024, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c193", "08fca368b3b14ac406676adf37ac9be2dbb8704e694055a0c6331184d4f0070098f23f0963ee29002495771bf56fb4d3d9ff3506abcd80be927379f7880d5d7703919fbf92184f498ac44f47f015ce676eded9165d47d53733f5a27abbc05f45acd98b97cc15ffdced641defd1a5119ef841b452a1b8f94ee69004466ccdc143"),
+        new Case(512, 264, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c", "669e770ebe7eacc2b64caaf049923ad297a5b37cfa61c283392d81ccfcb9bbbc09"),
+        new Case(512, 1032, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e", "acc2e03f07f33e9820a6038421089429adcd6a7a83f733beec048c05bf37531a170a5537fcb565c348a70a83217f8be768ff6f95fd2b3d89cb7d8a3dc849505e3710eb4e65a8e7134bbf580d92fe18c9aa987563669b1f014aa5e092519089355534eaa9f0bdc99f6839f54080ffe74623254c906ecb8896b4346c3178a0bc2898"),
+        new Case(512, 2056, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1", "9f3e082223c43090a4a3ffbdcd469cbabfe0c1399d1edf45a5dfc18f4db5428928a76e979b8d0d5dffec0e6a59ada448c1ffbc06cc80a2006f002adc0c6dbf458563762228dce4381944e460ebebfe06f1237093634625107469a22a189a47f8b025899265d8890a1b39df64552394377e88ba2ad44a8c8d174f884ac8c3ae24ddb0affca5fceb6aa76e09706881e8371774b9b050a69b96ef5e97e81043f8b7e9479e287ab441bacd62caf768a82c8c3e3107be70eb8799a39856fe29842a04e25de0ef9de1b7e65bd0f1f7306835287fc957388e2035b7d22d3aa9c06a9fefbca16f3f60e1c4def89038d918942152a069aa2e0be8ae7475d859031adec84583"),
+        new Case(1024, 1024, "", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc81463134", "bcf37b3459c88959d6b6b58b2bfe142cef60c6f4ec56b0702480d7893a2b0595aa354e87102a788b61996b9cbc1eade7dafbf6581135572c09666d844c90f066b800fc4f5fd1737644894ef7d588afc5c38f5d920bdbd3b738aea3a3267d161ed65284d1f57da73b68817e17e381ca169115152b869c66b812bb9a84275303f0"),
+        new Case(1024, 1024, "d3090c72", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c", "df0596e5808835a3e304aa27923db05f61dac57c0696a1d19abf188e70aa9dbcc659e9510f7c9a37fbc025bd4e5ea293e78ed7838dd0b08864e8ad40ddb3a88031ebefc21572a89960d1916107a7da7ac0c067e34ec46a86a29ca63fa250bd398eb32ec1ed0f8ac8329f26da018b029e41e2e58d1dfc44de81615e6c987ed9c9"),
+        new Case(1024, 1024, "d3090c72167517f7", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c042eb4187aa1c015a4767032c0bb28f076b66485f51531c12e948f47dbc2cb904a4b75d1e8a6d931dab4a07e0a54d1bb5b55e602141746bd09fb15e8f01a8d74e9e63959cb37336bc1b896ec78da734c15e362db04368fbba280f20a043e0d0941e9f5193e1b360a33c43b266524880125222e648f05f28be34ba3cabfc9c544", "3cfbb79cd88af8ee09c7670bcbab6907a31f80fa31d9d7c9d50826c9568f307a78bd254961398c76b6e338fd9ca5f351059350d30963c3320659b223b991fc46d1307686fe2b4763d9f593c57ad5adbc45caf2ea3dc6090f5a74fa5fa6d9e9838964ea0a2aa216831ab069b00629a1a9b037083403bdb25d3d06a21c430c87dd"),
+        new Case(1024, 1024, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e59", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1", "0a1b960099fc9d653b0fd1f5b6b972fb366907b772cbce5a59b6171d7935506f70c212bd169d68c5cfd8618343611b7eb2e686ff1dc7c03a57e1a55ed10726848161eea903d53b58459be42d95df989c66c2eea4e51cde272c2d8be67bf3bca2aee633777eb8486781eaa060d0f538abd6c93dbd2d1bf66e6f50bfdcac3725a4"),
+        new Case(1024, 1024, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c", "3e0cd7938d71c39ffbb08a6ba7995ade3ad140e2c0c45cdbafb099247e08e4c20b61c1f885ced5ed2f816680925034918236e5807f0eecf3f27e9cfca36675eb75873efa1fb41f17541dc2f7c2469eaecb35cc7ca58e489804caf56f09fb97c9f689c64ad49c6888f86c483e901bd3d25798b394ef93faf9154900f92f31f433"),
+        new Case(1024, 1024, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdf", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc81463134", "7266752f7e9aa04bd7d8a1b16030677de6021301f6a62473c76bae2b98bbf8aad73bd00a4b5035f741caf2317ab80e4e97f5c5bbe8acc0e8b424bcb13c7c6740a985801fba54addde8d4f13f69d2bfc98ae104d46a211145217e51d510ea846cec9581d14fda079f775c8b18d66cb31bf7060996ee8a69eee7f107909ce59a97"),
+        new Case(1024, 1024, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c042eb4187aa1c015a4767032c0bb28f076b66485f51531c12e948f47dbc2cb904a4b75d1e8a6d931dab4a07e0a54d1bb5b55e602141746bd09fb15e8f01a8d74e9e63959cb37336bc1b896ec78da734c15e362db04368fbba280f20a043e0d0941e9f5193e1b360a33c43b266524880125222e648f05f28be34ba3cabfc9c544", "71f40bf2aa635125ef83c8df0d4e9ea18b73b56be4f45e89b910a7c68d396b65b09d18abc7d1b6de3f53fd5de583e6f22e612dd17b292068af6027daaf8b4cd60acf5bc85044741e9f7a1f423f5827f5e360930a2e71912239af9fc6343604fdcf3f3569854f2bb8d25a81e3b3f5261a02fe8292aaaa50c324101ab2c7a2f349"),
+        new Case(1024, 160, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1", "17c3c533b27d666da556ae586e641b7a3a0bcc45"),
+        new Case(1024, 224, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc81463134", "6625df9801581009125ea4e5c94ad6f1a2d692c278822ccb6eb67235"),
+        new Case(1024, 256, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c", "6c5b671c1766f6eecea6d24b641d4a6bf84bba13a1976f8f80b3f30ee2f93de6"),
+        new Case(1024, 384, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c042eb4187aa1c015a4767032c0bb28f076b66485f51531c12e948f47dbc2cb904a4b75d1e8a6d931dab4a07e0a54d1bb5b55e602141746bd09fb15e8f01a8d74e9e63959cb37336bc1b896ec78da734c15e362db04368fbba280f20a043e0d0941e9f5193e1b360a33c43b266524880125222e648f05f28be34ba3cabfc9c544", "98af454d7fa3706dfaafbf58c3f9944868b57f68f493987347a69fce19865febba0407a16b4e82065035651f0b1e0327"),
+        new Case(1024, 1024, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1", "211ac479e9961141da3aac19d320a1dbbbfad55d2dce87e6a345fcd58e36827597378432b482d89bad44dddb13e6ad86e0ee1e0882b4eb0cd6a181e9685e18dd302ebb3aa74502c06254dcadfb2bd45d288f82366b7afc3bc0f6b1a3c2e8f84d37fbedd07a3f8fcff84faf24c53c11da600aaa118e76cfdcb366d0b3f7729dce"),
+        new Case(1024, 264, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc81463134", "dc1d253b7cadbdaef18503b1809a7f1d4f8c323b7f6f8ca50b76d3864649ce1c7d"),
+        new Case(1024, 520, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c", "decd79578d12bf6806530c382230a2c7836429c70cac941179e1dd982938bab91fb6f3638df1cc1ef615ecfc4249e5aca8a73c4c1eebef662a836d0be903b00146"),
+        new Case(1024, 1032, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c042eb4187aa1c015a4767032c0bb28f076b66485f51531c12e948f47dbc2cb904a4b75d1e8a6d931dab4a07e0a54d1bb5b55e602141746bd09fb15e8f01a8d74e9e63959cb37336bc1b896ec78da734c15e362db04368fbba280f20a043e0d0941e9f5193e1b360a33c43b266524880125222e648f05f28be34ba3cabfc9c544", "440fe691e04f1fed8c253d6c4670646156f33fffaea702de9445df5739eb960cecf85d56e2e6860a610211a5c909932ab774b978aa0b0d5bbce82775172ab12dceddd51d1eb030057ce61bea6c18f6bb368d26ae76a9e44a962eb132e6c42c25d9fecc4f13348300ca55c78e0990de96c1ae24eb3ee3324782c93dd628260a2c8d"),
+        new Case(1024, 1024, "d3090c72167517f7c7ad82a70c2fd3f6443f608301591e598eadb195e8357135ba26fede2ee187417f816048d00fc23512737a2113709a77e4170c49a94b7fdff45ff579a72287743102e7766c35ca5abc5dfe2f63a1e726ce5fbd2926db03a2dd18b03fc1508a9aac45eb362440203a323e09edee6324ee2e37b4432c1867ed696e6c9db1e6abea026288954a9c2d5758d7c5db7c9e48aa3d21cae3d977a7c3926066aa393dbd538dd0c30da8916c8757f24c18488014668a2627163a37b261833dc2f8c3c56b1b2e0be21fd3fbdb507b2950b77a6cc02efb393e57419383a920767bca2c972107aa61384542d47cbfb82cfe5c415389d1b0a2d74e2c5da851", "cb41f1706cde09651203c2d0efbaddf847a0d315cb2e53ff8bac41da0002672e920244c66e02d5f0dad3e94c42bb65f0d14157decf4105ef5609d5b0984457c1935df3061ff06e9f204192ba11e5bb2cac0430c1c370cb3d113fea5ec1021eb875e5946d7a96ac69a1626c6206b7252736f24253c9ee9b85eb852dfc814631346c", "46a42b0d7b8679f8fcea156c072cf9833c468a7d59ac5e5d326957d60dfe1cdfb27eb54c760b9e049fda47f0b847ac68d6b340c02c39d4a18c1bdfece3f405fae8aa848bdbefe3a4c277a095e921228618d3be8bd1999a071682810de748440ad416a97742cc9e8a9b85455b1d76472cf562f525116698d5cd0a35ddf86e7f8a"),
+
+    };
+
+    public String getName()
+    {
+        return "SkeinMac";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        for (int i = 0; i < TEST_CASES.length; i++)
+        {
+            Case test = TEST_CASES[i];
+            runTest(test);
+        }
+    }
+
+    private void runTest(Case dc)
+    {
+        Mac digest = new SkeinMac(dc.getBlockSize(), dc.getOutputSize());
+        digest.init(new KeyParameter(dc.getKey()));
+
+        byte[] message = dc.getMessage();
+        digest.update(message, 0, message.length);
+
+        byte[] output = new byte[digest.getMacSize()];
+        digest.doFinal(output, 0);
+
+        if (!Arrays.areEqual(output, dc.getDigest()))
+        {
+            fail(digest.getAlgorithmName() + " message " + (dc.getMessage().length * 8) + " mismatch.\n Message  " + new String(Hex.encode(dc.getMessage()))
+                + "\n Key      " + new String(Hex.encode(dc.getKey())) + "\n Expected "
+                + new String(Hex.encode(dc.getDigest())) + "\n Actual   " + new String(Hex.encode(output)));
+        }
+
+    }
+
+    public static void main(String[] args)
+        throws IOException
+    {
+        runTest(new SkeinMacTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/SkipjackTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/SkipjackTest.java
new file mode 100644
index 0000000..455e10b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/SkipjackTest.java
@@ -0,0 +1,35 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.SkipjackEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ */
+public class SkipjackTest
+    extends CipherTest
+{
+    static SimpleTest[]  tests = 
+            {
+                new BlockCipherVectorTest(0, new SkipjackEngine(),
+                        new KeyParameter(Hex.decode("00998877665544332211")),
+                        "33221100ddccbbaa", "2587cae27a12d300")
+            };
+
+    SkipjackTest()
+    {
+        super(tests, new SkipjackEngine(), new KeyParameter(Hex.decode("00998877665544332211")));
+    }
+
+    public String getName()
+    {
+        return "SKIPJACK";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new SkipjackTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/StreamCipherResetTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/StreamCipherResetTest.java
new file mode 100644
index 0000000..092de5f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/StreamCipherResetTest.java
@@ -0,0 +1,133 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.engines.ChaChaEngine;
+import org.bouncycastle.crypto.engines.Grain128Engine;
+import org.bouncycastle.crypto.engines.Grainv1Engine;
+import org.bouncycastle.crypto.engines.HC128Engine;
+import org.bouncycastle.crypto.engines.HC256Engine;
+import org.bouncycastle.crypto.engines.ISAACEngine;
+import org.bouncycastle.crypto.engines.RC4Engine;
+import org.bouncycastle.crypto.engines.Salsa20Engine;
+import org.bouncycastle.crypto.engines.XSalsa20Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test whether block ciphers implement reset contract on init, encrypt/decrypt and reset.
+ */
+public class StreamCipherResetTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "Stream Cipher Reset";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        testReset(new Salsa20Engine(), new Salsa20Engine(), new ParametersWithIV(new KeyParameter(random(32)),
+            random(8)));
+        testReset(new Salsa20Engine(), new Salsa20Engine(), new ParametersWithIV(new KeyParameter(random(16)),
+            random(8)));
+        testReset(new XSalsa20Engine(), new XSalsa20Engine(), new ParametersWithIV(new KeyParameter(random(32)),
+            random(24)));
+        testReset(new ChaChaEngine(), new ChaChaEngine(), new ParametersWithIV(new KeyParameter(random(32)), random(8)));
+        testReset(new ChaChaEngine(), new ChaChaEngine(), new ParametersWithIV(new KeyParameter(random(16)), random(8)));
+        testReset(new RC4Engine(), new RC4Engine(), new KeyParameter(random(16)));
+        testReset(new ISAACEngine(), new ISAACEngine(), new KeyParameter(random(16)));
+        testReset(new HC128Engine(), new HC128Engine(), new ParametersWithIV(new KeyParameter(random(16)), random(16)));
+        testReset(new HC256Engine(), new HC256Engine(), new ParametersWithIV(new KeyParameter(random(16)), random(16)));
+        testReset(new Grainv1Engine(), new Grainv1Engine(), new ParametersWithIV(new KeyParameter(random(16)),
+            random(8)));
+        testReset(new Grain128Engine(), new Grain128Engine(), new ParametersWithIV(new KeyParameter(random(16)),
+            random(12)));
+    }
+
+    private static final SecureRandom RAND = new SecureRandom();
+
+    private byte[] random(int size)
+    {
+        final byte[] data = new byte[size];
+        RAND.nextBytes(data);
+        return data;
+    }
+
+    private void testReset(StreamCipher cipher1, StreamCipher cipher2, CipherParameters params)
+        throws InvalidCipherTextException
+    {
+        cipher1.init(true, params);
+
+        byte[] plaintext = new byte[1023];
+        byte[] ciphertext = new byte[plaintext.length];
+
+        // Establish baseline answer
+        cipher1.processBytes(plaintext, 0, plaintext.length, ciphertext, 0);
+
+        // Test encryption resets
+        checkReset(cipher1, params, true, plaintext, ciphertext);
+
+        // Test decryption resets with fresh instance
+        cipher2.init(false, params);
+        checkReset(cipher2, params, false, ciphertext, plaintext);
+    }
+
+    private void checkReset(StreamCipher cipher,
+                            CipherParameters params,
+                            boolean encrypt,
+                            byte[] pretext,
+                            byte[] posttext)
+        throws InvalidCipherTextException
+    {
+        // Do initial run
+        byte[] output = new byte[posttext.length];
+        cipher.processBytes(pretext, 0, pretext.length, output, 0);
+
+        // Check encrypt resets cipher
+        cipher.init(encrypt, params);
+
+        try
+        {
+            cipher.processBytes(pretext, 0, pretext.length, output, 0);
+        }
+        catch (Exception e)
+        {
+            fail(cipher.getAlgorithmName() + " init did not reset: " + e.getMessage());
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(cipher.getAlgorithmName() + " init did not reset.", new String(Hex.encode(posttext)),
+                new String(Hex.encode(output)));
+        }
+
+        // Check reset resets data
+        cipher.reset();
+
+        try
+        {
+            cipher.processBytes(pretext, 0, pretext.length, output, 0);
+        }
+        catch (Exception e)
+        {
+            fail(cipher.getAlgorithmName() + " reset did not reset: " + e.getMessage());
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(cipher.getAlgorithmName() + " reset did not reset.");
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new StreamCipherResetTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/StreamCipherVectorTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/StreamCipherVectorTest.java
new file mode 100644
index 0000000..7b78828
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/StreamCipherVectorTest.java
@@ -0,0 +1,62 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * a basic test that takes a stream cipher, key parameter, and an input
+ * and output string.
+ */
+public class StreamCipherVectorTest
+    extends SimpleTest
+{
+    int                 id;
+    StreamCipher        cipher;
+    CipherParameters    param;
+    byte[]              input;
+    byte[]              output;
+
+    public StreamCipherVectorTest(
+        int                 id,
+        StreamCipher        cipher,
+        CipherParameters    param,
+        String              input,
+        String              output)
+    {
+        this.id = id;
+        this.cipher = cipher;
+        this.param = param;
+        this.input = Hex.decode(input);
+        this.output = Hex.decode(output);
+    }
+
+    public String getName()
+    {
+        return cipher.getAlgorithmName() + " Vector Test " + id;
+    }
+
+    public void performTest()
+    {
+        cipher.init(true, param);
+
+        byte[]  out = new byte[input.length];
+
+        cipher.processBytes(input, 0, input.length, out, 0);
+
+        if (!areEqual(out, output))
+        {
+            fail("failed.", new String(Hex.encode(output)) , new String(Hex.encode(out)));
+        }
+
+        cipher.init(false, param);
+
+        cipher.processBytes(output, 0, output.length, out, 0);
+
+        if (!areEqual(input, out))
+        {
+            fail("failed reversal");
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/TEATest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/TEATest.java
new file mode 100644
index 0000000..98b0ec9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/TEATest.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.TEAEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * TEA tester - based on C implementation results from http://www.simonshepherd.supanet.com/tea.htm
+ */
+public class TEATest
+    extends CipherTest
+{
+    static SimpleTest[]  tests = {
+        new BlockCipherVectorTest(0, new TEAEngine(),
+            new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+            "0000000000000000",
+            "41ea3a0a94baa940"),
+        new BlockCipherVectorTest(1, new TEAEngine(),
+            new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+            "0102030405060708",
+            "6a2f9cf3fccf3c55"),
+        new BlockCipherVectorTest(2, new TEAEngine(),
+            new KeyParameter(Hex.decode("0123456712345678234567893456789A")),
+            "0000000000000000",
+            "34e943b0900f5dcb"),
+        new BlockCipherVectorTest(3, new TEAEngine(),
+            new KeyParameter(Hex.decode("0123456712345678234567893456789A")),
+            "0102030405060708",
+            "773dc179878a81c0"),
+            };
+
+    TEATest()
+    {
+        super(tests, new TEAEngine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "TEA";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new TEATest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/Threefish1024Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/Threefish1024Test.java
new file mode 100644
index 0000000..a580a15
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/Threefish1024Test.java
@@ -0,0 +1,60 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.ThreefishEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.TweakableBlockCipherParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class Threefish1024Test
+    extends CipherTest
+{
+    // Test cases from skein_golden_kat_internals.txt in Skein 1.3 NIST CD
+    static SimpleTest[] tests =
+        {
+            new BlockCipherVectorTest(0, new ThreefishEngine(ThreefishEngine.BLOCKSIZE_1024),
+                new TweakableBlockCipherParameters(
+                    new KeyParameter(new byte[128]),
+                    new byte[16]),
+                "0000000000000000000000000000000000000000000000000000000000000000" +
+                    "0000000000000000000000000000000000000000000000000000000000000000" +
+                    "0000000000000000000000000000000000000000000000000000000000000000" +
+                    "0000000000000000000000000000000000000000000000000000000000000000",
+                "f05c3d0a3d05b304f785ddc7d1e036015c8aa76e2f217b06c6e1544c0bc1a90d" +
+                    "f0accb9473c24e0fd54fea68057f43329cb454761d6df5cf7b2e9b3614fbd5a2" +
+                    "0b2e4760b40603540d82eabc5482c171c832afbe68406bc39500367a592943fa" +
+                    "9a5b4a43286ca3c4cf46104b443143d560a4b230488311df4feef7e1dfe8391e"),
+            new BlockCipherVectorTest(1, new ThreefishEngine(ThreefishEngine.BLOCKSIZE_1024),
+                new TweakableBlockCipherParameters(
+                    new KeyParameter(Hex.decode(
+                        "101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f" +
+                            "303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f" +
+                            "505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f" +
+                            "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f")),
+                    Hex.decode("000102030405060708090a0b0c0d0e0f")),
+                "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0efeeedecebeae9e8e7e6e5e4e3e2e1e0" +
+                    "dfdedddcdbdad9d8d7d6d5d4d3d2d1d0cfcecdcccbcac9c8c7c6c5c4c3c2c1c0" +
+                    "bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0afaeadacabaaa9a8a7a6a5a4a3a2a1a0" +
+                    "9f9e9d9c9b9a999897969594939291908f8e8d8c8b8a89888786858483828180",
+                "a6654ddbd73cc3b05dd777105aa849bce49372eaaffc5568d254771bab85531c" +
+                    "94f780e7ffaae430d5d8af8c70eebbe1760f3b42b737a89cb363490d670314bd" +
+                    "8aa41ee63c2e1f45fbd477922f8360b388d6125ea6c7af0ad7056d01796e90c8" +
+                    "3313f4150a5716b30ed5f569288ae974ce2b4347926fce57de44512177dd7cde")
+        };
+
+    Threefish1024Test()
+    {
+        super(tests, new ThreefishEngine(ThreefishEngine.BLOCKSIZE_1024), new KeyParameter(new byte[128]));
+    }
+
+    public String getName()
+    {
+        return "Threefish-1024";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new Threefish1024Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/Threefish256Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/Threefish256Test.java
new file mode 100644
index 0000000..10bd608
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/Threefish256Test.java
@@ -0,0 +1,45 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.ThreefishEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.TweakableBlockCipherParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class Threefish256Test
+    extends CipherTest
+{
+    // Test cases from skein_golden_kat_internals.txt in Skein 1.3 NIST CD
+    static SimpleTest[] tests =
+        {
+            new BlockCipherVectorTest(0, new ThreefishEngine(ThreefishEngine.BLOCKSIZE_256),
+                new TweakableBlockCipherParameters(
+                    new KeyParameter(new byte[32]),
+                    new byte[16]),
+                "0000000000000000000000000000000000000000000000000000000000000000",
+                "84da2a1f8beaee947066ae3e3103f1ad536db1f4a1192495116b9f3ce6133fd8"),
+            new BlockCipherVectorTest(1, new ThreefishEngine(ThreefishEngine.BLOCKSIZE_256),
+                new TweakableBlockCipherParameters(
+                    new KeyParameter(Hex.decode(
+                        "101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f")),
+                    Hex.decode("000102030405060708090a0b0c0d0e0f")),
+                "FFFEFDFCFBFAF9F8F7F6F5F4F3F2F1F0EFEEEDECEBEAE9E8E7E6E5E4E3E2E1E0",
+                "e0d091ff0eea8fdfc98192e62ed80ad59d865d08588df476657056b5955e97df")
+        };
+
+    Threefish256Test()
+    {
+        super(tests, new ThreefishEngine(ThreefishEngine.BLOCKSIZE_256), new KeyParameter(new byte[32]));
+    }
+
+    public String getName()
+    {
+        return "Threefish-256";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new Threefish256Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/Threefish512Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/Threefish512Test.java
new file mode 100644
index 0000000..1eb4e85
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/Threefish512Test.java
@@ -0,0 +1,50 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.ThreefishEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.TweakableBlockCipherParameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class Threefish512Test
+    extends CipherTest
+{
+    // Test cases from skein_golden_kat_internals.txt in Skein 1.3 NIST CD
+    static SimpleTest[] tests =
+        {
+            new BlockCipherVectorTest(0, new ThreefishEngine(ThreefishEngine.BLOCKSIZE_512),
+                new TweakableBlockCipherParameters(
+                    new KeyParameter(new byte[64]),
+                    new byte[16]),
+                "0000000000000000000000000000000000000000000000000000000000000000" +
+                    "0000000000000000000000000000000000000000000000000000000000000000",
+                "b1a2bbc6ef6025bc40eb3822161f36e375d1bb0aee3186fbd19e47c5d479947b" +
+                    "7bc2f8586e35f0cff7e7f03084b0b7b1f1ab3961a580a3e97eb41ea14a6d7bbe"),
+            new BlockCipherVectorTest(1, new ThreefishEngine(ThreefishEngine.BLOCKSIZE_512),
+                new TweakableBlockCipherParameters(
+                    new KeyParameter(Hex.decode(
+                        "101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f" +
+                            "303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f")),
+                    Hex.decode("000102030405060708090a0b0c0d0e0f")),
+                "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0efeeedecebeae9e8e7e6e5e4e3e2e1e0" +
+                    "dfdedddcdbdad9d8d7d6d5d4d3d2d1d0cfcecdcccbcac9c8c7c6c5c4c3c2c1c0",
+                "e304439626d45a2cb401cad8d636249a6338330eb06d45dd8b36b90e97254779" +
+                    "272a0a8d99463504784420ea18c9a725af11dffea10162348927673d5c1caf3d")
+        };
+
+    Threefish512Test()
+    {
+        super(tests, new ThreefishEngine(ThreefishEngine.BLOCKSIZE_512), new KeyParameter(new byte[64]));
+    }
+
+    public String getName()
+    {
+        return "Threefish-512";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new Threefish512Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/TigerDigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/TigerDigestTest.java
new file mode 100644
index 0000000..deb838f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/TigerDigestTest.java
@@ -0,0 +1,59 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.TigerDigest;
+
+/**
+ * Tiger Digest Test
+ */
+public class TigerDigestTest
+    extends DigestTest
+{
+    final static String[] messages = {
+        "",
+        "abc",
+        "Tiger",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvw",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789",
+        "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996.",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
+    };
+
+    final static String[] digests = {
+        "3293AC630C13F0245F92BBB1766E16167A4E58492DDE73F3",
+        "2AAB1484E8C158F2BFB8C5FF41B57A525129131C957B5F93",
+        "DD00230799F5009FEC6DEBC838BB6A27DF2B9D6F110C7937",
+        "F71C8583902AFB879EDFE610F82C0D4786A3A534504486B5",
+        "38F41D9D9A710A10C3727AC0DEEAA270727D9F926EC10139",
+        "48CEEB6308B87D46E95D656112CDF18D97915F9765658957",
+        "631ABDD103EB9A3D245B6DFD4D77B257FC7439501D1568DD",
+        "C54034E5B43EB8005848A7E0AE6AAC76E4FF590AE715FD25",
+        "C54034E5B43EB8005848A7E0AE6AAC76E4FF590AE715FD25"
+    };
+
+    final static String hash64k = "FDF4F5B35139F48E710E421BE5AF411DE1A8AAC333F26204";
+    
+    TigerDigestTest()
+    {
+        super(new TigerDigest(), messages, digests);
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+        
+        sixtyFourKTest(hash64k);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new TigerDigest((TigerDigest)digest);
+    }
+    
+    public static void main(
+        String[]    args)
+    {
+        runTest(new TigerDigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/TwofishTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/TwofishTest.java
new file mode 100644
index 0000000..50a41c8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/TwofishTest.java
@@ -0,0 +1,45 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.TwofishEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class TwofishTest
+    extends CipherTest
+{
+    static String key1 = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f";
+    static String key2 = "000102030405060708090a0b0c0d0e0f1011121314151617";
+    static String key3 = "000102030405060708090a0b0c0d0e0f";
+
+    static String input = "000102030405060708090A0B0C0D0E0F";
+
+    static SimpleTest[]  tests =
+    {
+        new BlockCipherVectorTest(0, new TwofishEngine(),
+                new KeyParameter(Hex.decode(key1)),
+                input, "8ef0272c42db838bcf7b07af0ec30f38"),
+        new BlockCipherVectorTest(1, new TwofishEngine(),
+                new KeyParameter(Hex.decode(key2)),
+                input, "95accc625366547617f8be4373d10cd7"),
+        new BlockCipherVectorTest(2, new TwofishEngine(),
+                new KeyParameter(Hex.decode(key3)),
+                input, "9fb63337151be9c71306d159ea7afaa4")
+    };
+
+    TwofishTest()
+    {
+        super(tests, new TwofishEngine(), new KeyParameter(new byte[32]));
+    }
+    
+    public String getName()
+    {
+        return "Twofish";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new TwofishTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/VMPCKSA3Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/VMPCKSA3Test.java
new file mode 100644
index 0000000..65fdfc2
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/VMPCKSA3Test.java
@@ -0,0 +1,97 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.engines.VMPCKSA3Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * VMPC Test
+ */
+public class VMPCKSA3Test extends SimpleTest
+{
+    private static final byte[] input = new byte[1000000];
+
+    public String getName()
+    {
+        return "VMPC-KSA3";
+    }
+
+    private void checkByte(byte[] array, int position, byte b)
+    {
+        if (array[position] != b)
+        {
+            fail("Fail on position " + position,
+                new String(Hex.encode(new byte[] { b })),
+                new String(Hex.encode(new byte[] { array[position] })));
+        }
+    }
+
+    public void performTest()
+    {
+        byte[] key = Hex.decode("9661410AB797D8A9EB767C21172DF6C7");
+        byte[] iv = Hex.decode("4B5C2F003E67F39557A8D26F3DA2B155");
+        CipherParameters kp = new KeyParameter(key);
+        CipherParameters kpwiv = new ParametersWithIV(kp, iv);
+
+        VMPCKSA3Engine engine = new VMPCKSA3Engine();
+
+        try
+        {
+            engine.init(true, kp);
+            fail("init failed to throw expected exception");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // Expected
+        }
+
+        engine.init(true, kpwiv);
+        checkEngine(engine);
+
+        engine.reset();
+        byte[] output = checkEngine(engine);
+
+        engine.init(false, kpwiv);
+        byte[] recovered = new byte[output.length];
+        engine.processBytes(output, 0, output.length, recovered, 0);
+
+        if (!Arrays.areEqual(input, recovered))
+        {
+            fail("decrypted bytes differ from original bytes");
+        }
+    }
+
+    private byte[] checkEngine(VMPCKSA3Engine engine)
+    {
+        byte[] output = new byte[input.length];
+        engine.processBytes(input, 0, output.length, output, 0);
+
+        checkByte(output, 0, (byte) 0xB6);
+        checkByte(output, 1, (byte) 0xEB);
+        checkByte(output, 2, (byte) 0xAE);
+        checkByte(output, 3, (byte) 0xFE);
+        checkByte(output, 252, (byte) 0x48);
+        checkByte(output, 253, (byte) 0x17);
+        checkByte(output, 254, (byte) 0x24);
+        checkByte(output, 255, (byte) 0x73);
+        checkByte(output, 1020, (byte) 0x1D);
+        checkByte(output, 1021, (byte) 0xAE);
+        checkByte(output, 1022, (byte) 0xC3);
+        checkByte(output, 1023, (byte) 0x5A);
+        checkByte(output, 102396, (byte) 0x1D);
+        checkByte(output, 102397, (byte) 0xA7);
+        checkByte(output, 102398, (byte) 0xE1);
+        checkByte(output, 102399, (byte) 0xDC);
+
+        return output;
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new VMPCKSA3Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/VMPCMacTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/VMPCMacTest.java
new file mode 100644
index 0000000..50a0410
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/VMPCMacTest.java
@@ -0,0 +1,51 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.macs.VMPCMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class VMPCMacTest extends SimpleTest
+{
+    public String getName()
+    {
+        return "VMPC-MAC";
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new VMPCMacTest());
+    }
+
+    static byte[] output1 = Hex.decode("9BDA16E2AD0E284774A3ACBC8835A8326C11FAAD");
+
+    public void performTest() throws Exception
+    {
+        CipherParameters kp = new KeyParameter(
+            Hex.decode("9661410AB797D8A9EB767C21172DF6C7"));
+        CipherParameters kpwiv = new ParametersWithIV(kp,
+            Hex.decode("4B5C2F003E67F39557A8D26F3DA2B155"));
+
+        byte[] m = new byte[256];
+        for (int i = 0; i < 256; i++)
+        {
+            m[i] = (byte) i;
+        }
+
+        VMPCMac mac = new VMPCMac();
+        mac.init(kpwiv);
+
+        mac.update(m, 0, m.length);
+
+        byte[] out = new byte[20];
+        mac.doFinal(out, 0);
+
+        if (!Arrays.areEqual(out, output1))
+        {
+            fail("Fail", new String(Hex.encode(output1)), new String(Hex.encode(out)));
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/VMPCTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/VMPCTest.java
new file mode 100644
index 0000000..cedffa4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/VMPCTest.java
@@ -0,0 +1,97 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.engines.VMPCEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * VMPC Test
+ */
+public class VMPCTest extends SimpleTest
+{
+    private static final byte[] input = new byte[1000000];
+
+    public String getName()
+    {
+        return "VMPC";
+    }
+
+    private void checkByte(byte[] array, int position, byte b)
+    {
+        if (array[position] != b)
+        {
+            fail("Fail on position " + position,
+                new String(Hex.encode(new byte[] { b })),
+                new String(Hex.encode(new byte[] { array[position] })));
+        }
+    }
+
+    public void performTest()
+    {
+        byte[] key = Hex.decode("9661410AB797D8A9EB767C21172DF6C7");
+        byte[] iv = Hex.decode("4B5C2F003E67F39557A8D26F3DA2B155");
+        CipherParameters kp = new KeyParameter(key);
+        CipherParameters kpwiv = new ParametersWithIV(kp, iv);
+
+        VMPCEngine engine = new VMPCEngine();
+
+        try
+        {
+            engine.init(true, kp);
+            fail("init failed to throw expected exception");
+        }
+        catch (IllegalArgumentException e)
+        {
+            // Expected
+        }
+
+        engine.init(true, kpwiv);
+        checkEngine(engine);
+
+        engine.reset();
+        byte[] output = checkEngine(engine);
+
+        engine.init(false, kpwiv);
+        byte[] recovered = new byte[output.length];
+        engine.processBytes(output, 0, output.length, recovered, 0);
+
+        if (!Arrays.areEqual(input, recovered))
+        {
+            fail("decrypted bytes differ from original bytes");
+        }
+    }
+
+    private byte[] checkEngine(VMPCEngine engine)
+    {
+        byte[] output = new byte[input.length];
+        engine.processBytes(input, 0, output.length, output, 0);
+
+        checkByte(output, 0, (byte) 0xA8);
+        checkByte(output, 1, (byte) 0x24);
+        checkByte(output, 2, (byte) 0x79);
+        checkByte(output, 3, (byte) 0xF5);
+        checkByte(output, 252, (byte) 0xB8);
+        checkByte(output, 253, (byte) 0xFC);
+        checkByte(output, 254, (byte) 0x66);
+        checkByte(output, 255, (byte) 0xA4);
+        checkByte(output, 1020, (byte) 0xE0);
+        checkByte(output, 1021, (byte) 0x56);
+        checkByte(output, 1022, (byte) 0x40);
+        checkByte(output, 1023, (byte) 0xA5);
+        checkByte(output, 102396, (byte) 0x81);
+        checkByte(output, 102397, (byte) 0xCA);
+        checkByte(output, 102398, (byte) 0x49);
+        checkByte(output, 102399, (byte) 0x9A);
+
+        return output;
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new VMPCTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/WhirlpoolDigestTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/WhirlpoolDigestTest.java
new file mode 100644
index 0000000..542e6e6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/WhirlpoolDigestTest.java
@@ -0,0 +1,105 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.WhirlpoolDigest;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * ISO vector test for Whirlpool
+ *  
+ */
+public class WhirlpoolDigestTest 
+    extends DigestTest
+{
+    private static String[] messages =
+    {
+         "",
+         "a",
+         "abc",
+         "message digest",
+         "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        "abcdbcdecdefdefgefghfghighijhijk"
+    };
+
+    private static String[] digests =
+    {
+        "19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A73E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3",
+        "8ACA2602792AEC6F11A67206531FB7D7F0DFF59413145E6973C45001D0087B42D11BC645413AEFF63A42391A39145A591A92200D560195E53B478584FDAE231A",
+        "4E2448A4C6F486BB16B6562C73B4020BF3043E3A731BCE721AE1B303D97E6D4C7181EEBDB6C57E277D0E34957114CBD6C797FC9D95D8B582D225292076D4EEF5",
+        "378C84A4126E2DC6E56DCC7458377AAC838D00032230F53CE1F5700C0FFB4D3B8421557659EF55C106B4B52AC5A4AAA692ED920052838F3362E86DBD37A8903E",
+        "F1D754662636FFE92C82EBB9212A484A8D38631EAD4238F5442EE13B8054E41B08BF2A9251C30B6A0B8AAE86177AB4A6F68F673E7207865D5D9819A3DBA4EB3B",
+        "DC37E008CF9EE69BF11F00ED9ABA26901DD7C28CDEC066CC6AF42E40F82F3A1E08EBA26629129D8FB7CB57211B9281A65517CC879D7B962142C65F5A7AF01467",
+        "466EF18BABB0154D25B9D38A6414F5C08784372BCCB204D6549C4AFADB6014294D5BD8DF2A6C44E538CD047B2681A51A2C60481E88C5A20B2C2A80CF3A9A083B",
+        "2A987EA40F917061F5D6F0A0E4644F488A7A5A52DEEE656207C562F988E95C6916BDC8031BC5BE1B7B947639FE050B56939BAAA0ADFF9AE6745B7B181C3BE3FD"
+    };
+
+    WhirlpoolDigestTest()
+    {
+        super(new WhirlpoolDigest(), messages, digests);
+    }
+
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new WhirlpoolDigest((WhirlpoolDigest)digest);
+    }
+
+    private static String _millionAResultVector = "0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01";
+    
+    private static String _thirtyOneZeros = "3E3F188F8FEBBEB17A933FEAF7FE53A4858D80C915AD6A1418F0318E68D49B4E459223CD414E0FBC8A57578FD755D86E827ABEF4070FC1503E25D99E382F72BA";
+
+    public String getName()
+    {
+        return "Whirlpool";
+    }
+
+    public void performTest()
+    {
+        super.performTest();
+
+        byte[] thirtyOneZeros = new byte[31];
+        performStandardVectorTest("31 zeroes test", 
+                    thirtyOneZeros, _thirtyOneZeros);
+
+        byte[] millionAInByteArray = new byte[1000000];
+        Arrays.fill(millionAInByteArray, (byte)'a');
+
+        performStandardVectorTest("Million 'a' test", 
+                    millionAInByteArray, _millionAResultVector);
+    }
+
+    private void performStandardVectorTest(String testTitle, byte[] inputBytes,
+            String resultsAsHex)
+    {
+        doPerformTest(testTitle, inputBytes, resultsAsHex);        
+    }
+
+    private void doPerformTest(String testTitle, byte[] inputBytes, String resultsAsHex)
+    {
+        String resStr = createHexOutputFromDigest(inputBytes);
+        if (!resultsAsHex.equals(resStr.toUpperCase()))
+        {
+            fail(testTitle, resultsAsHex, resStr);
+        }
+    }
+
+    private String createHexOutputFromDigest(byte[] digestBytes)
+    {
+        String resStr;
+        Digest digest = new WhirlpoolDigest();
+        byte[] resBuf = new byte[digest.getDigestSize()];
+        digest.update(digestBytes, 0, digestBytes.length);
+        digest.doFinal(resBuf, 0);
+        resStr = new String(Hex.encode(resBuf));
+        return resStr;
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new WhirlpoolDigestTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/X931SignerTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/X931SignerTest.java
new file mode 100644
index 0000000..a77e760
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/X931SignerTest.java
@@ -0,0 +1,138 @@
+package org.bouncycastle.crypto.test;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA224Digest;
+import org.bouncycastle.crypto.engines.RSAEngine;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.crypto.signers.X931Signer;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class X931SignerTest
+    extends SimpleTest
+{
+    public String getName()
+    {
+        return "X931Signer";
+    }
+
+    public void performTest() throws Exception
+    {
+        BigInteger rsaPubMod = new BigInteger(Base64.decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
+        BigInteger rsaPubExp = new BigInteger(Base64.decode("EQ=="));
+        BigInteger rsaPrivMod = new BigInteger(Base64.decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
+        BigInteger rsaPrivDP = new BigInteger(Base64.decode("JXzfzG5v+HtLJIZqYMUefJfFLu8DPuJGaLD6lI3cZ0babWZ/oPGoJa5iHpX4Ul/7l3s1PFsuy1GhzCdOdlfRcQ=="));
+        BigInteger rsaPrivDQ = new BigInteger(Base64.decode("YNdJhw3cn0gBoVmMIFRZzflPDNthBiWy/dUMSRfJCxoZjSnr1gysZHK01HteV1YYNGcwPdr3j4FbOfri5c6DUQ=="));
+        BigInteger rsaPrivExp = new BigInteger(Base64.decode("DxFAOhDajr00rBjqX+7nyZ/9sHWRCCp9WEN5wCsFiWVRPtdB+NeLcou7mWXwf1Y+8xNgmmh//fPV45G2dsyBeZbXeJwB7bzx9NMEAfedchyOwjR8PYdjK3NpTLKtZlEJ6Jkh4QihrXpZMO4fKZWUm9bid3+lmiq43FwW+Hof8/E="));
+        BigInteger rsaPrivP = new BigInteger(Base64.decode("AJ9StyTVW+AL/1s7RBtFwZGFBgd3zctBqzzwKPda6LbtIFDznmwDCqAlIQH9X14X7UPLokCDhuAa76OnDXb1OiE="));
+        BigInteger rsaPrivQ = new BigInteger(Base64.decode("AM3JfD79dNJ5A3beScSzPtWxx/tSLi0QHFtkuhtSizeXdkv5FSba7lVzwEOGKHmW829bRoNxThDy4ds1IihW1w0="));
+        BigInteger rsaPrivQinv = new BigInteger(Base64.decode("Lt0g7wrsNsQxuDdB8q/rH8fSFeBXMGLtCIqfOec1j7FEIuYA/ACiRDgXkHa0WgN7nLXSjHoy630wC5Toq8vvUg=="));
+        RSAKeyParameters rsaPublic = new RSAKeyParameters(false, rsaPubMod, rsaPubExp);
+        RSAPrivateCrtKeyParameters rsaPrivate = new RSAPrivateCrtKeyParameters(rsaPrivMod, rsaPubExp, rsaPrivExp, rsaPrivP, rsaPrivQ, rsaPrivDP, rsaPrivDQ, rsaPrivQinv);
+
+        byte[] msg = new byte[] { 1, 6, 3, 32, 7, 43, 2, 5, 7, 78, 4, 23 };
+
+        X931Signer signer = new X931Signer(new RSAEngine(), new SHA1Digest());
+        signer.init(true, rsaPrivate);
+        signer.update(msg, 0, msg.length);
+        byte[] sig = signer.generateSignature();
+
+        signer = new X931Signer(new RSAEngine(), new SHA1Digest());
+        signer.init(false, rsaPublic);
+        signer.update(msg, 0, msg.length);
+        if (!signer.verifySignature(sig))
+        {
+            fail("X9.31 Signer failed.");
+        }
+
+        shouldPassSignatureTest1();
+        shouldPassSignatureTest2();
+        shouldPassSignatureTest3();
+    }
+
+    private void shouldPassSignatureTest1()
+        throws Exception
+    {
+        BigInteger n = new BigInteger("c9be1b28f8caccca65d86cc3c9bbcc13eccc059df3b80bd2292b811eff3aa0dd75e1e85c333b8e3fa9bed53bb20f5359ff4e6900c5e9a388e3a4772a583a79e2299c76582c2b27694b65e9ba22e66bfb817f8b70b22206d7d8ae488c86dbb7137c26d5eff9b33c90e6cee640630313b7a715802e15142fef498c404a8de19674974785f0f852e2d470fe85a2e54ffca9f5851f672b71df691785a5cdabe8f14aa628942147de7593b2cf962414a5b59c632c4e14f1768c0ab2e9250824beea60a3529f11bf5e070ce90a47686eb0be1086fb21f0827f55295b4a48307db0b048c05a4aec3f488c576ca6f1879d354224c7e84cbcd8e76dd217a3de54dba73c35", 16);
+        BigInteger e = new BigInteger("e75b1b", 16);
+        byte[] msg = Hex.decode("5bb0d1c0ef9b5c7af2477fe08d45523d3842a4b2db943f7033126c2a7829bacb3d2cfc6497ec91688189e81b7f8742488224ba320ce983ce9480722f2cc5bc42611f00bb6311884f660ccc244788378673532edb05284fd92e83f6f6dab406209032e6af9a33c998677933e32d6fb95fd27408940d7728f9c9c40267ca1d20ce");
+        byte[] sig = Hex.decode("0fe8bb8e3109a1eb7489ef35bf4c1a0780071da789c8bd226a4170538eafefdd30b732d628f0e87a0b9450051feae9754d4fb61f57862d10f0bacc4f660d13281d0cd1141c006ade5186ff7d961a4c6cd0a4b352fc1295c5afd088f80ac1f8e192ef116a010a442655fe8ff5eeacea15807906fb0f0dfa86e680d4c005872357f7ece9aa4e20b15d5f709b30f08648ecaa34f2fbf54eb6b414fa2ff6f87561f70163235e69ccb4ac82a2e46d3be214cc2ef5263b569b2d8fd839b21a9e102665105ea762bda25bb446cfd831487a6b846100dee113ae95ae64f4af22c428c87bab809541c962bb3a56d4c86588e0af4ebc7fcc66dadced311051356d3ea745f7");
+
+        RSAKeyParameters rsaPublic = new RSAKeyParameters(false, n, e);
+        X931Signer signer = new X931Signer(new RSAEngine(), new SHA1Digest());
+
+        signer.init(false, rsaPublic);
+
+        signer.update(msg, 0, msg.length);
+
+        if (!signer.verifySignature(sig))
+        {
+            fail("RSA X931 verify test 1 failed.");
+        }
+    }
+
+    private void shouldPassSignatureTest2()
+        throws Exception
+    {
+        BigInteger n = new BigInteger("b746ba6c3c0be64bbe33aa55b2929b0af4e86d773d44bfe5914db9287788c4663984b61a418d2eecca30d752ff6b620a07ec72eeb2b422d2429da352407b99982800b9dd7697be6a7b1baa98ca5f4fc2fe33400f20b9dba337ac25c987804165d4a6e0ee4d18eabd6de5abdfe578cae6713ff91d16c80a5bb20217fe614d9509e75a43e1825327b9da8f0a9f6eeaa1c04b69fb4bacc073569fff4ab491becbe6d0441d437fc3fa823239c4a0f75321666b68dd3f66e2dd394089a15bcc288a68a4eb0a48e17d639743b9dea0a91cc35820544732aff253f8ca9967c609dc01c2f8cd0313a7a91cfa94ff74289a1d2b6f19d1811f4b9a65f4cce9e5759b4cc64f", 16);
+        BigInteger e = new BigInteger("dcbbdb", 16);
+        byte[] msg = Hex.decode("a5d3c8a060f897bbbc20ae0955052f37fbc70986b6e11c65075c9f457142bfa93856897c69020aa81a91b5e4f39e05cdeecc63395ab849c8262ca8bc5c96870aecb8edb0aba0024a9bdb71e06de6100344e5c318bc979ef32b8a49a8278ba99d4861bce42ebbc5c8c666aaa6cac39aff8779f2cae367620f9edd4cb1d80b6c8c");
+        byte[] sig = Hex.decode("39fbbd1804c689a533b0043f84da0f06081038c0fbf31e443e46a05e58f50de5198bbca40522afefaba3aed7082a6cb93b1da39f1f5a42246bf64930781948d300549bef0f8d554ecfca60a1b1ecba95a7014ee4545ad4f0c4e3a31942c6738b4ccd6244b6a21267dadf0826a5f713f13b1f5a9ab8501d957a26d4948278ac67851071a315674bdab173bfef2c2690c8373da6bf3d69f30c0e5da8883de872f59521b40793854085641adf98d13db991c5d0a8aaa0222934fa33332e90ef0b954e195cb267d6ffb36c96e14d1ec7b915a87598b4461a3146566354dc2ae748c84ee0cd46543b53ebff8cdf47725b280a1f799fb6ebb4a31ad2bdd5178250f83a");
+
+        RSAKeyParameters rsaPublic = new RSAKeyParameters(false, n, e);
+        X931Signer signer = new X931Signer(new RSAEngine(), new SHA224Digest());
+
+        signer.init(false, rsaPublic);
+
+        signer.update(msg, 0, msg.length);
+
+        if (!signer.verifySignature(sig))
+        {
+            fail("RSA X931 verify test 2 failed.");
+        }
+    }
+
+    private void shouldPassSignatureTest3()
+        throws Exception
+    {
+        BigInteger n = new BigInteger("dcb5686a3d2063a3f9cf7b9b32d2d3765b4c449b09b4960245a9111cd3b0cbd3260496885b8e1fa5db33b03efcc759d9c1afe29d93c6faebc7e0efada334b5b9a29655e2da2c8f11103d8203be311feab7ae88e9f1b2ec7d8fc655d77202b1681dd9717ec0f525b35584987e19539635a1ed23ca482a00149c609a23dc1645fd", 16);
+        BigInteger e = new BigInteger("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc9f7", 16);
+        BigInteger d = new BigInteger("189d6345099098992e0c9ca5f281e1338092342fa0acc85cc2a111f30f9bd2fb4753cd1a48ef0ddca9bf1af33ec76fb2e23a9fb4896c26f2235b516f7c05ef7ae81e70f4b491a5fedba9b935e9c76d761a813ce7776ff8a1e5efe1166ff2eca26aa900da88c908d51af9de26977fe39719cc781df32216fa41b838f0c63803c3", 16);
+
+        byte[] msg = Hex.decode("911475c6e210ef4ac65b6fe8d2bfe5e01b959771b137c4ef69b88716e0d2ff9ebc1fad0f358c1dd7d50cc99a7b893ac9a6207076f08d8467d9e48c69c683bfe64a44dabaa3f7c243880f6ab7229bf7bb587822314fc5de5131983bfb2eef8b4bc1eac36f353724b567cd1ae8cddd64ddb7057549d5c81ad5fa3b5e751f00abf5");
+        byte[] sig = Hex.decode("02c50ec0ac8a7f38ef5630c396964d6a6daaa7e3083ab5b57fa2a2632f3b70e2e85c8456cd774d45d7e44fcb063f0f04fff9f1e3adfda11272535a92cb59320b190b5ee4261f23d6ceaa925df3a7bfa42e26bf61ea9645d9d64b3c90a820802768a6e209c9f83705375a3867afccc037e8242a98fa4c3db6b2d9877754d47289");
+
+        RSAKeyParameters rsaPublic = new RSAKeyParameters(false, n, e);
+        X931Signer signer = new X931Signer(new RSAEngine(), new SHA1Digest());
+
+        signer.init(true, new RSAKeyParameters(true, n, d));
+
+        signer.update(msg, 0, msg.length);
+
+        byte[] s = signer.generateSignature();
+
+        if (!Arrays.areEqual(sig, s))
+        {
+            fail("RSA X931 sig test 3 failed.");
+        }
+
+        signer.init(false, rsaPublic);
+
+        signer.update(msg, 0, msg.length);
+
+        if (!signer.verifySignature(sig))
+        {
+            fail("RSA X931 verify test 3 failed.");
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new X931SignerTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/XSalsa20Test.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/XSalsa20Test.java
new file mode 100644
index 0000000..efbd5ec
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/XSalsa20Test.java
@@ -0,0 +1,166 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.XSalsa20Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class XSalsa20Test extends SimpleTest
+{
+    private static class TestCase
+    {
+
+        private byte[] key;
+        private byte[] iv;
+        private byte[] plaintext;
+        private byte[] ciphertext;
+
+        public TestCase(String key, String iv, String plaintext, String ciphertext)
+        {
+            this.key = Hex.decode(key);
+            this.iv = Hex.decode(iv);
+            this.plaintext = Hex.decode(plaintext);
+            this.ciphertext = Hex.decode(ciphertext);
+        }
+
+        public byte[] getKey()
+        {
+            return key;
+        }
+
+        public byte[] getIv()
+        {
+            return iv;
+        }
+
+        public byte[] getPlaintext()
+        {
+            return plaintext;
+        }
+
+        public byte[] getCiphertext()
+        {
+            return ciphertext;
+        }
+    }
+
+    // Test cases generated by naclcrypto-20090308, as used by cryptopp
+    private static final TestCase[] TEST_CASES = new TestCase[] {
+            new TestCase(
+                    "a6a7251c1e72916d11c2cb214d3c252539121d8e234e652d651fa4c8cff88030",
+                    "9e645a74e9e0a60d8243acd9177ab51a1beb8d5a2f5d700c",
+                    "093c5e5585579625337bd3ab619d615760d8c5b224a85b1d0efe0eb8a7ee163abb0376529fcc09bab506c618e13ce777d82c3ae9d1a6f972d4160287cbfe60bf2130fc0a6ff6049d0a5c8a82f429231f008082e845d7e189d37f9ed2b464e6b919e6523a8c1210bd52a02a4c3fe406d3085f5068d1909eeeca6369abc981a42e87fe665583f0ab85ae71f6f84f528e6b397af86f6917d9754b7320dbdc2fea81496f2732f532ac78c4e9c6cfb18f8e9bdf74622eb126141416776971a84f94d156beaf67aecbf2ad412e76e66e8fad7633f5b6d7f3d64b5c6c69ce29003c6024465ae3b89be78e915d88b4b5621d",
+                    "b2af688e7d8fc4b508c05cc39dd583d6714322c64d7f3e63147aede2d9534934b04ff6f337b031815cd094bdbc6d7a92077dce709412286822ef0737ee47f6b7ffa22f9d53f11dd2b0a3bb9fc01d9a88f9d53c26e9365c2c3c063bc4840bfc812e4b80463e69d179530b25c158f543191cff993106511aa036043bbc75866ab7e34afc57e2cce4934a5faae6eabe4f221770183dd060467827c27a354159a081275a291f69d946d6fe28ed0b9ce08206cf484925a51b9498dbde178ddd3ae91a8581b91682d860f840782f6eea49dbb9bd721501d2c67122dea3b7283848c5f13e0c0de876bd227a856e4de593a3"),
+            new TestCase(
+                    "9e1da239d155f52ad37f75c7368a536668b051952923ad44f57e75ab588e475a",
+                    "af06f17859dffa799891c4288f6635b5c5a45eee9017fd72",
+                    "feac9d54fc8c115ae247d9a7e919dd76cfcbc72d32cae4944860817cbdfb8c04e6b1df76a16517cd33ccf1acda9206389e9e318f5966c093cfb3ec2d9ee2de856437ed581f552f26ac2907609df8c613b9e33d44bfc21ff79153e9ef81a9d66cc317857f752cc175fd8891fefebb7d041e6517c3162d197e2112837d3bc4104312ad35b75ea686e7c70d4ec04746b52ff09c421451459fb59f",
+                    "2c261a2f4e61a62e1b27689916bf03453fcbc97bb2af6f329391ef063b5a219bf984d07d70f602d85f6db61474e9d9f5a2deecb4fcd90184d16f3b5b5e168ee03ea8c93f3933a22bc3d1a5ae8c2d8b02757c87c073409052a2a8a41e7f487e041f9a49a0997b540e18621cad3a24f0a56d9b19227929057ab3ba950f6274b121f193e32e06e5388781a1cb57317c0ba6305e910961d01002f0"),
+            new TestCase("d5c7f6797b7e7e9c1d7fd2610b2abf2bc5a7885fb3ff78092fb3abe8986d35e2",
+                    "744e17312b27969d826444640e9c4a378ae334f185369c95",
+                    "7758298c628eb3a4b6963c5445ef66971222be5d1a4ad839715d1188071739b77cc6e05d5410f963a64167629757",
+                    "27b8cfe81416a76301fd1eec6a4d99675069b2da2776c360db1bdfea7c0aa613913e10f7a60fec04d11e65f2d64e"),
+            new TestCase(
+                    "737d7811ce96472efed12258b78122f11deaec8759ccbd71eac6bbefa627785c",
+                    "6fb2ee3dda6dbd12f1274f126701ec75c35c86607adb3edd",
+                    "501325fb2645264864df11faa17bbd58312b77cad3d94ac8fb8542f0eb653ad73d7fce932bb874cb89ac39fc47f8267cf0f0c209f204b2d8578a3bdf461cb6a271a468bebaccd9685014ccbc9a73618c6a5e778a21cc8416c60ad24ddc417a130d53eda6dfbfe47d09170a7be1a708b7b5f3ad464310be36d9a2a95dc39e83d38667e842eb6411e8a23712297b165f690c2d7ca1b1346e3c1fccf5cafd4f8be0",
+                    "6724c372d2e9074da5e27a6c54b2d703dc1d4c9b1f8d90f00c122e692ace7700eadca942544507f1375b6581d5a8fb39981c1c0e6e1ff2140b082e9ec016fce141d5199647d43b0b68bfd0fea5e00f468962c7384dd6129aea6a3fdfe75abb210ed5607cef8fa0e152833d5ac37d52e557b91098a322e76a45bbbcf4899e790618aa3f4c2e5e0fc3de93269a577d77a5502e8ea02f717b1dd2df1ec69d8b61ca"),
+            new TestCase(
+                    "760158da09f89bbab2c99e6997f9523a95fcef10239bcca2573b7105f6898d34",
+                    "43636b2cc346fc8b7c85a19bf507bdc3dafe953b88c69dba",
+                    "d30a6d42dff49f0ed039a306bae9dec8d9e88366cc19e8c3642fd58fa0794ebf8029d949730339b0823a51f0f49f0d2c71f1051c1e0e2c86941f172789cdb1b0107413e70f982ff9761877bb526ef1c3eb1106a948d60ef21bd35d32cfd64f89b79ed63ecc5cca56246af736766f285d8e6b0da9cb1cd21020223ffacc5a32",
+                    "c815b6b79b64f9369aec8dce8c753df8a50f2bc97c70ce2f014db33a65ac5816bac9e30ac08bdded308c65cb87e28e2e71b677dc25c5a6499c1553555daf1f55270a56959dffa0c66f24e0af00951ec4bb59ccc3a6c5f52e0981647e53e439313a52c40fa7004c855b6e6eb25b212a138e843a9ba46edb2a039ee82a263abe"),
+            new TestCase(
+                    "27ba7e81e7edd4e71be53c07ce8e633138f287e155c7fa9e84c4ad804b7fa1b9",
+                    "ea05f4ebcd2fb6b000da0612861ba54ff5c176fb601391aa",
+                    "e09ff5d2cb050d69b2d42494bde5825238c756d6991d99d7a20d1ef0b83c371c89872690b2fc11d5369f4fc4971b6d3d6c078aef9b0f05c0e61ab89c025168054defeb03fef633858700c58b1262ce011300012673e893e44901dc18eee3105699c44c805897bdaf776af1833162a21a",
+                    "a23e7ef93c5d0667c96d9e404dcbe6be62026fa98f7a3ff9ba5d458643a16a1cef7272dc6097a9b52f35983557c77a11b314b4f7d5dc2cca15ee47616f861873cbfed1d32372171a61e38e447f3cf362b3abbb2ed4170d89dcb28187b7bfd206a3e026f084a7e0ed63d319de6bc9afc0"),
+            new TestCase("6799d76e5ffb5b4920bc2768bafd3f8c16554e65efcf9a16f4683a7a06927c11",
+                    "61ab951921e54ff06d9b77f313a4e49df7a057d5fd627989", "472766", "8fd7df"),
+            new TestCase(
+                    "f68238c08365bb293d26980a606488d09c2f109edafa0bbae9937b5cc219a49c",
+                    "5190b51e9b708624820b5abdf4e40fad1fb950ad1adc2d26",
+                    "47ec6b1f73c4b7ff5274a0bfd7f45f864812c85a12fbcb3c2cf8a3e90cf66ccf2eacb521e748363c77f52eb426ae57a0c6c78f75af71284569e79d1a92f949a9d69c4efc0b69902f1e36d7562765543e2d3942d9f6ff5948d8a312cff72c1afd9ea3088aff7640bfd265f7a9946e606abc77bcedae6bddc75a0dba0bd917d73e3bd1268f727e0096345da1ed25cf553ea7a98fea6b6f285732de37431561ee1b3064887fbcbd71935e02",
+                    "36160e88d3500529ba4edba17bc24d8cfaca9a0680b3b1fc97cf03f3675b7ac301c883a68c071bc54acdd3b63af4a2d72f985e51f9d60a4c7fd481af10b2fc75e252fdee7ea6b6453190617dcc6e2fe1cd56585fc2f0b0e97c5c3f8ad7eb4f31bc4890c03882aac24cc53acc1982296526690a220271c2f6e326750d3fbda5d5b63512c831f67830f59ac49aae330b3e0e02c9ea0091d19841f1b0e13d69c9fbfe8a12d6f30bb734d9d2"),
+            new TestCase(
+                    "45b2bd0de4ed9293ec3e26c4840faaf64b7d619d51e9d7a2c7e36c83d584c3df",
+                    "546c8c5d6be8f90952cab3f36d7c1957baaa7a59abe3d7e5",
+                    "5007c8cd5b3c40e17d7fe423a87ae0ced86bec1c39dc07a25772f3e96dabd56cd3fd7319f6c9654925f2d87087a700e1b130da796895d1c9b9acd62b266144067d373ed51e787498b03c52faad16bb3826fa511b0ed2a19a8663f5ba2d6ea7c38e7212e9697d91486c49d8a000b9a1935d6a7ff7ef23e720a45855481440463b4ac8c4f6e7062adc1f1e1e25d3d65a31812f58a71160",
+                    "8eacfba568898b10c0957a7d44100685e8763a71a69a8d16bc7b3f88085bb9a2f09642e4d09a9f0ad09d0aad66b22610c8bd02ff6679bb92c2c026a216bf425c6be35fb8dae7ff0c72b0efd6a18037c70eed0ca90062a49a3c97fdc90a8f9c2ea536bfdc41918a7582c9927fae47efaa3dc87967b7887dee1bf071734c7665901d9105dae2fdf66b4918e51d8f4a48c60d19fbfbbcba"),
+            new TestCase(
+                    "fe559c9a282beb40814d016d6bfcb2c0c0d8bf077b1110b8703a3ce39d70e0e1",
+                    "b076200cc7011259805e18b304092754002723ebec5d6200",
+                    "6db65b9ec8b114a944137c821fd606be75478d928366d5284096cdef782fcff7e8f59cb8ffcda979757902c5ffa6bc477ceaa4cb5d5ea76f94d91e833f823a6bc78f1055dfa6a97bea8965c1cde67a668e001257334a585727d9e0f7c1a06e88d3d25a4e6d9096c968bf138e116a3ebeffd4bb4808adb1fd698164ba0a35c709a47f16f1f4435a2345a9194a00b95abd51851d505809a6077da9baca5831afff31578c487ee68f2767974a98a7e803aac788da98319c4ea8eaa3d394855651f484cef543f537e35158ee29",
+                    "4dce9c8f97a028051b0727f34e1b9ef21f06f0760f36e71713204027902090ba2bb6b13436ee778d9f50530efbd7a32b0d41443f58ccaee781c7b716d3a96fdec0e3764ed7959f34c3941278591ea033b5cbadc0f1916032e9bebbd1a8395b83fb63b1454bd775bd20b3a2a96f951246ac14daf68166ba62f6cbff8bd121ac9498ff8852fd2be975df52b5daef3829d18eda42e715022dcbf930d0a789ee6a146c2c7088c35773c63c06b4af4559856ac199ced86863e4294707825337c5857970eb7fddeb263781309011"),
+            new TestCase(
+                    "0ae10012d7e56614b03dcc89b14bae9242ffe630f3d7e35ce8bbb97bbc2c92c3",
+                    "f96b025d6cf46a8a12ac2af1e2aef1fb83590adadaa5c5ea",
+                    "ea0f354e96f12bc72bbaa3d12b4a8ed879b042f0689878f46b651cc4116d6f78409b11430b3aaa30b2076891e8e1fa528f2fd169ed93dc9f84e24409eec2101daf4d057be2492d11de640cbd7b355ad29fb70400fffd7cd6d425abeeb732a0eaa4330af4c656252c4173deab653eb85c58462d7ab0f35fd12b613d29d473d330310dc323d3c66348bbdbb68a326324657cae7b77a9e34358f2cec50c85609e73056856796e3be8d62b6e2fe9f953",
+                    "e8abd48924b54e5b80866be7d4ebe5cf4274cafff08b39cb2d40a8f0b472398aedc776e0793812fbf1f60078635d2ed86b15efcdba60411ee23b07233592a44ec31b1013ce8964236675f8f183aef885e864f2a72edf4215b5338fa2b54653dfa1a8c55ce5d95cc605b9b311527f2e3463ffbec78a9d1d65dabad2f338769c9f43f133a791a11c7eca9af0b771a4ac32963dc8f631a2c11217ac6e1b9430c1aae1ceebe22703f429998a8fb8c641"),
+            new TestCase(
+                    "082c539bc5b20f97d767cd3f229eda80b2adc4fe49c86329b5cd6250a9877450",
+                    "845543502e8b64912d8f2c8d9fffb3c69365686587c08d0c",
+                    "a96bb7e910281a6dfad7c8a9c370674f0ceec1ad8d4f0de32f9ae4a23ed329e3d6bc708f876640a229153ac0e7281a8188dd77695138f01cda5f41d5215fd5c6bdd46d982cb73b1efe2997970a9fdbdb1e768d7e5db712068d8ba1af6067b5753495e23e6e1963af012f9c7ce450bf2de619d3d59542fb55f3",
+                    "835da74fc6de08cbda277a7966a07c8dcd627e7b17adde6d930b6581e3124b8baad096f693991fedb1572930601fc7709541839b8e3ffd5f033d2060d999c6c6e3048276613e648000acb5212cc632a916afce290e20ebdf612d08a6aa4c79a74b070d3f872a861f8dc6bb07614db515d363349d3a8e3336a3"),
+            new TestCase("3d02bff3375d403027356b94f514203737ee9a85d2052db3e4e5a217c259d18a",
+                    "74216c95031895f48c1dba651555ebfa3ca326a755237025",
+                    "0d4b0f54fd09ae39baa5fa4baccf2e6682e61b257e01f42b8f",
+                    "16c4006c28365190411eb1593814cf15e74c22238f210afc3d"),
+            new TestCase(
+                    "ad1a5c47688874e6663a0f3fa16fa7efb7ecadc175c468e5432914bdb480ffc6",
+                    "e489eed440f1aae1fac8fb7a9825635454f8f8f1f52e2fcc",
+                    "aa6c1e53580f03a9abb73bfdadedfecada4c6b0ebe020ef10db745e54ba861caf65f0e40dfc520203bb54d29e0a8f78f16b3f1aa525d6bfa33c54726e59988cfbec78056",
+                    "02fe84ce81e178e7aabdd3ba925a766c3c24756eefae33942af75e8b464556b5997e616f3f2dfc7fce91848afd79912d9fb55201b5813a5a074d2c0d4292c1fd441807c5"),
+            new TestCase(
+                    "053a02bedd6368c1fb8afc7a1b199f7f7ea2220c9a4b642a6850091c9d20ab9c",
+                    "c713eea5c26dad75ad3f52451e003a9cb0d649f917c89dde",
+                    "8f0a8a164760426567e388840276de3f95cb5e3fadc6ed3f3e4fe8bc169d9388804dcb94b6587dbb66cb0bd5f87b8e98b52af37ba290629b858e0e2aa7378047a26602",
+                    "516710e59843e6fbd4f25d0d8ca0ec0d47d39d125e9dad987e0518d49107014cb0ae405e30c2eb3794750bca142ce95e290cf95abe15e822823e2e7d3ab21bc8fbd445"),
+            new TestCase(
+                    "5b14ab0fbed4c58952548a6cb1e0000cf4481421f41288ea0aa84add9f7deb96",
+                    "54bf52b911231b952ba1a6af8e45b1c5a29d97e2abad7c83",
+                    "37fb44a675978b560ff9a4a87011d6f3ad2d37a2c3815b45a3c0e6d1b1d8b1784cd468927c2ee39e1dccd4765e1c3d676a335be1ccd6900a45f5d41a317648315d8a8c24adc64eb285f6aeba05b9029586353d303f17a807658b9ff790474e1737bd5fdc604aeff8dfcaf1427dcc3aacbb0256badcd183ed75a2dc52452f87d3c1ed2aa583472b0ab91cda20614e9b6fdbda3b49b098c95823cc72d8e5b717f2314b0324e9ce",
+                    "ae6deb5d6ce43d4b09d0e6b1c0e9f46157bcd8ab50eaa3197ff9fa2bf7af649eb52c68544fd3adfe6b1eb316f1f23538d470c30dbfec7e57b60cbcd096c782e7736b669199c8253e70214cf2a098fda8eac5da79a9496a3aae754d03b17c6d70d1027f42bf7f95ce3d1d9c338854e158fcc803e4d6262fb639521e47116ef78a7a437ca9427ba645cd646832feab822a208278e45e93e118d780b988d65397eddfd7a819526e"),
+            new TestCase(
+                    "d74636e3413a88d85f322ca80fb0bd650bd0bf0134e2329160b69609cd58a4b0",
+                    "efb606aa1d9d9f0f465eaa7f8165f1ac09f5cb46fecf2a57",
+                    "f85471b75f6ec81abac2799ec09e98e280b2ffd64ca285e5a0109cfb31ffab2d617b2c2952a2a8a788fc0da2af7f530758f74f1ab56391ab5ff2adbcc5be2d6c7f49fbe8118104c6ff9a23c6dfe52f57954e6a69dcee5db06f514f4a0a572a9a8525d961dae72269b987189d465df6107119c7fa790853e063cba0fab7800ca932e258880fd74c33c784675bedad0e7c09e9cc4d63dd5e9713d5d4a0196e6b562226ac31b4f57c04f90a181973737ddc7e80f364112a9fbb435ebdbcabf7d490ce52",
+                    "b2b795fe6c1d4c83c1327e015a67d4465fd8e32813575cbab263e20ef05864d2dc17e0e4eb81436adfe9f638dcc1c8d78f6b0306baf938e5d2ab0b3e05e735cc6fff2d6e02e3d60484bea7c7a8e13e23197fea7b04d47d48f4a4e5944174539492800d3ef51e2ee5e4c8a0bdf050c2dd3dd74fce5e7e5c37364f7547a11480a3063b9a0a157b15b10a5a954de2731ced055aa2e2767f0891d4329c426f3808ee867bed0dc75b5922b7cfb895700fda016105a4c7b7f0bb90f029f6bbcb04ac36ac16") };
+
+    public String getName()
+    {
+        return "XSalsa20";
+    }
+
+    public void performTest() throws Exception
+    {
+        for (int i = 0; i < TEST_CASES.length; i++)
+        {
+            performTest(i, TEST_CASES[i]);
+        }
+    }
+
+    private void performTest(int number, TestCase testCase)
+    {
+        final byte[] plaintext = testCase.getPlaintext();
+        byte[] output = new byte[plaintext.length];
+
+        XSalsa20Engine engine = new XSalsa20Engine();
+        engine.init(false, new ParametersWithIV(new KeyParameter(testCase.getKey()), testCase.getIv()));
+
+        engine.processBytes(testCase.getPlaintext(), 0, testCase.getPlaintext().length, output, 0);
+
+        if (!Arrays.areEqual(testCase.getCiphertext(), output))
+        {
+            fail("mismatch on " + number, new String(Hex.encode(testCase.getCiphertext())),
+                    new String(Hex.encode(output)));
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new XSalsa20Test());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/XTEATest.java b/bcprov/src/main/java/org/bouncycastle/crypto/test/XTEATest.java
new file mode 100644
index 0000000..2b5279e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/XTEATest.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.crypto.test;
+
+import org.bouncycastle.crypto.engines.XTEAEngine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * TEA tester - based on C implementation results from http://www.simonshepherd.supanet.com/tea.htm
+ */
+public class XTEATest
+    extends CipherTest
+{
+    static SimpleTest[]  tests = {
+        new BlockCipherVectorTest(0, new XTEAEngine(),
+            new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+            "0000000000000000",
+            "dee9d4d8f7131ed9"),
+        new BlockCipherVectorTest(1, new XTEAEngine(),
+            new KeyParameter(Hex.decode("00000000000000000000000000000000")),
+            "0102030405060708",
+            "065c1b8975c6a816"),
+        new BlockCipherVectorTest(2, new XTEAEngine(),
+            new KeyParameter(Hex.decode("0123456712345678234567893456789A")),
+            "0000000000000000",
+            "1ff9a0261ac64264"),
+        new BlockCipherVectorTest(3, new XTEAEngine(),
+            new KeyParameter(Hex.decode("0123456712345678234567893456789A")),
+            "0102030405060708",
+            "8c67155b2ef91ead"),
+            };
+
+    XTEATest()
+    {
+        super(tests, new XTEAEngine(), new KeyParameter(new byte[16]));
+    }
+
+    public String getName()
+    {
+        return "XTEA";
+    }
+
+    public static void main(
+        String[]    args)
+    {
+        runTest(new XTEATest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/test/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/test/package.html
new file mode 100644
index 0000000..7bb5e6b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/test/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Example code and test classes for the lightweight API.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsClient.java
index 7d4fd03..a433b95 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsClient.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsClient.java
@@ -29,6 +29,34 @@ public abstract class AbstractTlsClient
         this.cipherFactory = cipherFactory;
     }
 
+    protected boolean allowUnexpectedServerExtension(Integer extensionType, byte[] extensionData)
+        throws IOException
+    {
+        switch (extensionType.intValue())
+        {
+        case ExtensionType.elliptic_curves:
+            /*
+             * Exception added based on field reports that some servers do send this, although the
+             * Supported Elliptic Curves Extension is clearly intended to be client-only. If
+             * present, we still require that it is a valid EllipticCurveList.
+             */
+            TlsECCUtils.readSupportedEllipticCurvesExtension(extensionData);
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    protected void checkForUnexpectedServerExtension(Hashtable serverExtensions, Integer extensionType)
+        throws IOException
+    {
+        byte[] extensionData = TlsUtils.getExtensionData(serverExtensions, extensionType);
+        if (extensionData != null && !allowUnexpectedServerExtension(extensionType, extensionData))
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+    }
+
     public void init(TlsClientContext context)
     {
         this.context = context;
@@ -63,6 +91,16 @@ public abstract class AbstractTlsClient
         return ProtocolVersion.TLSv12;
     }
 
+    public boolean isFallback()
+    {
+        /*
+         * draft-ietf-tls-downgrade-scsv-00 4. [..] is meant for use by clients that repeat a
+         * connection attempt with a downgraded protocol in order to avoid interoperability problems
+         * with legacy servers.
+         */
+        return false;
+    }
+
     public Hashtable getClientExtensions()
         throws IOException
     {
@@ -78,27 +116,7 @@ public abstract class AbstractTlsClient
         {
             // TODO Provide a way for the user to specify the acceptable hash/signature algorithms.
 
-            short[] hashAlgorithms = new short[]{ HashAlgorithm.sha512, HashAlgorithm.sha384, HashAlgorithm.sha256,
-                HashAlgorithm.sha224, HashAlgorithm.sha1 };
-
-            // TODO Sort out ECDSA signatures and add them as the preferred option here
-            short[] signatureAlgorithms = new short[]{ SignatureAlgorithm.rsa };
-
-            this.supportedSignatureAlgorithms = new Vector();
-            for (int i = 0; i < hashAlgorithms.length; ++i)
-            {
-                for (int j = 0; j < signatureAlgorithms.length; ++j)
-                {
-                    this.supportedSignatureAlgorithms.addElement(new SignatureAndHashAlgorithm(hashAlgorithms[i],
-                        signatureAlgorithms[j]));
-                }
-            }
-
-            /*
-             * RFC 5264 7.4.3. Currently, DSA [DSS] may only be used with SHA-1.
-             */
-            this.supportedSignatureAlgorithms.addElement(new SignatureAndHashAlgorithm(HashAlgorithm.sha1,
-                SignatureAlgorithm.dsa));
+            this.supportedSignatureAlgorithms = TlsUtils.getDefaultSupportedSignatureAlgorithms();
 
             clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(clientExtensions);
 
@@ -176,21 +194,17 @@ public abstract class AbstractTlsClient
             /*
              * RFC 5246 7.4.1.4.1. Servers MUST NOT send this extension.
              */
-            if (serverExtensions.containsKey(TlsUtils.EXT_signature_algorithms))
-            {
-                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
+            checkForUnexpectedServerExtension(serverExtensions, TlsUtils.EXT_signature_algorithms);
+
+            checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_elliptic_curves);
 
-            int[] namedCurves = TlsECCUtils.getSupportedEllipticCurvesExtension(serverExtensions);
-            if (namedCurves != null)
+            if (TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite))
             {
-                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+                this.serverECPointFormats = TlsECCUtils.getSupportedPointFormatsExtension(serverExtensions);
             }
-
-            this.serverECPointFormats = TlsECCUtils.getSupportedPointFormatsExtension(serverExtensions);
-            if (this.serverECPointFormats != null && !TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite))
+            else
             {
-                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+                checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_ec_point_formats);
             }
         }
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsContext.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsContext.java
index 5e02892..4205725 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsContext.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsContext.java
@@ -2,9 +2,22 @@ package org.bouncycastle.crypto.tls;
 
 import java.security.SecureRandom;
 
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.prng.DigestRandomGenerator;
+import org.bouncycastle.crypto.prng.RandomGenerator;
+import org.bouncycastle.util.Times;
+
 abstract class AbstractTlsContext
     implements TlsContext
 {
+    private static long counter = Times.nanoTime();
+
+    private synchronized static long nextCounterValue()
+    {
+        return ++counter;
+    }
+
+    private RandomGenerator nonceRandom;
     private SecureRandom secureRandom;
     private SecurityParameters securityParameters;
 
@@ -15,10 +28,24 @@ abstract class AbstractTlsContext
 
     AbstractTlsContext(SecureRandom secureRandom, SecurityParameters securityParameters)
     {
+        Digest d = TlsUtils.createHash(HashAlgorithm.sha256);
+        byte[] seed = new byte[d.getDigestSize()];
+        secureRandom.nextBytes(seed);
+
+        this.nonceRandom = new DigestRandomGenerator(d);
+        nonceRandom.addSeedMaterial(nextCounterValue());
+        nonceRandom.addSeedMaterial(Times.nanoTime());
+        nonceRandom.addSeedMaterial(seed);
+
         this.secureRandom = secureRandom;
         this.securityParameters = securityParameters;
     }
 
+    public RandomGenerator getNonceRandomGenerator()
+    {
+        return nonceRandom;
+    }
+
     public SecureRandom getSecureRandom()
     {
         return secureRandom;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java
index 80d6af7..a4c9c05 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsPeer.java
@@ -5,6 +5,17 @@ import java.io.IOException;
 public abstract class AbstractTlsPeer
     implements TlsPeer
 {
+    public boolean shouldUseGMTUnixTime()
+    {
+        /*
+         * draft-mathewson-no-gmtunixtime-00 2. For the reasons we discuss above, we recommend that
+         * TLS implementors MUST by default set the entire value the ClientHello.Random and
+         * ServerHello.Random fields, including gmt_unix_time, to a cryptographically random
+         * sequence.
+         */
+        return false;
+    }
+
     public void notifySecureRenegotiation(boolean secureRenegotiation) throws IOException
     {
         if (!secureRenegotiation)
@@ -17,7 +28,7 @@ public abstract class AbstractTlsPeer
         }
     }
 
-    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Exception cause)
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
     {
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java
index bd428a9..9ba0ce6 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java
@@ -19,6 +19,7 @@ public abstract class AbstractTlsServer
     protected short[] offeredCompressionMethods;
     protected Hashtable clientExtensions;
 
+    protected boolean encryptThenMACOffered;
     protected short maxFragmentLengthOffered;
     protected boolean truncatedHMacOffered;
     protected Vector supportedSignatureAlgorithms;
@@ -41,6 +42,11 @@ public abstract class AbstractTlsServer
         this.cipherFactory = cipherFactory;
     }
 
+    protected boolean allowEncryptThenMAC()
+    {
+        return true;
+    }
+
     protected boolean allowTruncatedHMac()
     {
         return false;
@@ -85,7 +91,8 @@ public abstract class AbstractTlsServer
         for (int i = 0; i < namedCurves.length; ++i)
         {
             int namedCurve = namedCurves[i];
-            if (!NamedCurve.refersToASpecificNamedCurve(namedCurve) || TlsECCUtils.isSupportedNamedCurve(namedCurve))
+            if (NamedCurve.isValid(namedCurve)
+                && (!NamedCurve.refersToASpecificNamedCurve(namedCurve) || TlsECCUtils.isSupportedNamedCurve(namedCurve)))
             {
                 return true;
             }
@@ -105,6 +112,20 @@ public abstract class AbstractTlsServer
         this.clientVersion = clientVersion;
     }
 
+    public void notifyFallback(boolean isFallback) throws IOException
+    {
+        /*
+         * draft-ietf-tls-downgrade-scsv-00 3. If TLS_FALLBACK_SCSV appears in
+         * ClientHello.cipher_suites and the highest protocol version supported by the server is
+         * higher than the version indicated in ClientHello.client_version, the server MUST respond
+         * with an inappropriate_fallback alert.
+         */
+        if (isFallback && getMaximumVersion().isLaterVersionOf(clientVersion))
+        {
+            throw new TlsFatalAlert(AlertDescription.inappropriate_fallback);
+        }
+    }
+
     public void notifyOfferedCipherSuites(int[] offeredCipherSuites)
         throws IOException
     {
@@ -125,6 +146,7 @@ public abstract class AbstractTlsServer
 
         if (clientExtensions != null)
         {
+            this.encryptThenMACOffered = TlsExtensionsUtils.hasEncryptThenMACExtension(clientExtensions);
             this.maxFragmentLengthOffered = TlsExtensionsUtils.getMaxFragmentLengthExtension(clientExtensions);
             this.truncatedHMacOffered = TlsExtensionsUtils.hasTruncatedHMacExtension(clientExtensions);
 
@@ -197,9 +219,9 @@ public abstract class AbstractTlsServer
         {
             int cipherSuite = cipherSuites[i];
 
-            // TODO Certain cipher suites may only be available starting at a particular version
             if (Arrays.contains(this.offeredCipherSuites, cipherSuite)
-                && (eccCipherSuitesEnabled || !TlsECCUtils.isECCCipherSuite(cipherSuite)))
+                && (eccCipherSuitesEnabled || !TlsECCUtils.isECCCipherSuite(cipherSuite))
+                && TlsUtils.isValidCipherSuiteForVersion(cipherSuite, serverVersion))
             {
                 return this.selectedCipherSuite = cipherSuite;
             }
@@ -225,7 +247,21 @@ public abstract class AbstractTlsServer
     public Hashtable getServerExtensions()
         throws IOException
     {
-        if (this.maxFragmentLengthOffered >= 0)
+        if (this.encryptThenMACOffered && allowEncryptThenMAC())
+        {
+            /*
+             * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client
+             * and then selects a stream or Authenticated Encryption with Associated Data (AEAD)
+             * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the
+             * client.
+             */
+            if (TlsUtils.isBlockCipherSuite(this.selectedCipherSuite))
+            {
+                TlsExtensionsUtils.addEncryptThenMACExtension(checkServerExtensions());
+            }
+        }
+
+        if (this.maxFragmentLengthOffered >= 0 && MaxFragmentLength.isValid(maxFragmentLengthOffered))
         {
             TlsExtensionsUtils.addMaxFragmentLengthExtension(checkServerExtensions(), this.maxFragmentLengthOffered);
         }
@@ -242,8 +278,8 @@ public abstract class AbstractTlsServer
              * message including a Supported Point Formats Extension appends this extension (along
              * with others) to its ServerHello message, enumerating the point formats it can parse.
              */
-            this.serverECPointFormats = new short[]{ ECPointFormat.ansiX962_compressed_char2,
-                ECPointFormat.ansiX962_compressed_prime, ECPointFormat.uncompressed };
+            this.serverECPointFormats = new short[]{ ECPointFormat.uncompressed,
+                ECPointFormat.ansiX962_compressed_prime, ECPointFormat.ansiX962_compressed_char2, };
 
             TlsECCUtils.addSupportedPointFormatsExtension(checkServerExtensions(), serverECPointFormats);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlertDescription.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlertDescription.java
index 91366be..3db267e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlertDescription.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlertDescription.java
@@ -213,4 +213,91 @@ public class AlertDescription
      * "unknown_psk_identity" alert message.
      */
     public static final short unknown_psk_identity = 115;
+
+    /*
+     * draft-ietf-tls-downgrade-scsv-00
+     */
+
+    /**
+     * If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest protocol version
+     * supported by the server is higher than the version indicated in ClientHello.client_version,
+     * the server MUST respond with an inappropriate_fallback alert.
+     */
+    public static final short inappropriate_fallback = 86;
+
+    public static String getName(short alertDescription)
+    {
+        switch (alertDescription)
+        {
+        case close_notify:
+            return "close_notify";
+        case unexpected_message:
+            return "unexpected_message";
+        case bad_record_mac:
+            return "bad_record_mac";
+        case decryption_failed:
+            return "decryption_failed";
+        case record_overflow:
+            return "record_overflow";
+        case decompression_failure:
+            return "decompression_failure";
+        case handshake_failure:
+            return "handshake_failure";
+        case no_certificate:
+            return "no_certificate";
+        case bad_certificate:
+            return "bad_certificate";
+        case unsupported_certificate:
+            return "unsupported_certificate";
+        case certificate_revoked:
+            return "certificate_revoked";
+        case certificate_expired:
+            return "certificate_expired";
+        case certificate_unknown:
+            return "certificate_unknown";
+        case illegal_parameter:
+            return "illegal_parameter";
+        case unknown_ca:
+            return "unknown_ca";
+        case access_denied:
+            return "access_denied";
+        case decode_error:
+            return "decode_error";
+        case decrypt_error:
+            return "decrypt_error";
+        case export_restriction:
+            return "export_restriction";
+        case protocol_version:
+            return "protocol_version";
+        case insufficient_security:
+            return "insufficient_security";
+        case internal_error:
+            return "internal_error";
+        case user_canceled:
+            return "user_canceled";
+        case no_renegotiation:
+            return "no_renegotiation";
+        case unsupported_extension:
+            return "unsupported_extension";
+        case certificate_unobtainable:
+            return "certificate_unobtainable";
+        case unrecognized_name:
+            return "unrecognized_name";
+        case bad_certificate_status_response:
+            return "bad_certificate_status_response";
+        case bad_certificate_hash_value:
+            return "bad_certificate_hash_value";
+        case unknown_psk_identity:
+            return "unknown_psk_identity";
+        case inappropriate_fallback:
+            return "inappropriate_fallback";
+        default:
+            return "UNKNOWN";
+        }
+    }
+
+    public static String getText(short alertDescription)
+    {
+        return getName(alertDescription) + "(" + alertDescription + ")";
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlertLevel.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlertLevel.java
index b0b131d..cd46830 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlertLevel.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlertLevel.java
@@ -1,10 +1,28 @@
 package org.bouncycastle.crypto.tls;
 
 /**
- * RFC 2246 7.2
+ * RFC 5246 7.2
  */
 public class AlertLevel
 {
     public static final short warning = 1;
     public static final short fatal = 2;
+
+    public static String getName(short alertDescription)
+    {
+        switch (alertDescription)
+        {
+        case warning:
+            return "warning";
+        case fatal:
+            return "fatal";
+        default:
+            return "UNKNOWN";
+        }
+    }
+
+    public static String getText(short alertDescription)
+    {
+        return getName(alertDescription) + "(" + alertDescription + ")";
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java
deleted file mode 100644
index bf4cd13..0000000
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * A certificate verifyer, that will always return true.
- * <p/>
- * <pre>
- * DO NOT USE THIS FILE UNLESS YOU KNOW EXACTLY WHAT YOU ARE DOING.
- * </pre>
- *
- * @deprecated Perform certificate verification in TlsAuthentication implementation
- */
-public class AlwaysValidVerifyer
-    implements CertificateVerifyer
-{
-    /**
-     * Return true.
-     *
-     * @see org.bouncycastle.crypto.tls.CertificateVerifyer#isValid(org.bouncycastle.asn1.x509.Certificate[])
-     */
-    public boolean isValid(org.bouncycastle.asn1.x509.Certificate[] certs)
-    {
-        return true;
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/BasicTlsPSKIdentity.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/BasicTlsPSKIdentity.java
new file mode 100644
index 0000000..fa65d54
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/BasicTlsPSKIdentity.java
@@ -0,0 +1,42 @@
+package org.bouncycastle.crypto.tls;
+
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Strings;
+
+public class BasicTlsPSKIdentity
+    implements TlsPSKIdentity
+{
+    protected byte[] identity;
+    protected byte[] psk;
+
+    public BasicTlsPSKIdentity(byte[] identity, byte[] psk)
+    {
+        this.identity = Arrays.clone(identity);
+        this.psk = Arrays.clone(psk);
+    }
+
+    public BasicTlsPSKIdentity(String identity, byte[] psk)
+    {
+        this.identity = Strings.toUTF8ByteArray(identity);
+        this.psk = Arrays.clone(psk);
+    }
+
+    public void skipIdentityHint()
+    {
+    }
+
+    public void notifyIdentityHint(byte[] psk_identity_hint)
+    {
+    }
+
+    public byte[] getPSKIdentity()
+    {
+        return identity;
+    }
+
+    public byte[] getPSK()
+    {
+        return psk;
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/BulkCipherAlgorithm.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/BulkCipherAlgorithm.java
index 595bdad..7f013b3 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/BulkCipherAlgorithm.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/BulkCipherAlgorithm.java
@@ -2,13 +2,12 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * <p/>
+ * <p>
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
 public class BulkCipherAlgorithm
 {
-
     public static final int _null = 0;
     public static final int rc4 = 1;
     public static final int rc2 = 2;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ByteQueue.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ByteQueue.java
index 7642c4a..cfa72df 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ByteQueue.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ByteQueue.java
@@ -8,7 +8,7 @@ public class ByteQueue
     /**
      * @return The smallest number which can be written as 2^x which is bigger than i.
      */
-    public static final int nextTwoPow(int i)
+    public static int nextTwoPow(int i)
     {
         /*
          * This code is based of a lot of code I found on the Internet which mostly
@@ -30,7 +30,7 @@ public class ByteQueue
     /**
      * The buffer where we store our data.
      */
-    private byte[] databuf;;
+    private byte[] databuf;
 
     /**
      * How many bytes at the beginning of the buffer are skipped.
@@ -62,15 +62,15 @@ public class ByteQueue
      */
     public void read(byte[] buf, int offset, int len, int skip)
     {
-        if ((available - skip) < len)
-        {
-            throw new TlsRuntimeException("Not enough data to read");
-        }
         if ((buf.length - offset) < len)
         {
-            throw new TlsRuntimeException("Buffer size of " + buf.length
+            throw new IllegalArgumentException("Buffer size of " + buf.length
                 + " is too small for a read of " + len + " bytes");
         }
+        if ((available - skip) < len)
+        {
+            throw new IllegalStateException("Not enough data to read");
+        }
         System.arraycopy(databuf, skipped + skip, buf, offset, len);
     }
 
@@ -112,7 +112,7 @@ public class ByteQueue
     {
         if (i > available)
         {
-            throw new TlsRuntimeException("Cannot remove " + i + " bytes, only got " + available);
+            throw new IllegalStateException("Cannot remove " + i + " bytes, only got " + available);
         }
 
         /*
@@ -142,11 +142,19 @@ public class ByteQueue
         removeData(buf, 0, len, skip);
         return buf;
     }
+    
+    /**
+     * @deprecated Use 'available' instead
+     */
+    public int size()
+    {
+        return available;
+    }
 
     /**
      * @return The number of bytes which are available in this buffer.
      */
-    public int size()
+    public int available()
     {
         return available;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/Certificate.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/Certificate.java
index 02cf693..38f7d5b 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/Certificate.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/Certificate.java
@@ -11,12 +11,11 @@ import org.bouncycastle.asn1.ASN1Primitive;
 
 /**
  * Parsing and encoding of a <i>Certificate</i> struct from RFC 4346.
- * <p/>
  * <pre>
- * opaque ASN.1Cert<2^24-1>;
+ * opaque ASN.1Cert&lt;2^24-1&gt;;
  *
  * struct {
- *     ASN.1Cert certificate_list<0..2^24-1>;
+ *     ASN.1Cert certificate_list&lt;0..2^24-1&gt;;
  * } Certificate;
  * </pre>
  *
@@ -40,14 +39,6 @@ public class Certificate
     }
 
     /**
-     * @deprecated use {@link #getCertificateList()} instead
-     */
-    public org.bouncycastle.asn1.x509.Certificate[] getCerts()
-    {
-        return getCertificateList();
-    }
-
-    /**
      * @return an array of {@link org.bouncycastle.asn1.x509.Certificate} representing a certificate
      *         chain.
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java
index e9606e3..68e051e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java
@@ -12,11 +12,10 @@ import org.bouncycastle.asn1.x500.X500Name;
 
 /**
  * Parsing and encoding of a <i>CertificateRequest</i> struct from RFC 4346.
- * <p/>
  * <pre>
  * struct {
- *     ClientCertificateType certificate_types<1..2^8-1>;
- *     DistinguishedName certificate_authorities<3..2^16-1>;
+ *     ClientCertificateType certificate_types&lt;1..2^8-1&gt;;
+ *     DistinguishedName certificate_authorities&lt;3..2^16-1&gt;;
  * } CertificateRequest;
  * </pre>
  *
@@ -29,11 +28,6 @@ public class CertificateRequest
     protected Vector supportedSignatureAlgorithms;
     protected Vector certificateAuthorities;
 
-    /*
-     * TODO RFC 5264 7.4.4 A list of the hash/signature algorithm pairs that the server is able to
-     * verify, listed in descending order of preference.
-     */
-
     /**
      * @param certificateTypes       see {@link ClientCertificateType} for valid constants.
      * @param certificateAuthorities a {@link Vector} of {@link X500Name}.
@@ -47,7 +41,7 @@ public class CertificateRequest
 
     /**
      * @return an array of certificate types
-     * @see {@link ClientCertificateType}
+     * @see ClientCertificateType
      */
     public short[] getCertificateTypes()
     {
@@ -108,7 +102,7 @@ public class CertificateRequest
                 X500Name certificateAuthority = (X500Name)certificateAuthorities.elementAt(i);
                 byte[] derEncoding = certificateAuthority.getEncoded(ASN1Encoding.DER);
                 derEncodings.addElement(derEncoding);
-                totalLength += derEncoding.length;
+                totalLength += derEncoding.length + 2;
             }
 
             TlsUtils.checkUint16(totalLength);
@@ -116,8 +110,8 @@ public class CertificateRequest
 
             for (int i = 0; i < derEncodings.size(); ++i)
             {
-                byte[] encDN = (byte[])derEncodings.elementAt(i);
-                output.write(encDN);
+                byte[] derEncoding = (byte[])derEncodings.elementAt(i);
+                TlsUtils.writeOpaque16(derEncoding, output);
             }
         }
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CertificateVerifyer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CertificateVerifyer.java
deleted file mode 100644
index 2e3715c..0000000
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CertificateVerifyer.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * This should be implemented by any class which can find out, if a given certificate
- * chain is being accepted by an client.
- *
- * @deprecated Perform certificate verification in TlsAuthentication implementation
- */
-public interface CertificateVerifyer
-{
-    /**
-     * @param certs The certs, which are part of the chain.
-     * @return True, if the chain is accepted, false otherwise.
-     */
-    public boolean isValid(org.bouncycastle.asn1.x509.Certificate[] certs);
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/Chacha20Poly1305.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/Chacha20Poly1305.java
new file mode 100644
index 0000000..a82045b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/Chacha20Poly1305.java
@@ -0,0 +1,156 @@
+package org.bouncycastle.crypto.tls;
+
+import java.io.IOException;
+
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.engines.ChaChaEngine;
+import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
+import org.bouncycastle.crypto.macs.Poly1305;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
+
+public class Chacha20Poly1305 implements TlsCipher
+{
+    protected TlsContext context;
+
+    protected ChaChaEngine encryptCipher;
+    protected ChaChaEngine decryptCipher;
+
+    public Chacha20Poly1305(TlsContext context) throws IOException
+    {
+        if (!TlsUtils.isTLSv12(context))
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        this.context = context;
+
+        byte[] key_block = TlsUtils.calculateKeyBlock(context, 64);
+
+        KeyParameter client_write_key = new KeyParameter(key_block, 0, 32);
+        KeyParameter server_write_key = new KeyParameter(key_block, 32, 32);
+
+        this.encryptCipher = new ChaChaEngine(20);
+        this.decryptCipher = new ChaChaEngine(20);
+
+        KeyParameter encryptKey, decryptKey;
+        if (context.isServer())
+        {
+            encryptKey = server_write_key;
+            decryptKey = client_write_key;
+        }
+        else
+        {
+            encryptKey = client_write_key;
+            decryptKey = server_write_key;
+        }
+
+        byte[] dummyNonce = new byte[8];
+
+        this.encryptCipher.init(true, new ParametersWithIV(encryptKey, dummyNonce));
+        this.decryptCipher.init(false, new ParametersWithIV(decryptKey, dummyNonce));
+    }
+
+    public int getPlaintextLimit(int ciphertextLimit)
+    {
+        return ciphertextLimit - 16;
+    }
+
+    public byte[] encodePlaintext(long seqNo, short type, byte[] plaintext, int offset, int len) throws IOException
+    {
+        int ciphertextLength = len + 16;
+
+        KeyParameter macKey = initRecordMAC(encryptCipher, true, seqNo);
+
+        byte[] output = new byte[ciphertextLength];
+        encryptCipher.processBytes(plaintext, offset, len, output, 0);
+
+        byte[] additionalData = getAdditionalData(seqNo, type, len);
+        byte[] mac = calculateRecordMAC(macKey, additionalData, output, 0, len);
+        System.arraycopy(mac, 0, output, len, mac.length);
+
+        return output;
+    }
+
+    public byte[] decodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len) throws IOException
+    {
+        if (getPlaintextLimit(len) < 0)
+        {
+            throw new TlsFatalAlert(AlertDescription.decode_error);
+        }
+
+        int plaintextLength = len - 16;
+
+        byte[] receivedMAC = Arrays.copyOfRange(ciphertext, offset + plaintextLength, offset + len);
+
+        KeyParameter macKey = initRecordMAC(decryptCipher, false, seqNo);
+
+        byte[] additionalData = getAdditionalData(seqNo, type, plaintextLength);
+        byte[] calculatedMAC = calculateRecordMAC(macKey, additionalData, ciphertext, offset, plaintextLength);
+
+        if (!Arrays.constantTimeAreEqual(calculatedMAC, receivedMAC))
+        {
+            throw new TlsFatalAlert(AlertDescription.bad_record_mac);
+        }
+
+        byte[] output = new byte[plaintextLength];
+        decryptCipher.processBytes(ciphertext, offset, plaintextLength, output, 0);
+
+        return output;
+    }
+
+    protected KeyParameter initRecordMAC(ChaChaEngine cipher, boolean forEncryption, long seqNo)
+    {
+        byte[] nonce = new byte[8];
+        TlsUtils.writeUint64(seqNo, nonce, 0);
+
+        cipher.init(forEncryption, new ParametersWithIV(null, nonce));
+
+        byte[] firstBlock = new byte[64];
+        cipher.processBytes(firstBlock, 0, firstBlock.length, firstBlock, 0);
+
+        // NOTE: The BC implementation puts 'r' after 'k'
+        System.arraycopy(firstBlock, 0, firstBlock, 32, 16);
+        KeyParameter macKey = new KeyParameter(firstBlock, 16, 32);
+        Poly1305KeyGenerator.clamp(macKey.getKey());
+        return macKey;
+    }
+
+    protected byte[] calculateRecordMAC(KeyParameter macKey, byte[] additionalData, byte[] buf, int off, int len)
+    {
+        Mac mac = new Poly1305();
+        mac.init(macKey);
+
+        updateRecordMAC(mac, additionalData, 0, additionalData.length);
+        updateRecordMAC(mac, buf, off, len);
+
+        byte[] output = new byte[mac.getMacSize()];
+        mac.doFinal(output, 0);
+        return output;
+    }
+
+    protected void updateRecordMAC(Mac mac, byte[] buf, int off, int len)
+    {
+        mac.update(buf, off, len);
+
+        byte[] longLen = Pack.longToLittleEndian(len & 0xFFFFFFFFL);
+        mac.update(longLen, 0, longLen.length);
+    }
+
+    protected byte[] getAdditionalData(long seqNo, short type, int len) throws IOException
+    {
+        /*
+         * additional_data = seq_num + TLSCompressed.type + TLSCompressed.version +
+         * TLSCompressed.length
+         */
+        byte[] additional_data = new byte[13];
+        TlsUtils.writeUint64(seqNo, additional_data, 0);
+        TlsUtils.writeUint8(type, additional_data, 8);
+        TlsUtils.writeVersion(context.getServerVersion(), additional_data, 9);
+        TlsUtils.writeUint16(len, additional_data, 11);
+
+        return additional_data;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CipherSuite.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CipherSuite.java
index c1e7533..9374cec 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CipherSuite.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CipherSuite.java
@@ -56,7 +56,7 @@ public class CipherSuite
     public static final int TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A;
 
     /*
-     * RFC 4132
+     * RFC 5932
      */
     public static final int TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041;
     public static final int TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042;
@@ -64,6 +64,7 @@ public class CipherSuite
     public static final int TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044;
     public static final int TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045;
     public static final int TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046;
+
     public static final int TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084;
     public static final int TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085;
     public static final int TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086;
@@ -71,6 +72,20 @@ public class CipherSuite
     public static final int TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088;
     public static final int TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089;
 
+    public static final int TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA;
+    public static final int TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB;
+    public static final int TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC;
+    public static final int TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD;
+    public static final int TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE;
+    public static final int TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF;
+
+    public static final int TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0;
+    public static final int TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1;
+    public static final int TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2;
+    public static final int TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3;
+    public static final int TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4;
+    public static final int TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5;
+
     /*
      * RFC 4162
      */
@@ -240,6 +255,54 @@ public class CipherSuite
     public static final int TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF;
 
     /*
+     * RFC 6367
+     */
+    public static final int TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC072;
+    public static final int TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC073;
+    public static final int TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC074;
+    public static final int TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC075;
+    public static final int TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC076;
+    public static final int TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC077;
+    public static final int TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC078;
+    public static final int TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC079;
+
+    public static final int TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07A;
+    public static final int TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07B;
+    public static final int TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07C;
+    public static final int TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07D;
+    public static final int TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07E;
+    public static final int TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07F;
+    public static final int TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080;
+    public static final int TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081;
+    public static final int TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC082;
+    public static final int TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC083;
+    public static final int TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 = 0xC084;
+    public static final int TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 = 0xC085;
+    public static final int TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086;
+    public static final int TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087;
+    public static final int TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC088;
+    public static final int TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC089;
+    public static final int TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08A;
+    public static final int TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08B;
+    public static final int TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08C;
+    public static final int TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08D;
+
+    public static final int TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08E;
+    public static final int TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08F;
+    public static final int TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090;
+    public static final int TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091;
+    public static final int TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC092;
+    public static final int TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC093;
+    public static final int TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC094;
+    public static final int TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC095;
+    public static final int TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC096;
+    public static final int TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC097;
+    public static final int TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC098;
+    public static final int TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC099;
+    public static final int TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC09A;
+    public static final int TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC09B;
+
+    /*
      * RFC 6655
      */
     public static final int TLS_RSA_WITH_AES_128_CCM = 0xC09C;
@@ -260,38 +323,54 @@ public class CipherSuite
     public static final int TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB;
 
     /*
-     * TBD[draft-josefsson-salsa20-tls-02] 
+     * RFC 7251
+     */
+    public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC;
+    public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD;
+    public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE;
+    public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF;
+
+    /*
+     * draft-agl-tls-chacha20poly1305-04
+     */
+    public static final int TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC13;
+    public static final int TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14;
+    public static final int TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC15;
+
+    /*
+     * draft-josefsson-salsa20-tls-04
      */
-    static final int TLS_RSA_WITH_ESTREAM_SALSA20_SHA1 = 0xFF00;
-    static final int TLS_RSA_WITH_SALSA20_SHA1 = 0xFF01;
-    static final int TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1 = 0xFF02;
-    static final int TLS_DHE_RSA_WITH_SALSA20_SHA1 = 0xFF03;
-    static final int TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1 = 0xFF04;
-    static final int TLS_ECDHE_RSA_WITH_SALSA20_SHA1 = 0xFF05;
-    static final int TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1 = 0xFF06;
-    static final int TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1 = 0xFF07;
-    static final int TLS_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xFF08;
-    static final int TLS_PSK_WITH_SALSA20_SHA1 = 0xFF09;
-    static final int TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xFF0A;
-    static final int TLS_DHE_PSK_WITH_SALSA20_SHA1 = 0xFF0B;
-    static final int TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xFF0C;
-    static final int TLS_RSA_PSK_WITH_SALSA20_SHA1 = 0xFF0D;
-    static final int TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xFF0E;
-    static final int TLS_ECDHE_PSK_WITH_SALSA20_SHA1 = 0xFF0F;
-    static final int TLS_RSA_WITH_ESTREAM_SALSA20_UMAC96 = 0xFF10;
-    static final int TLS_RSA_WITH_SALSA20_UMAC96 = 0xFF11;
-    static final int TLS_DHE_RSA_WITH_ESTREAM_SALSA20_UMAC96 = 0xFF12;
-    static final int TLS_DHE_RSA_WITH_SALSA20_UMAC96 = 0xFF13;
-    static final int TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_UMAC96 = 0xFF14;
-    static final int TLS_ECDHE_RSA_WITH_SALSA20_UMAC96 = 0xFF15;
-    static final int TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_UMAC96 = 0xFF16;
-    static final int TLS_ECDHE_ECDSA_WITH_SALSA20_UMAC96 = 0xFF17;
-    static final int TLS_PSK_WITH_ESTREAM_SALSA20_UMAC96 = 0xFF18;
-    static final int TLS_PSK_WITH_SALSA20_UMAC96 = 0xFF19;
-    static final int TLS_DHE_PSK_WITH_ESTREAM_SALSA20_UMAC96 = 0xFF1A;
-    static final int TLS_DHE_PSK_WITH_SALSA20_UMAC96 = 0xFF1B;
-    static final int TLS_RSA_PSK_WITH_ESTREAM_SALSA20_UMAC96 = 0xFF1C;
-    static final int TLS_RSA_PSK_WITH_SALSA20_UMAC96 = 0xFF1D;
-    static final int TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_UMAC96 = 0xFF1E;
-    static final int TLS_ECDHE_PSK_WITH_SALSA20_UMAC96 = 0xFF1F;
+    public static final int TLS_RSA_WITH_ESTREAM_SALSA20_SHA1 = 0xE410;
+    public static final int TLS_RSA_WITH_SALSA20_SHA1 = 0xE411;
+    public static final int TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1 = 0xE412;
+    public static final int TLS_ECDHE_RSA_WITH_SALSA20_SHA1 = 0xE413;
+    public static final int TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1 = 0xE414;
+    public static final int TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1 = 0xE415;
+    public static final int TLS_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xE416;
+    public static final int TLS_PSK_WITH_SALSA20_SHA1 = 0xE417;
+    public static final int TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xE418;
+    public static final int TLS_ECDHE_PSK_WITH_SALSA20_SHA1 = 0xE419;
+    public static final int TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xE41A;
+    public static final int TLS_RSA_PSK_WITH_SALSA20_SHA1 = 0xE41B;
+    public static final int TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xE41C;
+    public static final int TLS_DHE_PSK_WITH_SALSA20_SHA1 = 0xE41D;
+    public static final int TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1 = 0xE41E;
+    public static final int TLS_DHE_RSA_WITH_SALSA20_SHA1 = 0xE41F;
+
+    /*
+     * draft-ietf-tls-downgrade-scsv-00
+     */
+    public static final int TLS_FALLBACK_SCSV = 0x5600;
+
+    public static boolean isSCSV(int cipherSuite)
+    {
+        switch (cipherSuite)
+        {
+        case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
+        case TLS_FALLBACK_SCSV:
+            return true;
+        default:
+            return false;
+        }
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CipherType.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CipherType.java
index cac7dbe..c6d845a 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CipherType.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CipherType.java
@@ -2,13 +2,12 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * <p/>
+ * <p>
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
 public class CipherType
 {
-
     public static final int stream = 0;
     public static final int block = 1;
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ClientAuthenticationType.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ClientAuthenticationType.java
index a77a826..77e6460 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ClientAuthenticationType.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ClientAuthenticationType.java
@@ -2,7 +2,6 @@ package org.bouncycastle.crypto.tls;
 
 public class ClientAuthenticationType
 {
-
     /*
      * RFC 5077 4
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ClientCertificateType.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ClientCertificateType.java
index 0a12aca..6bddfc0 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ClientCertificateType.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ClientCertificateType.java
@@ -2,7 +2,6 @@ package org.bouncycastle.crypto.tls;
 
 public class ClientCertificateType
 {
-
     /*
      *  RFC 4346 7.4.4
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CombinedHash.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CombinedHash.java
index 43b73bf..70c81a0 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CombinedHash.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CombinedHash.java
@@ -78,25 +78,25 @@ class CombinedHash
     /**
      * @see org.bouncycastle.crypto.Digest#update(byte)
      */
-    public void update(byte in)
+    public void update(byte input)
     {
-        md5.update(in);
-        sha1.update(in);
+        md5.update(input);
+        sha1.update(input);
     }
 
     /**
      * @see org.bouncycastle.crypto.Digest#update(byte[], int, int)
      */
-    public void update(byte[] in, int inOff, int len)
+    public void update(byte[] input, int inOff, int len)
     {
-        md5.update(in, inOff, len);
-        sha1.update(in, inOff, len);
+        md5.update(input, inOff, len);
+        sha1.update(input, inOff, len);
     }
 
     /**
      * @see org.bouncycastle.crypto.Digest#doFinal(byte[], int)
      */
-    public int doFinal(byte[] out, int outOff)
+    public int doFinal(byte[] output, int outOff)
     {
         if (context != null && TlsUtils.isSSL(context))
         {
@@ -104,8 +104,8 @@ class CombinedHash
             ssl3Complete(sha1, SSL3Mac.IPAD, SSL3Mac.OPAD, 40);
         }
 
-        int i1 = md5.doFinal(out, outOff);
-        int i2 = sha1.doFinal(out, outOff + i1);
+        int i1 = md5.doFinal(output, outOff);
+        int i2 = sha1.doFinal(output, outOff + i1);
         return i1 + i2;
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CompressionMethod.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CompressionMethod.java
index 935d378..5c3a4fb 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/CompressionMethod.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/CompressionMethod.java
@@ -7,11 +7,6 @@ public class CompressionMethod
 {
     public static final short _null = 0;
 
-    /**
-     * @deprecated use '_null' instead
-     */
-    public static final short NULL = _null;
-
     /*
      * RFC 3749 2
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ConnectionEnd.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ConnectionEnd.java
index f13def6..bcbf607 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ConnectionEnd.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ConnectionEnd.java
@@ -2,13 +2,12 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * <p/>
+ * <p>
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
 public class ConnectionEnd
 {
-
     public static final int server = 0;
     public static final int client = 1;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java
index b3b1abe..5d9d459 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java
@@ -32,11 +32,14 @@ public class DTLSClientProtocol
 
         SecurityParameters securityParameters = new SecurityParameters();
         securityParameters.entity = ConnectionEnd.client;
-        securityParameters.clientRandom = TlsProtocol.createRandomBlock(secureRandom);
 
         ClientHandshakeState state = new ClientHandshakeState();
         state.client = client;
         state.clientContext = new TlsClientContextImpl(secureRandom, securityParameters);
+
+        securityParameters.clientRandom = TlsProtocol.createRandomBlock(client.shouldUseGMTUnixTime(),
+            state.clientContext.getNonceRandomGenerator());
+
         client.init(state.clientContext);
 
         DTLSRecordLayer recordLayer = new DTLSRecordLayer(transport, state.clientContext, client, ContentType.handshake);
@@ -69,7 +72,7 @@ public class DTLSClientProtocol
         catch (RuntimeException e)
         {
             recordLayer.fail(AlertDescription.internal_error);
-            throw new TlsFatalAlert(AlertDescription.internal_error);
+            throw new TlsFatalAlert(AlertDescription.internal_error, e);
         }
     }
 
@@ -149,6 +152,10 @@ public class DTLSClientProtocol
                 throw new TlsFatalAlert(AlertDescription.illegal_parameter);
             }
 
+            Hashtable sessionServerExtensions = state.sessionParameters.readServerExtensions();
+
+            securityParameters.extendedMasterSecret = TlsExtensionsUtils.hasExtendedMasterSecretExtension(sessionServerExtensions);
+
             securityParameters.masterSecret = Arrays.clone(state.sessionParameters.getMasterSecret());
             recordLayer.initPendingEpoch(state.client.getCipher());
 
@@ -308,11 +315,12 @@ public class DTLSClientProtocol
         byte[] clientKeyExchangeBody = generateClientKeyExchange(state);
         handshake.sendMessage(HandshakeType.client_key_exchange, clientKeyExchangeBody);
 
+        TlsHandshakeHash prepareFinishHash = handshake.prepareToFinish();
+        securityParameters.sessionHash = TlsProtocol.getCurrentPRFHash(state.clientContext, prepareFinishHash, null);
+
         TlsProtocol.establishMasterSecret(state.clientContext, state.keyExchange);
         recordLayer.initPendingEpoch(state.client.getCipher());
 
-        TlsHandshakeHash prepareFinishHash = handshake.prepareToFinish();
-
         if (state.clientCredentials != null && state.clientCredentials instanceof TlsSignerCredentials)
         {
             TlsSignerCredentials signerCredentials = (TlsSignerCredentials)state.clientCredentials;
@@ -320,23 +328,17 @@ public class DTLSClientProtocol
             /*
              * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
              */
-            SignatureAndHashAlgorithm signatureAndHashAlgorithm;
-            byte[] hash;
+            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(
+                state.clientContext, signerCredentials);
 
-            if (TlsUtils.isTLSv12(state.clientContext))
+            byte[] hash;
+            if (signatureAndHashAlgorithm == null)
             {
-                signatureAndHashAlgorithm = signerCredentials.getSignatureAndHashAlgorithm();
-                if (signatureAndHashAlgorithm == null)
-                {
-                    throw new TlsFatalAlert(AlertDescription.internal_error);
-                }
-
-                hash = prepareFinishHash.getFinalHash(signatureAndHashAlgorithm.getHash());
+                hash = securityParameters.getSessionHash();
             }
             else
             {
-                signatureAndHashAlgorithm = null;
-                hash = TlsProtocol.getCurrentPRFHash(state.clientContext, prepareFinishHash, null);
+                hash = prepareFinishHash.getFinalHash(signatureAndHashAlgorithm.getHash());
             }
 
             byte[] signature = signerCredentials.generateCertificateSignature(hash);
@@ -377,6 +379,8 @@ public class DTLSClientProtocol
                 .setCompressionAlgorithm(securityParameters.compressionAlgorithm)
                 .setMasterSecret(securityParameters.masterSecret)
                 .setPeerCertificate(serverCertificate)
+                .setPSKIdentity(securityParameters.pskIdentity)
+                .setSRPIdentity(securityParameters.srpIdentity)
                 .build();
 
             state.tlsSession = TlsUtils.importSession(state.tlsSession.getSessionID(), state.sessionParameters);
@@ -408,10 +412,13 @@ public class DTLSClientProtocol
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
 
-        state.clientContext.setClientVersion(client_version);
+        TlsClientContextImpl context = state.clientContext;
+
+        context.setClientVersion(client_version);
         TlsUtils.writeVersion(client_version, buf);
 
-        buf.write(state.clientContext.getSecurityParameters().getClientRandom());
+        SecurityParameters securityParameters = context.getSecurityParameters();
+        buf.write(securityParameters.getClientRandom());
 
         // Session ID
         byte[] session_id = TlsUtils.EMPTY_BYTES;
@@ -428,6 +435,8 @@ public class DTLSClientProtocol
         // Cookie
         TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, buf);
 
+        boolean fallback = client.isFallback();
+
         /*
          * Cipher suites
          */
@@ -436,6 +445,8 @@ public class DTLSClientProtocol
         // Integer -> byte[]
         state.clientExtensions = client.getClientExtensions();
 
+        securityParameters.extendedMasterSecret = TlsExtensionsUtils.hasExtendedMasterSecretExtension(state.clientExtensions);
+
         // Cipher Suites (and SCSV)
         {
             /*
@@ -446,14 +457,25 @@ public class DTLSClientProtocol
             byte[] renegExtData = TlsUtils.getExtensionData(state.clientExtensions, TlsProtocol.EXT_RenegotiationInfo);
             boolean noRenegExt = (null == renegExtData);
 
-            boolean noSCSV = !Arrays.contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
+            boolean noRenegSCSV = !Arrays.contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
 
-            if (noRenegExt && noSCSV)
+            if (noRenegExt && noRenegSCSV)
             {
                 // TODO Consider whether to default to a client extension instead
                 state.offeredCipherSuites = Arrays.append(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
             }
 
+            /*
+             * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version
+             * containing a lower value than the latest (highest-valued) version supported by the
+             * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in
+             * ClientHello.cipher_suites.
+             */
+            if (fallback && !Arrays.contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
+            {
+                state.offeredCipherSuites = Arrays.append(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
+            }
+
             TlsUtils.writeUint16ArrayWithUint16Length(state.offeredCipherSuites, buf);
         }
 
@@ -618,7 +640,8 @@ public class DTLSClientProtocol
         state.selectedCipherSuite = TlsUtils.readUint16(buf);
         if (!Arrays.contains(state.offeredCipherSuites, state.selectedCipherSuite)
             || state.selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL
-            || state.selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
+            || CipherSuite.isSCSV(state.selectedCipherSuite)
+            || !TlsUtils.isValidCipherSuiteForVersion(state.selectedCipherSuite, server_version))
         {
             throw new TlsFatalAlert(AlertDescription.illegal_parameter);
         }
@@ -653,6 +676,17 @@ public class DTLSClientProtocol
         Hashtable serverExtensions = TlsProtocol.readExtensions(buf);
 
         /*
+         * draft-ietf-tls-session-hash-01 5.2. If a server receives the "extended_master_secret"
+         * extension, it MUST include the "extended_master_secret" extension in its ServerHello
+         * message.
+         */
+        boolean serverSentExtendedMasterSecret = TlsExtensionsUtils.hasExtendedMasterSecretExtension(serverExtensions);
+        if (serverSentExtendedMasterSecret != securityParameters.extendedMasterSecret)
+        {
+            throw new TlsFatalAlert(AlertDescription.handshake_failure);
+        }
+
+        /*
          * RFC 3546 2.2 Note that the extended server hello message is only sent in response to an
          * extended client hello message. However, see RFC 5746 exception below. We always include
          * the SCSV, so an Extended Server Hello is always allowed.
@@ -665,26 +699,53 @@ public class DTLSClientProtocol
                 Integer extType = (Integer)e.nextElement();
 
                 /*
-                 * RFC 5746 Note that sending a "renegotiation_info" extension in response to a
+                 * RFC 5746 3.6. Note that sending a "renegotiation_info" extension in response to a
                  * ClientHello containing only the SCSV is an explicit exception to the prohibition
                  * in RFC 5246, Section 7.4.1.4, on the server sending unsolicited extensions and is
                  * only allowed because the client is signaling its willingness to receive the
-                 * extension via the TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV. TLS implementations
-                 * MUST continue to comply with Section 7.4.1.4 for all other extensions.
+                 * extension via the TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV.
                  */
-                if (!extType.equals(TlsProtocol.EXT_RenegotiationInfo)
-                    && null == TlsUtils.getExtensionData(state.clientExtensions, extType))
+                if (extType.equals(TlsProtocol.EXT_RenegotiationInfo))
+                {
+                    continue;
+                }
+
+                /*
+                 * RFC 5246 7.4.1.4 An extension type MUST NOT appear in the ServerHello unless the
+                 * same extension type appeared in the corresponding ClientHello. If a client
+                 * receives an extension type in ServerHello that it did not request in the
+                 * associated ClientHello, it MUST abort the handshake with an unsupported_extension
+                 * fatal alert.
+                 */
+                if (null == TlsUtils.getExtensionData(state.clientExtensions, extType))
                 {
-                    /*
-                     * RFC 3546 2.3 Note that for all extension types (including those defined in
-                     * future), the extension type MUST NOT appear in the extended server hello
-                     * unless the same extension type appeared in the corresponding client hello.
-                     * Thus clients MUST abort the handshake if they receive an extension type in
-                     * the extended server hello that they did not request in the associated
-                     * (extended) client hello.
-                     */
                     throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                 }
+
+                /*
+                 * draft-ietf-tls-session-hash-01 5.2. Implementation note: if the server decides to
+                 * proceed with resumption, the extension does not have any effect. Requiring the
+                 * extension to be included anyway makes the extension negotiation logic easier,
+                 * because it does not depend on whether resumption is accepted or not.
+                 */
+                if (extType.equals(TlsExtensionsUtils.EXT_extended_master_secret))
+                {
+                    continue;
+                }
+
+                /*
+                 * RFC 3546 2.3. If [...] the older session is resumed, then the server MUST ignore
+                 * extensions appearing in the client hello, and send a server hello containing no
+                 * extensions[.]
+                 */
+                // TODO[sessions]
+//                if (this.resumedSession)
+//                {
+//                    // TODO[compat-gnutls] GnuTLS test server sends server extensions e.g. ec_point_formats
+//                    // TODO[compat-openssl] OpenSSL test server sends server extensions e.g. ec_point_formats
+//                    // TODO[compat-polarssl] PolarSSL test server sends server extensions e.g. ec_point_formats
+////                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+//                }
             }
 
             /*
@@ -714,6 +775,20 @@ public class DTLSClientProtocol
                 }
             }
 
+            /*
+             * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client
+             * and then selects a stream or Authenticated Encryption with Associated Data (AEAD)
+             * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the
+             * client.
+             */
+            boolean serverSentEncryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(serverExtensions);
+            if (serverSentEncryptThenMAC && !TlsUtils.isBlockCipherSuite(state.selectedCipherSuite))
+            {
+                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            }
+
+            securityParameters.encryptThenMAC = serverSentEncryptThenMAC;
+
             state.maxFragmentLength = evaluateMaxFragmentLengthExtension(state.clientExtensions, serverExtensions,
                 AlertDescription.illegal_parameter);
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSEpoch.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSEpoch.java
index 59fbc53..aec96ce 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSEpoch.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSEpoch.java
@@ -2,13 +2,12 @@ package org.bouncycastle.crypto.tls;
 
 class DTLSEpoch
 {
-
     private final DTLSReplayWindow replayWindow = new DTLSReplayWindow();
 
     private final int epoch;
     private final TlsCipher cipher;
 
-    private long sequence_number = 0;
+    private long sequenceNumber = 0;
 
     DTLSEpoch(int epoch, TlsCipher cipher)
     {
@@ -28,7 +27,7 @@ class DTLSEpoch
     long allocateSequenceNumber()
     {
         // TODO Check for overflow
-        return sequence_number++;
+        return sequenceNumber++;
     }
 
     TlsCipher getCipher()
@@ -46,8 +45,8 @@ class DTLSEpoch
         return replayWindow;
     }
 
-    long getSequence_number()
+    long getSequenceNumber()
     {
-        return sequence_number;
+        return sequenceNumber;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java
index e27580c..db43011 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java
@@ -68,23 +68,11 @@ public abstract class DTLSProtocol
     protected static void validateSelectedCipherSuite(int selectedCipherSuite, short alertDescription)
         throws IOException
     {
-        switch (selectedCipherSuite)
+        switch (TlsUtils.getEncryptionAlgorithm(selectedCipherSuite))
         {
-        case CipherSuite.TLS_RSA_EXPORT_WITH_RC4_40_MD5:
-        case CipherSuite.TLS_RSA_WITH_RC4_128_MD5:
-        case CipherSuite.TLS_RSA_WITH_RC4_128_SHA:
-        case CipherSuite.TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:
-        case CipherSuite.TLS_DH_anon_WITH_RC4_128_MD5:
-        case CipherSuite.TLS_PSK_WITH_RC4_128_SHA:
-        case CipherSuite.TLS_DHE_PSK_WITH_RC4_128_SHA:
-        case CipherSuite.TLS_RSA_PSK_WITH_RC4_128_SHA:
-        case CipherSuite.TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
-        case CipherSuite.TLS_ECDH_RSA_WITH_RC4_128_SHA:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
-        case CipherSuite.TLS_ECDH_anon_WITH_RC4_128_SHA:
-            // TODO Alert
-            throw new IllegalStateException("RC4 MUST NOT be used with DTLS");
+        case EncryptionAlgorithm.RC4_40:
+        case EncryptionAlgorithm.RC4_128:
+            throw new TlsFatalAlert(alertDescription);
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReassembler.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReassembler.java
index d82bcc9..c052dcd 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReassembler.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReassembler.java
@@ -4,7 +4,6 @@ import java.util.Vector;
 
 class DTLSReassembler
 {
-
     private final short msg_type;
     private final byte[] body;
 
@@ -17,7 +16,7 @@ class DTLSReassembler
         this.missing.addElement(new Range(0, length));
     }
 
-    short getType()
+    short getMsgType()
     {
         return msg_type;
     }
@@ -28,9 +27,8 @@ class DTLSReassembler
     }
 
     void contributeFragment(short msg_type, int length, byte[] buf, int off, int fragment_offset,
-                            int fragment_length)
+        int fragment_length)
     {
-
         int fragment_end = fragment_offset + fragment_length;
 
         if (this.msg_type != msg_type || this.body.length != length || fragment_end > length)
@@ -82,15 +80,11 @@ class DTLSReassembler
                 }
                 else
                 {
-                    if (copyEnd == range.getEnd())
-                    {
-                        range.setEnd(copyStart);
-                    }
-                    else
+                    if (copyEnd != range.getEnd())
                     {
                         missing.insertElementAt(new Range(copyEnd, range.getEnd()), ++i);
-                        range.setEnd(copyStart);
                     }
+                    range.setEnd(copyStart);
                 }
             }
         }
@@ -104,7 +98,6 @@ class DTLSReassembler
 
     private static class Range
     {
-
         private int start, end;
 
         Range(int start, int end)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSRecordLayer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSRecordLayer.java
index cba13d5..5abd86e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSRecordLayer.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSRecordLayer.java
@@ -245,10 +245,6 @@ class DTLSRecordLayer
                             closeTransport();
                         }
                     }
-                    else
-                    {
-                        // TODO What exception?
-                    }
 
                     continue;
                 }
@@ -431,7 +427,7 @@ class DTLSRecordLayer
         }
     }
 
-    private void raiseAlert(short alertLevel, short alertDescription, String message, Exception cause)
+    private void raiseAlert(short alertLevel, short alertDescription, String message, Throwable cause)
         throws IOException
     {
         peer.notifyAlertRaised(alertLevel, alertDescription, message, cause);
@@ -446,17 +442,17 @@ class DTLSRecordLayer
     private int receiveRecord(byte[] buf, int off, int len, int waitMillis)
         throws IOException
     {
-        if (recordQueue.size() > 0)
+        if (recordQueue.available() > 0)
         {
             int length = 0;
-            if (recordQueue.size() >= RECORD_HEADER_LENGTH)
+            if (recordQueue.available() >= RECORD_HEADER_LENGTH)
             {
                 byte[] lengthBytes = new byte[2];
                 recordQueue.read(lengthBytes, 0, 2, 11);
                 length = TlsUtils.readUint16(lengthBytes, 0);
             }
 
-            int received = Math.min(recordQueue.size(), RECORD_HEADER_LENGTH + length);
+            int received = Math.min(recordQueue.available(), RECORD_HEADER_LENGTH + length);
             recordQueue.removeData(buf, off, received, 0);
             return received;
         }
@@ -515,6 +511,6 @@ class DTLSRecordLayer
 
     private static long getMacSequenceNumber(int epoch, long sequence_number)
     {
-        return ((long)epoch << 48) | sequence_number;
+        return ((epoch & 0xFFFFFFFFL) << 48) | sequence_number;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReliableHandshake.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReliableHandshake.java
index 84ccfcb..9218d19 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReliableHandshake.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReliableHandshake.java
@@ -97,7 +97,7 @@ class DTLSReliableHandshake
                 if (body != null)
                 {
                     previousInboundFlight = null;
-                    return updateHandshakeMessagesDigest(new Message(next_receive_seq++, next.getType(), body));
+                    return updateHandshakeMessagesDigest(new Message(next_receive_seq++, next.getMsgType(), body));
                 }
             }
         }
@@ -107,7 +107,7 @@ class DTLSReliableHandshake
         // TODO Check the conditions under which we should reset this
         int readTimeoutMillis = 1000;
 
-        for (; ; )
+        for (;;)
         {
             int receiveLimit = recordLayer.getReceiveLimit();
             if (buf == null || buf.length < receiveLimit)
@@ -160,13 +160,11 @@ class DTLSReliableHandshake
                                 .valueOf(seq));
                             if (reassembler != null)
                             {
-
                                 reassembler.contributeFragment(msg_type, length, buf, 12, fragment_offset,
                                     fragment_length);
 
                                 if (checkAll(previousInboundFlight))
                                 {
-
                                     resendOutboundFlight();
 
                                     /*
@@ -182,7 +180,6 @@ class DTLSReliableHandshake
                     }
                     else
                     {
-
                         DTLSReassembler reassembler = (DTLSReassembler)currentInboundFlight.get(Integers.valueOf(seq));
                         if (reassembler == null)
                         {
@@ -199,7 +196,7 @@ class DTLSReliableHandshake
                             {
                                 previousInboundFlight = null;
                                 return updateHandshakeMessagesDigest(new Message(next_receive_seq++,
-                                    reassembler.getType(), body));
+                                    reassembler.getMsgType(), body));
                             }
                         }
                     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReplayWindow.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReplayWindow.java
index 0a5325b..06537aa 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReplayWindow.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSReplayWindow.java
@@ -2,12 +2,12 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 4347 4.1.2.5 Anti-replay
- * <p/>
+ * <p>
  * Support fast rejection of duplicate records by maintaining a sliding receive window
+ * </p>
  */
 class DTLSReplayWindow
 {
-
     private static final long VALID_SEQ_MASK = 0x0000FFFFFFFFFFFFL;
 
     private static final long WINDOW_SIZE = 64L;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
index fbb3336..2d36788 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
@@ -46,11 +46,14 @@ public class DTLSServerProtocol
 
         SecurityParameters securityParameters = new SecurityParameters();
         securityParameters.entity = ConnectionEnd.server;
-        securityParameters.serverRandom = TlsProtocol.createRandomBlock(secureRandom);
 
         ServerHandshakeState state = new ServerHandshakeState();
         state.server = server;
         state.serverContext = new TlsServerContextImpl(secureRandom, securityParameters);
+
+        securityParameters.serverRandom = TlsProtocol.createRandomBlock(server.shouldUseGMTUnixTime(),
+            state.serverContext.getNonceRandomGenerator());
+
         server.init(state.serverContext);
 
         DTLSRecordLayer recordLayer = new DTLSRecordLayer(transport, state.serverContext, server, ContentType.handshake);
@@ -74,7 +77,7 @@ public class DTLSServerProtocol
         catch (RuntimeException e)
         {
             recordLayer.fail(AlertDescription.internal_error);
-            throw new TlsFatalAlert(AlertDescription.internal_error);
+            throw new TlsFatalAlert(AlertDescription.internal_error, e);
         }
     }
 
@@ -244,11 +247,12 @@ public class DTLSServerProtocol
             throw new TlsFatalAlert(AlertDescription.unexpected_message);
         }
 
+        TlsHandshakeHash prepareFinishHash = handshake.prepareToFinish();
+        securityParameters.sessionHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null);
+
         TlsProtocol.establishMasterSecret(state.serverContext, state.keyExchange);
         recordLayer.initPendingEpoch(state.server.getCipher());
 
-        TlsHandshakeHash prepareFinishHash = handshake.prepareToFinish();
-
         /*
          * RFC 5246 7.4.8 This message is only sent following a client certificate that has signing
          * capability (i.e., all certificates except those containing fixed Diffie-Hellman
@@ -340,7 +344,8 @@ public class DTLSServerProtocol
         state.selectedCipherSuite = state.server.getSelectedCipherSuite();
         if (!Arrays.contains(state.offeredCipherSuites, state.selectedCipherSuite)
             || state.selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL
-            || state.selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
+            || CipherSuite.isSCSV(state.selectedCipherSuite)
+            || !TlsUtils.isValidCipherSuiteForVersion(state.selectedCipherSuite, server_version))
         {
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
@@ -386,8 +391,16 @@ public class DTLSServerProtocol
             }
         }
 
+        if (securityParameters.extendedMasterSecret)
+        {
+            state.serverExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(state.serverExtensions);
+            TlsExtensionsUtils.addExtendedMasterSecretExtension(state.serverExtensions);
+        }
+
         if (state.serverExtensions != null)
         {
+            securityParameters.encryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(state.serverExtensions);
+
             state.maxFragmentLength = evaluateMaxFragmentLengthExtension(state.clientExtensions, state.serverExtensions,
                 AlertDescription.internal_error);
 
@@ -467,27 +480,40 @@ public class DTLSServerProtocol
     {
         ByteArrayInputStream buf = new ByteArrayInputStream(body);
 
-        DigitallySigned clientCertificateVerify = DigitallySigned.parse(state.serverContext, buf);
+        TlsServerContextImpl context = state.serverContext;
+        DigitallySigned clientCertificateVerify = DigitallySigned.parse(context, buf);
 
         TlsProtocol.assertEmpty(buf);
 
         // Verify the CertificateVerify message contains a correct signature.
+        boolean verified = false;
         try
         {
-            // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned
-            byte[] certificateVerifyHash = TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null);
+            byte[] hash;
+            if (TlsUtils.isTLSv12(context))
+            {
+                hash = prepareFinishHash.getFinalHash(clientCertificateVerify.getAlgorithm().getHash());
+            }
+            else
+            {
+                hash = context.getSecurityParameters().getSessionHash();
+            }
 
             org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0);
             SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
             AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo);
 
             TlsSigner tlsSigner = TlsUtils.createTlsSigner(state.clientCertificateType);
-            tlsSigner.init(state.serverContext);
-            tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(),
-                clientCertificateVerify.getSignature(), publicKey, certificateVerifyHash);
+            tlsSigner.init(context);
+            verified = tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(),
+                clientCertificateVerify.getSignature(), publicKey, hash);
         }
         catch (Exception e)
         {
+        }
+
+        if (!verified)
+        {
             throw new TlsFatalAlert(AlertDescription.decrypt_error);
         }
     }
@@ -545,11 +571,17 @@ public class DTLSServerProtocol
          */
         state.clientExtensions = TlsProtocol.readExtensions(buf);
 
-        state.serverContext.setClientVersion(client_version);
+        TlsServerContextImpl context = state.serverContext;
+        SecurityParameters securityParameters = context.getSecurityParameters();
+
+        securityParameters.extendedMasterSecret = TlsExtensionsUtils.hasExtendedMasterSecretExtension(state.clientExtensions);
+
+        context.setClientVersion(client_version);
 
         state.server.notifyClientVersion(client_version);
+        state.server.notifyFallback(Arrays.contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV));
 
-        state.serverContext.getSecurityParameters().clientRandom = client_random;
+        securityParameters.clientRandom = client_random;
 
         state.server.notifyOfferedCipherSuites(state.offeredCipherSuites);
         state.server.notifyOfferedCompressionMethods(state.offeredCompressionMethods);
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSTransport.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSTransport.java
index a67d7bd..ea790aa 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSTransport.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DTLSTransport.java
@@ -5,7 +5,6 @@ import java.io.IOException;
 public class DTLSTransport
     implements DatagramTransport
 {
-
     private final DTLSRecordLayer recordLayer;
 
     DTLSTransport(DTLSRecordLayer recordLayer)
@@ -45,7 +44,7 @@ public class DTLSTransport
         catch (RuntimeException e)
         {
             recordLayer.fail(AlertDescription.internal_error);
-            throw new TlsFatalAlert(AlertDescription.internal_error);
+            throw new TlsFatalAlert(AlertDescription.internal_error, e);
         }
     }
 
@@ -69,7 +68,7 @@ public class DTLSTransport
         catch (RuntimeException e)
         {
             recordLayer.fail(AlertDescription.internal_error);
-            throw new TlsFatalAlert(AlertDescription.internal_error);
+            throw new TlsFatalAlert(AlertDescription.internal_error, e);
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DatagramTransport.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DatagramTransport.java
index df63b18..1497214 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DatagramTransport.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DatagramTransport.java
@@ -4,7 +4,6 @@ import java.io.IOException;
 
 public interface DatagramTransport
 {
-
     int getReceiveLimit()
         throws IOException;
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java
index 7f70c64..f320943 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java
@@ -4,20 +4,13 @@ import java.io.IOException;
 
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.engines.AESEngine;
 import org.bouncycastle.crypto.engines.CamelliaEngine;
 import org.bouncycastle.crypto.engines.DESedeEngine;
 import org.bouncycastle.crypto.engines.RC4Engine;
 import org.bouncycastle.crypto.engines.SEEDEngine;
 import org.bouncycastle.crypto.engines.Salsa20Engine;
-import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.modes.AEADBlockCipher;
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.modes.CCMBlockCipher;
@@ -33,6 +26,9 @@ public class DefaultTlsCipherFactory
         {
         case EncryptionAlgorithm._3DES_EDE_CBC:
             return createDESedeCipher(context, macAlgorithm);
+        case EncryptionAlgorithm.AEAD_CHACHA20_POLY1305:
+            // NOTE: Ignores macAlgorithm
+            return createChaCha20Poly1305(context);
         case EncryptionAlgorithm.AES_128_CBC:
             return createAESCipher(context, 16, macAlgorithm);
         case EncryptionAlgorithm.AES_128_CCM:
@@ -57,8 +53,14 @@ public class DefaultTlsCipherFactory
             return createCipher_AES_GCM(context, 32, 16);
         case EncryptionAlgorithm.CAMELLIA_128_CBC:
             return createCamelliaCipher(context, 16, macAlgorithm);
+        case EncryptionAlgorithm.CAMELLIA_128_GCM:
+            // NOTE: Ignores macAlgorithm
+            return createCipher_Camellia_GCM(context, 16, 16);
         case EncryptionAlgorithm.CAMELLIA_256_CBC:
             return createCamelliaCipher(context, 32, macAlgorithm);
+        case EncryptionAlgorithm.CAMELLIA_256_GCM:
+            // NOTE: Ignores macAlgorithm
+            return createCipher_Camellia_GCM(context, 32, 16);
         case EncryptionAlgorithm.ESTREAM_SALSA20:
             return createSalsa20Cipher(context, 12, 32, macAlgorithm);
         case EncryptionAlgorithm.NULL:
@@ -81,6 +83,19 @@ public class DefaultTlsCipherFactory
             createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize);
     }
 
+    protected TlsBlockCipher createCamelliaCipher(TlsContext context, int cipherKeySize, int macAlgorithm)
+        throws IOException
+    {
+        return new TlsBlockCipher(context, createCamelliaBlockCipher(),
+            createCamelliaBlockCipher(), createHMACDigest(macAlgorithm),
+            createHMACDigest(macAlgorithm), cipherKeySize);
+    }
+
+    protected TlsCipher createChaCha20Poly1305(TlsContext context) throws IOException
+    {
+        return new Chacha20Poly1305(context);
+    }
+
     protected TlsAEADCipher createCipher_AES_CCM(TlsContext context, int cipherKeySize, int macSize)
         throws IOException
     {
@@ -95,12 +110,11 @@ public class DefaultTlsCipherFactory
             createAEADBlockCipher_AES_GCM(), cipherKeySize, macSize);
     }
 
-    protected TlsBlockCipher createCamelliaCipher(TlsContext context, int cipherKeySize, int macAlgorithm)
+    protected TlsAEADCipher createCipher_Camellia_GCM(TlsContext context, int cipherKeySize, int macSize)
         throws IOException
     {
-        return new TlsBlockCipher(context, createCamelliaBlockCipher(),
-            createCamelliaBlockCipher(), createHMACDigest(macAlgorithm),
-            createHMACDigest(macAlgorithm), cipherKeySize);
+        return new TlsAEADCipher(context, createAEADBlockCipher_Camellia_GCM(),
+            createAEADBlockCipher_Camellia_GCM(), cipherKeySize, macSize);
     }
 
     protected TlsBlockCipher createDESedeCipher(TlsContext context, int macAlgorithm)
@@ -121,18 +135,14 @@ public class DefaultTlsCipherFactory
         throws IOException
     {
         return new TlsStreamCipher(context, createRC4StreamCipher(), createRC4StreamCipher(),
-            createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize);
+            createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize, false);
     }
 
     protected TlsStreamCipher createSalsa20Cipher(TlsContext context, int rounds, int cipherKeySize, int macAlgorithm)
         throws IOException
     {
-        /*
-         * TODO To be able to support UMAC96, we need to give the TlsStreamCipher a Mac instead of
-         * assuming HMAC and passing a digest.
-         */
         return new TlsStreamCipher(context, createSalsa20StreamCipher(rounds), createSalsa20StreamCipher(rounds),
-            createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize);
+            createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize, true);
     }
 
     protected TlsBlockCipher createSEEDCipher(TlsContext context, int macAlgorithm)
@@ -142,25 +152,41 @@ public class DefaultTlsCipherFactory
             createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), 16);
     }
 
+    protected BlockCipher createAESEngine()
+    {
+        return new AESEngine();
+    }
+
+    protected BlockCipher createCamelliaEngine()
+    {
+        return new CamelliaEngine();
+    }
+
     protected BlockCipher createAESBlockCipher()
     {
-        return new CBCBlockCipher(new AESFastEngine());
+        return new CBCBlockCipher(createAESEngine());
     }
 
     protected AEADBlockCipher createAEADBlockCipher_AES_CCM()
     {
-        return new CCMBlockCipher(new AESFastEngine());
+        return new CCMBlockCipher(createAESEngine());
     }
 
     protected AEADBlockCipher createAEADBlockCipher_AES_GCM()
     {
         // TODO Consider allowing custom configuration of multiplier
-        return new GCMBlockCipher(new AESFastEngine());
+        return new GCMBlockCipher(createAESEngine());
+    }
+
+    protected AEADBlockCipher createAEADBlockCipher_Camellia_GCM()
+    {
+        // TODO Consider allowing custom configuration of multiplier
+        return new GCMBlockCipher(createCamelliaEngine());
     }
 
     protected BlockCipher createCamelliaBlockCipher()
     {
-        return new CBCBlockCipher(new CamelliaEngine());
+        return new CBCBlockCipher(createCamelliaEngine());
     }
 
     protected BlockCipher createDESedeBlockCipher()
@@ -190,29 +216,17 @@ public class DefaultTlsCipherFactory
         case MACAlgorithm._null:
             return null;
         case MACAlgorithm.hmac_md5:
-            return new MD5Digest();
+            return TlsUtils.createHash(HashAlgorithm.md5);
         case MACAlgorithm.hmac_sha1:
-            return new SHA1Digest();
+            return TlsUtils.createHash(HashAlgorithm.sha1);
         case MACAlgorithm.hmac_sha256:
-            return new SHA256Digest();
+            return TlsUtils.createHash(HashAlgorithm.sha256);
         case MACAlgorithm.hmac_sha384:
-            return new SHA384Digest();
+            return TlsUtils.createHash(HashAlgorithm.sha384);
         case MACAlgorithm.hmac_sha512:
-            return new SHA512Digest();
+            return TlsUtils.createHash(HashAlgorithm.sha512);
         default:
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
     }
-
-    protected Mac createMac(int macAlgorithm) throws IOException
-    {
-        switch (macAlgorithm)
-        {
-        // TODO Need an implementation of UMAC
-//        case MACAlgorithm.umac96:
-//            return
-        default:
-            return new HMac(createHMACDigest(macAlgorithm));
-        }
-    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java
index 63db45f..0ed8ea0 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsClient.java
@@ -17,10 +17,21 @@ public abstract class DefaultTlsClient
 
     public int[] getCipherSuites()
     {
-        return new int[] { CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-            CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
-            CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA };
+        return new int[]
+        {
+            CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+            CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+            CipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+            CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+            CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
+            CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
+        };
     }
 
     public TlsKeyExchange getKeyExchange()
@@ -36,7 +47,11 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
         case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DH_DSS_WITH_SEED_CBC_SHA:
             return createDHKeyExchange(KeyExchangeAlgorithm.DH_DSS);
 
@@ -48,7 +63,11 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
         case CipherSuite.TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DH_RSA_WITH_SEED_CBC_SHA:
             return createDHKeyExchange(KeyExchangeAlgorithm.DH_RSA);
 
@@ -60,7 +79,11 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
         case CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_DSS_WITH_SEED_CBC_SHA:
             return createDHEKeyExchange(KeyExchangeAlgorithm.DHE_DSS);
 
@@ -76,11 +99,14 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_DHE_RSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_DHE_RSA_WITH_SALSA20_UMAC96:
         case CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA:
             return createDHEKeyExchange(KeyExchangeAlgorithm.DHE_RSA);
 
@@ -91,6 +117,10 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
             return createECDHKeyExchange(KeyExchangeAlgorithm.ECDH_ECDSA);
@@ -102,6 +132,10 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_ECDH_RSA_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDH_RSA_WITH_RC4_128_SHA:
             return createECDHKeyExchange(KeyExchangeAlgorithm.ECDH_RSA);
@@ -109,16 +143,23 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_UMAC96:
             return createECDHEKeyExchange(KeyExchangeAlgorithm.ECDHE_ECDSA);
 
         case CipherSuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
@@ -128,12 +169,15 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_RSA_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_UMAC96:
             return createECDHEKeyExchange(KeyExchangeAlgorithm.ECDHE_RSA);
 
         case CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
@@ -148,16 +192,18 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_RSA_WITH_NULL_MD5:
         case CipherSuite.TLS_RSA_WITH_NULL_SHA:
         case CipherSuite.TLS_RSA_WITH_NULL_SHA256:
         case CipherSuite.TLS_RSA_WITH_RC4_128_MD5:
         case CipherSuite.TLS_RSA_WITH_RC4_128_SHA:
         case CipherSuite.TLS_RSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_RSA_WITH_SALSA20_UMAC96:
         case CipherSuite.TLS_RSA_WITH_SEED_CBC_SHA:
             return createRSAKeyExchange();
 
@@ -187,6 +233,11 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
             return cipherFactory.createCipher(context, EncryptionAlgorithm._3DES_EDE_CBC, MACAlgorithm.hmac_sha1);
 
+        case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AEAD_CHACHA20_POLY1305, MACAlgorithm._null);
+
         case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA:
         case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA:
         case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
@@ -210,10 +261,12 @@ public abstract class DefaultTlsClient
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CBC, MACAlgorithm.hmac_sha256);
 
         case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
         case CipherSuite.TLS_RSA_WITH_AES_128_CCM:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CCM, MACAlgorithm._null);
 
         case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
         case CipherSuite.TLS_RSA_WITH_AES_128_CCM_8:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CCM_8, MACAlgorithm._null);
 
@@ -253,10 +306,12 @@ public abstract class DefaultTlsClient
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CBC, MACAlgorithm.hmac_sha384);
 
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
         case CipherSuite.TLS_RSA_WITH_AES_256_CCM:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CCM, MACAlgorithm._null);
 
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CCM_8, MACAlgorithm._null);
 
@@ -278,6 +333,28 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_CBC, MACAlgorithm.hmac_sha1);
 
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_CBC, MACAlgorithm.hmac_sha256);
+
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_GCM, MACAlgorithm._null);
+
         case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA:
         case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA:
         case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
@@ -285,18 +362,36 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_CBC, MACAlgorithm.hmac_sha1);
 
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_CBC, MACAlgorithm.hmac_sha256);
+
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_GCM, MACAlgorithm._null);
+
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_CBC, MACAlgorithm.hmac_sha384);
+
         case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.ESTREAM_SALSA20, MACAlgorithm.hmac_sha1);
 
-        case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_UMAC96:
-        case CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_UMAC96:
-            return cipherFactory.createCipher(context, EncryptionAlgorithm.ESTREAM_SALSA20, MACAlgorithm.umac96);
-
         case CipherSuite.TLS_RSA_WITH_NULL_MD5:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.NULL, MACAlgorithm.hmac_md5);
 
@@ -326,12 +421,6 @@ public abstract class DefaultTlsClient
         case CipherSuite.TLS_RSA_WITH_SALSA20_SHA1:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.SALSA20, MACAlgorithm.hmac_sha1);
 
-        case CipherSuite.TLS_DHE_RSA_WITH_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_UMAC96:
-        case CipherSuite.TLS_RSA_WITH_SALSA20_UMAC96:
-            return cipherFactory.createCipher(context, EncryptionAlgorithm.SALSA20, MACAlgorithm.umac96);
-
         case CipherSuite.TLS_DH_DSS_WITH_SEED_CBC_SHA:
         case CipherSuite.TLS_DH_RSA_WITH_SEED_CBC_SHA:
         case CipherSuite.TLS_DHE_DSS_WITH_SEED_CBC_SHA:
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java
index dcdb493..d5151bc 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java
@@ -2,15 +2,10 @@ package org.bouncycastle.crypto.tls;
 
 import java.io.IOException;
 
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.RSABlindedEngine;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 
-public class DefaultTlsEncryptionCredentials
-    extends AbstractTlsEncryptionCredentials
+public class DefaultTlsEncryptionCredentials extends AbstractTlsEncryptionCredentials
 {
     protected TlsContext context;
     protected Certificate certificate;
@@ -58,18 +53,6 @@ public class DefaultTlsEncryptionCredentials
     public byte[] decryptPreMasterSecret(byte[] encryptedPreMasterSecret)
         throws IOException
     {
-
-        PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine());
-        encoding.init(false, new ParametersWithRandom(this.privateKey, context.getSecureRandom()));
-
-        try
-        {
-            return encoding.processBlock(encryptedPreMasterSecret, 0,
-                encryptedPreMasterSecret.length);
-        }
-        catch (InvalidCipherTextException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
+        return TlsRSAUtils.safeDecryptPreMasterSecret(context, (RSAKeyParameters)privateKey, encryptedPreMasterSecret);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSRPGroupVerifier.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSRPGroupVerifier.java
new file mode 100644
index 0000000..8fb9baa
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSRPGroupVerifier.java
@@ -0,0 +1,67 @@
+package org.bouncycastle.crypto.tls;
+
+import java.math.BigInteger;
+import java.util.Vector;
+
+import org.bouncycastle.crypto.agreement.srp.SRP6StandardGroups;
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
+
+public class DefaultTlsSRPGroupVerifier
+    implements TlsSRPGroupVerifier
+{
+    protected static final Vector DEFAULT_GROUPS = new Vector();
+
+    static
+    {
+        DEFAULT_GROUPS.addElement(SRP6StandardGroups.rfc5054_1024);
+        DEFAULT_GROUPS.addElement(SRP6StandardGroups.rfc5054_1536);
+        DEFAULT_GROUPS.addElement(SRP6StandardGroups.rfc5054_2048);
+        DEFAULT_GROUPS.addElement(SRP6StandardGroups.rfc5054_3072);
+        DEFAULT_GROUPS.addElement(SRP6StandardGroups.rfc5054_4096);
+        DEFAULT_GROUPS.addElement(SRP6StandardGroups.rfc5054_6144);
+        DEFAULT_GROUPS.addElement(SRP6StandardGroups.rfc5054_8192);
+    }
+
+    // Vector is (SRP6GroupParameters)
+    protected Vector groups;
+
+    /**
+     * Accept only the group parameters specified in RFC 5054 Appendix A.
+     */
+    public DefaultTlsSRPGroupVerifier()
+    {
+        this(DEFAULT_GROUPS);
+    }
+
+    /**
+     * Specify a custom set of acceptable group parameters.
+     * 
+     * @param groups a {@link Vector} of acceptable {@link SRP6GroupParameters}
+     */
+    public DefaultTlsSRPGroupVerifier(Vector groups)
+    {
+        this.groups = groups;
+    }
+
+    public boolean accept(SRP6GroupParameters group)
+    {
+        for (int i = 0; i < groups.size(); ++i)
+        {
+            if (areGroupsEqual(group, (SRP6GroupParameters)groups.elementAt(i)))
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    protected boolean areGroupsEqual(SRP6GroupParameters a, SRP6GroupParameters b)
+    {
+        return a == b || (areParametersEqual(a.getN(), b.getN()) && areParametersEqual(a.getG(), b.getG()));
+    }
+    
+    protected boolean areParametersEqual(BigInteger a, BigInteger b)
+    {
+        return a == b || a.equals(b);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsServer.java
index 31b6a74..8c48331 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsServer.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsServer.java
@@ -8,7 +8,6 @@ import org.bouncycastle.crypto.params.DHParameters;
 public abstract class DefaultTlsServer
     extends AbstractTlsServer
 {
-
     public DefaultTlsServer()
     {
         super();
@@ -19,6 +18,18 @@ public abstract class DefaultTlsServer
         super(cipherFactory);
     }
 
+    protected TlsSignerCredentials getDSASignerCredentials()
+        throws IOException
+    {
+        throw new TlsFatalAlert(AlertDescription.internal_error);
+    }
+
+    protected TlsSignerCredentials getECDSASignerCredentials()
+        throws IOException
+    {
+        throw new TlsFatalAlert(AlertDescription.internal_error);
+    }
+
     protected TlsEncryptionCredentials getRSAEncryptionCredentials()
         throws IOException
     {
@@ -38,11 +49,21 @@ public abstract class DefaultTlsServer
 
     protected int[] getCipherSuites()
     {
-        return new int[]{CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-            CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA, CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-            CipherSuite.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
-            CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA,};
+        return new int[]
+        {
+            CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+            CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+            CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
+            CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
+            CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
+            CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
+            CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
+        };
     }
 
     public TlsCredentials getCredentials()
@@ -50,6 +71,76 @@ public abstract class DefaultTlsServer
     {
         switch (selectedCipherSuite)
         {
+        case CipherSuite.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_DSS_WITH_DES_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_SEED_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_DES_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_SEED_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
+            return getDSASignerCredentials();
+
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1:
+            return getECDSASignerCredentials();
+
         case CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
         case CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA:
         case CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256:
@@ -62,7 +153,11 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_WITH_NULL_MD5:
         case CipherSuite.TLS_RSA_WITH_NULL_SHA:
         case CipherSuite.TLS_RSA_WITH_NULL_SHA256:
@@ -83,7 +178,12 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
@@ -92,8 +192,15 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_ECDHE_RSA_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1:
             return getRSASignerCredentials();
 
         default:
@@ -117,7 +224,11 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
         case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DH_DSS_WITH_SEED_CBC_SHA:
             return createDHKeyExchange(KeyExchangeAlgorithm.DH_DSS);
 
@@ -129,7 +240,11 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
         case CipherSuite.TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DH_RSA_WITH_SEED_CBC_SHA:
             return createDHKeyExchange(KeyExchangeAlgorithm.DH_RSA);
 
@@ -141,7 +256,11 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
         case CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_DSS_WITH_SEED_CBC_SHA:
             return createDHEKeyExchange(KeyExchangeAlgorithm.DHE_DSS);
 
@@ -157,11 +276,14 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_DHE_RSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_DHE_RSA_WITH_SALSA20_UMAC96:
         case CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA:
             return createDHEKeyExchange(KeyExchangeAlgorithm.DHE_RSA);
 
@@ -172,6 +294,10 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
             return createECDHKeyExchange(KeyExchangeAlgorithm.ECDH_ECDSA);
@@ -183,6 +309,10 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_ECDH_RSA_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDH_RSA_WITH_RC4_128_SHA:
             return createECDHKeyExchange(KeyExchangeAlgorithm.ECDH_RSA);
@@ -190,16 +320,23 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_UMAC96:
             return createECDHEKeyExchange(KeyExchangeAlgorithm.ECDHE_ECDSA);
 
         case CipherSuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
@@ -209,12 +346,15 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_RSA_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
         case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_UMAC96:
             return createECDHEKeyExchange(KeyExchangeAlgorithm.ECDHE_RSA);
 
         case CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
@@ -229,16 +369,18 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_RSA_WITH_NULL_MD5:
         case CipherSuite.TLS_RSA_WITH_NULL_SHA:
         case CipherSuite.TLS_RSA_WITH_NULL_SHA256:
         case CipherSuite.TLS_RSA_WITH_RC4_128_MD5:
         case CipherSuite.TLS_RSA_WITH_RC4_128_SHA:
         case CipherSuite.TLS_RSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_RSA_WITH_SALSA20_UMAC96:
         case CipherSuite.TLS_RSA_WITH_SEED_CBC_SHA:
             return createRSAKeyExchange();
 
@@ -266,6 +408,11 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
             return cipherFactory.createCipher(context, EncryptionAlgorithm._3DES_EDE_CBC, MACAlgorithm.hmac_sha1);
 
+        case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AEAD_CHACHA20_POLY1305, MACAlgorithm._null);
+
         case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA:
         case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA:
         case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
@@ -289,10 +436,12 @@ public abstract class DefaultTlsServer
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CBC, MACAlgorithm.hmac_sha256);
 
         case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
         case CipherSuite.TLS_RSA_WITH_AES_128_CCM:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CCM, MACAlgorithm._null);
 
         case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
         case CipherSuite.TLS_RSA_WITH_AES_128_CCM_8:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CCM_8, MACAlgorithm._null);
 
@@ -332,10 +481,12 @@ public abstract class DefaultTlsServer
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CBC, MACAlgorithm.hmac_sha384);
 
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
         case CipherSuite.TLS_RSA_WITH_AES_256_CCM:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CCM, MACAlgorithm._null);
 
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CCM_8, MACAlgorithm._null);
 
@@ -357,6 +508,28 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_CBC, MACAlgorithm.hmac_sha1);
 
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_CBC, MACAlgorithm.hmac_sha256);
+
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_GCM, MACAlgorithm._null);
+
         case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA:
         case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA:
         case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
@@ -364,18 +537,36 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_CBC, MACAlgorithm.hmac_sha1);
 
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_CBC, MACAlgorithm.hmac_sha256);
+
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_GCM, MACAlgorithm._null);
+
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_CBC, MACAlgorithm.hmac_sha384);
+
         case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.ESTREAM_SALSA20, MACAlgorithm.hmac_sha1);
 
-        case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_UMAC96:
-        case CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_UMAC96:
-            return cipherFactory.createCipher(context, EncryptionAlgorithm.ESTREAM_SALSA20, MACAlgorithm.umac96);
-
         case CipherSuite.TLS_RSA_WITH_NULL_MD5:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.NULL, MACAlgorithm.hmac_md5);
 
@@ -405,12 +596,6 @@ public abstract class DefaultTlsServer
         case CipherSuite.TLS_RSA_WITH_SALSA20_SHA1:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.SALSA20, MACAlgorithm.hmac_sha1);
 
-        case CipherSuite.TLS_DHE_RSA_WITH_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_UMAC96:
-        case CipherSuite.TLS_RSA_WITH_SALSA20_UMAC96:
-            return cipherFactory.createCipher(context, EncryptionAlgorithm.SALSA20, MACAlgorithm.umac96);
-
         case CipherSuite.TLS_DH_DSS_WITH_SEED_CBC_SHA:
         case CipherSuite.TLS_DH_RSA_WITH_SEED_CBC_SHA:
         case CipherSuite.TLS_DHE_DSS_WITH_SEED_CBC_SHA:
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java
index 15bf4a4..3b3391e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.java
@@ -93,7 +93,7 @@ public class DefaultTlsSignerCredentials
         }
         catch (CryptoException e)
         {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
+            throw new TlsFatalAlert(AlertDescription.internal_error, e);
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java
deleted file mode 100644
index 41d5400..0000000
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-/**
- * RFC 2246
- * <p/>
- * Note that the values here are implementation-specific and arbitrary. It is recommended not to
- * depend on the particular values (e.g. serialization).
- *
- * @deprecated use MACAlgorithm constants instead
- */
-public class DigestAlgorithm
-{
-    public static final int NULL = 0;
-    public static final int MD5 = 1;
-    public static final int SHA = 2;
-
-    /*
-     * RFC 5246
-     */
-    public static final int SHA256 = 3;
-    public static final int SHA384 = 4;
-    public static final int SHA512 = 5;
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ECBasisType.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ECBasisType.java
index 57f0ad0..630dfcd 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ECBasisType.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ECBasisType.java
@@ -5,7 +5,11 @@ package org.bouncycastle.crypto.tls;
  */
 public class ECBasisType
 {
-
     public static final short ec_basis_trinomial = 1;
     public static final short ec_basis_pentanomial = 2;
+
+    public static boolean isValid(short ecBasisType)
+    {
+        return ecBasisType >= ec_basis_trinomial && ecBasisType <= ec_basis_pentanomial;
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java
index 6f3fe01..2da2f76 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java
@@ -2,13 +2,12 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * <p/>
+ * <p>
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
 public class EncryptionAlgorithm
 {
-
     public static final int NULL = 0;
     public static final int RC4_40 = 1;
     public static final int RC4_128 = 2;
@@ -31,7 +30,7 @@ public class EncryptionAlgorithm
     public static final int AES_256_GCM = 11;
 
     /*
-     * RFC 4132
+     * RFC 5932
      */
     public static final int CAMELLIA_128_CBC = 12;
     public static final int CAMELLIA_256_CBC = 13;
@@ -50,8 +49,19 @@ public class EncryptionAlgorithm
     public static final int AES_256_CCM_8 = 18;
 
     /*
-     * TBD[draft-josefsson-salsa20-tls-02] 
+     * RFC 6367
+     */
+    public static final int CAMELLIA_128_GCM = 19;
+    public static final int CAMELLIA_256_GCM = 20;
+
+    /*
+     * draft-josefsson-salsa20-tls-04 
+     */
+    public static final int ESTREAM_SALSA20 = 100;
+    public static final int SALSA20 = 101;
+
+    /*
+     * draft-agl-tls-chacha20poly1305-04
      */
-    static final int ESTREAM_SALSA20 = 100;
-    static final int SALSA20 = 101;
+    public static final int AEAD_CHACHA20_POLY1305 = 102;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ExporterLabel.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ExporterLabel.java
index 902720a..579d4dc 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ExporterLabel.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ExporterLabel.java
@@ -28,4 +28,9 @@ public class ExporterLabel
      * RFC 5764
      */
     public static final String dtls_srtp = "EXTRACTOR-dtls_srtp";
+
+    /*
+     * draft-ietf-tls-session-hash-01
+     */
+    public static final String extended_master_secret = "extended master secret";
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java
index 8312e93..957db86 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java
@@ -29,11 +29,6 @@ public class ExtensionType
     public static final int srp = 12;
 
     /*
-     * RFC 5077 7.
-     */
-    public static final int session_ticket = 35;
-
-    /*
      * RFC 5246 7.4.1.4.
      */
     public static final int signature_algorithms = 13;
@@ -49,6 +44,30 @@ public class ExtensionType
     public static final int heartbeat = 15;
 
     /*
+     * RFC 7366
+     */
+    public static final int encrypt_then_mac = 22;
+
+    /*
+     * draft-ietf-tls-session-hash-01
+     * 
+     * NOTE: Early code-point assignment
+     */
+    public static final int extended_master_secret = 23;
+
+    /*
+     * RFC 5077 7.
+     */
+    public static final int session_ticket = 35;
+
+    /*
+     * draft-ietf-tls-negotiated-ff-dhe-01
+     * 
+     * WARNING: Placeholder value; the real value is TBA
+     */
+    public static final int negotiated_ff_dhe_groups = 101;
+
+    /*
      * RFC 5746 3.2.
      */
     public static final int renegotiation_info = 0xff01;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/FiniteFieldDHEGroup.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/FiniteFieldDHEGroup.java
new file mode 100644
index 0000000..a16ec9c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/FiniteFieldDHEGroup.java
@@ -0,0 +1,18 @@
+package org.bouncycastle.crypto.tls;
+
+/*
+ * draft-ietf-tls-negotiated-ff-dhe-01
+ */
+public class FiniteFieldDHEGroup
+{
+    public static final short ffdhe2432 = 0;
+    public static final short ffdhe3072 = 1;
+    public static final short ffdhe4096 = 2;
+    public static final short ffdhe6144 = 3;
+    public static final short ffdhe8192 = 4;
+
+    public static boolean isValid(short group)
+    {
+        return group >= ffdhe2432 && group <= ffdhe8192;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/HeartbeatMessage.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/HeartbeatMessage.java
index 320a128..c6a447f 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/HeartbeatMessage.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/HeartbeatMessage.java
@@ -50,7 +50,7 @@ public class HeartbeatMessage
         output.write(payload);
 
         byte[] padding = new byte[paddingLength];
-        context.getSecureRandom().nextBytes(padding);
+        context.getNonceRandomGenerator().nextBytes(padding);
         output.write(padding);
     }
 
@@ -87,6 +87,9 @@ public class HeartbeatMessage
 
         int padding_length = buf.size() - payload.length;
 
+        /*
+         * RFC 6520 4. The padding of a received HeartbeatMessage message MUST be ignored
+         */
         return new HeartbeatMessage(type, payload, padding_length);
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java
index 72a944f..d862d76 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * <p/>
+ * <p>
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsAuthentication.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsAuthentication.java
deleted file mode 100644
index f638714..0000000
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsAuthentication.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-/**
- * A temporary class to wrap old CertificateVerifyer stuff for new TlsAuthentication
- *
- * @deprecated
- */
-public class LegacyTlsAuthentication
-    extends ServerOnlyTlsAuthentication
-{
-    protected CertificateVerifyer verifyer;
-
-    public LegacyTlsAuthentication(CertificateVerifyer verifyer)
-    {
-        this.verifyer = verifyer;
-    }
-
-    public void notifyServerCertificate(Certificate serverCertificate)
-        throws IOException
-    {
-        if (!this.verifyer.isValid(serverCertificate.getCertificateList()))
-        {
-            throw new TlsFatalAlert(AlertDescription.user_canceled);
-        }
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsClient.java
deleted file mode 100644
index 33217ac..0000000
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/LegacyTlsClient.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-
-/**
- * A temporary class to use LegacyTlsAuthentication
- *
- * @deprecated
- */
-public class LegacyTlsClient
-    extends DefaultTlsClient
-{
-    /**
-     * @deprecated
-     */
-    protected CertificateVerifyer verifyer;
-
-    /**
-     * @deprecated
-     */
-    public LegacyTlsClient(CertificateVerifyer verifyer)
-    {
-        super();
-
-        this.verifyer = verifyer;
-    }
-
-    public TlsAuthentication getAuthentication()
-        throws IOException
-    {
-        return new LegacyTlsAuthentication(verifyer);
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/MACAlgorithm.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/MACAlgorithm.java
index 92adc8c..bd13ab8 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/MACAlgorithm.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/MACAlgorithm.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * <p/>
+ * <p>
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
@@ -20,9 +20,4 @@ public class MACAlgorithm
     public static final int hmac_sha256 = 3;
     public static final int hmac_sha384 = 4;
     public static final int hmac_sha512 = 5;
-
-    /*
-     * TBD[draft-josefsson-salsa20-tls-02] 
-     */
-    static final int umac96 = 100;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/MaxFragmentLength.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/MaxFragmentLength.java
index 413695c..6bc61b0 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/MaxFragmentLength.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/MaxFragmentLength.java
@@ -5,10 +5,10 @@ public class MaxFragmentLength
     /*
      * RFC 3546 3.2.
      */
-    public static short pow2_9 = 1;
-    public static short pow2_10 = 2;
-    public static short pow2_11 = 3;
-    public static short pow2_12 = 4;
+    public static final short pow2_9 = 1;
+    public static final short pow2_10 = 2;
+    public static final short pow2_11 = 3;
+    public static final short pow2_12 = 4;
 
     public static boolean isValid(short maxFragmentLength)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java
index a965d13..49fc923 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 4492 5.1.1
- * <p/>
+ * <p>
  * The named curves defined here are those specified in SEC 2 [13]. Note that many of these curves
  * are also recommended in ANSI X9.62 [7] and FIPS 186-2 [11]. Values 0xFE00 through 0xFEFF are
  * reserved for private use. Values 0xFF01 and 0xFF02 indicate that the client supports arbitrary
@@ -51,6 +51,12 @@ public class NamedCurve
     public static final int arbitrary_explicit_prime_curves = 0xFF01;
     public static final int arbitrary_explicit_char2_curves = 0xFF02;
 
+    public static boolean isValid(int namedCurve)
+    {
+        return (namedCurve >= sect163k1 && namedCurve <= brainpoolP512r1)
+            || (namedCurve >= arbitrary_explicit_prime_curves && namedCurve <= arbitrary_explicit_char2_curves);
+    }
+
     public static boolean refersToASpecificNamedCurve(int namedCurve)
     {
         switch (namedCurve)
@@ -62,5 +68,4 @@ public class NamedCurve
             return true;
         }
     }
-
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/OCSPStatusRequest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/OCSPStatusRequest.java
index db8168f..473db23 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/OCSPStatusRequest.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/OCSPStatusRequest.java
@@ -90,11 +90,11 @@ public class OCSPStatusRequest
     }
 
     /**
-     * Parse a {@link OCSPStatusRequest} from an {@link InputStream}.
+     * Parse an {@link OCSPStatusRequest} from an {@link InputStream}.
      * 
      * @param input
      *            the {@link InputStream} to parse from.
-     * @return a {@link OCSPStatusRequest} object.
+     * @return an {@link OCSPStatusRequest} object.
      * @throws IOException
      */
     public static OCSPStatusRequest parse(InputStream input) throws IOException
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/PRFAlgorithm.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/PRFAlgorithm.java
index 81a3bff..33c27c4 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/PRFAlgorithm.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/PRFAlgorithm.java
@@ -2,13 +2,12 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 5246
- * <p/>
+ * <p>
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
 public class PRFAlgorithm
 {
-
     /*
      * Placeholder to refer to the legacy TLS algorithm
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/PSKTlsClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/PSKTlsClient.java
index 92475b2..cba58a9 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/PSKTlsClient.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/PSKTlsClient.java
@@ -2,15 +2,14 @@ package org.bouncycastle.crypto.tls;
 
 import java.io.IOException;
 
-public abstract class PSKTlsClient
+public class PSKTlsClient
     extends AbstractTlsClient
 {
     protected TlsPSKIdentity pskIdentity;
 
     public PSKTlsClient(TlsPSKIdentity pskIdentity)
     {
-        super();
-        this.pskIdentity = pskIdentity;
+        this(new DefaultTlsCipherFactory(), pskIdentity);
     }
 
     public PSKTlsClient(TlsCipherFactory cipherFactory, TlsPSKIdentity pskIdentity)
@@ -21,9 +20,13 @@ public abstract class PSKTlsClient
 
     public int[] getCipherSuites()
     {
-        return new int[] { CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-            CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
-            CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA };
+        return new int[]
+        {
+            CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+        };
     }
 
     public TlsKeyExchange getKeyExchange() throws IOException
@@ -39,14 +42,16 @@ public abstract class PSKTlsClient
         case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM:
         case CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_DHE_PSK_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA:
         case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA256:
         case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA384:
         case CipherSuite.TLS_DHE_PSK_WITH_RC4_128_SHA:
         case CipherSuite.TLS_DHE_PSK_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_DHE_PSK_WITH_SALSA20_UMAC96:
         case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8:
         case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8:
             return createPSKKeyExchange(KeyExchangeAlgorithm.DHE_PSK);
@@ -56,14 +61,14 @@ public abstract class PSKTlsClient
         case CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
         case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
         case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA256:
         case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA384:
         case CipherSuite.TLS_ECDHE_PSK_WITH_RC4_128_SHA:
         case CipherSuite.TLS_ECDHE_PSK_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_PSK_WITH_SALSA20_UMAC96:
             return createPSKKeyExchange(KeyExchangeAlgorithm.ECDHE_PSK);
 
         case CipherSuite.TLS_PSK_WITH_3DES_EDE_CBC_SHA:
@@ -77,14 +82,16 @@ public abstract class PSKTlsClient
         case CipherSuite.TLS_PSK_WITH_AES_256_CCM:
         case CipherSuite.TLS_PSK_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_PSK_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_PSK_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_PSK_WITH_NULL_SHA:
         case CipherSuite.TLS_PSK_WITH_NULL_SHA256:
         case CipherSuite.TLS_PSK_WITH_NULL_SHA384:
         case CipherSuite.TLS_PSK_WITH_RC4_128_SHA:
         case CipherSuite.TLS_PSK_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_PSK_WITH_SALSA20_UMAC96:
             return createPSKKeyExchange(KeyExchangeAlgorithm.PSK);
 
         case CipherSuite.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
@@ -94,14 +101,16 @@ public abstract class PSKTlsClient
         case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
         case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_RSA_PSK_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA:
         case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA256:
         case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA384:
         case CipherSuite.TLS_RSA_PSK_WITH_RC4_128_SHA:
         case CipherSuite.TLS_RSA_PSK_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_RSA_PSK_WITH_SALSA20_UMAC96:
             return createPSKKeyExchange(KeyExchangeAlgorithm.RSA_PSK);
 
         default:
@@ -114,6 +123,15 @@ public abstract class PSKTlsClient
         }
     }
 
+    public TlsAuthentication getAuthentication() throws IOException
+    {
+        /*
+         * Note: This method is not called unless a server certificate is sent, which may be the
+         * case e.g. for RSA_PSK key exchange.
+         */
+        throw new TlsFatalAlert(AlertDescription.internal_error);
+    }
+
     public TlsCipher getCipher() throws IOException
     {
         switch (selectedCipherSuite)
@@ -174,18 +192,34 @@ public abstract class PSKTlsClient
         case CipherSuite.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_GCM, MACAlgorithm._null);
 
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_CBC, MACAlgorithm.hmac_sha256);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_GCM, MACAlgorithm._null);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_CBC, MACAlgorithm.hmac_sha384);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_GCM, MACAlgorithm._null);
+
         case CipherSuite.TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_PSK_WITH_ESTREAM_SALSA20_SHA1:
         case CipherSuite.TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.ESTREAM_SALSA20, MACAlgorithm.hmac_sha1);
 
-        case CipherSuite.TLS_DHE_PSK_WITH_ESTREAM_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_UMAC96:
-        case CipherSuite.TLS_PSK_WITH_ESTREAM_SALSA20_UMAC96:
-        case CipherSuite.TLS_RSA_PSK_WITH_ESTREAM_SALSA20_UMAC96:
-            return cipherFactory.createCipher(context, EncryptionAlgorithm.ESTREAM_SALSA20, MACAlgorithm.umac96);
-
         case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA:
         case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA:
         case CipherSuite.TLS_PSK_WITH_NULL_SHA:
@@ -216,12 +250,6 @@ public abstract class PSKTlsClient
         case CipherSuite.TLS_RSA_PSK_WITH_SALSA20_SHA1:
             return cipherFactory.createCipher(context, EncryptionAlgorithm.SALSA20, MACAlgorithm.hmac_sha1);
 
-        case CipherSuite.TLS_DHE_PSK_WITH_SALSA20_UMAC96:
-        case CipherSuite.TLS_ECDHE_PSK_WITH_SALSA20_UMAC96:
-        case CipherSuite.TLS_PSK_WITH_SALSA20_UMAC96:
-        case CipherSuite.TLS_RSA_PSK_WITH_SALSA20_UMAC96:
-            return cipherFactory.createCipher(context, EncryptionAlgorithm.SALSA20, MACAlgorithm.umac96);
-
         default:
             /*
              * Note: internal error here; the TlsProtocol implementation verifies that the
@@ -234,7 +262,7 @@ public abstract class PSKTlsClient
 
     protected TlsKeyExchange createPSKKeyExchange(int keyExchange)
     {
-        return new TlsPSKKeyExchange(keyExchange, supportedSignatureAlgorithms, pskIdentity, null, namedCurves,
+        return new TlsPSKKeyExchange(keyExchange, supportedSignatureAlgorithms, pskIdentity, null, null, namedCurves,
             clientECPointFormats, serverECPointFormats);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/PSKTlsServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/PSKTlsServer.java
new file mode 100644
index 0000000..eedf025
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/PSKTlsServer.java
@@ -0,0 +1,346 @@
+package org.bouncycastle.crypto.tls;
+
+import java.io.IOException;
+
+import org.bouncycastle.crypto.agreement.DHStandardGroups;
+import org.bouncycastle.crypto.params.DHParameters;
+
+public class PSKTlsServer
+    extends AbstractTlsServer
+{
+    protected TlsPSKIdentityManager pskIdentityManager;
+
+    public PSKTlsServer(TlsPSKIdentityManager pskIdentityManager)
+    {
+        this(new DefaultTlsCipherFactory(), pskIdentityManager);
+    }
+
+    public PSKTlsServer(TlsCipherFactory cipherFactory, TlsPSKIdentityManager pskIdentityManager)
+    {
+        super(cipherFactory);
+        this.pskIdentityManager = pskIdentityManager;
+    }
+
+    protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException
+    {
+        throw new TlsFatalAlert(AlertDescription.internal_error);
+    }
+
+    protected DHParameters getDHParameters()
+    {
+        return DHStandardGroups.rfc5114_1024_160;
+    }
+
+    protected int[] getCipherSuites()
+    {
+        return new int[]
+        {
+            CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+        };
+    }
+
+    public TlsCredentials getCredentials() throws IOException
+    {
+        switch (selectedCipherSuite)
+        {
+        case CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8:
+
+        case CipherSuite.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_SALSA20_SHA1:
+
+        case CipherSuite.TLS_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_PSK_WITH_SALSA20_SHA1:
+            return null;
+
+        case CipherSuite.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_SALSA20_SHA1:
+            return getRSAEncryptionCredentials();
+
+        default:
+            /* Note: internal error here; selected a key exchange we don't implement! */
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
+    public TlsKeyExchange getKeyExchange() throws IOException
+    {
+        switch (selectedCipherSuite)
+        {
+        case CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8:
+            return createPSKKeyExchange(KeyExchangeAlgorithm.DHE_PSK);
+
+        case CipherSuite.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_SALSA20_SHA1:
+            return createPSKKeyExchange(KeyExchangeAlgorithm.ECDHE_PSK);
+
+        case CipherSuite.TLS_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_PSK_WITH_SALSA20_SHA1:
+            return createPSKKeyExchange(KeyExchangeAlgorithm.PSK);
+
+        case CipherSuite.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_SALSA20_SHA1:
+            return createPSKKeyExchange(KeyExchangeAlgorithm.RSA_PSK);
+
+        default:
+            /*
+             * Note: internal error here; the TlsProtocol implementation verifies that the
+             * server-selected cipher suite was in the list of client-offered cipher suites, so if
+             * we now can't produce an implementation, we shouldn't have offered it!
+             */
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
+    public TlsCipher getCipher() throws IOException
+    {
+        switch (selectedCipherSuite)
+        {
+        case CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm._3DES_EDE_CBC, MACAlgorithm.hmac_sha1);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CBC, MACAlgorithm.hmac_sha1);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CBC, MACAlgorithm.hmac_sha256);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CCM, MACAlgorithm._null);
+
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM_8:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CCM_8, MACAlgorithm._null);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_GCM, MACAlgorithm._null);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CBC, MACAlgorithm.hmac_sha1);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CBC, MACAlgorithm.hmac_sha384);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CCM, MACAlgorithm._null);
+
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM_8:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CCM_8, MACAlgorithm._null);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_GCM, MACAlgorithm._null);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_CBC, MACAlgorithm.hmac_sha256);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_128_GCM, MACAlgorithm._null);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_CBC, MACAlgorithm.hmac_sha384);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.CAMELLIA_256_GCM, MACAlgorithm._null);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.ESTREAM_SALSA20, MACAlgorithm.hmac_sha1);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.NULL, MACAlgorithm.hmac_sha1);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA256:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.NULL, MACAlgorithm.hmac_sha256);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA384:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.NULL, MACAlgorithm.hmac_sha384);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_RC4_128_SHA:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.RC4_128, MACAlgorithm.hmac_sha1);
+
+        case CipherSuite.TLS_DHE_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_RSA_PSK_WITH_SALSA20_SHA1:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.SALSA20, MACAlgorithm.hmac_sha1);
+
+        default:
+            /*
+             * Note: internal error here; the TlsProtocol implementation verifies that the
+             * server-selected cipher suite was in the list of client-offered cipher suites, so if
+             * we now can't produce an implementation, we shouldn't have offered it!
+             */
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
+    protected TlsKeyExchange createPSKKeyExchange(int keyExchange)
+    {
+        return new TlsPSKKeyExchange(keyExchange, supportedSignatureAlgorithms, null, pskIdentityManager,
+            getDHParameters(), namedCurves, clientECPointFormats, serverECPointFormats);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ProtocolVersion.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ProtocolVersion.java
index b32bd9d..8be2bec 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ProtocolVersion.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ProtocolVersion.java
@@ -2,6 +2,8 @@ package org.bouncycastle.crypto.tls;
 
 import java.io.IOException;
 
+import org.bouncycastle.util.Strings;
+
 public final class ProtocolVersion
 {
     public static final ProtocolVersion SSLv3 = new ProtocolVersion(0x0300, "SSL 3.0");
@@ -45,6 +47,11 @@ public final class ProtocolVersion
         return this == SSLv3;
     }
 
+    public boolean isTLS()
+    {
+        return getMajorVersion() == 0x03;
+    }
+
     public ProtocolVersion getEquivalentTLSVersion()
     {
         if (!isDTLS())
@@ -78,9 +85,14 @@ public final class ProtocolVersion
         return isDTLS() ? diffMinorVersion > 0 : diffMinorVersion < 0;
     }
 
-    public boolean equals(Object obj)
+    public boolean equals(Object other)
+    {
+        return this == other || (other instanceof ProtocolVersion && equals((ProtocolVersion)other));
+    }
+
+    public boolean equals(ProtocolVersion other)
     {
-        return this == obj;
+        return other != null && this.version == other.version;
     }
 
     public int hashCode()
@@ -94,6 +106,7 @@ public final class ProtocolVersion
         switch (major)
         {
         case 0x03:
+        {
             switch (minor)
             {
             case 0x00:
@@ -105,21 +118,41 @@ public final class ProtocolVersion
             case 0x03:
                 return TLSv12;
             }
+            return getUnknownVersion(major, minor, "TLS");
+        }
         case 0xFE:
+        {
             switch (minor)
             {
             case 0xFF:
                 return DTLSv10;
+            case 0xFE:
+                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
             case 0xFD:
                 return DTLSv12;
             }
+            return getUnknownVersion(major, minor, "DTLS");
+        }
+        default:
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
         }
-
-        throw new TlsFatalAlert(AlertDescription.illegal_parameter);
     }
 
     public String toString()
     {
         return name;
     }
+
+    private static ProtocolVersion getUnknownVersion(int major, int minor, String prefix)
+        throws IOException
+    {
+        TlsUtils.checkUint8(major);
+        TlsUtils.checkUint8(minor);
+
+        int v = (major << 8) | minor;
+        String hex = Strings.toUpperCase(Integer.toHexString(0x10000 | v).substring(1));
+        return new ProtocolVersion(v, prefix + " 0x" + hex);
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
index cc6640b..5e28658 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
@@ -5,8 +5,6 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 
-import org.bouncycastle.crypto.Digest;
-
 /**
  * An implementation of the TLS 1.0/1.1/1.2 record layer, allowing downgrade to SSLv3.
  */
@@ -22,7 +20,6 @@ class RecordStream
     private long readSeqNo = 0, writeSeqNo = 0;
     private ByteArrayOutputStream buffer = new ByteArrayOutputStream();
 
-    private TlsContext context = null;
     private TlsHandshakeHash handshakeHash = null;
 
     private ProtocolVersion readVersion = null, writeVersion = null;
@@ -37,17 +34,16 @@ class RecordStream
         this.output = output;
         this.readCompression = new TlsNullCompression();
         this.writeCompression = this.readCompression;
-        this.readCipher = new TlsNullCipher(context);
-        this.writeCipher = this.readCipher;
-
-        setPlaintextLimit(DEFAULT_PLAINTEXT_LIMIT);
     }
 
     void init(TlsContext context)
     {
-        this.context = context;
+        this.readCipher = new TlsNullCipher(context);
+        this.writeCipher = this.readCipher;
         this.handshakeHash = new DeferredHash();
         this.handshakeHash.init(context);
+
+        setPlaintextLimit(DEFAULT_PLAINTEXT_LIMIT);
     }
 
     int getPlaintextLimit()
@@ -127,11 +123,11 @@ class RecordStream
         {
             throw new TlsFatalAlert(AlertDescription.handshake_failure);
         }
-        pendingCompression = null;
-        pendingCipher = null;
+        this.pendingCompression = null;
+        this.pendingCipher = null;
     }
 
-    public boolean readRecord()
+    boolean readRecord()
         throws IOException
     {
         byte[] recordHeader = TlsUtils.readAllOrNothing(5, input);
@@ -175,7 +171,7 @@ class RecordStream
         return true;
     }
 
-    protected byte[] decodeAndVerify(short type, InputStream input, int len)
+    byte[] decodeAndVerify(short type, InputStream input, int len)
         throws IOException
     {
         checkLength(len, ciphertextLimit, AlertDescription.record_overflow);
@@ -216,9 +212,15 @@ class RecordStream
         return decoded;
     }
 
-    protected void writeRecord(short type, byte[] plaintext, int plaintextOffset, int plaintextLength)
+    void writeRecord(short type, byte[] plaintext, int plaintextOffset, int plaintextLength)
         throws IOException
     {
+        // Never send anything until a valid ClientHello has been received
+        if (writeVersion == null)
+        {
+            return;
+        }
+
         /*
          * RFC 5264 6. Implementations MUST NOT send record types not defined in this document
          * unless negotiated by some extension.
@@ -302,7 +304,7 @@ class RecordStream
         handshakeHash.update(message, offset, len);
     }
 
-    protected void safeClose()
+    void safeClose()
     {
         try
         {
@@ -321,7 +323,7 @@ class RecordStream
         }
     }
 
-    protected void flush()
+    void flush()
         throws IOException
     {
         output.flush();
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SRPTlsClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SRPTlsClient.java
index 15295ea..15e8fe2 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SRPTlsClient.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SRPTlsClient.java
@@ -5,34 +5,45 @@ import java.util.Hashtable;
 
 import org.bouncycastle.util.Arrays;
 
-public abstract class SRPTlsClient
+public class SRPTlsClient
     extends AbstractTlsClient
 {
-    /**
-     * @deprecated use TlsSRPUtils.EXT_SRP instead
-     */
-    public static final Integer EXT_SRP = TlsSRPUtils.EXT_SRP;
+    protected TlsSRPGroupVerifier groupVerifier;
 
     protected byte[] identity;
     protected byte[] password;
 
     public SRPTlsClient(byte[] identity, byte[] password)
     {
-        super();
-        this.identity = Arrays.clone(identity);
-        this.password = Arrays.clone(password);
+        this(new DefaultTlsCipherFactory(), new DefaultTlsSRPGroupVerifier(), identity, password);
     }
 
     public SRPTlsClient(TlsCipherFactory cipherFactory, byte[] identity, byte[] password)
     {
+        this(cipherFactory, new DefaultTlsSRPGroupVerifier(), identity, password);
+    }
+
+    public SRPTlsClient(TlsCipherFactory cipherFactory, TlsSRPGroupVerifier groupVerifier,
+        byte[] identity, byte[] password)
+    {
         super(cipherFactory);
+        this.groupVerifier = groupVerifier;
         this.identity = Arrays.clone(identity);
         this.password = Arrays.clone(password);
     }
 
+    protected boolean requireSRPServerExtension()
+    {
+        // No explicit guidance in RFC 5054; by default an (empty) extension from server is optional
+        return false;
+    }
+
     public int[] getCipherSuites()
     {
-        return new int[] { CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA };
+        return new int[]
+        {
+            CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
+        };
     }
 
     public Hashtable getClientExtensions()
@@ -46,16 +57,21 @@ public abstract class SRPTlsClient
     public void processServerExtensions(Hashtable serverExtensions)
         throws IOException
     {
-        if (!TlsUtils.hasExpectedEmptyExtensionData(serverExtensions, TlsSRPUtils.EXT_SRP, AlertDescription.illegal_parameter))
+        if (!TlsUtils.hasExpectedEmptyExtensionData(serverExtensions, TlsSRPUtils.EXT_SRP,
+            AlertDescription.illegal_parameter))
         {
-            // No explicit guidance in RFC 5054 here; we allow an optional empty extension from server
+            if (requireSRPServerExtension())
+            {
+                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            }
         }
+
+        super.processServerExtensions(serverExtensions);
     }
 
     public TlsKeyExchange getKeyExchange()
         throws IOException
     {
-
         switch (selectedCipherSuite)
         {
         case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
@@ -83,10 +99,18 @@ public abstract class SRPTlsClient
         }
     }
 
+    public TlsAuthentication getAuthentication() throws IOException
+    {
+        /*
+         * Note: This method is not called unless a server certificate is sent, which may be the
+         * case e.g. for SRP_DSS or SRP_RSA key exchange.
+         */
+        throw new TlsFatalAlert(AlertDescription.internal_error);
+    }
+
     public TlsCipher getCipher()
         throws IOException
     {
-
         switch (selectedCipherSuite)
         {
         case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
@@ -116,6 +140,6 @@ public abstract class SRPTlsClient
 
     protected TlsKeyExchange createSRPKeyExchange(int keyExchange)
     {
-        return new TlsSRPKeyExchange(keyExchange, supportedSignatureAlgorithms, identity, password);
+        return new TlsSRPKeyExchange(keyExchange, supportedSignatureAlgorithms, groupVerifier, identity, password);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SRPTlsServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SRPTlsServer.java
new file mode 100644
index 0000000..bb8e39a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SRPTlsServer.java
@@ -0,0 +1,166 @@
+package org.bouncycastle.crypto.tls;
+
+import java.io.IOException;
+import java.util.Hashtable;
+
+public class SRPTlsServer
+    extends AbstractTlsServer
+{
+    protected TlsSRPIdentityManager srpIdentityManager;
+
+    protected byte[] srpIdentity = null;
+    protected TlsSRPLoginParameters loginParameters = null;
+
+    public SRPTlsServer(TlsSRPIdentityManager srpIdentityManager)
+    {
+        this(new DefaultTlsCipherFactory(), srpIdentityManager);
+    }
+
+    public SRPTlsServer(TlsCipherFactory cipherFactory, TlsSRPIdentityManager srpIdentityManager)
+    {
+        super(cipherFactory);
+        this.srpIdentityManager = srpIdentityManager;
+    }
+
+    protected TlsSignerCredentials getDSASignerCredentials()
+        throws IOException
+    {
+        throw new TlsFatalAlert(AlertDescription.internal_error);
+    }
+
+    protected TlsSignerCredentials getRSASignerCredentials()
+        throws IOException
+    {
+        throw new TlsFatalAlert(AlertDescription.internal_error);
+    }
+
+    protected int[] getCipherSuites()
+    {
+        return new int[]
+        {
+            CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+            CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+            CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+            CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+            CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA,
+            CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA
+        };
+    }
+
+    public void processClientExtensions(Hashtable clientExtensions) throws IOException
+    {
+        super.processClientExtensions(clientExtensions);
+
+        this.srpIdentity = TlsSRPUtils.getSRPExtension(clientExtensions);
+    }
+
+    public int getSelectedCipherSuite() throws IOException
+    {
+        int cipherSuite = super.getSelectedCipherSuite();
+
+        if (TlsSRPUtils.isSRPCipherSuite(cipherSuite))
+        {
+            if (srpIdentity != null)
+            {
+                this.loginParameters = srpIdentityManager.getLoginParameters(srpIdentity);
+            }
+
+            if (loginParameters == null)
+            {
+                throw new TlsFatalAlert(AlertDescription.unknown_psk_identity);
+            }
+        }
+
+        return cipherSuite;
+    }
+
+    public TlsCredentials getCredentials() throws IOException
+    {
+        switch (selectedCipherSuite)
+        {
+        case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
+            return null;
+
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
+            return getDSASignerCredentials();
+
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
+            return getRSASignerCredentials();
+
+        default:
+            /* Note: internal error here; selected a key exchange we don't implement! */
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
+    public TlsKeyExchange getKeyExchange()
+        throws IOException
+    {
+        switch (selectedCipherSuite)
+        {
+        case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
+            return createSRPKeyExchange(KeyExchangeAlgorithm.SRP);
+
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
+            return createSRPKeyExchange(KeyExchangeAlgorithm.SRP_RSA);
+
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
+            return createSRPKeyExchange(KeyExchangeAlgorithm.SRP_DSS);
+
+        default:
+            /*
+             * Note: internal error here; the TlsProtocol implementation verifies that the
+             * server-selected cipher suite was in the list of client-offered cipher suites, so if
+             * we now can't produce an implementation, we shouldn't have offered it!
+             */
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
+    public TlsCipher getCipher()
+        throws IOException
+    {
+        switch (selectedCipherSuite)
+        {
+        case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm._3DES_EDE_CBC, MACAlgorithm.hmac_sha1);
+
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_128_CBC, MACAlgorithm.hmac_sha1);
+
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
+            return cipherFactory.createCipher(context, EncryptionAlgorithm.AES_256_CBC, MACAlgorithm.hmac_sha1);
+
+        default:
+            /*
+             * Note: internal error here; the TlsProtocol implementation verifies that the
+             * server-selected cipher suite was in the list of client-offered cipher suites, so if
+             * we now can't produce an implementation, we shouldn't have offered it!
+             */
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
+    protected TlsKeyExchange createSRPKeyExchange(int keyExchange)
+    {
+        return new TlsSRPKeyExchange(keyExchange, supportedSignatureAlgorithms, srpIdentity, loginParameters);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SSL3Mac.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SSL3Mac.java
index 0d2e2f1..28082d2 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SSL3Mac.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SSL3Mac.java
@@ -8,9 +8,9 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * HMAC implementation based on original internet draft for HMAC (RFC 2104)
- * <p/>
+ * <p>
  * The difference is that padding is concatenated versus XORed with the key
- * <p/>
+ * <p>
  * H(K + opad, H(K + ipad, text))
  */
 public class SSL3Mac
@@ -23,9 +23,9 @@ public class SSL3Mac
     static final byte[] OPAD = genPad(OPAD_BYTE, 48);
 
     private Digest digest;
+    private int padLength;
 
     private byte[] secret;
-    private int padLength;
 
     /**
      * Base constructor for one of the standard digest algorithms that the byteLength of
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SecurityParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SecurityParameters.java
index 984246e..27f7625 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SecurityParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SecurityParameters.java
@@ -6,26 +6,21 @@ public class SecurityParameters
 {
     int entity = -1;
     int cipherSuite = -1;
-    short compressionAlgorithm = -1;
+    short compressionAlgorithm = CompressionMethod._null;
     int prfAlgorithm = -1;
     int verifyDataLength = -1;
     byte[] masterSecret = null;
     byte[] clientRandom = null;
     byte[] serverRandom = null;
+    byte[] sessionHash = null;
+    byte[] pskIdentity = null;
+    byte[] srpIdentity = null;
 
     // TODO Keep these internal, since it's maybe not the ideal place for them
     short maxFragmentLength = -1;
     boolean truncatedHMac = false;
-
-    void copySessionParametersFrom(SecurityParameters other)
-    {
-        this.entity = other.entity;
-        this.cipherSuite = other.cipherSuite;
-        this.compressionAlgorithm = other.compressionAlgorithm;
-        this.prfAlgorithm = other.prfAlgorithm;
-        this.verifyDataLength = other.verifyDataLength;
-        this.masterSecret = Arrays.clone(other.masterSecret);
-    }
+    boolean encryptThenMAC = false;
+    boolean extendedMasterSecret = false;
 
     void clear()
     {
@@ -87,4 +82,27 @@ public class SecurityParameters
     {
         return serverRandom;
     }
+
+    public byte[] getSessionHash()
+    {
+        return sessionHash;
+    }
+
+    /**
+     * @deprecated Use {@link SecurityParameters#getPSKIdentity()) 
+     */
+    public byte[] getPskIdentity()
+    {
+        return pskIdentity;
+    }
+
+    public byte[] getPSKIdentity()
+    {
+        return pskIdentity;
+    }
+
+    public byte[] getSRPIdentity()
+    {
+        return srpIdentity;
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ServerDHParams.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ServerDHParams.java
index c3050f1..911338e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ServerDHParams.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ServerDHParams.java
@@ -58,6 +58,6 @@ public class ServerDHParams
         BigInteger g = TlsDHUtils.readDHParameter(input);
         BigInteger Ys = TlsDHUtils.readDHParameter(input);
 
-        return new ServerDHParams(new DHPublicKeyParameters(Ys, new DHParameters(p, g)));
+        return new ServerDHParams(TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(Ys, new DHParameters(p, g))));
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/ServerSRPParams.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ServerSRPParams.java
new file mode 100644
index 0000000..21ca7d0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/ServerSRPParams.java
@@ -0,0 +1,75 @@
+package org.bouncycastle.crypto.tls;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigInteger;
+
+import org.bouncycastle.util.Arrays;
+
+public class ServerSRPParams
+{
+    protected BigInteger N, g, B;
+    protected byte[] s;
+
+    public ServerSRPParams(BigInteger N, BigInteger g, byte[] s, BigInteger B)
+    {
+        this.N = N;
+        this.g = g;
+        this.s = Arrays.clone(s);
+        this.B = B;
+    }
+
+    public BigInteger getB()
+    {
+        return B;
+    }
+    
+    public BigInteger getG()
+    {
+        return g;
+    }
+
+    public BigInteger getN()
+    {
+        return N;
+    }
+
+    public byte[] getS()
+    {
+        return s;
+    }
+
+    /**
+     * Encode this {@link ServerSRPParams} to an {@link OutputStream}.
+     * 
+     * @param output
+     *            the {@link OutputStream} to encode to.
+     * @throws IOException
+     */
+    public void encode(OutputStream output) throws IOException
+    {
+        TlsSRPUtils.writeSRPParameter(N, output);
+        TlsSRPUtils.writeSRPParameter(g, output);
+        TlsUtils.writeOpaque8(s, output);
+        TlsSRPUtils.writeSRPParameter(B, output);
+    }
+
+    /**
+     * Parse a {@link ServerSRPParams} from an {@link InputStream}.
+     * 
+     * @param input
+     *            the {@link InputStream} to parse from.
+     * @return a {@link ServerSRPParams} object.
+     * @throws IOException
+     */
+    public static ServerSRPParams parse(InputStream input) throws IOException
+    {
+        BigInteger N = TlsSRPUtils.readSRPParameter(input);
+        BigInteger g = TlsSRPUtils.readSRPParameter(input);
+        byte[] s = TlsUtils.readOpaque8(input);
+        BigInteger B = TlsSRPUtils.readSRPParameter(input);
+
+        return new ServerSRPParams(N, g, s, B);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SessionParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SessionParameters.java
index 68412f8..c7418a0 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SessionParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SessionParameters.java
@@ -15,6 +15,8 @@ public final class SessionParameters
         private short compressionAlgorithm = -1;
         private byte[] masterSecret = null;
         private Certificate peerCertificate = null;
+        private byte[] pskIdentity = null;
+        private byte[] srpIdentity = null;
         private byte[] encodedServerExtensions = null;
 
         public Builder()
@@ -26,8 +28,8 @@ public final class SessionParameters
             validate(this.cipherSuite >= 0, "cipherSuite");
             validate(this.compressionAlgorithm >= 0, "compressionAlgorithm");
             validate(this.masterSecret != null, "masterSecret");
-            return new SessionParameters(cipherSuite, compressionAlgorithm, masterSecret, peerCertificate,
-                encodedServerExtensions);
+            return new SessionParameters(cipherSuite, compressionAlgorithm, masterSecret, peerCertificate, pskIdentity,
+                srpIdentity, encodedServerExtensions);
         }
 
         public Builder setCipherSuite(int cipherSuite)
@@ -54,8 +56,28 @@ public final class SessionParameters
             return this;
         }
 
-        public Builder setServerExtensions(Hashtable serverExtensions)
-            throws IOException
+        /**
+         * @deprecated Use {@link #setPSKIdentity(byte[]))
+         */
+        public Builder setPskIdentity(byte[] pskIdentity)
+        {
+            this.pskIdentity = pskIdentity;
+            return this;
+        }
+
+        public Builder setPSKIdentity(byte[] pskIdentity)
+        {
+            this.pskIdentity = pskIdentity;
+            return this;
+        }
+
+        public Builder setSRPIdentity(byte[] srpIdentity)
+        {
+            this.srpIdentity = srpIdentity;
+            return this;
+        }
+
+        public Builder setServerExtensions(Hashtable serverExtensions) throws IOException
         {
             if (serverExtensions == null)
             {
@@ -83,15 +105,19 @@ public final class SessionParameters
     private short compressionAlgorithm;
     private byte[] masterSecret;
     private Certificate peerCertificate;
+    private byte[] pskIdentity = null;
+    private byte[] srpIdentity = null;
     private byte[] encodedServerExtensions;
 
     private SessionParameters(int cipherSuite, short compressionAlgorithm, byte[] masterSecret,
-        Certificate peerCertificate, byte[] encodedServerExtensions)
+        Certificate peerCertificate, byte[] pskIdentity, byte[] srpIdentity, byte[] encodedServerExtensions)
     {
         this.cipherSuite = cipherSuite;
         this.compressionAlgorithm = compressionAlgorithm;
         this.masterSecret = Arrays.clone(masterSecret);
         this.peerCertificate = peerCertificate;
+        this.pskIdentity = Arrays.clone(pskIdentity);
+        this.srpIdentity = Arrays.clone(srpIdentity);
         this.encodedServerExtensions = encodedServerExtensions;
     }
 
@@ -105,8 +131,8 @@ public final class SessionParameters
 
     public SessionParameters copy()
     {
-        return new SessionParameters(cipherSuite, compressionAlgorithm, masterSecret, peerCertificate,
-            encodedServerExtensions);
+        return new SessionParameters(cipherSuite, compressionAlgorithm, masterSecret, peerCertificate, pskIdentity,
+            srpIdentity, encodedServerExtensions);
     }
 
     public int getCipherSuite()
@@ -129,6 +155,24 @@ public final class SessionParameters
         return peerCertificate;
     }
 
+    /**
+     * @deprecated Use {@link #getPSKIdentity())
+     */
+    public byte[] getPskIdentity()
+    {
+        return pskIdentity;
+    }
+
+    public byte[] getPSKIdentity()
+    {
+        return pskIdentity;
+    }
+
+    public byte[] getSRPIdentity()
+    {
+        return srpIdentity;
+    }
+
     public Hashtable readServerExtensions() throws IOException
     {
         if (encodedServerExtensions == null)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SignatureAlgorithm.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SignatureAlgorithm.java
index e63c793..820c80c 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SignatureAlgorithm.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SignatureAlgorithm.java
@@ -5,7 +5,6 @@ package org.bouncycastle.crypto.tls;
  */
 public class SignatureAlgorithm
 {
-
     public static final short anonymous = 0;
     public static final short rsa = 1;
     public static final short dsa = 2;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SignatureAndHashAlgorithm.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SignatureAndHashAlgorithm.java
index a5a591e..9404a72 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SignatureAndHashAlgorithm.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SignatureAndHashAlgorithm.java
@@ -75,8 +75,8 @@ public class SignatureAndHashAlgorithm
     public void encode(OutputStream output)
         throws IOException
     {
-        TlsUtils.writeUint8(hash, output);
-        TlsUtils.writeUint8(signature, output);
+        TlsUtils.writeUint8(getHash(), output);
+        TlsUtils.writeUint8(getSignature(), output);
     }
 
     /**
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/SimulatedTlsSRPIdentityManager.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SimulatedTlsSRPIdentityManager.java
new file mode 100644
index 0000000..c48b4ad
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/SimulatedTlsSRPIdentityManager.java
@@ -0,0 +1,69 @@
+package org.bouncycastle.crypto.tls;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.agreement.srp.SRP6VerifierGenerator;
+import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
+import org.bouncycastle.util.Strings;
+
+/**
+ * An implementation of {@link TlsSRPIdentityManager} that simulates the existence of "unknown" identities
+ * to obscure the fact that there is no verifier for them. 
+ */
+public class SimulatedTlsSRPIdentityManager
+    implements TlsSRPIdentityManager
+{
+    private static final byte[] PREFIX_PASSWORD = Strings.toByteArray("password");
+    private static final byte[] PREFIX_SALT = Strings.toByteArray("salt");
+
+    /**
+     * Create a {@link SimulatedTlsSRPIdentityManager} that implements the algorithm from RFC 5054 2.5.1.3
+     *
+     * @param group the {@link SRP6GroupParameters} defining the group that SRP is operating in
+     * @param seedKey the secret "seed key" referred to in RFC 5054 2.5.1.3
+     * @return an instance of {@link SimulatedTlsSRPIdentityManager}
+     */
+    public static SimulatedTlsSRPIdentityManager getRFC5054Default(SRP6GroupParameters group, byte[] seedKey)
+    {
+        SRP6VerifierGenerator verifierGenerator = new SRP6VerifierGenerator();
+        verifierGenerator.init(group, TlsUtils.createHash(HashAlgorithm.sha1));
+
+        HMac mac = new HMac(TlsUtils.createHash(HashAlgorithm.sha1));
+        mac.init(new KeyParameter(seedKey));
+
+        return new SimulatedTlsSRPIdentityManager(group, verifierGenerator, mac);
+    }
+
+    protected SRP6GroupParameters group;
+    protected SRP6VerifierGenerator verifierGenerator;
+    protected Mac mac;
+
+    public SimulatedTlsSRPIdentityManager(SRP6GroupParameters group, SRP6VerifierGenerator verifierGenerator, Mac mac)
+    {
+        this.group = group;
+        this.verifierGenerator = verifierGenerator;
+        this.mac = mac;
+    }
+
+    public TlsSRPLoginParameters getLoginParameters(byte[] identity)
+    {
+        mac.update(PREFIX_SALT, 0, PREFIX_SALT.length);
+        mac.update(identity, 0, identity.length);
+
+        byte[] salt = new byte[mac.getMacSize()];
+        mac.doFinal(salt, 0);
+
+        mac.update(PREFIX_PASSWORD, 0, PREFIX_PASSWORD.length);
+        mac.update(identity, 0, identity.length);
+
+        byte[] password = new byte[mac.getMacSize()];
+        mac.doFinal(password, 0);
+
+        BigInteger verifier = verifierGenerator.generateVerifier(salt, identity, password);
+
+        return new TlsSRPLoginParameters(group, verifier, salt);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsAEADCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsAEADCipher.java
index bb9306a..39133e6 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsAEADCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsAEADCipher.java
@@ -120,7 +120,7 @@ public class TlsAEADCipher
         }
         catch (Exception e)
         {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
+            throw new TlsFatalAlert(AlertDescription.internal_error, e);
         }
 
         if (outputPos != output.length)
@@ -162,7 +162,7 @@ public class TlsAEADCipher
         }
         catch (Exception e)
         {
-            throw new TlsFatalAlert(AlertDescription.bad_record_mac);
+            throw new TlsFatalAlert(AlertDescription.bad_record_mac, e);
         }
 
         if (outputPos != output.length)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsAgreementCredentials.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsAgreementCredentials.java
index d8fe239..525cdb3 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsAgreementCredentials.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsAgreementCredentials.java
@@ -7,7 +7,6 @@ import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 public interface TlsAgreementCredentials
     extends TlsCredentials
 {
-
     byte[] generateAgreement(AsymmetricKeyParameter peerPublicKey)
         throws IOException;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsBlockCipher.java
index 2f9e8a9..c2c591c 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsBlockCipher.java
@@ -11,16 +11,15 @@ import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Arrays;
 
 /**
- * A generic TLS 1.0-1.1 / SSLv3 block cipher. This can be used for AES or 3DES for example.
+ * A generic TLS 1.0-1.2 / SSLv3 block cipher. This can be used for AES or 3DES for example.
  */
 public class TlsBlockCipher
     implements TlsCipher
 {
-    private static boolean encryptThenMAC = false;
-
     protected TlsContext context;
     protected byte[] randomData;
     protected boolean useExplicitIV;
+    protected boolean encryptThenMAC;
 
     protected BlockCipher encryptCipher;
     protected BlockCipher decryptCipher;
@@ -44,9 +43,10 @@ public class TlsBlockCipher
         this.context = context;
 
         this.randomData = new byte[256];
-        context.getSecureRandom().nextBytes(randomData);
+        context.getNonceRandomGenerator().nextBytes(randomData);
 
         this.useExplicitIV = TlsUtils.isTLSv11(context);
+        this.encryptThenMAC = context.getSecurityParameters().encryptThenMAC;
 
         int key_block_size = (2 * cipherKeySize) + clientWriteDigest.getDigestSize()
             + serverWriteDigest.getDigestSize();
@@ -183,7 +183,7 @@ public class TlsBlockCipher
         if (useExplicitIV)
         {
             byte[] explicitIV = new byte[blockSize];
-            context.getSecureRandom().nextBytes(explicitIV);
+            context.getNonceRandomGenerator().nextBytes(explicitIV);
 
             encryptCipher.init(true, new ParametersWithIV(null, explicitIV));
 
@@ -269,9 +269,16 @@ public class TlsBlockCipher
             byte[] calculatedMac = readMac.calculateMac(seqNo, type, ciphertext, offset, len - macSize);
 
             boolean badMac = !Arrays.constantTimeAreEqual(calculatedMac, receivedMac);
-
             if (badMac)
             {
+                /*
+                 * RFC 7366 3. The MAC SHALL be evaluated before any further processing such as
+                 * decryption is performed, and if the MAC verification fails, then processing SHALL
+                 * terminate immediately. For TLS, a fatal bad_record_mac MUST be generated [2]. For
+                 * DTLS, the record MUST be discarded, and a fatal bad_record_mac MAY be generated
+                 * [4]. This immediate response to a bad MAC eliminates any timing channels that may
+                 * be available through the use of manipulated packet data.
+                 */
                 throw new TlsFatalAlert(AlertDescription.bad_record_mac);
             }
         }
@@ -291,6 +298,7 @@ public class TlsBlockCipher
 
         // If there's anything wrong with the padding, this will return zero
         int totalPad = checkPaddingConstantTime(ciphertext, offset, blocks_length, blockSize, encryptThenMAC ? 0 : macSize);
+        boolean badMac = (totalPad == 0);
 
         int dec_output_length = blocks_length - totalPad;
 
@@ -303,12 +311,12 @@ public class TlsBlockCipher
             byte[] calculatedMac = readMac.calculateMacConstantTime(seqNo, type, ciphertext, offset, macInputLen,
                 blocks_length - macSize, randomData);
 
-            boolean badMac = !Arrays.constantTimeAreEqual(calculatedMac, receivedMac);
+            badMac |= !Arrays.constantTimeAreEqual(calculatedMac, receivedMac);
+        }
 
-            if (badMac || totalPad == 0)
-            {
-                throw new TlsFatalAlert(AlertDescription.bad_record_mac);
-            }
+        if (badMac)
+        {
+            throw new TlsFatalAlert(AlertDescription.bad_record_mac);
         }
 
         return Arrays.copyOfRange(ciphertext, offset, offset + dec_output_length);
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsCipherFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsCipherFactory.java
index 29d961f..7407474 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsCipherFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsCipherFactory.java
@@ -4,7 +4,6 @@ import java.io.IOException;
 
 public interface TlsCipherFactory
 {
-
     /**
      * See enumeration classes EncryptionAlgorithm, MACAlgorithm for appropriate argument values
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java
index 7db86cd..da688b0 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java
@@ -23,6 +23,8 @@ public interface TlsClient
 
     ProtocolVersion getClientVersion();
 
+    boolean isFallback();
+
     int[] getCipherSuites();
 
     short[] getCompressionMethods();
@@ -36,9 +38,9 @@ public interface TlsClient
 
     /**
      * Notifies the client of the session_id sent in the ServerHello.
-     * 
+     *
      * @param sessionID
-     * @see {@link TlsContext#getResumableSession()}
+     * @see TlsContext#getResumableSession()
      */
     void notifySessionID(byte[] sessionID);
 
@@ -66,7 +68,7 @@ public interface TlsClient
 
     /**
      * RFC 5077 3.3. NewSessionTicket Handshake Message
-     * <p/>
+     * <p>
      * This method will be called (only) when a NewSessionTicket handshake message is received. The
      * ticket is opaque to the client and clients MUST NOT examine the ticket under the assumption
      * that it complies with e.g. <i>RFC 5077 4. Recommended Ticket Construction</i>.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java
index 506560f..a776287 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java
@@ -9,14 +9,13 @@ import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
 
-import org.bouncycastle.crypto.prng.ThreadedSeedGenerator;
 import org.bouncycastle.util.Arrays;
 
 public class TlsClientProtocol
     extends TlsProtocol
 {
     protected TlsClient tlsClient = null;
-    protected TlsClientContextImpl tlsClientContext = null;
+    TlsClientContextImpl tlsClientContext = null;
 
     protected byte[] selectedSessionID = null;
 
@@ -26,28 +25,6 @@ public class TlsClientProtocol
     protected CertificateStatus certificateStatus = null;
     protected CertificateRequest certificateRequest = null;
 
-    private static SecureRandom createSecureRandom()
-    {
-        /*
-         * We use our threaded seed generator to generate a good random seed. If the user has a
-         * better random seed, he should use the constructor with a SecureRandom.
-         */
-        ThreadedSeedGenerator tsg = new ThreadedSeedGenerator();
-        SecureRandom random = new SecureRandom();
-
-        /*
-         * Hopefully, 20 bytes in fast mode are good enough.
-         */
-        random.setSeed(tsg.generateSeed(20, true));
-
-        return random;
-    }
-
-    public TlsClientProtocol(InputStream input, OutputStream output)
-    {
-        this(input, output, createSecureRandom());
-    }
-
     public TlsClientProtocol(InputStream input, OutputStream output, SecureRandom secureRandom)
     {
         super(input, output, secureRandom);
@@ -74,9 +51,12 @@ public class TlsClientProtocol
 
         this.securityParameters = new SecurityParameters();
         this.securityParameters.entity = ConnectionEnd.client;
-        this.securityParameters.clientRandom = createRandomBlock(secureRandom);
 
         this.tlsClientContext = new TlsClientContextImpl(secureRandom, securityParameters);
+
+        this.securityParameters.clientRandom = createRandomBlock(tlsClient.shouldUseGMTUnixTime(),
+            tlsClientContext.getNonceRandomGenerator());
+
         this.tlsClient.init(tlsClientContext);
         this.recordStream.init(tlsClientContext);
 
@@ -108,11 +88,16 @@ public class TlsClientProtocol
         this.certificateRequest = null;
     }
 
-    protected AbstractTlsContext getContext()
+    protected TlsContext getContext()
     {
         return tlsClientContext;
     }
 
+    AbstractTlsContext getContextAdmin()
+    {
+        return tlsClientContext;
+    }
+    
     protected TlsPeer getPeer()
     {
         return tlsClient;
@@ -215,6 +200,19 @@ public class TlsClientProtocol
             {
             case CS_CLIENT_FINISHED:
             {
+                if (this.expectSessionTicket)
+                {
+                    /*
+                     * RFC 5077 3.3. This message MUST be sent if the server included a
+                     * SessionTicket extension in the ServerHello.
+                     */
+                    throw new TlsFatalAlert(AlertDescription.unexpected_message);
+                }
+
+                // NB: Fall through to next case label
+            }
+            case CS_SERVER_SESSION_TICKET:
+            {
                 processFinishedMessage(buf);
                 this.connection_state = CS_SERVER_FINISHED;
                 this.connection_state = CS_END;
@@ -369,11 +367,12 @@ public class TlsClientProtocol
                 sendClientKeyExchangeMessage();
                 this.connection_state = CS_CLIENT_KEY_EXCHANGE;
 
+                TlsHandshakeHash prepareFinishHash = recordStream.prepareToFinish();
+                this.securityParameters.sessionHash = getCurrentPRFHash(getContext(), prepareFinishHash, null);
+
                 establishMasterSecret(getContext(), keyExchange);
                 recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher());
 
-                TlsHandshakeHash prepareFinishHash = recordStream.prepareToFinish();
-
                 if (clientCreds != null && clientCreds instanceof TlsSignerCredentials)
                 {
                     TlsSignerCredentials signerCredentials = (TlsSignerCredentials)clientCreds;
@@ -381,23 +380,17 @@ public class TlsClientProtocol
                     /*
                      * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
                      */
-                    SignatureAndHashAlgorithm signatureAndHashAlgorithm;
-                    byte[] hash;
+                    SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(
+                        getContext(), signerCredentials);
 
-                    if (TlsUtils.isTLSv12(getContext()))
+                    byte[] hash;
+                    if (signatureAndHashAlgorithm == null)
                     {
-                        signatureAndHashAlgorithm = signerCredentials.getSignatureAndHashAlgorithm();
-                        if (signatureAndHashAlgorithm == null)
-                        {
-                            throw new TlsFatalAlert(AlertDescription.internal_error);
-                        }
-
-                        hash = prepareFinishHash.getFinalHash(signatureAndHashAlgorithm.getHash());
+                        hash = securityParameters.getSessionHash();
                     }
                     else
                     {
-                        signatureAndHashAlgorithm = null;
-                        hash = getCurrentPRFHash(getContext(), prepareFinishHash, null);
+                        hash = prepareFinishHash.getFinalHash(signatureAndHashAlgorithm.getHash());
                     }
 
                     byte[] signature = signerCredentials.generateCertificateSignature(hash);
@@ -409,12 +402,13 @@ public class TlsClientProtocol
 
                 sendChangeCipherSpecMessage();
                 sendFinishedMessage();
-                this.connection_state = CS_CLIENT_FINISHED;
                 break;
             }
             default:
                 throw new TlsFatalAlert(AlertDescription.handshake_failure);
             }
+
+            this.connection_state = CS_CLIENT_FINISHED;
             break;
         }
         case HandshakeType.server_key_exchange:
@@ -516,12 +510,14 @@ public class TlsClientProtocol
                 invalidateSession();
 
                 receiveNewSessionTicketMessage(buf);
-                this.connection_state = CS_SERVER_SESSION_TICKET;
                 break;
             }
             default:
                 throw new TlsFatalAlert(AlertDescription.unexpected_message);
             }
+
+            this.connection_state = CS_SERVER_SESSION_TICKET;
+            break;
         }
         case HandshakeType.hello_request:
         {
@@ -573,7 +569,7 @@ public class TlsClientProtocol
     {
         NewSessionTicket newSessionTicket = NewSessionTicket.parse(buf);
 
-        TlsProtocol.assertEmpty(buf);
+        assertEmpty(buf);
 
         tlsClient.notifyNewSessionTicket(newSessionTicket);
     }
@@ -600,7 +596,7 @@ public class TlsClientProtocol
         }
 
         this.recordStream.setWriteVersion(server_version);
-        getContext().setServerVersion(server_version);
+        getContextAdmin().setServerVersion(server_version);
         this.tlsClient.notifyServerVersion(server_version);
 
         /*
@@ -621,12 +617,13 @@ public class TlsClientProtocol
 
         /*
          * Find out which CipherSuite the server has chosen and check that it was one of the offered
-         * ones.
+         * ones, and is a valid selection for the negotiated version.
          */
         int selectedCipherSuite = TlsUtils.readUint16(buf);
         if (!Arrays.contains(this.offeredCipherSuites, selectedCipherSuite)
             || selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL
-            || selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
+            || CipherSuite.isSCSV(selectedCipherSuite)
+            || !TlsUtils.isValidCipherSuiteForVersion(selectedCipherSuite, server_version))
         {
             throw new TlsFatalAlert(AlertDescription.illegal_parameter);
         }
@@ -656,6 +653,17 @@ public class TlsClientProtocol
         this.serverExtensions = readExtensions(buf);
 
         /*
+         * draft-ietf-tls-session-hash-01 5.2. If a server receives the "extended_master_secret"
+         * extension, it MUST include the "extended_master_secret" extension in its ServerHello
+         * message.
+         */
+        boolean serverSentExtendedMasterSecret = TlsExtensionsUtils.hasExtendedMasterSecretExtension(serverExtensions);
+        if (serverSentExtendedMasterSecret != securityParameters.extendedMasterSecret)
+        {
+            throw new TlsFatalAlert(AlertDescription.handshake_failure);
+        }
+
+        /*
          * RFC 3546 2.2 Note that the extended server hello message is only sent in response to an
          * extended client hello message.
          * 
@@ -682,6 +690,29 @@ public class TlsClientProtocol
                 }
 
                 /*
+                 * RFC 5246 7.4.1.4 An extension type MUST NOT appear in the ServerHello unless the
+                 * same extension type appeared in the corresponding ClientHello. If a client
+                 * receives an extension type in ServerHello that it did not request in the
+                 * associated ClientHello, it MUST abort the handshake with an unsupported_extension
+                 * fatal alert.
+                 */
+                if (null == TlsUtils.getExtensionData(this.clientExtensions, extType))
+                {
+                    throw new TlsFatalAlert(AlertDescription.unsupported_extension);
+                }
+
+                /*
+                 * draft-ietf-tls-session-hash-01 5.2. Implementation note: if the server decides to
+                 * proceed with resumption, the extension does not have any effect. Requiring the
+                 * extension to be included anyway makes the extension negotiation logic easier,
+                 * because it does not depend on whether resumption is accepted or not.
+                 */
+                if (extType.equals(TlsExtensionsUtils.EXT_extended_master_secret))
+                {
+                    continue;
+                }
+
+                /*
                  * RFC 3546 2.3. If [...] the older session is resumed, then the server MUST ignore
                  * extensions appearing in the client hello, and send a server hello containing no
                  * extensions[.]
@@ -693,18 +724,6 @@ public class TlsClientProtocol
                     // TODO[compat-polarssl] PolarSSL test server sends server extensions e.g. ec_point_formats
 //                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
                 }
-
-                /*
-                 * RFC 5246 7.4.1.4 An extension type MUST NOT appear in the ServerHello unless the
-                 * same extension type appeared in the corresponding ClientHello. If a client
-                 * receives an extension type in ServerHello that it did not request in the
-                 * associated ClientHello, it MUST abort the handshake with an unsupported_extension
-                 * fatal alert.
-                 */
-                if (null == TlsUtils.getExtensionData(this.clientExtensions, extType))
-                {
-                    throw new TlsFatalAlert(AlertDescription.unsupported_extension);
-                }
             }
         }
 
@@ -748,6 +767,8 @@ public class TlsClientProtocol
 
             sessionClientExtensions = null;
             sessionServerExtensions = this.sessionParameters.readServerExtensions();
+
+            this.securityParameters.extendedMasterSecret = TlsExtensionsUtils.hasExtendedMasterSecretExtension(sessionServerExtensions);
         }
 
         this.securityParameters.cipherSuite = selectedCipherSuite;
@@ -755,6 +776,20 @@ public class TlsClientProtocol
 
         if (sessionServerExtensions != null)
         {
+            /*
+             * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client
+             * and then selects a stream or Authenticated Encryption with Associated Data (AEAD)
+             * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the
+             * client.
+             */
+            boolean serverSentEncryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(sessionServerExtensions);
+            if (serverSentEncryptThenMAC && !TlsUtils.isBlockCipherSuite(selectedCipherSuite))
+            {
+                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            }
+
+            this.securityParameters.encryptThenMAC = serverSentEncryptThenMAC;
+
             this.securityParameters.maxFragmentLength = processMaxFragmentLengthExtension(sessionClientExtensions,
                 sessionServerExtensions, AlertDescription.illegal_parameter);
 
@@ -800,7 +835,7 @@ public class TlsClientProtocol
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
 
-        getContext().setClientVersion(client_version);
+        getContextAdmin().setClientVersion(client_version);
 
         /*
          * TODO RFC 5077 3.4. When presenting a ticket, the client MAY generate and include a
@@ -816,6 +851,8 @@ public class TlsClientProtocol
             }
         }
 
+        boolean fallback = this.tlsClient.isFallback();
+
         this.offeredCipherSuites = this.tlsClient.getCipherSuites();
 
         this.offeredCompressionMethods = this.tlsClient.getCompressionMethods();
@@ -831,6 +868,8 @@ public class TlsClientProtocol
 
         this.clientExtensions = this.tlsClient.getClientExtensions();
 
+        this.securityParameters.extendedMasterSecret = TlsExtensionsUtils.hasExtendedMasterSecretExtension(clientExtensions);
+
         HandshakeMessage message = new HandshakeMessage(HandshakeType.client_hello);
 
         TlsUtils.writeVersion(client_version, message);
@@ -849,9 +888,9 @@ public class TlsClientProtocol
             byte[] renegExtData = TlsUtils.getExtensionData(clientExtensions, EXT_RenegotiationInfo);
             boolean noRenegExt = (null == renegExtData);
 
-            boolean noSCSV = !Arrays.contains(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
+            boolean noRenegSCSV = !Arrays.contains(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
 
-            if (noRenegExt && noSCSV)
+            if (noRenegExt && noRenegSCSV)
             {
                 // TODO Consider whether to default to a client extension instead
 //                this.clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(this.clientExtensions);
@@ -859,6 +898,17 @@ public class TlsClientProtocol
                 this.offeredCipherSuites = Arrays.append(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
             }
 
+            /*
+             * draft-ietf-tls-downgrade-scsv-00 4. If a client sends a ClientHello.client_version
+             * containing a lower value than the latest (highest-valued) version supported by the
+             * client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value in
+             * ClientHello.cipher_suites.
+             */
+            if (fallback && !Arrays.contains(offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV))
+            {
+                this.offeredCipherSuites = Arrays.append(offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
+            }
+
             TlsUtils.writeUint16ArrayWithUint16Length(offeredCipherSuites, message);
         }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsContext.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsContext.java
index 04781ef..b3d7d98 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsContext.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsContext.java
@@ -2,8 +2,12 @@ package org.bouncycastle.crypto.tls;
 
 import java.security.SecureRandom;
 
+import org.bouncycastle.crypto.prng.RandomGenerator;
+
 public interface TlsContext
 {
+    RandomGenerator getNonceRandomGenerator();
+
     SecureRandom getSecureRandom();
 
     SecurityParameters getSecurityParameters();
@@ -20,7 +24,7 @@ public interface TlsContext
      * 
      * @return A {@link TlsSession} representing the resumable session used by this connection, or
      *         null if no resumable session available.
-     * @see {@link TlsPeer#notifyHandshakeComplete()}
+     * @see TlsPeer#notifyHandshakeComplete()
      */
     TlsSession getResumableSession();
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
index 0abaee6..d469ca6 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
@@ -42,30 +42,16 @@ public class TlsDHEKeyExchange
 
         DigestInputBuffer buf = new DigestInputBuffer();
 
-        this.dhAgreeServerPrivateKey = TlsDHUtils.generateEphemeralServerKeyExchange(context.getSecureRandom(),
+        this.dhAgreePrivateKey = TlsDHUtils.generateEphemeralServerKeyExchange(context.getSecureRandom(),
             this.dhParameters, buf);
 
         /*
          * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
          */
-        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
-        Digest d;
+        SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(
+            context, serverCredentials);
 
-        if (TlsUtils.isTLSv12(context))
-        {
-            signatureAndHashAlgorithm = serverCredentials.getSignatureAndHashAlgorithm();
-            if (signatureAndHashAlgorithm == null)
-            {
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-            }
-
-            d = TlsUtils.createHash(signatureAndHashAlgorithm.getHash());
-        }
-        else
-        {
-            signatureAndHashAlgorithm = null;
-            d = new CombinedHash();
-        }
+        Digest d = TlsUtils.createHash(signatureAndHashAlgorithm);
 
         SecurityParameters securityParameters = context.getSecurityParameters();
         d.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
@@ -91,7 +77,7 @@ public class TlsDHEKeyExchange
         SignerInputBuffer buf = new SignerInputBuffer();
         InputStream teeIn = new TeeInputStream(input, buf);
 
-        ServerDHParams params = ServerDHParams.parse(teeIn);
+        ServerDHParams dhParams = ServerDHParams.parse(teeIn);
 
         DigitallySigned signed_params = DigitallySigned.parse(context, input);
 
@@ -102,7 +88,8 @@ public class TlsDHEKeyExchange
             throw new TlsFatalAlert(AlertDescription.decrypt_error);
         }
 
-        this.dhAgreeServerPublicKey = TlsDHUtils.validateDHPublicKey(params.getPublicKey());
+        this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(dhParams.getPublicKey());
+        this.dhParameters = dhAgreePublicKey.getParameters();
     }
 
     protected Signer initVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm, SecurityParameters securityParameters)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
index 7d79f6a..2662fda 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
@@ -1,6 +1,7 @@
 package org.bouncycastle.crypto.tls;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
 import java.math.BigInteger;
 import java.util.Vector;
@@ -14,24 +15,19 @@ import org.bouncycastle.crypto.params.DHPublicKeyParameters;
 import org.bouncycastle.crypto.util.PublicKeyFactory;
 
 /**
- * TLS 1.0/1.1 DH key exchange.
+ * (D)TLS DH key exchange.
  */
 public class TlsDHKeyExchange
     extends AbstractTlsKeyExchange
 {
-    protected static final BigInteger ONE = BigInteger.valueOf(1);
-    protected static final BigInteger TWO = BigInteger.valueOf(2);
-
     protected TlsSigner tlsSigner;
     protected DHParameters dhParameters;
 
     protected AsymmetricKeyParameter serverPublicKey;
-    protected DHPublicKeyParameters dhAgreeServerPublicKey;
     protected TlsAgreementCredentials agreementCredentials;
-    protected DHPrivateKeyParameters dhAgreeClientPrivateKey;
 
-    protected DHPrivateKeyParameters dhAgreeServerPrivateKey;
-    protected DHPublicKeyParameters dhAgreeClientPublicKey;
+    protected DHPrivateKeyParameters dhAgreePrivateKey;
+    protected DHPublicKeyParameters dhAgreePublicKey;
 
     public TlsDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters)
     {
@@ -89,18 +85,18 @@ public class TlsDHKeyExchange
         }
         catch (RuntimeException e)
         {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
+            throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
         }
 
         if (tlsSigner == null)
         {
             try
             {
-                this.dhAgreeServerPublicKey = TlsDHUtils.validateDHPublicKey((DHPublicKeyParameters)this.serverPublicKey);
+                this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey((DHPublicKeyParameters)this.serverPublicKey);
             }
             catch (ClassCastException e)
             {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
             }
 
             TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyAgreement);
@@ -180,27 +176,41 @@ public class TlsDHKeyExchange
          */
         if (agreementCredentials == null)
         {
-            this.dhAgreeClientPrivateKey = TlsDHUtils.generateEphemeralClientKeyExchange(context.getSecureRandom(),
-                dhAgreeServerPublicKey.getParameters(), output);
+            this.dhAgreePrivateKey = TlsDHUtils.generateEphemeralClientKeyExchange(context.getSecureRandom(),
+                dhParameters, output);
         }
     }
 
-    public byte[] generatePremasterSecret()
-        throws IOException
+    public void processClientCertificate(Certificate clientCertificate) throws IOException
     {
-        if (agreementCredentials != null)
+        // TODO Extract the public key
+        // TODO If the certificate is 'fixed', take the public key as dhAgreeClientPublicKey
+    }
+
+    public void processClientKeyExchange(InputStream input) throws IOException
+    {
+        if (dhAgreePublicKey != null)
         {
-            return agreementCredentials.generateAgreement(dhAgreeServerPublicKey);
+            // For dss_fixed_dh and rsa_fixed_dh, the key arrived in the client certificate
+            return;
         }
 
-        if (dhAgreeServerPrivateKey != null)
+        BigInteger Yc = TlsDHUtils.readDHParameter(input);
+        
+        this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(Yc, dhParameters));
+    }
+
+    public byte[] generatePremasterSecret()
+        throws IOException
+    {
+        if (agreementCredentials != null)
         {
-            return TlsDHUtils.calculateDHBasicAgreement(dhAgreeClientPublicKey, dhAgreeServerPrivateKey);
+            return agreementCredentials.generateAgreement(dhAgreePublicKey);
         }
 
-        if (dhAgreeClientPrivateKey != null)
+        if (dhAgreePrivateKey != null)
         {
-            return TlsDHUtils.calculateDHBasicAgreement(dhAgreeServerPublicKey, dhAgreeClientPrivateKey);
+            return TlsDHUtils.calculateDHBasicAgreement(dhAgreePublicKey, dhAgreePrivateKey);
         }
 
         throw new TlsFatalAlert(AlertDescription.internal_error);
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHUtils.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHUtils.java
index 748c879..eef27a4 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHUtils.java
@@ -1,10 +1,12 @@
 package org.bouncycastle.crypto.tls;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.math.BigInteger;
 import java.security.SecureRandom;
+import java.util.Hashtable;
 
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
 import org.bouncycastle.crypto.agreement.DHBasicAgreement;
@@ -14,12 +16,405 @@ import org.bouncycastle.crypto.params.DHParameters;
 import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
 import org.bouncycastle.crypto.params.DHPublicKeyParameters;
 import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.Integers;
+import org.bouncycastle.util.encoders.Hex;
 
 public class TlsDHUtils
 {
-    static final BigInteger ONE = BigInteger.valueOf(1);
     static final BigInteger TWO = BigInteger.valueOf(2);
 
+    public static final Integer EXT_negotiated_ff_dhe_groups = Integers.valueOf(ExtensionType.negotiated_ff_dhe_groups);
+
+    /*
+     * TODO[draft-ietf-tls-negotiated-ff-dhe-01] Move these groups to DHStandardGroups once reaches RFC
+     */
+    private static BigInteger fromHex(String hex)
+    {
+        return new BigInteger(1, Hex.decode(hex));
+    }
+
+    private static DHParameters fromSafeP(String hexP)
+    {
+        BigInteger p = fromHex(hexP), q = p.shiftRight(1);
+        return new DHParameters(p, TWO, q);
+    }
+
+    private static final String draft_ffdhe2432_p =
+          "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+        + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9"
+        + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+        + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935"
+        + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+        + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB"
+        + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+        + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61"
+        + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+        + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA"
+        + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238"
+        + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C"
+        + "AEFE13098533C8B3FFFFFFFFFFFFFFFF";
+    static final DHParameters draft_ffdhe2432 = fromSafeP(draft_ffdhe2432_p);
+
+    private static final String draft_ffdhe3072_p =
+          "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+        + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9"
+        + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+        + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935"
+        + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+        + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB"
+        + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+        + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61"
+        + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+        + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA"
+        + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238"
+        + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C"
+        + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3"
+        + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D"
+        + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF"
+        + "3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF";
+    static final DHParameters draft_ffdhe3072 = fromSafeP(draft_ffdhe3072_p);
+
+    private static final String draft_ffdhe4096_p =
+          "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+        + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9"
+        + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+        + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935"
+        + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+        + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB"
+        + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+        + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61"
+        + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+        + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA"
+        + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238"
+        + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C"
+        + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3"
+        + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D"
+        + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF"
+        + "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB"
+        + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004"
+        + "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832"
+        + "A907600A918130C46DC778F971AD0038092999A333CB8B7A"
+        + "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF"
+        + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A"
+        + "FFFFFFFFFFFFFFFF";
+    static final DHParameters draft_ffdhe4096 = fromSafeP(draft_ffdhe4096_p);
+
+    private static final String draft_ffdhe6144_p =
+          "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+        + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9"
+        + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+        + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935"
+        + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+        + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB"
+        + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+        + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61"
+        + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+        + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA"
+        + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238"
+        + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C"
+        + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3"
+        + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D"
+        + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF"
+        + "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB"
+        + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004"
+        + "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832"
+        + "A907600A918130C46DC778F971AD0038092999A333CB8B7A"
+        + "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF"
+        + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902"
+        + "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6"
+        + "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A"
+        + "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477"
+        + "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3"
+        + "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4"
+        + "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6"
+        + "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C"
+        + "D72B03746AE77F5E62292C311562A846505DC82DB854338A"
+        + "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04"
+        + "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1"
+        + "A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF";
+    static final DHParameters draft_ffdhe6144 = fromSafeP(draft_ffdhe6144_p);
+
+    private static final String draft_ffdhe8192_p =
+          "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+        + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9"
+        + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+        + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935"
+        + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+        + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB"
+        + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+        + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61"
+        + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+        + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA"
+        + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238"
+        + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C"
+        + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3"
+        + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D"
+        + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF"
+        + "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB"
+        + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004"
+        + "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832"
+        + "A907600A918130C46DC778F971AD0038092999A333CB8B7A"
+        + "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF"
+        + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902"
+        + "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6"
+        + "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A"
+        + "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477"
+        + "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3"
+        + "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4"
+        + "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6"
+        + "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C"
+        + "D72B03746AE77F5E62292C311562A846505DC82DB854338A"
+        + "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04"
+        + "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1"
+        + "A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C838"
+        + "1E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E"
+        + "0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665"
+        + "CB2C0F1CC01BD70229388839D2AF05E454504AC78B758282"
+        + "2846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022"
+        + "BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C"
+        + "51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9"
+        + "D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA457"
+        + "1EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30"
+        + "FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D"
+        + "97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88C"
+        + "D68C8BB7C5C6424CFFFFFFFFFFFFFFFF";
+    static final DHParameters draft_ffdhe8192 = fromSafeP(draft_ffdhe8192_p);
+
+    
+    public static void addNegotiatedDHEGroupsClientExtension(Hashtable extensions, short[] dheGroups)
+        throws IOException
+    {
+        extensions.put(EXT_negotiated_ff_dhe_groups, createNegotiatedDHEGroupsClientExtension(dheGroups));
+    }
+
+    public static void addNegotiatedDHEGroupsServerExtension(Hashtable extensions, short dheGroup)
+        throws IOException
+    {
+        extensions.put(EXT_negotiated_ff_dhe_groups, createNegotiatedDHEGroupsServerExtension(dheGroup));
+    }
+
+    public static short[] getNegotiatedDHEGroupsClientExtension(Hashtable extensions) throws IOException
+    {
+        byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_negotiated_ff_dhe_groups);
+        return extensionData == null ? null : readNegotiatedDHEGroupsClientExtension(extensionData);
+    }
+
+    public static short getNegotiatedDHEGroupsServerExtension(Hashtable extensions) throws IOException
+    {
+        byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_negotiated_ff_dhe_groups);
+        return extensionData == null ? -1 : readNegotiatedDHEGroupsServerExtension(extensionData);
+    }
+
+    public static byte[] createNegotiatedDHEGroupsClientExtension(short[] dheGroups) throws IOException
+    {
+        if (dheGroups == null || dheGroups.length < 1 || dheGroups.length > 255)
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        return TlsUtils.encodeUint8ArrayWithUint8Length(dheGroups);
+    }
+
+    public static byte[] createNegotiatedDHEGroupsServerExtension(short dheGroup) throws IOException
+    {
+        TlsUtils.checkUint8(dheGroup);
+
+        byte[] extensionData = new byte[1];
+        TlsUtils.writeUint8(dheGroup, extensionData, 0);
+        return extensionData;
+    }
+
+    public static short[] readNegotiatedDHEGroupsClientExtension(byte[] extensionData) throws IOException
+    {
+        if (extensionData == null)
+        {
+            throw new IllegalArgumentException("'extensionData' cannot be null");
+        }
+
+        ByteArrayInputStream buf = new ByteArrayInputStream(extensionData);
+
+        short length = TlsUtils.readUint8(buf);
+        if (length < 1)
+        {
+            throw new TlsFatalAlert(AlertDescription.decode_error);
+        }
+
+        short[] dheGroups = TlsUtils.readUint8Array(length, buf);
+
+        TlsProtocol.assertEmpty(buf);
+
+        return dheGroups;
+    }
+
+    public static short readNegotiatedDHEGroupsServerExtension(byte[] extensionData) throws IOException
+    {
+        if (extensionData == null)
+        {
+            throw new IllegalArgumentException("'extensionData' cannot be null");
+        }
+
+        if (extensionData.length != 1)
+        {
+            throw new TlsFatalAlert(AlertDescription.decode_error);
+        }
+
+        return TlsUtils.readUint8(extensionData, 0);
+    }
+
+    public static DHParameters getParametersForDHEGroup(short dheGroup)
+    {
+        switch (dheGroup)
+        {
+        case FiniteFieldDHEGroup.ffdhe2432:
+            return draft_ffdhe2432;
+        case FiniteFieldDHEGroup.ffdhe3072:
+            return draft_ffdhe3072;
+        case FiniteFieldDHEGroup.ffdhe4096:
+            return draft_ffdhe4096;
+        case FiniteFieldDHEGroup.ffdhe6144:
+            return draft_ffdhe6144;
+        case FiniteFieldDHEGroup.ffdhe8192:
+            return draft_ffdhe8192;
+        default:
+            return null;
+        }
+    }
+
+    public static boolean containsDHECipherSuites(int[] cipherSuites)
+    {
+        for (int i = 0; i < cipherSuites.length; ++i)
+        {
+            if (isDHECipherSuite(cipherSuites[i]))
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    public static boolean isDHECipherSuite(int cipherSuite)
+    {
+        switch (cipherSuite)
+        {
+        /*
+         * RFC 2246
+         */
+        case CipherSuite.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_DES_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_DES_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+
+        /*
+         * RFC 3268
+         */
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
+
+        /*
+         * RFC 5932
+         */
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+
+        /*
+         * RFC 4162
+         */
+        case CipherSuite.TLS_DHE_DSS_WITH_SEED_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA:
+
+        /*
+         * RFC 4279
+         */
+        case CipherSuite.TLS_DHE_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
+
+        /*
+         * RFC 4785
+         */
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA:
+
+        /*
+         * RFC 5246
+         */
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
+
+        /*
+         * RFC 5288
+         */
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
+
+        /*
+         * RFC 5487
+         */
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA384:
+
+        /*
+         * RFC 6367
+         */
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+
+        /*
+         * RFC 6655
+         */
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8:
+
+        /*
+         * draft-agl-tls-chacha20poly1305-04
+         */
+        case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+
+        /*
+         * draft-josefsson-salsa20-tls-04
+         */
+        case CipherSuite.TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_DHE_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_DHE_RSA_WITH_SALSA20_SHA1:
+
+            return true;
+
+        default:
+            return false;
+        }
+    }
+
     public static boolean areCompatibleParameters(DHParameters a, DHParameters b)
     {
         return a.getP().equals(b.getP()) && a.getG().equals(b.getG());
@@ -50,8 +445,8 @@ public class TlsDHUtils
     {
         AsymmetricCipherKeyPair kp = generateDHKeyPair(random, dhParams);
 
-        DHPublicKeyParameters dh_public = (DHPublicKeyParameters) kp.getPublic();
-        writeDHParameter(dh_public.getY(), output);
+        DHPublicKeyParameters dhPublic = (DHPublicKeyParameters) kp.getPublic();
+        writeDHParameter(dhPublic.getY(), output);
 
         return (DHPrivateKeyParameters) kp.getPrivate();
     }
@@ -59,11 +454,10 @@ public class TlsDHUtils
     public static DHPrivateKeyParameters generateEphemeralServerKeyExchange(SecureRandom random, DHParameters dhParams,
         OutputStream output) throws IOException
     {
-        AsymmetricCipherKeyPair kp = TlsDHUtils.generateDHKeyPair(random, dhParams);
+        AsymmetricCipherKeyPair kp = generateDHKeyPair(random, dhParams);
 
-        DHPublicKeyParameters dhPublicKey = (DHPublicKeyParameters)kp.getPublic();
-        ServerDHParams params = new ServerDHParams(dhPublicKey);
-        params.encode(output);
+        DHPublicKeyParameters dhPublic = (DHPublicKeyParameters)kp.getPublic();
+        new ServerDHParams(dhPublic).encode(output);
 
         return (DHPrivateKeyParameters)kp.getPrivate();
     }
@@ -83,7 +477,7 @@ public class TlsDHUtils
         {
             throw new TlsFatalAlert(AlertDescription.illegal_parameter);
         }
-        if (Y.compareTo(TWO) < 0 || Y.compareTo(p.subtract(ONE)) > 0)
+        if (Y.compareTo(TWO) < 0 || Y.compareTo(p.subtract(TWO)) > 0)
         {
             throw new TlsFatalAlert(AlertDescription.illegal_parameter);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java
index 4cb8004..7d068bf 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDSASigner.java
@@ -50,7 +50,7 @@ public abstract class TlsDSASigner
 
     public Signer createSigner(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter privateKey)
     {
-        return makeSigner(algorithm, false, true, new ParametersWithRandom(privateKey, this.context.getSecureRandom()));
+        return makeSigner(algorithm, false, true, privateKey);
     }
 
     public Signer createVerifyer(SignatureAndHashAlgorithm algorithm, AsymmetricKeyParameter publicKey)
@@ -58,6 +58,11 @@ public abstract class TlsDSASigner
         return makeSigner(algorithm, false, false, publicKey);
     }
 
+    protected CipherParameters makeInitParameters(boolean forSigning, CipherParameters cp)
+    {
+        return cp;
+    }
+
     protected Signer makeSigner(SignatureAndHashAlgorithm algorithm, boolean raw, boolean forSigning,
         CipherParameters cp)
     {
@@ -66,20 +71,20 @@ public abstract class TlsDSASigner
             throw new IllegalStateException();
         }
 
-        if (algorithm != null
-            && (algorithm.getHash() != HashAlgorithm.sha1 || algorithm.getSignature() != getSignatureAlgorithm()))
+        if (algorithm != null && algorithm.getSignature() != getSignatureAlgorithm())
         {
             throw new IllegalStateException();
         }
 
-        Digest d = raw ? new NullDigest() : TlsUtils.createHash(HashAlgorithm.sha1);
+        short hashAlgorithm = algorithm == null ? HashAlgorithm.sha1 : algorithm.getHash();
+        Digest d = raw ? new NullDigest() : TlsUtils.createHash(hashAlgorithm);
 
-        Signer s = new DSADigestSigner(createDSAImpl(), d);
-        s.init(forSigning, cp);
+        Signer s = new DSADigestSigner(createDSAImpl(hashAlgorithm), d);
+        s.init(forSigning, makeInitParameters(forSigning, cp));
         return s;
     }
 
     protected abstract short getSignatureAlgorithm();
 
-    protected abstract DSA createDSAImpl();
+    protected abstract DSA createDSAImpl(short hashAlgorithm);
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDSSSigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDSSSigner.java
index cb698bf..2914b7e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDSSSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDSSSigner.java
@@ -4,6 +4,7 @@ import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
 import org.bouncycastle.crypto.signers.DSASigner;
+import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
 
 public class TlsDSSSigner
     extends TlsDSASigner
@@ -13,9 +14,9 @@ public class TlsDSSSigner
         return publicKey instanceof DSAPublicKeyParameters;
     }
 
-    protected DSA createDSAImpl()
+    protected DSA createDSAImpl(short hashAlgorithm)
     {
-        return new DSASigner();
+        return new DSASigner(new HMacDSAKCalculator(TlsUtils.createHash(hashAlgorithm)));
     }
 
     protected short getSignatureAlgorithm()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java
index 3e7ef39..de562ea 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java
@@ -12,14 +12,17 @@ import org.bouncycastle.asn1.x9.ECNamedCurveTable;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
 import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
+import org.bouncycastle.crypto.ec.CustomNamedCurves;
 import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.math.ec.ECFieldElement;
 import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.field.PolynomialExtensionField;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.BigIntegers;
 import org.bouncycastle.util.Integers;
@@ -29,7 +32,7 @@ public class TlsECCUtils
     public static final Integer EXT_elliptic_curves = Integers.valueOf(ExtensionType.elliptic_curves);
     public static final Integer EXT_ec_point_formats = Integers.valueOf(ExtensionType.ec_point_formats);
 
-    private static final String[] curveNames = new String[] { "sect163k1", "sect163r1", "sect163r2", "sect193r1",
+    private static final String[] CURVE_NAMES = new String[] { "sect163k1", "sect163r1", "sect163r2", "sect193r1",
         "sect193r2", "sect233k1", "sect233r1", "sect239k1", "sect283k1", "sect283r1", "sect409k1", "sect409r1",
         "sect571k1", "sect571r1", "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "secp224k1",
         "secp224r1", "secp256k1", "secp256r1", "secp384r1", "secp521r1",
@@ -70,11 +73,7 @@ public class TlsECCUtils
 
     public static byte[] createSupportedPointFormatsExtension(short[] ecPointFormats) throws IOException
     {
-        if (ecPointFormats == null)
-        {
-            ecPointFormats = new short[] { ECPointFormat.uncompressed };
-        }
-        else if (!Arrays.contains(ecPointFormats, ECPointFormat.uncompressed))
+        if (ecPointFormats == null || !Arrays.contains(ecPointFormats, ECPointFormat.uncompressed))
         {
             /*
              * RFC 4492 5.1. If the Supported Point Formats Extension is indeed sent, it MUST
@@ -82,11 +81,7 @@ public class TlsECCUtils
              */
 
             // NOTE: We add it at the end (lowest preference)
-            short[] tmp = new short[ecPointFormats.length + 1];
-            System.arraycopy(ecPointFormats, 0, tmp, 0, ecPointFormats.length);
-            tmp[ecPointFormats.length] = ECPointFormat.uncompressed;
-
-            ecPointFormats = tmp;
+            ecPointFormats = Arrays.append(ecPointFormats, ECPointFormat.uncompressed);
         }
 
         return TlsUtils.encodeUint8ArrayWithUint8Length(ecPointFormats);
@@ -147,7 +142,7 @@ public class TlsECCUtils
 
     public static String getNameOfNamedCurve(int namedCurve)
     {
-        return isSupportedNamedCurve(namedCurve) ? curveNames[namedCurve - 1] : null;
+        return isSupportedNamedCurve(namedCurve) ? CURVE_NAMES[namedCurve - 1] : null;
     }
 
     public static ECDomainParameters getParametersForNamedCurve(int namedCurve)
@@ -158,12 +153,16 @@ public class TlsECCUtils
             return null;
         }
 
-        // Lazily created the first time a particular curve is accessed
-        X9ECParameters ecP = ECNamedCurveTable.getByName(curveName);
+        // Parameters are lazily created the first time a particular curve is accessed
 
+        X9ECParameters ecP = CustomNamedCurves.getByName(curveName);
         if (ecP == null)
         {
-            return null;
+            ecP = ECNamedCurveTable.getByName(curveName);
+            if (ecP == null)
+            {
+                return null;
+            }
         }
 
         // It's a bit inefficient to do this conversion every time
@@ -172,7 +171,7 @@ public class TlsECCUtils
 
     public static boolean hasAnySupportedNamedCurves()
     {
-        return curveNames.length > 0;
+        return CURVE_NAMES.length > 0;
     }
 
     public static boolean containsECCCipherSuites(int[] cipherSuites)
@@ -254,20 +253,52 @@ public class TlsECCUtils
         case CipherSuite.TLS_ECDHE_PSK_WITH_RC4_128_SHA:
 
         /*
-         * draft-josefsson-salsa20-tls-02 
+         * RFC 6367
+         */
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+
+        /*
+         * RFC 7251
+         */
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
+
+        /*
+         * draft-agl-tls-chacha20poly1305-04
+         */
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+
+        /*
+         * draft-josefsson-salsa20-tls-04 
          */
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_PSK_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_PSK_WITH_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_UMAC96:
         case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1:
-        case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_UMAC96:
 
             return true;
 
@@ -285,7 +316,7 @@ public class TlsECCUtils
 
     public static boolean isSupportedNamedCurve(int namedCurve)
     {
-        return (namedCurve > 0 && namedCurve <= curveNames.length);
+        return (namedCurve > 0 && namedCurve <= CURVE_NAMES.length);
     }
 
     public static boolean isCompressionPreferred(short[] ecPointFormats, short compressionFormat)
@@ -325,13 +356,13 @@ public class TlsECCUtils
          * used.
          */
         boolean compressed = false;
-        if (curve instanceof ECCurve.F2m)
+        if (ECAlgorithms.isFpCurve(curve))
         {
-            compressed = isCompressionPreferred(ecPointFormats, ECPointFormat.ansiX962_compressed_char2);
+            compressed = isCompressionPreferred(ecPointFormats, ECPointFormat.ansiX962_compressed_prime);
         }
-        else if (curve instanceof ECCurve.Fp)
+        else if (ECAlgorithms.isF2mCurve(curve))
         {
-            compressed = isCompressionPreferred(ecPointFormats, ECPointFormat.ansiX962_compressed_prime);
+            compressed = isCompressionPreferred(ecPointFormats, ECPointFormat.ansiX962_compressed_char2);
         }
         return point.getEncoded(compressed);
     }
@@ -354,12 +385,49 @@ public class TlsECCUtils
 
     public static ECPoint deserializeECPoint(short[] ecPointFormats, ECCurve curve, byte[] encoding) throws IOException
     {
-        /*
-         * NOTE: Here we implicitly decode compressed or uncompressed encodings. DefaultTlsClient by
-         * default is set up to advertise that we can parse any encoding so this works fine, but
-         * extra checks might be needed here if that were changed.
-         */
-        // TODO Review handling of infinity and hybrid encodings
+        if (encoding == null || encoding.length < 1)
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+
+        short actualFormat;
+        switch (encoding[0])
+        {
+        case 0x02: // compressed
+        case 0x03: // compressed
+        {
+            if (ECAlgorithms.isF2mCurve(curve))
+            {
+                actualFormat = ECPointFormat.ansiX962_compressed_char2;
+            }
+            else if (ECAlgorithms.isFpCurve(curve))
+            {
+                actualFormat = ECPointFormat.ansiX962_compressed_prime;
+            }
+            else
+            {
+                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            }
+            break;
+        }
+        case 0x04: // uncompressed
+        {
+            actualFormat = ECPointFormat.uncompressed;
+            break;
+        }
+        case 0x00: // infinity
+        case 0x06: // hybrid
+        case 0x07: // hybrid
+        default:
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+
+        if (actualFormat != ECPointFormat.uncompressed
+            && (ecPointFormats == null || !Arrays.contains(ecPointFormats, actualFormat)))
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+
         return curve.decodePoint(encoding);
     }
 
@@ -373,7 +441,7 @@ public class TlsECCUtils
         }
         catch (RuntimeException e)
         {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
         }
     }
 
@@ -401,7 +469,7 @@ public class TlsECCUtils
     public static ECPrivateKeyParameters generateEphemeralClientKeyExchange(SecureRandom random, short[] ecPointFormats,
         ECDomainParameters ecParams, OutputStream output) throws IOException
     {
-        AsymmetricCipherKeyPair kp = TlsECCUtils.generateECKeyPair(random, ecParams);
+        AsymmetricCipherKeyPair kp = generateECKeyPair(random, ecParams);
 
         ECPublicKeyParameters ecPublicKey = (ECPublicKeyParameters) kp.getPublic();
         writeECPoint(ecPointFormats, ecPublicKey.getQ(), output);
@@ -409,6 +477,69 @@ public class TlsECCUtils
         return (ECPrivateKeyParameters) kp.getPrivate();
     }
 
+    // TODO Refactor around ServerECDHParams before making this public
+    static ECPrivateKeyParameters generateEphemeralServerKeyExchange(SecureRandom random, int[] namedCurves,
+        short[] ecPointFormats, OutputStream output) throws IOException
+    {
+        /* First we try to find a supported named curve from the client's list. */
+        int namedCurve = -1;
+        if (namedCurves == null)
+        {
+            // TODO Let the peer choose the default named curve
+            namedCurve = NamedCurve.secp256r1;
+        }
+        else
+        {
+            for (int i = 0; i < namedCurves.length; ++i)
+            {
+                int entry = namedCurves[i];
+                if (NamedCurve.isValid(entry) && isSupportedNamedCurve(entry))
+                {
+                    namedCurve = entry;
+                    break;
+                }
+            }
+        }
+
+        ECDomainParameters ecParams = null;
+        if (namedCurve >= 0)
+        {
+            ecParams = getParametersForNamedCurve(namedCurve);
+        }
+        else
+        {
+            /* If no named curves are suitable, check if the client supports explicit curves. */
+            if (Arrays.contains(namedCurves, NamedCurve.arbitrary_explicit_prime_curves))
+            {
+                ecParams = getParametersForNamedCurve(NamedCurve.secp256r1);
+            }
+            else if (Arrays.contains(namedCurves, NamedCurve.arbitrary_explicit_char2_curves))
+            {
+                ecParams = getParametersForNamedCurve(NamedCurve.sect283r1);
+            }
+        }
+
+        if (ecParams == null)
+        {
+            /*
+             * NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find
+             * a suitable curve.
+             */
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        if (namedCurve < 0)
+        {
+            writeExplicitECParameters(ecPointFormats, ecParams, output);
+        }
+        else
+        {
+            writeNamedECParameters(namedCurve, output);
+        }
+
+        return generateEphemeralClientKeyExchange(random, ecPointFormats, ecParams, output);
+    }
+
     public static ECPublicKeyParameters validateECPublicKey(ECPublicKeyParameters key) throws IOException
     {
         // TODO Check RFC 4492 for validation
@@ -456,10 +587,11 @@ public class TlsECCUtils
                 BigInteger prime_p = readECParameter(input);
                 BigInteger a = readECFieldElement(prime_p.bitLength(), input);
                 BigInteger b = readECFieldElement(prime_p.bitLength(), input);
-                ECCurve curve = new ECCurve.Fp(prime_p, a, b);
-                ECPoint base = deserializeECPoint(ecPointFormats, curve, TlsUtils.readOpaque8(input));
+                byte[] baseEncoding = TlsUtils.readOpaque8(input);
                 BigInteger order = readECParameter(input);
                 BigInteger cofactor = readECParameter(input);
+                ECCurve curve = new ECCurve.Fp(prime_p, a, b, order, cofactor);
+                ECPoint base = deserializeECPoint(ecPointFormats, curve, baseEncoding);
                 return new ECDomainParameters(curve, base, order, cofactor);
             }
             case ECCurveType.explicit_char2:
@@ -468,32 +600,30 @@ public class TlsECCUtils
 
                 int m = TlsUtils.readUint16(input);
                 short basis = TlsUtils.readUint8(input);
-                ECCurve curve;
-                switch (basis) {
-                case ECBasisType.ec_basis_trinomial:
+                if (!ECBasisType.isValid(basis))
                 {
-                    int k = readECExponent(m, input);
-                    BigInteger a = readECFieldElement(m, input);
-                    BigInteger b = readECFieldElement(m, input);
-                    curve = new ECCurve.F2m(m, k, a, b);
-                    break;
+                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
                 }
-                case ECBasisType.ec_basis_pentanomial:
+
+                int k1 = readECExponent(m, input), k2 = -1, k3 = -1;
+                if (basis == ECBasisType.ec_basis_pentanomial)
                 {
-                    int k1 = readECExponent(m, input);
-                    int k2 = readECExponent(m, input);
-                    int k3 = readECExponent(m, input);
-                    BigInteger a = readECFieldElement(m, input);
-                    BigInteger b = readECFieldElement(m, input);
-                    curve = new ECCurve.F2m(m, k1, k2, k3, a, b);
-                    break;
-                }
-                default:
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+                    k2 = readECExponent(m, input);
+                    k3 = readECExponent(m, input);
                 }
-                ECPoint base = deserializeECPoint(ecPointFormats, curve, TlsUtils.readOpaque8(input));
+
+                BigInteger a = readECFieldElement(m, input);
+                BigInteger b = readECFieldElement(m, input);
+                byte[] baseEncoding = TlsUtils.readOpaque8(input);
                 BigInteger order = readECParameter(input);
                 BigInteger cofactor = readECParameter(input);
+
+                ECCurve curve = (basis == ECBasisType.ec_basis_pentanomial)
+                    ? new ECCurve.F2m(m, k1, k2, k3, a, b, order, cofactor)
+                    : new ECCurve.F2m(m, k1, a, b, order, cofactor);
+
+                ECPoint base = deserializeECPoint(ecPointFormats, curve, baseEncoding);
+
                 return new ECDomainParameters(curve, base, order, cofactor);
             }
             case ECCurveType.named_curve:
@@ -511,7 +641,7 @@ public class TlsECCUtils
 
                 checkNamedCurve(namedCurves, namedCurve);
 
-                return TlsECCUtils.getParametersForNamedCurve(namedCurve);
+                return getParametersForNamedCurve(namedCurve);
             }
             default:
                 throw new TlsFatalAlert(AlertDescription.illegal_parameter);
@@ -519,7 +649,7 @@ public class TlsECCUtils
         }
         catch (RuntimeException e)
         {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
         }
     }
 
@@ -561,35 +691,40 @@ public class TlsECCUtils
         OutputStream output) throws IOException
     {
         ECCurve curve = ecParameters.getCurve();
-        if (curve instanceof ECCurve.Fp)
+
+        if (ECAlgorithms.isFpCurve(curve))
         {
             TlsUtils.writeUint8(ECCurveType.explicit_prime, output);
 
-            ECCurve.Fp fp = (ECCurve.Fp) curve;
-            writeECParameter(fp.getQ(), output);
+            writeECParameter(curve.getField().getCharacteristic(), output);
         }
-        else if (curve instanceof ECCurve.F2m)
+        else if (ECAlgorithms.isF2mCurve(curve))
         {
+            PolynomialExtensionField field = (PolynomialExtensionField)curve.getField();
+            int[] exponents = field.getMinimalPolynomial().getExponentsPresent();
+
             TlsUtils.writeUint8(ECCurveType.explicit_char2, output);
 
-            ECCurve.F2m f2m = (ECCurve.F2m) curve;
-            int m = f2m.getM();
+            int m = exponents[exponents.length - 1];
             TlsUtils.checkUint16(m);
             TlsUtils.writeUint16(m, output);
 
-            if (f2m.isTrinomial())
+            if (exponents.length == 3)
             {
                 TlsUtils.writeUint8(ECBasisType.ec_basis_trinomial, output);
-                writeECExponent(f2m.getK1(), output);
+                writeECExponent(exponents[1], output);
             }
-            else
+            else if (exponents.length == 5)
             {
                 TlsUtils.writeUint8(ECBasisType.ec_basis_pentanomial, output);
-                writeECExponent(f2m.getK1(), output);
-                writeECExponent(f2m.getK2(), output);
-                writeECExponent(f2m.getK3(), output);
+                writeECExponent(exponents[1], output);
+                writeECExponent(exponents[2], output);
+                writeECExponent(exponents[3], output);
+            }
+            else
+            {
+                throw new IllegalArgumentException("Only trinomial and pentomial curves are supported");
             }
-
         }
         else
         {
@@ -605,7 +740,7 @@ public class TlsECCUtils
 
     public static void writeECPoint(short[] ecPointFormats, ECPoint point, OutputStream output) throws IOException
     {
-        TlsUtils.writeOpaque8(TlsECCUtils.serializeECPoint(ecPointFormats, point), output);
+        TlsUtils.writeOpaque8(serializeECPoint(ecPointFormats, point), output);
     }
 
     public static void writeNamedECParameters(int namedCurve, OutputStream output) throws IOException
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java
index d346ef4..c784080 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java
@@ -14,7 +14,7 @@ import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.io.TeeInputStream;
 
 /**
- * ECDHE key exchange (see RFC 4492)
+ * (D)TLS ECDHE key exchange (see RFC 4492).
  */
 public class TlsECDHEKeyExchange
     extends TlsECDHKeyExchange
@@ -43,95 +43,18 @@ public class TlsECDHEKeyExchange
     public byte[] generateServerKeyExchange()
         throws IOException
     {
-        /*
-         * First we try to find a supported named curve from the client's list.
-         */
-        int namedCurve = -1;
-        if (namedCurves == null)
-        {
-            // TODO Let the peer choose the default named curve
-            namedCurve = NamedCurve.secp256r1;
-        }
-        else
-        {
-            for (int i = 0; i < namedCurves.length; ++i)
-            {
-                int entry = namedCurves[i];
-                if (TlsECCUtils.isSupportedNamedCurve(entry))
-                {
-                    namedCurve = entry;
-                    break;
-                }
-            }
-        }
-
-        ECDomainParameters curve_params = null;
-        if (namedCurve >= 0)
-        {
-            curve_params = TlsECCUtils.getParametersForNamedCurve(namedCurve);
-        }
-        else
-        {
-            /*
-             * If no named curves are suitable, check if the client supports explicit curves.
-             */
-            if (Arrays.contains(namedCurves, NamedCurve.arbitrary_explicit_prime_curves))
-            {
-                curve_params = TlsECCUtils.getParametersForNamedCurve(NamedCurve.secp256r1);
-            }
-            else if (Arrays.contains(namedCurves, NamedCurve.arbitrary_explicit_char2_curves))
-            {
-                curve_params = TlsECCUtils.getParametersForNamedCurve(NamedCurve.sect283r1);
-            }
-        }
-
-        if (curve_params == null)
-        {
-            /*
-             * NOTE: We shouldn't have negotiated ECDHE key exchange since we apparently can't find
-             * a suitable curve.
-             */
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-
-        AsymmetricCipherKeyPair kp = TlsECCUtils.generateECKeyPair(context.getSecureRandom(), curve_params);
-        this.ecAgreePrivateKey = (ECPrivateKeyParameters)kp.getPrivate();
-
         DigestInputBuffer buf = new DigestInputBuffer();
 
-        if (namedCurve < 0)
-        {
-            TlsECCUtils.writeExplicitECParameters(clientECPointFormats, curve_params, buf);
-        }
-        else
-        {
-            TlsECCUtils.writeNamedECParameters(namedCurve, buf);
-        }
-
-        ECPublicKeyParameters ecPublicKey = (ECPublicKeyParameters) kp.getPublic();
-        TlsECCUtils.writeECPoint(clientECPointFormats, ecPublicKey.getQ(), buf);
+        this.ecAgreePrivateKey = TlsECCUtils.generateEphemeralServerKeyExchange(context.getSecureRandom(), namedCurves,
+            clientECPointFormats, buf);
 
         /*
          * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
          */
-        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
-        Digest d;
-
-        if (TlsUtils.isTLSv12(context))
-        {
-            signatureAndHashAlgorithm = serverCredentials.getSignatureAndHashAlgorithm();
-            if (signatureAndHashAlgorithm == null)
-            {
-                throw new TlsFatalAlert(AlertDescription.internal_error);
-            }
+        SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(
+            context, serverCredentials);
 
-            d = TlsUtils.createHash(signatureAndHashAlgorithm.getHash());
-        }
-        else
-        {
-            signatureAndHashAlgorithm = null;
-            d = new CombinedHash();
-        }
+        Digest d = TlsUtils.createHash(signatureAndHashAlgorithm);
 
         SecurityParameters securityParameters = context.getSecurityParameters();
         d.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDHKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDHKeyExchange.java
index 9456352..3248e78 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDHKeyExchange.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDHKeyExchange.java
@@ -14,7 +14,7 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.util.PublicKeyFactory;
 
 /**
- * ECDH key exchange (see RFC 4492)
+ * (D)TLS ECDH key exchange (see RFC 4492).
  */
 public class TlsECDHKeyExchange extends AbstractTlsKeyExchange
 {
@@ -49,7 +49,6 @@ public class TlsECDHKeyExchange extends AbstractTlsKeyExchange
             throw new IllegalArgumentException("unsupported key exchange algorithm");
         }
 
-        this.keyExchange = keyExchange;
         this.namedCurves = namedCurves;
         this.clientECPointFormats = clientECPointFormats;
         this.serverECPointFormats = serverECPointFormats;
@@ -86,7 +85,7 @@ public class TlsECDHKeyExchange extends AbstractTlsKeyExchange
         }
         catch (RuntimeException e)
         {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
+            throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
         }
 
         if (tlsSigner == null)
@@ -97,7 +96,7 @@ public class TlsECDHKeyExchange extends AbstractTlsKeyExchange
             }
             catch (ClassCastException e)
             {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
             }
 
             TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyAgreement);
@@ -159,7 +158,7 @@ public class TlsECDHKeyExchange extends AbstractTlsKeyExchange
         {
             // TODO Validate client cert has matching parameters (see 'TlsECCUtils.areOnSameCurve')?
 
-            this.agreementCredentials = (TlsAgreementCredentials) clientCredentials;
+            this.agreementCredentials = (TlsAgreementCredentials)clientCredentials;
         }
         else if (clientCredentials instanceof TlsSignerCredentials)
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDSASigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDSASigner.java
index d7f8064..aa4c546 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDSASigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsECDSASigner.java
@@ -4,6 +4,7 @@ import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.signers.ECDSASigner;
+import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
 
 public class TlsECDSASigner
     extends TlsDSASigner
@@ -13,9 +14,9 @@ public class TlsECDSASigner
         return publicKey instanceof ECPublicKeyParameters;
     }
 
-    protected DSA createDSAImpl()
+    protected DSA createDSAImpl(short hashAlgorithm)
     {
-        return new ECDSASigner();
+        return new ECDSASigner(new HMacDSAKCalculator(TlsUtils.createHash(hashAlgorithm)));
     }
 
     protected short getSignatureAlgorithm()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsEncryptionCredentials.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsEncryptionCredentials.java
index eddf684..f292896 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsEncryptionCredentials.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsEncryptionCredentials.java
@@ -2,8 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 import java.io.IOException;
 
-public interface TlsEncryptionCredentials
-    extends TlsCredentials
+public interface TlsEncryptionCredentials extends TlsCredentials
 {
     byte[] decryptPreMasterSecret(byte[] encryptedPreMasterSecret)
         throws IOException;
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java
index fbc39dd..8e50f57 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java
@@ -9,6 +9,8 @@ import org.bouncycastle.util.Integers;
 
 public class TlsExtensionsUtils
 {
+    public static final Integer EXT_encrypt_then_mac = Integers.valueOf(ExtensionType.encrypt_then_mac);
+    public static final Integer EXT_extended_master_secret = Integers.valueOf(ExtensionType.extended_master_secret);
     public static final Integer EXT_heartbeat = Integers.valueOf(ExtensionType.heartbeat);
     public static final Integer EXT_max_fragment_length = Integers.valueOf(ExtensionType.max_fragment_length);
     public static final Integer EXT_server_name = Integers.valueOf(ExtensionType.server_name);
@@ -20,6 +22,16 @@ public class TlsExtensionsUtils
         return extensions == null ? new Hashtable() : extensions;
     }
 
+    public static void addEncryptThenMACExtension(Hashtable extensions)
+    {
+        extensions.put(EXT_encrypt_then_mac, createEncryptThenMACExtension());
+    }
+
+    public static void addExtendedMasterSecretExtension(Hashtable extensions)
+    {
+        extensions.put(EXT_extended_master_secret, createExtendedMasterSecretExtension());
+    }
+
     public static void addHeartbeatExtension(Hashtable extensions, HeartbeatExtension heartbeatExtension)
         throws IOException
     {
@@ -77,6 +89,18 @@ public class TlsExtensionsUtils
         return extensionData == null ? null : readStatusRequestExtension(extensionData);
     }
 
+    public static boolean hasEncryptThenMACExtension(Hashtable extensions) throws IOException
+    {
+        byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_encrypt_then_mac);
+        return extensionData == null ? false : readEncryptThenMACExtension(extensionData);
+    }
+
+    public static boolean hasExtendedMasterSecretExtension(Hashtable extensions) throws IOException
+    {
+        byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_extended_master_secret);
+        return extensionData == null ? false : readExtendedMasterSecretExtension(extensionData);
+    }
+
     public static boolean hasTruncatedHMacExtension(Hashtable extensions) throws IOException
     {
         byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_truncated_hmac);
@@ -88,6 +112,16 @@ public class TlsExtensionsUtils
         return TlsUtils.EMPTY_BYTES;
     }
 
+    public static byte[] createEncryptThenMACExtension()
+    {
+        return createEmptyExtensionData();
+    }
+
+    public static byte[] createExtendedMasterSecretExtension()
+    {
+        return createEmptyExtensionData();
+    }
+
     public static byte[] createHeartbeatExtension(HeartbeatExtension heartbeatExtension)
         throws IOException
     {
@@ -106,12 +140,11 @@ public class TlsExtensionsUtils
     public static byte[] createMaxFragmentLengthExtension(short maxFragmentLength)
         throws IOException
     {
-        if (!MaxFragmentLength.isValid(maxFragmentLength))
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
+        TlsUtils.checkUint8(maxFragmentLength);
 
-        return new byte[]{ (byte)maxFragmentLength };
+        byte[] extensionData = new byte[1];
+        TlsUtils.writeUint8(maxFragmentLength, extensionData, 0);
+        return extensionData;
     }
 
     public static byte[] createServerNameExtension(ServerNameList serverNameList)
@@ -149,6 +182,31 @@ public class TlsExtensionsUtils
         return createEmptyExtensionData();
     }
 
+    private static boolean readEmptyExtensionData(byte[] extensionData) throws IOException
+    {
+        if (extensionData == null)
+        {
+            throw new IllegalArgumentException("'extensionData' cannot be null");
+        }
+
+        if (extensionData.length != 0)
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+
+        return true;
+    }
+
+    public static boolean readEncryptThenMACExtension(byte[] extensionData) throws IOException
+    {
+        return readEmptyExtensionData(extensionData);
+    }
+
+    public static boolean readExtendedMasterSecretExtension(byte[] extensionData) throws IOException
+    {
+        return readEmptyExtensionData(extensionData);
+    }
+
     public static HeartbeatExtension readHeartbeatExtension(byte[] extensionData)
         throws IOException
     {
@@ -179,14 +237,7 @@ public class TlsExtensionsUtils
             throw new TlsFatalAlert(AlertDescription.decode_error);
         }
 
-        short maxFragmentLength = (short)extensionData[0];
-
-        if (!MaxFragmentLength.isValid(maxFragmentLength))
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-
-        return maxFragmentLength;
+        return TlsUtils.readUint8(extensionData, 0);
     }
 
     public static ServerNameList readServerNameExtension(byte[] extensionData)
@@ -223,18 +274,8 @@ public class TlsExtensionsUtils
         return statusRequest;
     }
 
-    private static boolean readTruncatedHMacExtension(byte[] extensionData) throws IOException
+    public static boolean readTruncatedHMacExtension(byte[] extensionData) throws IOException
     {
-        if (extensionData == null)
-        {
-            throw new IllegalArgumentException("'extensionData' cannot be null");
-        }
-
-        if (extensionData.length != 0)
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-
-        return true;
+        return readEmptyExtensionData(extensionData);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsFatalAlert.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsFatalAlert.java
index 61cec31..dfbb09e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsFatalAlert.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsFatalAlert.java
@@ -7,15 +7,31 @@ public class TlsFatalAlert
 {
     private static final long serialVersionUID = 3584313123679111168L;
 
-    private short alertDescription;
+    protected short alertDescription;
+
+    // TODO Some day we might be able to just pass this down to IOException (1.6+)
+    protected Throwable alertCause;
 
     public TlsFatalAlert(short alertDescription)
     {
+        this(alertDescription, null);
+    }
+
+    public TlsFatalAlert(short alertDescription, Throwable alertCause)
+    {
+        super(AlertDescription.getText(alertDescription));
+
         this.alertDescription = alertDescription;
+        this.alertCause = alertCause;
     }
 
     public short getAlertDescription()
     {
         return alertDescription;
     }
+
+    public Throwable getCause()
+    {
+        return alertCause;
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsHandshakeHash.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsHandshakeHash.java
index 1cb0f4d..4ccfe72 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsHandshakeHash.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsHandshakeHash.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 import org.bouncycastle.crypto.Digest;
 
-interface TlsHandshakeHash
+public interface TlsHandshakeHash
     extends Digest
 {
     void init(TlsContext context);
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsInputStream.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsInputStream.java
index 9509dc4..a2cf74e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsInputStream.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsInputStream.java
@@ -17,6 +17,12 @@ class TlsInputStream
         this.handler = handler;
     }
 
+    public int available()
+        throws IOException
+    {
+        return this.handler.applicationDataAvailable();
+    }
+
     public int read(byte[] buf, int offset, int len)
         throws IOException
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsKeyExchange.java
index 91590ce..83cd0b7 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsKeyExchange.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsKeyExchange.java
@@ -5,11 +5,10 @@ import java.io.InputStream;
 import java.io.OutputStream;
 
 /**
- * A generic interface for key exchange implementations in TLS 1.0/1.1.
+ * A generic interface for key exchange implementations in (D)TLS.
  */
 public interface TlsKeyExchange
 {
-
     void init(TlsContext context);
 
     void skipServerCredentials()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
index 20dfef8..00e0c79 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
@@ -26,7 +26,7 @@ public class TlsMac
      * @param digest  The digest to use.
      * @param key     A byte-array where the key for this MAC is located.
      * @param keyOff  The number of bytes to skip, before the key starts in the buffer.
-     * @param len     The length of the key.
+     * @param keyLen  The length of the key.
      */
     public TlsMac(TlsContext context, Digest digest, byte[] key, int keyOff, int keyLen)
     {
@@ -105,15 +105,6 @@ public class TlsMac
      */
     public byte[] calculateMac(long seqNo, short type, byte[] message, int offset, int length)
     {
-        /*
-         * TODO[draft-josefsson-salsa20-tls-02] 3. Moreover, in order to accommodate MAC algorithms
-         * like UMAC that require a nonce as part of their operation, the document extends the MAC
-         * algorithm as specified in the TLS protocol. The extended MAC includes a nonce as a second
-         * parameter. MAC algorithms that do not require a nonce, such as HMAC, are assumed to
-         * ignore the nonce input value. The MAC in a GenericStreamCipher is then calculated as
-         * follows.
-         */
-
         ProtocolVersion serverVersion = context.getServerVersion();
         boolean isSSL = serverVersion.isSSL();
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPSKIdentityManager.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPSKIdentityManager.java
new file mode 100644
index 0000000..c0ecf32
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPSKIdentityManager.java
@@ -0,0 +1,8 @@
+package org.bouncycastle.crypto.tls;
+
+public interface TlsPSKIdentityManager
+{
+    byte[] getHint();
+
+    byte[] getPSK(byte[] identity);
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java
index 7217bac..43c651d 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPSKKeyExchange.java
@@ -4,6 +4,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.math.BigInteger;
 import java.util.Vector;
 
 import org.bouncycastle.asn1.x509.KeyUsage;
@@ -12,32 +13,44 @@ import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.DHParameters;
 import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
 import org.bouncycastle.crypto.params.DHPublicKeyParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 import org.bouncycastle.crypto.util.PublicKeyFactory;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.io.Streams;
 
 /**
- * TLS 1.0 PSK key exchange (RFC 4279).
+ * (D)TLS PSK key exchange (RFC 4279).
  */
 public class TlsPSKKeyExchange
     extends AbstractTlsKeyExchange
 {
     protected TlsPSKIdentity pskIdentity;
+    protected TlsPSKIdentityManager pskIdentityManager;
+
     protected DHParameters dhParameters;
     protected int[] namedCurves;
     protected short[] clientECPointFormats, serverECPointFormats;
 
     protected byte[] psk_identity_hint = null;
+    protected byte[] psk = null;
 
     protected DHPrivateKeyParameters dhAgreePrivateKey = null;
     protected DHPublicKeyParameters dhAgreePublicKey = null;
 
+    protected ECPrivateKeyParameters ecAgreePrivateKey = null;
+    protected ECPublicKeyParameters ecAgreePublicKey = null;
+
     protected AsymmetricKeyParameter serverPublicKey = null;
     protected RSAKeyParameters rsaServerPublicKey = null;
     protected TlsEncryptionCredentials serverCredentials = null;
     protected byte[] premasterSecret;
 
     public TlsPSKKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, TlsPSKIdentity pskIdentity,
-        DHParameters dhParameters, int[] namedCurves, short[] clientECPointFormats, short[] serverECPointFormats)
+        TlsPSKIdentityManager pskIdentityManager, DHParameters dhParameters, int[] namedCurves,
+        short[] clientECPointFormats, short[] serverECPointFormats)
     {
         super(keyExchange, supportedSignatureAlgorithms);
 
@@ -53,14 +66,14 @@ public class TlsPSKKeyExchange
         }
 
         this.pskIdentity = pskIdentity;
+        this.pskIdentityManager = pskIdentityManager;
         this.dhParameters = dhParameters;
         this.namedCurves = namedCurves;
         this.clientECPointFormats = clientECPointFormats;
         this.serverECPointFormats = serverECPointFormats;
     }
 
-    public void skipServerCredentials()
-        throws IOException
+    public void skipServerCredentials() throws IOException
     {
         if (keyExchange == KeyExchangeAlgorithm.RSA_PSK)
         {
@@ -68,8 +81,7 @@ public class TlsPSKKeyExchange
         }
     }
 
-    public void processServerCredentials(TlsCredentials serverCredentials)
-        throws IOException
+    public void processServerCredentials(TlsCredentials serverCredentials) throws IOException
     {
         if (!(serverCredentials instanceof TlsEncryptionCredentials))
         {
@@ -83,8 +95,7 @@ public class TlsPSKKeyExchange
 
     public byte[] generateServerKeyExchange() throws IOException
     {
-        // TODO[RFC 4279] Need a server-side PSK API to determine hint and resolve identities to keys
-        this.psk_identity_hint = null;
+        this.psk_identity_hint = pskIdentityManager.getHint();
 
         if (this.psk_identity_hint == null && !requiresServerKeyExchange())
         {
@@ -114,14 +125,14 @@ public class TlsPSKKeyExchange
         }
         else if (this.keyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
         {
-            // TODO[RFC 5489]
+            this.ecAgreePrivateKey = TlsECCUtils.generateEphemeralServerKeyExchange(context.getSecureRandom(),
+                namedCurves, clientECPointFormats, buf);
         }
 
         return buf.toByteArray();
     }
 
-    public void processServerCertificate(Certificate serverCertificate)
-        throws IOException
+    public void processServerCertificate(Certificate serverCertificate) throws IOException
     {
         if (keyExchange != KeyExchangeAlgorithm.RSA_PSK)
         {
@@ -141,7 +152,7 @@ public class TlsPSKKeyExchange
         }
         catch (RuntimeException e)
         {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
+            throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
         }
 
         // Sanity check the PublicKeyFactory
@@ -169,8 +180,7 @@ public class TlsPSKKeyExchange
         }
     }
 
-    public void processServerKeyExchange(InputStream input)
-        throws IOException
+    public void processServerKeyExchange(InputStream input) throws IOException
     {
         this.psk_identity_hint = TlsUtils.readOpaque16(input);
 
@@ -179,27 +189,30 @@ public class TlsPSKKeyExchange
             ServerDHParams serverDHParams = ServerDHParams.parse(input);
 
             this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(serverDHParams.getPublicKey());
+            this.dhParameters = dhAgreePublicKey.getParameters();
         }
         else if (this.keyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
         {
-            // TODO[RFC 5489]
+            ECDomainParameters ecParams = TlsECCUtils.readECParameters(namedCurves, clientECPointFormats, input);
+
+            byte[] point = TlsUtils.readOpaque8(input);
+
+            this.ecAgreePublicKey = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey(
+                clientECPointFormats, ecParams, point));
         }
     }
 
-    public void validateCertificateRequest(CertificateRequest certificateRequest)
-        throws IOException
+    public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException
     {
         throw new TlsFatalAlert(AlertDescription.unexpected_message);
     }
 
-    public void processClientCredentials(TlsCredentials clientCredentials)
-        throws IOException
+    public void processClientCredentials(TlsCredentials clientCredentials) throws IOException
     {
         throw new TlsFatalAlert(AlertDescription.internal_error);
     }
 
-    public void generateClientKeyExchange(OutputStream output)
-        throws IOException
+    public void generateClientKeyExchange(OutputStream output) throws IOException
     {
         if (psk_identity_hint == null)
         {
@@ -211,18 +224,30 @@ public class TlsPSKKeyExchange
         }
 
         byte[] psk_identity = pskIdentity.getPSKIdentity();
+        if (psk_identity == null)
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        this.psk = pskIdentity.getPSK();
+        if (psk == null)
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
 
         TlsUtils.writeOpaque16(psk_identity, output);
 
+        context.getSecurityParameters().pskIdentity = Arrays.clone(psk_identity);
+
         if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK)
         {
             this.dhAgreePrivateKey = TlsDHUtils.generateEphemeralClientKeyExchange(context.getSecureRandom(),
-                dhAgreePublicKey.getParameters(), output);
+                dhParameters, output);
         }
         else if (this.keyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
         {
-            // TODO[RFC 5489]
-            throw new TlsFatalAlert(AlertDescription.internal_error);
+            this.ecAgreePrivateKey = TlsECCUtils.generateEphemeralClientKeyExchange(context.getSecureRandom(),
+                serverECPointFormats, ecAgreePublicKey.getParameters(), output);
         }
         else if (this.keyExchange == KeyExchangeAlgorithm.RSA_PSK)
         {
@@ -231,15 +256,61 @@ public class TlsPSKKeyExchange
         }
     }
 
-    public byte[] generatePremasterSecret()
-        throws IOException
+    public void processClientKeyExchange(InputStream input) throws IOException
+    {
+        byte[] psk_identity = TlsUtils.readOpaque16(input);
+
+        this.psk = pskIdentityManager.getPSK(psk_identity);
+        if (psk == null)
+        {
+            throw new TlsFatalAlert(AlertDescription.unknown_psk_identity);
+        }
+
+        context.getSecurityParameters().pskIdentity = psk_identity;
+
+        if (this.keyExchange == KeyExchangeAlgorithm.DHE_PSK)
+        {
+            BigInteger Yc = TlsDHUtils.readDHParameter(input);
+
+            this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(Yc, dhParameters));
+        }
+        else if (this.keyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
+        {
+            byte[] point = TlsUtils.readOpaque8(input);
+
+            ECDomainParameters curve_params = this.ecAgreePrivateKey.getParameters();
+
+            this.ecAgreePublicKey = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey(
+                serverECPointFormats, curve_params, point));
+        }
+        else if (this.keyExchange == KeyExchangeAlgorithm.RSA_PSK)
+        {
+            byte[] encryptedPreMasterSecret;
+            if (TlsUtils.isSSL(context))
+            {
+                // TODO Do any SSLv3 clients actually include the length?
+                encryptedPreMasterSecret = Streams.readAll(input);
+            }
+            else
+            {
+                encryptedPreMasterSecret = TlsUtils.readOpaque16(input);
+            }
+
+            this.premasterSecret = serverCredentials.decryptPreMasterSecret(encryptedPreMasterSecret);
+        }
+    }
+
+    public byte[] generatePremasterSecret() throws IOException
     {
-        byte[] psk = pskIdentity.getPSK();
         byte[] other_secret = generateOtherSecret(psk.length);
 
         ByteArrayOutputStream buf = new ByteArrayOutputStream(4 + other_secret.length + psk.length);
         TlsUtils.writeOpaque16(other_secret, buf);
         TlsUtils.writeOpaque16(psk, buf);
+
+        Arrays.fill(psk, (byte)0);
+        this.psk = null;
+
         return buf.toByteArray();
     }
 
@@ -257,7 +328,11 @@ public class TlsPSKKeyExchange
 
         if (this.keyExchange == KeyExchangeAlgorithm.ECDHE_PSK)
         {
-            // TODO[RFC 5489]
+            if (ecAgreePrivateKey != null)
+            {
+                return TlsECCUtils.calculateECDHBasicAgreement(ecAgreePublicKey, ecAgreePrivateKey);
+            }
+
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
 
@@ -269,8 +344,7 @@ public class TlsPSKKeyExchange
         return new byte[pskLength];
     }
 
-    protected RSAKeyParameters validateRSAPublicKey(RSAKeyParameters key)
-        throws IOException
+    protected RSAKeyParameters validateRSAPublicKey(RSAKeyParameters key) throws IOException
     {
         // TODO What is the minimum bit length required?
         // key.getModulus().bitLength();
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPeer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPeer.java
index 88780ea..aa0dcf8 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPeer.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsPeer.java
@@ -4,6 +4,17 @@ import java.io.IOException;
 
 public interface TlsPeer
 {
+    /**
+     * draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on
+     * gmt_unix_time containing the current time, we recommend that implementors MAY provide the
+     * ability to set gmt_unix_time as an option only, off by default."
+     * 
+     * @return <code>true</code> if the current time should be used in the gmt_unix_time field of
+     *         Random, or <code>false</code> if gmt_unix_time should contain a cryptographically
+     *         random value.
+     */
+    boolean shouldUseGMTUnixTime();
+
     void notifySecureRenegotiation(boolean secureNegotiation) throws IOException;
 
     TlsCompression getCompression() throws IOException;
@@ -16,9 +27,9 @@ public interface TlsPeer
      * @param alertLevel       {@link AlertLevel}
      * @param alertDescription {@link AlertDescription}
      * @param message          A human-readable message explaining what caused this alert. May be null.
-     * @param cause            The exception that caused this alert to be raised. May be null.
+     * @param cause            The {@link Throwable} that caused this alert to be raised. May be null.
      */
-    void notifyAlertRaised(short alertLevel, short alertDescription, String message, Exception cause);
+    void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause);
 
     /**
      * This method will be called when an alert is received from the remote peer.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java
index 2c3b094..c116401 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java
@@ -12,12 +12,10 @@ import java.util.Hashtable;
 import java.util.Vector;
 
 import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.prng.RandomGenerator;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Integers;
 
-/**
- * An implementation of all high level protocols in TLS 1.0/1.1.
- */
 public abstract class TlsProtocol
 {
     protected static final Integer EXT_RenegotiationInfo = Integers.valueOf(ExtensionType.renegotiation_info);
@@ -52,11 +50,12 @@ public abstract class TlsProtocol
     private ByteQueue applicationDataQueue = new ByteQueue();
     private ByteQueue alertQueue = new ByteQueue(2);
     private ByteQueue handshakeQueue = new ByteQueue();
+//    private ByteQueue heartbeatQueue = new ByteQueue();
 
     /*
      * The Record Stream we use
      */
-    protected RecordStream recordStream;
+    RecordStream recordStream;
     protected SecureRandom secureRandom;
 
     private TlsInputStream tlsInputStream = null;
@@ -91,7 +90,9 @@ public abstract class TlsProtocol
         this.secureRandom = secureRandom;
     }
 
-    protected abstract AbstractTlsContext getContext();
+    protected abstract TlsContext getContext();
+
+    abstract AbstractTlsContext getContextAdmin();
 
     protected abstract TlsPeer getPeer();
 
@@ -172,6 +173,8 @@ public abstract class TlsProtocol
                         .setCompressionAlgorithm(this.securityParameters.compressionAlgorithm)
                         .setMasterSecret(this.securityParameters.masterSecret)
                         .setPeerCertificate(this.peerCertificate)
+                        .setPSKIdentity(this.securityParameters.pskIdentity)
+                        .setSRPIdentity(this.securityParameters.srpIdentity)
                         // TODO Consider filtering extensions that aren't relevant to resumed sessions
                         .setServerExtensions(this.serverExtensions)
                         .build();
@@ -179,7 +182,7 @@ public abstract class TlsProtocol
                     this.tlsSession = new TlsSessionImpl(this.tlsSession.getSessionID(), this.sessionParameters);
                 }
 
-                getContext().setResumableSession(this.tlsSession);
+                getContextAdmin().setResumableSession(this.tlsSession);
             }
 
             getPeer().notifyHandshakeComplete();
@@ -227,7 +230,14 @@ public abstract class TlsProtocol
         }
         case ContentType.heartbeat:
         {
+            if (!appDataReady)
+            {
+                throw new TlsFatalAlert(AlertDescription.unexpected_message);
+            }
             // TODO[RFC 6520]
+//            heartbeatQueue.addData(buf, offset, len);
+//            processHeartbeat();
+            break;
         }
         default:
             /*
@@ -235,6 +245,7 @@ public abstract class TlsProtocol
              * 
              * RFC2246 defines on page 13, that we should ignore this.
              */
+            break;
         }
     }
 
@@ -248,18 +259,17 @@ public abstract class TlsProtocol
             /*
              * We need the first 4 bytes, they contain type and length of the message.
              */
-            if (handshakeQueue.size() >= 4)
+            if (handshakeQueue.available() >= 4)
             {
                 byte[] beginning = new byte[4];
                 handshakeQueue.read(beginning, 0, 4, 0);
-                ByteArrayInputStream bis = new ByteArrayInputStream(beginning);
-                short type = TlsUtils.readUint8(bis);
-                int len = TlsUtils.readUint24(bis);
+                short type = TlsUtils.readUint8(beginning, 0);
+                int len = TlsUtils.readUint24(beginning, 1);
 
                 /*
                  * Check if we have enough bytes in the buffer to read the full message.
                  */
-                if (handshakeQueue.size() >= (len + 4))
+                if (handshakeQueue.available() >= (len + 4))
                 {
                     /*
                      * Read the message.
@@ -313,7 +323,7 @@ public abstract class TlsProtocol
     private void processAlert()
         throws IOException
     {
-        while (alertQueue.size() >= 2)
+        while (alertQueue.available() >= 2)
         {
             /*
              * An alert is always 2 bytes. Read the alert.
@@ -378,19 +388,27 @@ public abstract class TlsProtocol
                 throw new TlsFatalAlert(AlertDescription.decode_error);
             }
 
-            if (this.receivedChangeCipherSpec)
+            if (this.receivedChangeCipherSpec
+                || alertQueue.available() > 0
+                || handshakeQueue.available() > 0)
             {
                 throw new TlsFatalAlert(AlertDescription.unexpected_message);
             }
 
+            recordStream.receivedReadCipherSpec();
+
             this.receivedChangeCipherSpec = true;
 
-            recordStream.receivedReadCipherSpec();
-    
             handleChangeCipherSpecMessage();
         }
     }
 
+    protected int applicationDataAvailable()
+        throws IOException
+    {
+        return applicationDataQueue.available();
+    }
+
     /**
      * Read data from the network. The method will return immediately, if there is still some data
      * left in the buffer, or block until some application data has been read from the network.
@@ -409,7 +427,7 @@ public abstract class TlsProtocol
             return 0;
         }
 
-        while (applicationDataQueue.size() == 0)
+        while (applicationDataQueue.available() == 0)
         {
             /*
              * We need to read some data.
@@ -433,7 +451,7 @@ public abstract class TlsProtocol
             safeReadRecord();
         }
 
-        len = Math.min(len, applicationDataQueue.size());
+        len = Math.min(len, applicationDataQueue.available());
         applicationDataQueue.removeData(buf, offset, len, 0);
         return len;
     }
@@ -452,7 +470,7 @@ public abstract class TlsProtocol
         }
         catch (TlsFatalAlert e)
         {
-            if (!this.closed)
+            if (!closed)
             {
                 this.failWithError(AlertLevel.fatal, e.getAlertDescription(), "Failed to read record", e);
             }
@@ -460,7 +478,7 @@ public abstract class TlsProtocol
         }
         catch (IOException e)
         {
-            if (!this.closed)
+            if (!closed)
             {
                 this.failWithError(AlertLevel.fatal, AlertDescription.internal_error, "Failed to read record", e);
             }
@@ -468,7 +486,7 @@ public abstract class TlsProtocol
         }
         catch (RuntimeException e)
         {
-            if (!this.closed)
+            if (!closed)
             {
                 this.failWithError(AlertLevel.fatal, AlertDescription.internal_error, "Failed to read record", e);
             }
@@ -485,7 +503,7 @@ public abstract class TlsProtocol
         }
         catch (TlsFatalAlert e)
         {
-            if (!this.closed)
+            if (!closed)
             {
                 this.failWithError(AlertLevel.fatal, e.getAlertDescription(), "Failed to write record", e);
             }
@@ -511,9 +529,9 @@ public abstract class TlsProtocol
 
     /**
      * Send some application data to the remote system.
-     * <p/>
+     * <p>
      * The method will handle fragmentation internally.
-     *
+     * </p>
      * @param buf    The buffer with the data.
      * @param offset The position in the buffer where the data is placed.
      * @param len    The length of the data.
@@ -602,7 +620,7 @@ public abstract class TlsProtocol
      * @throws IOException
      *             If alert was fatal.
      */
-    protected void failWithError(short alertLevel, short alertDescription, String message, Exception cause)
+    protected void failWithError(short alertLevel, short alertDescription, String message, Throwable cause)
         throws IOException
     {
         /*
@@ -671,7 +689,7 @@ public abstract class TlsProtocol
         }
     }
 
-    protected void raiseAlert(short alertLevel, short alertDescription, String message, Exception cause)
+    protected void raiseAlert(short alertLevel, short alertDescription, String message, Throwable cause)
         throws IOException
     {
         getPeer().notifyAlertRaised(alertLevel, alertDescription, message, cause);
@@ -697,7 +715,7 @@ public abstract class TlsProtocol
             certificate = Certificate.EMPTY_CHAIN;
         }
 
-        if (certificate.getLength() == 0)
+        if (certificate.isEmpty())
         {
             TlsContext context = getContext();
             if (!context.isServer())
@@ -705,8 +723,8 @@ public abstract class TlsProtocol
                 ProtocolVersion serverVersion = getContext().getServerVersion();
                 if (serverVersion.isSSL())
                 {
-                    String message = serverVersion.toString() + " client didn't provide credentials";
-                    raiseWarning(AlertDescription.no_certificate, message);
+                    String errorMessage = serverVersion.toString() + " client didn't provide credentials";
+                    raiseWarning(AlertDescription.no_certificate, errorMessage);
                     return;
                 }
             }
@@ -752,15 +770,10 @@ public abstract class TlsProtocol
     protected byte[] createVerifyData(boolean isServer)
     {
         TlsContext context = getContext();
-
-        if (isServer)
-        {
-            return TlsUtils.calculateVerifyData(context, ExporterLabel.server_finished,
-                getCurrentPRFHash(getContext(), recordStream.getHandshakeHash(), TlsUtils.SSL_SERVER));
-        }
-
-        return TlsUtils.calculateVerifyData(context, ExporterLabel.client_finished,
-            getCurrentPRFHash(getContext(), recordStream.getHandshakeHash(), TlsUtils.SSL_CLIENT));
+        String asciiLabel = isServer ? ExporterLabel.server_finished : ExporterLabel.client_finished;
+        byte[] sslSender = isServer ? TlsUtils.SSL_SERVER : TlsUtils.SSL_CLIENT;
+        byte[] hash = getCurrentPRFHash(context, recordStream.getHandshakeHash(), sslSender);
+        return TlsUtils.calculateVerifyData(context, asciiLabel, hash);
     }
 
     /**
@@ -793,7 +806,13 @@ public abstract class TlsProtocol
         recordStream.flush();
     }
 
-    protected short processMaxFragmentLengthExtension(Hashtable clientExtensions, Hashtable serverExtensions, short alertDescription)
+    protected boolean isClosed()
+    {
+        return closed;
+    }
+
+    protected short processMaxFragmentLengthExtension(Hashtable clientExtensions, Hashtable serverExtensions,
+        short alertDescription)
         throws IOException
     {
         short maxFragmentLength = TlsExtensionsUtils.getMaxFragmentLengthExtension(serverExtensions);
@@ -822,18 +841,16 @@ public abstract class TlsProtocol
         }
     }
 
-    protected static byte[] createRandomBlock(SecureRandom random)
+    protected static byte[] createRandomBlock(boolean useGMTUnixTime, RandomGenerator randomGenerator)
     {
-        random.setSeed(System.currentTimeMillis());
-
         byte[] result = new byte[32];
-        random.nextBytes(result);
-        /*
-         * The consensus seems to be that using the time here is neither all that useful, nor
-         * secure. Perhaps there could be an option to (re-)enable it. Instead, we seed the random
-         * source with the current time to retain it's main benefit.
-         */
-//        TlsUtils.writeGMTUnixTime(result, 0);
+        randomGenerator.nextBytes(result);
+
+        if (useGMTUnixTime)
+        {
+            TlsUtils.writeGMTUnixTime(result, 0);
+        }
+
         return result;
     }
 
@@ -987,18 +1004,31 @@ public abstract class TlsProtocol
 
         switch (ciphersuite)
         {
+        case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256:
         case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
         case CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
         case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
         case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
         case CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
         case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:
         case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
         case CipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
         case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
         case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CCM:
         case CipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
         case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
         case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM:
         case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM_8:
@@ -1006,14 +1036,32 @@ public abstract class TlsProtocol
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM:
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
         case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8:
         case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8:
         case CipherSuite.TLS_PSK_WITH_AES_128_CCM:
@@ -1021,7 +1069,9 @@ public abstract class TlsProtocol
         case CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256:
         case CipherSuite.TLS_PSK_WITH_AES_256_CCM:
         case CipherSuite.TLS_PSK_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256:
         case CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256:
         case CipherSuite.TLS_RSA_WITH_AES_128_CCM:
         case CipherSuite.TLS_RSA_WITH_AES_128_CCM_8:
@@ -1029,6 +1079,9 @@ public abstract class TlsProtocol
         case CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256:
         case CipherSuite.TLS_RSA_WITH_AES_256_CCM:
         case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
         case CipherSuite.TLS_RSA_WITH_NULL_SHA256:
         {
             if (isTLSv12)
@@ -1038,22 +1091,39 @@ public abstract class TlsProtocol
             throw new TlsFatalAlert(AlertDescription.illegal_parameter);
         }
 
+        case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
         case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384:
         case CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
         {
             if (isTLSv12)
             {
@@ -1063,12 +1133,16 @@ public abstract class TlsProtocol
         }
 
         case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
         case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA384:
         case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
         case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA384:
         case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384:
         case CipherSuite.TLS_PSK_WITH_NULL_SHA384:
         case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384:
         case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA384:
         {
             if (isTLSv12)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsProtocolHandler.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsProtocolHandler.java
deleted file mode 100644
index e4fcf28..0000000
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsProtocolHandler.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.SecureRandom;
-
-/**
- * @deprecated use TlsClientProtocol instead
- */
-public class TlsProtocolHandler
-    extends TlsClientProtocol
-{
-
-    public TlsProtocolHandler(InputStream is, OutputStream os)
-    {
-        super(is, os);
-    }
-
-    public TlsProtocolHandler(InputStream is, OutputStream os, SecureRandom sr)
-    {
-        super(is, os, sr);
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java
index 8970968..3efdd6c 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java
@@ -13,7 +13,7 @@ import org.bouncycastle.crypto.util.PublicKeyFactory;
 import org.bouncycastle.util.io.Streams;
 
 /**
- * TLS 1.0/1.1 and SSLv3 RSA key exchange.
+ * (D)TLS and SSLv3 RSA key exchange.
  */
 public class TlsRSAKeyExchange
     extends AbstractTlsKeyExchange
@@ -67,7 +67,7 @@ public class TlsRSAKeyExchange
         }
         catch (RuntimeException e)
         {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
+            throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
         }
 
         // Sanity check the PublicKeyFactory
@@ -130,7 +130,7 @@ public class TlsRSAKeyExchange
             encryptedPreMasterSecret = TlsUtils.readOpaque16(input);
         }
 
-        this.premasterSecret = TlsRSAUtils.safeDecryptPreMasterSecret(context, serverCredentials, encryptedPreMasterSecret);
+        this.premasterSecret = serverCredentials.decryptPreMasterSecret(encryptedPreMasterSecret);
     }
 
     public byte[] generatePremasterSecret()
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAUtils.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAUtils.java
index e3856bd..99f1fb3 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAUtils.java
@@ -8,6 +8,7 @@ import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.util.Arrays;
 
 public class TlsRSAUtils
 {
@@ -43,39 +44,45 @@ public class TlsRSAUtils
             /*
              * This should never happen, only during decryption.
              */
-            throw new TlsFatalAlert(AlertDescription.internal_error);
+            throw new TlsFatalAlert(AlertDescription.internal_error, e);
         }
 
         return premasterSecret;
     }
 
-    public static byte[] safeDecryptPreMasterSecret(TlsContext context, TlsEncryptionCredentials encryptionCredentials,
+    public static byte[] safeDecryptPreMasterSecret(TlsContext context, RSAKeyParameters rsaServerPrivateKey,
         byte[] encryptedPreMasterSecret)
     {
         /*
          * RFC 5246 7.4.7.1.
          */
-
         ProtocolVersion clientVersion = context.getClientVersion();
 
         // TODO Provide as configuration option?
         boolean versionNumberCheckDisabled = false;
 
         /*
-         * See notes regarding Bleichenbacher/Klima attack. The code here implements the first
-         * construction proposed there, which is RECOMMENDED.
+         * Generate 48 random bytes we can use as a Pre-Master-Secret, if the
+         * PKCS1 padding check should fail.
          */
-        byte[] R = new byte[48];
-        context.getSecureRandom().nextBytes(R);
+        byte[] fallback = new byte[48];
+        context.getSecureRandom().nextBytes(fallback);
 
-        byte[] M = TlsUtils.EMPTY_BYTES;
+        byte[] M = Arrays.clone(fallback);
         try
         {
-            M = encryptionCredentials.decryptPreMasterSecret(encryptedPreMasterSecret);
+            PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine(), fallback);
+            encoding.init(false,
+                new ParametersWithRandom(rsaServerPrivateKey, context.getSecureRandom()));
+
+            M = encoding.processBlock(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.length);
         }
         catch (Exception e)
         {
             /*
+             * This should never happen since the decryption should never throw an exception
+             * and return a random value instead.
+             *
              * In any case, a TLS server MUST NOT generate an alert if processing an
              * RSA-encrypted premaster secret message fails, or the version number is not as
              * expected. Instead, it MUST continue the handshake with a randomly generated
@@ -83,12 +90,6 @@ public class TlsRSAUtils
              */
         }
 
-        if (M.length != 48)
-        {
-            TlsUtils.writeVersion(clientVersion, R, 0);
-            return R;
-        }
-
         /*
          * If ClientHello.client_version is TLS 1.1 or higher, server implementations MUST
          * check the version number [..].
@@ -96,21 +97,35 @@ public class TlsRSAUtils
         if (versionNumberCheckDisabled && clientVersion.isEqualOrEarlierVersionOf(ProtocolVersion.TLSv10))
         {
             /*
-             * If the version number is TLS 1.0 or earlier, server implementations SHOULD
-             * check the version number, but MAY have a configuration option to disable the
-             * check.
+             * If the version number is TLS 1.0 or earlier, server
+             * implementations SHOULD check the version number, but MAY have a
+             * configuration option to disable the check.
+             *
+             * So there is nothing to do here.
              */
         }
         else
         {
             /*
-             * Note that explicitly constructing the pre_master_secret with the
-             * ClientHello.client_version produces an invalid master_secret if the client
-             * has sent the wrong version in the original pre_master_secret.
+             * OK, we need to compare the version number in the decrypted Pre-Master-Secret with the
+             * clientVersion received during the handshake. If they don't match, we replace the
+             * decrypted Pre-Master-Secret with a random one.
              */
-            TlsUtils.writeVersion(clientVersion, M, 0);
-        }
+            int correct = (clientVersion.getMajorVersion() ^ (M[0] & 0xff))
+                | (clientVersion.getMinorVersion() ^ (M[1] & 0xff));
+            correct |= correct >> 1;
+            correct |= correct >> 2;
+            correct |= correct >> 4;
+            int mask = ~((correct & 1) - 1);
 
+            /*
+             * mask will be all bits set to 0xff if the version number differed.
+             */
+            for (int i = 0; i < 48; i++)
+            {
+                M[i] = (byte)((M[i] & (~mask)) | (fallback[i] & mask));
+            }
+        }
         return M;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRuntimeException.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRuntimeException.java
deleted file mode 100644
index 3340e49..0000000
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRuntimeException.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-public class TlsRuntimeException
-    extends RuntimeException
-{
-    private static final long serialVersionUID = 1928023487348344086L;
-
-    Throwable e;
-
-    public TlsRuntimeException(String message, Throwable e)
-    {
-        super(message);
-
-        this.e = e;
-    }
-
-    public TlsRuntimeException(String message)
-    {
-        super(message);
-    }
-
-    public Throwable getCause()
-    {
-        return e;
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPGroupVerifier.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPGroupVerifier.java
new file mode 100644
index 0000000..81767d1
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPGroupVerifier.java
@@ -0,0 +1,14 @@
+package org.bouncycastle.crypto.tls;
+
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
+
+public interface TlsSRPGroupVerifier
+{
+    /**
+     * Check whether the given SRP group parameters are acceptable for use.
+     * 
+     * @param group the {@link SRP6GroupParameters} to check
+     * @return true if (and only if) the specified group parameters are acceptable
+     */
+    boolean accept(SRP6GroupParameters group);
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPIdentityManager.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPIdentityManager.java
new file mode 100644
index 0000000..fbf50b1
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPIdentityManager.java
@@ -0,0 +1,18 @@
+package org.bouncycastle.crypto.tls;
+
+public interface TlsSRPIdentityManager
+{
+    /**
+     * Lookup the {@link TlsSRPLoginParameters} corresponding to the specified identity.
+     * 
+     * NOTE: To avoid "identity probing", unknown identities SHOULD be handled as recommended in RFC
+     * 5054 2.5.1.3. {@link SimulatedTlsSRPIdentityManager} is provided for this purpose.
+     * 
+     * @param identity
+     *            the SRP identity sent by the connecting client
+     * @return the {@link TlsSRPLoginParameters} for the specified identity, or else 'simulated'
+     *         parameters if the identity is not recognized. A null value is also allowed, but not
+     *         recommended.
+     */
+    TlsSRPLoginParameters getLoginParameters(byte[] identity);
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java
index 452fbf9..1ec6ee2 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPKeyExchange.java
@@ -9,59 +9,93 @@ import java.util.Vector;
 import org.bouncycastle.asn1.x509.KeyUsage;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.Signer;
 import org.bouncycastle.crypto.agreement.srp.SRP6Client;
+import org.bouncycastle.crypto.agreement.srp.SRP6Server;
 import org.bouncycastle.crypto.agreement.srp.SRP6Util;
-import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
 import org.bouncycastle.crypto.util.PublicKeyFactory;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.BigIntegers;
 import org.bouncycastle.util.io.TeeInputStream;
 
 /**
- * TLS 1.1 SRP key exchange (RFC 5054).
+ * (D)TLS SRP key exchange (RFC 5054).
  */
 public class TlsSRPKeyExchange extends AbstractTlsKeyExchange
 {
+    protected static TlsSigner createSigner(int keyExchange)
+    {
+        switch (keyExchange)
+        {
+        case KeyExchangeAlgorithm.SRP:
+            return null;
+        case KeyExchangeAlgorithm.SRP_RSA:
+            return new TlsRSASigner();
+        case KeyExchangeAlgorithm.SRP_DSS:
+            return new TlsDSSSigner();
+        default:
+            throw new IllegalArgumentException("unsupported key exchange algorithm");
+        }
+    }
+    
     protected TlsSigner tlsSigner;
+    protected TlsSRPGroupVerifier groupVerifier;
     protected byte[] identity;
     protected byte[] password;
 
     protected AsymmetricKeyParameter serverPublicKey = null;
 
-    protected byte[] s = null;
-    protected BigInteger B = null;
-    protected SRP6Client srpClient = new SRP6Client();
+    protected SRP6GroupParameters srpGroup = null;
+    protected SRP6Client srpClient = null;
+    protected SRP6Server srpServer = null;
+    protected BigInteger srpPeerCredentials = null;
+    protected BigInteger srpVerifier = null;
+    protected byte[] srpSalt = null;
+
+    protected TlsSignerCredentials serverCredentials = null;
 
+    /**
+     * @deprecated Use constructor taking an explicit 'groupVerifier' argument
+     */
     public TlsSRPKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, byte[] identity, byte[] password)
     {
-        super(keyExchange, supportedSignatureAlgorithms);
+        this(keyExchange, supportedSignatureAlgorithms, new DefaultTlsSRPGroupVerifier(), identity, password);
+    }
 
-        switch (keyExchange)
-        {
-        case KeyExchangeAlgorithm.SRP:
-            this.tlsSigner = null;
-            break;
-        case KeyExchangeAlgorithm.SRP_RSA:
-            this.tlsSigner = new TlsRSASigner();
-            break;
-        case KeyExchangeAlgorithm.SRP_DSS:
-            this.tlsSigner = new TlsDSSSigner();
-            break;
-        default:
-            throw new IllegalArgumentException("unsupported key exchange algorithm");
-        }
+    public TlsSRPKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, TlsSRPGroupVerifier groupVerifier,
+        byte[] identity, byte[] password)
+    {
+        super(keyExchange, supportedSignatureAlgorithms);
 
-        this.keyExchange = keyExchange;
+        this.tlsSigner = createSigner(keyExchange);
+        this.groupVerifier = groupVerifier;
         this.identity = identity;
         this.password = password;
+        this.srpClient = new SRP6Client();
+    }
+
+    public TlsSRPKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, byte[] identity,
+        TlsSRPLoginParameters loginParameters)
+    {
+        super(keyExchange, supportedSignatureAlgorithms);
+
+        this.tlsSigner = createSigner(keyExchange);
+        this.identity = identity;
+        this.srpServer = new SRP6Server();
+        this.srpGroup = loginParameters.getGroup();
+        this.srpVerifier = loginParameters.getVerifier();
+        this.srpSalt = loginParameters.getSalt();
     }
 
     public void init(TlsContext context)
     {
         super.init(context);
 
-        if (this.tlsSigner != null) {
+        if (this.tlsSigner != null)
+        {
             this.tlsSigner.init(context);
         }
     }
@@ -94,7 +128,7 @@ public class TlsSRPKeyExchange extends AbstractTlsKeyExchange
         }
         catch (RuntimeException e)
         {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
+            throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
         }
 
         if (!tlsSigner.isValidPublicKey(this.serverPublicKey))
@@ -107,11 +141,62 @@ public class TlsSRPKeyExchange extends AbstractTlsKeyExchange
         super.processServerCertificate(serverCertificate);
     }
 
+    public void processServerCredentials(TlsCredentials serverCredentials)
+        throws IOException
+    {
+        if ((keyExchange == KeyExchangeAlgorithm.SRP) || !(serverCredentials instanceof TlsSignerCredentials))
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        processServerCertificate(serverCredentials.getCertificate());
+
+        this.serverCredentials = (TlsSignerCredentials)serverCredentials;
+    }
+
     public boolean requiresServerKeyExchange()
     {
         return true;
     }
 
+    public byte[] generateServerKeyExchange() throws IOException
+    {
+        srpServer.init(srpGroup, srpVerifier, TlsUtils.createHash(HashAlgorithm.sha1), context.getSecureRandom());
+        BigInteger B = srpServer.generateServerCredentials();
+
+        ServerSRPParams srpParams = new ServerSRPParams(srpGroup.getN(), srpGroup.getG(), srpSalt, B);
+
+        DigestInputBuffer buf = new DigestInputBuffer();
+
+        srpParams.encode(buf);
+
+        if (serverCredentials != null)
+        {
+            /*
+             * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
+             */
+            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(
+                context, serverCredentials);
+
+            Digest d = TlsUtils.createHash(signatureAndHashAlgorithm);
+
+            SecurityParameters securityParameters = context.getSecurityParameters();
+            d.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
+            d.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
+            buf.updateDigest(d);
+
+            byte[] hash = new byte[d.getDigestSize()];
+            d.doFinal(hash, 0);
+
+            byte[] signature = serverCredentials.generateCertificateSignature(hash);
+
+            DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);
+            signed_params.encode(buf);
+        }
+
+        return buf.toByteArray();
+    }
+
     public void processServerKeyExchange(InputStream input) throws IOException
     {
         SecurityParameters securityParameters = context.getSecurityParameters();
@@ -125,10 +210,7 @@ public class TlsSRPKeyExchange extends AbstractTlsKeyExchange
             teeIn = new TeeInputStream(input, buf);
         }
 
-        byte[] NBytes = TlsUtils.readOpaque16(teeIn);
-        byte[] gBytes = TlsUtils.readOpaque16(teeIn);
-        byte[] sBytes = TlsUtils.readOpaque8(teeIn);
-        byte[] BBytes = TlsUtils.readOpaque16(teeIn);
+        ServerSRPParams srpParams = ServerSRPParams.parse(teeIn);
 
         if (buf != null)
         {
@@ -142,13 +224,14 @@ public class TlsSRPKeyExchange extends AbstractTlsKeyExchange
             }
         }
 
-        BigInteger N = new BigInteger(1, NBytes);
-        BigInteger g = new BigInteger(1, gBytes);
+        this.srpGroup = new SRP6GroupParameters(srpParams.getN(), srpParams.getG());
 
-        // TODO Validate group parameters (see RFC 5054)
-//        throw new TlsFatalAlert(AlertDescription.insufficient_security);
+        if (!groupVerifier.accept(srpGroup))
+        {
+            throw new TlsFatalAlert(AlertDescription.insufficient_security);
+        }
 
-        this.s = sBytes;
+        this.srpSalt = srpParams.getS();
 
         /*
          * RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" alert if
@@ -156,14 +239,14 @@ public class TlsSRPKeyExchange extends AbstractTlsKeyExchange
          */
         try
         {
-            this.B = SRP6Util.validatePublicValue(N, new BigInteger(1, BBytes));
+            this.srpPeerCredentials = SRP6Util.validatePublicValue(srpGroup.getN(), srpParams.getB());
         }
         catch (CryptoException e)
         {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
         }
 
-        this.srpClient.init(N, g, new SHA1Digest(), context.getSecureRandom());
+        this.srpClient.init(srpGroup, TlsUtils.createHash(HashAlgorithm.sha1), context.getSecureRandom());
     }
 
     public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException
@@ -178,20 +261,44 @@ public class TlsSRPKeyExchange extends AbstractTlsKeyExchange
 
     public void generateClientKeyExchange(OutputStream output) throws IOException
     {
-        BigInteger A = srpClient.generateClientCredentials(s, this.identity, this.password);
-        TlsUtils.writeOpaque16(BigIntegers.asUnsignedByteArray(A), output);
+        BigInteger A = srpClient.generateClientCredentials(srpSalt, identity, password);
+        TlsSRPUtils.writeSRPParameter(A, output);
+
+        context.getSecurityParameters().srpIdentity = Arrays.clone(identity);
+    }
+
+    public void processClientKeyExchange(InputStream input) throws IOException
+    {
+        /*
+         * RFC 5054 2.5.4: The server MUST abort the handshake with an "illegal_parameter" alert if
+         * A % N = 0.
+         */
+        try
+        {
+            this.srpPeerCredentials = SRP6Util.validatePublicValue(srpGroup.getN(), TlsSRPUtils.readSRPParameter(input));
+        }
+        catch (CryptoException e)
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
+        }
+
+        context.getSecurityParameters().srpIdentity = Arrays.clone(identity);
     }
 
     public byte[] generatePremasterSecret() throws IOException
     {
         try
         {
+            BigInteger S = srpServer != null
+                ?   srpServer.calculateSecret(srpPeerCredentials)
+                :   srpClient.calculateSecret(srpPeerCredentials);
+
             // TODO Check if this needs to be a fixed size
-            return BigIntegers.asUnsignedByteArray(srpClient.calculateSecret(B));
+            return BigIntegers.asUnsignedByteArray(S);
         }
         catch (CryptoException e)
         {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPLoginParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPLoginParameters.java
new file mode 100644
index 0000000..45ef192
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPLoginParameters.java
@@ -0,0 +1,34 @@
+package org.bouncycastle.crypto.tls;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
+
+public class TlsSRPLoginParameters
+{
+    protected SRP6GroupParameters group;
+    protected BigInteger verifier;
+    protected byte[] salt;
+
+    public TlsSRPLoginParameters(SRP6GroupParameters group, BigInteger verifier, byte[] salt)
+    {
+        this.group = group;
+        this.verifier = verifier;
+        this.salt = salt;
+    }
+
+    public SRP6GroupParameters getGroup()
+    {
+        return group;
+    }
+
+    public byte[] getSalt()
+    {
+        return salt;
+    }
+
+    public BigInteger getVerifier()
+    {
+        return verifier;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPUtils.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPUtils.java
index 7fe5fb8..941d13b 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsSRPUtils.java
@@ -1,10 +1,13 @@
 package org.bouncycastle.crypto.tls;
 
 import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigInteger;
 import java.util.Hashtable;
 
+import org.bouncycastle.util.BigIntegers;
 import org.bouncycastle.util.Integers;
 
 public class TlsSRPUtils
@@ -46,4 +49,34 @@ public class TlsSRPUtils
 
         return identity;
     }
+
+    public static BigInteger readSRPParameter(InputStream input) throws IOException
+    {
+        return new BigInteger(1, TlsUtils.readOpaque16(input));
+    }
+
+    public static void writeSRPParameter(BigInteger x, OutputStream output) throws IOException
+    {
+        TlsUtils.writeOpaque16(BigIntegers.asUnsignedByteArray(x), output);
+    }
+
+    public static boolean isSRPCipherSuite(int cipherSuite)
+    {
+        switch (cipherSuite)
+        {
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
+            return true;
+
+        default:
+            return false;
+        }
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsServer.java
index 85c0a9a..2a9ae55 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsServer.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsServer.java
@@ -11,6 +11,8 @@ public interface TlsServer
 
     void notifyClientVersion(ProtocolVersion clientVersion) throws IOException;
 
+    void notifyFallback(boolean isFallback) throws IOException;
+
     void notifyOfferedCipherSuites(int[] offeredCipherSuites)
         throws IOException;
 
@@ -78,7 +80,7 @@ public interface TlsServer
 
     /**
      * RFC 5077 3.3. NewSessionTicket Handshake Message.
-     * <p/>
+     * <p>
      * This method will be called (only) if a NewSessionTicket extension was sent by the server. See
      * <i>RFC 5077 4. Recommended Ticket Construction</i> for recommended format and protection.
      *
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java
index 056d22a..509c4b2 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java
@@ -16,7 +16,7 @@ public class TlsServerProtocol
     extends TlsProtocol
 {
     protected TlsServer tlsServer = null;
-    protected TlsServerContextImpl tlsServerContext = null;
+    TlsServerContextImpl tlsServerContext = null;
 
     protected TlsKeyExchange keyExchange = null;
     protected TlsCredentials serverCredentials = null;
@@ -52,9 +52,12 @@ public class TlsServerProtocol
 
         this.securityParameters = new SecurityParameters();
         this.securityParameters.entity = ConnectionEnd.server;
-        this.securityParameters.serverRandom = createRandomBlock(secureRandom);
 
         this.tlsServerContext = new TlsServerContextImpl(secureRandom, securityParameters);
+
+        this.securityParameters.serverRandom = createRandomBlock(tlsServer.shouldUseGMTUnixTime(),
+            tlsServerContext.getNonceRandomGenerator());
+
         this.tlsServer.init(tlsServerContext);
         this.recordStream.init(tlsServerContext);
 
@@ -73,7 +76,12 @@ public class TlsServerProtocol
         this.prepareFinishHash = null;
     }
 
-    protected AbstractTlsContext getContext()
+    protected TlsContext getContext()
+    {
+        return tlsServerContext;
+    }
+
+    AbstractTlsContext getContextAdmin()
     {
         return tlsServerContext;
     }
@@ -363,6 +371,7 @@ public class TlsServerProtocol
         default:
         {
             super.handleWarningMessage(description);
+            break;
         }
         }
     }
@@ -375,7 +384,7 @@ public class TlsServerProtocol
             throw new IllegalStateException();
         }
 
-        if (this.peerCertificate != null)
+        if (peerCertificate != null)
         {
             throw new TlsFatalAlert(AlertDescription.unexpected_message);
         }
@@ -432,21 +441,31 @@ public class TlsServerProtocol
         // Verify the CertificateVerify message contains a correct signature.
         try
         {
-            // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned
-            byte[] certificateVerifyHash = getCurrentPRFHash(getContext(), prepareFinishHash, null);
+            byte[] hash;
+            if (TlsUtils.isTLSv12(getContext()))
+            {
+                hash = prepareFinishHash.getFinalHash(clientCertificateVerify.getAlgorithm().getHash());
+            }
+            else
+            {
+                hash = securityParameters.getSessionHash();
+            }
 
-            org.bouncycastle.asn1.x509.Certificate x509Cert = this.peerCertificate.getCertificateAt(0);
+            org.bouncycastle.asn1.x509.Certificate x509Cert = peerCertificate.getCertificateAt(0);
             SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
             AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo);
 
-            TlsSigner tlsSigner = TlsUtils.createTlsSigner(this.clientCertificateType);
+            TlsSigner tlsSigner = TlsUtils.createTlsSigner(clientCertificateType);
             tlsSigner.init(getContext());
-            tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(),
-                clientCertificateVerify.getSignature(), publicKey, certificateVerifyHash);
+            if (!tlsSigner.verifyRawSignature(clientCertificateVerify.getAlgorithm(),
+                clientCertificateVerify.getSignature(), publicKey, hash))
+            {
+                throw new TlsFatalAlert(AlertDescription.decrypt_error);
+            }
         }
         catch (Exception e)
         {
-            throw new TlsFatalAlert(AlertDescription.decrypt_error);
+            throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
         }
     }
 
@@ -454,6 +473,8 @@ public class TlsServerProtocol
         throws IOException
     {
         ProtocolVersion client_version = TlsUtils.readVersion(buf);
+        recordStream.setWriteVersion(client_version);
+
         if (client_version.isDTLS())
         {
             throw new TlsFatalAlert(AlertDescription.illegal_parameter);
@@ -501,9 +522,12 @@ public class TlsServerProtocol
          */
         this.clientExtensions = readExtensions(buf);
 
-        getContext().setClientVersion(client_version);
+        this.securityParameters.extendedMasterSecret = TlsExtensionsUtils.hasExtendedMasterSecretExtension(clientExtensions);
+
+        getContextAdmin().setClientVersion(client_version);
 
         tlsServer.notifyClientVersion(client_version);
+        tlsServer.notifyFallback(Arrays.contains(offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV));
 
         securityParameters.clientRandom = client_random;
 
@@ -562,15 +586,16 @@ public class TlsServerProtocol
     protected void receiveClientKeyExchangeMessage(ByteArrayInputStream buf)
         throws IOException
     {
-        this.keyExchange.processClientKeyExchange(buf);
+        keyExchange.processClientKeyExchange(buf);
 
         assertEmpty(buf);
 
+        this.prepareFinishHash = recordStream.prepareToFinish();
+        this.securityParameters.sessionHash = getCurrentPRFHash(getContext(), prepareFinishHash, null);
+
         establishMasterSecret(getContext(), keyExchange);
         recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher());
 
-        this.prepareFinishHash = recordStream.prepareToFinish();
-
         if (!expectSessionTicket)
         {
             sendChangeCipherSpecMessage();
@@ -626,7 +651,7 @@ public class TlsServerProtocol
         recordStream.setReadVersion(server_version);
         recordStream.setWriteVersion(server_version);
         recordStream.setRestrictReadVersion(true);
-        getContext().setServerVersion(server_version);
+        getContextAdmin().setServerVersion(server_version);
 
         TlsUtils.writeVersion(server_version, message);
 
@@ -639,16 +664,17 @@ public class TlsServerProtocol
         TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, message);
 
         int selectedCipherSuite = tlsServer.getSelectedCipherSuite();
-        if (!Arrays.contains(this.offeredCipherSuites, selectedCipherSuite)
+        if (!Arrays.contains(offeredCipherSuites, selectedCipherSuite)
             || selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL
-            || selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
+            || CipherSuite.isSCSV(selectedCipherSuite)
+            || !TlsUtils.isValidCipherSuiteForVersion(selectedCipherSuite, server_version))
         {
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
         securityParameters.cipherSuite = selectedCipherSuite;
 
         short selectedCompressionMethod = tlsServer.getSelectedCompressionMethod();
-        if (!Arrays.contains(this.offeredCompressionMethods, selectedCompressionMethod))
+        if (!Arrays.contains(offeredCompressionMethods, selectedCompressionMethod))
         {
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
@@ -681,11 +707,17 @@ public class TlsServerProtocol
                  * If the secure_renegotiation flag is set to TRUE, the server MUST include an empty
                  * "renegotiation_info" extension in the ServerHello message.
                  */
-                this.serverExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(this.serverExtensions);
+                this.serverExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(serverExtensions);
                 this.serverExtensions.put(EXT_RenegotiationInfo, createRenegotiationInfo(TlsUtils.EMPTY_BYTES));
             }
         }
 
+        if (securityParameters.extendedMasterSecret)
+        {
+            this.serverExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(serverExtensions);
+            TlsExtensionsUtils.addExtendedMasterSecretExtension(serverExtensions);
+        }
+
         /*
          * TODO RFC 3546 2.3 If [...] the older session is resumed, then the server MUST ignore
          * extensions appearing in the client hello, and send a server hello containing no
@@ -694,29 +726,31 @@ public class TlsServerProtocol
 
         if (this.serverExtensions != null)
         {
+            this.securityParameters.encryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(serverExtensions);
+
             this.securityParameters.maxFragmentLength = processMaxFragmentLengthExtension(clientExtensions,
-                this.serverExtensions, AlertDescription.internal_error);
+                serverExtensions, AlertDescription.internal_error);
 
-            this.securityParameters.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(this.serverExtensions);
+            this.securityParameters.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(serverExtensions);
 
             /*
              * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in
              * a session resumption handshake.
              */
-            this.allowCertificateStatus = !this.resumedSession
-                && TlsUtils.hasExpectedEmptyExtensionData(this.serverExtensions, TlsExtensionsUtils.EXT_status_request,
+            this.allowCertificateStatus = !resumedSession
+                && TlsUtils.hasExpectedEmptyExtensionData(serverExtensions, TlsExtensionsUtils.EXT_status_request,
                     AlertDescription.internal_error);
 
-            this.expectSessionTicket = !this.resumedSession
-                && TlsUtils.hasExpectedEmptyExtensionData(this.serverExtensions, TlsProtocol.EXT_SessionTicket,
+            this.expectSessionTicket = !resumedSession
+                && TlsUtils.hasExpectedEmptyExtensionData(serverExtensions, TlsProtocol.EXT_SessionTicket,
                     AlertDescription.internal_error);
 
-            writeExtensions(message, this.serverExtensions);
+            writeExtensions(message, serverExtensions);
         }
 
-        if (this.securityParameters.maxFragmentLength >= 0)
+        if (securityParameters.maxFragmentLength >= 0)
         {
-            int plainTextLimit = 1 << (8 + this.securityParameters.maxFragmentLength);
+            int plainTextLimit = 1 << (8 + securityParameters.maxFragmentLength);
             recordStream.setPlaintextLimit(plainTextLimit);
         }
 
@@ -730,7 +764,7 @@ public class TlsServerProtocol
 
         message.writeToRecordStream();
 
-        this.recordStream.notifyHelloComplete();
+        recordStream.notifyHelloComplete();
     }
 
     protected void sendServerHelloDoneMessage()
@@ -755,6 +789,6 @@ public class TlsServerProtocol
 
     protected boolean expectCertificateVerifyMessage()
     {
-        return this.clientCertificateType >= 0 && TlsUtils.hasSigningCapability(this.clientCertificateType);
+        return clientCertificateType >= 0 && TlsUtils.hasSigningCapability(clientCertificateType);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsStreamCipher.java
index 178731d..4e2c263 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsStreamCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsStreamCipher.java
@@ -6,13 +6,12 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.StreamCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Arrays;
 
 public class TlsStreamCipher
     implements TlsCipher
 {
-    private static boolean encryptThenMAC = false;
-
     protected TlsContext context;
 
     protected StreamCipher encryptCipher;
@@ -21,13 +20,16 @@ public class TlsStreamCipher
     protected TlsMac writeMac;
     protected TlsMac readMac;
 
+    protected boolean usesNonce;
+
     public TlsStreamCipher(TlsContext context, StreamCipher clientWriteCipher,
         StreamCipher serverWriteCipher, Digest clientWriteDigest, Digest serverWriteDigest,
-        int cipherKeySize) throws IOException
+        int cipherKeySize, boolean usesNonce) throws IOException
     {
         boolean isServer = context.isServer();
 
         this.context = context;
+        this.usesNonce = usesNonce;
 
         this.encryptCipher = clientWriteCipher;
         this.decryptCipher = serverWriteCipher;
@@ -78,6 +80,13 @@ public class TlsStreamCipher
             decryptParams = serverWriteKey;
         }
 
+        if (usesNonce)
+        {
+            byte[] dummyNonce = new byte[8];
+            encryptParams = new ParametersWithIV(encryptParams, dummyNonce);
+            decryptParams = new ParametersWithIV(decryptParams, dummyNonce);
+        }
+
         this.encryptCipher.init(true, encryptParams);
         this.decryptCipher.init(false, decryptParams);
     }
@@ -90,26 +99,22 @@ public class TlsStreamCipher
     public byte[] encodePlaintext(long seqNo, short type, byte[] plaintext, int offset, int len)
     {
         /*
-         * TODO[draft-josefsson-salsa20-tls-02] Note that Salsa20 requires a 64-bit nonce. That
+         * draft-josefsson-salsa20-tls-04 2.1 Note that Salsa20 requires a 64-bit nonce. That
          * nonce is updated on the encryption of every TLS record, and is set to be the 64-bit TLS
          * record sequence number. In case of DTLS the 64-bit nonce is formed as the concatenation
          * of the 16-bit epoch with the 48-bit sequence number.
          */
+        if (usesNonce)
+        {
+            updateIV(encryptCipher, true, seqNo);
+        }
 
         byte[] outBuf = new byte[len + writeMac.getSize()];
 
         encryptCipher.processBytes(plaintext, offset, len, outBuf, 0);
 
-        if (encryptThenMAC)
-        {
-            byte[] mac = writeMac.calculateMac(seqNo, type, outBuf, 0, len);
-            System.arraycopy(mac, 0, outBuf, len, mac.length);
-        }
-        else
-        {
-            byte[] mac = writeMac.calculateMac(seqNo, type, plaintext, offset, len);
-            encryptCipher.processBytes(mac, 0, mac.length, outBuf, len);
-        }
+        byte[] mac = writeMac.calculateMac(seqNo, type, plaintext, offset, len);
+        encryptCipher.processBytes(mac, 0, mac.length, outBuf, len);
 
         return outBuf;
     }
@@ -118,11 +123,15 @@ public class TlsStreamCipher
         throws IOException
     {
         /*
-         * TODO[draft-josefsson-salsa20-tls-02] Note that Salsa20 requires a 64-bit nonce. That
+         * draft-josefsson-salsa20-tls-04 2.1 Note that Salsa20 requires a 64-bit nonce. That
          * nonce is updated on the encryption of every TLS record, and is set to be the 64-bit TLS
          * record sequence number. In case of DTLS the 64-bit nonce is formed as the concatenation
          * of the 16-bit epoch with the 48-bit sequence number.
          */
+        if (usesNonce)
+        {
+            updateIV(decryptCipher, false, seqNo);
+        }
 
         int macSize = readMac.getSize();
         if (len < macSize)
@@ -132,24 +141,13 @@ public class TlsStreamCipher
 
         int plaintextLength = len - macSize;
 
-        if (encryptThenMAC)
-        {
-            int ciphertextEnd = offset + len;
-            checkMAC(seqNo, type, ciphertext, ciphertextEnd - macSize, ciphertextEnd, ciphertext, offset, plaintextLength);
-            byte[] deciphered = new byte[plaintextLength];
-            decryptCipher.processBytes(ciphertext, offset, plaintextLength, deciphered, 0);
-            return deciphered;
-        }
-        else
-        {
-            byte[] deciphered = new byte[len];
-            decryptCipher.processBytes(ciphertext, offset, len, deciphered, 0);
-            checkMAC(seqNo, type, deciphered, plaintextLength, len, deciphered, 0, plaintextLength);
-            return Arrays.copyOfRange(deciphered, 0, plaintextLength);
-        }
+        byte[] deciphered = new byte[len];
+        decryptCipher.processBytes(ciphertext, offset, len, deciphered, 0);
+        checkMAC(seqNo, type, deciphered, plaintextLength, len, deciphered, 0, plaintextLength);
+        return Arrays.copyOfRange(deciphered, 0, plaintextLength);
     }
 
-    private void checkMAC(long seqNo, short type, byte[] recBuf, int recStart, int recEnd, byte[] calcBuf, int calcOff, int calcLen)
+    protected void checkMAC(long seqNo, short type, byte[] recBuf, int recStart, int recEnd, byte[] calcBuf, int calcOff, int calcLen)
         throws IOException
     {
         byte[] receivedMac = Arrays.copyOfRange(recBuf, recStart, recEnd);
@@ -160,4 +158,11 @@ public class TlsStreamCipher
             throw new TlsFatalAlert(AlertDescription.bad_record_mac);
         }
     }
+
+    protected void updateIV(StreamCipher cipher, boolean forEncryption, long seqNo)
+    {
+        byte[] nonce = new byte[8];
+        TlsUtils.writeUint64(seqNo, nonce, 0);
+        cipher.init(forEncryption, new ParametersWithIV(null, nonce));
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java
index dae9ff5..d390983 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java
@@ -43,7 +43,10 @@ import org.bouncycastle.util.io.Streams;
  */
 public class TlsUtils
 {
-    public static byte[] EMPTY_BYTES = new byte[0];
+    public static final byte[] EMPTY_BYTES = new byte[0];
+    public static final short[] EMPTY_SHORTS = new short[0];
+    public static final int[] EMPTY_INTS = new int[0];
+    public static final long[] EMPTY_LONGS = new long[0];
 
     public static final Integer EXT_signature_algorithms = Integers.valueOf(ExtensionType.signature_algorithms);
 
@@ -63,6 +66,14 @@ public class TlsUtils
         }
     }
 
+    public static void checkUint8(long i) throws IOException
+    {
+        if (!isValidUint8(i))
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
     public static void checkUint16(int i) throws IOException
     {
         if (!isValidUint16(i))
@@ -71,6 +82,14 @@ public class TlsUtils
         }
     }
 
+    public static void checkUint16(long i) throws IOException
+    {
+        if (!isValidUint16(i))
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
     public static void checkUint24(int i) throws IOException
     {
         if (!isValidUint24(i))
@@ -79,6 +98,14 @@ public class TlsUtils
         }
     }
 
+    public static void checkUint24(long i) throws IOException
+    {
+        if (!isValidUint24(i))
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
     public static void checkUint32(long i) throws IOException
     {
         if (!isValidUint32(i))
@@ -113,16 +140,31 @@ public class TlsUtils
         return (i & 0xFF) == i;
     }
 
+    public static boolean isValidUint8(long i)
+    {
+        return (i & 0xFFL) == i;
+    }
+
     public static boolean isValidUint16(int i)
     {
         return (i & 0xFFFF) == i;
     }
 
+    public static boolean isValidUint16(long i)
+    {
+        return (i & 0xFFFFL) == i;
+    }
+
     public static boolean isValidUint24(int i)
     {
         return (i & 0xFFFFFF) == i;
     }
 
+    public static boolean isValidUint24(long i)
+    {
+        return (i & 0xFFFFFFL) == i;
+    }
+
     public static boolean isValidUint32(long i)
     {
         return (i & 0xFFFFFFFFL) == i;
@@ -178,92 +220,92 @@ public class TlsUtils
     public static void writeUint16(int i, OutputStream output)
         throws IOException
     {
-        output.write(i >> 8);
+        output.write(i >>> 8);
         output.write(i);
     }
 
     public static void writeUint16(int i, byte[] buf, int offset)
     {
-        buf[offset] = (byte)(i >> 8);
+        buf[offset] = (byte)(i >>> 8);
         buf[offset + 1] = (byte)i;
     }
 
     public static void writeUint24(int i, OutputStream output)
         throws IOException
     {
-        output.write(i >> 16);
-        output.write(i >> 8);
-        output.write(i);
+        output.write((byte)(i >>> 16));
+        output.write((byte)(i >>> 8));
+        output.write((byte)i);
     }
 
     public static void writeUint24(int i, byte[] buf, int offset)
     {
-        buf[offset] = (byte)(i >> 16);
-        buf[offset + 1] = (byte)(i >> 8);
-        buf[offset + 2] = (byte)(i);
+        buf[offset] = (byte)(i >>> 16);
+        buf[offset + 1] = (byte)(i >>> 8);
+        buf[offset + 2] = (byte)i;
     }
 
     public static void writeUint32(long i, OutputStream output)
         throws IOException
     {
-        output.write((int)(i >> 24));
-        output.write((int)(i >> 16));
-        output.write((int)(i >> 8));
-        output.write((int)(i));
+        output.write((byte)(i >>> 24));
+        output.write((byte)(i >>> 16));
+        output.write((byte)(i >>> 8));
+        output.write((byte)i);
     }
 
     public static void writeUint32(long i, byte[] buf, int offset)
     {
-        buf[offset] = (byte)(i >> 24);
-        buf[offset + 1] = (byte)(i >> 16);
-        buf[offset + 2] = (byte)(i >> 8);
-        buf[offset + 3] = (byte)(i);
+        buf[offset] = (byte)(i >>> 24);
+        buf[offset + 1] = (byte)(i >>> 16);
+        buf[offset + 2] = (byte)(i >>> 8);
+        buf[offset + 3] = (byte)i;
     }
 
     public static void writeUint48(long i, OutputStream output)
         throws IOException
     {
-        output.write((byte)(i >> 40));
-        output.write((byte)(i >> 32));
-        output.write((byte)(i >> 24));
-        output.write((byte)(i >> 16));
-        output.write((byte)(i >> 8));
-        output.write((byte)(i));
+        output.write((byte)(i >>> 40));
+        output.write((byte)(i >>> 32));
+        output.write((byte)(i >>> 24));
+        output.write((byte)(i >>> 16));
+        output.write((byte)(i >>> 8));
+        output.write((byte)i);
     }
 
     public static void writeUint48(long i, byte[] buf, int offset)
     {
-        buf[offset] = (byte)(i >> 40);
-        buf[offset + 1] = (byte)(i >> 32);
-        buf[offset + 2] = (byte)(i >> 24);
-        buf[offset + 3] = (byte)(i >> 16);
-        buf[offset + 4] = (byte)(i >> 8);
-        buf[offset + 5] = (byte)(i);
+        buf[offset] = (byte)(i >>> 40);
+        buf[offset + 1] = (byte)(i >>> 32);
+        buf[offset + 2] = (byte)(i >>> 24);
+        buf[offset + 3] = (byte)(i >>> 16);
+        buf[offset + 4] = (byte)(i >>> 8);
+        buf[offset + 5] = (byte)i;
     }
 
     public static void writeUint64(long i, OutputStream output)
         throws IOException
     {
-        output.write((byte)(i >> 56));
-        output.write((byte)(i >> 48));
-        output.write((byte)(i >> 40));
-        output.write((byte)(i >> 32));
-        output.write((byte)(i >> 24));
-        output.write((byte)(i >> 16));
-        output.write((byte)(i >> 8));
-        output.write((byte)(i));
+        output.write((byte)(i >>> 56));
+        output.write((byte)(i >>> 48));
+        output.write((byte)(i >>> 40));
+        output.write((byte)(i >>> 32));
+        output.write((byte)(i >>> 24));
+        output.write((byte)(i >>> 16));
+        output.write((byte)(i >>> 8));
+        output.write((byte)i);
     }
 
     public static void writeUint64(long i, byte[] buf, int offset)
     {
-        buf[offset] = (byte)(i >> 56);
-        buf[offset + 1] = (byte)(i >> 48);
-        buf[offset + 2] = (byte)(i >> 40);
-        buf[offset + 3] = (byte)(i >> 32);
-        buf[offset + 4] = (byte)(i >> 24);
-        buf[offset + 5] = (byte)(i >> 16);
-        buf[offset + 6] = (byte)(i >> 8);
-        buf[offset + 7] = (byte)(i);
+        buf[offset] = (byte)(i >>> 56);
+        buf[offset + 1] = (byte)(i >>> 48);
+        buf[offset + 2] = (byte)(i >>> 40);
+        buf[offset + 3] = (byte)(i >>> 32);
+        buf[offset + 4] = (byte)(i >>> 24);
+        buf[offset + 5] = (byte)(i >>> 16);
+        buf[offset + 6] = (byte)(i >>> 8);
+        buf[offset + 7] = (byte)i;
     }
 
     public static void writeOpaque8(byte[] buf, OutputStream output)
@@ -451,23 +493,24 @@ public class TlsUtils
         {
             throw new EOFException();
         }
-        return (((long)i1) << 24) | (((long)i2) << 16) | (((long)i3) << 8) | ((long)i4);
+        return ((i1 << 2) | (i2 << 16) | (i3 << 8) | i4) & 0xFFFFFFFFL;
+    }
+
+    public static long readUint32(byte[] buf, int offset)
+    {
+        int n = (buf[offset] & 0xff) << 24;
+        n |= (buf[++offset] & 0xff) << 16;
+        n |= (buf[++offset] & 0xff) << 8;
+        n |= (buf[++offset] & 0xff);
+        return n & 0xFFFFFFFFL;
     }
 
     public static long readUint48(InputStream input)
         throws IOException
     {
-        int i1 = input.read();
-        int i2 = input.read();
-        int i3 = input.read();
-        int i4 = input.read();
-        int i5 = input.read();
-        int i6 = input.read();
-        if (i6 < 0)
-        {
-            throw new EOFException();
-        }
-        return (((long)i1) << 40) | (((long)i2) << 32) | (((long)i3) << 24) | (((long)i4) << 16) | (((long)i5) << 8) | ((long)i6);
+        int hi = readUint24(input);
+        int lo = readUint24(input);
+        return ((long)(hi & 0xffffffffL) << 24) | (long)(lo & 0xffffffffL);
     }
 
     public static long readUint48(byte[] buf, int offset)
@@ -634,9 +677,9 @@ public class TlsUtils
     public static void writeGMTUnixTime(byte[] buf, int offset)
     {
         int t = (int)(System.currentTimeMillis() / 1000L);
-        buf[offset] = (byte)(t >> 24);
-        buf[offset + 1] = (byte)(t >> 16);
-        buf[offset + 2] = (byte)(t >> 8);
+        buf[offset] = (byte)(t >>> 24);
+        buf[offset + 1] = (byte)(t >>> 16);
+        buf[offset + 2] = (byte)(t >>> 8);
         buf[offset + 3] = (byte)t;
     }
 
@@ -668,6 +711,40 @@ public class TlsUtils
         return vectorOfOne(new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa));
     }
 
+    public static Vector getDefaultSupportedSignatureAlgorithms()
+    {
+        short[] hashAlgorithms = new short[]{ HashAlgorithm.sha1, HashAlgorithm.sha224, HashAlgorithm.sha256,
+            HashAlgorithm.sha384, HashAlgorithm.sha512 };
+        short[] signatureAlgorithms = new short[]{ SignatureAlgorithm.rsa, SignatureAlgorithm.dsa,
+            SignatureAlgorithm.ecdsa };
+
+        Vector result = new Vector();
+        for (int i = 0; i < signatureAlgorithms.length; ++i)
+        {
+            for (int j = 0; j < hashAlgorithms.length; ++j)
+            {
+                result.addElement(new SignatureAndHashAlgorithm(hashAlgorithms[j], signatureAlgorithms[i]));
+            }
+        }
+        return result;
+    }
+
+    public static SignatureAndHashAlgorithm getSignatureAndHashAlgorithm(TlsContext context,
+        TlsSignerCredentials signerCredentials)
+        throws IOException
+    {
+        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
+        if (TlsUtils.isTLSv12(context))
+        {
+            signatureAndHashAlgorithm = signerCredentials.getSignatureAndHashAlgorithm();
+            if (signatureAndHashAlgorithm == null)
+            {
+                throw new TlsFatalAlert(AlertDescription.internal_error);
+            }
+        }
+        return signatureAndHashAlgorithm;
+    }
+
     public static byte[] getExtensionData(Hashtable extensions, Integer extensionType)
     {
         return extensions == null ? null : (byte[])extensions.get(extensionType);
@@ -780,8 +857,8 @@ public class TlsUtils
 
         // supported_signature_algorithms
         int length = 2 * supportedSignatureAlgorithms.size();
-        TlsUtils.checkUint16(length);
-        TlsUtils.writeUint16(length, output);
+        checkUint16(length);
+        writeUint16(length, output);
         for (int i = 0; i < supportedSignatureAlgorithms.size(); ++i)
         {
             SignatureAndHashAlgorithm entry = (SignatureAndHashAlgorithm)supportedSignatureAlgorithms.elementAt(i);
@@ -802,7 +879,7 @@ public class TlsUtils
         throws IOException
     {
         // supported_signature_algorithms
-        int length = TlsUtils.readUint16(input);
+        int length = readUint16(input);
         if (length < 2 || (length & 1) != 0)
         {
             throw new TlsFatalAlert(AlertDescription.decode_error);
@@ -850,6 +927,14 @@ public class TlsUtils
         return buf;
     }
 
+    public static byte[] PRF_legacy(byte[] secret, String asciiLabel, byte[] seed, int size)
+    {
+        byte[] label = Strings.toByteArray(asciiLabel);
+        byte[] labelSeed = concat(label, seed);
+
+        return PRF_legacy(secret, label, labelSeed, size);
+    }
+
     static byte[] PRF_legacy(byte[] secret, byte[] label, byte[] labelSeed, int size)
     {
         int s_half = (secret.length + 1) / 2;
@@ -860,8 +945,8 @@ public class TlsUtils
 
         byte[] b1 = new byte[size];
         byte[] b2 = new byte[size];
-        hmac_hash(new MD5Digest(), s1, labelSeed, b1);
-        hmac_hash(new SHA1Digest(), s2, labelSeed, b2);
+        hmac_hash(createHash(HashAlgorithm.md5), s1, labelSeed, b1);
+        hmac_hash(createHash(HashAlgorithm.sha1), s2, labelSeed, b2);
         for (int i = 0; i < size; i++)
         {
             b1[i] ^= b2[i];
@@ -880,7 +965,7 @@ public class TlsUtils
     static void hmac_hash(Digest digest, byte[] secret, byte[] seed, byte[] out)
     {
         HMac mac = new HMac(digest);
-        KeyParameter param = new KeyParameter(secret);
+        mac.init(new KeyParameter(secret));
         byte[] a = seed;
         int size = digest.getDigestSize();
         int iterations = (out.length + size - 1) / size;
@@ -888,11 +973,9 @@ public class TlsUtils
         byte[] buf2 = new byte[mac.getMacSize()];
         for (int i = 0; i < iterations; i++)
         {
-            mac.init(param);
             mac.update(a, 0, a.length);
             mac.doFinal(buf, 0);
             a = buf;
-            mac.init(param);
             mac.update(a, 0, a.length);
             mac.update(seed, 0, seed.length);
             mac.doFinal(buf2, 0);
@@ -935,8 +1018,8 @@ public class TlsUtils
 
     static byte[] calculateKeyBlock_SSL(byte[] master_secret, byte[] random, int size)
     {
-        Digest md5 = new MD5Digest();
-        Digest sha1 = new SHA1Digest();
+        Digest md5 = createHash(HashAlgorithm.md5);
+        Digest sha1 = createHash(HashAlgorithm.sha1);
         int md5Size = md5.getDigestSize();
         byte[] shatmp = new byte[sha1.getDigestSize()];
         byte[] tmp = new byte[size + md5Size];
@@ -959,28 +1042,39 @@ public class TlsUtils
             ++i;
         }
 
-        byte rval[] = new byte[size];
-        System.arraycopy(tmp, 0, rval, 0, size);
-        return rval;
+        return Arrays.copyOfRange(tmp, 0, size);
     }
 
     static byte[] calculateMasterSecret(TlsContext context, byte[] pre_master_secret)
     {
         SecurityParameters securityParameters = context.getSecurityParameters();
-        byte[] seed = concat(securityParameters.getClientRandom(), securityParameters.getServerRandom());
+
+        byte[] seed;
+        if (securityParameters.extendedMasterSecret)
+        {
+            seed = securityParameters.getSessionHash();
+        }
+        else
+        {
+            seed = concat(securityParameters.getClientRandom(), securityParameters.getServerRandom());
+        }
 
         if (isSSL(context))
         {
             return calculateMasterSecret_SSL(pre_master_secret, seed);
         }
 
-        return PRF(context, pre_master_secret, ExporterLabel.master_secret, seed, 48);
+        String asciiLabel = securityParameters.extendedMasterSecret
+            ?   ExporterLabel.extended_master_secret
+            :   ExporterLabel.master_secret;
+
+        return PRF(context, pre_master_secret, asciiLabel, seed, 48);
     }
 
     static byte[] calculateMasterSecret_SSL(byte[] pre_master_secret, byte[] random)
     {
-        Digest md5 = new MD5Digest();
-        Digest sha1 = new SHA1Digest();
+        Digest md5 = createHash(HashAlgorithm.md5);
+        Digest sha1 = createHash(HashAlgorithm.sha1);
         int md5Size = md5.getDigestSize();
         byte[] shatmp = new byte[sha1.getDigestSize()];
 
@@ -1020,7 +1114,7 @@ public class TlsUtils
         return PRF(context, master_secret, asciiLabel, handshakeHash, verify_data_length);
     }
 
-    public static final Digest createHash(short hashAlgorithm)
+    public static Digest createHash(short hashAlgorithm)
     {
         switch (hashAlgorithm)
         {
@@ -1041,7 +1135,14 @@ public class TlsUtils
         }
     }
 
-    public static final Digest cloneHash(short hashAlgorithm, Digest hash)
+    public static Digest createHash(SignatureAndHashAlgorithm signatureAndHashAlgorithm)
+    {
+        return signatureAndHashAlgorithm == null
+            ?   new CombinedHash()
+            :   createHash(signatureAndHashAlgorithm.getHash());
+    }
+
+    public static Digest cloneHash(short hashAlgorithm, Digest hash)
     {
         switch (hashAlgorithm)
         {
@@ -1062,7 +1163,7 @@ public class TlsUtils
         }
     }
 
-    public static final Digest createPRFHash(int prfAlgorithm)
+    public static Digest createPRFHash(int prfAlgorithm)
     {
         switch (prfAlgorithm)
         {
@@ -1073,7 +1174,7 @@ public class TlsUtils
         }
     }
 
-    public static final Digest clonePRFHash(int prfAlgorithm, Digest hash)
+    public static Digest clonePRFHash(int prfAlgorithm, Digest hash)
     {
         switch (prfAlgorithm)
         {
@@ -1084,7 +1185,7 @@ public class TlsUtils
         }
     }
 
-    public static final short getHashAlgorithmForPRFAlgorithm(int prfAlgorithm)
+    public static short getHashAlgorithmForPRFAlgorithm(int prfAlgorithm)
     {
         switch (prfAlgorithm)
         {
@@ -1183,12 +1284,12 @@ public class TlsUtils
 
             // TODO Add support for ClientCertificateType.*_fixed_*
 
+            throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
         }
         catch (Exception e)
         {
+            throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
         }
-
-        throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
     }
 
     static void trackHashAlgorithms(TlsHandshakeHash handshakeHash, Vector supportedSignatureAlgorithms)
@@ -1237,9 +1338,9 @@ public class TlsUtils
     static final byte[] SSL_SERVER = {0x53, 0x52, 0x56, 0x52};
 
     // SSL3 magic mix constants ("A", "BB", "CCC", ...)
-    static final byte[][] SSL3_CONST = genConst();
+    static final byte[][] SSL3_CONST = genSSL3Const();
 
-    private static byte[][] genConst()
+    private static byte[][] genSSL3Const()
     {
         int n = 10;
         byte[][] arr = new byte[n][];
@@ -1258,4 +1359,485 @@ public class TlsUtils
         v.addElement(obj);
         return v;
     }
+
+    public static int getCipherType(int ciphersuite) throws IOException
+    {
+        switch (getEncryptionAlgorithm(ciphersuite))
+        {
+        case EncryptionAlgorithm.AES_128_GCM:
+        case EncryptionAlgorithm.AES_256_GCM:
+        case EncryptionAlgorithm.AES_128_CCM:
+        case EncryptionAlgorithm.AES_128_CCM_8:
+        case EncryptionAlgorithm.AES_256_CCM:
+        case EncryptionAlgorithm.AES_256_CCM_8:
+        case EncryptionAlgorithm.CAMELLIA_128_GCM:
+        case EncryptionAlgorithm.CAMELLIA_256_GCM:
+        case EncryptionAlgorithm.AEAD_CHACHA20_POLY1305:
+            return CipherType.aead;
+
+        case EncryptionAlgorithm.RC2_CBC_40:
+        case EncryptionAlgorithm.IDEA_CBC:
+        case EncryptionAlgorithm.DES40_CBC:
+        case EncryptionAlgorithm.DES_CBC:
+        case EncryptionAlgorithm._3DES_EDE_CBC:
+        case EncryptionAlgorithm.AES_128_CBC:
+        case EncryptionAlgorithm.AES_256_CBC:
+        case EncryptionAlgorithm.CAMELLIA_128_CBC:
+        case EncryptionAlgorithm.CAMELLIA_256_CBC:
+        case EncryptionAlgorithm.SEED_CBC:
+            return CipherType.block;
+
+        case EncryptionAlgorithm.RC4_40:
+        case EncryptionAlgorithm.RC4_128:
+        case EncryptionAlgorithm.ESTREAM_SALSA20:
+        case EncryptionAlgorithm.SALSA20:
+            return CipherType.stream;
+
+        default:
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
+    public static int getEncryptionAlgorithm(int ciphersuite) throws IOException
+    {
+        switch (ciphersuite)
+        {
+        case CipherSuite.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
+            return EncryptionAlgorithm._3DES_EDE_CBC;
+
+        case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+            return EncryptionAlgorithm.AEAD_CHACHA20_POLY1305;
+
+        case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
+            return EncryptionAlgorithm.AES_128_CBC;
+
+        case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256:
+            return EncryptionAlgorithm.AES_128_CBC;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_RSA_WITH_AES_128_CCM:
+            return EncryptionAlgorithm.AES_128_CCM;
+
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_RSA_WITH_AES_128_CCM_8:
+            return EncryptionAlgorithm.AES_128_CCM_8;
+
+        case CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256:
+            return EncryptionAlgorithm.AES_128_GCM;
+
+        case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
+        case CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
+            return EncryptionAlgorithm.AES_256_CBC;
+
+        case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256:
+            return EncryptionAlgorithm.AES_256_CBC;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
+            return EncryptionAlgorithm.AES_256_CBC;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_RSA_WITH_AES_256_CCM:
+            return EncryptionAlgorithm.AES_256_CCM;
+
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
+            return EncryptionAlgorithm.AES_256_CCM_8;
+
+        case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384:
+            return EncryptionAlgorithm.AES_256_GCM;
+
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
+            return EncryptionAlgorithm.CAMELLIA_128_CBC;
+
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+            return EncryptionAlgorithm.CAMELLIA_128_CBC;
+
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+            return EncryptionAlgorithm.CAMELLIA_128_GCM;
+
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
+            return EncryptionAlgorithm.CAMELLIA_256_CBC;
+
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+            return EncryptionAlgorithm.CAMELLIA_256_CBC;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384:
+            return EncryptionAlgorithm.CAMELLIA_256_CBC;
+
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+            return EncryptionAlgorithm.CAMELLIA_256_GCM;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1:
+        case CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1:
+            return EncryptionAlgorithm.ESTREAM_SALSA20;
+
+        case CipherSuite.TLS_RSA_WITH_NULL_MD5:
+            return EncryptionAlgorithm.NULL;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDH_RSA_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_NULL_SHA:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA:
+        case CipherSuite.TLS_RSA_WITH_NULL_SHA:
+            return EncryptionAlgorithm.NULL;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA256:
+        case CipherSuite.TLS_RSA_WITH_NULL_SHA256:
+            return EncryptionAlgorithm.NULL;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_PSK_WITH_NULL_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA384:
+            return EncryptionAlgorithm.NULL;
+
+        case CipherSuite.TLS_DH_anon_WITH_RC4_128_MD5:
+        case CipherSuite.TLS_RSA_WITH_RC4_128_MD5:
+            return EncryptionAlgorithm.RC4_128;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDH_anon_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDH_RSA_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_PSK_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_RSA_WITH_RC4_128_SHA:
+        case CipherSuite.TLS_RSA_PSK_WITH_RC4_128_SHA:
+            return EncryptionAlgorithm.RC4_128;
+
+        case CipherSuite.TLS_DHE_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_DHE_RSA_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_RSA_PSK_WITH_SALSA20_SHA1:
+        case CipherSuite.TLS_RSA_WITH_SALSA20_SHA1:
+            return EncryptionAlgorithm.SALSA20;
+
+        case CipherSuite.TLS_DH_DSS_WITH_SEED_CBC_SHA:
+        case CipherSuite.TLS_DH_RSA_WITH_SEED_CBC_SHA:
+        case CipherSuite.TLS_DHE_DSS_WITH_SEED_CBC_SHA:
+        case CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA:
+        case CipherSuite.TLS_RSA_WITH_SEED_CBC_SHA:
+            return EncryptionAlgorithm.SEED_CBC;
+
+        default:
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+    }
+
+    public static ProtocolVersion getMinimumVersion(int ciphersuite)
+    {
+        switch (ciphersuite)
+        {
+        case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM:
+        case CipherSuite.TLS_PSK_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_AES_128_CCM:
+        case CipherSuite.TLS_RSA_WITH_AES_128_CCM_8:
+        case CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_AES_256_CCM:
+        case CipherSuite.TLS_RSA_WITH_AES_256_CCM_8:
+        case CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:
+        case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
+        case CipherSuite.TLS_RSA_WITH_NULL_SHA256:
+            return ProtocolVersion.TLSv12;
+
+        default:
+            return ProtocolVersion.SSLv3;
+        }
+    }
+
+    public static boolean isAEADCipherSuite(int ciphersuite) throws IOException
+    {
+        return CipherType.aead == getCipherType(ciphersuite);
+    }
+
+    public static boolean isBlockCipherSuite(int ciphersuite) throws IOException
+    {
+        return CipherType.block == getCipherType(ciphersuite);
+    }
+
+    public static boolean isStreamCipherSuite(int ciphersuite) throws IOException
+    {
+        return CipherType.stream == getCipherType(ciphersuite);
+    }
+
+    public static boolean isValidCipherSuiteForVersion(int cipherSuite, ProtocolVersion serverVersion)
+    {
+        return getMinimumVersion(cipherSuite).isEqualOrEarlierVersionOf(serverVersion.getEquivalentTLSVersion());
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/UseSRTPData.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/UseSRTPData.java
index 8ecfce0..7a83e4d 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/UseSRTPData.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/UseSRTPData.java
@@ -5,9 +5,8 @@ package org.bouncycastle.crypto.tls;
  */
 public class UseSRTPData
 {
-
-    private int[] protectionProfiles;
-    private byte[] mki;
+    protected int[] protectionProfiles;
+    protected byte[] mki;
 
     /**
      * @param protectionProfiles see {@link SRTPProtectionProfile} for valid constants.
@@ -15,7 +14,6 @@ public class UseSRTPData
      */
     public UseSRTPData(int[] protectionProfiles, byte[] mki)
     {
-
         if (protectionProfiles == null || protectionProfiles.length < 1
             || protectionProfiles.length >= (1 << 15))
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/AllTests.java
new file mode 100644
index 0000000..ef5b29b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/AllTests.java
@@ -0,0 +1,23 @@
+package org.bouncycastle.crypto.tls.test;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+public class AllTests
+{
+    public static void main(String[] args)
+        throws Exception
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+
+    public static Test suite()
+        throws Exception
+    {
+        TestSuite suite = new TestSuite("TLS tests");
+
+        suite.addTest(BasicTlsTest.suite());
+
+        return suite;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/BasicTlsTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/BasicTlsTest.java
new file mode 100644
index 0000000..49f6310
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/BasicTlsTest.java
@@ -0,0 +1,226 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.net.Socket;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.Certificate;
+import org.bouncycastle.crypto.tls.CipherSuite;
+import org.bouncycastle.crypto.tls.DefaultTlsClient;
+import org.bouncycastle.crypto.tls.ServerOnlyTlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsClient;
+import org.bouncycastle.crypto.tls.TlsClientProtocol;
+import org.bouncycastle.crypto.tls.TlsFatalAlert;
+import org.bouncycastle.crypto.tls.TlsKeyExchange;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+
+public class BasicTlsTest
+    extends TestCase
+{
+    private static final int PORT_NO = 8003;
+
+    protected boolean isSufficientVMVersion(String vmVersion)
+    {
+        if (vmVersion == null)
+        {
+            return false;
+        }
+        String[] parts = vmVersion.split("\\.");
+        if (parts == null || parts.length != 2)
+        {
+            return false;
+        }
+        try
+        {
+            int major = Integer.parseInt(parts[0]);
+            if (major != 1)
+            {
+                return major > 1;
+            }
+            int minor = Integer.parseInt(parts[1]);
+            return minor >= 7;
+        }
+        catch (NumberFormatException e)
+        {
+            return false;
+        }
+    }
+
+    public void testConnection()
+        throws Exception
+    {
+        String vmVersion = System.getProperty("java.specification.version");
+        if (!isSufficientVMVersion(vmVersion))
+        {
+            return; // only works on later VMs.
+        }
+
+        Thread server = new HTTPSServerThread();
+
+        server.start();
+
+        Thread.yield();
+
+        Socket s = null;
+
+        for (int i = 0; s == null && i != 3; i++)
+        {
+            Thread.sleep(1000);
+
+            try
+            {
+                s = new Socket("localhost", PORT_NO);
+            }
+            catch (IOException e)
+            {
+                // ignore
+            }
+        }
+
+        if (s == null)
+        {
+            throw new IOException("unable to connect");
+        }
+
+        TlsClientProtocol protocol = new TlsClientProtocol(s.getInputStream(), s.getOutputStream(),
+            new SecureRandom());
+        protocol.connect(new MyTlsClient(new ServerOnlyTlsAuthentication()
+        {
+            public void notifyServerCertificate(Certificate serverCertificate) throws IOException
+            {
+                // NOTE: In production code this MUST verify the certificate!
+            }
+        }));
+
+        InputStream is = protocol.getInputStream();
+        OutputStream os = protocol.getOutputStream();
+
+        os.write("GET / HTTP/1.1\r\n\r\n".getBytes());
+
+        byte[] buf = new byte[4096];
+        int read = 0;
+        int total = 0;
+
+        while ((read = is.read(buf, total, buf.length - total)) > 0)
+        {
+            total += read;
+        }
+
+        is.close();
+
+        byte[] expected = Hex.decode("485454502f312e3120323030204f4b0d0a436f6e74656e742d547970653a20746578742f68"
+            + "746d6c0d0a0d0a3c68746d6c3e0d0a3c626f64793e0d0a48656c6c6f20576f726c64210d0a3c2f626f64793e0d0a3c2f"
+            + "68746d6c3e0d0a");
+        assertEquals(total, expected.length);
+
+        byte[] tmp = new byte[expected.length];
+        System.arraycopy(buf, 0, tmp, 0, total);
+        assertTrue(Arrays.areEqual(expected, tmp));
+    }
+
+    public void testRSAConnectionClient()
+        throws Exception
+    {
+        MyTlsClient client = new MyTlsClient(null);
+
+        checkConnectionClient(client, CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA, TlsTestUtils.rsaCertData);
+        checkConnectionClient(client, CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, TlsTestUtils.rsaCertData);
+        checkConnectionClient(client, CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA, TlsTestUtils.rsaCertData);
+        checkConnectionClient(client, CipherSuite.TLS_RSA_WITH_RC4_128_SHA, TlsTestUtils.rsaCertData);
+
+        try
+        {
+            checkConnectionClient(client, CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA, TlsTestUtils.dudRsaCertData);
+
+            fail("dud certificate not caught");
+        }
+        catch (TlsFatalAlert e)
+        {
+            assertEquals(AlertDescription.certificate_unknown, e.getAlertDescription());
+        }
+
+        try
+        {
+            checkConnectionClient(client, CipherSuite.TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TlsTestUtils.rsaCertData);
+
+            fail("wrong certificate not caught");
+        }
+        catch (TlsFatalAlert e)
+        {
+            assertEquals(AlertDescription.internal_error, e.getAlertDescription());
+        }
+    }
+
+    private void checkConnectionClient(TlsClient client, int cipherSuite, byte[] encCert)
+        throws Exception
+    {
+        client.notifySelectedCipherSuite(cipherSuite);
+
+        TlsKeyExchange keyExchange = client.getKeyExchange();
+
+        keyExchange
+            .processServerCertificate(new Certificate(
+                new org.bouncycastle.asn1.x509.Certificate[]{org.bouncycastle.asn1.x509.Certificate
+                    .getInstance(encCert)}));
+    }
+
+    public static TestSuite suite()
+    {
+        return new TestSuite(BasicTlsTest.class);
+    }
+
+    public static void main(String[] args)
+        throws Exception
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+
+    static class MyTlsClient
+        extends DefaultTlsClient
+    {
+        public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+        {
+            PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+            out.println("TLS client raised alert (AlertLevel." + alertLevel + ", AlertDescription." + alertDescription
+                + ")");
+            if (message != null)
+            {
+                out.println(message);
+            }
+            if (cause != null)
+            {
+                cause.printStackTrace(out);
+            }
+        }
+
+        public void notifyAlertReceived(short alertLevel, short alertDescription)
+        {
+            PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+            out.println("TLS client received alert (AlertLevel." + alertLevel + ", AlertDescription."
+                + alertDescription + ")");
+        }
+
+        private final TlsAuthentication authentication;
+
+        MyTlsClient(TlsAuthentication authentication)
+        {
+            this.authentication = authentication;
+        }
+
+        public TlsAuthentication getAuthentication()
+            throws IOException
+        {
+            return authentication;
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSClientTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSClientTest.java
new file mode 100644
index 0000000..37ad8ca
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSClientTest.java
@@ -0,0 +1,81 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.net.DatagramSocket;
+import java.net.InetAddress;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.tls.DTLSClientProtocol;
+import org.bouncycastle.crypto.tls.DTLSTransport;
+import org.bouncycastle.crypto.tls.DatagramTransport;
+import org.bouncycastle.crypto.tls.TlsClient;
+import org.bouncycastle.crypto.tls.TlsSession;
+import org.bouncycastle.crypto.tls.UDPTransport;
+
+/**
+ * A simple test designed to conduct a DTLS handshake with an external DTLS server.
+ * <p>
+ * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
+ * this package (under 'src/test/resources') for help configuring an external DTLS server.
+ * </p>
+ */
+public class DTLSClientTest
+{
+    private static final SecureRandom secureRandom = new SecureRandom();
+
+    public static void main(String[] args)
+        throws Exception
+    {
+        InetAddress address = InetAddress.getLocalHost();
+        int port = 5556;
+
+        TlsSession session = createSession(address, port);
+
+        MockDTLSClient client = new MockDTLSClient(session);
+
+        DTLSTransport dtls = openDTLSConnection(address, port, client);
+
+        System.out.println("Receive limit: " + dtls.getReceiveLimit());
+        System.out.println("Send limit: " + dtls.getSendLimit());
+
+        // Send and hopefully receive a packet back
+
+        byte[] request = "Hello World!\n".getBytes("UTF-8");
+        dtls.send(request, 0, request.length);
+
+        byte[] response = new byte[dtls.getReceiveLimit()];
+        int received = dtls.receive(response, 0, response.length, 30000);
+        if (received >= 0)
+        {
+            System.out.println(new String(response, 0, received, "UTF-8"));
+        }
+
+        dtls.close();
+    }
+
+    private static TlsSession createSession(InetAddress address, int port)
+        throws IOException
+    {
+        MockDTLSClient client = new MockDTLSClient(null);
+        DTLSTransport dtls = openDTLSConnection(address, port, client);
+        TlsSession session = client.getSessionToResume();
+        dtls.close();
+        return session;
+    }
+
+    private static DTLSTransport openDTLSConnection(InetAddress address, int port, TlsClient client)
+        throws IOException
+    {
+        DatagramSocket socket = new DatagramSocket();
+        socket.connect(address, port);
+
+        int mtu = 1500;
+        DatagramTransport transport = new UDPTransport(socket, mtu);
+        transport = new UnreliableDatagramTransport(transport, secureRandom, 0, 0);
+        transport = new LoggingDatagramTransport(transport, System.out);
+
+        DTLSClientProtocol protocol = new DTLSClientProtocol(secureRandom);
+
+        return protocol.connect(client, transport);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSProtocolTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSProtocolTest.java
new file mode 100644
index 0000000..df5a3f8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSProtocolTest.java
@@ -0,0 +1,102 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+
+import org.bouncycastle.crypto.tls.DTLSClientProtocol;
+import org.bouncycastle.crypto.tls.DTLSServerProtocol;
+import org.bouncycastle.crypto.tls.DTLSTransport;
+import org.bouncycastle.crypto.tls.DatagramTransport;
+import org.bouncycastle.util.Arrays;
+
+public class DTLSProtocolTest
+    extends TestCase
+{
+    public void testClientServer()
+        throws Exception
+    {
+        SecureRandom secureRandom = new SecureRandom();
+
+        DTLSClientProtocol clientProtocol = new DTLSClientProtocol(secureRandom);
+        DTLSServerProtocol serverProtocol = new DTLSServerProtocol(secureRandom);
+
+        MockDatagramAssociation network = new MockDatagramAssociation(1500);
+
+        ServerThread serverThread = new ServerThread(serverProtocol, network.getServer());
+        serverThread.start();
+
+        DatagramTransport clientTransport = network.getClient();
+
+        clientTransport = new UnreliableDatagramTransport(clientTransport, secureRandom, 0, 0);
+
+        clientTransport = new LoggingDatagramTransport(clientTransport, System.out);
+
+        MockDTLSClient client = new MockDTLSClient(null);
+
+        DTLSTransport dtlsClient = clientProtocol.connect(client, clientTransport);
+
+        for (int i = 1; i <= 10; ++i)
+        {
+            byte[] data = new byte[i];
+            Arrays.fill(data, (byte)i);
+            dtlsClient.send(data, 0, data.length);
+        }
+
+        byte[] buf = new byte[dtlsClient.getReceiveLimit()];
+        while (dtlsClient.receive(buf, 0, buf.length, 100) >= 0)
+        {
+        }
+
+        dtlsClient.close();
+
+        serverThread.shutdown();
+    }
+
+    static class ServerThread
+        extends Thread
+    {
+        private final DTLSServerProtocol serverProtocol;
+        private final DatagramTransport serverTransport;
+        private volatile boolean isShutdown = false;
+
+        ServerThread(DTLSServerProtocol serverProtocol, DatagramTransport serverTransport)
+        {
+            this.serverProtocol = serverProtocol;
+            this.serverTransport = serverTransport;
+        }
+
+        public void run()
+        {
+            try
+            {
+                MockDTLSServer server = new MockDTLSServer();
+                DTLSTransport dtlsServer = serverProtocol.accept(server, serverTransport);
+                byte[] buf = new byte[dtlsServer.getReceiveLimit()];
+                while (!isShutdown)
+                {
+                    int length = dtlsServer.receive(buf, 0, buf.length, 1000);
+                    if (length >= 0)
+                    {
+                        dtlsServer.send(buf, 0, length);
+                    }
+                }
+                dtlsServer.close();
+            }
+            catch (Exception e)
+            {
+                e.printStackTrace();
+            }
+        }
+
+        void shutdown()
+            throws InterruptedException
+        {
+            if (!isShutdown)
+            {
+                isShutdown = true;
+                this.join();
+            }
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSServerTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSServerTest.java
new file mode 100644
index 0000000..06f57ab
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSServerTest.java
@@ -0,0 +1,75 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.net.SocketTimeoutException;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.tls.DTLSServerProtocol;
+import org.bouncycastle.crypto.tls.DTLSTransport;
+import org.bouncycastle.crypto.tls.DatagramTransport;
+import org.bouncycastle.crypto.tls.UDPTransport;
+
+/**
+ * A simple test designed to conduct a DTLS handshake with an external DTLS client.
+ * <p>
+ * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
+ * this package (under 'src/test/resources') for help configuring an external DTLS client.
+ * </p>
+ */
+public class DTLSServerTest
+{
+    public static void main(String[] args)
+        throws Exception
+    {
+        int port = 5556;
+
+        int mtu = 1500;
+
+        SecureRandom secureRandom = new SecureRandom();
+
+        DTLSServerProtocol serverProtocol = new DTLSServerProtocol(secureRandom);
+
+        byte[] data = new byte[mtu];
+        DatagramPacket packet = new DatagramPacket(data, mtu);
+
+        DatagramSocket socket = new DatagramSocket(port);
+        socket.receive(packet);
+
+        System.out.println("Accepting connection from " + packet.getAddress().getHostAddress() + ":" + port);
+        socket.connect(packet.getAddress(), packet.getPort());
+
+        /*
+         * NOTE: For simplicity, and since we don't yet have HelloVerifyRequest support, we just
+         * discard the initial packet, which the client should re-send anyway.
+         */
+
+        DatagramTransport transport = new UDPTransport(socket, mtu);
+        
+        // Uncomment to see packets
+//        transport = new LoggingDatagramTransport(transport, System.out);
+
+        MockDTLSServer server = new MockDTLSServer();
+        DTLSTransport dtlsServer = serverProtocol.accept(server, transport);
+
+        byte[] buf = new byte[dtlsServer.getReceiveLimit()];
+
+        while (!socket.isClosed())
+        {
+            try
+            {
+                int length = dtlsServer.receive(buf, 0, buf.length, 60000);
+                if (length >= 0)
+                {
+                    System.out.write(buf, 0, length);
+                    dtlsServer.send(buf, 0, length);
+                }
+            }
+            catch (SocketTimeoutException ste)
+            {
+            }
+        }
+
+        dtlsServer.close();
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSTestCase.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSTestCase.java
new file mode 100644
index 0000000..928647c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSTestCase.java
@@ -0,0 +1,161 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+
+import org.bouncycastle.crypto.tls.DTLSClientProtocol;
+import org.bouncycastle.crypto.tls.DTLSServerProtocol;
+import org.bouncycastle.crypto.tls.DTLSTransport;
+import org.bouncycastle.crypto.tls.DatagramTransport;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.util.Arrays;
+
+public class DTLSTestCase extends TestCase
+{
+    private static void checkDTLSVersion(ProtocolVersion version)
+    {
+        if (version != null && !version.isDTLS())
+        {
+            throw new IllegalStateException("Non-DTLS version");
+        }
+    }
+
+    protected final TlsTestConfig config;
+
+    public DTLSTestCase(TlsTestConfig config, String name)
+    {
+        checkDTLSVersion(config.clientMinimumVersion);
+        checkDTLSVersion(config.clientOfferVersion);
+        checkDTLSVersion(config.serverMaximumVersion);
+        checkDTLSVersion(config.serverMinimumVersion);
+
+        this.config = config;
+
+        setName(name);
+    }
+
+    protected void runTest() throws Throwable
+    {
+        SecureRandom secureRandom = new SecureRandom();
+
+        DTLSClientProtocol clientProtocol = new DTLSClientProtocol(secureRandom);
+        DTLSServerProtocol serverProtocol = new DTLSServerProtocol(secureRandom);
+
+        MockDatagramAssociation network = new MockDatagramAssociation(1500);
+
+        TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
+        TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
+
+        ServerThread serverThread = new ServerThread(serverProtocol, network.getServer(), serverImpl);
+        serverThread.start();
+
+        Exception caught = null;
+        try
+        {
+            DatagramTransport clientTransport = network.getClient();
+    
+            if (TlsTestConfig.DEBUG)
+            {
+                clientTransport = new LoggingDatagramTransport(clientTransport, System.out);
+            }
+    
+            DTLSTransport dtlsClient = clientProtocol.connect(clientImpl, clientTransport);
+    
+            for (int i = 1; i <= 10; ++i)
+            {
+                byte[] data = new byte[i];
+                Arrays.fill(data, (byte)i);
+                dtlsClient.send(data, 0, data.length);
+            }
+    
+            byte[] buf = new byte[dtlsClient.getReceiveLimit()];
+            while (dtlsClient.receive(buf, 0, buf.length, 100) >= 0)
+            {
+            }
+    
+            dtlsClient.close();
+        }
+        catch (Exception e)
+        {
+            caught = e;
+            logException(caught);
+        }
+
+        serverThread.shutdown();
+
+        // TODO Add checks that the various streams were closed
+
+        assertEquals("Client fatal alert connection end", config.expectFatalAlertConnectionEnd, clientImpl.firstFatalAlertConnectionEnd);
+        assertEquals("Server fatal alert connection end", config.expectFatalAlertConnectionEnd, serverImpl.firstFatalAlertConnectionEnd);
+
+        assertEquals("Client fatal alert description", config.expectFatalAlertDescription, clientImpl.firstFatalAlertDescription);
+        assertEquals("Server fatal alert description", config.expectFatalAlertDescription, serverImpl.firstFatalAlertDescription);
+
+        if (config.expectFatalAlertConnectionEnd == -1)
+        {
+            assertNull("Unexpected client exception", caught);
+            assertNull("Unexpected server exception", serverThread.caught);
+        }
+    }
+
+    protected  void logException(Exception e)
+    {
+        if (TlsTestConfig.DEBUG)
+        {
+            e.printStackTrace();
+        }
+    }
+
+    class ServerThread
+        extends Thread
+    {
+        private final DTLSServerProtocol serverProtocol;
+        private final DatagramTransport serverTransport;
+        private final TlsTestServerImpl serverImpl;
+
+        private volatile boolean isShutdown = false;
+        Exception caught = null;
+
+        ServerThread(DTLSServerProtocol serverProtocol, DatagramTransport serverTransport, TlsTestServerImpl serverImpl)
+        {
+            this.serverProtocol = serverProtocol;
+            this.serverTransport = serverTransport;
+            this.serverImpl = serverImpl;
+        }
+
+        public void run()
+        {
+            try
+            {
+                DTLSTransport dtlsServer = serverProtocol.accept(serverImpl, serverTransport);
+                byte[] buf = new byte[dtlsServer.getReceiveLimit()];
+                while (!isShutdown)
+                {
+                    int length = dtlsServer.receive(buf, 0, buf.length, 100);
+                    if (length >= 0)
+                    {
+                        dtlsServer.send(buf, 0, length);
+                    }
+                }
+                dtlsServer.close();
+            }
+            catch (Exception e)
+            {
+                caught = e;
+                logException(caught);
+            }
+        }
+
+        void shutdown()
+            throws InterruptedException
+        {
+            if (!isShutdown)
+            {
+                isShutdown = true;
+                this.interrupt();
+                this.join();
+            }
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSTestSuite.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSTestSuite.java
new file mode 100644
index 0000000..df26bff
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/DTLSTestSuite.java
@@ -0,0 +1,126 @@
+package org.bouncycastle.crypto.tls.test;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+
+public class DTLSTestSuite extends TestSuite
+{
+    // Make the access to constants less verbose 
+    static abstract class C extends TlsTestConfig {}
+
+    public static Test suite()
+    {
+        DTLSTestSuite testSuite = new DTLSTestSuite();
+
+        addFallbackTests(testSuite);
+        addVersionTests(testSuite, ProtocolVersion.DTLSv10);
+        addVersionTests(testSuite, ProtocolVersion.DTLSv12);
+
+        return testSuite;
+    }
+
+    private static void addFallbackTests(TestSuite testSuite)
+    {
+        {
+            TlsTestConfig c = createDTLSTestConfig(ProtocolVersion.DTLSv12);
+            c.clientFallback = true;
+
+            testSuite.addTest(new DTLSTestCase(c, "FallbackGood"));
+        }
+
+        /*
+         * NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
+         * of the DTLS server after a fatal alert. As of writing, manual runs show the correct
+         * alerts being raised
+         */
+
+//        {
+//            TlsTestConfig c = createDTLSTestConfig(ProtocolVersion.DTLSv12);
+//            c.clientOfferVersion = ProtocolVersion.DTLSv10;
+//            c.clientFallback = true;
+//            c.expectServerFatalAlert(AlertDescription.inappropriate_fallback);
+//
+//            testSuite.addTest(new DTLSTestCase(c, "FallbackBad"));
+//        }
+
+        {
+            TlsTestConfig c = createDTLSTestConfig(ProtocolVersion.DTLSv12);
+            c.clientOfferVersion = ProtocolVersion.DTLSv10;
+
+            testSuite.addTest(new DTLSTestCase(c, "FallbackNone"));
+        }
+    }
+
+    private static void addVersionTests(TestSuite testSuite, ProtocolVersion version)
+    {
+        String prefix = version.toString().replaceAll("[ \\.]", "") + "_";
+
+        /*
+         * NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
+         * of the DTLS server after a fatal alert. As of writing, manual runs show the correct
+         * alerts being raised
+         */
+
+//        {
+//            TlsTestConfig c = createDTLSTestConfig(version);
+//            c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
+//            c.expectServerFatalAlert(AlertDescription.decrypt_error);
+//
+//            testSuite.addTest(new DTLSTestCase(c, prefix + "BadCertificateVerify"));
+//        }
+//
+//        {
+//            TlsTestConfig c = createDTLSTestConfig(version);
+//            c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
+//            c.expectServerFatalAlert(AlertDescription.bad_certificate);
+//
+//            testSuite.addTest(new DTLSTestCase(c, prefix + "BadClientCertificate"));
+//        }
+//
+//        {
+//            TlsTestConfig c = createDTLSTestConfig(version);
+//            c.clientAuth = C.CLIENT_AUTH_NONE;
+//            c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
+//            c.expectServerFatalAlert(AlertDescription.handshake_failure);
+//
+//            testSuite.addTest(new DTLSTestCase(c, prefix + "BadMandatoryCertReqDeclined"));
+//        }
+
+        {
+            TlsTestConfig c = createDTLSTestConfig(version);
+
+            testSuite.addTest(new DTLSTestCase(c, prefix + "GoodDefault"));
+        }
+
+        {
+            TlsTestConfig c = createDTLSTestConfig(version);
+            c.serverCertReq = C.SERVER_CERT_REQ_NONE;
+
+            testSuite.addTest(new DTLSTestCase(c, prefix + "GoodNoCertReq"));
+        }
+
+        {
+            TlsTestConfig c = createDTLSTestConfig(version);
+            c.clientAuth = C.CLIENT_AUTH_NONE;
+
+            testSuite.addTest(new DTLSTestCase(c, prefix + "GoodOptionalCertReqDeclined"));
+        }
+    }
+
+    private static TlsTestConfig createDTLSTestConfig(ProtocolVersion version)
+    {
+        TlsTestConfig c = new TlsTestConfig();
+        c.clientMinimumVersion = ProtocolVersion.DTLSv10;
+        /*
+         * TODO We'd like to just set the offer version to DTLSv12, but there is a known issue with
+         * overly-restrictive version checks b/w BC DTLS 1.2 client, BC DTLS 1.0 server
+         */
+        c.clientOfferVersion = version;
+        c.serverMaximumVersion = version;
+        c.serverMinimumVersion = ProtocolVersion.DTLSv10;
+        return c;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/HTTPSServerThread.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/HTTPSServerThread.java
new file mode 100644
index 0000000..d55bc73
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/HTTPSServerThread.java
@@ -0,0 +1,113 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManagerFactory;
+
+public class HTTPSServerThread
+    extends Thread
+{
+    private static final int PORT_NO = 8003;
+    private static final char[] SERVER_PASSWORD = "serverPassword".toCharArray();
+    private static final char[] TRUST_STORE_PASSWORD = "trustPassword".toCharArray();
+
+    /**
+     * Read a HTTP request
+     */
+    private void readRequest(
+        InputStream in)
+        throws IOException
+    {
+        int ch = 0;
+        int lastCh = 0;
+        while ((ch = in.read()) >= 0 && (ch != '\n' && lastCh != '\n'))
+        {
+            if (ch != '\r')
+            {
+                lastCh = ch;
+            }
+        }
+    }
+
+    /**
+     * Send a response
+     */
+    private void sendResponse(
+        OutputStream out)
+    {
+        PrintWriter pWrt = new PrintWriter(new OutputStreamWriter(out));
+        pWrt.print("HTTP/1.1 200 OK\r\n");
+        pWrt.print("Content-Type: text/html\r\n");
+        pWrt.print("\r\n");
+        pWrt.print("<html>\r\n");
+        pWrt.print("<body>\r\n");
+        pWrt.print("Hello World!\r\n");
+        pWrt.print("</body>\r\n");
+        pWrt.print("</html>\r\n");
+        pWrt.flush();
+    }
+
+    SSLContext createSSLContext()
+        throws Exception
+    {
+        KeyManagerFactory mgrFact = KeyManagerFactory.getInstance("SunX509");
+        KeyStore serverStore = KeyStore.getInstance("JKS");
+
+        serverStore.load(new ByteArrayInputStream(KeyStores.server), SERVER_PASSWORD);
+
+        mgrFact.init(serverStore, SERVER_PASSWORD);
+
+        // set up a trust manager so we can recognize the server
+        TrustManagerFactory trustFact = TrustManagerFactory.getInstance("SunX509");
+        KeyStore trustStore = KeyStore.getInstance("JKS");
+
+        trustStore.load(new ByteArrayInputStream(KeyStores.trustStore), TRUST_STORE_PASSWORD);
+
+        trustFact.init(trustStore);
+
+        // create a context and set up a socket factory
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+
+        sslContext.init(mgrFact.getKeyManagers(), trustFact.getTrustManagers(), null);
+
+        return sslContext;
+    }
+
+    public void run()
+    {
+        try
+        {
+            SSLContext sslContext = createSSLContext();
+            SSLServerSocketFactory fact = sslContext.getServerSocketFactory();
+
+            SSLServerSocket sSock = (SSLServerSocket)fact.createServerSocket(PORT_NO);
+            SSLSocket sslSock = (SSLSocket)sSock.accept();
+
+            sslSock.startHandshake();
+
+            readRequest(sslSock.getInputStream());
+
+            SSLSession session = sslSock.getSession();
+
+            sendResponse(sslSock.getOutputStream());
+
+            sslSock.close();
+        }
+        catch (Exception e)
+        {
+            throw new RuntimeException(e);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/KeyStores.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/KeyStores.java
new file mode 100644
index 0000000..bf71f96
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/KeyStores.java
@@ -0,0 +1,113 @@
+package org.bouncycastle.crypto.tls.test;
+
+import org.bouncycastle.util.encoders.Base64;
+
+public class KeyStores
+{
+    static final byte[] trustStore = Base64.decode(
+        "/u3+7QAAAAIAAAABAAAAAgAGc2VydmVyAAABD34zDJEABVguNTA5AAABrzCC"
+            + "AaswggEUAgEBMA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNVBAMTE1Rlc3QgQ0Eg"
+            + "Q2VydGlmaWNhdGUwHhcNMDYxMjEzMjM0MzI5WhcNMDYxMjIwMjM0MzI5WjAe"
+            + "MRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEB"
+            + "AQUAA4GNADCBiQKBgQCmOumCM46ehsdcrZMw6tj0hMl5D0xf21gcyBj/ByIv"
+            + "pe008ukaN3zCXIUUUlAu0GkbI1sCbTD1V4qVZuaHqtfa/FINJjyZJy5w7KEx"
+            + "93OOF2/gyPlnEPGs6RPdThAPliSBsWKBKqtOdmKpwYn/NKuUNFRkFXVLLUPn"
+            + "jyEKjIcNywIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACi8J7raYqDFjXqAXXPJ"
+            + "ljZHqvzJNVaSWvBtK/oY7g0+sdGIjPR526fhSCxOZRr7G157ERqMnPjuFjcm"
+            + "cRlUOPsQtTl6KbUnxmKxa04UzDuNXzSx2oyGx5GCWx9u62hpO6vSpK69L9gH"
+            + "OUtM5dQXcoK4i3olScKaU8qaYb0mBAy8fnx5pen8B0bIg+pz47l5VxQ5NO8=");
+
+    static final byte[] server = Base64.decode(
+        "/u3+7QAAAAIAAAABAAAAAQAGc2VydmVyAAABD34zDJIAAAK8MIICuDAOBgor"
+            + "BgEEASoCEQEBBQAEggKk9OXWj3aBr6rV9Grcsm2YL+/2ShVsxbJVGMSWll1f"
+            + "U8z/mjhv5K/skgleTIMoyE5FzDDxJIGEmSMCkcHsnseXzxyhLpKBaz3N1Tk7"
+            + "KVPzXfrNh0FJwzw3lPWyC2ayT+ObQfAtzuI9SUWNLBzzpWeolUJ8gkXnLshX"
+            + "5RqmR735NRZdjgQOtNYBBErX/NOhTyi009/CZDNxgJQzywFmQcXBLhNSA+0i"
+            + "cE+LwZ4sZV0NXshPZiyNnsfqN/XNOyhpKr8a3VyVtee2nhO9+FY5IDEviHmR"
+            + "WDvH5TmB6Os3L6xvwE1ZQCPElk/cK2G1q9+zDBe4JDeo8o7lPhiNpVfcivnr"
+            + "+tyK9m7PqlssR0+ohuZGwrFMyzLugkOWh+qZ3pk8/7AwJosMvvTvIg36nN7R"
+            + "pdnouQNKqTm1Sr/UUnKyWqfG7zqKIuF72IkDwwafwuQ9YRX5PAOuRfo6bCyb"
+            + "D4w1OWdfGFciKMc1BrT+8JzhiTkzNe+jWEA5Tw1zeazPGpp1RHPz2np50G2s"
+            + "v025uiOSUilBe13Qpx0mAyx7z8Gl6eOxai6rQ/eB/Fu++BMx0OX8vO/K4//Q"
+            + "w43IPVPklGlb/3Qt7eoNf4tichuxrYJjHu4XbwnzB29Vmsan0XZFER7epvFj"
+            + "cAZCSG+O6G/f6Ib+7d7xYjLdUaPI60tJ4/C+AuYwZn4jJwTnMnMmwIypz4Z8"
+            + "XPXW5SbHlV5OkkFC+eAuuN4b2YXZmifeWv4fx65Ioir921LMJrorMizH41RJ"
+            + "/rAO5wGSwjeDJ784QhhLGbEUMygraRtdaz6MRx26InnoHY7V58ET3Z5YGV39"
+            + "p+9AtVhYw/QQmTZiF7hqnEMf9AMVFfac9qFF2+IN3g9HAMC6QLxJ1VuPn5oo"
+            + "lS//axPfjckO7iZx9x59/gAAAAEABVguNTA5AAABrzCCAaswggEUAgEBMA0G"
+            + "CSqGSIb3DQEBBQUAMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGUw"
+            + "HhcNMDYxMjEzMjM0MzI5WhcNMDYxMjIwMjM0MzI5WjAeMRwwGgYDVQQDExNU"
+            + "ZXN0IENBIENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB"
+            + "gQCmOumCM46ehsdcrZMw6tj0hMl5D0xf21gcyBj/ByIvpe008ukaN3zCXIUU"
+            + "UlAu0GkbI1sCbTD1V4qVZuaHqtfa/FINJjyZJy5w7KEx93OOF2/gyPlnEPGs"
+            + "6RPdThAPliSBsWKBKqtOdmKpwYn/NKuUNFRkFXVLLUPnjyEKjIcNywIDAQAB"
+            + "MA0GCSqGSIb3DQEBBQUAA4GBACi8J7raYqDFjXqAXXPJljZHqvzJNVaSWvBt"
+            + "K/oY7g0+sdGIjPR526fhSCxOZRr7G157ERqMnPjuFjcmcRlUOPsQtTl6KbUn"
+            + "xmKxa04UzDuNXzSx2oyGx5GCWx9u62hpO6vSpK69L9gHOUtM5dQXcoK4i3ol"
+            + "ScKaU8qaYb0mBAy87VQaPfaiQqqxSgqifbSowlg+0fg=");
+
+    static final byte[] client = Base64.decode(
+        "MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA+gwgDCABgkqhkiG9w0BBwGggCSA"
+            + "BIIDDzCCAwswggMHBgsqhkiG9w0BDAoBAqCCArIwggKuMCgGCiqGSIb3DQEM"
+            + "AQMwGgQUyeN8U+ViAJCk1WGo8wTnRVOaE1oCAgQABIICgH3yMWB+dfMBNa07"
+            + "hn3smUSBTF+LUauM+kx+12nZt0QazBYg09yM+aVcTznettlDwE/PTpKZnrFT"
+            + "22DSQf5GwABwiL6KW+xyM8wV5vZx1xtqrQoNf2oNHnF0lB7ddSYM8jHqennb"
+            + "bzcVOdrrCqewqAfUU/CDugpwwI8c8Iy9ECri6vBMbfeIIZQTug+1952TCCiA"
+            + "E1bEDFGqgAoDsqYi6uNtpjmL/DPX/qmkbHAXUKxOtjTtxacfat2HgN97Gb7z"
+            + "+ZBNI5aaCSRoYwl+K9biWGID3EqsNmg0+2ELmFhE4mQZ78i7vNLTG7e5mj6v"
+            + "Qt+QuqN+daCbVqVTKxsFpODRRweobUTRxwEun6p0p3w3SUhR6p7ug1Jttgyu"
+            + "vfZug3PIk2j9fb26wAs2ZreVYut8hXpp/09ulCUudtlsYb/FD+H11v/JyopG"
+            + "2vYy0hL/gkMr41sGoVdyvzXeZUa7A1wYask+g7torad9sT8CPb3zXBd0kU2r"
+            + "lbSJIXQ8wTpheeUKe47YF9JVCF8WRc1dokD7fgfn6197pwyZpDEVrVyz1pUq"
+            + "jyum3ctONU4BSkAUVr9pTyeRFUeOE7SLuVu+c67PzNWXEc/HMVD4Hgs/idVc"
+            + "mrONk3xe385wFJK1iPe1kfRX5OXk9UWr2/yjgrahbkonWhJHnIlvs+b5rRKN"
+            + "qauwUZ+agMJV98Eyc2Lz0Lp/pNDRNjmGXeJLzAaAy46STov8sxwAgj3bQ7xu"
+            + "uEzdhJPDynAY5sWd3WnBY2ZhpawnToEKnD4u+eiH2MjUL2q/R2IPSmoyg9i2"
+            + "Ictgh4/ylrhm+lJDzcDrLDhC0m/t9EdhytH4erk/uCPcmAK/jpzFn6ltxcsx"
+            + "QjAbBgkqhkiG9w0BCRQxDh4MAGMAbABpAGUAbgB0MCMGCSqGSIb3DQEJFTEW"
+            + "BBS2wDxw7yH2OhKIgkDoQrTlavLvxQAAAAAAADCABgkqhkiG9w0BBwaggDCA"
+            + "AgEAMIAGCSqGSIb3DQEHATAoBgoqhkiG9w0BDAEGMBoEFORdyeTIG2oXDQBl"
+            + "I3aFNozDAkC2AgIEAKCABIIHICsc3D8rxLiDlegyXFfIejto66RW4u6b+d0C"
+            + "uAAz0G+dIvhQ9g3s++vUsX7x+icO/vjpgdo09aqtIg7T3suzfcHtU8CGSgtQ"
+            + "Tvml25LDC3IK3qI6cRqO+sCdvg18aS04IDKvDPYH4ca5btwPBIID6CStk/jY"
+            + "QFpnSI6VNz9IERi/nwuvuBYk+A0Z7+nQdhF+QkW1rzN+uz0dkNJt6ZbG5lEK"
+            + "GayV+FDTQcREMihYa716RN9sq3cm0jXXdttj998oS/QrpZDEcPqd4AM6EIL+"
+            + "PTA1tEQYxXa8msAPp+tLvXOtiD6v/4FO77EA7E5oR36a9en+M1QQasFU3VBf"
+            + "V9os92QlbtVUTkspJV9gXL6s4CGNptc7lUH+nIw65j9MOoyOU9w1qjPRlN/Z"
+            + "MTuhFooglE6TPd29Udwufqp+hHkW/7z5tBKkhGlZEClzD3IWhcF9NVraE/IV"
+            + "S5qVmx2Up7SeLZAXJ+AAznq5IXwE1dOUTkwYLcIrH1FuVA5rtOkB8Xt1LJq0"
+            + "ERkjJ5MfpxTxbKXp5PejzD98v54+s4INekcrI0jzz4pLsann7ex0r6CPsQsH"
+            + "+F3rBVaT3oHSKqoIm2Nw57oDjLLp5lP2qcCqps3y2dcVzu5NIzCSkVlxUaBK"
+            + "IT3xv0gvVJI7wnP0QM35MCywKkToJX5ajQKrDc4iCAAzmxaQzdBycxJPYByq"
+            + "VHvH7BJldJlMw5NHbTHlNoYKndMdAsHp7sUqERkDEGl80R86TlB4nJaDrfsx"
+            + "vL+KluiCY9AD7o+MEYZ9VYoNDUzVGH4pTr4wnv1UFoRWix5IZuDnnYkyijKD"
+            + "VtU5+mc0YtsPQIpKCBJOYt05bgpX5aPQ3s2lviYw3bvP0TrclYs/rx4wKVgW"
+            + "2GYLzPh0OVMBduCbzW1E58ieBsgRyQ7+2MTl9Nj+nznjCAfLSvrVEcwxVUQA"
+            + "ofcEbiECEJss2JNQq8erwgo8dP3atwQ1KeqMc8acICcOrI2rNxwVOLzPuCsl"
+            + "l8gwZOoxLZXuKMQbQu4as1HNS309dfWIWppvc3K4nDWg51HUCPbsIo3wm3rR"
+            + "igc/W3bf4Ppg0pLAS5c1s0Xau43u9GmIjGiDqYaasfcXnCKy2LNuUpbhoOC1"
+            + "o/wMC9gT45aJQ5vsVGe5XvfhLV7Y815EdI756s9PIEOnG8HbAtCAjOIVpQfP"
+            + "eF8+cnZyGGdsbmu7lYzg3whCpZ/L2RrTI86nEn5eePs4m2hDV0Oi9r6e2CIf"
+            + "nGUa0TB9jf1OMhOSBD+h4jx7b6uT+XLmG8qUxvkoItMDZLrJ0f8czO5MyOZa"
+            + "nEJoG42Fy2p7zD/qO72OUQISNmt8C1rQFsg9dBDib4DMu69vBsVrIV028sal"
+            + "+tq1UH3vFMbEYyVfPH3WDgxyHwUQK2qrz3WBdD/BMyuAV4DPI3SPTweROh8n"
+            + "yWJN1ppY9qybmTyHFCs6TRjPB9cVcdKSc0qYxgzblJiXXb3s9ANOb89aA3Ah"
+            + "anWnAhcEggLZN2yFCtrRuvJXvDQhj8qmye9UkjB2fEpWXV7H0natE3hSoB+C"
+            + "2krt3eBV0xJ1tLEco7T4zsbQQJRmeu/essOsfwpRfE5ZPoIeThf+UmWTsfsw"
+            + "r4fxeePMTy6iCnkF5/ro8k5WKnOsaV+HWy/ulwW2r/DMT3aDBWfHX5Hk8DpU"
+            + "+PlQhbyGTSTIJ/OFmbcWjMPt469o7+KrrF9IBrzJ42KzMw6xtKwtVb0232AM"
+            + "pIwnLzCHIiNO2qDBZAIDdF68+GU3RsEkHfR6d5myZVxnH4mhSCFFtHxgqTOz"
+            + "Ouo/uvgu72miZ0OFAy1zcMtfGMS3Md54MJkhSZq4ZgUo/EyJCeEDLGn8pMF1"
+            + "jX1WsUj96qMRyc+p2KnKs6ZL95BVa76SdIFz6ts6uoIem3drTXYJHNbw29OW"
+            + "Y0am+FmXTWFZFnin8Qu5Xct5l7FYIGA9VLOHL9Vtp+SXomcFEZpjMaxvtf4R"
+            + "xoAI2Bc9Ka+MNiz35O0JXhI9/t5uOdiN6ZOJlfpEWOK7ou5lDkZuDcrHvLvQ"
+            + "PocP2Yemd36xEgjFssR/tFITlhRBXHDeHwpvmXM4iiwD1wOGMqybXx/1g1m1"
+            + "0UBbKqDsgSLQC7c0TaRFJjj71T74PBMiapiQgijv9WINfmTgxNUukbK3Kqp/"
+            + "G3BmThoIDCB8WD1kxXBpaG62dSsih7yhPQJVEV3Y0tdkdChOk+Y3Wf8crV/Q"
+            + "P08pQH7H9yCi04S5fSJtIDtYARWhr1yl8EQMnu2X8J6r/DWcDmXUK4Bv1vqe"
+            + "tcnT5EAYFPeOMz21nonM3kJgUMNsxCQjKaEMEcUu8ZRnGUAFdG4lULPJn5NQ"
+            + "LTvWg8Y3GrHRLjpnd9k+8gWWzRIbBiwCwEbClMZffRd6kcA5ZoOhVngdyvvj"
+            + "BhkgadB5jC+ZRzExHxoEhzPJx3mxIVTqLuw7QxHz9OTcysvY/cGKCvmgzgk/"
+            + "TjTJsqcEAAAAAAAAAAAAAAAAAAAAAAAAMD0wITAJBgUrDgMCGgUABBQWfGA6"
+            + "lI+TXQiuXaa1V+LlHodhXAQUAwMIAAUvBYY+a7sXNlQeVEPAGkMCAgQAAAA=");
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/LoggingDatagramTransport.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/LoggingDatagramTransport.java
new file mode 100644
index 0000000..4181619
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/LoggingDatagramTransport.java
@@ -0,0 +1,91 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+
+import org.bouncycastle.crypto.tls.DatagramTransport;
+
+public class LoggingDatagramTransport
+    implements DatagramTransport
+{
+
+    private static final String HEX_CHARS = "0123456789ABCDEF";
+
+    private final DatagramTransport transport;
+    private final PrintStream output;
+    private final long launchTimestamp;
+
+    public LoggingDatagramTransport(DatagramTransport transport, PrintStream output)
+    {
+        this.transport = transport;
+        this.output = output;
+        this.launchTimestamp = System.currentTimeMillis();
+    }
+
+    public int getReceiveLimit()
+        throws IOException
+    {
+        return transport.getReceiveLimit();
+    }
+
+    public int getSendLimit()
+        throws IOException
+    {
+        return transport.getSendLimit();
+    }
+
+    public int receive(byte[] buf, int off, int len, int waitMillis)
+        throws IOException
+    {
+        int length = transport.receive(buf, off, len, waitMillis);
+        if (length >= 0)
+        {
+            dumpDatagram("Received", buf, off, length);
+        }
+        return length;
+    }
+
+    public void send(byte[] buf, int off, int len)
+        throws IOException
+    {
+        dumpDatagram("Sending", buf, off, len);
+        transport.send(buf, off, len);
+    }
+
+    public void close()
+        throws IOException
+    {
+    }
+
+    private void dumpDatagram(String verb, byte[] buf, int off, int len)
+        throws IOException
+    {
+        long timestamp = System.currentTimeMillis() - launchTimestamp;
+        StringBuffer sb = new StringBuffer("(+" + timestamp + "ms) " + verb + " " + len + " byte datagram:");
+        for (int pos = 0; pos < len; ++pos)
+        {
+            if (pos % 16 == 0)
+            {
+                sb.append(System.getProperty("line.separator"));
+                sb.append("    ");
+            }
+            else if (pos % 16 == 8)
+            {
+                sb.append('-');
+            }
+            else
+            {
+                sb.append(' ');
+            }
+            int val = buf[off + pos] & 0xFF;
+            sb.append(HEX_CHARS.charAt(val >> 4));
+            sb.append(HEX_CHARS.charAt(val & 0xF));
+        }
+        dump(sb.toString());
+    }
+
+    private synchronized void dump(String s)
+    {
+        output.println(s);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockDTLSClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockDTLSClient.java
new file mode 100644
index 0000000..c93b89e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockDTLSClient.java
@@ -0,0 +1,180 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Hashtable;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CertificateRequest;
+import org.bouncycastle.crypto.tls.ClientCertificateType;
+import org.bouncycastle.crypto.tls.DefaultTlsClient;
+import org.bouncycastle.crypto.tls.MaxFragmentLength;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.SignatureAlgorithm;
+import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
+import org.bouncycastle.crypto.tls.TlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsCredentials;
+import org.bouncycastle.crypto.tls.TlsExtensionsUtils;
+import org.bouncycastle.crypto.tls.TlsSession;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+
+public class MockDTLSClient
+    extends DefaultTlsClient
+{
+    protected TlsSession session;
+
+    public MockDTLSClient(TlsSession session)
+    {
+        this.session = session;
+    }
+
+    public TlsSession getSessionToResume()
+    {
+        return this.session;
+    }
+
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("DTLS client raised alert: " + AlertLevel.getText(alertLevel)
+            + ", " + AlertDescription.getText(alertDescription));
+        if (message != null)
+        {
+            out.println(message);
+        }
+        if (cause != null)
+        {
+            cause.printStackTrace(out);
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("DTLS client received alert: " + AlertLevel.getText(alertLevel)
+            + ", " + AlertDescription.getText(alertDescription));
+    }
+
+    public ProtocolVersion getClientVersion()
+    {
+        return ProtocolVersion.DTLSv12;
+    }
+
+    public ProtocolVersion getMinimumVersion()
+    {
+        return ProtocolVersion.DTLSv10;
+    }
+
+//    public int[] getCipherSuites()
+//    {
+//        return Arrays.concatenate(super.getCipherSuites(),
+//            new int[]
+//            {
+//                CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+//                CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
+//                CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
+//                CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
+//                CipherSuite.TLS_RSA_WITH_SALSA20_SHA1,
+//            });
+//    }
+
+    public Hashtable getClientExtensions() throws IOException
+    {
+        Hashtable clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(super.getClientExtensions());
+        TlsExtensionsUtils.addEncryptThenMACExtension(clientExtensions);
+        // TODO[draft-ietf-tls-session-hash-01] Enable once code-point assigned (only for compatible server though)
+//        TlsExtensionsUtils.addExtendedMasterSecretExtension(clientExtensions);
+        TlsExtensionsUtils.addMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
+        TlsExtensionsUtils.addTruncatedHMacExtension(clientExtensions);
+        return clientExtensions;
+    }
+
+    public void notifyServerVersion(ProtocolVersion serverVersion) throws IOException
+    {
+        super.notifyServerVersion(serverVersion);
+
+        System.out.println("Negotiated " + serverVersion);
+    }
+
+    public TlsAuthentication getAuthentication()
+        throws IOException
+    {
+        return new TlsAuthentication()
+        {
+            public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate)
+                throws IOException
+            {
+                Certificate[] chain = serverCertificate.getCertificateList();
+                System.out.println("Received server certificate chain of length " + chain.length);
+                for (int i = 0; i != chain.length; i++)
+                {
+                    Certificate entry = chain[i];
+                    // TODO Create fingerprint based on certificate signature algorithm digest
+                    System.out.println("    fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " ("
+                        + entry.getSubject() + ")");
+                }
+            }
+
+            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest)
+                throws IOException
+            {
+                short[] certificateTypes = certificateRequest.getCertificateTypes();
+                if (certificateTypes == null || !Arrays.contains(certificateTypes, ClientCertificateType.rsa_sign))
+                {
+                    return null;
+                }
+
+                SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
+                Vector sigAlgs = certificateRequest.getSupportedSignatureAlgorithms();
+                if (sigAlgs != null)
+                {
+                    for (int i = 0; i < sigAlgs.size(); ++i)
+                    {
+                        SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm)
+                            sigAlgs.elementAt(i);
+                        if (sigAlg.getSignature() == SignatureAlgorithm.rsa)
+                        {
+                            signatureAndHashAlgorithm = sigAlg;
+                            break;
+                        }
+                    }
+
+                    if (signatureAndHashAlgorithm == null)
+                    {
+                        return null;
+                    }
+                }
+
+                return TlsTestUtils.loadSignerCredentials(context, new String[] { "x509-client.pem", "x509-ca.pem" },
+                    "x509-client-key.pem", signatureAndHashAlgorithm);
+            }
+        };
+    }
+
+    public void notifyHandshakeComplete() throws IOException
+    {
+        super.notifyHandshakeComplete();
+
+        TlsSession newSession = context.getResumableSession();
+        if (newSession != null)
+        {
+            byte[] newSessionID = newSession.getSessionID();
+            String hex = Hex.toHexString(newSessionID);
+
+            if (this.session != null && Arrays.areEqual(this.session.getSessionID(), newSessionID))
+            {
+                System.out.println("Resumed session: " + hex);
+            }
+            else
+            {
+                System.out.println("Established session: " + hex);
+            }
+
+            this.session = newSession;
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java
new file mode 100644
index 0000000..bdf533f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java
@@ -0,0 +1,138 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CertificateRequest;
+import org.bouncycastle.crypto.tls.CipherSuite;
+import org.bouncycastle.crypto.tls.ClientCertificateType;
+import org.bouncycastle.crypto.tls.DefaultTlsServer;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.SignatureAlgorithm;
+import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
+import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
+import org.bouncycastle.crypto.tls.TlsSignerCredentials;
+import org.bouncycastle.crypto.tls.TlsUtils;
+import org.bouncycastle.util.Arrays;
+
+public class MockDTLSServer
+    extends DefaultTlsServer
+{
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("DTLS server raised alert: " + AlertLevel.getText(alertLevel)
+            + ", " + AlertDescription.getText(alertDescription));
+        if (message != null)
+        {
+            out.println(message);
+        }
+        if (cause != null)
+        {
+            cause.printStackTrace(out);
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("DTLS server received alert: " + AlertLevel.getText(alertLevel)
+            + ", " + AlertDescription.getText(alertDescription));
+    }
+
+    protected int[] getCipherSuites()
+    {
+        return Arrays.concatenate(super.getCipherSuites(),
+            new int[]
+            {
+                CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+                CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
+                CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
+                CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
+                CipherSuite.TLS_RSA_WITH_SALSA20_SHA1,
+            });
+    }
+
+    public CertificateRequest getCertificateRequest() throws IOException
+    {
+        short[] certificateTypes = new short[]{ ClientCertificateType.rsa_sign,
+            ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
+
+        Vector serverSigAlgs = null;
+        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion))
+        {
+            serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms();
+        }
+
+        Vector certificateAuthorities = new Vector();
+        certificateAuthorities.add(TlsTestUtils.loadCertificateResource("x509-ca.pem").getSubject());
+
+        return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
+    }
+
+    public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate)
+        throws IOException
+    {
+        Certificate[] chain = clientCertificate.getCertificateList();
+        System.out.println("Received client certificate chain of length " + chain.length);
+        for (int i = 0; i != chain.length; i++)
+        {
+            Certificate entry = chain[i];
+            // TODO Create fingerprint based on certificate signature algorithm digest
+            System.out.println("    fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " (" + entry.getSubject()
+                + ")");
+        }
+    }
+
+    protected ProtocolVersion getMaximumVersion()
+    {
+        return ProtocolVersion.DTLSv12;
+    }
+
+    protected ProtocolVersion getMinimumVersion()
+    {
+        return ProtocolVersion.DTLSv10;
+    }
+
+    protected TlsEncryptionCredentials getRSAEncryptionCredentials()
+        throws IOException
+    {
+        return TlsTestUtils.loadEncryptionCredentials(context, new String[]{"x509-server.pem", "x509-ca.pem"},
+            "x509-server-key.pem");
+    }
+
+    protected TlsSignerCredentials getRSASignerCredentials()
+        throws IOException
+    {
+        /*
+         * TODO Note that this code fails to provide default value for the client supported
+         * algorithms if it wasn't sent.
+         */
+        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
+        Vector sigAlgs = supportedSignatureAlgorithms;
+        if (sigAlgs != null)
+        {
+            for (int i = 0; i < sigAlgs.size(); ++i)
+            {
+                SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm)
+                    sigAlgs.elementAt(i);
+                if (sigAlg.getSignature() == SignatureAlgorithm.rsa)
+                {
+                    signatureAndHashAlgorithm = sigAlg;
+                    break;
+                }
+            }
+
+            if (signatureAndHashAlgorithm == null)
+            {
+                return null;
+            }
+        }
+        return TlsTestUtils.loadSignerCredentials(context, new String[]{"x509-server.pem", "x509-ca.pem"},
+            "x509-server-key.pem", signatureAndHashAlgorithm);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockDatagramAssociation.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockDatagramAssociation.java
new file mode 100644
index 0000000..b8b7c06
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockDatagramAssociation.java
@@ -0,0 +1,110 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.net.DatagramPacket;
+import java.util.Vector;
+
+import org.bouncycastle.crypto.tls.DatagramTransport;
+
+public class MockDatagramAssociation
+{
+    private int mtu;
+    private MockDatagramTransport client, server;
+
+    public MockDatagramAssociation(int mtu)
+    {
+        this.mtu = mtu;
+
+        Vector clientQueue = new Vector();
+        Vector serverQueue = new Vector();
+
+        this.client = new MockDatagramTransport(clientQueue, serverQueue);
+        this.server = new MockDatagramTransport(serverQueue, clientQueue);
+    }
+
+    public DatagramTransport getClient()
+    {
+        return client;
+    }
+
+    public DatagramTransport getServer()
+    {
+        return server;
+    }
+
+    private class MockDatagramTransport
+        implements DatagramTransport
+    {
+        private Vector receiveQueue, sendQueue;
+
+        MockDatagramTransport(Vector receiveQueue, Vector sendQueue)
+        {
+            this.receiveQueue = receiveQueue;
+            this.sendQueue = sendQueue;
+        }
+
+        public int getReceiveLimit()
+            throws IOException
+        {
+            return mtu;
+        }
+
+        public int getSendLimit()
+            throws IOException
+        {
+            return mtu;
+        }
+
+        public int receive(byte[] buf, int off, int len, int waitMillis)
+            throws IOException
+        {
+            synchronized (receiveQueue)
+            {
+                if (receiveQueue.isEmpty())
+                {
+                    try
+                    {
+                        receiveQueue.wait(waitMillis);
+                    }
+                    catch (InterruptedException e)
+                    {
+                        // TODO Keep waiting until full wait expired?
+                    }
+                    if (receiveQueue.isEmpty())
+                    {
+                        return -1;
+                    }
+                }
+                DatagramPacket packet = (DatagramPacket)receiveQueue.remove(0);
+                int copyLength = Math.min(len, packet.getLength());
+                System.arraycopy(packet.getData(), packet.getOffset(), buf, off, copyLength);
+                return copyLength;
+            }
+        }
+
+        public void send(byte[] buf, int off, int len)
+            throws IOException
+        {
+            if (len > mtu)
+            {
+                // TODO Simulate rejection?
+            }
+
+            byte[] copy = new byte[len];
+            System.arraycopy(buf, off, copy, 0, len);
+            DatagramPacket packet = new DatagramPacket(copy, len);
+
+            synchronized (sendQueue)
+            {
+                sendQueue.addElement(packet);
+                sendQueue.notify();
+            }
+        }
+
+        public void close()
+            throws IOException
+        {
+            // TODO?
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockPSKTlsClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockPSKTlsClient.java
new file mode 100644
index 0000000..7af5957
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockPSKTlsClient.java
@@ -0,0 +1,134 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.BasicTlsPSKIdentity;
+import org.bouncycastle.crypto.tls.CipherSuite;
+import org.bouncycastle.crypto.tls.PSKTlsClient;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.ServerOnlyTlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsExtensionsUtils;
+import org.bouncycastle.crypto.tls.TlsPSKIdentity;
+import org.bouncycastle.crypto.tls.TlsSession;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+
+class MockPSKTlsClient
+    extends PSKTlsClient
+{
+    TlsSession session;
+
+    MockPSKTlsClient(TlsSession session)
+    {
+        this(session, new BasicTlsPSKIdentity("client", new byte[16]));
+    }
+
+    MockPSKTlsClient(TlsSession session, TlsPSKIdentity pskIdentity)
+    {
+        super(pskIdentity);
+
+        this.session = session;
+    }
+
+    public TlsSession getSessionToResume()
+    {
+        return this.session;
+    }
+
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS-PSK client raised alert: " + AlertLevel.getText(alertLevel) + ", "
+            + AlertDescription.getText(alertDescription));
+        if (message != null)
+        {
+            out.println("> " + message);
+        }
+        if (cause != null)
+        {
+            cause.printStackTrace(out);
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS-PSK client received alert: " + AlertLevel.getText(alertLevel) + ", "
+            + AlertDescription.getText(alertDescription));
+    }
+
+    public void notifyHandshakeComplete() throws IOException
+    {
+        super.notifyHandshakeComplete();
+
+        TlsSession newSession = context.getResumableSession();
+        if (newSession != null)
+        {
+            byte[] newSessionID = newSession.getSessionID();
+            String hex = Hex.toHexString(newSessionID);
+
+            if (this.session != null && Arrays.areEqual(this.session.getSessionID(), newSessionID))
+            {
+                System.out.println("Resumed session: " + hex);
+            }
+            else
+            {
+                System.out.println("Established session: " + hex);
+            }
+
+            this.session = newSession;
+        }
+    }
+
+    public int[] getCipherSuites()
+    {
+        return new int[]{ CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
+            CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA };
+    }
+
+    public ProtocolVersion getMinimumVersion()
+    {
+        return ProtocolVersion.TLSv12;
+    }
+
+    public Hashtable getClientExtensions() throws IOException
+    {
+        Hashtable clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(super.getClientExtensions());
+        TlsExtensionsUtils.addEncryptThenMACExtension(clientExtensions);
+        return clientExtensions;
+    }
+
+    public void notifyServerVersion(ProtocolVersion serverVersion) throws IOException
+    {
+        super.notifyServerVersion(serverVersion);
+
+        System.out.println("TLS-PSK client negotiated " + serverVersion);
+    }
+
+    public TlsAuthentication getAuthentication() throws IOException
+    {
+        return new ServerOnlyTlsAuthentication()
+        {
+            public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate)
+                throws IOException
+            {
+                Certificate[] chain = serverCertificate.getCertificateList();
+                System.out.println("TLS-PSK client received server certificate chain of length " + chain.length);
+                for (int i = 0; i != chain.length; i++)
+                {
+                    Certificate entry = chain[i];
+                    // TODO Create fingerprint based on certificate signature algorithm digest
+                    System.out.println("    fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " ("
+                        + entry.getSubject() + ")");
+                }
+            }
+        };
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockPSKTlsServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockPSKTlsServer.java
new file mode 100644
index 0000000..d5ca7ab
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockPSKTlsServer.java
@@ -0,0 +1,110 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CipherSuite;
+import org.bouncycastle.crypto.tls.PSKTlsServer;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
+import org.bouncycastle.crypto.tls.TlsPSKIdentityManager;
+import org.bouncycastle.util.Strings;
+
+class MockPSKTlsServer
+    extends PSKTlsServer
+{
+    MockPSKTlsServer()
+    {
+        super(new MyIdentityManager());
+    }
+
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS-PSK server raised alert: " + AlertLevel.getText(alertLevel) + ", "
+            + AlertDescription.getText(alertDescription));
+        if (message != null)
+        {
+            out.println("> " + message);
+        }
+        if (cause != null)
+        {
+            cause.printStackTrace(out);
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS-PSK server received alert: " + AlertLevel.getText(alertLevel) + ", "
+            + AlertDescription.getText(alertDescription));
+    }
+
+    public void notifyHandshakeComplete() throws IOException
+    {
+        super.notifyHandshakeComplete();
+
+        byte[] pskIdentity = context.getSecurityParameters().getPSKIdentity();
+        if (pskIdentity != null)
+        {
+            String name = Strings.fromUTF8ByteArray(pskIdentity);
+            System.out.println("TLS-PSK server completed handshake for PSK identity: " + name);
+        }
+    }
+
+    protected int[] getCipherSuites()
+    {
+        return new int[]{ CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, CipherSuite.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
+            CipherSuite.TLS_PSK_WITH_AES_256_CBC_SHA };
+    }
+
+    protected ProtocolVersion getMaximumVersion()
+    {
+        return ProtocolVersion.TLSv12;
+    }
+
+    protected ProtocolVersion getMinimumVersion()
+    {
+        return ProtocolVersion.TLSv12;
+    }
+
+    public ProtocolVersion getServerVersion() throws IOException
+    {
+        ProtocolVersion serverVersion = super.getServerVersion();
+
+        System.out.println("TLS-PSK server negotiated " + serverVersion);
+
+        return serverVersion;
+    }
+
+    protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException
+    {
+        return TlsTestUtils.loadEncryptionCredentials(context, new String[]{ "x509-server.pem", "x509-ca.pem" },
+            "x509-server-key.pem");
+    }
+
+    static class MyIdentityManager
+        implements TlsPSKIdentityManager
+    {
+        public byte[] getHint()
+        {
+            return Strings.toUTF8ByteArray("hint");
+        }
+
+        public byte[] getPSK(byte[] identity)
+        {
+            if (identity != null)
+            {
+                String name = Strings.fromUTF8ByteArray(identity);
+                if (name.equals("client"))
+                {
+                    return new byte[16];
+                }
+            }
+            return null;
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockSRPTlsClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockSRPTlsClient.java
new file mode 100644
index 0000000..e6f20d6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockSRPTlsClient.java
@@ -0,0 +1,120 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CipherSuite;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.SRPTlsClient;
+import org.bouncycastle.crypto.tls.ServerOnlyTlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsExtensionsUtils;
+import org.bouncycastle.crypto.tls.TlsSession;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+
+class MockSRPTlsClient
+    extends SRPTlsClient
+{
+    TlsSession session;
+
+    MockSRPTlsClient(TlsSession session, byte[] identity, byte[] password)
+    {
+        super(identity, password);
+
+        this.session = session;
+    }
+
+    public TlsSession getSessionToResume()
+    {
+        return this.session;
+    }
+
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS-SRP client raised alert: " + AlertLevel.getText(alertLevel) + ", "
+            + AlertDescription.getText(alertDescription));
+        if (message != null)
+        {
+            out.println("> " + message);
+        }
+        if (cause != null)
+        {
+            cause.printStackTrace(out);
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS-SRP client received alert: " + AlertLevel.getText(alertLevel) + ", "
+            + AlertDescription.getText(alertDescription));
+    }
+
+    public void notifyHandshakeComplete() throws IOException
+    {
+        super.notifyHandshakeComplete();
+
+        TlsSession newSession = context.getResumableSession();
+        if (newSession != null)
+        {
+            byte[] newSessionID = newSession.getSessionID();
+            String hex = Hex.toHexString(newSessionID);
+
+            if (this.session != null && Arrays.areEqual(this.session.getSessionID(), newSessionID))
+            {
+                System.out.println("Resumed session: " + hex);
+            }
+            else
+            {
+                System.out.println("Established session: " + hex);
+            }
+
+            this.session = newSession;
+        }
+    }
+
+    public ProtocolVersion getMinimumVersion()
+    {
+        return ProtocolVersion.TLSv12;
+    }
+
+    public Hashtable getClientExtensions() throws IOException
+    {
+        Hashtable clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(super.getClientExtensions());
+        TlsExtensionsUtils.addEncryptThenMACExtension(clientExtensions);
+        return clientExtensions;
+    }
+
+    public void notifyServerVersion(ProtocolVersion serverVersion) throws IOException
+    {
+        super.notifyServerVersion(serverVersion);
+
+        System.out.println("TLS-SRP client negotiated " + serverVersion);
+    }
+
+    public TlsAuthentication getAuthentication() throws IOException
+    {
+        return new ServerOnlyTlsAuthentication()
+        {
+            public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate)
+                throws IOException
+            {
+                Certificate[] chain = serverCertificate.getCertificateList();
+                System.out.println("TLS-SRP client received server certificate chain of length " + chain.length);
+                for (int i = 0; i != chain.length; i++)
+                {
+                    Certificate entry = chain[i];
+                    // TODO Create fingerprint based on certificate signature algorithm digest
+                    System.out.println("    fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " ("
+                        + entry.getSubject() + ")");
+                }
+            }
+        };
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockSRPTlsServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockSRPTlsServer.java
new file mode 100644
index 0000000..3593757
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockSRPTlsServer.java
@@ -0,0 +1,124 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.math.BigInteger;
+
+import org.bouncycastle.crypto.agreement.srp.SRP6StandardGroups;
+import org.bouncycastle.crypto.agreement.srp.SRP6VerifierGenerator;
+import org.bouncycastle.crypto.params.SRP6GroupParameters;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.HashAlgorithm;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.SRPTlsServer;
+import org.bouncycastle.crypto.tls.SignatureAlgorithm;
+import org.bouncycastle.crypto.tls.SimulatedTlsSRPIdentityManager;
+import org.bouncycastle.crypto.tls.TlsSRPIdentityManager;
+import org.bouncycastle.crypto.tls.TlsSRPLoginParameters;
+import org.bouncycastle.crypto.tls.TlsSignerCredentials;
+import org.bouncycastle.crypto.tls.TlsUtils;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Strings;
+
+class MockSRPTlsServer
+    extends SRPTlsServer
+{
+    static final SRP6GroupParameters TEST_GROUP = SRP6StandardGroups.rfc5054_1024;
+    static final byte[] TEST_IDENTITY = Strings.toUTF8ByteArray("client");
+    static final byte[] TEST_PASSWORD = Strings.toUTF8ByteArray("password");
+    static final byte[] TEST_SALT = Strings.toUTF8ByteArray("salt");
+    static final byte[] TEST_SEED_KEY = Strings.toUTF8ByteArray("seed_key");
+
+    MockSRPTlsServer()
+    {
+        super(new MyIdentityManager());
+    }
+
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS-SRP server raised alert: " + AlertLevel.getText(alertLevel) + ", "
+            + AlertDescription.getText(alertDescription));
+        if (message != null)
+        {
+            out.println("> " + message);
+        }
+        if (cause != null)
+        {
+            cause.printStackTrace(out);
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS-SRP server received alert: " + AlertLevel.getText(alertLevel) + ", "
+            + AlertDescription.getText(alertDescription));
+    }
+
+    public void notifyHandshakeComplete() throws IOException
+    {
+        super.notifyHandshakeComplete();
+
+        byte[] srpIdentity = context.getSecurityParameters().getSRPIdentity();
+        if (srpIdentity != null)
+        {
+            String name = Strings.fromUTF8ByteArray(srpIdentity);
+            System.out.println("TLS-SRP server completed handshake for SRP identity: " + name);
+        }
+    }
+
+    protected ProtocolVersion getMaximumVersion()
+    {
+        return ProtocolVersion.TLSv12;
+    }
+
+    protected ProtocolVersion getMinimumVersion()
+    {
+        return ProtocolVersion.TLSv12;
+    }
+
+    public ProtocolVersion getServerVersion() throws IOException
+    {
+        ProtocolVersion serverVersion = super.getServerVersion();
+
+        System.out.println("TLS-SRP server negotiated " + serverVersion);
+
+        return serverVersion;
+    }
+
+    protected TlsSignerCredentials getDSASignerCredentials() throws IOException
+    {
+        return TlsTestUtils.loadSignerCredentials(context, supportedSignatureAlgorithms, SignatureAlgorithm.dsa,
+            "x509-server-dsa.pem", "x509-server-key-dsa.pem");
+    }
+
+    protected TlsSignerCredentials getRSASignerCredentials() throws IOException
+    {
+        return TlsTestUtils.loadSignerCredentials(context, supportedSignatureAlgorithms, SignatureAlgorithm.rsa,
+            "x509-server.pem", "x509-server-key.pem");
+    }
+
+    static class MyIdentityManager
+        implements TlsSRPIdentityManager
+    {
+        protected SimulatedTlsSRPIdentityManager unknownIdentityManager = SimulatedTlsSRPIdentityManager.getRFC5054Default(
+            TEST_GROUP, TEST_SEED_KEY);
+
+        public TlsSRPLoginParameters getLoginParameters(byte[] identity)
+        {
+            if (Arrays.areEqual(TEST_IDENTITY, identity))
+            {
+                SRP6VerifierGenerator verifierGenerator = new SRP6VerifierGenerator();
+                verifierGenerator.init(TEST_GROUP, TlsUtils.createHash(HashAlgorithm.sha1));
+
+                BigInteger verifier = verifierGenerator.generateVerifier(TEST_SALT, identity, TEST_PASSWORD);
+
+                return new TlsSRPLoginParameters(TEST_GROUP, verifier, TEST_SALT);
+            }
+
+            return unknownIdentityManager.getLoginParameters(identity);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsClient.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsClient.java
new file mode 100644
index 0000000..3530b4a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsClient.java
@@ -0,0 +1,170 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Hashtable;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CertificateRequest;
+import org.bouncycastle.crypto.tls.ClientCertificateType;
+import org.bouncycastle.crypto.tls.DefaultTlsClient;
+import org.bouncycastle.crypto.tls.MaxFragmentLength;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.SignatureAlgorithm;
+import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
+import org.bouncycastle.crypto.tls.TlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsCredentials;
+import org.bouncycastle.crypto.tls.TlsExtensionsUtils;
+import org.bouncycastle.crypto.tls.TlsSession;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+
+class MockTlsClient
+    extends DefaultTlsClient
+{
+    TlsSession session;
+
+    MockTlsClient(TlsSession session)
+    {
+        this.session = session;
+    }
+
+    public TlsSession getSessionToResume()
+    {
+        return this.session;
+    }
+
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS client raised alert: " + AlertLevel.getText(alertLevel)
+            + ", " + AlertDescription.getText(alertDescription));
+        if (message != null)
+        {
+            out.println("> " + message);
+        }
+        if (cause != null)
+        {
+            cause.printStackTrace(out);
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS client received alert: " + AlertLevel.getText(alertLevel)
+            + ", " + AlertDescription.getText(alertDescription));
+    }
+
+//    public int[] getCipherSuites()
+//    {
+//        return Arrays.concatenate(super.getCipherSuites(),
+//            new int[]
+//            {
+//                CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+//                CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
+//                CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
+//                CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
+//                CipherSuite.TLS_RSA_WITH_SALSA20_SHA1,
+//            });
+//    }
+
+    public Hashtable getClientExtensions() throws IOException
+    {
+        Hashtable clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(super.getClientExtensions());
+        TlsExtensionsUtils.addEncryptThenMACExtension(clientExtensions);
+        // TODO[draft-ietf-tls-session-hash-01] Enable once code-point assigned (only for compatible server though)
+//        TlsExtensionsUtils.addExtendedMasterSecretExtension(clientExtensions);
+        TlsExtensionsUtils.addMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
+        TlsExtensionsUtils.addTruncatedHMacExtension(clientExtensions);
+        return clientExtensions;
+    }
+
+    public void notifyServerVersion(ProtocolVersion serverVersion) throws IOException
+    {
+        super.notifyServerVersion(serverVersion);
+
+        System.out.println("TLS client negotiated " + serverVersion);
+    }
+
+    public TlsAuthentication getAuthentication()
+        throws IOException
+    {
+        return new TlsAuthentication()
+        {
+            public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate)
+                throws IOException
+            {
+                Certificate[] chain = serverCertificate.getCertificateList();
+                System.out.println("TLS client received server certificate chain of length " + chain.length);
+                for (int i = 0; i != chain.length; i++)
+                {
+                    Certificate entry = chain[i];
+                    // TODO Create fingerprint based on certificate signature algorithm digest
+                    System.out.println("    fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " ("
+                        + entry.getSubject() + ")");
+                }
+            }
+
+            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest)
+                throws IOException
+            {
+                short[] certificateTypes = certificateRequest.getCertificateTypes();
+                if (certificateTypes == null || !Arrays.contains(certificateTypes, ClientCertificateType.rsa_sign))
+                {
+                    return null;
+                }
+
+                SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
+                Vector sigAlgs = certificateRequest.getSupportedSignatureAlgorithms();
+                if (sigAlgs != null)
+                {
+                    for (int i = 0; i < sigAlgs.size(); ++i)
+                    {
+                        SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm)
+                            sigAlgs.elementAt(i);
+                        if (sigAlg.getSignature() == SignatureAlgorithm.rsa)
+                        {
+                            signatureAndHashAlgorithm = sigAlg;
+                            break;
+                        }
+                    }
+
+                    if (signatureAndHashAlgorithm == null)
+                    {
+                        return null;
+                    }
+                }
+
+                return TlsTestUtils.loadSignerCredentials(context, new String[] { "x509-client.pem", "x509-ca.pem" },
+                    "x509-client-key.pem", signatureAndHashAlgorithm);
+            }
+        };
+    }
+
+    public void notifyHandshakeComplete() throws IOException
+    {
+        super.notifyHandshakeComplete();
+
+        TlsSession newSession = context.getResumableSession();
+        if (newSession != null)
+        {
+            byte[] newSessionID = newSession.getSessionID();
+            String hex = Hex.toHexString(newSessionID);
+
+            if (this.session != null && Arrays.areEqual(this.session.getSessionID(), newSessionID))
+            {
+                System.out.println("Resumed session: " + hex);
+            }
+            else
+            {
+                System.out.println("Established session: " + hex);
+            }
+
+            this.session = newSession;
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsServer.java
new file mode 100644
index 0000000..3aa47e8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsServer.java
@@ -0,0 +1,143 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CertificateRequest;
+import org.bouncycastle.crypto.tls.CipherSuite;
+import org.bouncycastle.crypto.tls.ClientCertificateType;
+import org.bouncycastle.crypto.tls.DefaultTlsServer;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.SignatureAlgorithm;
+import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
+import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
+import org.bouncycastle.crypto.tls.TlsSignerCredentials;
+import org.bouncycastle.crypto.tls.TlsUtils;
+import org.bouncycastle.util.Arrays;
+
+class MockTlsServer
+    extends DefaultTlsServer
+{
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS server raised alert: " + AlertLevel.getText(alertLevel)
+            + ", " + AlertDescription.getText(alertDescription));
+        if (message != null)
+        {
+            out.println("> " + message);
+        }
+        if (cause != null)
+        {
+            cause.printStackTrace(out);
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+        out.println("TLS server received alert: " + AlertLevel.getText(alertLevel)
+            + ", " + AlertDescription.getText(alertDescription));
+    }
+
+    protected int[] getCipherSuites()
+    {
+        return Arrays.concatenate(super.getCipherSuites(),
+            new int[]
+            {
+                CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+                CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
+                CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
+                CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
+                CipherSuite.TLS_RSA_WITH_SALSA20_SHA1,
+            });
+    }
+
+    protected ProtocolVersion getMaximumVersion()
+    {
+        return ProtocolVersion.TLSv12;
+    }
+
+    public ProtocolVersion getServerVersion() throws IOException
+    {
+        ProtocolVersion serverVersion = super.getServerVersion();
+
+        System.out.println("TLS server negotiated " + serverVersion);
+
+        return serverVersion;
+    }
+
+    public CertificateRequest getCertificateRequest() throws IOException
+    {
+        short[] certificateTypes = new short[]{ ClientCertificateType.rsa_sign,
+            ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
+
+        Vector serverSigAlgs = null;
+        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion))
+        {
+            serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms();
+        }
+
+        Vector certificateAuthorities = new Vector();
+        certificateAuthorities.add(TlsTestUtils.loadCertificateResource("x509-ca.pem").getSubject());
+
+        return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
+    }
+
+    public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate)
+        throws IOException
+    {
+        Certificate[] chain = clientCertificate.getCertificateList();
+        System.out.println("TLS server received client certificate chain of length " + chain.length);
+        for (int i = 0; i != chain.length; i++)
+        {
+            Certificate entry = chain[i];
+            // TODO Create fingerprint based on certificate signature algorithm digest
+            System.out.println("    fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " ("
+                + entry.getSubject() + ")");
+        }
+    }
+
+    protected TlsEncryptionCredentials getRSAEncryptionCredentials()
+        throws IOException
+    {
+        return TlsTestUtils.loadEncryptionCredentials(context, new String[]{"x509-server.pem", "x509-ca.pem"},
+            "x509-server-key.pem");
+    }
+
+    protected TlsSignerCredentials getRSASignerCredentials()
+        throws IOException
+    {
+        /*
+         * TODO Note that this code fails to provide default value for the client supported
+         * algorithms if it wasn't sent.
+         */
+        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
+        Vector sigAlgs = supportedSignatureAlgorithms;
+        if (sigAlgs != null)
+        {
+            for (int i = 0; i < sigAlgs.size(); ++i)
+            {
+                SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm)
+                    sigAlgs.elementAt(i);
+                if (sigAlg.getSignature() == SignatureAlgorithm.rsa)
+                {
+                    signatureAndHashAlgorithm = sigAlg;
+                    break;
+                }
+            }
+
+            if (signatureAndHashAlgorithm == null)
+            {
+                return null;
+            }
+        }
+
+        return TlsTestUtils.loadSignerCredentials(context, new String[]{"x509-server.pem", "x509-ca.pem"},
+            "x509-server-key.pem", signatureAndHashAlgorithm);
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/NetworkInputStream.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/NetworkInputStream.java
new file mode 100644
index 0000000..e5f4770
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/NetworkInputStream.java
@@ -0,0 +1,60 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Tracks and enforces close() calls, without closing the underlying InputStream
+ */
+class NetworkInputStream extends FilterInputStream
+{
+    boolean closed = false;
+
+    public NetworkInputStream(InputStream input)
+    {
+        super(input);
+    }
+
+    synchronized boolean isClosed()
+    {
+        return closed;
+    }
+
+    public int available() throws IOException
+    {
+        checkNotClosed();
+        return in.available();
+    }
+
+    public synchronized void close() throws IOException
+    {
+        closed = true;
+    }
+
+    public int read() throws IOException
+    {
+        checkNotClosed();
+        return in.read();
+    }
+
+    public int read(byte[] b) throws IOException
+    {
+        checkNotClosed();
+        return in.read(b);
+    }
+
+    public int read(byte[] b, int off, int len) throws IOException
+    {
+        checkNotClosed();
+        return in.read(b, off, len);
+    }
+
+    protected synchronized void checkNotClosed() throws IOException
+    {
+        if (closed)
+        {
+            throw new IOException("NetworkInputStream closed");
+        }
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/NetworkOutputStream.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/NetworkOutputStream.java
new file mode 100644
index 0000000..a11694b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/NetworkOutputStream.java
@@ -0,0 +1,54 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * Tracks and enforces close() calls, without closing the underlying OutputStream
+ */
+class NetworkOutputStream extends FilterOutputStream
+{
+    boolean closed = false;
+
+    public NetworkOutputStream(OutputStream output)
+    {
+        super(output);
+    }
+
+    synchronized boolean isClosed()
+    {
+        return closed;
+    }
+
+    public synchronized void close() throws IOException
+    {
+        closed = true;
+    }
+
+    public void write(int b) throws IOException
+    {
+        checkNotClosed();
+        out.write(b);
+    }
+
+    public void write(byte[] b) throws IOException
+    {
+        checkNotClosed();
+        out.write(b);
+    }
+
+    public void write(byte[] b, int off, int len) throws IOException
+    {
+        checkNotClosed();
+        out.write(b, off, len);
+    }
+
+    protected synchronized void checkNotClosed() throws IOException
+    {
+        if (closed)
+        {
+            throw new IOException("NetworkOutputStream closed");
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/PSKTlsClientTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/PSKTlsClientTest.java
new file mode 100644
index 0000000..4b152f4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/PSKTlsClientTest.java
@@ -0,0 +1,82 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.tls.BasicTlsPSKIdentity;
+import org.bouncycastle.crypto.tls.TlsClient;
+import org.bouncycastle.crypto.tls.TlsClientProtocol;
+
+/**
+ * A simple test designed to conduct a TLS handshake with an external TLS server.
+ * <p>
+ * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
+ * this package (under 'src/test/resources') for help configuring an external TLS server.
+ * </p><p>
+ * In both cases, extra options are required to enable PSK ciphersuites and configure identities/keys.
+ * </p>
+ */
+public class PSKTlsClientTest
+{
+    private static final SecureRandom secureRandom = new SecureRandom();
+
+    public static void main(String[] args) throws Exception
+    {
+        InetAddress address = InetAddress.getLocalHost();
+        int port = 5556;
+
+        long time1 = System.currentTimeMillis();
+
+        /*
+         * Note: This is the default PSK identity for 'openssl s_server' testing, the server must be
+         * started with "-psk 6161616161" to make the keys match, and possibly the "-psk_hint"
+         * option should be present.
+         */
+        String psk_identity = "Client_identity";
+        byte[] psk = new byte[]{ 0x61, 0x61, 0x61, 0x61, 0x61 };
+
+        BasicTlsPSKIdentity pskIdentity = new BasicTlsPSKIdentity(psk_identity, psk);
+
+        MockPSKTlsClient client = new MockPSKTlsClient(null, pskIdentity);
+        TlsClientProtocol protocol = openTlsConnection(address, port, client);
+        protocol.close();
+
+        long time2 = System.currentTimeMillis();
+        System.out.println("Elapsed 1: " + (time2 - time1) + "ms");
+
+        client = new MockPSKTlsClient(client.getSessionToResume(), pskIdentity);
+        protocol = openTlsConnection(address, port, client);
+
+        long time3 = System.currentTimeMillis();
+        System.out.println("Elapsed 2: " + (time3 - time2) + "ms");
+
+        OutputStream output = protocol.getOutputStream();
+        output.write("GET / HTTP/1.1\r\n\r\n".getBytes("UTF-8"));
+        output.flush();
+
+        InputStream input = protocol.getInputStream();
+        BufferedReader reader = new BufferedReader(new InputStreamReader(input));
+
+        String line;
+        while ((line = reader.readLine()) != null)
+        {
+            System.out.println(">>> " + line);
+        }
+
+        protocol.close();
+    }
+
+    static TlsClientProtocol openTlsConnection(InetAddress address, int port, TlsClient client) throws IOException
+    {
+        Socket s = new Socket(address, port);
+        TlsClientProtocol protocol = new TlsClientProtocol(s.getInputStream(), s.getOutputStream(), secureRandom);
+        protocol.connect(client);
+        return protocol;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsClientTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsClientTest.java
new file mode 100644
index 0000000..bf289d8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsClientTest.java
@@ -0,0 +1,70 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.tls.TlsClient;
+import org.bouncycastle.crypto.tls.TlsClientProtocol;
+
+/**
+ * A simple test designed to conduct a TLS handshake with an external TLS server.
+ * <p>
+ * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
+ * this package (under 'src/test/resources') for help configuring an external TLS server.
+ * </p>
+ */
+public class TlsClientTest
+{
+    private static final SecureRandom secureRandom = new SecureRandom();
+
+    public static void main(String[] args)
+        throws Exception
+    {
+        InetAddress address = InetAddress.getLocalHost();
+        int port = 5556;
+
+        long time1 = System.currentTimeMillis();
+
+        MockTlsClient client = new MockTlsClient(null);
+        TlsClientProtocol protocol = openTlsConnection(address, port, client);
+        protocol.close();
+
+        long time2 = System.currentTimeMillis();
+        System.out.println("Elapsed 1: " + (time2 - time1) + "ms");
+
+        client = new MockTlsClient(client.getSessionToResume());
+        protocol = openTlsConnection(address, port, client);
+
+        long time3 = System.currentTimeMillis();
+        System.out.println("Elapsed 2: " + (time3 - time2) + "ms");
+
+        OutputStream output = protocol.getOutputStream();
+        output.write("GET / HTTP/1.1\r\n\r\n".getBytes("UTF-8"));
+        output.flush();
+
+        InputStream input = protocol.getInputStream();
+        BufferedReader reader = new BufferedReader(new InputStreamReader(input));
+
+        String line;
+        while ((line = reader.readLine()) != null)
+        {
+            System.out.println(">>> " + line);
+        }
+
+        protocol.close();
+    }
+
+    static TlsClientProtocol openTlsConnection(InetAddress address, int port, TlsClient client) throws IOException
+    {
+        Socket s = new Socket(address, port);
+        TlsClientProtocol protocol = new TlsClientProtocol(s.getInputStream(), s.getOutputStream(), secureRandom);
+        protocol.connect(client);
+        return protocol;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsPSKProtocolTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsPSKProtocolTest.java
new file mode 100644
index 0000000..f32554a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsPSKProtocolTest.java
@@ -0,0 +1,81 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.OutputStream;
+import java.io.PipedInputStream;
+import java.io.PipedOutputStream;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+
+import org.bouncycastle.crypto.tls.TlsClientProtocol;
+import org.bouncycastle.crypto.tls.TlsServerProtocol;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.io.Streams;
+
+public class TlsPSKProtocolTest
+    extends TestCase
+{
+    public void testClientServer() throws Exception
+    {
+        SecureRandom secureRandom = new SecureRandom();
+
+        PipedInputStream clientRead = new PipedInputStream();
+        PipedInputStream serverRead = new PipedInputStream();
+        PipedOutputStream clientWrite = new PipedOutputStream(serverRead);
+        PipedOutputStream serverWrite = new PipedOutputStream(clientRead);
+
+        TlsClientProtocol clientProtocol = new TlsClientProtocol(clientRead, clientWrite, secureRandom);
+        TlsServerProtocol serverProtocol = new TlsServerProtocol(serverRead, serverWrite, secureRandom);
+
+        ServerThread serverThread = new ServerThread(serverProtocol);
+        serverThread.start();
+
+        MockPSKTlsClient client = new MockPSKTlsClient(null);
+        clientProtocol.connect(client);
+
+        // NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
+        int length = 1000;
+
+        byte[] data = new byte[length];
+        secureRandom.nextBytes(data);
+
+        OutputStream output = clientProtocol.getOutputStream();
+        output.write(data);
+
+        byte[] echo = new byte[data.length];
+        int count = Streams.readFully(clientProtocol.getInputStream(), echo);
+
+        assertEquals(count, data.length);
+        assertTrue(Arrays.areEqual(data, echo));
+
+        output.close();
+
+        serverThread.join();
+    }
+
+    static class ServerThread
+        extends Thread
+    {
+        private final TlsServerProtocol serverProtocol;
+
+        ServerThread(TlsServerProtocol serverProtocol)
+        {
+            this.serverProtocol = serverProtocol;
+        }
+
+        public void run()
+        {
+            try
+            {
+                MockPSKTlsServer server = new MockPSKTlsServer();
+                serverProtocol.accept(server);
+                Streams.pipeAll(serverProtocol.getInputStream(), serverProtocol.getOutputStream());
+                serverProtocol.close();
+            }
+            catch (Exception e)
+            {
+                //                throw new RuntimeException(e);
+            }
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsProtocolTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsProtocolTest.java
new file mode 100644
index 0000000..a817c47
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsProtocolTest.java
@@ -0,0 +1,82 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.OutputStream;
+import java.io.PipedInputStream;
+import java.io.PipedOutputStream;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+
+import org.bouncycastle.crypto.tls.TlsClientProtocol;
+import org.bouncycastle.crypto.tls.TlsServerProtocol;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.io.Streams;
+
+public class TlsProtocolTest
+    extends TestCase
+{
+    public void testClientServer()
+        throws Exception
+    {
+        SecureRandom secureRandom = new SecureRandom();
+
+        PipedInputStream clientRead = new PipedInputStream();
+        PipedInputStream serverRead = new PipedInputStream();
+        PipedOutputStream clientWrite = new PipedOutputStream(serverRead);
+        PipedOutputStream serverWrite = new PipedOutputStream(clientRead);
+
+        TlsClientProtocol clientProtocol = new TlsClientProtocol(clientRead, clientWrite, secureRandom);
+        TlsServerProtocol serverProtocol = new TlsServerProtocol(serverRead, serverWrite, secureRandom);
+
+        ServerThread serverThread = new ServerThread(serverProtocol);
+        serverThread.start();
+
+        MockTlsClient client = new MockTlsClient(null);
+        clientProtocol.connect(client);
+
+        // NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
+        int length = 1000;
+
+        byte[] data = new byte[length];
+        secureRandom.nextBytes(data);
+
+        OutputStream output = clientProtocol.getOutputStream();
+        output.write(data);
+
+        byte[] echo = new byte[data.length];
+        int count = Streams.readFully(clientProtocol.getInputStream(), echo);
+
+        assertEquals(count, data.length);
+        assertTrue(Arrays.areEqual(data, echo));
+
+        output.close();
+
+        serverThread.join();
+    }
+
+    static class ServerThread
+        extends Thread
+    {
+        private final TlsServerProtocol serverProtocol;
+
+        ServerThread(TlsServerProtocol serverProtocol)
+        {
+            this.serverProtocol = serverProtocol;
+        }
+
+        public void run()
+        {
+            try
+            {
+                MockTlsServer server = new MockTlsServer();
+                serverProtocol.accept(server);
+                Streams.pipeAll(serverProtocol.getInputStream(), serverProtocol.getOutputStream());
+                serverProtocol.close();
+            }
+            catch (Exception e)
+            {
+//                throw new RuntimeException(e);
+            }
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsSRPProtocolTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsSRPProtocolTest.java
new file mode 100644
index 0000000..b0c3c92
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsSRPProtocolTest.java
@@ -0,0 +1,81 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.OutputStream;
+import java.io.PipedInputStream;
+import java.io.PipedOutputStream;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+
+import org.bouncycastle.crypto.tls.TlsClientProtocol;
+import org.bouncycastle.crypto.tls.TlsServerProtocol;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.io.Streams;
+
+public class TlsSRPProtocolTest
+    extends TestCase
+{
+    public void testClientServer() throws Exception
+    {
+        SecureRandom secureRandom = new SecureRandom();
+
+        PipedInputStream clientRead = new PipedInputStream();
+        PipedInputStream serverRead = new PipedInputStream();
+        PipedOutputStream clientWrite = new PipedOutputStream(serverRead);
+        PipedOutputStream serverWrite = new PipedOutputStream(clientRead);
+
+        TlsClientProtocol clientProtocol = new TlsClientProtocol(clientRead, clientWrite, secureRandom);
+        TlsServerProtocol serverProtocol = new TlsServerProtocol(serverRead, serverWrite, secureRandom);
+
+        ServerThread serverThread = new ServerThread(serverProtocol);
+        serverThread.start();
+
+        MockSRPTlsClient client = new MockSRPTlsClient(null, MockSRPTlsServer.TEST_IDENTITY, MockSRPTlsServer.TEST_PASSWORD);
+        clientProtocol.connect(client);
+
+        // NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
+        int length = 1000;
+
+        byte[] data = new byte[length];
+        secureRandom.nextBytes(data);
+
+        OutputStream output = clientProtocol.getOutputStream();
+        output.write(data);
+
+        byte[] echo = new byte[data.length];
+        int count = Streams.readFully(clientProtocol.getInputStream(), echo);
+
+        assertEquals(count, data.length);
+        assertTrue(Arrays.areEqual(data, echo));
+
+        output.close();
+
+        serverThread.join();
+    }
+
+    static class ServerThread
+        extends Thread
+    {
+        private final TlsServerProtocol serverProtocol;
+
+        ServerThread(TlsServerProtocol serverProtocol)
+        {
+            this.serverProtocol = serverProtocol;
+        }
+
+        public void run()
+        {
+            try
+            {
+                MockSRPTlsServer server = new MockSRPTlsServer();
+                serverProtocol.accept(server);
+                Streams.pipeAll(serverProtocol.getInputStream(), serverProtocol.getOutputStream());
+                serverProtocol.close();
+            }
+            catch (Exception e)
+            {
+                //throw new RuntimeException(e);
+            }
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsServerTest.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsServerTest.java
new file mode 100644
index 0000000..e2faea7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsServerTest.java
@@ -0,0 +1,82 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.tls.TlsServerProtocol;
+import org.bouncycastle.util.io.Streams;
+import org.bouncycastle.util.io.TeeOutputStream;
+
+/**
+ * A simple test designed to conduct a TLS handshake with an external TLS client.
+ * <p>
+ * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
+ * this package (under 'src/test/resources') for help configuring an external TLS client.
+ * </p>
+ */
+public class TlsServerTest
+{
+    private static final SecureRandom secureRandom = new SecureRandom();
+
+    public static void main(String[] args)
+        throws Exception
+    {
+        InetAddress address = InetAddress.getLocalHost();
+        int port = 5556;
+
+        ServerSocket ss = new ServerSocket(port, 16, address);
+        while (true)
+        {
+            Socket s = ss.accept();
+            System.out.println("--------------------------------------------------------------------------------");
+            System.out.println("Accepted " + s);
+            ServerThread t = new ServerThread(s);
+            t.start();
+        }
+    }
+
+    static class ServerThread
+        extends Thread
+    {
+        private final Socket s;
+
+        ServerThread(Socket s)
+        {
+            this.s = s;
+        }
+
+        public void run()
+        {
+            try
+            {
+                MockTlsServer server = new MockTlsServer();
+                TlsServerProtocol serverProtocol = new TlsServerProtocol(s.getInputStream(), s.getOutputStream(), secureRandom);
+                serverProtocol.accept(server);
+                OutputStream log = new TeeOutputStream(serverProtocol.getOutputStream(), System.out);
+                Streams.pipeAll(serverProtocol.getInputStream(), log);
+                serverProtocol.close();
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e);
+            }
+            finally
+            {
+                try
+                {
+                    s.close();
+                }
+                catch (IOException e)
+                {
+                }
+                finally
+                {
+                }
+            }
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestCase.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestCase.java
new file mode 100644
index 0000000..79ad784
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestCase.java
@@ -0,0 +1,171 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.OutputStream;
+import java.io.PipedInputStream;
+import java.io.PipedOutputStream;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.TlsClientProtocol;
+import org.bouncycastle.crypto.tls.TlsServerProtocol;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.io.Streams;
+
+public class TlsTestCase extends TestCase
+{
+    private static void checkTLSVersion(ProtocolVersion version)
+    {
+        if (version != null && !version.isTLS())
+        {
+            throw new IllegalStateException("Non-TLS version");
+        }
+    }
+
+    protected final TlsTestConfig config;
+
+    public TlsTestCase(TlsTestConfig config, String name)
+    {
+        checkTLSVersion(config.clientMinimumVersion);
+        checkTLSVersion(config.clientOfferVersion);
+        checkTLSVersion(config.serverMaximumVersion);
+        checkTLSVersion(config.serverMinimumVersion);
+
+        this.config = config;
+
+        setName(name);
+    }
+
+    protected void runTest() throws Throwable
+    {
+        SecureRandom secureRandom = new SecureRandom();
+        
+        PipedInputStream clientRead = new PipedInputStream();
+        PipedInputStream serverRead = new PipedInputStream();
+        PipedOutputStream clientWrite = new PipedOutputStream(serverRead);
+        PipedOutputStream serverWrite = new PipedOutputStream(clientRead);
+
+        NetworkInputStream clientNetIn = new NetworkInputStream(clientRead);
+        NetworkInputStream serverNetIn = new NetworkInputStream(serverRead);
+        NetworkOutputStream clientNetOut = new NetworkOutputStream(clientWrite);
+        NetworkOutputStream serverNetOut = new NetworkOutputStream(serverWrite);
+
+        TlsClientProtocol clientProtocol = new TlsClientProtocol(clientNetIn, clientNetOut, secureRandom);
+        TlsServerProtocol serverProtocol = new TlsServerProtocol(serverNetIn, serverNetOut, secureRandom);
+
+        TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
+        TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
+
+        ServerThread serverThread = new ServerThread(serverProtocol, serverImpl);
+        serverThread.start();
+
+        Exception caught = null;
+        try
+        {
+            clientProtocol.connect(clientImpl);
+
+            // NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
+            int length = 1000;
+
+            byte[] data = new byte[length];
+            secureRandom.nextBytes(data);
+    
+            OutputStream output = clientProtocol.getOutputStream();
+            output.write(data);
+    
+            byte[] echo = new byte[data.length];
+            int count = Streams.readFully(clientProtocol.getInputStream(), echo);
+    
+            assertEquals(count, data.length);
+            assertTrue(Arrays.areEqual(data, echo));
+    
+            output.close();
+        }
+        catch (Exception e)
+        {
+            caught = e;
+            logException(caught);
+        }
+
+        serverThread.allowExit();
+        serverThread.join();
+
+        assertTrue("Client InputStream not closed", clientNetIn.isClosed());
+        assertTrue("Client OutputStream not closed", clientNetOut.isClosed());
+        assertTrue("Server InputStream not closed", serverNetIn.isClosed());
+        assertTrue("Server OutputStream not closed", serverNetOut.isClosed());
+
+        assertEquals("Client fatal alert connection end", config.expectFatalAlertConnectionEnd, clientImpl.firstFatalAlertConnectionEnd);
+        assertEquals("Server fatal alert connection end", config.expectFatalAlertConnectionEnd, serverImpl.firstFatalAlertConnectionEnd);
+
+        assertEquals("Client fatal alert description", config.expectFatalAlertDescription, clientImpl.firstFatalAlertDescription);
+        assertEquals("Server fatal alert description", config.expectFatalAlertDescription, serverImpl.firstFatalAlertDescription);
+
+        if (config.expectFatalAlertConnectionEnd == -1)
+        {
+            assertNull("Unexpected client exception", caught);
+            assertNull("Unexpected server exception", serverThread.caught);
+        }
+    }
+
+    protected  void logException(Exception e)
+    {
+        if (TlsTestConfig.DEBUG)
+        {
+            e.printStackTrace();
+        }
+    }
+
+    class ServerThread extends Thread
+    {
+        protected final TlsServerProtocol serverProtocol;
+        protected final TlsTestServerImpl serverImpl;
+
+        boolean canExit = false;
+        Exception caught = null;
+
+        ServerThread(TlsServerProtocol serverProtocol, TlsTestServerImpl serverImpl)
+        {
+            this.serverProtocol = serverProtocol;
+            this.serverImpl = serverImpl;
+        }
+
+        synchronized void allowExit()
+        {
+            canExit = true;
+            this.notifyAll();
+        }
+
+        public void run()
+        {
+            try
+            {
+                serverProtocol.accept(serverImpl);
+                Streams.pipeAll(serverProtocol.getInputStream(), serverProtocol.getOutputStream());
+                serverProtocol.close();
+            }
+            catch (Exception e)
+            {
+                caught = e;
+                logException(caught);
+            }
+
+            waitExit();
+        }
+
+        protected synchronized void waitExit()
+        {
+            while (!canExit)
+            {
+                try
+                {
+                    this.wait();
+                }
+                catch (InterruptedException e)
+                {
+                }
+            }
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestClientImpl.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestClientImpl.java
new file mode 100644
index 0000000..4374631
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestClientImpl.java
@@ -0,0 +1,251 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CertificateRequest;
+import org.bouncycastle.crypto.tls.ClientCertificateType;
+import org.bouncycastle.crypto.tls.ConnectionEnd;
+import org.bouncycastle.crypto.tls.DefaultTlsClient;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.SignatureAlgorithm;
+import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
+import org.bouncycastle.crypto.tls.TlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsCredentials;
+import org.bouncycastle.crypto.tls.TlsFatalAlert;
+import org.bouncycastle.crypto.tls.TlsSignerCredentials;
+import org.bouncycastle.util.Arrays;
+
+class TlsTestClientImpl
+    extends DefaultTlsClient
+{
+    protected final TlsTestConfig config;
+
+    protected int firstFatalAlertConnectionEnd = -1;
+    protected short firstFatalAlertDescription = -1;
+
+    TlsTestClientImpl(TlsTestConfig config)
+    {
+        this.config = config;
+    }
+
+    int getFirstFatalAlertConnectionEnd()
+    {
+        return firstFatalAlertConnectionEnd;
+    }
+
+    short getFirstFatalAlertDescription()
+    {
+        return firstFatalAlertDescription;
+    }
+
+    public ProtocolVersion getClientVersion()
+    {
+        if (config.clientOfferVersion != null)
+        {
+            return config.clientOfferVersion;
+        }
+
+        return super.getClientVersion();
+    }
+
+    public ProtocolVersion getMinimumVersion()
+    {
+        if (config.clientMinimumVersion != null)
+        {
+            return config.clientMinimumVersion;
+        }
+
+        return super.getMinimumVersion();
+    }
+
+    public boolean isFallback()
+    {
+        return config.clientFallback;
+    }
+
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        if (alertLevel == AlertLevel.fatal && firstFatalAlertConnectionEnd == -1)
+        {
+            firstFatalAlertConnectionEnd = ConnectionEnd.client;
+            firstFatalAlertDescription = alertDescription;
+        }
+
+        if (TlsTestConfig.DEBUG)
+        {
+            PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+            out.println("TLS client raised alert: " + AlertLevel.getText(alertLevel)
+                + ", " + AlertDescription.getText(alertDescription));
+            if (message != null)
+            {
+                out.println("> " + message);
+            }
+            if (cause != null)
+            {
+                cause.printStackTrace(out);
+            }
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        if (alertLevel == AlertLevel.fatal && firstFatalAlertConnectionEnd == -1)
+        {
+            firstFatalAlertConnectionEnd = ConnectionEnd.server;
+            firstFatalAlertDescription = alertDescription;
+        }
+
+        if (TlsTestConfig.DEBUG)
+        {
+            PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+            out.println("TLS client received alert: " + AlertLevel.getText(alertLevel)
+                + ", " + AlertDescription.getText(alertDescription));
+        }
+    }
+
+    public void notifyServerVersion(ProtocolVersion serverVersion) throws IOException
+    {
+        super.notifyServerVersion(serverVersion);
+
+        if (TlsTestConfig.DEBUG)
+        {
+            System.out.println("TLS client negotiated " + serverVersion);
+        }
+    }
+
+    public TlsAuthentication getAuthentication()
+        throws IOException
+    {
+        return new TlsAuthentication()
+        {
+            public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate)
+                throws IOException
+            {
+                boolean isEmpty = serverCertificate == null || serverCertificate.isEmpty();
+
+                Certificate[] chain = serverCertificate.getCertificateList();
+
+                // TODO Cache test resources?
+                if (isEmpty || !(chain[0].equals(TlsTestUtils.loadCertificateResource("x509-server.pem"))
+                    || chain[0].equals(TlsTestUtils.loadCertificateResource("x509-server-dsa.pem"))
+                    || chain[0].equals(TlsTestUtils.loadCertificateResource("x509-server-ecdsa.pem"))))
+                {
+                    throw new TlsFatalAlert(AlertDescription.bad_certificate);
+                }
+
+                if (TlsTestConfig.DEBUG)
+                {
+                    System.out.println("TLS client received server certificate chain of length " + chain.length);
+                    for (int i = 0; i != chain.length; i++)
+                    {
+                        Certificate entry = chain[i];
+                        // TODO Create fingerprint based on certificate signature algorithm digest
+                        System.out.println("    fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " ("
+                            + entry.getSubject() + ")");
+                    }
+                }
+            }
+
+            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest)
+                throws IOException
+            {
+                if (config.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_NONE)
+                {
+                    throw new IllegalStateException();
+                }
+                if (config.clientAuth == TlsTestConfig.CLIENT_AUTH_NONE)
+                {
+                    return null;
+                }
+
+                short[] certificateTypes = certificateRequest.getCertificateTypes();
+                if (certificateTypes == null || !Arrays.contains(certificateTypes, ClientCertificateType.rsa_sign))
+                {
+                    return null;
+                }
+
+                final TlsSignerCredentials signerCredentials = TlsTestUtils.loadSignerCredentials(context,
+                    certificateRequest.getSupportedSignatureAlgorithms(), SignatureAlgorithm.rsa,
+                    "x509-client.pem", "x509-client-key.pem");
+
+                if (config.clientAuth == TlsTestConfig.CLIENT_AUTH_VALID)
+                {
+                    return signerCredentials;
+                }
+
+                return new TlsSignerCredentials()
+                {
+                    public byte[] generateCertificateSignature(byte[] hash) throws IOException
+                    {
+                        byte[] sig = signerCredentials.generateCertificateSignature(hash);
+
+                        if (config.clientAuth == TlsTestConfig.CLIENT_AUTH_INVALID_VERIFY)
+                        {
+                            sig = corruptBit(sig);
+                        }
+
+                        return sig;
+                    }
+
+                    public org.bouncycastle.crypto.tls.Certificate getCertificate()
+                    {
+                        org.bouncycastle.crypto.tls.Certificate cert = signerCredentials.getCertificate();
+
+                        if (config.clientAuth == TlsTestConfig.CLIENT_AUTH_INVALID_CERT)
+                        {
+                            cert = corruptCertificate(cert);
+                        }
+
+                        return cert;
+                    }
+
+                    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm()
+                    {
+                        return signerCredentials.getSignatureAndHashAlgorithm();
+                    }
+                };
+            }
+        };
+    }
+
+    protected org.bouncycastle.crypto.tls.Certificate corruptCertificate(org.bouncycastle.crypto.tls.Certificate cert)
+    {
+        Certificate[] certList = cert.getCertificateList();
+        certList[0] = corruptCertificateSignature(certList[0]);
+        return new org.bouncycastle.crypto.tls.Certificate(certList);
+    }
+
+    protected Certificate corruptCertificateSignature(Certificate cert)
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+        v.add(cert.getTBSCertificate());
+        v.add(cert.getSignatureAlgorithm());
+        v.add(corruptBitString(cert.getSignature()));
+
+        return Certificate.getInstance(new DERSequence(v));
+    }
+
+    protected DERBitString corruptBitString(DERBitString bs)
+    {
+        return new DERBitString(corruptBit(bs.getBytes()));
+    }
+
+    protected byte[] corruptBit(byte[] bs)
+    {
+        bs = Arrays.clone(bs);
+
+        // Flip a random bit
+        int bit = context.getSecureRandom().nextInt(bs.length << 3); 
+        bs[bit >>> 3] ^= (1 << (bit & 7));
+
+        return bs;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestConfig.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestConfig.java
new file mode 100644
index 0000000..461ecd5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestConfig.java
@@ -0,0 +1,101 @@
+package org.bouncycastle.crypto.tls.test;
+
+import org.bouncycastle.crypto.tls.ConnectionEnd;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+
+public class TlsTestConfig
+{
+    public static final boolean DEBUG = false;
+
+    /**
+     * Client does not authenticate, ignores any certificate request
+     */
+    public static final int CLIENT_AUTH_NONE = 0;
+
+    /**
+     * Client will authenticate if it receives a certificate request
+     */
+    public static final int CLIENT_AUTH_VALID = 1;
+
+    /**
+     * Client will authenticate if it receives a certificate request, with an invalid certificate
+     */
+    public static final int CLIENT_AUTH_INVALID_CERT = 2;
+
+    /**
+     * Client will authenticate if it receives a certificate request, with an invalid CertificateVerify signature
+     */
+    public static final int CLIENT_AUTH_INVALID_VERIFY = 3;
+
+    /**
+     * Server will not request a client certificate
+     */
+    public static final int SERVER_CERT_REQ_NONE = 0;
+
+    /**
+     * Server will request a client certificate but receiving one is optional
+     */
+    public static final int SERVER_CERT_REQ_OPTIONAL = 1;
+
+    /**
+     * Server will request a client certificate and receiving one is mandatory
+     */
+    public static final int SERVER_CERT_REQ_MANDATORY = 2;
+
+    /**
+     * Configures the client authentication behaviour of the test client. Use CLIENT_AUTH_* constants.
+     */
+    public int clientAuth = CLIENT_AUTH_VALID;
+
+    /**
+     * Configures the minimum protocol version the client will accept. If null, uses the library's default.
+     */
+    public ProtocolVersion clientMinimumVersion = null;
+
+    /**
+     * Configures the protocol version the client will offer. If null, uses the library's default.
+     */
+    public ProtocolVersion clientOfferVersion = null;
+
+    /**
+     * Configures whether the client will indicate version fallback via TLS_FALLBACK_SCSV.
+     */
+    public boolean clientFallback = false;
+
+    /**
+     * Configures whether the test server will send a certificate request.
+     */
+    public int serverCertReq = SERVER_CERT_REQ_OPTIONAL;
+
+    /**
+     * Configures the maximum protocol version the server will accept. If null, uses the library's default.
+     */
+    public ProtocolVersion serverMaximumVersion = null;
+
+    /**
+     * Configures the minimum protocol version the server will accept. If null, uses the library's default.
+     */
+    public ProtocolVersion serverMinimumVersion = null;
+
+    /**
+     * Configures the connection end that a fatal alert is expected to be raised. Use ConnectionEnd.* constants.
+     */
+    public int expectFatalAlertConnectionEnd = -1;
+
+    /**
+     * Configures the type of fatal alert expected to be raised. Use AlertDescription.* constants.
+     */
+    public short expectFatalAlertDescription = -1;
+
+    public void expectClientFatalAlert(short alertDescription)
+    {
+        this.expectFatalAlertConnectionEnd = ConnectionEnd.client;
+        this.expectFatalAlertDescription = alertDescription;
+    }
+
+    public void expectServerFatalAlert(short alertDescription)
+    {
+        this.expectFatalAlertConnectionEnd = ConnectionEnd.server;
+        this.expectFatalAlertDescription = alertDescription;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestServerImpl.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestServerImpl.java
new file mode 100644
index 0000000..b334293
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestServerImpl.java
@@ -0,0 +1,198 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CertificateRequest;
+import org.bouncycastle.crypto.tls.ClientCertificateType;
+import org.bouncycastle.crypto.tls.ConnectionEnd;
+import org.bouncycastle.crypto.tls.DefaultTlsServer;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.SignatureAlgorithm;
+import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
+import org.bouncycastle.crypto.tls.TlsFatalAlert;
+import org.bouncycastle.crypto.tls.TlsSignerCredentials;
+import org.bouncycastle.crypto.tls.TlsUtils;
+
+class TlsTestServerImpl
+    extends DefaultTlsServer
+{
+    protected final TlsTestConfig config;
+
+    protected int firstFatalAlertConnectionEnd = -1;
+    protected short firstFatalAlertDescription = -1;
+
+    TlsTestServerImpl(TlsTestConfig config)
+    {
+        this.config = config;
+    }
+
+    int getFirstFatalAlertConnectionEnd()
+    {
+        return firstFatalAlertConnectionEnd;
+    }
+
+    short getFirstFatalAlertDescription()
+    {
+        return firstFatalAlertDescription;
+    }
+
+    protected ProtocolVersion getMaximumVersion()
+    {
+        if (config.serverMaximumVersion != null)
+        {
+            return config.serverMaximumVersion;
+        }
+
+        return super.getMaximumVersion();
+    }
+
+    protected ProtocolVersion getMinimumVersion()
+    {
+        if (config.serverMinimumVersion != null)
+        {
+            return config.serverMinimumVersion;
+        }
+
+        return super.getMinimumVersion();
+    }
+
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+        if (alertLevel == AlertLevel.fatal && firstFatalAlertConnectionEnd == -1)
+        {
+            firstFatalAlertConnectionEnd = ConnectionEnd.server;
+            firstFatalAlertDescription = alertDescription;
+        }
+
+        if (TlsTestConfig.DEBUG)
+        {
+            PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+            out.println("TLS server raised alert: " + AlertLevel.getText(alertLevel)
+                + ", " + AlertDescription.getText(alertDescription));
+            if (message != null)
+            {
+                out.println("> " + message);
+            }
+            if (cause != null)
+            {
+                cause.printStackTrace(out);
+            }
+        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+        if (alertLevel == AlertLevel.fatal && firstFatalAlertConnectionEnd == -1)
+        {
+            firstFatalAlertConnectionEnd = ConnectionEnd.client;
+            firstFatalAlertDescription = alertDescription;
+        }
+
+        if (TlsTestConfig.DEBUG)
+        {
+            PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+            out.println("TLS server received alert: " + AlertLevel.getText(alertLevel)
+                + ", " + AlertDescription.getText(alertDescription));
+        }
+    }
+
+    public ProtocolVersion getServerVersion() throws IOException
+    {
+        ProtocolVersion serverVersion = super.getServerVersion();
+
+        if (TlsTestConfig.DEBUG)
+        {
+            System.out.println("TLS server negotiated " + serverVersion);
+        }
+
+        return serverVersion;
+    }
+
+    public CertificateRequest getCertificateRequest() throws IOException
+    {
+        if (config.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_NONE)
+        {
+            return null;
+        }
+
+        short[] certificateTypes = new short[]{ ClientCertificateType.rsa_sign,
+            ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
+
+        Vector serverSigAlgs = null;
+        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion))
+        {
+            serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms();
+        }
+
+        Vector certificateAuthorities = new Vector();
+        certificateAuthorities.add(TlsTestUtils.loadCertificateResource("x509-ca.pem").getSubject());
+
+        return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
+    }
+
+    public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate)
+        throws IOException
+    {
+        boolean isEmpty = (clientCertificate == null || clientCertificate.isEmpty());
+
+        if (isEmpty != (config.clientAuth == TlsTestConfig.CLIENT_AUTH_NONE))
+        {
+            throw new IllegalStateException();
+        }
+        if (isEmpty && (config.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_MANDATORY))
+        {
+            throw new TlsFatalAlert(AlertDescription.handshake_failure);
+        }
+
+        Certificate[] chain = clientCertificate.getCertificateList();
+
+        // TODO Cache test resources?
+        if (!isEmpty && !(chain[0].equals(TlsTestUtils.loadCertificateResource("x509-client.pem"))
+            || chain[0].equals(TlsTestUtils.loadCertificateResource("x509-client-dsa.pem"))
+            || chain[0].equals(TlsTestUtils.loadCertificateResource("x509-client-ecdsa.pem"))))
+        {
+            throw new TlsFatalAlert(AlertDescription.bad_certificate);
+        }
+
+        if (TlsTestConfig.DEBUG)
+        {
+            System.out.println("TLS server received client certificate chain of length " + chain.length);
+            for (int i = 0; i != chain.length; i++)
+            {
+                Certificate entry = chain[i];
+                // TODO Create fingerprint based on certificate signature algorithm digest
+                System.out.println("    fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " ("
+                    + entry.getSubject() + ")");
+            }
+        }
+    }
+
+    protected TlsSignerCredentials getDSASignerCredentials() throws IOException
+    {
+        return TlsTestUtils.loadSignerCredentials(context, supportedSignatureAlgorithms, SignatureAlgorithm.dsa,
+            "x509-server-dsa.pem", "x509-server-key-dsa.pem");
+    }
+
+    protected TlsSignerCredentials getECDSASignerCredentials() throws IOException
+    {
+        return TlsTestUtils.loadSignerCredentials(context, supportedSignatureAlgorithms, SignatureAlgorithm.ecdsa,
+            "x509-server-ecdsa.pem", "x509-server-key-ecdsa.pem");
+    }
+
+    protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException
+    {
+        return TlsTestUtils.loadEncryptionCredentials(context, new String[]{ "x509-server.pem", "x509-ca.pem" },
+            "x509-server-key.pem");
+    }
+
+    protected TlsSignerCredentials getRSASignerCredentials() throws IOException
+    {
+        return TlsTestUtils.loadSignerCredentials(context, supportedSignatureAlgorithms, SignatureAlgorithm.rsa,
+            "x509-server.pem", "x509-server-key.pem");
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestSuite.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestSuite.java
new file mode 100644
index 0000000..ae71faf
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestSuite.java
@@ -0,0 +1,111 @@
+package org.bouncycastle.crypto.tls.test;
+
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+public class TlsTestSuite extends TestSuite
+{
+    // Make the access to constants less verbose 
+    static abstract class C extends TlsTestConfig {}
+
+    public static Test suite()
+    {
+        TlsTestSuite testSuite = new TlsTestSuite();
+
+        addFallbackTests(testSuite);
+        addVersionTests(testSuite, ProtocolVersion.TLSv10);
+        addVersionTests(testSuite, ProtocolVersion.TLSv11);
+        addVersionTests(testSuite, ProtocolVersion.TLSv12);
+
+        return testSuite;
+    }
+
+    private static void addFallbackTests(TestSuite testSuite)
+    {
+        {
+            TlsTestConfig c = createTlsTestConfig(ProtocolVersion.TLSv12);
+            c.clientFallback = true;
+
+            testSuite.addTest(new TlsTestCase(c, "FallbackGood"));
+        }
+
+        {
+            TlsTestConfig c = createTlsTestConfig(ProtocolVersion.TLSv12);
+            c.clientOfferVersion = ProtocolVersion.TLSv11;
+            c.clientFallback = true;
+            c.expectServerFatalAlert(AlertDescription.inappropriate_fallback);
+
+            testSuite.addTest(new TlsTestCase(c, "FallbackBad"));
+        }
+
+        {
+            TlsTestConfig c = createTlsTestConfig(ProtocolVersion.TLSv12);
+            c.clientOfferVersion = ProtocolVersion.TLSv11;
+
+            testSuite.addTest(new TlsTestCase(c, "FallbackNone"));
+        }
+    }
+
+    private static void addVersionTests(TestSuite testSuite, ProtocolVersion version)
+    {
+        String prefix = version.toString().replaceAll("[ \\.]", "") + "_";
+
+        {
+            TlsTestConfig c = createTlsTestConfig(version);
+
+            testSuite.addTest(new TlsTestCase(c, prefix + "GoodDefault"));
+        }
+
+        {
+            TlsTestConfig c = createTlsTestConfig(version);
+            c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
+            c.expectServerFatalAlert(AlertDescription.decrypt_error);
+
+            testSuite.addTest(new TlsTestCase(c, prefix + "BadCertificateVerify"));
+        }
+
+        {
+            TlsTestConfig c = createTlsTestConfig(version);
+            c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
+            c.expectServerFatalAlert(AlertDescription.bad_certificate);
+
+            testSuite.addTest(new TlsTestCase(c, prefix + "BadClientCertificate"));
+        }
+
+        {
+            TlsTestConfig c = createTlsTestConfig(version);
+            c.clientAuth = C.CLIENT_AUTH_NONE;
+            c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
+            c.expectServerFatalAlert(AlertDescription.handshake_failure);
+
+            testSuite.addTest(new TlsTestCase(c, prefix + "BadMandatoryCertReqDeclined"));
+        }
+
+        {
+            TlsTestConfig c = createTlsTestConfig(version);
+            c.serverCertReq = C.SERVER_CERT_REQ_NONE;
+
+            testSuite.addTest(new TlsTestCase(c, prefix + "GoodNoCertReq"));
+        }
+
+        {
+            TlsTestConfig c = createTlsTestConfig(version);
+            c.clientAuth = C.CLIENT_AUTH_NONE;
+
+            testSuite.addTest(new TlsTestCase(c, prefix + "GoodOptionalCertReqDeclined"));
+        }
+    }
+
+    private static TlsTestConfig createTlsTestConfig(ProtocolVersion version)
+    {
+        TlsTestConfig c = new TlsTestConfig();
+        c.clientMinimumVersion = ProtocolVersion.TLSv10;
+        c.clientOfferVersion = ProtocolVersion.TLSv12;
+        c.serverMaximumVersion = version;
+        c.serverMinimumVersion = ProtocolVersion.TLSv10;
+        return c;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestUtils.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestUtils.java
new file mode 100644
index 0000000..a03f8d0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/TlsTestUtils.java
@@ -0,0 +1,192 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.crypto.tls.Certificate;
+import org.bouncycastle.crypto.tls.DefaultTlsAgreementCredentials;
+import org.bouncycastle.crypto.tls.DefaultTlsEncryptionCredentials;
+import org.bouncycastle.crypto.tls.DefaultTlsSignerCredentials;
+import org.bouncycastle.crypto.tls.SignatureAlgorithm;
+import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
+import org.bouncycastle.crypto.tls.TlsAgreementCredentials;
+import org.bouncycastle.crypto.tls.TlsContext;
+import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
+import org.bouncycastle.crypto.tls.TlsSignerCredentials;
+import org.bouncycastle.crypto.util.PrivateKeyFactory;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
+
+public class TlsTestUtils
+{
+    static final byte[] rsaCertData = Base64
+        .decode("MIICUzCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb2"
+            + "4gb2YgdGhlIEJvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExLzAtBgkq"
+            + "hkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTEzMDIyNTA2MDIwNVoXDTEzMDIyNT"
+            + "A2MDM0NVowgY8xCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIw"
+            + "EAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWVkYmFjay1jcnlwdG"
+            + "9AYm91bmN5Y2FzdGxlLm9yZzBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr5YtqKmKXmEGb4Shy"
+            + "pL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERo0QwQjAOBgNVHQ8BAf8EBAMCBSAwEgYDVR"
+            + "0lAQH/BAgwBgYEVR0lADAcBgNVHREBAf8EEjAQgQ50ZXN0QHRlc3QudGVzdDANBgkqhkiG9w0BAQQFAANBAHU55Ncz"
+            + "eglREcTg54YLUlGWu2WOYWhit/iM1eeq8Kivro7q98eW52jTuMI3CI5ulqd0hYzshQKQaZ5GDzErMyM=");
+
+    static final byte[] dudRsaCertData = Base64
+        .decode("MIICUzCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb2"
+            + "4gb2YgdGhlIEJvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExLzAtBgkq"
+            + "hkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTEzMDIyNTA1NDcyOFoXDTEzMDIyNT"
+            + "A1NDkwOFowgY8xCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIw"
+            + "EAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWVkYmFjay1jcnlwdG"
+            + "9AYm91bmN5Y2FzdGxlLm9yZzBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr5YtqKmKXmEGb4Shy"
+            + "pL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERo0QwQjAOBgNVHQ8BAf8EBAMCAAEwEgYDVR"
+            + "0lAQH/BAgwBgYEVR0lADAcBgNVHREBAf8EEjAQgQ50ZXN0QHRlc3QudGVzdDANBgkqhkiG9w0BAQQFAANBAJg55PBS"
+            + "weg6obRUKF4FF6fCrWFi6oCYSQ99LWcAeupc5BofW5MstFMhCOaEucuGVqunwT5G7/DweazzCIrSzB0=");
+
+    static String fingerprint(org.bouncycastle.asn1.x509.Certificate c)
+        throws IOException
+    {
+        byte[] der = c.getEncoded();
+        byte[] sha1 = sha256DigestOf(der);
+        byte[] hexBytes = Hex.encode(sha1);
+        String hex = new String(hexBytes, "ASCII").toUpperCase();
+
+        StringBuffer fp = new StringBuffer();
+        int i = 0;
+        fp.append(hex.substring(i, i + 2));
+        while ((i += 2) < hex.length())
+        {
+            fp.append(':');
+            fp.append(hex.substring(i, i + 2));
+        }
+        return fp.toString();
+    }
+
+    static byte[] sha256DigestOf(byte[] input)
+    {
+        SHA256Digest d = new SHA256Digest();
+        d.update(input, 0, input.length);
+        byte[] result = new byte[d.getDigestSize()];
+        d.doFinal(result, 0);
+        return result;
+    }
+
+    static TlsAgreementCredentials loadAgreementCredentials(TlsContext context,
+        String[] certResources, String keyResource)
+        throws IOException
+    {
+        Certificate certificate = loadCertificateChain(certResources);
+        AsymmetricKeyParameter privateKey = loadPrivateKeyResource(keyResource);
+
+        return new DefaultTlsAgreementCredentials(certificate, privateKey);
+    }
+
+    static TlsEncryptionCredentials loadEncryptionCredentials(TlsContext context,
+        String[] certResources, String keyResource)
+        throws IOException
+    {
+        Certificate certificate = loadCertificateChain(certResources);
+        AsymmetricKeyParameter privateKey = loadPrivateKeyResource(keyResource);
+
+        return new DefaultTlsEncryptionCredentials(context, certificate, privateKey);
+    }
+
+    static TlsSignerCredentials loadSignerCredentials(TlsContext context, String[] certResources,
+        String keyResource, SignatureAndHashAlgorithm signatureAndHashAlgorithm)
+        throws IOException
+    {
+        Certificate certificate = loadCertificateChain(certResources);
+        AsymmetricKeyParameter privateKey = loadPrivateKeyResource(keyResource);
+
+        return new DefaultTlsSignerCredentials(context, certificate, privateKey, signatureAndHashAlgorithm);
+    }
+
+    static TlsSignerCredentials loadSignerCredentials(TlsContext context, Vector supportedSignatureAlgorithms,
+        short signatureAlgorithm, String certResource, String keyResource)
+        throws IOException
+    {
+        /*
+         * TODO Note that this code fails to provide default value for the client supported
+         * algorithms if it wasn't sent.
+         */
+     
+        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
+        if (supportedSignatureAlgorithms != null)
+        {
+            for (int i = 0; i < supportedSignatureAlgorithms.size(); ++i)
+            {
+                SignatureAndHashAlgorithm alg = (SignatureAndHashAlgorithm)
+                    supportedSignatureAlgorithms.elementAt(i);
+                if (alg.getSignature() == signatureAlgorithm)
+                {
+                    signatureAndHashAlgorithm = alg;
+                    break;
+                }
+            }
+
+            if (signatureAndHashAlgorithm == null)
+            {
+                return null;
+            }
+        }
+
+        return TlsTestUtils.loadSignerCredentials(context, new String[]{
+            certResource, "x509-ca.pem" }, keyResource, signatureAndHashAlgorithm);
+    }
+
+    static Certificate loadCertificateChain(String[] resources)
+        throws IOException
+    {
+        org.bouncycastle.asn1.x509.Certificate[] chain = new org.bouncycastle.asn1.x509.Certificate[resources.length];
+        for (int i = 0; i < resources.length; ++i)
+        {
+            chain[i] = loadCertificateResource(resources[i]);
+        }
+        return new Certificate(chain);
+    }
+
+    static org.bouncycastle.asn1.x509.Certificate loadCertificateResource(String resource)
+        throws IOException
+    {
+        PemObject pem = loadPemResource(resource);
+        if (pem.getType().endsWith("CERTIFICATE"))
+        {
+            return org.bouncycastle.asn1.x509.Certificate.getInstance(pem.getContent());
+        }
+        throw new IllegalArgumentException("'resource' doesn't specify a valid certificate");
+    }
+
+    static AsymmetricKeyParameter loadPrivateKeyResource(String resource)
+        throws IOException
+    {
+        PemObject pem = loadPemResource(resource);
+        if (pem.getType().endsWith("RSA PRIVATE KEY"))
+        {
+            RSAPrivateKey rsa = RSAPrivateKey.getInstance(pem.getContent());
+            return new RSAPrivateCrtKeyParameters(rsa.getModulus(), rsa.getPublicExponent(),
+                rsa.getPrivateExponent(), rsa.getPrime1(), rsa.getPrime2(), rsa.getExponent1(),
+                rsa.getExponent2(), rsa.getCoefficient());
+        }
+        if (pem.getType().endsWith("PRIVATE KEY"))
+        {
+            return PrivateKeyFactory.createKey(pem.getContent());
+        }
+        throw new IllegalArgumentException("'resource' doesn't specify a valid private key");
+    }
+
+    static PemObject loadPemResource(String resource)
+        throws IOException
+    {
+        InputStream s = TlsTestUtils.class.getResourceAsStream(resource);
+        PemReader p = new PemReader(new InputStreamReader(s));
+        PemObject o = p.readPemObject();
+        p.close();
+        return o;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/UnreliableDatagramTransport.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/UnreliableDatagramTransport.java
new file mode 100644
index 0000000..bdc205a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/UnreliableDatagramTransport.java
@@ -0,0 +1,93 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.util.Random;
+
+import org.bouncycastle.crypto.tls.DatagramTransport;
+
+public class UnreliableDatagramTransport
+    implements DatagramTransport
+{
+
+    private final DatagramTransport transport;
+    private final Random random;
+    private final int percentPacketLossReceiving, percentPacketLossSending;
+
+    public UnreliableDatagramTransport(DatagramTransport transport, Random random,
+                                       int percentPacketLossReceiving, int percentPacketLossSending)
+    {
+        if (percentPacketLossReceiving < 0 || percentPacketLossReceiving > 100)
+        {
+            throw new IllegalArgumentException("'percentPacketLossReceiving' out of range");
+        }
+        if (percentPacketLossSending < 0 || percentPacketLossSending > 100)
+        {
+            throw new IllegalArgumentException("'percentPacketLossSending' out of range");
+        }
+
+        this.transport = transport;
+        this.random = random;
+        this.percentPacketLossReceiving = percentPacketLossReceiving;
+        this.percentPacketLossSending = percentPacketLossSending;
+    }
+
+    public int getReceiveLimit()
+        throws IOException
+    {
+        return transport.getReceiveLimit();
+    }
+
+    public int getSendLimit()
+        throws IOException
+    {
+        return transport.getSendLimit();
+    }
+
+    public int receive(byte[] buf, int off, int len, int waitMillis)
+        throws IOException
+    {
+        long endMillis = System.currentTimeMillis() + waitMillis;
+        for (; ; )
+        {
+            int length = transport.receive(buf, off, len, waitMillis);
+            if (length < 0 || !lostPacket(percentPacketLossReceiving))
+            {
+                return length;
+            }
+
+            System.out.println("PACKET LOSS (" + length + " byte packet not received)");
+
+            long now = System.currentTimeMillis();
+            if (now >= endMillis)
+            {
+                return -1;
+            }
+
+            waitMillis = (int)(endMillis - now);
+        }
+    }
+
+    public void send(byte[] buf, int off, int len)
+        throws IOException
+    {
+        if (lostPacket(percentPacketLossSending))
+        {
+            System.out.println("PACKET LOSS (" + len + " byte packet not sent)");
+        }
+        else
+        {
+            transport.send(buf, off, len);
+        }
+    }
+
+    public void close()
+        throws IOException
+    {
+        transport.close();
+    }
+
+    private boolean lostPacket(int percentPacketLoss)
+    {
+        return percentPacketLoss > 0 && random.nextInt(100) < percentPacketLoss;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java
index f0da0bf..2ded8ef 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java
@@ -1,5 +1,8 @@
 package org.bouncycastle.crypto.util;
 
+/**
+ * @deprecated use org.bouncycastle.util.pack
+ */
 public abstract class Pack
 {
     public static int bigEndianToInt(byte[] bs, int off)
@@ -114,6 +117,15 @@ public abstract class Pack
         }
     }
 
+    public static void littleEndianToInt(byte[] bs, int bOff, int[] ns, int nOff, int count)
+    {
+        for (int i = 0; i < count; ++i)
+        {
+            ns[nOff + i] = littleEndianToInt(bs, bOff);
+            bOff += 4;
+        }
+    }
+
     public static byte[] intToLittleEndian(int n)
     {
         byte[] bs = new byte[4];
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
index 6bf3399..92684ec 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
@@ -9,7 +9,6 @@ import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
@@ -23,12 +22,14 @@ import org.bouncycastle.asn1.x9.ECNamedCurveTable;
 import org.bouncycastle.asn1.x9.X962Parameters;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.ec.CustomNamedCurves;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.DHParameters;
 import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ElGamalParameters;
 import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
@@ -99,7 +100,7 @@ public class PrivateKeyFactory
         }
         else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
         {
-            ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
             ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
 
             return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
@@ -124,24 +125,30 @@ public class PrivateKeyFactory
             X962Parameters params = new X962Parameters((ASN1Primitive)algId.getParameters());
 
             X9ECParameters x9;
+            ECDomainParameters dParams;
+
             if (params.isNamedCurve())
             {
-                ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
-                x9 = ECNamedCurveTable.getByOID(oid);
+                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)params.getParameters();
+
+                x9 = CustomNamedCurves.getByOID(oid);
+                if (x9 == null)
+                {
+                    x9 = ECNamedCurveTable.getByOID(oid);
+                }
+                dParams = new ECNamedDomainParameters(
+                    oid, x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
             }
             else
             {
                 x9 = X9ECParameters.getInstance(params.getParameters());
+                dParams = new ECDomainParameters(
+                    x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
             }
 
             ECPrivateKey ec = ECPrivateKey.getInstance(keyInfo.parsePrivateKey());
             BigInteger d = ec.getKey();
 
-            // TODO We lose any named parameters here
-
-            ECDomainParameters dParams = new ECDomainParameters(
-                    x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
-
             return new ECPrivateKeyParameters(d, dParams);
         }
         else
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyInfoFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyInfoFactory.java
index 7b06c3f..f61815e 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyInfoFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyInfoFactory.java
@@ -18,6 +18,7 @@ import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
@@ -54,11 +55,17 @@ public class PrivateKeyInfoFactory
             ECPrivateKeyParameters priv = (ECPrivateKeyParameters)privateKey;
             ECDomainParameters domainParams = priv.getParameters();
             ASN1Encodable params;
+            int orderBitLength;
 
-            // TODO: need to handle named curves
             if (domainParams == null)
             {
                 params = new X962Parameters(DERNull.INSTANCE);      // Implicitly CA
+                orderBitLength = priv.getD().bitLength();   // TODO: this is as good as currently available, must be a better way...
+            }
+            else if (domainParams instanceof ECNamedDomainParameters)
+            {
+                params = new X962Parameters(((ECNamedDomainParameters)domainParams).getName());
+                orderBitLength = domainParams.getCurve().getOrder().bitLength();
             }
             else
             {
@@ -70,9 +77,10 @@ public class PrivateKeyInfoFactory
                     domainParams.getSeed());
 
                 params = new X962Parameters(ecP);
+                orderBitLength = domainParams.getCurve().getOrder().bitLength();
             }
 
-            return new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), new ECPrivateKey(priv.getD(), params));
+            return new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), new ECPrivateKey(orderBitLength, priv.getD(), params));
         }
         else
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
index 2d2927b..cb13095 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
@@ -10,7 +10,6 @@ import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -29,6 +28,7 @@ import org.bouncycastle.asn1.x9.X962Parameters;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.asn1.x9.X9ECPoint;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.ec.CustomNamedCurves;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.DHParameters;
 import org.bouncycastle.crypto.params.DHPublicKeyParameters;
@@ -36,6 +36,7 @@ import org.bouncycastle.crypto.params.DHValidationParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.ElGamalParameters;
 import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
@@ -134,7 +135,7 @@ public class PublicKeyFactory
         }
         else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
         {
-            ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
             ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
 
             return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
@@ -160,24 +161,30 @@ public class PublicKeyFactory
             X962Parameters params = X962Parameters.getInstance(algId.getParameters());
 
             X9ECParameters x9;
+            ECDomainParameters dParams;
+
             if (params.isNamedCurve())
             {
                 ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)params.getParameters();
-                x9 = ECNamedCurveTable.getByOID(oid);
+
+                x9 = CustomNamedCurves.getByOID(oid);
+                if (x9 == null)
+                {
+                    x9 = ECNamedCurveTable.getByOID(oid);
+                }
+                dParams = new ECNamedDomainParameters(
+                         oid, x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
             }
             else
             {
                 x9 = X9ECParameters.getInstance(params.getParameters());
+                dParams = new ECDomainParameters(
+                         x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
             }
 
             ASN1OctetString key = new DEROctetString(keyInfo.getPublicKeyData().getBytes());
             X9ECPoint derQ = new X9ECPoint(x9.getCurve(), key);
 
-            // TODO We lose any named parameters here
-            
-            ECDomainParameters dParams = new ECDomainParameters(
-                    x9.getCurve(), x9.getG(), x9.getN(), x9.getH(), x9.getSeed());
-
             return new ECPublicKeyParameters(derQ.getPoint(), dParams);
         }
         else
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.java
index bdc6cbd..d2d4203 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.java
@@ -17,6 +17,7 @@ import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 
@@ -52,11 +53,14 @@ public class SubjectPublicKeyInfoFactory
             ECDomainParameters domainParams = pub.getParameters();
             ASN1Encodable      params;
 
-            // TODO: need to handle named curves
             if (domainParams == null)
             {
                 params = new X962Parameters(DERNull.INSTANCE);      // Implicitly CA
             }
+            else if (domainParams instanceof ECNamedDomainParameters)
+            {
+                params = new X962Parameters(((ECNamedDomainParameters)domainParams).getName());
+            }
             else
             {
                 X9ECParameters ecP = new X9ECParameters(
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/package.html b/bcprov/src/main/java/org/bouncycastle/crypto/util/package.html
new file mode 100644
index 0000000..787b892
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Some general utility/conversion classes.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/JcaJceUtils.java b/bcprov/src/main/java/org/bouncycastle/jcajce/JcaJceUtils.java
deleted file mode 100644
index d7677f3..0000000
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/JcaJceUtils.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.jcajce;
-
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Primitive;
-
-public class JcaJceUtils
-{
-    private JcaJceUtils()
-    {
-
-    }
-
-    /**
-     * Extract an ASN.1 encodable from an AlgorithmParameters object.
-     *
-     * @param params the object to get the encoding used to create the return value.
-     * @return an ASN.1 object representing the primitives making up the params parameter.
-     * @throws IOException if an encoding cannot be extracted.
-     */
-    public static ASN1Encodable extractParameters(AlgorithmParameters params)
-        throws IOException
-    {
-        // we try ASN.1 explicitly first just in case and then role back to the default.
-        ASN1Encodable asn1Params;
-        try
-        {
-            asn1Params = ASN1Primitive.fromByteArray(params.getEncoded("ASN.1"));
-        }
-        catch (Exception ex)
-        {
-            asn1Params = ASN1Primitive.fromByteArray(params.getEncoded());
-        }
-
-        return asn1Params;
-    }
-
-    public static void loadParameters(AlgorithmParameters params, ASN1Encodable sParams)
-        throws IOException
-    {
-        // we try ASN.1 explicitly first just in case and then role back to the default.
-        try
-        {
-            params.init(sParams.toASN1Primitive().getEncoded(), "ASN.1");
-        }
-        catch (Exception ex)
-        {
-            params.init(sParams.toASN1Primitive().getEncoded());
-        }
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKCS12Key.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKCS12Key.java
new file mode 100644
index 0000000..471bc77
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKCS12Key.java
@@ -0,0 +1,43 @@
+package org.bouncycastle.jcajce;
+
+import javax.crypto.SecretKey;
+
+import org.bouncycastle.crypto.PBEParametersGenerator;
+
+public class PKCS12Key
+    implements SecretKey
+{
+    private final char[] password;
+
+    /**
+     * Basic constructor for a password based key - secret key generation parameters will be passed separately..
+     *
+     * @param password password to use.
+     */
+    public PKCS12Key(char[] password)
+    {
+        this.password = new char[password.length];
+
+        System.arraycopy(password, 0, this.password, 0, password.length);
+    }
+
+    public char[] getPassword()
+    {
+        return password;
+    }
+
+    public String getAlgorithm()
+    {
+        return "PKCS12";
+    }
+
+    public String getFormat()
+    {
+        return "RAW";
+    }
+
+    public byte[] getEncoded()
+    {
+        return PBEParametersGenerator.PKCS12PasswordToBytes(password);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKCS12KeyWithParameters.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKCS12KeyWithParameters.java
new file mode 100644
index 0000000..9b7f386
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKCS12KeyWithParameters.java
@@ -0,0 +1,37 @@
+package org.bouncycastle.jcajce;
+
+import javax.crypto.interfaces.PBEKey;
+
+import org.bouncycastle.util.Arrays;
+
+public class PKCS12KeyWithParameters
+    extends PKCS12Key implements PBEKey
+{
+    private final byte[] salt;
+    private final int iterationCount;
+
+    /**
+     * Basic constructor for a password based key with generation parameters.
+     *
+     * @param password password to use.
+     * @param salt salt for generation algorithm
+     * @param iterationCount iteration count for generation algorithm.
+     */
+    public PKCS12KeyWithParameters(char[] password, byte[] salt, int iterationCount)
+    {
+        super(password);
+
+        this.salt = Arrays.clone(salt);
+        this.iterationCount = iterationCount;
+    }
+
+    public byte[] getSalt()
+    {
+        return salt;
+    }
+
+    public int getIterationCount()
+    {
+        return iterationCount;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKCS12StoreParameter.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKCS12StoreParameter.java
new file mode 100644
index 0000000..b53eca5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKCS12StoreParameter.java
@@ -0,0 +1,62 @@
+package org.bouncycastle.jcajce;
+
+import java.io.OutputStream;
+import java.security.KeyStore;
+import java.security.KeyStore.LoadStoreParameter;
+import java.security.KeyStore.ProtectionParameter;
+
+/**
+ * LoadStoreParameter to allow for additional config with PKCS12 files.
+ * <p>
+ * Note: if you want a straight DER encoding of a PKCS#12 file you should use this.
+ * </p>
+ */
+public class PKCS12StoreParameter
+    implements LoadStoreParameter
+{
+    private final OutputStream out;
+    private final ProtectionParameter protectionParameter;
+    private final boolean forDEREncoding;
+
+    public PKCS12StoreParameter(OutputStream out, char[] password)
+    {
+        this(out, password, false);
+    }
+
+    public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter)
+    {
+        this(out, protectionParameter, false);
+    }
+
+    public PKCS12StoreParameter(OutputStream out, char[] password, boolean forDEREncoding)
+    {
+        this(out, new KeyStore.PasswordProtection(password), forDEREncoding);
+    }
+
+    public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter, boolean forDEREncoding)
+    {
+        this.out = out;
+        this.protectionParameter = protectionParameter;
+        this.forDEREncoding = forDEREncoding;
+    }
+
+    public OutputStream getOutputStream()
+    {
+        return out;
+    }
+
+    public ProtectionParameter getProtectionParameter()
+    {
+        return protectionParameter;
+    }
+
+    /**
+     * Return whether the KeyStore used with this parameter should be DER encoded on saving.
+     *
+     * @return true for straight DER encoding, false otherwise,
+     */
+    public boolean isForDEREncoding()
+    {
+        return forDEREncoding;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCRLStore.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCRLStore.java
new file mode 100644
index 0000000..b344720
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCRLStore.java
@@ -0,0 +1,15 @@
+package org.bouncycastle.jcajce;
+
+import java.security.cert.CRL;
+import java.util.Collection;
+
+import org.bouncycastle.util.Selector;
+import org.bouncycastle.util.Store;
+import org.bouncycastle.util.StoreException;
+
+public interface PKIXCRLStore<T extends CRL>
+    extends Store<T>
+{
+    Collection<T> getMatches(Selector<T> selector)
+        throws StoreException;
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCRLStoreSelector.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCRLStoreSelector.java
new file mode 100644
index 0000000..9c68433
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCRLStoreSelector.java
@@ -0,0 +1,313 @@
+package org.bouncycastle.jcajce;
+
+import java.math.BigInteger;
+import java.security.cert.CRL;
+import java.security.cert.CRLSelector;
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreException;
+import java.security.cert.X509CRL;
+import java.security.cert.X509CRLSelector;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Selector;
+
+/**
+ * This class is a Selector implementation for X.509 certificate revocation
+ * lists.
+ * 
+ * @see org.bouncycastle.util.Selector
+ */
+public class PKIXCRLStoreSelector<T extends CRL>
+    implements Selector<T>
+{
+    public static class Builder
+    {
+        private final CRLSelector baseSelector;
+
+        private boolean deltaCRLIndicator = false;
+        private boolean completeCRLEnabled = false;
+        private BigInteger maxBaseCRLNumber = null;
+        private byte[] issuingDistributionPoint = null;
+        private boolean issuingDistributionPointEnabled = false;
+
+        public Builder(CRLSelector certSelector)
+        {
+            this.baseSelector = (CRLSelector)certSelector.clone();
+        }
+
+
+        /**
+         * If set to <code>true</code> only complete CRLs are returned.
+         * <p>
+         * {@link #setCompleteCRLEnabled(boolean)} and
+         * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other.
+         *
+         * @param completeCRLEnabled <code>true</code> if only complete CRLs
+         *            should be returned.
+         */
+        public Builder setCompleteCRLEnabled(boolean completeCRLEnabled)
+        {
+            this.completeCRLEnabled = completeCRLEnabled;
+
+            return this;
+        }
+
+        /**
+         * If this is set to <code>true</code> the CRL reported contains the delta
+         * CRL indicator CRL extension.
+         * <p>
+         * {@link #setCompleteCRLEnabled(boolean)} and
+         * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other.
+         *
+         * @param deltaCRLIndicator <code>true</code> if the delta CRL indicator
+         *            extension must be in the CRL.
+         */
+        public Builder setDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator)
+        {
+            this.deltaCRLIndicator = deltaCRLIndicator;
+
+            return this;
+        }
+
+        /**
+         * Sets the maximum base CRL number. Setting to <code>null</code> disables
+         * this cheack.
+         * <p>
+         * This is only meaningful for delta CRLs. Complete CRLs must have a CRL
+         * number which is greater or equal than the base number of the
+         * corresponding CRL.
+         *
+         * @param maxBaseCRLNumber The maximum base CRL number to set.
+         */
+        public void setMaxBaseCRLNumber(BigInteger maxBaseCRLNumber)
+        {
+            this.maxBaseCRLNumber = maxBaseCRLNumber;
+        }
+
+        /**
+         * Enables or disables the issuing distribution point check.
+         *
+         * @param issuingDistributionPointEnabled <code>true</code> to enable the
+         *            issuing distribution point check.
+         */
+        public void setIssuingDistributionPointEnabled(
+            boolean issuingDistributionPointEnabled)
+        {
+            this.issuingDistributionPointEnabled = issuingDistributionPointEnabled;
+        }
+
+        /**
+         * Sets the issuing distribution point.
+         * <p>
+         * The issuing distribution point extension is a CRL extension which
+         * identifies the scope and the distribution point of a CRL. The scope
+         * contains among others information about revocation reasons contained in
+         * the CRL. Delta CRLs and complete CRLs must have matching issuing
+         * distribution points.
+         * <p>
+         * The byte array is cloned to protect against subsequent modifications.
+         * <p>
+         * You must also enable or disable this criteria with
+         * {@link #setIssuingDistributionPointEnabled(boolean)}.
+         *
+         * @param issuingDistributionPoint The issuing distribution point to set.
+         *            This is the DER encoded OCTET STRING extension value.
+         * @see #getIssuingDistributionPoint()
+         */
+        public void setIssuingDistributionPoint(byte[] issuingDistributionPoint)
+        {
+            this.issuingDistributionPoint = Arrays.clone(issuingDistributionPoint);
+        }
+
+        public PKIXCRLStoreSelector<? extends CRL> build()
+        {
+            return new PKIXCRLStoreSelector(this);
+        }
+    }
+
+    private final CRLSelector baseSelector;
+    private final boolean deltaCRLIndicator;
+    private final boolean completeCRLEnabled;
+    private final BigInteger maxBaseCRLNumber;
+    private final byte[] issuingDistributionPoint;
+    private final boolean issuingDistributionPointEnabled;
+
+    private PKIXCRLStoreSelector(Builder baseBuilder)
+    {
+        this.baseSelector = baseBuilder.baseSelector;
+        this.deltaCRLIndicator = baseBuilder.deltaCRLIndicator;
+        this.completeCRLEnabled = baseBuilder.completeCRLEnabled;
+        this.maxBaseCRLNumber = baseBuilder.maxBaseCRLNumber;
+        this.issuingDistributionPoint = baseBuilder.issuingDistributionPoint;
+        this.issuingDistributionPointEnabled = baseBuilder.issuingDistributionPointEnabled;
+    }
+
+
+    /**
+     * Returns if the issuing distribution point criteria should be applied.
+     * Defaults to <code>false</code>.
+     * <p>
+     * You may also set the issuing distribution point criteria if not a missing
+     * issuing distribution point should be assumed.
+     * 
+     * @return Returns if the issuing distribution point check is enabled.
+     */
+    public boolean isIssuingDistributionPointEnabled()
+    {
+        return issuingDistributionPointEnabled;
+    }
+
+
+
+    public boolean match(CRL obj)
+    {
+        if (!(obj instanceof X509CRL))
+        {
+            return baseSelector.match(obj);
+        }
+
+        X509CRL crl = (X509CRL)obj;
+        ASN1Integer dci = null;
+        try
+        {
+            byte[] bytes = crl
+                .getExtensionValue(Extension.deltaCRLIndicator.getId());
+            if (bytes != null)
+            {
+                dci = ASN1Integer.getInstance(ASN1OctetString.getInstance(bytes).getOctets());
+            }
+        }
+        catch (Exception e)
+        {
+            return false;
+        }
+        if (isDeltaCRLIndicatorEnabled())
+        {
+            if (dci == null)
+            {
+                return false;
+            }
+        }
+        if (isCompleteCRLEnabled())
+        {
+            if (dci != null)
+            {
+                return false;
+            }
+        }
+        if (dci != null)
+        {
+
+            if (maxBaseCRLNumber != null)
+            {
+                if (dci.getPositiveValue().compareTo(maxBaseCRLNumber) == 1)
+                {
+                    return false;
+                }
+            }
+        }
+        if (issuingDistributionPointEnabled)
+        {
+            byte[] idp = crl
+                .getExtensionValue(Extension.issuingDistributionPoint
+                    .getId());
+            if (issuingDistributionPoint == null)
+            {
+                if (idp != null)
+                {
+                    return false;
+                }
+            }
+            else
+            {
+                if (!Arrays.areEqual(idp, issuingDistributionPoint))
+                {
+                    return false;
+                }
+            }
+
+        }
+        return baseSelector.match(obj);
+    }
+
+    /**
+     * Returns if this selector must match CRLs with the delta CRL indicator
+     * extension set. Defaults to <code>false</code>.
+     * 
+     * @return Returns <code>true</code> if only CRLs with the delta CRL
+     *         indicator extension are selected.
+     */
+    public boolean isDeltaCRLIndicatorEnabled()
+    {
+        return deltaCRLIndicator;
+    }
+
+    public Object clone()
+    {
+        return this;
+    }
+
+    /**
+     * If <code>true</code> only complete CRLs are returned. Defaults to
+     * <code>false</code>.
+     * 
+     * @return <code>true</code> if only complete CRLs are returned.
+     */
+    public boolean isCompleteCRLEnabled()
+    {
+        return completeCRLEnabled;
+    }
+
+    /**
+     * Get the maximum base CRL number. Defaults to <code>null</code>.
+     * 
+     * @return Returns the maximum base CRL number.
+     */
+    public BigInteger getMaxBaseCRLNumber()
+    {
+        return maxBaseCRLNumber;
+    }
+
+
+    /**
+     * Returns the issuing distribution point. Defaults to <code>null</code>,
+     * which is a missing issuing distribution point extension.
+     * <p>
+     * The internal byte array is cloned before it is returned.
+     * <p>
+     * The criteria must be enable with Builder.setIssuingDistributionPointEnabled(boolean)}.
+     * 
+     * @return Returns the issuing distribution point.
+     */
+    public byte[] getIssuingDistributionPoint()
+    {
+        return Arrays.clone(issuingDistributionPoint);
+    }
+
+    public X509Certificate getCertificateChecking()
+    {
+        return ((X509CRLSelector)baseSelector).getCertificateChecking();
+    }
+
+    public static Collection<? extends CRL> getCRLs(final PKIXCRLStoreSelector selector, CertStore certStore)
+        throws CertStoreException
+    {
+        return certStore.getCRLs(new CRLSelector()
+        {
+            public boolean match(CRL crl)
+            {
+                return selector.match(crl);
+            }
+
+            public Object clone()
+            {
+                return this;
+            }
+        });
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCertStore.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCertStore.java
new file mode 100644
index 0000000..092872f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCertStore.java
@@ -0,0 +1,15 @@
+package org.bouncycastle.jcajce;
+
+import java.security.cert.Certificate;
+import java.util.Collection;
+
+import org.bouncycastle.util.Selector;
+import org.bouncycastle.util.Store;
+import org.bouncycastle.util.StoreException;
+
+public interface PKIXCertStore<T extends Certificate>
+    extends Store<T>
+{
+    Collection<T> getMatches(Selector<T> selector)
+        throws StoreException;
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCertStoreSelector.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCertStoreSelector.java
new file mode 100644
index 0000000..1775de7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXCertStoreSelector.java
@@ -0,0 +1,67 @@
+package org.bouncycastle.jcajce;
+
+import java.security.cert.CertSelector;
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreException;
+import java.security.cert.Certificate;
+import java.util.Collection;
+
+import org.bouncycastle.util.Selector;
+
+/**
+ * This class is a Selector implementation for certificates.
+ * 
+ * @see org.bouncycastle.util.Selector
+ */
+public class PKIXCertStoreSelector<T extends Certificate>
+    implements Selector<T>
+{
+    public static class Builder
+    {
+        private final CertSelector baseSelector;
+
+        public Builder(CertSelector certSelector)
+        {
+            this.baseSelector = (CertSelector)certSelector.clone();
+        }
+
+        public PKIXCertStoreSelector<? extends Certificate> build()
+        {
+            return new PKIXCertStoreSelector(baseSelector);
+        }
+    }
+
+    private final CertSelector baseSelector;
+
+    private PKIXCertStoreSelector(CertSelector baseSelector)
+    {
+        this.baseSelector = baseSelector;
+    }
+
+    public boolean match(Certificate cert)
+    {
+        return baseSelector.match(cert);
+    }
+
+    public Object clone()
+    {
+        return new PKIXCertStoreSelector(baseSelector);
+    }
+
+    public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore)
+        throws CertStoreException
+    {
+        return certStore.getCertificates(new CertSelector()
+        {
+            public boolean match(Certificate certificate)
+            {
+                return (selector == null) ? true : selector.match(certificate);
+            }
+
+            public Object clone()
+            {
+                return this;
+            }
+        });
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java
new file mode 100644
index 0000000..3369d0d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java
@@ -0,0 +1,138 @@
+package org.bouncycastle.jcajce;
+
+import java.security.InvalidParameterException;
+import java.security.cert.CertPathParameters;
+import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * This class contains extended parameters for PKIX certification path builders.
+ * 
+ * @see java.security.cert.PKIXBuilderParameters
+ */
+public class PKIXExtendedBuilderParameters
+    implements CertPathParameters
+{
+    public static class Builder
+    {
+        private final PKIXExtendedParameters baseParameters;
+
+        private int maxPathLength = 5;
+        private Set<X509Certificate> excludedCerts = new HashSet<X509Certificate>();
+
+        public Builder(PKIXBuilderParameters baseParameters)
+        {
+            this.baseParameters = new PKIXExtendedParameters.Builder(baseParameters).build();
+            this.maxPathLength = baseParameters.getMaxPathLength();
+        }
+
+        public Builder(PKIXExtendedParameters baseParameters)
+        {
+            this.baseParameters = baseParameters;
+        }
+
+        /**
+         * Adds excluded certificates which are not used for building a
+         * certification path.
+         * <p>
+         * The given set is cloned to protect it against subsequent modifications.
+         *
+         * @param excludedCerts The excluded certificates to set.
+         */
+        public Builder addExcludedCerts(Set<X509Certificate> excludedCerts)
+        {
+            this.excludedCerts.addAll(excludedCerts);
+
+            return this;
+        }
+
+        /**
+         * Sets the maximum number of intermediate non-self-issued certificates in a
+         * certification path. The PKIX <code>CertPathBuilder</code> must not
+         * build paths longer then this length.
+         * <p>
+         * A value of 0 implies that the path can only contain a single certificate.
+         * A value of -1 does not limit the length. The default length is 5.
+         *
+         * <p>
+         *
+         * The basic constraints extension of a CA certificate overrides this value
+         * if smaller.
+         *
+         * @param maxPathLength the maximum number of non-self-issued intermediate
+         *            certificates in the certification path
+         * @throws java.security.InvalidParameterException if <code>maxPathLength</code> is set
+         *             to a value less than -1
+         *
+         * @see #getMaxPathLength
+         */
+        public Builder setMaxPathLength(int maxPathLength)
+        {
+            if (maxPathLength < -1)
+            {
+                throw new InvalidParameterException("The maximum path "
+                        + "length parameter can not be less than -1.");
+            }
+            this.maxPathLength = maxPathLength;
+
+            return this;
+        }
+
+        public PKIXExtendedBuilderParameters build()
+        {
+            return new PKIXExtendedBuilderParameters(this);
+        }
+    }
+
+    private final PKIXExtendedParameters baseParameters;
+    private final Set<X509Certificate> excludedCerts;
+    private final int maxPathLength;
+
+    private PKIXExtendedBuilderParameters(Builder builder)
+    {
+        this.baseParameters = builder.baseParameters;
+        this.excludedCerts = Collections.unmodifiableSet(builder.excludedCerts);
+        this.maxPathLength = builder.maxPathLength;
+    }
+
+    public PKIXExtendedParameters getBaseParameters()
+    {
+        return baseParameters;
+    }
+
+    /**
+     * Excluded certificates are not used for building a certification path.
+     * <p>
+     * The returned set is immutable.
+     * 
+     * @return Returns the excluded certificates.
+     */
+    public Set getExcludedCerts()
+    {
+        return excludedCerts;
+    }
+
+    /**
+     * Returns the value of the maximum number of intermediate non-self-issued
+     * certificates in the certification path.
+     * 
+     * @return the maximum number of non-self-issued intermediate certificates
+     *         in the certification path, or -1 if no limit exists.
+     */
+    public int getMaxPathLength()
+    {
+        return maxPathLength;
+    }
+
+    /**
+     * @return this object
+     */
+    public Object clone()
+    {
+        return this;
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedParameters.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedParameters.java
new file mode 100644
index 0000000..3a86f2a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedParameters.java
@@ -0,0 +1,340 @@
+package org.bouncycastle.jcajce;
+
+import java.security.cert.CertPathParameters;
+import java.security.cert.CertSelector;
+import java.security.cert.CertStore;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.bouncycastle.asn1.x509.GeneralName;
+
+/**
+ * This class extends the PKIXParameters with a validity model parameter.
+ */
+public class PKIXExtendedParameters
+    implements CertPathParameters
+{
+    /**
+     * This is the default PKIX validity model. Actually there are two variants
+     * of this: The PKIX model and the modified PKIX model. The PKIX model
+     * verifies that all involved certificates must have been valid at the
+     * current time. The modified PKIX model verifies that all involved
+     * certificates were valid at the signing time. Both are indirectly choosen
+     * with the {@link java.security.cert.PKIXParameters#setDate(java.util.Date)} method, so this
+     * methods sets the Date when <em>all</em> certificates must have been
+     * valid.
+     */
+    public static final int PKIX_VALIDITY_MODEL = 0;
+
+    /**
+     * This model uses the following validity model. Each certificate must have
+     * been valid at the moment where is was used. That means the end
+     * certificate must have been valid at the time the signature was done. The
+     * CA certificate which signed the end certificate must have been valid,
+     * when the end certificate was signed. The CA (or Root CA) certificate must
+     * have been valid, when the CA certificate was signed and so on. So the
+     * {@link java.security.cert.PKIXParameters#setDate(java.util.Date)} method sets the time, when
+     * the <em>end certificate</em> must have been valid.
+     * <p>
+     * It is used e.g.
+     * in the German signature law.
+     * </p>
+     */
+    public static final int CHAIN_VALIDITY_MODEL = 1;
+
+    public static class Builder
+    {
+        private final PKIXParameters baseParameters;
+        private final Date date;
+
+        private PKIXCertStoreSelector targetConstraints;
+        private List<PKIXCertStore> extraCertStores = new ArrayList<PKIXCertStore>();
+        private Map<GeneralName, PKIXCertStore> namedCertificateStoreMap = new HashMap<GeneralName, PKIXCertStore>();
+        private List<PKIXCRLStore> extraCRLStores = new ArrayList<PKIXCRLStore>();
+        private Map<GeneralName, PKIXCRLStore> namedCRLStoreMap = new HashMap<GeneralName, PKIXCRLStore>();
+        private boolean revocationEnabled;
+        private int validityModel = PKIX_VALIDITY_MODEL;
+        private boolean useDeltas = false;
+        private Set<TrustAnchor> trustAnchors;
+
+        public Builder(PKIXParameters baseParameters)
+        {
+            this.baseParameters = (PKIXParameters)baseParameters.clone();
+            CertSelector constraints = baseParameters.getTargetCertConstraints();
+            if (constraints != null)
+            {
+                this.targetConstraints = new PKIXCertStoreSelector.Builder(constraints).build();
+            }
+            Date checkDate = baseParameters.getDate();
+            this.date = (checkDate == null) ? new Date() : checkDate;
+            this.revocationEnabled = baseParameters.isRevocationEnabled();
+            this.trustAnchors = baseParameters.getTrustAnchors();
+        }
+
+        public Builder(PKIXExtendedParameters baseParameters)
+        {
+            this.baseParameters = baseParameters.baseParameters;
+            this.date = baseParameters.date;
+            this.targetConstraints = baseParameters.targetConstraints;
+            this.extraCertStores = new ArrayList<PKIXCertStore>(baseParameters.extraCertStores);
+            this.namedCertificateStoreMap = new HashMap<GeneralName, PKIXCertStore>(baseParameters.namedCertificateStoreMap);
+            this.extraCRLStores = new ArrayList<PKIXCRLStore>(baseParameters.extraCRLStores);
+            this.namedCRLStoreMap = new HashMap<GeneralName, PKIXCRLStore>(baseParameters.namedCRLStoreMap);
+            this.useDeltas = baseParameters.useDeltas;
+            this.validityModel = baseParameters.validityModel;
+            this.revocationEnabled = baseParameters.isRevocationEnabled();
+            this.trustAnchors = baseParameters.getTrustAnchors();
+        }
+
+        public Builder addCertificateStore(PKIXCertStore store)
+        {
+            extraCertStores.add(store);
+
+            return this;
+        }
+
+        public Builder addNamedCertificateStore(GeneralName issuerAltName, PKIXCertStore store)
+        {
+            namedCertificateStoreMap.put(issuerAltName, store);
+
+            return this;
+        }
+
+        public Builder addCRLStore(PKIXCRLStore store)
+        {
+            extraCRLStores.add(store);
+
+            return this;
+        }
+
+        public Builder addNamedCRLStore(GeneralName issuerAltName, PKIXCRLStore store)
+        {
+            namedCRLStoreMap.put(issuerAltName, store);
+
+            return this;
+        }
+
+        public Builder setTargetConstraints(PKIXCertStoreSelector selector)
+        {
+            targetConstraints = selector;
+
+            return this;
+        }
+
+        /**
+         * Sets if delta CRLs should be used for checking the revocation status.
+         *
+         * @param useDeltas <code>true</code> if delta CRLs should be used.
+         */
+        public Builder setUseDeltasEnabled(boolean useDeltas)
+        {
+            this.useDeltas = useDeltas;
+
+            return this;
+        }
+
+        /**
+         * @param validityModel The validity model to set.
+         * @see #CHAIN_VALIDITY_MODEL
+         * @see #PKIX_VALIDITY_MODEL
+         */
+        public Builder setValidityModel(int validityModel)
+        {
+            this.validityModel = validityModel;
+
+            return this;
+        }
+
+        /**
+         * Set the trustAnchor to be used with these parameters.
+         *
+         * @param trustAnchor the trust anchor end-entity and CRLs must be based on.
+         * @return the current builder.
+         */
+        public Builder setTrustAnchor(TrustAnchor trustAnchor)
+        {
+            this.trustAnchors = Collections.singleton(trustAnchor);
+
+            return this;
+        }
+
+        /**
+         * Set the set of trustAnchors to be used with these parameters.
+         *
+         * @param trustAnchors  a set of trustAnchors, one of which a particular end-entity and it's associated CRLs must be based on.
+         * @return the current builder.
+         */
+        public Builder setTrustAnchors(Set<TrustAnchor> trustAnchors)
+        {
+            this.trustAnchors = trustAnchors;
+
+            return this;
+        }
+
+        /**
+         * Flag whether or not revocation checking is to be enabled.
+         *
+         * @param revocationEnabled  true if revocation checking to be enabled, false otherwise.
+         */
+        public void setRevocationEnabled(boolean revocationEnabled)
+        {
+            this.revocationEnabled = revocationEnabled;
+        }
+
+        public PKIXExtendedParameters build()
+        {
+            return new PKIXExtendedParameters(this);
+        }
+    }
+
+    private final PKIXParameters baseParameters;
+    private final PKIXCertStoreSelector targetConstraints;
+    private final Date date;
+    private final List<PKIXCertStore> extraCertStores;
+    private final Map<GeneralName, PKIXCertStore> namedCertificateStoreMap;
+    private final List<PKIXCRLStore> extraCRLStores;
+    private final Map<GeneralName, PKIXCRLStore> namedCRLStoreMap;
+    private final boolean revocationEnabled;
+    private final boolean useDeltas;
+    private final int validityModel;
+    private final Set<TrustAnchor> trustAnchors;
+
+    private PKIXExtendedParameters(Builder builder)
+    {
+        this.baseParameters = builder.baseParameters;
+        this.date = builder.date;
+        this.extraCertStores = Collections.unmodifiableList(builder.extraCertStores);
+        this.namedCertificateStoreMap = Collections.unmodifiableMap(new HashMap<GeneralName, PKIXCertStore>(builder.namedCertificateStoreMap));
+        this.extraCRLStores = Collections.unmodifiableList(builder.extraCRLStores);
+        this.namedCRLStoreMap = Collections.unmodifiableMap(new HashMap<GeneralName, PKIXCRLStore>(builder.namedCRLStoreMap));
+        this.targetConstraints = builder.targetConstraints;
+        this.revocationEnabled = builder.revocationEnabled;
+        this.useDeltas = builder.useDeltas;
+        this.validityModel = builder.validityModel;
+        this.trustAnchors = Collections.unmodifiableSet(builder.trustAnchors);
+    }
+
+    public List<PKIXCertStore> getCertificateStores()
+    {
+        return extraCertStores;
+    }
+
+
+    public Map<GeneralName, PKIXCertStore> getNamedCertificateStoreMap()
+    {
+        return namedCertificateStoreMap;
+    }
+
+    public List<PKIXCRLStore> getCRLStores()
+    {
+        return extraCRLStores;
+    }
+
+    public Map<GeneralName, PKIXCRLStore> getNamedCRLStoreMap()
+    {
+        return namedCRLStoreMap;
+    }
+
+    public Date getDate()
+    {
+        return new Date(date.getTime());
+    }
+
+
+
+
+    /**
+     * Defaults to <code>false</code>.
+     *
+     * @return Returns if delta CRLs should be used.
+     */
+    public boolean isUseDeltasEnabled()
+    {
+        return useDeltas;
+    }
+
+
+
+    /**
+     * @return Returns the validity model.
+     * @see #CHAIN_VALIDITY_MODEL
+     * @see #PKIX_VALIDITY_MODEL
+     */
+    public int getValidityModel()
+    {
+        return validityModel;
+    }
+
+    public Object clone()
+    {
+        return this;
+    }
+
+    /**
+     * Returns the required constraints on the target certificate.
+     * The constraints are returned as an instance of
+     * <code>Selector</code>. If <code>null</code>, no constraints are
+     * defined.
+     *
+     * @return a <code>Selector</code> specifying the constraints on the
+     *         target certificate or attribute certificate (or <code>null</code>)
+     * @see PKIXCertStoreSelector
+     */
+    public PKIXCertStoreSelector getTargetConstraints()
+    {
+        return targetConstraints;
+    }
+
+    public Set getTrustAnchors()
+    {
+        return trustAnchors;
+    }
+
+    public Set getInitialPolicies()
+    {
+        return baseParameters.getInitialPolicies();
+    }
+
+    public String getSigProvider()
+    {
+        return baseParameters.getSigProvider();
+    }
+
+    public boolean isExplicitPolicyRequired()
+    {
+        return baseParameters.isExplicitPolicyRequired();
+    }
+
+    public boolean isAnyPolicyInhibited()
+    {
+        return baseParameters.isAnyPolicyInhibited();
+    }
+
+    public boolean isPolicyMappingInhibited()
+    {
+        return baseParameters.isPolicyMappingInhibited();
+    }
+
+    public List getCertPathCheckers()
+    {
+        return baseParameters.getCertPathCheckers();
+    }
+
+    public List<CertStore> getCertStores()
+    {
+        return baseParameters.getCertStores();
+    }
+
+    public boolean isRevocationEnabled()
+    {
+        return revocationEnabled;
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/io/CipherInputStream.java b/bcprov/src/main/java/org/bouncycastle/jcajce/io/CipherInputStream.java
index 84291ba..bca96fa 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/io/CipherInputStream.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/io/CipherInputStream.java
@@ -15,14 +15,15 @@ import org.bouncycastle.crypto.io.InvalidCipherTextIOException;
  * A CipherInputStream is composed of an InputStream and a cipher so that read() methods return data
  * that are read in from the underlying InputStream but have been additionally processed by the
  * Cipher. The cipher must be fully initialized before being used by a CipherInputStream.
- * <p/>
+ * <p>
  * For example, if the Cipher is initialized for decryption, the CipherInputStream will attempt to
  * read in data and decrypt them, before returning the decrypted data.
- * <p/>
+ * </p><p>
  * This is a reimplementation of {@link javax.crypto.CipherInputStream} that is safe for use with
  * AEAD block ciphers, and does not silently catch {@link BadPaddingException} and
  * {@link IllegalBlockSizeException} errors. Any errors that occur during {@link Cipher#doFinal()
  * finalisation} are rethrown wrapped in an {@link InvalidCipherTextIOException}.
+ * </p>
  */
 public class CipherInputStream
     extends FilterInputStream
@@ -101,9 +102,9 @@ public class CipherInputStream
     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and returns the next available byte.
-     * <p/>
+     * <p>
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
-     *
+     * </p>
      * @throws IOException if there was an error closing the input stream.
      * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
      * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
@@ -125,9 +126,9 @@ public class CipherInputStream
     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and then returns up to <code>len</code> bytes in the provided array.
-     * <p/>
+     * <p>
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
-     *
+     * </p>
      * @param b   the buffer into which the data is read.
      * @param off the start offset in the destination array <code>b</code>
      * @param len the maximum number of bytes read.
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/io/CipherOutputStream.java b/bcprov/src/main/java/org/bouncycastle/jcajce/io/CipherOutputStream.java
index 814b339..7c1cebf 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/io/CipherOutputStream.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/io/CipherOutputStream.java
@@ -16,14 +16,15 @@ import org.bouncycastle.crypto.io.InvalidCipherTextIOException;
  * the written data with the cipher, and the output of the cipher is in turn written to the
  * underlying OutputStream. The cipher must be fully initialized before being used by a
  * CipherInputStream.
- * <p/>
+ * <p>
  * For example, if the cipher is initialized for encryption, the CipherOutputStream will encrypt the
  * data before writing the encrypted data to the underlying stream.
- * <p/>
+ * </p><p>
  * This is a reimplementation of {@link javax.crypto.CipherOutputStream} that is safe for use with
  * AEAD block ciphers, and does not silently catch {@link BadPaddingException} and
  * {@link IllegalBlockSizeException} errors. Any errors that occur during {@link Cipher#doFinal()
  * finalisation} are rethrown wrapped in an {@link InvalidCipherTextIOException}.
+ * </p>
  */
 public class CipherOutputStream
     extends FilterOutputStream
@@ -75,13 +76,12 @@ public class CipherOutputStream
     /**
      * Flushes this output stream by forcing any buffered output bytes that have already been
      * processed by the encapsulated cipher object to be written out.
-     * <p/>
-     * <p/>
+     * <p>
      * Any bytes buffered by the encapsulated cipher and waiting to be processed by it will not be
      * written out. For example, if the encapsulated cipher is a block cipher, and the total number
      * of bytes written using one of the <code>write</code> methods is less than the cipher's block
      * size, no bytes will be written out.
-     *
+     * </p>
      * @throws java.io.IOException if an I/O error occurs.
      */
     public void flush()
@@ -92,14 +92,14 @@ public class CipherOutputStream
 
     /**
      * Closes this output stream and releases any system resources associated with this stream.
-     * <p/>
+     * <p>
      * This method invokes the <code>doFinal</code> method of the encapsulated cipher object, which
      * causes any bytes buffered by the encapsulated cipher to be processed. The result is written
      * out by calling the <code>flush</code> method of this output stream.
-     * <p/>
+     * </p><p>
      * This method resets the encapsulated cipher object to its initial state and calls the
      * <code>close</code> method of the underlying output stream.
-     *
+     * </p>
      * @throws java.io.IOException if an I/O error occurs.
      * @throws InvalidCipherTextIOException if the data written to this stream was invalid
      * ciphertext (e.g. the cipher is an AEAD cipher and the ciphertext tag check
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
index 0f7d202..5b6b8c4 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
@@ -1,5 +1,8 @@
 package org.bouncycastle.jcajce.provider.asymmetric;
 
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.asymmetric.dh.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
 
@@ -36,6 +39,9 @@ public class DH
             provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES");
             provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES");
             provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede");
+
+            registerOid(provider, PKCSObjectIdentifiers.dhKeyAgreement, "DH", new KeyFactorySpi());
+            registerOid(provider, X9ObjectIdentifiers.dhpublicnumber, "DH", new KeyFactorySpi());
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
index d06e05c..d7b437c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.jcajce.provider.asymmetric;
 
+import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
@@ -25,6 +26,7 @@ public class EC
             provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
             provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
             provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF");
+            provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
 
             registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC());
             // TODO Should this be an alias for ECDH?
@@ -45,6 +47,7 @@ public class EC
             provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC");
             provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
             provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH");
             provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
             provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
             provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
@@ -54,6 +57,10 @@ public class EC
             provider.addAlgorithm("Cipher.ECIESWITHAES", PREFIX + "IESCipher$ECIESwithAES");
             provider.addAlgorithm("Cipher.ECIESwithDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
             provider.addAlgorithm("Cipher.ECIESWITHDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
+            provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
+            provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
+            provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
+            provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
 
             provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
             provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone");
@@ -91,6 +98,13 @@ public class EC
             addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
             addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
             addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
+
+            addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
+            addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224);
+            addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256);
+            addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384);
+            addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512);
+            addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
index 70fe386..b65b859 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
@@ -80,6 +80,10 @@ public class RSA
             provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
             provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
 
+            provider.addAlgorithm("Signature.SHA224WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA224withRSA");
+            provider.addAlgorithm("Signature.SHA256WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA256withRSA");
+            provider.addAlgorithm("Signature.SHA384WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA384withRSA");
+            provider.addAlgorithm("Signature.SHA512WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA512withRSA");
             provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA");
             provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA");
             provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA");
@@ -101,10 +105,6 @@ public class RSA
             provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS");
             provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS");
             provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS");
 
             if (provider.hasAlgorithm("MessageDigest", "MD2"))
             {
@@ -137,6 +137,10 @@ public class RSA
                 provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
                 provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
                 provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
+
+                provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSA/X9.31", "SHA1WITHRSA/X9.31");
+                provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/X9.31", "SHA1WITHRSA/X9.31");
+                provider.addAlgorithm("Signature.SHA1WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA1WithRSAEncryption");
             }
 
             addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
@@ -144,10 +148,26 @@ public class RSA
             addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption);
             addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption);
 
+            provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSA/X9.31", "SHA224WITHRSA/X9.31");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA224WithRSA/X9.31", "SHA224WITHRSA/X9.31");
+            provider.addAlgorithm("Signature.SHA224WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSA/X9.31", "SHA256WITHRSA/X9.31");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA256WithRSA/X9.31", "SHA256WITHRSA/X9.31");
+            provider.addAlgorithm("Signature.SHA256WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSA/X9.31", "SHA384WITHRSA/X9.31");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA384WithRSA/X9.31", "SHA384WITHRSA/X9.31");
+            provider.addAlgorithm("Signature.SHA384WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSA/X9.31", "SHA512WITHRSA/X9.31");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA512WithRSA/X9.31", "SHA512WITHRSA/X9.31");
+            provider.addAlgorithm("Signature.SHA512WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption");
+
             if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
             {
                 addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
                 addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
+                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128withRSA/X9.31", "RIPEMD128WITHRSA/X9.31");
+                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128WithRSA/X9.31", "RIPEMD128WITHRSA/X9.31");
+                provider.addAlgorithm("Signature.RIPEMD128WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
             }
 
             if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
@@ -156,6 +176,9 @@ public class RSA
                 addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
                 provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
                 provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
+                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160withRSA/X9.31", "RIPEMD160WITHRSA/X9.31");
+                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/X9.31", "RIPEMD160WITHRSA/X9.31");
+                provider.addAlgorithm("Signature.RIPEMD160WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
             }
 
             if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
@@ -163,6 +186,14 @@ public class RSA
                 addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
                 addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
             }
+
+            if (provider.hasAlgorithm("MessageDigest", "WHIRLPOOL"))
+            {
+                provider.addAlgorithm("Alg.Alias.Signature.WhirlpoolWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31");
+                provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLwithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31");
+                provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31");
+                provider.addAlgorithm("Signature.WHIRLPOOLWITHRSA/X9.31", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption");
+            }
         }
 
         private void addDigestSignature(
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java
index 8bdcc55..e4c8172 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java
@@ -10,10 +10,10 @@ import javax.crypto.spec.DHParameterSpec;
 
 import org.bouncycastle.crypto.generators.DHParametersGenerator;
 import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAlgorithmParameterGeneratorSpi;
 
 public class AlgorithmParameterGeneratorSpi
-    extends java.security.AlgorithmParameterGeneratorSpi
+    extends BaseAlgorithmParameterGeneratorSpi
 {
     protected SecureRandom random;
     protected int strength = 1024;
@@ -63,7 +63,7 @@ public class AlgorithmParameterGeneratorSpi
 
         try
         {
-            params = AlgorithmParameters.getInstance("DH", BouncyCastleProvider.PROVIDER_NAME);
+            params = createParametersInstance("DH");
             params.init(new DHParameterSpec(p.getP(), p.getG(), l));
         }
         catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java
index c29ff2d..df6b6f9 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java
@@ -7,8 +7,10 @@ import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
+import java.security.Provider;
 import java.security.PublicKey;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.security.spec.AlgorithmParameterSpec;
 
 import javax.crypto.BadPaddingException;
@@ -43,6 +45,8 @@ import org.bouncycastle.crypto.params.IESWithCipherParameters;
 import org.bouncycastle.crypto.parsers.DHIESPublicKeyParser;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DHUtil;
 import org.bouncycastle.jcajce.provider.asymmetric.util.IESUtil;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.IESKey;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jce.spec.IESParameterSpec;
@@ -53,6 +57,8 @@ import org.bouncycastle.util.Strings;
 public class IESCipher
     extends CipherSpi
 {
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
     private IESEngine engine;
     private int state = -1;
     private ByteArrayOutputStream buffer = new ByteArrayOutputStream();
@@ -106,7 +112,7 @@ public class IESCipher
         {
             try
             {
-                engineParam = AlgorithmParameters.getInstance("IES", BouncyCastleProvider.PROVIDER_NAME);
+                engineParam = helper.createAlgorithmParameters("IES");
                 engineParam.init(engineSpec);
             }
             catch (Exception e)
@@ -465,7 +471,6 @@ public class IESCipher
 
     }
 
-
     /**
      * Classes that inherit from us
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java
index d850e5d..2d7c4c5 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java
@@ -11,10 +11,10 @@ import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.generators.DSAParametersGenerator;
 import org.bouncycastle.crypto.params.DSAParameterGenerationParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAlgorithmParameterGeneratorSpi;
 
 public class AlgorithmParameterGeneratorSpi
-    extends java.security.AlgorithmParameterGeneratorSpi
+    extends BaseAlgorithmParameterGeneratorSpi
 {
     protected SecureRandom random;
     protected int strength = 1024;
@@ -90,7 +90,7 @@ public class AlgorithmParameterGeneratorSpi
 
         try
         {
-            params = AlgorithmParameters.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
+            params = createParametersInstance("DSA");
             params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG()));
         }
         catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java
index 61fa33c..5722479 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java
@@ -33,7 +33,6 @@ public class AlgorithmParametersSpi
 
     /**
      * Return the X.509 ASN.1 structure DSAParameter.
-     * <p/>
      * <pre>
      *  DSAParameter ::= SEQUENCE {
      *                   prime INTEGER, -- p
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java
index c6ddf9b..d2c2c71 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java
@@ -34,9 +34,9 @@ public class KeyPairGeneratorSpi
         int strength,
         SecureRandom random)
     {
-        if (strength < 512 || strength > 1024 || strength % 64 != 0)
+        if (strength < 512 || strength > 4096 || ((strength < 1024) && strength % 64 != 0) || (strength >= 1024 && strength % 1024 != 0))
         {
-            throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64");
+            throw new InvalidParameterException("strength must be from 512 - 4096 and a multiple of 1024 above 1024");
         }
 
         this.strength = strength;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java
index 9b7e797..27d4b45 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java
@@ -13,12 +13,11 @@ import java.util.Enumeration;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.ua.DSTU4145NamedCurves;
 import org.bouncycastle.asn1.ua.UAObjectIdentifiers;
@@ -244,9 +243,9 @@ public class BCDSTU4145PrivateKey
         }
 
         ASN1Encodable privKey = info.parsePrivateKey();
-        if (privKey instanceof DERInteger)
+        if (privKey instanceof ASN1Integer)
         {
-            DERInteger derD = DERInteger.getInstance(privKey);
+            ASN1Integer derD = ASN1Integer.getInstance(privKey);
 
             this.d = derD.getValue();
         }
@@ -283,19 +282,22 @@ public class BCDSTU4145PrivateKey
     public byte[] getEncoded()
     {
         X962Parameters params;
+        int orderBitLength;
 
         if (ecSpec instanceof ECNamedCurveSpec)
         {
-            DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
+            ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
             if (curveOid == null)  // guess it's the OID
             {
-                curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
+                curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
             }
             params = new X962Parameters(curveOid);
+            orderBitLength = ECUtil.getOrderBitLength(ecSpec.getOrder(), this.getS());
         }
         else if (ecSpec == null)
         {
             params = new X962Parameters(DERNull.INSTANCE);
+            orderBitLength = ECUtil.getOrderBitLength(null, this.getS());
         }
         else
         {
@@ -309,6 +311,7 @@ public class BCDSTU4145PrivateKey
                 ecSpec.getCurve().getSeed());
 
             params = new X962Parameters(ecP);
+            orderBitLength = ECUtil.getOrderBitLength(ecSpec.getOrder(), this.getS());
         }
 
         PrivateKeyInfo info;
@@ -316,11 +319,11 @@ public class BCDSTU4145PrivateKey
 
         if (publicKey != null)
         {
-            keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), publicKey, params);
+            keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(orderBitLength, this.getS(), publicKey, params);
         }
         else
         {
-            keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), params);
+            keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(orderBitLength, this.getS(), params);
         }
 
         try
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java
index c641ee9..11c52a7 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java
@@ -36,6 +36,8 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
 import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.custom.sec.SecP256K1Point;
+import org.bouncycastle.math.ec.custom.sec.SecP256R1Point;
 
 public class BCDSTU4145PublicKey
     implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder
@@ -352,14 +354,7 @@ public class BCDSTU4145PublicKey
     {
         if (ecSpec == null)
         {
-            if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp)
-            {
-                return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getAffineXCoord(), q.getAffineYCoord());
-            }
-            else
-            {
-                return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getAffineXCoord(), q.getAffineYCoord());
-            }
+            return q.getDetachedPoint();
         }
 
         return q;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java
index 45d5b08..c9ad445 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java
@@ -282,7 +282,8 @@ public class BCECPrivateKey
      */
     public byte[] getEncoded()
     {
-        X962Parameters          params;
+        X962Parameters  params;
+        int orderBitLength;
 
         if (ecSpec instanceof ECNamedCurveSpec)
         {
@@ -293,10 +294,12 @@ public class BCECPrivateKey
             }
 
             params = new X962Parameters(curveOid);
+            orderBitLength = ECUtil.getOrderBitLength(ecSpec.getOrder(), this.getS());
         }
         else if (ecSpec == null)
         {
             params = new X962Parameters(DERNull.INSTANCE);
+            orderBitLength = ECUtil.getOrderBitLength(null, this.getS());
         }
         else
         {
@@ -310,6 +313,7 @@ public class BCECPrivateKey
                 ecSpec.getCurve().getSeed());
 
             params = new X962Parameters(ecP);
+            orderBitLength = ECUtil.getOrderBitLength(ecSpec.getOrder(), this.getS());
         }
         
         PrivateKeyInfo          info;
@@ -317,11 +321,11 @@ public class BCECPrivateKey
 
         if (publicKey != null)
         {
-            keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), publicKey, params);
+            keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(orderBitLength, this.getS(), publicKey, params);
         }
         else
         {
-            keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), params);
+            keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(orderBitLength, this.getS(), params);
         }
 
         try
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java
index 0eaae1d..ac0ddf5 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java
@@ -34,6 +34,8 @@ import org.bouncycastle.jce.interfaces.ECPointEncoder;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
 import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.custom.sec.SecP256K1Point;
+import org.bouncycastle.math.ec.custom.sec.SecP256R1Point;
 
 public class BCECPublicKey
     implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder
@@ -82,6 +84,8 @@ public class BCECPublicKey
             ECCurve curve = spec.getParams().getCurve();
             EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());
 
+            // this may seem a little long-winded but it's how we pick up the custom curve.
+            this.q = EC5Util.convertCurve(ellipticCurve).createPoint(spec.getQ().getAffineXCoord().toBigInteger(), spec.getQ().getAffineYCoord().toBigInteger());
             this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
         }
         else
@@ -132,7 +136,6 @@ public class BCECPublicKey
         ECDomainParameters      dp = params.getParameters();
 
         this.algorithm = algorithm;
-        this.q = params.getQ();
 
         if (spec == null)
         {
@@ -147,6 +150,8 @@ public class BCECPublicKey
             this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec);
         }
 
+        this.q = EC5Util.convertCurve(ecSpec.getCurve()).createPoint(params.getQ().getAffineXCoord().toBigInteger(), params.getQ().getAffineYCoord().toBigInteger());
+
         this.configuration = configuration;
     }
 
@@ -369,14 +374,7 @@ public class BCECPublicKey
     {
         if (ecSpec == null)
         {
-            if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp)
-            {
-                return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getAffineXCoord(), q.getAffineYCoord());
-            }
-            else
-            {
-                return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getAffineXCoord(), q.getAffineYCoord());
-            }
+            return q.getDetachedPoint();
         }
 
         return q;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java
index 4ad0512..fbeb8f0 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java
@@ -18,6 +18,7 @@ import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.ShortBufferException;
 
+import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.KeyEncoder;
 import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
@@ -29,22 +30,22 @@ import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
 import org.bouncycastle.crypto.generators.EphemeralKeyPairGenerator;
 import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
 import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
 import org.bouncycastle.crypto.params.ECKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.IESParameters;
 import org.bouncycastle.crypto.params.IESWithCipherParameters;
+import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.parsers.ECIESPublicKeyParser;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
 import org.bouncycastle.jcajce.provider.asymmetric.util.IESUtil;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.ECKey;
-import org.bouncycastle.jce.interfaces.ECPrivateKey;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
 import org.bouncycastle.jce.interfaces.IESKey;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jce.spec.IESParameterSpec;
 import org.bouncycastle.util.Strings;
 
@@ -52,6 +53,9 @@ import org.bouncycastle.util.Strings;
 public class IESCipher
     extends CipherSpi
 {
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
+    private int ivLength;
     private IESEngine engine;
     private int state = -1;
     private ByteArrayOutputStream buffer = new ByteArrayOutputStream();
@@ -65,8 +69,14 @@ public class IESCipher
     public IESCipher(IESEngine engine)
     {
         this.engine = engine;
+        this.ivLength = 0;
     }
 
+    public IESCipher(IESEngine engine, int ivLength)
+    {
+        this.engine = engine;
+        this.ivLength = ivLength;
+    }
 
     public int engineGetBlockSize()
     {
@@ -99,14 +109,13 @@ public class IESCipher
         return null;
     }
 
-
     public AlgorithmParameters engineGetParameters()
     {
         if (engineParam == null && engineSpec != null)
         {
             try
             {
-                engineParam = AlgorithmParameters.getInstance("IES", BouncyCastleProvider.PROVIDER_NAME);
+                engineParam = helper.createAlgorithmParameters("IES");
                 engineParam.init(engineSpec);
             }
             catch (Exception e)
@@ -259,10 +268,24 @@ public class IESCipher
             throw new InvalidAlgorithmParameterException("must be passed IES parameters");
         }
 
+        byte[] nonce = this.engineSpec.getNonce();
+
+        if (nonce != null)
+        {
+            if (ivLength == 0)
+            {
+                throw new InvalidAlgorithmParameterException("NONCE present in IES Parameters when none required");
+            }
+            else if (nonce.length != ivLength)
+            {
+                throw new InvalidAlgorithmParameterException("NONCE in IES Parameters needs to be " + ivLength + " bytes long");
+            }
+        }
+
         // Parse the recipient's key
         if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE)
         {
-            if (key instanceof ECPublicKey)
+            if (key instanceof PublicKey)
             {
                 this.key = ECUtil.generatePublicKeyParameter((PublicKey)key);
             }
@@ -280,7 +303,7 @@ public class IESCipher
         }
         else if (opmode == Cipher.DECRYPT_MODE || opmode == Cipher.UNWRAP_MODE)
         {
-            if (key instanceof ECPrivateKey)
+            if (key instanceof PrivateKey)
             {
                 this.key = ECUtil.generatePrivateKeyParameter((PrivateKey)key);
             }
@@ -368,11 +391,16 @@ public class IESCipher
         buffer.reset();
 
         // Convert parameters for use in IESEngine
-        IESParameters params = new IESWithCipherParameters(engineSpec.getDerivationV(),
+        CipherParameters params = new IESWithCipherParameters(engineSpec.getDerivationV(),
             engineSpec.getEncodingV(),
             engineSpec.getMacKeySize(),
             engineSpec.getCipherKeySize());
 
+        if (engineSpec.getNonce() != null)
+        {
+            params = new ParametersWithIV(params, engineSpec.getNonce());
+        }
+
         final ECDomainParameters ecParams = ((ECKeyParameters)key).getParameters();
 
         final byte[] V;
@@ -403,11 +431,12 @@ public class IESCipher
             ECKeyPairGenerator gen = new ECKeyPairGenerator();
             gen.init(new ECKeyGenerationParameters(ecParams, random));
 
+            final boolean usePointCompression = engineSpec.getPointCompression();
             EphemeralKeyPairGenerator kGen = new EphemeralKeyPairGenerator(gen, new KeyEncoder()
             {
                 public byte[] getEncoded(AsymmetricKeyParameter keyParameter)
                 {
-                    return ((ECPublicKeyParameters)keyParameter).getQ().getEncoded();
+                    return ((ECPublicKeyParameters)keyParameter).getQ().getEncoded(usePointCompression);
                 }
             });
 
@@ -459,7 +488,6 @@ public class IESCipher
         return buf.length;
     }
 
-
     /**
      * Classes that inherit from us
      */
@@ -498,4 +526,28 @@ public class IESCipher
                 new PaddedBufferedBlockCipher(new AESEngine())));
         }
     }
+
+    static public class ECIESwithDESedeCBC
+        extends IESCipher
+    {
+        public ECIESwithDESedeCBC()
+        {
+            super(new IESEngine(new ECDHBasicAgreement(),
+                new KDF2BytesGenerator(new SHA1Digest()),
+                new HMac(new SHA1Digest()),
+                new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESedeEngine()))), 8);
+        }
+    }
+
+    static public class ECIESwithAESCBC
+        extends IESCipher
+    {
+        public ECIESwithAESCBC()
+        {
+            super(new IESEngine(new ECDHBasicAgreement(),
+                new KDF2BytesGenerator(new SHA1Digest()),
+                new HMac(new SHA1Digest()),
+                new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()))), 16);
+        }
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
index 0556378..4ea57fe 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
@@ -17,6 +17,7 @@ import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x9.X9IntegerConverter;
 import org.bouncycastle.crypto.BasicAgreement;
@@ -28,6 +29,7 @@ import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
 import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
 import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
 import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.params.DESParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
@@ -39,6 +41,7 @@ import org.bouncycastle.jce.interfaces.ECPublicKey;
 import org.bouncycastle.jce.interfaces.MQVPrivateKey;
 import org.bouncycastle.jce.interfaces.MQVPublicKey;
 import org.bouncycastle.util.Integers;
+import org.bouncycastle.util.Strings;
 
 /**
  * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
@@ -51,9 +54,12 @@ public class KeyAgreementSpi
 {
     private static final X9IntegerConverter converter = new X9IntegerConverter();
     private static final Hashtable algorithms = new Hashtable();
+    private static final Hashtable oids = new Hashtable();
+    private static final Hashtable des = new Hashtable();
 
     static
     {
+        Integer i64 = Integers.valueOf(64);
         Integer i128 = Integers.valueOf(128);
         Integer i192 = Integers.valueOf(192);
         Integer i256 = Integers.valueOf(256);
@@ -65,6 +71,18 @@ public class KeyAgreementSpi
         algorithms.put(NISTObjectIdentifiers.id_aes192_wrap.getId(), i192);
         algorithms.put(NISTObjectIdentifiers.id_aes256_wrap.getId(), i256);
         algorithms.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId(), i192);
+        algorithms.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), i192);
+        algorithms.put(OIWObjectIdentifiers.desCBC.getId(), i64);
+
+        oids.put("DESEDE", PKCSObjectIdentifiers.des_EDE3_CBC);
+        oids.put("AES", NISTObjectIdentifiers.id_aes256_CBC);
+        oids.put("DES", OIWObjectIdentifiers.desCBC);
+
+        des.put("DES", "DES");
+        des.put("DESEDE", "DES");
+        des.put(OIWObjectIdentifiers.desCBC.getId(), "DES");
+        des.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), "DES");
+        des.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId(), "DES");
     }
 
     private String                 kaAlgorithm;
@@ -76,7 +94,7 @@ public class KeyAgreementSpi
     private byte[] bigIntToBytes(
         BigInteger    r)
     {
-        return converter.integerToBytes(r, converter.getByteLength(parameters.getG().getAffineXCoord()));
+        return converter.integerToBytes(r, converter.getByteLength(parameters.getCurve()));
     }
 
     protected KeyAgreementSpi(
@@ -175,17 +193,24 @@ public class KeyAgreementSpi
         throws NoSuchAlgorithmException
     {
         byte[] secret = bigIntToBytes(result);
+        String algKey = Strings.toUpperCase(algorithm);
+        String oidAlgorithm = algorithm;
+
+        if (oids.containsKey(algKey))
+        {
+            oidAlgorithm = ((ASN1ObjectIdentifier)oids.get(algKey)).getId();
+        }
 
         if (kdf != null)
         {
-            if (!algorithms.containsKey(algorithm))
+            if (!algorithms.containsKey(oidAlgorithm))
             {
                 throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
             }
             
-            int    keySize = ((Integer)algorithms.get(algorithm)).intValue();
+            int    keySize = ((Integer)algorithms.get(oidAlgorithm)).intValue();
 
-            DHKDFParameters params = new DHKDFParameters(new ASN1ObjectIdentifier(algorithm), keySize, secret);
+            DHKDFParameters params = new DHKDFParameters(new ASN1ObjectIdentifier(oidAlgorithm), keySize, secret);
 
             byte[] keyBytes = new byte[keySize / 8];
             kdf.init(params);
@@ -194,7 +219,21 @@ public class KeyAgreementSpi
         }
         else
         {
-            // TODO Should we be ensuring the key is the right length?
+            if (algorithms.containsKey(oidAlgorithm))
+            {
+                Integer length = (Integer)algorithms.get(oidAlgorithm);
+
+                byte[] key = new byte[length.intValue() / 8];
+
+                System.arraycopy(secret, 0, key, 0, key.length);
+
+                secret = key;
+            }
+        }
+
+        if (des.containsKey(oidAlgorithm))
+        {
+            DESParameters.setOddParity(secret);
         }
 
         return new SecretKeySpec(secret, algorithm);
@@ -206,6 +245,11 @@ public class KeyAgreementSpi
         SecureRandom            random) 
         throws InvalidKeyException, InvalidAlgorithmParameterException
     {
+        if (params != null)
+        {
+            throw new InvalidAlgorithmParameterException("No algorithm parameters supported");
+        }
+
         initFromKey(key);
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
index f47f8a2..ae9be26 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
@@ -85,22 +85,20 @@ public abstract class KeyPairGeneratorSpi
         {
             this.strength = strength;
             this.random = random;
+
             ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength));
+            if (ecParams == null)
+            {
+                throw new InvalidParameterException("unknown key size.");
+            }
 
-            if (ecParams != null)
+            try
             {
-                try
-                {
-                    initialize(ecParams, random);
-                }
-                catch (InvalidAlgorithmParameterException e)
-                {
-                    throw new InvalidParameterException("key size not configurable.");
-                }
+                initialize(ecParams, random);
             }
-            else
+            catch (InvalidAlgorithmParameterException e)
             {
-                throw new InvalidParameterException("unknown key size.");
+                throw new InvalidParameterException("key size not configurable.");
             }
         }
 
@@ -109,97 +107,42 @@ public abstract class KeyPairGeneratorSpi
             SecureRandom            random)
             throws InvalidAlgorithmParameterException
         {
-            if (params instanceof ECParameterSpec)
+            if (params == null)
             {
-                ECParameterSpec p = (ECParameterSpec)params;
-                this.ecParams = params;
-
-                param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random);
+                ECParameterSpec implicitCA = configuration.getEcImplicitlyCa();
+                if (implicitCA == null)
+                {
+                    throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set");
+                }
 
-                engine.init(param);
-                initialised = true;
+                this.ecParams = null;
+                this.param = createKeyGenParamsBC(implicitCA, random);
             }
-            else if (params instanceof java.security.spec.ECParameterSpec)
+            else if (params instanceof ECParameterSpec)
             {
-                java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)params;
                 this.ecParams = params;
-
-                ECCurve curve = EC5Util.convertCurve(p.getCurve());
-                ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false);
-
-                param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random);
-
-                engine.init(param);
-                initialised = true;
+                this.param = createKeyGenParamsBC((ECParameterSpec)params, random);
             }
-            else if (params instanceof ECGenParameterSpec || params instanceof ECNamedCurveGenParameterSpec)
+            else if (params instanceof java.security.spec.ECParameterSpec)
             {
-                String curveName;
-
-                if (params instanceof ECGenParameterSpec)
-                {
-                    curveName = ((ECGenParameterSpec)params).getName();
-                }
-                else
-                {
-                    curveName = ((ECNamedCurveGenParameterSpec)params).getName();
-                }
-
-                X9ECParameters  ecP = ECNamedCurveTable.getByName(curveName);
-                if (ecP == null)
-                {
-                    // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug)
-                    try
-                    {
-                        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(curveName);
-                        ecP = ECNamedCurveTable.getByOID(oid);
-                        if (ecP == null)
-                        {
-                            throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName);
-                        }
-                    }
-                    catch (IllegalArgumentException ex)
-                    {
-                        throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
-                    }
-                }
-
-                this.ecParams = new ECNamedCurveSpec(
-                            curveName,
-                            ecP.getCurve(),
-                            ecP.getG(),
-                            ecP.getN(),
-                            ecP.getH(),
-                            null); // ecP.getSeed());   Work-around JDK bug -- it won't look up named curves properly if seed is present
-
-                java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams;
-
-                ECCurve curve = EC5Util.convertCurve(p.getCurve());
-                ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false);
-
-                param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random);
-
-                engine.init(param);
-                initialised = true;
+                this.ecParams = params;
+                this.param = createKeyGenParamsJCE((java.security.spec.ECParameterSpec)params, random);
             }
-            else if (params == null && configuration.getEcImplicitlyCa() != null)
+            else if (params instanceof ECGenParameterSpec)
             {
-                ECParameterSpec p = configuration.getEcImplicitlyCa();
-                this.ecParams = params;
-
-                param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random);
-
-                engine.init(param);
-                initialised = true;
+                initializeNamedCurve(((ECGenParameterSpec)params).getName(), random);
             }
-            else if (params == null && configuration.getEcImplicitlyCa() == null)
+            else if (params instanceof ECNamedCurveGenParameterSpec)
             {
-                throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set");
+                initializeNamedCurve(((ECNamedCurveGenParameterSpec)params).getName(), random);
             }
             else
             {
                 throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec");
             }
+
+            engine.init(param);
+            initialised = true;
         }
 
         public KeyPair generateKeyPair()
@@ -235,6 +178,58 @@ public abstract class KeyPairGeneratorSpi
                 return new KeyPair(pubKey, new BCECPrivateKey(algorithm, priv, pubKey, p, configuration));
             }
         }
+
+        protected ECKeyGenerationParameters createKeyGenParamsBC(ECParameterSpec p, SecureRandom r)
+        {
+            return new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), r);
+        }
+
+        protected ECKeyGenerationParameters createKeyGenParamsJCE(java.security.spec.ECParameterSpec p, SecureRandom r)
+        {
+            ECCurve curve = EC5Util.convertCurve(p.getCurve());
+            ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false);
+            BigInteger n = p.getOrder();
+            BigInteger h = BigInteger.valueOf(p.getCofactor());
+            ECDomainParameters dp = new ECDomainParameters(curve, g, n, h);
+            return new ECKeyGenerationParameters(dp, r);
+        }
+
+        protected ECNamedCurveSpec createNamedCurveSpec(String curveName)
+            throws InvalidAlgorithmParameterException
+        {
+            // NOTE: Don't bother with custom curves here as the curve will be converted to JCE type shortly
+
+            X9ECParameters p = ECNamedCurveTable.getByName(curveName);
+            if (p == null)
+            {
+                try
+                {
+                    // Check whether it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug)
+                    p = ECNamedCurveTable.getByOID(new ASN1ObjectIdentifier(curveName));
+                    if (p == null)
+                    {
+                        throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName);
+                    }
+                }
+                catch (IllegalArgumentException ex)
+                {
+                    throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
+                }
+            }
+
+            // Work-around for JDK bug -- it won't look up named curves properly if seed is present
+            byte[] seed = null; //p.getSeed();
+
+            return new ECNamedCurveSpec(curveName, p.getCurve(), p.getG(), p.getN(), p.getH(), seed);
+        }
+
+        protected void initializeNamedCurve(String curveName, SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            ECNamedCurveSpec namedCurve = createNamedCurveSpec(curveName);
+            this.ecParams = namedCurve;
+            this.param = createKeyGenParamsJCE(namedCurve, random);
+        }
     }
 
     public static class ECDSA
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
index e94746c..5e2bb4e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
@@ -223,7 +223,7 @@ public class SignatureSpi
     {
         public ecCVCDSA()
         {
-            super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
+            super(new SHA1Digest(), new ECDSASigner(), new PlainDSAEncoder());
         }
     }
 
@@ -232,7 +232,7 @@ public class SignatureSpi
     {
         public ecCVCDSA224()
         {
-            super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
+            super(new SHA224Digest(), new ECDSASigner(), new PlainDSAEncoder());
         }
     }
 
@@ -241,7 +241,7 @@ public class SignatureSpi
     {
         public ecCVCDSA256()
         {
-            super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
+            super(new SHA256Digest(), new ECDSASigner(), new PlainDSAEncoder());
         }
     }
 
@@ -250,7 +250,7 @@ public class SignatureSpi
     {
         public ecCVCDSA384()
         {
-            super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder());
+            super(new SHA384Digest(), new ECDSASigner(), new PlainDSAEncoder());
         }
     }
 
@@ -259,7 +259,16 @@ public class SignatureSpi
     {
         public ecCVCDSA512()
         {
-            super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder());
+            super(new SHA512Digest(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
+
+    static public class ecPlainDSARP160
+        extends SignatureSpi
+    {
+        public ecPlainDSARP160()
+        {
+            super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder());
         }
     }
 
@@ -293,7 +302,7 @@ public class SignatureSpi
         }
     }
 
-    private static class CVCDSAEncoder
+    private static class PlainDSAEncoder
         implements DSAEncoder
     {
         public byte[] encode(
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java
index 2b1c3fa..4c046fe 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java
@@ -13,14 +13,13 @@ import java.util.Enumeration;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
@@ -289,9 +288,9 @@ public class BCECGOST3410PrivateKey
             }
 
             ASN1Encodable privKey = info.parsePrivateKey();
-            if (privKey instanceof DERInteger)
+            if (privKey instanceof ASN1Integer)
             {
-                DERInteger derD = DERInteger.getInstance(privKey);
+                ASN1Integer derD = ASN1Integer.getInstance(privKey);
 
                 this.d = derD.getValue();
             }
@@ -348,19 +347,22 @@ public class BCECGOST3410PrivateKey
         else
         {
             X962Parameters params;
+            int orderBitLength;
 
             if (ecSpec instanceof ECNamedCurveSpec)
             {
-                DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
+                ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
                 if (curveOid == null)  // guess it's the OID
                 {
                     curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
                 }
                 params = new X962Parameters(curveOid);
+                orderBitLength = ECUtil.getOrderBitLength(ecSpec.getOrder(), this.getS());
             }
             else if (ecSpec == null)
             {
                 params = new X962Parameters(DERNull.INSTANCE);
+                orderBitLength = ECUtil.getOrderBitLength(null, this.getS());
             }
             else
             {
@@ -374,6 +376,7 @@ public class BCECGOST3410PrivateKey
                     ecSpec.getCurve().getSeed());
 
                 params = new X962Parameters(ecP);
+                orderBitLength = ECUtil.getOrderBitLength(ecSpec.getOrder(), this.getS());
             }
 
             PrivateKeyInfo info;
@@ -381,11 +384,11 @@ public class BCECGOST3410PrivateKey
 
             if (publicKey != null)
             {
-                keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), publicKey, params);
+                keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(orderBitLength, this.getS(), publicKey, params);
             }
             else
             {
-                keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), params);
+                keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(orderBitLength, this.getS(), params);
             }
 
             try
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java
index 650855e..1240a0f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java
@@ -32,6 +32,8 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
 import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.custom.sec.SecP256K1Point;
+import org.bouncycastle.math.ec.custom.sec.SecP256R1Point;
 
 public class BCECGOST3410PublicKey
     implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder
@@ -316,14 +318,7 @@ public class BCECGOST3410PublicKey
     {
         if (ecSpec == null)
         {
-            if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp)
-            {
-                return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getAffineXCoord(), q.getAffineYCoord());
-            }
-            else
-            {
-                return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getAffineXCoord(), q.getAffineYCoord());
-            }
+            return q.getDetachedPoint();
         }
 
         return q;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/SignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/SignatureSpi.java
index b59db8f..407dda5 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/SignatureSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/SignatureSpi.java
@@ -58,14 +58,7 @@ public class SignatureSpi
 
                 publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes));
 
-                if (publicKey instanceof ECPublicKey)
-                {
-                    param = ECUtil.generatePublicKeyParameter(publicKey);
-                }
-                else
-                {
-                    throw new InvalidKeyException("can't recognise key type in DSA based signer");
-                }
+                param = ECUtil.generatePublicKeyParameter(publicKey);
             }
             catch (Exception e)
             {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParameterGeneratorSpi.java
index 9cb9c87..6097c3c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParameterGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParameterGeneratorSpi.java
@@ -10,10 +10,10 @@ import javax.crypto.spec.DHParameterSpec;
 
 import org.bouncycastle.crypto.generators.ElGamalParametersGenerator;
 import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAlgorithmParameterGeneratorSpi;
 
 public class AlgorithmParameterGeneratorSpi
-    extends java.security.AlgorithmParameterGeneratorSpi
+    extends BaseAlgorithmParameterGeneratorSpi
 {
     protected SecureRandom random;
     protected int strength = 1024;
@@ -63,7 +63,7 @@ public class AlgorithmParameterGeneratorSpi
 
         try
         {
-            params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME);
+            params = createParametersInstance("ElGamal");
             params.init(new DHParameterSpec(p.getP(), p.getG(), l));
         }
         catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParametersSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParametersSpi.java
index 2c56ee3..3253fbb 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParametersSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParametersSpi.java
@@ -8,7 +8,6 @@ import javax.crypto.spec.DHParameterSpec;
 
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
 import org.bouncycastle.jce.spec.ElGamalParameterSpec;
@@ -20,7 +19,6 @@ public class AlgorithmParametersSpi
 
     /**
      * Return the X.509 ASN.1 structure ElGamalParameter.
-     * <p/>
      * <pre>
      *  ElGamalParameter ::= SEQUENCE {
      *                   prime INTEGER, -- p
@@ -95,7 +93,7 @@ public class AlgorithmParametersSpi
     {
         try
         {
-            ElGamalParameter elP = new ElGamalParameter((ASN1Sequence)ASN1Primitive.fromByteArray(params));
+            ElGamalParameter elP = ElGamalParameter.getInstance(ASN1Primitive.fromByteArray(params));
 
             currentSpec = new ElGamalParameterSpec(elP.getP(), elP.getG());
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPrivateKey.java
index 0806b43..f0f83fa 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPrivateKey.java
@@ -14,8 +14,6 @@ import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -73,8 +71,8 @@ public class BCElGamalPrivateKey
         PrivateKeyInfo info)
         throws IOException
     {
-        ElGamalParameter     params = new ElGamalParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DERInteger      derX = ASN1Integer.getInstance(info.parsePrivateKey());
+        ElGamalParameter     params = ElGamalParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
+        ASN1Integer      derX = ASN1Integer.getInstance(info.parsePrivateKey());
 
         this.x = derX.getValue();
         this.elSpec = new ElGamalParameterSpec(params.getP(), params.getG());
@@ -112,7 +110,7 @@ public class BCElGamalPrivateKey
     {
         try
         {
-            PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new DERInteger(getX()));
+            PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new ASN1Integer(getX()));
 
             return info.getEncoded(ASN1Encoding.DER);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPublicKey.java
index e0f7298..cd31cc5 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPublicKey.java
@@ -10,8 +10,7 @@ import javax.crypto.spec.DHParameterSpec;
 import javax.crypto.spec.DHPublicKeySpec;
 
 import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -75,12 +74,12 @@ public class BCElGamalPublicKey
     BCElGamalPublicKey(
         SubjectPublicKeyInfo info)
     {
-        ElGamalParameter        params = new ElGamalParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DERInteger              derY = null;
+        ElGamalParameter        params = ElGamalParameter.getInstance(info.getAlgorithm().getParameters());
+        ASN1Integer              derY = null;
 
         try
         {
-            derY = (DERInteger)info.parsePublicKey();
+            derY = (ASN1Integer)info.parsePublicKey();
         }
         catch (IOException e)
         {
@@ -105,7 +104,7 @@ public class BCElGamalPublicKey
     {
         try
         {
-            SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new DERInteger(y));
+            SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new ASN1Integer(y));
 
             return info.getEncoded(ASN1Encoding.DER);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi.java
index fbf4f75..9c28670 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi.java
@@ -34,7 +34,6 @@ import org.bouncycastle.jcajce.provider.util.DigestFactory;
 import org.bouncycastle.jce.interfaces.ElGamalKey;
 import org.bouncycastle.jce.interfaces.ElGamalPrivateKey;
 import org.bouncycastle.jce.interfaces.ElGamalPublicKey;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Strings;
 
 public class CipherSpi
@@ -104,7 +103,7 @@ public class CipherSpi
             {
                 try
                 {
-                    engineParams = AlgorithmParameters.getInstance("OAEP", BouncyCastleProvider.PROVIDER_NAME);
+                    engineParams = createParametersInstance("OAEP");
                     engineParams.init(paramSpec);
                 }
                 catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParameterGeneratorSpi.java
index 7019b81..2e7ee7c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParameterGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParameterGeneratorSpi.java
@@ -7,12 +7,12 @@ import java.security.spec.AlgorithmParameterSpec;
 
 import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator;
 import org.bouncycastle.crypto.params.GOST3410Parameters;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAlgorithmParameterGeneratorSpi;
 import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
 import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
 
 public abstract class AlgorithmParameterGeneratorSpi
-    extends java.security.AlgorithmParameterGeneratorSpi
+    extends BaseAlgorithmParameterGeneratorSpi
 {
     protected SecureRandom random;
     protected int strength = 1024;
@@ -52,7 +52,7 @@ public abstract class AlgorithmParameterGeneratorSpi
 
         try
         {
-            params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME);
+            params = createParametersInstance("GOST3410");
             params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
         }
         catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParametersSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParametersSpi.java
index 0af98e0..88f78bd 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParametersSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParametersSpi.java
@@ -37,7 +37,6 @@ public class AlgorithmParametersSpi
 
     /**
      * Return the X.509 ASN.1 structure GOST3410Parameter.
-     * <p/>
      * <pre>
      *  GOST3410Parameter ::= SEQUENCE {
      *                   prime INTEGER, -- p
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/AlgorithmParametersSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/AlgorithmParametersSpi.java
index 2f39c4a..61f1e37 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/AlgorithmParametersSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/AlgorithmParametersSpi.java
@@ -6,10 +6,10 @@ import java.security.spec.InvalidParameterSpecException;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.jce.spec.IESParameterSpec;
@@ -48,7 +48,7 @@ public class AlgorithmParametersSpi
 
             v.add(new DEROctetString(currentSpec.getDerivationV()));
             v.add(new DEROctetString(currentSpec.getEncodingV()));
-            v.add(new DERInteger(currentSpec.getMacKeySize()));
+            v.add(new ASN1Integer(currentSpec.getMacKeySize()));
 
             return new DERSequence(v).getEncoded(ASN1Encoding.DER);
         }
@@ -104,7 +104,7 @@ public class AlgorithmParametersSpi
             this.currentSpec = new IESParameterSpec(
                 ((ASN1OctetString)s.getObjectAt(0)).getOctets(),
                 ((ASN1OctetString)s.getObjectAt(0)).getOctets(),
-                ((DERInteger)s.getObjectAt(0)).getValue().intValue());
+                ((ASN1Integer)s.getObjectAt(0)).getValue().intValue());
         }
         catch (ClassCastException e)
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi.java
index 8cfaf2a..430f6b1 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi.java
@@ -13,6 +13,7 @@ import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.interfaces.DHPrivateKey;
+import javax.crypto.interfaces.DHPublicKey;
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.InvalidCipherTextException;
@@ -22,17 +23,19 @@ import org.bouncycastle.crypto.engines.IESEngine;
 import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.params.IESParameters;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DHUtil;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.ECPrivateKey;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
 import org.bouncycastle.jce.interfaces.IESKey;
 import org.bouncycastle.jce.spec.IESParameterSpec;
 
 public class CipherSpi
     extends javax.crypto.CipherSpi
 {
+    private final JcaJceHelper     helper = new BCJcaJceHelper();
+
     private IESEngine cipher;
     private int                     state = -1;
     private ByteArrayOutputStream   buffer = new ByteArrayOutputStream();
@@ -116,7 +119,7 @@ public class CipherSpi
 
                 try
                 {
-                    engineParam = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME);
+                    engineParam = helper.createAlgorithmParameters(name);
                     engineParam.init(engineParams);
                 }
                 catch (Exception e)
@@ -183,15 +186,16 @@ public class CipherSpi
         CipherParameters pubKey;
         CipherParameters privKey;
 
-        if (ieKey.getPublic() instanceof ECPublicKey)
+        if (ieKey.getPublic() instanceof DHPublicKey)
         {
-            pubKey = ECUtil.generatePublicKeyParameter(ieKey.getPublic());
-            privKey = ECUtil.generatePrivateKeyParameter(ieKey.getPrivate());
+            pubKey = DHUtil.generatePublicKeyParameter(ieKey.getPublic());
+            privKey = DHUtil.generatePrivateKeyParameter(ieKey.getPrivate());
+
         }
         else
         {
-            pubKey = DHUtil.generatePublicKeyParameter(ieKey.getPublic());
-            privKey = DHUtil.generatePrivateKeyParameter(ieKey.getPrivate());
+            pubKey = ECUtil.generatePublicKeyParameter(ieKey.getPublic());
+            privKey = ECUtil.generatePrivateKeyParameter(ieKey.getPrivate());
         }
 
         this.engineParams = (IESParameterSpec)params;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java
index 0aa81b4..b82c5f8 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java
@@ -55,6 +55,12 @@ public class BCRSAPrivateKey
         this.privateExponent = key.getPrivateExponent();
     }
 
+    BCRSAPrivateKey(org.bouncycastle.asn1.pkcs.RSAPrivateKey key)
+    {
+        this.modulus = key.getModulus();
+        this.privateExponent = key.getPrivateExponent();
+    }
+
     public BigInteger getModulus()
     {
         return modulus;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java
index a2114fa..6f5292c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.jcajce.provider.asymmetric.rsa;
 
+import java.io.EOFException;
 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
@@ -156,6 +157,10 @@ public class BCRSAPublicKey
         {
             algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER;
         }
+        catch (EOFException e)
+        {
+            algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER;
+        }
     }
 
     private void writeObject(
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
index dc8dcb2..239e511 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
@@ -33,12 +33,16 @@ import org.bouncycastle.crypto.engines.RSABlindedEngine;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseCipherSpi;
 import org.bouncycastle.jcajce.provider.util.DigestFactory;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Strings;
 
 public class CipherSpi
     extends BaseCipherSpi
 {
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
     private AsymmetricBlockCipher cipher;
     private AlgorithmParameterSpec paramSpec;
     private AlgorithmParameters engineParams;
@@ -143,7 +147,7 @@ public class CipherSpi
             {
                 try
                 {
-                    engineParams = AlgorithmParameters.getInstance("OAEP", BouncyCastleProvider.PROVIDER_NAME);
+                    engineParams = helper.createAlgorithmParameters("OAEP");
                     engineParams.init(paramSpec);
                 }
                 catch (Exception e)
@@ -307,7 +311,7 @@ public class CipherSpi
         }
         else
         {
-            throw new IllegalArgumentException("unknown parameter type.");
+            throw new InvalidAlgorithmParameterException("unknown parameter type: " + params.getClass().getName());
         }
 
         if (!(cipher instanceof RSABlindedEngine))
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
index 4462548..c04bec9 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
@@ -37,6 +37,7 @@ import org.bouncycastle.crypto.digests.SHA384Digest;
 import org.bouncycastle.crypto.digests.SHA512Digest;
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
+import org.bouncycastle.util.Arrays;
 
 public class DigestSignatureSpi
     extends SignatureSpi
@@ -171,13 +172,7 @@ public class DigestSignatureSpi
 
         if (sig.length == expected.length)
         {
-            for (int i = 0; i < sig.length; i++)
-            {
-                if (sig[i] != expected[i])
-                {
-                    return false;
-                }
-            }
+            return Arrays.constantTimeAreEqual(sig, expected);
         }
         else if (sig.length == expected.length - 2)  // NULL left out
         {
@@ -187,28 +182,26 @@ public class DigestSignatureSpi
             expected[1] -= 2;      // adjust lengths
             expected[3] -= 2;
 
+            int nonEqual = 0;
+
             for (int i = 0; i < hash.length; i++)
             {
-                if (sig[sigOffset + i] != expected[expectedOffset + i])  // check hash
-                {
-                    return false;
-                }
+                nonEqual |= (sig[sigOffset + i] ^ expected[expectedOffset + i]);
             }
 
             for (int i = 0; i < sigOffset; i++)
             {
-                if (sig[i] != expected[i])  // check header less NULL
-                {
-                    return false;
-                }
+                nonEqual |= (sig[i] ^ expected[i]);  // check header less NULL
             }
+
+            return nonEqual == 0;
         }
         else
         {
+            Arrays.constantTimeAreEqual(expected, expected);  // keep time "steady".
+
             return false;
         }
-
-        return true;
     }
 
     protected void engineSetParameter(
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java
index d8eb539..80690f7 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java
@@ -137,7 +137,16 @@ public class KeyFactorySpi
 
         if (RSAUtil.isRsaOid(algOid))
         {
-            return new BCRSAPrivateCrtKey(keyInfo);
+            RSAPrivateKey rsaPrivKey = RSAPrivateKey.getInstance(keyInfo.parsePrivateKey());
+
+            if (rsaPrivKey.getCoefficient().intValue() == 0)
+            {
+                return new BCRSAPrivateKey(rsaPrivKey);
+            }
+            else
+            {
+                return new BCRSAPrivateCrtKey(keyInfo);
+            }
         }
         else
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
index c61e7cb..f779a66 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
@@ -23,7 +23,7 @@ public class KeyPairGeneratorSpi
     }
 
     final static BigInteger defaultPublicExponent = BigInteger.valueOf(0x10001);
-    final static int defaultTests = 12;
+    final static int defaultTests = 112;
 
     RSAKeyGenerationParameters param;
     RSAKeyPairGenerator engine;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java
index c0a2fc9..ea632fc 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java
@@ -22,11 +22,15 @@ import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.jcajce.provider.util.DigestFactory;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public class PSSSignatureSpi
     extends SignatureSpi
 {
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
     private AlgorithmParameters engineParams;
     private PSSParameterSpec paramSpec;
     private PSSParameterSpec originalSpec;
@@ -234,7 +238,7 @@ public class PSSSignatureSpi
             {
                 try
                 {
-                    engineParams = AlgorithmParameters.getInstance("PSS", BouncyCastleProvider.PROVIDER_NAME);
+                    engineParams = helper.createAlgorithmParameters("PSS");
                     engineParams.init(paramSpec);
                 }
                 catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/X931SignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/X931SignatureSpi.java
new file mode 100644
index 0000000..727f685
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/X931SignatureSpi.java
@@ -0,0 +1,194 @@
+package org.bouncycastle.jcajce.provider.asymmetric.rsa;
+
+import java.security.InvalidKeyException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.security.SignatureSpi;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.bouncycastle.crypto.AsymmetricBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.MD5Digest;
+import org.bouncycastle.crypto.digests.RIPEMD128Digest;
+import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.digests.SHA224Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.digests.SHA384Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.digests.WhirlpoolDigest;
+import org.bouncycastle.crypto.engines.RSABlindedEngine;
+import org.bouncycastle.crypto.signers.ISO9796d2Signer;
+import org.bouncycastle.crypto.signers.X931Signer;
+
+public class X931SignatureSpi
+    extends SignatureSpi
+{
+    private X931Signer signer;
+
+    protected X931SignatureSpi(
+        Digest digest,
+        AsymmetricBlockCipher cipher)
+    {
+        signer = new X931Signer(cipher, digest);
+    }
+
+    protected void engineInitVerify(
+        PublicKey publicKey)
+        throws InvalidKeyException
+    {
+        CipherParameters param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey);
+
+        signer.init(false, param);
+    }
+
+    protected void engineInitSign(
+        PrivateKey privateKey)
+        throws InvalidKeyException
+    {
+        CipherParameters param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey);
+
+        signer.init(true, param);
+    }
+
+    protected void engineUpdate(
+        byte    b)
+        throws SignatureException
+    {
+        signer.update(b);
+    }
+
+    protected void engineUpdate(
+        byte[]  b,
+        int     off,
+        int     len) 
+        throws SignatureException
+    {
+        signer.update(b, off, len);
+    }
+
+    protected byte[] engineSign()
+        throws SignatureException
+    {
+        try
+        {
+            byte[]  sig = signer.generateSignature();
+
+            return sig;
+        }
+        catch (Exception e)
+        {
+            throw new SignatureException(e.toString());
+        }
+    }
+
+    protected boolean engineVerify(
+        byte[]  sigBytes) 
+        throws SignatureException
+    {
+        boolean yes = signer.verifySignature(sigBytes);
+
+        return yes;
+    }
+
+    protected void engineSetParameter(
+        AlgorithmParameterSpec params)
+    {
+        throw new UnsupportedOperationException("engineSetParameter unsupported");
+    }
+
+    /**
+     * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)">
+     */
+    protected void engineSetParameter(
+        String param,
+        Object value)
+    {
+        throw new UnsupportedOperationException("engineSetParameter unsupported");
+    }
+
+    /**
+     * @deprecated
+     */
+    protected Object engineGetParameter(
+        String param)
+    {
+        throw new UnsupportedOperationException("engineSetParameter unsupported");
+    }
+
+    static public class RIPEMD128WithRSAEncryption
+        extends X931SignatureSpi
+    {
+        public RIPEMD128WithRSAEncryption()
+        {
+            super(new RIPEMD128Digest(), new RSABlindedEngine());
+        }
+    }
+
+    static public class RIPEMD160WithRSAEncryption
+        extends X931SignatureSpi
+    {
+        public RIPEMD160WithRSAEncryption()
+        {
+            super(new RIPEMD160Digest(), new RSABlindedEngine());
+        }
+    }
+
+    static public class SHA1WithRSAEncryption
+        extends X931SignatureSpi
+    {
+        public SHA1WithRSAEncryption()
+        {
+            super(new SHA1Digest(), new RSABlindedEngine());
+        }
+    }
+
+    static public class SHA224WithRSAEncryption
+        extends X931SignatureSpi
+    {
+        public SHA224WithRSAEncryption()
+        {
+            super(new SHA224Digest(), new RSABlindedEngine());
+        }
+    }
+
+    static public class SHA256WithRSAEncryption
+        extends X931SignatureSpi
+    {
+        public SHA256WithRSAEncryption()
+        {
+            super(new SHA256Digest(), new RSABlindedEngine());
+        }
+    }
+
+    static public class SHA384WithRSAEncryption
+        extends X931SignatureSpi
+    {
+        public SHA384WithRSAEncryption()
+        {
+            super(new SHA384Digest(), new RSABlindedEngine());
+        }
+    }
+
+    static public class SHA512WithRSAEncryption
+        extends X931SignatureSpi
+    {
+        public SHA512WithRSAEncryption()
+        {
+            super(new SHA512Digest(), new RSABlindedEngine());
+        }
+    }
+
+    static public class WhirlpoolWithRSAEncryption
+        extends X931SignatureSpi
+    {
+        public WhirlpoolWithRSAEncryption()
+        {
+            super(new WhirlpoolDigest(), new RSABlindedEngine());
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAlgorithmParameterGeneratorSpi.java
new file mode 100644
index 0000000..d9fb3fb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAlgorithmParameterGeneratorSpi.java
@@ -0,0 +1,25 @@
+package org.bouncycastle.jcajce.provider.asymmetric.util;
+
+import java.security.AlgorithmParameterGeneratorSpi;
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
+
+public abstract class BaseAlgorithmParameterGeneratorSpi
+    extends AlgorithmParameterGeneratorSpi
+{
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
+    public BaseAlgorithmParameterGeneratorSpi()
+    {
+    }
+
+    protected final AlgorithmParameters createParametersInstance(String algorithm)
+        throws NoSuchAlgorithmException, NoSuchProviderException
+    {
+        return helper.createAlgorithmParameters(algorithm);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
index 722a5ca..482329c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
@@ -25,6 +25,8 @@ import javax.crypto.spec.SecretKeySpec;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.Wrapper;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public abstract class BaseCipherSpi
@@ -41,6 +43,7 @@ public abstract class BaseCipherSpi
                                         RC5ParameterSpec.class
                                     };
 
+    private final JcaJceHelper helper = new BCJcaJceHelper();
 
     protected AlgorithmParameters     engineParams = null;
 
@@ -80,6 +83,12 @@ public abstract class BaseCipherSpi
         return null;
     }
 
+    protected final AlgorithmParameters createParametersInstance(String algorithm)
+        throws NoSuchAlgorithmException, NoSuchProviderException
+    {
+        return helper.createAlgorithmParameters(algorithm);
+    }
+
     protected void engineSetMode(
         String  mode)
         throws NoSuchAlgorithmException
@@ -186,7 +195,7 @@ public abstract class BaseCipherSpi
         {
             try
             {
-                KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
+                KeyFactory kf = helper.createKeyFactory(wrappedKeyAlgorithm);
 
                 if (wrappedKeyType == Cipher.PUBLIC_KEY)
                 {
@@ -197,17 +206,17 @@ public abstract class BaseCipherSpi
                     return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));
                 }
             }
-            catch (NoSuchProviderException e)
+            catch (NoSuchAlgorithmException e)
             {
                 throw new InvalidKeyException("Unknown key type " + e.getMessage());
             }
-            catch (NoSuchAlgorithmException e)
+            catch (InvalidKeySpecException e)
             {
                 throw new InvalidKeyException("Unknown key type " + e.getMessage());
             }
-            catch (InvalidKeySpecException e2)
+            catch (NoSuchProviderException e)
             {
-                throw new InvalidKeyException("Unknown key type " + e2.getMessage());
+                throw new InvalidKeyException("Unknown key type " + e.getMessage());
             }
 
             throw new InvalidKeyException("Unknown key type " + wrappedKeyType);
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java
index 490bf4e..cb34f44 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java
@@ -1,6 +1,5 @@
 package org.bouncycastle.jcajce.provider.asymmetric.util;
 
-import java.io.IOException;
 import java.security.Key;
 import java.security.PrivateKey;
 import java.security.PublicKey;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java
index 5eea1b9..d5b62fe 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java
@@ -7,22 +7,46 @@ import java.security.spec.ECFieldFp;
 import java.security.spec.ECParameterSpec;
 import java.security.spec.ECPoint;
 import java.security.spec.EllipticCurve;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
 
+import org.bouncycastle.asn1.x9.ECNamedCurveTable;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.ec.CustomNamedCurves;
 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECCurve;
 
 public class EC5Util
 {
+    private static Map customCurves = new HashMap();
+
+    static
+    {
+        Enumeration e = CustomNamedCurves.getNames();
+        while (e.hasMoreElements())
+        {
+            String name = (String)e.nextElement();
+
+            X9ECParameters curveParams = ECNamedCurveTable.getByName(name);
+            if (curveParams != null)  // there may not be a regular curve, may just be a custom curve.
+            {
+                customCurves.put(curveParams.getCurve(), CustomNamedCurves.getByName(name).getCurve());
+            }
+        }
+    }
+
     public static EllipticCurve convertCurve(
         ECCurve curve, 
         byte[]  seed)
     {
         // TODO: the Sun EC implementation doesn't currently handle the seed properly
         // so at the moment it's set to null. Should probably look at making this configurable
-        if (curve instanceof ECCurve.Fp)
+        if (ECAlgorithms.isFpCurve(curve))
         {
-            return new EllipticCurve(new ECFieldFp(((ECCurve.Fp)curve).getQ()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null);
+            return new EllipticCurve(new ECFieldFp(curve.getField().getCharacteristic()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null);
         }
         else
         {
@@ -53,7 +77,14 @@ public class EC5Util
 
         if (field instanceof ECFieldFp)
         {
-            return new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
+            ECCurve.Fp curve = new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
+
+            if (customCurves.containsKey(curve))
+            {
+                return (ECCurve)customCurves.get(curve);
+            }
+
+            return curve;
         }
         else
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
index 97ade38..b1805f6 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.jcajce.provider.asymmetric.util;
 
+import java.math.BigInteger;
 import java.security.InvalidKeyException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
@@ -12,7 +13,9 @@ import org.bouncycastle.asn1.sec.SECNamedCurves;
 import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X962Parameters;
 import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.ec.CustomNamedCurves;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
@@ -213,6 +216,25 @@ public class ECUtil
         throw new InvalidKeyException("can't identify EC private key.");
     }
 
+    public static int getOrderBitLength(BigInteger order, BigInteger privateValue)
+    {
+        if (order == null)     // implicitly CA
+        {
+            ECParameterSpec implicitCA = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa();
+
+            if (implicitCA == null)
+            {
+                return privateValue.bitLength();   // a guess but better than an exception!
+            }
+
+            return implicitCA.getN().bitLength();
+        }
+        else
+        {
+            return order.bitLength();
+        }
+    }
+
     public static ASN1ObjectIdentifier getNamedCurveOid(
         String name)
     {
@@ -241,11 +263,15 @@ public class ECUtil
     public static X9ECParameters getNamedCurveByOid(
         ASN1ObjectIdentifier oid)
     {
-        X9ECParameters params = X962NamedCurves.getByOID(oid);
-        
+        X9ECParameters params = CustomNamedCurves.getByOID(oid);
+
         if (params == null)
         {
-            params = SECNamedCurves.getByOID(oid);
+            params = X962NamedCurves.getByOID(oid);
+            if (params == null)
+            {
+                params = SECNamedCurves.getByOID(oid);
+            }
             if (params == null)
             {
                 params = NISTNamedCurves.getByOID(oid);
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.java
index 532554d..3e328da 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.java
@@ -12,7 +12,6 @@ import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
 
 public class PKCS12BagAttributeCarrierImpl
@@ -90,7 +89,7 @@ public class PKCS12BagAttributeCarrierImpl
 
             while (e.hasMoreElements())
             {
-                DERObjectIdentifier    oid = (DERObjectIdentifier)e.nextElement();
+                ASN1ObjectIdentifier    oid = (ASN1ObjectIdentifier)e.nextElement();
 
                 aOut.writeObject(oid);
                 aOut.writeObject((ASN1Encodable)pkcs12Attributes.get(oid));
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java
index 8699c3c..8116f29 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java
@@ -6,7 +6,7 @@ import java.io.InputStream;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.util.encoders.Base64;
 
-public class PEMUtil
+class PEMUtil
 {
     private final String _header1;
     private final String _header2;
@@ -33,11 +33,6 @@ public class PEMUtil
         {
             while (((c = in.read()) != '\r') && c != '\n' && (c >= 0))
             {
-                if (c == '\r')
-                {
-                    continue;
-                }
-
                 l.append((char)c);
             }
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
index 91d4829..b82d091 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
@@ -34,7 +34,8 @@ import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.pkcs.ContentInfo;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.SignedData;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.util.io.pem.PemObject;
 import org.bouncycastle.util.io.pem.PemWriter;
 
@@ -45,6 +46,8 @@ import org.bouncycastle.util.io.pem.PemWriter;
 public  class PKIXCertPath
     extends CertPath
 {
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
     static final List certPathEncodings;
 
     static
@@ -180,7 +183,7 @@ public  class PKIXCertPath
                 }
                 Enumeration e = ((ASN1Sequence)derObject).getObjects();
                 certificates = new ArrayList();
-                CertificateFactory certFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
+                CertificateFactory certFactory = helper.createCertificateFactory("X.509");
                 while (e.hasMoreElements())
                 {
                     ASN1Encodable element = (ASN1Encodable)e.nextElement();
@@ -193,7 +196,7 @@ public  class PKIXCertPath
             {
                 inStream = new BufferedInputStream(inStream);
                 certificates = new ArrayList();
-                CertificateFactory certFactory= CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
+                CertificateFactory certFactory= helper.createCertificateFactory("X.509");
                 Certificate cert;
                 while ((cert = certFactory.generateCertificate(inStream)) != null)
                 {
@@ -213,7 +216,7 @@ public  class PKIXCertPath
         {
             throw new CertificateException("BouncyCastle provider not found while trying to get a CertificateFactory:\n" + ex.toString());
         }
-        
+
         this.certificates = sortCerts(certificates);
     }
     
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java
index 32e595c..0b53bd3 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java
@@ -23,7 +23,6 @@ import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.GeneralNames;
 import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
 
 /**
  * The following extensions are listed in RFC 2459 as relevant to CRL Entries
@@ -31,7 +30,7 @@ import org.bouncycastle.asn1.x509.X509Extension;
  * ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer
  * (critical)
  */
-public class X509CRLEntryObject extends X509CRLEntry
+class X509CRLEntryObject extends X509CRLEntry
 {
     private TBSCertList.CRLEntry c;
 
@@ -285,11 +284,11 @@ public class X509CRLEntryObject extends X509CRLEntry
                         buf.append("                       critical(").append(ext.isCritical()).append(") ");
                         try
                         {
-                            if (oid.equals(X509Extension.reasonCode))
+                            if (oid.equals(Extension.reasonCode))
                             {
                                 buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl);
                             }
-                            else if (oid.equals(X509Extension.certificateIssuer))
+                            else if (oid.equals(Extension.certificateIssuer))
                             {
                                 buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                             }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java
index c7d0402..cd877d0 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java
@@ -42,7 +42,6 @@ import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
 import org.bouncycastle.asn1.x509.TBSCertList;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.RFC3280CertPathUtilities;
 import org.bouncycastle.util.encoders.Hex;
 
 /**
@@ -54,7 +53,7 @@ import org.bouncycastle.util.encoders.Hex;
  * Delta CRL Indicator (critical)
  * Issuing Distribution Point (critical)
  */
-public class X509CRLObject
+class X509CRLObject
     extends X509CRL
 {
     private CertificateList c;
@@ -120,8 +119,8 @@ public class X509CRLObject
             return false;
         }
 
-        extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT);
-        extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
+        extns.remove(Extension.issuingDistributionPoint.getId());
+        extns.remove(Extension.deltaCRLIndicator.getId());
 
         return !extns.isEmpty();
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
index 4422062..56df634 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
@@ -9,9 +9,7 @@ import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.Principal;
-import java.security.Provider;
 import java.security.PublicKey;
-import java.security.Security;
 import java.security.Signature;
 import java.security.SignatureException;
 import java.security.cert.Certificate;
@@ -61,7 +59,6 @@ import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrie
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.provider.RFC3280CertPathUtilities;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.encoders.Hex;
@@ -238,37 +235,11 @@ class X509CertificateObject
 
     /**
      * return a more "meaningful" representation for the signature algorithm used in
-     * the certficate.
+     * the certificate.
      */
     public String getSigAlgName()
     {
-        Provider    prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
-
-        if (prov != null)
-        {
-            String      algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
-
-            if (algName != null)
-            {
-                return algName;
-            }
-        }
-
-        Provider[] provs = Security.getProviders();
-
-        //
-        // search every provider looking for a real algorithm
-        //
-        for (int i = 0; i != provs.length; i++)
-        {
-            String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
-            if (algName != null)
-            {
-                return algName;
-            }
-        }
-
-        return this.getSigAlgOID();
+        return X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
     }
 
     /**
@@ -522,19 +493,18 @@ class X509CertificateObject
                 while (e.hasMoreElements())
                 {
                     ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
-                    String              oidId = oid.getId();
-
-                    if (oidId.equals(RFC3280CertPathUtilities.KEY_USAGE)
-                     || oidId.equals(RFC3280CertPathUtilities.CERTIFICATE_POLICIES)
-                     || oidId.equals(RFC3280CertPathUtilities.POLICY_MAPPINGS)
-                     || oidId.equals(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY)
-                     || oidId.equals(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS)
-                     || oidId.equals(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT)
-                     || oidId.equals(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR)
-                     || oidId.equals(RFC3280CertPathUtilities.POLICY_CONSTRAINTS)
-                     || oidId.equals(RFC3280CertPathUtilities.BASIC_CONSTRAINTS)
-                     || oidId.equals(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME)
-                     || oidId.equals(RFC3280CertPathUtilities.NAME_CONSTRAINTS))
+
+                    if (oid.equals(Extension.keyUsage)
+                     || oid.equals(Extension.certificatePolicies)
+                     || oid.equals(Extension.policyMappings)
+                     || oid.equals(Extension.inhibitAnyPolicy)
+                     || oid.equals(Extension.cRLDistributionPoints)
+                     || oid.equals(Extension.issuingDistributionPoint)
+                     || oid.equals(Extension.deltaCRLIndicator)
+                     || oid.equals(Extension.policyConstraints)
+                     || oid.equals(Extension.basicConstraints)
+                     || oid.equals(Extension.subjectAlternativeName)
+                     || oid.equals(Extension.nameConstraints))
                     {
                         continue;
                     }
@@ -775,7 +745,16 @@ class X509CertificateObject
         InvalidKeyException, NoSuchProviderException, SignatureException
     {
         String    sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
-        Signature signature = Signature.getInstance(sigName, sigProvider);
+        Signature signature;
+
+        if (sigProvider  != null)
+        {
+            signature = Signature.getInstance(sigName, sigProvider);
+        }
+        else
+        {
+            signature = Signature.getInstance(sigName);
+        }
         
         checkSignature(key, signature);
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java
index 127b534..8488f80 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java
@@ -5,15 +5,17 @@ import java.security.AlgorithmParameters;
 import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
 import java.security.Signature;
 import java.security.SignatureException;
 import java.security.spec.PSSParameterSpec;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Null;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -22,6 +24,7 @@ import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 class X509SignatureUtil
 {
@@ -76,7 +79,33 @@ class X509SignatureUtil
             {
                 ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params);
                 
-                return getDigestAlgName((DERObjectIdentifier)ecDsaParams.getObjectAt(0)) + "withECDSA";
+                return getDigestAlgName((ASN1ObjectIdentifier)ecDsaParams.getObjectAt(0)) + "withECDSA";
+            }
+        }
+
+        Provider prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
+
+        if (prov != null)
+        {
+            String      algName = prov.getProperty("Alg.Alias.Signature." + sigAlgId.getAlgorithm().getId());
+
+            if (algName != null)
+            {
+                return algName;
+            }
+        }
+
+        Provider[] provs = Security.getProviders();
+
+        //
+        // search every provider looking for a real algorithm
+        //
+        for (int i = 0; i != provs.length; i++)
+        {
+            String algName = provs[i].getProperty("Alg.Alias.Signature." + sigAlgId.getAlgorithm().getId());
+            if (algName != null)
+            {
+                return algName;
             }
         }
 
@@ -88,7 +117,7 @@ class X509SignatureUtil
      * representations rather the the algorithm identifier (if possible).
      */
     private static String getDigestAlgName(
-        DERObjectIdentifier digestAlgOID)
+        ASN1ObjectIdentifier digestAlgOID)
     {
         if (PKCSObjectIdentifiers.md5.equals(digestAlgOID))
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
index 05bfa1c..123ff7d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
@@ -15,7 +15,7 @@ public interface ConfigurableProvider
     static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa";
 
     /**
-     * Elliptic Curve CA parameters - thread local version
+     * Elliptic Curve CA parameters - VM wide version
      */
     static final String EC_IMPLICITLY_CA = "ecImplicitlyCa";
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java
index 36a32b1..7d0b203 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java
@@ -2,50 +2,31 @@ package org.bouncycastle.jcajce.provider.config;
 
 import java.io.OutputStream;
 import java.security.KeyStore;
-import java.security.KeyStore.LoadStoreParameter;
 import java.security.KeyStore.ProtectionParameter;
 
+/**
+ * @deprecated use org.bouncycastle.jcajce.PKCS12StoreParameter
+ */
 public class PKCS12StoreParameter
-    implements LoadStoreParameter
+    extends org.bouncycastle.jcajce.PKCS12StoreParameter
 {
-    private final OutputStream out;
-    private final ProtectionParameter protectionParameter;
-    private final boolean forDEREncoding;
-
     public PKCS12StoreParameter(OutputStream out, char[] password)
     {
-        this(out, password, false);
+        super(out, password, false);
     }
 
     public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter)
     {
-        this(out, protectionParameter, false);
+        super(out, protectionParameter, false);
     }
 
     public PKCS12StoreParameter(OutputStream out, char[] password, boolean forDEREncoding)
     {
-        this(out, new KeyStore.PasswordProtection(password), forDEREncoding);
+        super(out, new KeyStore.PasswordProtection(password), forDEREncoding);
     }
 
     public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter, boolean forDEREncoding)
     {
-        this.out = out;
-        this.protectionParameter = protectionParameter;
-        this.forDEREncoding = forDEREncoding;
-    }
-
-    public OutputStream getOutputStream()
-    {
-        return out;
-    }
-
-    public ProtectionParameter getProtectionParameter()
-    {
-        return protectionParameter;
-    }
-
-    public boolean isForDEREncoding()
-    {
-        return forDEREncoding;
+        super(out, protectionParameter, forDEREncoding);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java
index ea89261..0640669 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java
@@ -14,8 +14,10 @@ import java.security.KeyStoreSpi;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
+import java.security.Provider;
 import java.security.PublicKey;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
@@ -46,6 +48,8 @@ import org.bouncycastle.crypto.io.DigestOutputStream;
 import org.bouncycastle.crypto.io.MacInputStream;
 import org.bouncycastle.crypto.io.MacOutputStream;
 import org.bouncycastle.crypto.macs.HMac;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.BCKeyStore;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Arrays;
@@ -88,6 +92,8 @@ public class BcKeyStoreSpi
 
     protected int              version;
 
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
     public BcKeyStoreSpi(int version)
     {
         this.version = version;
@@ -361,7 +367,7 @@ public class BcKeyStoreSpi
 
         try
         {
-            CertificateFactory cFact = CertificateFactory.getInstance(type, BouncyCastleProvider.PROVIDER_NAME);
+            CertificateFactory cFact = helper.createCertificateFactory(type);
             ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc);
 
             return cFact.generateCertificate(bIn);
@@ -436,11 +442,11 @@ public class BcKeyStoreSpi
             switch (keyType)
             {
             case KEY_PRIVATE:
-                return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePrivate(spec);
+                return helper.createKeyFactory(algorithm).generatePrivate(spec);
             case KEY_PUBLIC:
-                return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePublic(spec);
+                return  helper.createKeyFactory(algorithm).generatePublic(spec);
             case KEY_SECRET:
-                return SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generateSecret(spec);
+                return  helper.createSecretKeyFactory(algorithm).generateSecret(spec);
             default:
                 throw new IOException("Key type " + keyType + " not recognised!");
             }
@@ -462,10 +468,10 @@ public class BcKeyStoreSpi
         try
         {
             PBEKeySpec          pbeSpec = new PBEKeySpec(password);
-            SecretKeyFactory    keyFact = SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME);
+            SecretKeyFactory    keyFact = helper.createSecretKeyFactory(algorithm);
             PBEParameterSpec    defParams = new PBEParameterSpec(salt, iterationCount);
 
-            Cipher cipher = Cipher.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME);
+            Cipher cipher = helper.createCipher(algorithm);
 
             cipher.init(mode, keyFact.generateSecret(pbeSpec), defParams);
 
@@ -1041,6 +1047,18 @@ public class BcKeyStoreSpi
         }
     }
 
+    static Provider getBouncyCastleProvider()
+    {
+        if (Security.getProvider("BC") != null)
+        {
+            return Security.getProvider("BC");
+        }
+        else
+        {
+            return new BouncyCastleProvider();
+        }
+    }
+
     public static class Std
        extends BcKeyStoreSpi
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index 9a62c98..3fc0396 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -15,6 +15,7 @@ import java.security.KeyStore.ProtectionParameter;
 import java.security.KeyStoreException;
 import java.security.KeyStoreSpi;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.Provider;
@@ -84,10 +85,14 @@ import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-import org.bouncycastle.jcajce.provider.config.PKCS12StoreParameter;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.jcajce.PKCS12StoreParameter;
 import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey;
 import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
 import org.bouncycastle.jcajce.spec.PBKDF2KeySpec;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.BCKeyStore;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -101,10 +106,11 @@ public class PKCS12KeyStoreSpi
     extends KeyStoreSpi
     implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore
 {
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
     private static final int SALT_SIZE = 20;
     private static final int MIN_ITERATIONS = 1024;
 
-    private static final Provider bcProvider = new BouncyCastleProvider();
     private static final DefaultSecretKeyProvider keySizeProvider = new DefaultSecretKeyProvider();
 
     private IgnoresCaseHashtable keys = new IgnoresCaseHashtable();
@@ -209,7 +215,7 @@ public class PKCS12KeyStoreSpi
             SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
                 (ASN1Sequence)ASN1Primitive.fromByteArray(pubKey.getEncoded()));
 
-            return new SubjectKeyIdentifier(info);
+            return new SubjectKeyIdentifier(getDigest(info));
         }
         catch (Exception e)
         {
@@ -217,6 +223,17 @@ public class PKCS12KeyStoreSpi
         }
     }
 
+    private static byte[] getDigest(SubjectPublicKeyInfo spki)
+    {
+        Digest digest = new SHA1Digest();
+        byte[]  resBuf = new byte[digest.getDigestSize()];
+
+        byte[] bytes = spki.getPublicKeyData().getBytes();
+        digest.update(bytes, 0, bytes.length);
+        digest.doFinal(resBuf, 0);
+        return resBuf;
+    }
+
     public void setRandom(
         SecureRandom rand)
     {
@@ -588,8 +605,8 @@ public class PKCS12KeyStoreSpi
                 PBEKeySpec pbeSpec = new PBEKeySpec(password);
                 PrivateKey out;
 
-                SecretKeyFactory keyFact = SecretKeyFactory.getInstance(
-                    algorithm.getId(), bcProvider);
+                SecretKeyFactory keyFact = helper.createSecretKeyFactory(
+                    algorithm.getId());
                 PBEParameterSpec defParams = new PBEParameterSpec(
                     pbeParams.getIV(),
                     pbeParams.getIterations().intValue());
@@ -598,7 +615,7 @@ public class PKCS12KeyStoreSpi
 
                 ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero);
 
-                Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider);
+                Cipher cipher = helper.createCipher(algorithm.getId());
 
                 cipher.init(Cipher.UNWRAP_MODE, k, defParams);
 
@@ -634,13 +651,12 @@ public class PKCS12KeyStoreSpi
 
         try
         {
-            SecretKeyFactory keyFact = SecretKeyFactory.getInstance(
-                algorithm, bcProvider);
+            SecretKeyFactory keyFact =  helper.createSecretKeyFactory(algorithm);
             PBEParameterSpec defParams = new PBEParameterSpec(
                 pbeParams.getIV(),
                 pbeParams.getIterations().intValue());
 
-            Cipher cipher = Cipher.getInstance(algorithm, bcProvider);
+            Cipher cipher = helper.createCipher(algorithm);
 
             cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams);
 
@@ -663,6 +679,7 @@ public class PKCS12KeyStoreSpi
         throws IOException
     {
         ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
+        int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
 
         if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds))
         {
@@ -671,7 +688,7 @@ public class PKCS12KeyStoreSpi
 
             try
             {
-                SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm.getId(), bcProvider);
+                SecretKeyFactory keyFact = helper.createSecretKeyFactory(algorithm.getId());
                 PBEParameterSpec defParams = new PBEParameterSpec(
                     pbeParams.getIV(),
                     pbeParams.getIterations().intValue());
@@ -679,8 +696,8 @@ public class PKCS12KeyStoreSpi
 
                 key.setTryWrongPKCS12Zero(wrongPKCS12Zero);
 
-                Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider);
-                int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
+                Cipher cipher = helper.createCipher(algorithm.getId());
+
                 cipher.init(mode, key, defParams);
                 return cipher.doFinal(data);
             }
@@ -693,7 +710,7 @@ public class PKCS12KeyStoreSpi
         {
             try
             {
-                Cipher cipher = createCipher(Cipher.DECRYPT_MODE, password, algId);
+                Cipher cipher = createCipher(mode, password, algId);
 
                 return cipher.doFinal(data);
             }
@@ -709,13 +726,13 @@ public class PKCS12KeyStoreSpi
     }
 
     private Cipher createCipher(int mode, char[] password, AlgorithmIdentifier algId)
-        throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException
+        throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchProviderException
     {
         PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters());
         PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
         AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
 
-        SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId(), bcProvider);
+        SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
         SecretKey key;
 
         if (func.isDefaultPrf())
@@ -1021,9 +1038,9 @@ public class PKCS12KeyStoreSpi
                             Enumeration e = b.getBagAttributes().getObjects();
                             while (e.hasMoreElements())
                             {
-                                ASN1Sequence sq = (ASN1Sequence)e.nextElement();
-                                ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0);
-                                ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
+                                ASN1Sequence sq = ASN1Sequence.getInstance(e.nextElement());
+                                ASN1ObjectIdentifier aOid = ASN1ObjectIdentifier.getInstance(sq.getObjectAt(0));
+                                ASN1Set attrSet = ASN1Set.getInstance(sq.getObjectAt(1));
                                 ASN1Primitive attr = null;
 
                                 if (attrSet.size() > 0)
@@ -1044,16 +1061,16 @@ public class PKCS12KeyStoreSpi
                                     {
                                         bagAttr.setBagAttribute(aOid, attr);
                                     }
-                                }
 
-                                if (aOid.equals(pkcs_9_at_friendlyName))
-                                {
-                                    alias = ((DERBMPString)attr).getString();
-                                    keys.put(alias, privKey);
-                                }
-                                else if (aOid.equals(pkcs_9_at_localKeyId))
-                                {
-                                    localId = (ASN1OctetString)attr;
+                                    if (aOid.equals(pkcs_9_at_friendlyName))
+                                    {
+                                        alias = ((DERBMPString)attr).getString();
+                                        keys.put(alias, privKey);
+                                    }
+                                    else if (aOid.equals(pkcs_9_at_localKeyId))
+                                    {
+                                        localId = (ASN1OctetString)attr;
+                                    }
                                 }
                             }
 
@@ -1121,38 +1138,43 @@ public class PKCS12KeyStoreSpi
                 Enumeration e = b.getBagAttributes().getObjects();
                 while (e.hasMoreElements())
                 {
-                    ASN1Sequence sq = (ASN1Sequence)e.nextElement();
-                    ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)sq.getObjectAt(0);
-                    ASN1Primitive attr = (ASN1Primitive)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0);
-                    PKCS12BagAttributeCarrier bagAttr = null;
+                    ASN1Sequence sq = ASN1Sequence.getInstance(e.nextElement());
+                    ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(sq.getObjectAt(0));
+                    ASN1Set attrSet = ASN1Set.getInstance(sq.getObjectAt(1));
 
-                    if (cert instanceof PKCS12BagAttributeCarrier)
+                    if (attrSet.size() > 0)   // sometimes this is empty!
                     {
-                        bagAttr = (PKCS12BagAttributeCarrier)cert;
+                        ASN1Primitive attr = (ASN1Primitive)attrSet.getObjectAt(0);
+                        PKCS12BagAttributeCarrier bagAttr = null;
 
-                        ASN1Encodable existing = bagAttr.getBagAttribute(oid);
-                        if (existing != null)
+                        if (cert instanceof PKCS12BagAttributeCarrier)
                         {
-                            // OK, but the value has to be the same
-                            if (!existing.toASN1Primitive().equals(attr))
+                            bagAttr = (PKCS12BagAttributeCarrier)cert;
+
+                            ASN1Encodable existing = bagAttr.getBagAttribute(oid);
+                            if (existing != null)
                             {
-                                throw new IOException(
-                                    "attempt to add existing attribute with different value");
+                                // OK, but the value has to be the same
+                                if (!existing.toASN1Primitive().equals(attr))
+                                {
+                                    throw new IOException(
+                                        "attempt to add existing attribute with different value");
+                                }
+                            }
+                            else
+                            {
+                                bagAttr.setBagAttribute(oid, attr);
                             }
                         }
-                        else
+
+                        if (oid.equals(pkcs_9_at_friendlyName))
                         {
-                            bagAttr.setBagAttribute(oid, attr);
+                            alias = ((DERBMPString)attr).getString();
+                        }
+                        else if (oid.equals(pkcs_9_at_localKeyId))
+                        {
+                            localId = (ASN1OctetString)attr;
                         }
-                    }
-
-                    if (oid.equals(pkcs_9_at_friendlyName))
-                    {
-                        alias = ((DERBMPString)attr).getString();
-                    }
-                    else if (oid.equals(pkcs_9_at_localKeyId))
-                    {
-                        localId = (ASN1OctetString)attr;
                     }
                 }
             }
@@ -1629,7 +1651,7 @@ public class PKCS12KeyStoreSpi
         asn1Out.writeObject(pfx);
     }
 
-    private static byte[] calculatePbeMac(
+    private byte[] calculatePbeMac(
         ASN1ObjectIdentifier oid,
         byte[] salt,
         int itCount,
@@ -1638,13 +1660,13 @@ public class PKCS12KeyStoreSpi
         byte[] data)
         throws Exception
     {
-        SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider);
+        SecretKeyFactory keyFact = helper.createSecretKeyFactory(oid.getId());
         PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
         PBEKeySpec pbeSpec = new PBEKeySpec(password);
         BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec);
         key.setTryWrongPKCS12Zero(wrongPkcs12Zero);
 
-        Mac mac = Mac.getInstance(oid.getId(), bcProvider);
+        Mac mac = helper.createMac(oid.getId());
         mac.init(key, defParams);
         mac.update(data);
         return mac.doFinal();
@@ -1655,7 +1677,7 @@ public class PKCS12KeyStoreSpi
     {
         public BCPKCS12KeyStore()
         {
-            super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
+            super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
         }
     }
 
@@ -1664,7 +1686,7 @@ public class PKCS12KeyStoreSpi
     {
         public BCPKCS12KeyStore3DES()
         {
-            super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+            super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
index a600604..e69f39f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
@@ -12,6 +12,7 @@ import java.security.spec.InvalidParameterSpecException;
 import javax.crypto.spec.IvParameterSpec;
 
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
+import org.bouncycastle.asn1.cms.CCMParameters;
 import org.bouncycastle.asn1.cms.GCMParameters;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.crypto.BlockCipher;
@@ -20,10 +21,12 @@ import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.engines.AESFastEngine;
 import org.bouncycastle.crypto.engines.AESWrapEngine;
 import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+import org.bouncycastle.crypto.engines.RFC5649WrapEngine;
 import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
 import org.bouncycastle.crypto.macs.CMac;
 import org.bouncycastle.crypto.macs.GMac;
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CCMBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
@@ -37,7 +40,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Integers;
 
 public final class AES
@@ -99,6 +101,15 @@ public final class AES
         }
     }
 
+    static public class CCM
+        extends BaseBlockCipher
+    {
+        public CCM()
+        {
+            super(new CCMBlockCipher(new AESFastEngine()));
+        }
+    }
+
     public static class AESCMAC
         extends BaseMac
     {
@@ -153,7 +164,15 @@ public final class AES
         }
     }
 
-    
+    public static class RFC5649Wrap
+        extends BaseWrapCipher
+    {
+        public RFC5649Wrap()
+        {
+            super(new RFC5649WrapEngine(new AESFastEngine()));
+        }
+    }
+
     /**
      * PBEWithAES-CBC
      */
@@ -341,7 +360,7 @@ public final class AES
 
             try
             {
-                params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("AES");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
@@ -353,6 +372,82 @@ public final class AES
         }
     }
 
+    public static class AlgParamGenCCM
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+        }
+
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  iv = new byte[12];
+
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
+
+            random.nextBytes(iv);
+
+            AlgorithmParameters params;
+
+            try
+            {
+                params = createParametersInstance("CCM");
+                params.init(new CCMParameters(iv, 12).getEncoded());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
+
+            return params;
+        }
+    }
+
+    public static class AlgParamGenGCM
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+        }
+
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  nonce = new byte[12];
+
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
+
+            random.nextBytes(nonce);
+
+            AlgorithmParameters params;
+
+            try
+            {
+                params = createParametersInstance("GCM");
+                params.init(new GCMParameters(nonce, 12).getEncoded());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
+
+            return params;
+        }
+    }
+
     public static class AlgParams
         extends IvAlgorithmParameters
     {
@@ -377,8 +472,7 @@ public final class AES
                     Method tLen = gcmSpecClass.getDeclaredMethod("getTLen", new Class[0]);
                     Method iv= gcmSpecClass.getDeclaredMethod("getIV", new Class[0]);
 
-
-                    gcmParams = new GCMParameters((byte[])iv.invoke(paramSpec, new Object[0]), ((Integer)tLen.invoke(paramSpec, new Object[0])).intValue());
+                    gcmParams = new GCMParameters((byte[])iv.invoke(paramSpec, new Object[0]), ((Integer)tLen.invoke(paramSpec, new Object[0])).intValue() / 8);
                 }
                 catch (Exception e)
                 {
@@ -433,9 +527,84 @@ public final class AES
             {
                 try
                 {
-                    Constructor constructor = gcmSpecClass.getConstructor(new Class[] { byte[].class, Integer.class });
+                    Constructor constructor = gcmSpecClass.getConstructor(new Class[] { Integer.TYPE, byte[].class });
 
-                    return (AlgorithmParameterSpec)constructor.newInstance(new Object[] { gcmParams.getNonce(), Integers.valueOf(gcmParams.getIcvLen()) });
+                    return (AlgorithmParameterSpec)constructor.newInstance(new Object[] { Integers.valueOf(gcmParams.getIcvLen() * 8), gcmParams.getNonce() });
+                }
+                catch (NoSuchMethodException e)
+                {
+                    throw new InvalidParameterSpecException("no constructor found!");   // should never happen
+                }
+                catch (Exception e)
+                {
+                    throw new InvalidParameterSpecException("construction failed: " + e.getMessage());   // should never happen
+                }
+            }
+
+            throw new InvalidParameterSpecException("unknown parameter spec: " + paramSpec.getName());
+        }
+    }
+
+    public static class AlgParamsCCM
+        extends BaseAlgorithmParameters
+    {
+        private CCMParameters ccmParams;
+
+        protected void engineInit(AlgorithmParameterSpec paramSpec)
+            throws InvalidParameterSpecException
+        {
+            throw new InvalidParameterSpecException("No supported AlgorithmParameterSpec for AES parameter generation.");
+        }
+
+        protected void engineInit(byte[] params)
+            throws IOException
+        {
+            ccmParams = CCMParameters.getInstance(params);
+        }
+
+        protected void engineInit(byte[] params, String format)
+            throws IOException
+        {
+            if (!isASN1FormatString(format))
+            {
+                throw new IOException("unknown format specified");
+            }
+
+            ccmParams = CCMParameters.getInstance(params);
+        }
+
+        protected byte[] engineGetEncoded()
+            throws IOException
+        {
+            return ccmParams.getEncoded();
+        }
+
+        protected byte[] engineGetEncoded(String format)
+            throws IOException
+        {
+            if (!isASN1FormatString(format))
+            {
+                throw new IOException("unknown format specified");
+            }
+
+            return ccmParams.getEncoded();
+        }
+
+        protected String engineToString()
+        {
+            return "CCM";
+        }
+
+        protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (gcmSpecClass != null)
+            {
+                try
+                {
+                    Constructor constructor = gcmSpecClass.getConstructor(new Class[] { Integer.TYPE, byte[].class });
+
+                    return (AlgorithmParameterSpec)constructor.newInstance(new Object[] { Integers.valueOf(ccmParams.getIcvLen() * 8), ccmParams.getNonce() });
                 }
                 catch (NoSuchMethodException e)
                 {
@@ -484,6 +653,11 @@ public final class AES
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
 
+            provider.addAlgorithm("AlgorithmParameters.CCM", PREFIX + "$AlgParamsCCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+
             provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
@@ -512,7 +686,24 @@ public final class AES
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
+
             provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
+            provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap");
+
+            provider.addAlgorithm("AlgorithmParameterGenerator.CCM", PREFIX + "$AlgParamGenCCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+
+            provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM");
+            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+
+            provider.addAlgorithm("AlgorithmParameterGenerator.GCM", PREFIX + "$AlgParamGenGCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
 
             provider.addAlgorithm("Cipher.GCM", PREFIX + "$GCM");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
@@ -539,6 +730,12 @@ public final class AES
             provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
             provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
             provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_GCM, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_GCM, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_GCM, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256");
 
             provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
             
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST5.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST5.java
index f360a41..7fa4ce4 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST5.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST5.java
@@ -81,7 +81,7 @@ public final class CAST5
 
             try
             {
-                params = AlgorithmParameters.getInstance("CAST5", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("CAST5");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Camellia.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Camellia.java
index 95b5156..5dde846 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Camellia.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Camellia.java
@@ -25,7 +25,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public final class Camellia
 {
@@ -169,7 +168,7 @@ public final class Camellia
 
             try
             {
-                params = AlgorithmParameters.getInstance("Camellia", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("Camellia");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java
index f341195..2ab7086 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java
@@ -40,7 +40,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.PBE;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public final class DES
 {
@@ -179,7 +178,7 @@ public final class DES
 
             try
             {
-                params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("DES");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java
index 0f53e50..d7a52db 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java
@@ -31,7 +31,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public final class DESede
 {
@@ -267,7 +266,7 @@ public final class DESede
 
             try
             {
-                params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("DES");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/GOST28147.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/GOST28147.java
index b3ff96b..a849a18 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/GOST28147.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/GOST28147.java
@@ -21,7 +21,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public final class GOST28147
 {
@@ -90,7 +89,7 @@ public final class GOST28147
             SecureRandom random)
             throws InvalidAlgorithmParameterException
         {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST28147 parameter generation.");
         }
 
         protected AlgorithmParameters engineGenerateParameters()
@@ -108,7 +107,7 @@ public final class GOST28147
 
             try
             {
-                params = AlgorithmParameters.getInstance("GOST28147", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("GOST28147");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/IDEA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/IDEA.java
index 4248eb8..6910051 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/IDEA.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/IDEA.java
@@ -25,7 +25,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public final class IDEA
 {
@@ -104,7 +103,7 @@ public final class IDEA
 
             try
             {
-                params = AlgorithmParameters.getInstance("IDEA", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("IDEA");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Noekeon.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Noekeon.java
index a92f21d..1fefd14 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Noekeon.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Noekeon.java
@@ -20,7 +20,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public final class Noekeon
 {
@@ -105,7 +104,7 @@ public final class Noekeon
 
             try
             {
-                params = AlgorithmParameters.getInstance("Noekeon", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("Noekeon");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java
index 4160999..18d780d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java
@@ -28,7 +28,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Arrays;
 
 public final class RC2
@@ -235,7 +234,7 @@ public final class RC2
 
                 try
                 {
-                    params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
+                    params = createParametersInstance("RC2");
                     params.init(new IvParameterSpec(iv));
                 }
                 catch (Exception e)
@@ -247,7 +246,7 @@ public final class RC2
             {
                 try
                 {
-                    params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
+                    params = createParametersInstance("RC2");
                     params.init(spec);
                 }
                 catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC5.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC5.java
index aa63a95..2f1d83a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC5.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC5.java
@@ -108,7 +108,7 @@ public final class RC5
 
             try
             {
-                params = AlgorithmParameters.getInstance("RC5", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("RC5");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC6.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC6.java
index 114c40b..674ea48 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC6.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC6.java
@@ -136,7 +136,7 @@ public final class RC6
 
             try
             {
-                params = AlgorithmParameters.getInstance("RC6", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("RC6");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SEED.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SEED.java
index e7e257c..510d92e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SEED.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SEED.java
@@ -24,7 +24,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public final class SEED
 {
@@ -127,7 +126,7 @@ public final class SEED
 
             try
             {
-                params = AlgorithmParameters.getInstance("SEED", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("SEED");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Shacal2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Shacal2.java
index 81666af..ea4ccda 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Shacal2.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Shacal2.java
@@ -17,7 +17,6 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public final class Shacal2
 {
@@ -84,7 +83,7 @@ public final class Shacal2
 
             try
             {
-                params = AlgorithmParameters.getInstance("Shacal2", BouncyCastleProvider.PROVIDER_NAME);
+                params = createParametersInstance("Shacal2");
                 params.init(new IvParameterSpec(iv));
             }
             catch (Exception e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SipHash.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SipHash.java
index 25fb887..5a11531 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SipHash.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SipHash.java
@@ -1,6 +1,8 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
+import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
 
@@ -9,11 +11,11 @@ public final class SipHash
     private SipHash()
     {
     }
-    
-    public static class Mac
+
+    public static class Mac24
         extends BaseMac
     {
-        public Mac()
+        public Mac24()
         {
             super(new org.bouncycastle.crypto.macs.SipHash());
         }
@@ -28,6 +30,15 @@ public final class SipHash
         }
     }
 
+    public static class KeyGen
+        extends BaseKeyGenerator
+    {
+        public KeyGen()
+        {
+            super("SipHash", 128, new CipherKeyGenerator());
+        }
+    }
+
     public static class Mappings
         extends AlgorithmProvider
     {
@@ -39,9 +50,13 @@ public final class SipHash
 
         public void configure(ConfigurableProvider provider)
         {
-            provider.addAlgorithm("Mac.SIPHASH", PREFIX + "$Mac");
-            provider.addAlgorithm("Alg.Alias.Mac.SIPHASH-2-4", "SIPHASH");
+            provider.addAlgorithm("Mac.SIPHASH-2-4", PREFIX + "$Mac24");
+            provider.addAlgorithm("Alg.Alias.Mac.SIPHASH", "SIPHASH-2-4");
             provider.addAlgorithm("Mac.SIPHASH-4-8", PREFIX + "$Mac48");
+
+            provider.addAlgorithm("KeyGenerator.SIPHASH", PREFIX + "$KeyGen");
+            provider.addAlgorithm("Alg.Alias.KeyGenerator.SIPHASH-2-4", "SIPHASH");
+            provider.addAlgorithm("Alg.Alias.KeyGenerator.SIPHASH-4-8", "SIPHASH");
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java
index 63d6548..296d692 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java
@@ -1,14 +1,32 @@
 package org.bouncycastle.jcajce.provider.symmetric.util;
 
 import java.security.AlgorithmParameterGeneratorSpi;
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
 
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
+
 public abstract class BaseAlgorithmParameterGenerator
     extends AlgorithmParameterGeneratorSpi
 {
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
     protected SecureRandom  random;
     protected int           strength = 1024;
 
+    public BaseAlgorithmParameterGenerator()
+    {
+    }
+
+    protected final AlgorithmParameters createParametersInstance(String algorithm)
+        throws NoSuchAlgorithmException, NoSuchProviderException
+    {
+        return helper.createAlgorithmParameters(algorithm);
+    }
+
     protected void engineInit(
         int             strength,
         SecureRandom    random)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
index 943fa18..08ddfb4 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.jcajce.provider.symmetric.util;
 
+import java.lang.reflect.Constructor;
 import java.lang.reflect.Method;
 import java.nio.ByteBuffer;
 import java.security.AlgorithmParameters;
@@ -162,6 +163,11 @@ public class BaseBlockCipher
 
     protected byte[] engineGetIV()
     {
+        if (aeadParams != null)
+        {
+            return aeadParams.getNonce();
+        }
+
         return (ivParam != null) ? ivParam.getIV() : null;
     }
 
@@ -185,7 +191,7 @@ public class BaseBlockCipher
             {
                 try
                 {
-                    engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
+                    engineParams = createParametersInstance(pbeAlgorithm);
                     engineParams.init(pbeSpec);
                 }
                 catch (Exception e)
@@ -204,7 +210,7 @@ public class BaseBlockCipher
 
                 try
                 {
-                    engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME);
+                    engineParams = createParametersInstance(name);
                     engineParams.init(ivParam.getIV());
                 }
                 catch (Exception e)
@@ -216,7 +222,7 @@ public class BaseBlockCipher
             {
                 try
                 {
-                    engineParams = AlgorithmParameters.getInstance("GCM", BouncyCastleProvider.PROVIDER_NAME);
+                    engineParams = createParametersInstance("GCM");
                     engineParams.init(new GCMParameters(aeadParams.getNonce(), aeadParams.getMacSize()).getEncoded());
                 }
                 catch (Exception e)
@@ -334,7 +340,9 @@ public class BaseBlockCipher
         {
             if (engineProvider != null)
             {
-                // Nonce restricted to max 120 bits over 128 bit block cipher since draft-irtf-cfrg-ocb-03
+                /*
+                 * RFC 7253 4.2. Nonce is a string of no more than 120 bits
+                 */
                 ivLength = 15;
                 cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get()));
             }
@@ -814,10 +822,6 @@ public class BaseBlockCipher
         {
             throw new IllegalBlockSizeException(e.getMessage());
         }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
 
         if (len == tmp.length)
         {
@@ -858,10 +862,6 @@ public class BaseBlockCipher
         {
             throw new IllegalBlockSizeException(e.getMessage());
         }
-        catch (InvalidCipherTextException e)
-        {
-            throw new BadPaddingException(e.getMessage());
-        }
     }
 
     private boolean isAEADModeName(
@@ -898,7 +898,8 @@ public class BaseBlockCipher
             throws DataLengthException;
 
         public int doFinal(byte[] out, int outOff)
-            throws IllegalStateException, InvalidCipherTextException;
+            throws IllegalStateException,
+            BadPaddingException;
     }
 
     private static class BufferedGenericBlockCipher
@@ -967,15 +968,48 @@ public class BaseBlockCipher
             return cipher.processBytes(in, inOff, len, out, outOff);
         }
 
-        public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException
+        public int doFinal(byte[] out, int outOff) throws IllegalStateException, BadPaddingException
         {
-            return cipher.doFinal(out, outOff);
+            try
+            {
+                return cipher.doFinal(out, outOff);
+            }
+            catch (InvalidCipherTextException e)
+            {
+                throw new BadPaddingException(e.getMessage());
+            }
         }
     }
 
     private static class AEADGenericBlockCipher
         implements GenericBlockCipher
     {
+        private static final Constructor aeadBadTagConstructor;
+
+        static {
+            Class aeadBadTagClass = lookup("javax.crypto.AEADBadTagException");
+            if (aeadBadTagClass != null)
+            {
+                aeadBadTagConstructor = findExceptionConstructor(aeadBadTagClass);
+            }
+            else
+            {
+                aeadBadTagConstructor = null;
+            }
+        }
+
+        private static Constructor findExceptionConstructor(Class clazz)
+        {
+            try
+            {
+                return clazz.getConstructor(new Class[]{String.class});
+            }
+            catch (Exception e)
+            {
+                return null;
+            }
+        }
+
         private AEADBlockCipher cipher;
 
         AEADGenericBlockCipher(AEADBlockCipher cipher)
@@ -1029,9 +1063,33 @@ public class BaseBlockCipher
             return cipher.processBytes(in, inOff, len, out, outOff);
         }
 
-        public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException
+        public int doFinal(byte[] out, int outOff) throws IllegalStateException, BadPaddingException
         {
-            return cipher.doFinal(out, outOff);
+            try
+            {
+                return cipher.doFinal(out, outOff);
+            }
+            catch (InvalidCipherTextException e)
+            {
+                if (aeadBadTagConstructor != null)
+                {
+                    BadPaddingException aeadBadTag = null;
+                    try
+                    {
+                        aeadBadTag = (BadPaddingException)aeadBadTagConstructor
+                                .newInstance(new Object[]{e.getMessage()});
+                    }
+                    catch (Exception i)
+                    {
+                        // Shouldn't happen, but fall through to BadPaddingException
+                    }
+                    if (aeadBadTag != null)
+                    {
+                        throw aeadBadTag;
+                    }
+                }
+                throw new BadPaddingException(e.getMessage());
+            }
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
index 31ba38f..665bcab 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
@@ -5,6 +5,7 @@ import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.InvalidParameterException;
 import java.security.Key;
+import java.security.Provider;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
 
@@ -17,10 +18,8 @@ import javax.crypto.spec.PBEParameterSpec;
 import javax.crypto.spec.RC2ParameterSpec;
 import javax.crypto.spec.RC5ParameterSpec;
 
-import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamBlockCipher;
 import org.bouncycastle.crypto.StreamCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -57,15 +56,6 @@ public class BaseStreamCipher
         this.ivLength = ivLength;
     }
 
-    protected BaseStreamCipher(
-        BlockCipher engine,
-        int ivLength)
-    {
-        this.ivLength = ivLength;
-
-        cipher = new StreamBlockCipher(engine);
-    }
-
     protected int engineGetBlockSize()
     {
         return 0;
@@ -96,7 +86,7 @@ public class BaseStreamCipher
             {
                 try
                 {
-                    AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
+                    AlgorithmParameters engineParams = createParametersInstance(pbeAlgorithm);
                     engineParams.init(pbeSpec);
 
                     return engineParams;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java
index 4492a7b..5d9aea0 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java
@@ -8,7 +8,9 @@ import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
+import java.security.Provider;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
@@ -32,6 +34,9 @@ import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.Wrapper;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public abstract class BaseWrapCipher
@@ -61,6 +66,8 @@ public abstract class BaseWrapCipher
     private int                       ivSize;
     private byte[]                    iv;
 
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
     protected BaseWrapCipher()
     {
     }
@@ -106,6 +113,12 @@ public abstract class BaseWrapCipher
         return null;
     }
 
+    protected final AlgorithmParameters createParametersInstance(String algorithm)
+        throws NoSuchAlgorithmException, NoSuchProviderException
+    {
+        return helper.createAlgorithmParameters(algorithm);
+    }
+
     protected void engineSetMode(
         String  mode)
         throws NoSuchAlgorithmException
@@ -164,6 +177,11 @@ public abstract class BaseWrapCipher
             param = new ParametersWithIV(param, iv);
         }
 
+        if (random != null)
+        {
+            param = new ParametersWithRandom(param, random);
+        }
+
         switch (opmode)
         {
         case Cipher.WRAP_MODE:
@@ -361,7 +379,7 @@ public abstract class BaseWrapCipher
         {
             try
             {
-                KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
+                KeyFactory kf = helper.createKeyFactory(wrappedKeyAlgorithm);
 
                 if (wrappedKeyType == Cipher.PUBLIC_KEY)
                 {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/spec/PBKDF2KeySpec.java b/bcprov/src/main/java/org/bouncycastle/jcajce/spec/PBKDF2KeySpec.java
index 214a5eb..09a9bd0 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/spec/PBKDF2KeySpec.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/spec/PBKDF2KeySpec.java
@@ -4,11 +4,23 @@ import javax.crypto.spec.PBEKeySpec;
 
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 
+/**
+ * Extension of PBEKeySpec which takes into account the PRF algorithm setting available in PKCS#5 PBKDF2.
+ */
 public class PBKDF2KeySpec
     extends PBEKeySpec
 {
     private AlgorithmIdentifier prf;
 
+    /**
+     * Base constructor.
+     *
+     * @param password password to use as the seed of the PBE key generator.
+     * @param salt salt to use in the generator,
+     * @param iterationCount iteration count to use in the generator.
+     * @param keySize size of the key to be generated.
+     * @param prf identifier and parameters for the PRF algorithm to use.
+     */
     public PBKDF2KeySpec(char[] password, byte[] salt, int iterationCount, int keySize, AlgorithmIdentifier prf)
     {
         super(password, salt, iterationCount, keySize);
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/spec/SkeinParameterSpec.java b/bcprov/src/main/java/org/bouncycastle/jcajce/spec/SkeinParameterSpec.java
index b43aa95..c8c6c1a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/spec/SkeinParameterSpec.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/spec/SkeinParameterSpec.java
@@ -10,6 +10,7 @@ import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.Locale;
 import java.util.Map;
 
 import org.bouncycastle.util.Arrays;
@@ -17,7 +18,7 @@ import org.bouncycastle.util.Integers;
 
 /**
  * Parameters for the Skein hash function - a series of byte[] strings identified by integer tags.
- * <p/>
+ * <p>
  * Parameterised Skein can be used for:
  * <ul>
  * <li>MAC generation, by providing a {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec.Builder#setKey(byte[]) key}.</li>
@@ -30,7 +31,7 @@ import org.bouncycastle.util.Integers;
  * {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec.Builder#setPersonalisation(java.util.Date, String, String) recommended format} or
  * {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec.Builder#setPersonalisation(byte[]) arbitrary} personalisation string.</li>
  * </ul>
- *
+ * </p>
  * @see org.bouncycastle.crypto.digests.SkeinEngine
  * @see org.bouncycastle.crypto.digests.SkeinDigest
  * @see org.bouncycastle.crypto.macs.SkeinMac
@@ -169,11 +170,11 @@ public class SkeinParameterSpec
          * Sets a parameters to apply to the Skein hash function.<br>
          * Parameter types must be in the range 0,5..62, and cannot use the value {@value
          * org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_MESSAGE} (reserved for message body).
-         * <p/>
+         * <p>
          * Parameters with type < {@value org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_MESSAGE} are processed before
          * the message content, parameters with type > {@value org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_MESSAGE}
          * are processed after the message and prior to output.
-         *
+         * </p>
          * @param type  the type of the parameter, in the range 5..62.
          * @param value the byte sequence of the parameter.
          * @return
@@ -217,10 +218,10 @@ public class SkeinParameterSpec
         /**
          * Implements the recommended personalisation format for Skein defined in Section 4.11 of
          * the Skein 1.3 specification.
-         * <p/>
+         * <p>
          * The format is <code>YYYYMMDD email@address distinguisher</code>, encoded to a byte
          * sequence using UTF-8 encoding.
-         *
+         * </p>
          * @param date          the date the personalised application of the Skein was defined.
          * @param emailAddress  the email address of the creation of the personalised application.
          * @param distinguisher an arbitrary personalisation string distinguishing the application.
@@ -248,6 +249,41 @@ public class SkeinParameterSpec
         }
 
         /**
+          * Implements the recommended personalisation format for Skein defined in Section 4.11 of
+          * the Skein 1.3 specification. You may need to use this method if the default locale
+          * doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible implementations.
+          * <p>
+          * The format is <code>YYYYMMDD email@address distinguisher</code>, encoded to a byte
+          * sequence using UTF-8 encoding.
+          *
+          * @param date          the date the personalised application of the Skein was defined.
+          * @param dateLocale    locale to be used for date interpretation.
+          * @param emailAddress  the email address of the creation of the personalised application.
+          * @param distinguisher an arbitrary personalisation string distinguishing the application.
+          * @return the current builder.
+          */
+         public Builder setPersonalisation(Date date, Locale dateLocale, String emailAddress, String distinguisher)
+         {
+             try
+             {
+                 final ByteArrayOutputStream bout = new ByteArrayOutputStream();
+                 final OutputStreamWriter out = new OutputStreamWriter(bout, "UTF-8");
+                 final DateFormat format = new SimpleDateFormat("YYYYMMDD", dateLocale);
+                 out.write(format.format(date));
+                 out.write(" ");
+                 out.write(emailAddress);
+                 out.write(" ");
+                 out.write(distinguisher);
+                 out.close();
+                 return set(PARAM_TYPE_PERSONALISATION, bout.toByteArray());
+             }
+             catch (IOException e)
+             {
+                 throw new IllegalStateException("Byte I/O failed: " + e);
+             }
+         }
+
+        /**
          * Sets the {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_KEY_IDENTIFIER} parameter.
          */
         public Builder setPublicKey(byte[] publicKey)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
new file mode 100644
index 0000000..4008761
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
@@ -0,0 +1,30 @@
+package org.bouncycastle.jcajce.util;
+
+import java.security.Provider;
+import java.security.Security;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+/**
+ * A JCA/JCE helper that refers to the BC provider for all it's needs.
+ */
+public class BCJcaJceHelper
+    extends ProviderJcaJceHelper
+{
+    private static Provider getBouncyCastleProvider()
+    {
+        if (Security.getProvider("BC") != null)
+        {
+            return Security.getProvider("BC");
+        }
+        else
+        {
+            return new BouncyCastleProvider();
+        }
+    }
+
+    public BCJcaJceHelper()
+    {
+        super(getBouncyCastleProvider());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/DefaultJcaJceHelper.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/DefaultJcaJceHelper.java
index 6a7b4e2..27ca55a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/DefaultJcaJceHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/DefaultJcaJceHelper.java
@@ -1,4 +1,4 @@
-package org.bouncycastle.jcajce;
+package org.bouncycastle.jcajce.util;
 
 import java.security.AlgorithmParameterGenerator;
 import java.security.AlgorithmParameters;
@@ -17,6 +17,10 @@ import javax.crypto.Mac;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKeyFactory;
 
+/**
+ * {@link JcaJceHelper} that obtains all algorithms using the default JCA/JCE mechanism (i.e.
+ * without specifying a provider).
+ */
 public class DefaultJcaJceHelper
     implements JcaJceHelper
 {
@@ -88,7 +92,7 @@ public class DefaultJcaJceHelper
     }
 
     public CertificateFactory createCertificateFactory(String algorithm)
-        throws NoSuchAlgorithmException, CertificateException
+        throws CertificateException
     {
         return CertificateFactory.getInstance(algorithm);
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/JcaJceHelper.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceHelper.java
index 645b440..7a78193 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/JcaJceHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceHelper.java
@@ -1,4 +1,4 @@
-package org.bouncycastle.jcajce;
+package org.bouncycastle.jcajce.util;
 
 import java.security.AlgorithmParameterGenerator;
 import java.security.AlgorithmParameters;
@@ -18,6 +18,9 @@ import javax.crypto.Mac;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKeyFactory;
 
+/**
+ * Factory interface for instantiating JCA/JCE primitives.
+ */
 public interface JcaJceHelper
 {
     Cipher createCipher(
@@ -55,5 +58,5 @@ public interface JcaJceHelper
         throws NoSuchAlgorithmException, NoSuchProviderException;
 
     CertificateFactory createCertificateFactory(String algorithm)
-        throws NoSuchAlgorithmException, NoSuchProviderException, CertificateException;
+        throws NoSuchProviderException, CertificateException;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java
new file mode 100644
index 0000000..9f62ced
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java
@@ -0,0 +1,124 @@
+package org.bouncycastle.jcajce.util;
+
+import java.io.IOException;
+import java.security.AlgorithmParameters;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+
+/**
+ * General JCA/JCE utility methods.
+ */
+public class JcaJceUtils
+{
+    private JcaJceUtils()
+    {
+
+    }
+
+    /**
+     * Extract an ASN.1 encodable from an AlgorithmParameters object.
+     *
+     * @param params the object to get the encoding used to create the return value.
+     * @return an ASN.1 object representing the primitives making up the params parameter.
+     * @throws IOException if an encoding cannot be extracted.
+     */
+    public static ASN1Encodable extractParameters(AlgorithmParameters params)
+        throws IOException
+    {
+        // we try ASN.1 explicitly first just in case and then role back to the default.
+        ASN1Encodable asn1Params;
+        try
+        {
+            asn1Params = ASN1Primitive.fromByteArray(params.getEncoded("ASN.1"));
+        }
+        catch (Exception ex)
+        {
+            asn1Params = ASN1Primitive.fromByteArray(params.getEncoded());
+        }
+
+        return asn1Params;
+    }
+
+    /**
+     * Load an AlgorithmParameters object with the passed in ASN.1 encodable - if possible.
+     *
+     * @param params the AlgorithmParameters object to be initialised.
+     * @param sParams the ASN.1 encodable to initialise params with.
+     * @throws IOException if the parameters cannot be initialised.
+     */
+    public static void loadParameters(AlgorithmParameters params, ASN1Encodable sParams)
+        throws IOException
+    {
+        // we try ASN.1 explicitly first just in case and then role back to the default.
+        try
+        {
+            params.init(sParams.toASN1Primitive().getEncoded(), "ASN.1");
+        }
+        catch (Exception ex)
+        {
+            params.init(sParams.toASN1Primitive().getEncoded());
+        }
+    }
+
+    /**
+     * Attempt to find a standard JCA name for the digest represented by the past in OID.
+     *
+     * @param digestAlgOID the OID of the digest algorithm of interest.
+     * @return a string representing the standard name - the OID as a string if none available.
+     */
+    public static String getDigestAlgName(
+        ASN1ObjectIdentifier digestAlgOID)
+    {
+        if (PKCSObjectIdentifiers.md5.equals(digestAlgOID))
+        {
+            return "MD5";
+        }
+        else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID))
+        {
+            return "SHA1";
+        }
+        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
+        {
+            return "SHA224";
+        }
+        else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
+        {
+            return "SHA256";
+        }
+        else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID))
+        {
+            return "SHA384";
+        }
+        else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID))
+        {
+            return "SHA512";
+        }
+        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        {
+            return "RIPEMD128";
+        }
+        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        {
+            return "RIPEMD160";
+        }
+        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        {
+            return "RIPEMD256";
+        }
+        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        {
+            return "GOST3411";
+        }
+        else
+        {
+            return digestAlgOID.getId();
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/NamedJcaJceHelper.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/NamedJcaJceHelper.java
index 03f1006..280539d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/NamedJcaJceHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/NamedJcaJceHelper.java
@@ -1,4 +1,4 @@
-package org.bouncycastle.jcajce;
+package org.bouncycastle.jcajce.util;
 
 import java.security.AlgorithmParameterGenerator;
 import java.security.AlgorithmParameters;
@@ -18,6 +18,9 @@ import javax.crypto.Mac;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKeyFactory;
 
+/**
+ * {@link JcaJceHelper} that obtains all algorithms using a specific named provider.
+ */
 public class NamedJcaJceHelper
     implements JcaJceHelper
 {
@@ -96,7 +99,7 @@ public class NamedJcaJceHelper
     }
 
     public CertificateFactory createCertificateFactory(String algorithm)
-        throws NoSuchAlgorithmException, CertificateException, NoSuchProviderException
+        throws CertificateException, NoSuchProviderException
     {
         return CertificateFactory.getInstance(algorithm, providerName);
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/ProviderJcaJceHelper.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/ProviderJcaJceHelper.java
index 90a8f68..fb4b9a7 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/ProviderJcaJceHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/ProviderJcaJceHelper.java
@@ -1,4 +1,4 @@
-package org.bouncycastle.jcajce;
+package org.bouncycastle.jcajce.util;
 
 import java.security.AlgorithmParameterGenerator;
 import java.security.AlgorithmParameters;
@@ -18,6 +18,9 @@ import javax.crypto.Mac;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKeyFactory;
 
+/**
+ * {@link JcaJceHelper} that obtains all algorithms from a specific {@link Provider} instance.
+ */
 public class ProviderJcaJceHelper
     implements JcaJceHelper
 {
@@ -96,7 +99,7 @@ public class ProviderJcaJceHelper
     }
 
     public CertificateFactory createCertificateFactory(String algorithm)
-        throws NoSuchAlgorithmException, CertificateException
+        throws CertificateException
     {
         return CertificateFactory.getInstance(algorithm, provider);
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java b/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java
index 941f476..5ad207a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java
@@ -21,19 +21,35 @@ public class ECNamedCurveTable
     public static ECNamedCurveParameterSpec getParameterSpec(
         String  name)
     {
-        X9ECParameters  ecP = org.bouncycastle.asn1.x9.ECNamedCurveTable.getByName(name);
+        X9ECParameters  ecP = org.bouncycastle.crypto.ec.CustomNamedCurves.getByName(name);
         if (ecP == null)
         {
             try
             {
-                ecP = org.bouncycastle.asn1.x9.ECNamedCurveTable.getByOID(new ASN1ObjectIdentifier(name));
+                ecP = org.bouncycastle.crypto.ec.CustomNamedCurves.getByOID(new ASN1ObjectIdentifier(name));
             }
             catch (IllegalArgumentException e)
             {
                 // ignore - not an oid
             }
+
+            if (ecP == null)
+            {
+                ecP = org.bouncycastle.asn1.x9.ECNamedCurveTable.getByName(name);
+                if (ecP == null)
+                {
+                    try
+                    {
+                        ecP = org.bouncycastle.asn1.x9.ECNamedCurveTable.getByOID(new ASN1ObjectIdentifier(name));
+                    }
+                    catch (IllegalArgumentException e)
+                    {
+                        // ignore - not an oid
+                    }
+                }
+            }
         }
-        
+
         if (ecP == null)
         {
             return null;
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
index 2a611e3..13bed1a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
@@ -24,12 +24,12 @@ import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -81,13 +81,13 @@ public class PKCS10CertificationRequest
 
     static
     {
-        algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
-        algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
-        algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
-        algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
-        algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
-        algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
+        algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
+        algorithms.put("MD5WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("MD5WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("RSAWITHMD5", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
+        algorithms.put("SHA1WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("SHA1WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
         algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
         algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
         algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
@@ -101,15 +101,15 @@ public class PKCS10CertificationRequest
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+        algorithms.put("RSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
         algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
         algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
-        algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
+        algorithms.put("SHA1WITHDSA", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
+        algorithms.put("DSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
         algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
         algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
@@ -129,7 +129,7 @@ public class PKCS10CertificationRequest
         //
         // reverse mappings
         //
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
+        oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
@@ -137,9 +137,9 @@ public class PKCS10CertificationRequest
         oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
         oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
         
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-        oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
+        oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
+        oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
+        oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
@@ -306,13 +306,13 @@ public class PKCS10CertificationRequest
                 InvalidKeyException, SignatureException
     {
         String algorithmName = Strings.toUpperCase(signatureAlgorithm);
-        DERObjectIdentifier sigOID = (DERObjectIdentifier)algorithms.get(algorithmName);
+        ASN1ObjectIdentifier sigOID = (ASN1ObjectIdentifier)algorithms.get(algorithmName);
 
         if (sigOID == null)
         {
             try
             {
-                sigOID = new DERObjectIdentifier(algorithmName);
+                sigOID = new ASN1ObjectIdentifier(algorithmName);
             }
             catch (Exception e)
             {
@@ -590,7 +590,7 @@ public class PKCS10CertificationRequest
     }
 
     private static String getDigestAlgName(
-        DERObjectIdentifier digestAlgOID)
+        ASN1ObjectIdentifier digestAlgOID)
     {
         if (PKCSObjectIdentifiers.md5.equals(digestAlgOID))
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/PKCS12Util.java b/bcprov/src/main/java/org/bouncycastle/jce/PKCS12Util.java
index c780ed6..c7059b2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/PKCS12Util.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/PKCS12Util.java
@@ -10,10 +10,10 @@ import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.PBEParameterSpec;
 
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.pkcs.ContentInfo;
@@ -104,7 +104,7 @@ public class PKCS12Util
     }
 
     private static byte[] calculatePbeMac(
-        DERObjectIdentifier oid,
+        ASN1ObjectIdentifier oid,
         byte[]              salt,
         int                 itCount,
         char[]              password,
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/X509Principal.java b/bcprov/src/main/java/org/bouncycastle/jce/X509Principal.java
index ddd38e8..b1daa98 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/X509Principal.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/X509Principal.java
@@ -129,7 +129,7 @@ public class X509Principal
      * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
      * some such, converting it into an ordered set of name attributes. lookUp 
      * should provide a table of lookups, indexed by lowercase only strings and
-     * yielding a DERObjectIdentifier, other than that OID. and numeric oids
+     * yielding a ASN1ObjectIdentifier, other than that OID. and numeric oids
      * will be processed automatically.
      * <p>
      * If reverse is true, create the encoded version of the sequence starting
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/examples/PKCS12Example.java b/bcprov/src/main/java/org/bouncycastle/jce/examples/PKCS12Example.java
deleted file mode 100644
index fe613df..0000000
--- a/bcprov/src/main/java/org/bouncycastle/jce/examples/PKCS12Example.java
+++ /dev/null
@@ -1,379 +0,0 @@
-package org.bouncycastle.jce.examples;
-
-import java.io.FileOutputStream;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.Date;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.DERBMPString;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.x509.X509V1CertificateGenerator;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
-import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
-
-/**
- * Example of how to set up a certificiate chain and a PKCS 12 store for
- * a private individual - obviously you'll need to generate your own keys,
- * and you may need to add a NetscapeCertType extension or add a key
- * usage extension depending on your application, but you should get the
- * idea! As always this is just an example...
- */
-public class PKCS12Example
-{
-    static char[]   passwd = { 'h', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd' };
-    
-    static X509V1CertificateGenerator  v1CertGen = new X509V1CertificateGenerator();
-    static X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();
-
-    /**
-     * we generate the CA's certificate
-     */
-    public static Certificate createMasterCert(
-        PublicKey       pubKey,
-        PrivateKey      privKey)
-        throws Exception
-    {
-        //
-        // signers name 
-        //
-        String  issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // subjects name - the same as we are self signed.
-        //
-        String  subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // create the certificate - version 1
-        //
-
-        v1CertGen.setSerialNumber(BigInteger.valueOf(1));
-        v1CertGen.setIssuerDN(new X509Principal(issuer));
-        v1CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v1CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v1CertGen.setSubjectDN(new X509Principal(subject));
-        v1CertGen.setPublicKey(pubKey);
-        v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        X509Certificate cert = v1CertGen.generate(privKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(pubKey);
-
-        PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)cert;
-
-        //
-        // this is actually optional - but if you want to have control
-        // over setting the friendly name this is the way to do it...
-        //
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
-            new DERBMPString("Bouncy Primary Certificate"));
-
-        return cert;
-    }
-
-    /**
-     * we generate an intermediate certificate signed by our CA
-     */
-    public static Certificate createIntermediateCert(
-        PublicKey       pubKey,
-        PrivateKey      caPrivKey,
-        X509Certificate caCert)
-        throws Exception
-    {
-        //
-        // subject name table.
-        //
-        Hashtable                   attrs = new Hashtable();
-        Vector                      order = new Vector();
-
-        attrs.put(X509Principal.C, "AU");
-        attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        attrs.put(X509Principal.OU, "Bouncy Intermediate Certificate");
-        attrs.put(X509Principal.EmailAddress, "feedback-crypto@bouncycastle.org");
-
-        order.addElement(X509Principal.C);
-        order.addElement(X509Principal.O);
-        order.addElement(X509Principal.OU);
-        order.addElement(X509Principal.EmailAddress);
-
-        //
-        // create the certificate - version 3
-        //
-        v3CertGen.reset();
-
-        v3CertGen.setSerialNumber(BigInteger.valueOf(2));
-        v3CertGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert));
-        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v3CertGen.setSubjectDN(new X509Principal(order, attrs));
-        v3CertGen.setPublicKey(pubKey);
-        v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        //
-        // extensions
-        //
-        v3CertGen.addExtension(
-            X509Extensions.SubjectKeyIdentifier,
-            false,
-            new SubjectKeyIdentifierStructure(pubKey));
-
-        v3CertGen.addExtension(
-            X509Extensions.AuthorityKeyIdentifier,
-            false,
-            new AuthorityKeyIdentifierStructure(caCert));
-
-        v3CertGen.addExtension(
-            X509Extensions.BasicConstraints,
-            true,
-            new BasicConstraints(0));
-
-        X509Certificate cert = v3CertGen.generate(caPrivKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(caCert.getPublicKey());
-
-        PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)cert;
-
-        //
-        // this is actually optional - but if you want to have control
-        // over setting the friendly name this is the way to do it...
-        //
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
-            new DERBMPString("Bouncy Intermediate Certificate"));
-
-        return cert;
-    }
-
-    /**
-     * we generate a certificate signed by our CA's intermediate certficate
-     */
-    public static Certificate createCert(
-        PublicKey       pubKey,
-        PrivateKey      caPrivKey,
-        PublicKey       caPubKey)
-        throws Exception
-    {
-        //
-        // signers name table.
-        //
-        Hashtable                   sAttrs = new Hashtable();
-        Vector                      sOrder = new Vector();
-
-        sAttrs.put(X509Principal.C, "AU");
-        sAttrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        sAttrs.put(X509Principal.OU, "Bouncy Intermediate Certificate");
-        sAttrs.put(X509Principal.EmailAddress, "feedback-crypto@bouncycastle.org");
-
-        sOrder.addElement(X509Principal.C);
-        sOrder.addElement(X509Principal.O);
-        sOrder.addElement(X509Principal.OU);
-        sOrder.addElement(X509Principal.EmailAddress);
-
-        //
-        // subjects name table.
-        //
-        Hashtable                   attrs = new Hashtable();
-        Vector                      order = new Vector();
-
-        attrs.put(X509Principal.C, "AU");
-        attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        attrs.put(X509Principal.L, "Melbourne");
-        attrs.put(X509Principal.CN, "Eric H. Echidna");
-        attrs.put(X509Principal.EmailAddress, "feedback-crypto@bouncycastle.org");
-
-        order.addElement(X509Principal.C);
-        order.addElement(X509Principal.O);
-        order.addElement(X509Principal.L);
-        order.addElement(X509Principal.CN);
-        order.addElement(X509Principal.EmailAddress);
-
-        //
-        // create the certificate - version 3
-        //
-        v3CertGen.reset();
-
-        v3CertGen.setSerialNumber(BigInteger.valueOf(3));
-        v3CertGen.setIssuerDN(new X509Principal(sOrder, sAttrs));
-        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v3CertGen.setSubjectDN(new X509Principal(order, attrs));
-        v3CertGen.setPublicKey(pubKey);
-        v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        //
-        // add the extensions
-        //
-        v3CertGen.addExtension(
-            X509Extensions.SubjectKeyIdentifier,
-            false,
-            new SubjectKeyIdentifierStructure(pubKey));
-
-        v3CertGen.addExtension(
-            X509Extensions.AuthorityKeyIdentifier,
-            false,
-            new AuthorityKeyIdentifierStructure(caPubKey));
-
-        X509Certificate cert = v3CertGen.generate(caPrivKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(caPubKey);
-
-        PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)cert;
-
-        //
-        // this is also optional - in the sense that if you leave this
-        // out the keystore will add it automatically, note though that
-        // for the browser to recognise the associated private key this
-        // you should at least use the pkcs_9_localKeyId OID and set it
-        // to the same as you do for the private key's localKeyId.
-        //
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
-            new DERBMPString("Eric's Key"));
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
-            new SubjectKeyIdentifierStructure(pubKey));
-
-        return cert;
-    }
-
-    public static void main(
-        String[]    args)
-        throws Exception
-    {
-        Security.addProvider(new BouncyCastleProvider());
-
-        //
-        // personal keys
-        //
-        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16),
-            new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
-            new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
-            new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
-            new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
-            new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
-            new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
-        //
-        // intermediate keys.
-        //
-        RSAPublicKeySpec intPubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16),
-            new BigInteger("ffff", 16));
-
-
-        RSAPrivateCrtKeySpec intPrivKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16),
-            new BigInteger("ffff", 16),
-            new BigInteger("7deb1b194a85bcfd29cf871411468adbc987650903e3bacc8338c449ca7b32efd39ffc33bc84412fcd7df18d23ce9d7c25ea910b1ae9985373e0273b4dca7f2e0db3b7314056ac67fd277f8f89cf2fd73c34c6ca69f9ba477143d2b0e2445548aa0b4a8473095182631da46844c356f5e5c7522eb54b5a33f11d730ead9c0cff", 16),
-            new BigInteger("ef4cede573cea47f83699b814de4302edb60eefe426c52e17bd7870ec7c6b7a24fe55282ebb73775f369157726fcfb988def2b40350bdca9e5b418340288f649", 16),
-            new BigInteger("97c7737d1b9a0088c3c7b528539247fd2a1593e7e01cef18848755be82f4a45aa093276cb0cbf118cb41117540a78f3fc471ba5d69f0042274defc9161265721", 16),
-            new BigInteger("6c641094e24d172728b8da3c2777e69adfd0839085be7e38c7c4a2dd00b1ae969f2ec9d23e7e37090fcd449a40af0ed463fe1c612d6810d6b4f58b7bfa31eb5f", 16),
-            new BigInteger("70b7123e8e69dfa76feb1236d0a686144b00e9232ed52b73847e74ef3af71fb45ccb24261f40d27f98101e230cf27b977a5d5f1f15f6cf48d5cb1da2a3a3b87f", 16),
-            new BigInteger("e38f5750d97e270996a286df2e653fd26c242106436f5bab0f4c7a9e654ce02665d5a281f2c412456f2d1fa26586ef04a9adac9004ca7f913162cb28e13bf40d", 16));
-
-        //
-        // ca keys
-        //
-        RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec   caPrivKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
-            new BigInteger("11", 16),
-            new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16),
-            new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16),
-            new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16),
-            new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16),
-            new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16),
-            new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16));
-
-
-
-        //
-        // set up the keys
-        //
-        KeyFactory          fact = KeyFactory.getInstance("RSA", "BC");
-        PrivateKey          caPrivKey = fact.generatePrivate(caPrivKeySpec);
-        PublicKey           caPubKey = fact.generatePublic(caPubKeySpec);
-        PrivateKey          intPrivKey = fact.generatePrivate(intPrivKeySpec);
-        PublicKey           intPubKey = fact.generatePublic(intPubKeySpec);
-        PrivateKey          privKey = fact.generatePrivate(privKeySpec);
-        PublicKey           pubKey = fact.generatePublic(pubKeySpec);
-
-        Certificate[] chain = new Certificate[3];
-
-        chain[2] = createMasterCert(caPubKey, caPrivKey);
-        chain[1] = createIntermediateCert(intPubKey, caPrivKey, (X509Certificate)chain[2]);
-        chain[0] = createCert(pubKey, intPrivKey, intPubKey);
-
-        //
-        // add the friendly name for the private key
-        //
-        PKCS12BagAttributeCarrier   bagAttr = (PKCS12BagAttributeCarrier)privKey;
-
-        //
-        // this is also optional - in the sense that if you leave this
-        // out the keystore will add it automatically, note though that
-        // for the browser to recognise which certificate the private key
-        // is associated with you should at least use the pkcs_9_localKeyId
-        // OID and set it to the same as you do for the private key's
-        // corresponding certificate.
-        //
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
-            new DERBMPString("Eric's Key"));
-        bagAttr.setBagAttribute(
-            PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
-            new SubjectKeyIdentifierStructure(pubKey));
-
-        //
-        // store the key and the certificate chain
-        //
-        KeyStore store = KeyStore.getInstance("PKCS12", "BC");
-
-        store.load(null, null);
-
-        //
-        // if you haven't set the friendly name and local key id above
-        // the name below will be the name of the key
-        //
-        store.setKeyEntry("Eric's Key", privKey, null, chain);
-
-        FileOutputStream fOut = new FileOutputStream("id.p12");
-
-        store.store(fOut, passwd);
-        
-        fOut.close();
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/examples/package.html b/bcprov/src/main/java/org/bouncycastle/jce/examples/package.html
new file mode 100644
index 0000000..96b3193
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jce/examples/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Example classes for use with the JCE.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/interfaces/package.html b/bcprov/src/main/java/org/bouncycastle/jce/interfaces/package.html
new file mode 100644
index 0000000..bacde6c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jce/interfaces/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Interfaces for supporting Elliptic Curve Keys, El Gamal, and PKCS12 attributes.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/package.html b/bcprov/src/main/java/org/bouncycastle/jce/package.html
new file mode 100644
index 0000000..52ef3bf
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jce/package.html
@@ -0,0 +1,10 @@
+<html>
+<body bgcolor="#ffffff">
+Utility classes for use with the JCE.
+<p>
+The classes in this package support the generation of certificates and PKCS10 signing requests.
+<p>
+Note: the PKCS7 class is deprecated, for a fuller version of CMS see the cms package distributed
+with the BC mail API.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java
index c9ac46e..e8a8abe 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java
@@ -8,14 +8,14 @@ public class AnnotatedException
 {
     private Throwable _underlyingException;
 
-    AnnotatedException(String string, Throwable e)
+    public AnnotatedException(String string, Throwable e)
     {
         super(string);
 
         _underlyingException = e;
     }
 
-    AnnotatedException(String string)
+    public AnnotatedException(String string)
     {
         this(string, null);
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index dc7db18..a02ca15 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -44,7 +44,7 @@ import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
 public final class BouncyCastleProvider extends Provider
     implements ConfigurableProvider
 {
-    private static String info = "BouncyCastle Security Provider v1.50";
+    private static String info = "BouncyCastle Security Provider v1.52";
 
     public static final String PROVIDER_NAME = "BC";
 
@@ -117,7 +117,7 @@ public final class BouncyCastleProvider extends Provider
      */
     public BouncyCastleProvider()
     {
-        super(PROVIDER_NAME, 1.50, info);
+        super(PROVIDER_NAME, 1.52, info);
 
         AccessController.doPrivileged(new PrivilegedAction()
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
index 9200fda..1807aa8 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
@@ -13,7 +13,6 @@ import java.security.cert.CertStore;
 import java.security.cert.CertStoreException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateParsingException;
-import java.security.cert.PKIXParameters;
 import java.security.cert.PolicyQualifierInfo;
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509CRL;
@@ -27,30 +26,33 @@ import java.security.spec.DSAPublicKeySpec;
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.Iterator;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import javax.security.auth.x500.X500Principal;
-
 import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Enumerated;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1OutputStream;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREnumerated;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.style.RFC4519Style;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
 import org.bouncycastle.asn1.x509.CRLDistPoint;
 import org.bouncycastle.asn1.x509.CRLReason;
 import org.bouncycastle.asn1.x509.DistributionPoint;
@@ -60,21 +62,20 @@ import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.GeneralNames;
 import org.bouncycastle.asn1.x509.PolicyInformation;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
+import org.bouncycastle.jcajce.PKIXCRLStore;
+import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
+import org.bouncycastle.jcajce.PKIXCertStore;
+import org.bouncycastle.jcajce.PKIXCertStoreSelector;
+import org.bouncycastle.jcajce.PKIXExtendedParameters;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
-import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Selector;
+import org.bouncycastle.util.Store;
 import org.bouncycastle.util.StoreException;
-import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
 import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509CRLStoreSelector;
-import org.bouncycastle.x509.X509CertStoreSelector;
-import org.bouncycastle.x509.X509Store;
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
 
-public class CertPathValidatorUtilities
+class CertPathValidatorUtilities
 {
     protected static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil();
 
@@ -160,7 +161,7 @@ public class CertPathValidatorUtilities
         Exception invalidKeyEx = null;
 
         X509CertSelector certSelectX509 = new X509CertSelector();
-        X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
+        X500Name certIssuer = PrincipalUtils.getEncodedIssuerPrincipal(cert);
 
         try
         {
@@ -191,7 +192,7 @@ public class CertPathValidatorUtilities
             {
                 try
                 {
-                    X500Principal caName = new X500Principal(trust.getCAName());
+                    X500Name caName = PrincipalUtils.getCA(trust);
                     if (certIssuer.equals(caName))
                     {
                         trustPublicKey = trust.getCAPublicKey();
@@ -234,50 +235,41 @@ public class CertPathValidatorUtilities
         return trust;
     }
 
-    protected static void addAdditionalStoresFromAltNames(
-        X509Certificate cert,
-        ExtendedPKIXParameters pkixParams)
+    static List<PKIXCertStore> getAdditionalStoresFromAltNames(
+        byte[] issuerAlternativeName,
+        Map<GeneralName, PKIXCertStore> altNameCertStoreMap)
         throws CertificateParsingException
     {
         // if in the IssuerAltName extension an URI
-        // is given, add an additinal X.509 store
-        if (cert.getIssuerAlternativeNames() != null)
+        // is given, add an additional X.509 store
+        if (issuerAlternativeName != null)
         {
-            Iterator it = cert.getIssuerAlternativeNames().iterator();
-            while (it.hasNext())
+            GeneralNames issuerAltName = GeneralNames.getInstance(ASN1OctetString.getInstance(issuerAlternativeName).getOctets());
+
+            GeneralName[] names = issuerAltName.getNames();
+            List<PKIXCertStore>  stores = new ArrayList<PKIXCertStore>();
+
+            for (int i = 0; i != names.length; i++)
             {
-                // look for URI
-                List list = (List)it.next();
-                if (list.get(0).equals(Integers.valueOf(GeneralName.uniformResourceIdentifier)))
+                GeneralName altName = names[i];
+
+                PKIXCertStore altStore = altNameCertStoreMap.get(altName);
+
+                if (altStore != null)
                 {
-                    // found
-                    String temp = (String)list.get(1);
-                    CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams);
+                    stores.add(altStore);
                 }
             }
-        }
-    }
 
-    /**
-     * Returns the issuer of an attribute certificate or certificate.
-     *
-     * @param cert The attribute certificate or certificate.
-     * @return The issuer as <code>X500Principal</code>.
-     */
-    protected static X500Principal getEncodedIssuerPrincipal(
-        Object cert)
-    {
-        if (cert instanceof X509Certificate)
-        {
-            return ((X509Certificate)cert).getIssuerX500Principal();
+            return stores;
         }
         else
         {
-            return (X500Principal)((X509AttributeCertificate)cert).getIssuer().getPrincipals()[0];
+            return Collections.EMPTY_LIST;
         }
     }
 
-    protected static Date getValidDate(PKIXParameters paramsPKIX)
+    protected static Date getValidDate(PKIXExtendedParameters paramsPKIX)
     {
         Date validDate = paramsPKIX.getDate();
 
@@ -289,11 +281,6 @@ public class CertPathValidatorUtilities
         return validDate;
     }
 
-    protected static X500Principal getSubjectPrincipal(X509Certificate cert)
-    {
-        return cert.getSubjectX500Principal();
-    }
-
     protected static boolean isSelfIssued(X509Certificate cert)
     {
         return cert.getSubjectDN().equals(cert.getIssuerDN());
@@ -340,11 +327,6 @@ public class CertPathValidatorUtilities
         }
     }
 
-    protected static X500Principal getIssuerPrincipal(X509CRL crl)
-    {
-        return crl.getIssuerX500Principal();
-    }
-
     protected static AlgorithmIdentifier getAlgorithmIdentifier(
         PublicKey key)
         throws CertPathValidatorException
@@ -355,7 +337,7 @@ public class CertPathValidatorUtilities
 
             SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
 
-            return info.getAlgorithmId();
+            return info.getAlgorithm();
         }
         catch (Exception e)
         {
@@ -455,7 +437,7 @@ public class CertPathValidatorUtilities
     protected static boolean processCertD1i(
         int index,
         List[] policyNodes,
-        DERObjectIdentifier pOid,
+        ASN1ObjectIdentifier pOid,
         Set pq)
     {
         List policyNodeVec = policyNodes[index - 1];
@@ -490,7 +472,7 @@ public class CertPathValidatorUtilities
     protected static void processCertD1ii(
         int index,
         List[] policyNodes,
-        DERObjectIdentifier _poid,
+        ASN1ObjectIdentifier _poid,
         Set _pq)
     {
         List policyNodeVec = policyNodes[index - 1];
@@ -649,80 +631,31 @@ public class CertPathValidatorUtilities
         return policySet == null || policySet.contains(ANY_POLICY) || policySet.isEmpty();
     }
 
-    protected static void addAdditionalStoreFromLocation(String location,
-                                                         ExtendedPKIXParameters pkixParams)
-    {
-        if (pkixParams.isAdditionalLocationsEnabled())
-        {
-            try
-            {
-                if (location.startsWith("ldap://"))
-                {
-                    // ldap://directory.d-trust.net/CN=D-TRUST
-                    // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE
-                    // skip "ldap://"
-                    location = location.substring(7);
-                    // after first / baseDN starts
-                    String base = null;
-                    String url = null;
-                    if (location.indexOf("/") != -1)
-                    {
-                        base = location.substring(location.indexOf("/"));
-                        // URL
-                        url = "ldap://"
-                            + location.substring(0, location.indexOf("/"));
-                    }
-                    else
-                    {
-                        url = "ldap://" + location;
-                    }
-                    // use all purpose parameters
-                    X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
-                        url, base).build();
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                }
-            }
-            catch (Exception e)
-            {
-                // cannot happen
-                throw new RuntimeException("Exception adding X.509 stores.");
-            }
-        }
-    }
-
     /**
      * Return a Collection of all certificates or attribute certificates found
      * in the X509Store's that are matching the certSelect criteriums.
      *
      * @param certSelect a {@link Selector} object that will be used to select
      *                   the certificates
-     * @param certStores a List containing only {@link X509Store} objects. These
+     * @param certStores a List containing only {@link Store} objects. These
      *                   are used to search for certificates.
-     * @return a Collection of all found {@link X509Certificate} or
-     *         {@link org.bouncycastle.x509.X509AttributeCertificate} objects.
+     * @return a Collection of all found {@link X509Certificate}
      *         May be empty but never <code>null</code>.
      */
-    protected static Collection findCertificates(X509CertStoreSelector certSelect,
+    protected static Collection findCertificates(PKIXCertStoreSelector certSelect,
                                                  List certStores)
         throws AnnotatedException
     {
-        Set certs = new HashSet();
+        Set certs = new LinkedHashSet();
         Iterator iter = certStores.iterator();
 
         while (iter.hasNext())
         {
             Object obj = iter.next();
 
-            if (obj instanceof X509Store)
+            if (obj instanceof Store)
             {
-                X509Store certStore = (X509Store)obj;
+                Store certStore = (Store)obj;
                 try
                 {
                     certs.addAll(certStore.getMatches(certSelect));
@@ -739,7 +672,7 @@ public class CertPathValidatorUtilities
 
                 try
                 {
-                    certs.addAll(certStore.getCertificates(certSelect));
+                    certs.addAll(PKIXCertStoreSelector.getCertificates(certSelect, certStore));
                 }
                 catch (CertStoreException e)
                 {
@@ -752,36 +685,7 @@ public class CertPathValidatorUtilities
         return certs;
     }
 
-    protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
-                                                 List certStores)
-        throws AnnotatedException
-    {
-        Set certs = new HashSet();
-        Iterator iter = certStores.iterator();
-
-        while (iter.hasNext())
-        {
-            Object obj = iter.next();
-
-            if (obj instanceof X509Store)
-            {
-                X509Store certStore = (X509Store)obj;
-                try
-                {
-                    certs.addAll(certStore.getMatches(certSelect));
-                }
-                catch (StoreException e)
-                {
-                    throw new AnnotatedException(
-                            "Problem while picking certificates from X.509 store.", e);
-                }
-            }
-        }
-        return certs;
-    }
-
-    protected static void addAdditionalStoresFromCRLDistributionPoint(
-        CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
+    static List<PKIXCRLStore> getAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, Map<GeneralName, PKIXCRLStore> namedCRLStoreMap)
         throws AnnotatedException
     {
         if (crldp != null)
@@ -796,6 +700,8 @@ public class CertPathValidatorUtilities
                 throw new AnnotatedException(
                     "Distribution points could not be read.", e);
             }
+            List<PKIXCRLStore> stores = new ArrayList<PKIXCRLStore>();
+
             for (int i = 0; i < dps.length; i++)
             {
                 DistributionPointName dpn = dps[i].getDistributionPoint();
@@ -806,21 +712,24 @@ public class CertPathValidatorUtilities
                     {
                         GeneralName[] genNames = GeneralNames.getInstance(
                             dpn.getName()).getNames();
-                        // look for an URI
+
                         for (int j = 0; j < genNames.length; j++)
                         {
-                            if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier)
+                            PKIXCRLStore store = namedCRLStoreMap.get(genNames[i]);
+                            if (store != null)
                             {
-                                String location = DERIA5String.getInstance(
-                                    genNames[j].getName()).getString();
-                                CertPathValidatorUtilities
-                                    .addAdditionalStoreFromLocation(location,
-                                        pkixParams);
+                                stores.add(store);
                             }
                         }
                     }
                 }
             }
+
+            return stores;
+        }
+        else
+        {
+            return Collections.EMPTY_LIST;
         }
     }
 
@@ -828,26 +737,22 @@ public class CertPathValidatorUtilities
      * Add the CRL issuers from the cRLIssuer field of the distribution point or
      * from the certificate if not given to the issuer criterion of the
      * <code>selector</code>.
-     * <p/>
+     * <p>
      * The <code>issuerPrincipals</code> are a collection with a single
-     * <code>X500Principal</code> for <code>X509Certificate</code>s. For
-     * {@link X509AttributeCertificate}s the issuer may contain more than one
-     * <code>X500Principal</code>.
-     *
+     * <code>X500Name</code> for <code>X509Certificate</code>s.
+     * </p>
      * @param dp               The distribution point.
      * @param issuerPrincipals The issuers of the certificate or attribute
      *                         certificate which contains the distribution point.
      * @param selector         The CRL selector.
-     * @param pkixParams       The PKIX parameters containing the cert stores.
      * @throws AnnotatedException if an exception occurs while processing.
      * @throws ClassCastException if <code>issuerPrincipals</code> does not
-     * contain only <code>X500Principal</code>s.
+     * contain only <code>X500Name</code>s.
      */
     protected static void getCRLIssuersFromDistributionPoint(
         DistributionPoint dp,
         Collection issuerPrincipals,
-        X509CRLSelector selector,
-        ExtendedPKIXParameters pkixParams)
+        X509CRLSelector selector)
         throws AnnotatedException
     {
         List issuers = new ArrayList();
@@ -862,7 +767,7 @@ public class CertPathValidatorUtilities
                 {
                     try
                     {
-                        issuers.add(new X500Principal(genNames[j].getName()
+                        issuers.add(X500Name.getInstance(genNames[j].getName()
                             .toASN1Primitive().getEncoded()));
                     }
                     catch (IOException e)
@@ -888,7 +793,7 @@ public class CertPathValidatorUtilities
             // add and check issuer principals
             for (Iterator it = issuerPrincipals.iterator(); it.hasNext(); )
             {
-                issuers.add((X500Principal)it.next());
+                issuers.add(it.next());
             }
         }
         // TODO: is not found although this should correctly add the rel name. selector of Sun is buggy here or PKI test case is invalid
@@ -940,7 +845,7 @@ public class CertPathValidatorUtilities
         {
             try
             {
-                selector.addIssuerName(((X500Principal)it.next()).getEncoded());
+                selector.addIssuerName(((X500Name)it.next()).getEncoded());
             }
             catch (IOException ex)
             {
@@ -953,14 +858,7 @@ public class CertPathValidatorUtilities
     private static BigInteger getSerialNumber(
         Object cert)
     {
-        if (cert instanceof X509Certificate)
-        {
-            return ((X509Certificate)cert).getSerialNumber();
-        }
-        else
-        {
-            return ((X509AttributeCertificate)cert).getSerialNumber();
-        }
+        return ((X509Certificate)cert).getSerialNumber();
     }
 
     protected static void getCertStatus(
@@ -991,19 +889,19 @@ public class CertPathValidatorUtilities
                 return;
             }
 
-            X500Principal certIssuer = crl_entry.getCertificateIssuer();
+            X500Name certIssuer = X500Name.getInstance(crl_entry.getCertificateIssuer().getEncoded());
 
             if (certIssuer == null)
             {
-                certIssuer = getIssuerPrincipal(crl);
+                certIssuer = PrincipalUtils.getIssuerPrincipal(crl);
             }
 
-            if (!getEncodedIssuerPrincipal(cert).equals(certIssuer))
+            if (! PrincipalUtils.getEncodedIssuerPrincipal(cert).equals(certIssuer))
             {
                 return;
             }
         }
-        else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl)))
+        else if (! PrincipalUtils.getEncodedIssuerPrincipal(cert).equals(PrincipalUtils.getIssuerPrincipal(crl)))
         {
             return;  // not for our issuer, ignore
         }
@@ -1017,15 +915,15 @@ public class CertPathValidatorUtilities
             }
         }
 
-        DEREnumerated reasonCode = null;
+        ASN1Enumerated reasonCode = null;
         if (crl_entry.hasExtensions())
         {
             try
             {
-                reasonCode = DEREnumerated
+                reasonCode = ASN1Enumerated
                     .getInstance(CertPathValidatorUtilities
                         .getExtensionValue(crl_entry,
-                            X509Extension.reasonCode.getId()));
+                            Extension.reasonCode.getId()));
             }
             catch (Exception e)
             {
@@ -1062,31 +960,29 @@ public class CertPathValidatorUtilities
     /**
      * Fetches delta CRLs according to RFC 3280 section 5.2.4.
      *
-     * @param currentDate The date for which the delta CRLs must be valid.
-     * @param paramsPKIX  The extended PKIX parameters.
+     * @param validityDate The date for which the delta CRLs must be valid.
      * @param completeCRL The complete CRL the delta CRL is for.
      * @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs.
      * @throws AnnotatedException if an exception occurs while picking the delta
      * CRLs.
      */
-    protected static Set getDeltaCRLs(Date currentDate,
-                                      ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL)
+    protected static Set getDeltaCRLs(Date validityDate,
+                                      X509CRL completeCRL, List<CertStore> certStores, List<PKIXCRLStore> pkixCrlStores)
         throws AnnotatedException
     {
-
-        X509CRLStoreSelector deltaSelect = new X509CRLStoreSelector();
-
+        X509CRLSelector baseDeltaSelect = new X509CRLSelector();
         // 5.2.4 (a)
         try
         {
-            deltaSelect.addIssuerName(CertPathValidatorUtilities
-                .getIssuerPrincipal(completeCRL).getEncoded());
+            baseDeltaSelect.addIssuerName(PrincipalUtils.getIssuerPrincipal(completeCRL).getEncoded());
         }
         catch (IOException e)
         {
             throw new AnnotatedException("Cannot extract issuer from CRL.", e);
         }
 
+
+
         BigInteger completeCRLNumber = null;
         try
         {
@@ -1118,17 +1014,21 @@ public class CertPathValidatorUtilities
 
         // 5.2.4 (d)
 
-        deltaSelect.setMinCRLNumber(completeCRLNumber == null ? null : completeCRLNumber
+        baseDeltaSelect.setMinCRLNumber(completeCRLNumber == null ? null : completeCRLNumber
             .add(BigInteger.valueOf(1)));
 
-        deltaSelect.setIssuingDistributionPoint(idp);
-        deltaSelect.setIssuingDistributionPointEnabled(true);
+        PKIXCRLStoreSelector.Builder selBuilder = new PKIXCRLStoreSelector.Builder(baseDeltaSelect);
+
+        selBuilder.setIssuingDistributionPoint(idp);
+        selBuilder.setIssuingDistributionPointEnabled(true);
 
         // 5.2.4 (c)
-        deltaSelect.setMaxBaseCRLNumber(completeCRLNumber);
+        selBuilder.setMaxBaseCRLNumber(completeCRLNumber);
+
+        PKIXCRLStoreSelector deltaSelect = selBuilder.build();
 
         // find delta CRLs
-        Set temp = CRL_UTIL.findCRLs(deltaSelect, paramsPKIX, currentDate);
+        Set temp = CRL_UTIL.findCRLs(deltaSelect, validityDate, certStores, pkixCrlStores);
 
         Set result = new HashSet();
 
@@ -1161,8 +1061,7 @@ public class CertPathValidatorUtilities
      * Fetches complete CRLs according to RFC 3280.
      *
      * @param dp          The distribution point for which the complete CRL
-     * @param cert        The <code>X509Certificate</code> or
-     *                    {@link org.bouncycastle.x509.X509AttributeCertificate} for
+     * @param cert        The <code>X509Certificate</code> for
      *                    which the CRL should be searched.
      * @param currentDate The date for which the delta CRLs must be valid.
      * @param paramsPKIX  The extended PKIX parameters.
@@ -1172,66 +1071,51 @@ public class CertPathValidatorUtilities
      * or no CRLs are found.
      */
     protected static Set getCompleteCRLs(DistributionPoint dp, Object cert,
-                                         Date currentDate, ExtendedPKIXParameters paramsPKIX)
+                                         Date currentDate, PKIXExtendedParameters paramsPKIX)
         throws AnnotatedException
     {
-        X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
+        X509CRLSelector baseCrlSelect = new X509CRLSelector();
+
         try
         {
             Set issuers = new HashSet();
-            if (cert instanceof X509AttributeCertificate)
-            {
-                issuers.add(((X509AttributeCertificate)cert)
-                    .getIssuer().getPrincipals()[0]);
-            }
-            else
-            {
-                issuers.add(getEncodedIssuerPrincipal(cert));
-            }
-            CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
+
+            issuers.add(PrincipalUtils.getEncodedIssuerPrincipal(cert));
+
+            CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, baseCrlSelect);
         }
         catch (AnnotatedException e)
         {
             throw new AnnotatedException(
                 "Could not get issuer information from distribution point.", e);
         }
+
         if (cert instanceof X509Certificate)
         {
-            crlselect.setCertificateChecking((X509Certificate)cert);
-        }
-        else if (cert instanceof X509AttributeCertificate)
-        {
-            crlselect.setAttrCertificateChecking((X509AttributeCertificate)cert);
+            baseCrlSelect.setCertificateChecking((X509Certificate)cert);
         }
 
+        PKIXCRLStoreSelector crlSelect = new PKIXCRLStoreSelector.Builder(baseCrlSelect).setCompleteCRLEnabled(true).build();
 
-        crlselect.setCompleteCRLEnabled(true);
+        Date validityDate = currentDate;
 
-        Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
-
-        if (crls.isEmpty())
+        if (paramsPKIX.getDate() != null)
         {
-            if (cert instanceof X509AttributeCertificate)
-            {
-                X509AttributeCertificate aCert = (X509AttributeCertificate)cert;
+            validityDate = paramsPKIX.getDate();
+        }
 
-                throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
-            }
-            else
-            {
-                X509Certificate xCert = (X509Certificate)cert;
+        Set crls = CRL_UTIL.findCRLs(crlSelect, validityDate, paramsPKIX.getCertStores(), paramsPKIX.getCRLStores());
+
+        checkCRLsNotEmpty(crls, cert);
 
-                throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\"");
-            }
-        }
         return crls;
     }
 
     protected static Date getValidCertDateFromValidityModel(
-        ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index)
+        PKIXExtendedParameters paramsPKIX, CertPath certPath, int index)
         throws AnnotatedException
     {
-        if (paramsPKIX.getValidityModel() == ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL)
+        if (paramsPKIX.getValidityModel() == PKIXExtendedParameters.CHAIN_VALIDITY_MODEL)
         {
             // if end cert use given signing/encryption/... time
             if (index <= 0)
@@ -1243,13 +1127,13 @@ public class CertPathValidatorUtilities
             {
                 if (index - 1 == 0)
                 {
-                    DERGeneralizedTime dateOfCertgen = null;
+                    ASN1GeneralizedTime dateOfCertgen = null;
                     try
                     {
                         byte[] extBytes = ((X509Certificate)certPath.getCertificates().get(index - 1)).getExtensionValue(ISISMTTObjectIdentifiers.id_isismtt_at_dateOfCertGen.getId());
                         if (extBytes != null)
                         {
-                            dateOfCertgen = DERGeneralizedTime.getInstance(ASN1Primitive.fromByteArray(extBytes));
+                            dateOfCertgen = ASN1GeneralizedTime.getInstance(ASN1Primitive.fromByteArray(extBytes));
                         }
                     }
                     catch (IOException e)
@@ -1312,7 +1196,7 @@ public class CertPathValidatorUtilities
      *         <code>index</code> extended with DSA parameters if applicable.
      * @throws AnnotatedException if DSA parameters cannot be inherited.
      */
-    protected static PublicKey getNextWorkingKey(List certs, int index)
+    protected static PublicKey getNextWorkingKey(List certs, int index, JcaJceHelper helper)
         throws CertPathValidatorException
     {
         Certificate cert = (Certificate)certs.get(index);
@@ -1345,7 +1229,7 @@ public class CertPathValidatorUtilities
                 dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
             try
             {
-                KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
+                KeyFactory keyFactory = helper.createKeyFactory("DSA");
                 return keyFactory.generatePublic(dsaPubKeySpec);
             }
             catch (Exception exception)
@@ -1360,27 +1244,48 @@ public class CertPathValidatorUtilities
      * Find the issuer certificates of a given certificate.
      *
      * @param cert       The certificate for which an issuer should be found.
-     * @param pkixParams
      * @return A <code>Collection</code> object containing the issuer
      *         <code>X509Certificate</code>s. Never <code>null</code>.
      * @throws AnnotatedException if an error occurs.
      */
-    protected static Collection findIssuerCerts(
+    static Collection findIssuerCerts(
         X509Certificate cert,
-        ExtendedPKIXBuilderParameters pkixParams)
+        List<CertStore> certStores,
+        List<PKIXCertStore> pkixCertStores)
         throws AnnotatedException
     {
-        X509CertStoreSelector certSelect = new X509CertStoreSelector();
-        Set certs = new HashSet();
+        X509CertSelector selector = new X509CertSelector();
+
         try
         {
-            certSelect.setSubject(cert.getIssuerX500Principal().getEncoded());
+            selector.setSubject(PrincipalUtils.getIssuerPrincipal(cert).getEncoded());
         }
-        catch (IOException ex)
+        catch (IOException e)
         {
             throw new AnnotatedException(
-                "Subject criteria for certificate selector to find issuer certificate could not be set.", ex);
+                           "Subject criteria for certificate selector to find issuer certificate could not be set.", e);
+        }
+
+        try
+        {
+            byte[] akiExtensionValue = cert.getExtensionValue(AUTHORITY_KEY_IDENTIFIER);
+            if (akiExtensionValue != null)
+            {
+                ASN1OctetString aki = ASN1OctetString.getInstance(akiExtensionValue);
+                byte[] authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(aki.getOctets()).getKeyIdentifier();
+                if (authorityKeyIdentifier != null)
+                {
+                    selector.setSubjectKeyIdentifier(new DEROctetString(authorityKeyIdentifier).getEncoded());
+                }
+            }
         }
+        catch (Exception e)
+        {
+            // authority key identifier could not be retrieved from target cert, just search without it
+        }
+
+        PKIXCertStoreSelector certSelect = new PKIXCertStoreSelector.Builder(selector).build();
+        Set certs = new LinkedHashSet();
 
         Iterator iter;
 
@@ -1388,9 +1293,8 @@ public class CertPathValidatorUtilities
         {
             List matches = new ArrayList();
 
-            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getCertStores()));
-            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getStores()));
-            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getAdditionalStores()));
+            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, certStores));
+            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixCertStores));
 
             iter = matches.iterator();
         }
@@ -1423,4 +1327,24 @@ public class CertPathValidatorUtilities
             cert.verify(publicKey, sigProvider);
         }
     }
+
+    static void checkCRLsNotEmpty(Set crls, Object cert)
+        throws AnnotatedException
+    {
+        if (crls.isEmpty())
+        {
+            if (cert instanceof X509AttributeCertificate)
+            {
+                X509AttributeCertificate aCert = (X509AttributeCertificate)cert;
+
+                throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
+            }
+            else
+            {
+                X509Certificate xCert = (X509Certificate)cert;
+
+                throw new AnnotatedException("No CRLs found for issuer \"" + RFC4519Style.INSTANCE.toString(PrincipalUtils.getIssuerPrincipal(xCert)) + "\"");
+            }
+        }
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
index b38f60b..a30b2df 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
@@ -12,10 +12,9 @@ import javax.crypto.spec.DHPrivateKeySpec;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -61,8 +60,8 @@ public class JCEDHPrivateKey
         throws IOException
     {
         ASN1Sequence    seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters());
-        DERInteger      derX = DERInteger.getInstance(info.parsePrivateKey());
-        DERObjectIdentifier id = info.getAlgorithmId().getAlgorithm();
+        ASN1Integer      derX = ASN1Integer.getInstance(info.parsePrivateKey());
+        ASN1ObjectIdentifier id = info.getAlgorithmId().getAlgorithm();
 
         this.info = info;
         this.x = derX.getValue();
@@ -129,7 +128,7 @@ public class JCEDHPrivateKey
                 return info.getEncoded(ASN1Encoding.DER);
             }
 
-            PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL())), new DERInteger(getX()));
+            PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL())), new ASN1Integer(getX()));
 
             return info.getEncoded(ASN1Encoding.DER);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
index 6ff1e08..3e6a09a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
@@ -9,9 +9,9 @@ import javax.crypto.interfaces.DHPublicKey;
 import javax.crypto.spec.DHParameterSpec;
 import javax.crypto.spec.DHPublicKeySpec;
 
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -64,10 +64,10 @@ public class JCEDHPublicKey
     {
         this.info = info;
 
-        DERInteger              derY;
+        ASN1Integer              derY;
         try
         {
-            derY = (DERInteger)info.parsePublicKey();
+            derY = (ASN1Integer)info.parsePublicKey();
         }
         catch (IOException e)
         {
@@ -77,7 +77,7 @@ public class JCEDHPublicKey
         this.y = derY.getValue();
 
         ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters());
-        DERObjectIdentifier id = info.getAlgorithmId().getAlgorithm();
+        ASN1ObjectIdentifier id = info.getAlgorithmId().getAlgorithm();
 
         // we need the PKCS check to handle older keys marked with the X9 oid.
         if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq))
@@ -122,7 +122,7 @@ public class JCEDHPublicKey
             return KeyUtil.getEncodedSubjectPublicKeyInfo(info);
         }
 
-        return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL())), new DERInteger(y));
+        return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL())), new ASN1Integer(y));
     }
 
     public DHParameterSpec getParams()
@@ -147,8 +147,8 @@ public class JCEDHPublicKey
             return false;
         }
 
-        DERInteger l = DERInteger.getInstance(seq.getObjectAt(2));
-        DERInteger p = DERInteger.getInstance(seq.getObjectAt(0));
+        ASN1Integer l = ASN1Integer.getInstance(seq.getObjectAt(2));
+        ASN1Integer p = ASN1Integer.getInstance(seq.getObjectAt(0));
 
         if (l.getValue().compareTo(BigInteger.valueOf(p.getValue().bitLength())) > 0)
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
index 63bb6d8..67e40b4 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
@@ -13,13 +13,12 @@ import java.util.Enumeration;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -250,9 +249,9 @@ public class JCEECPrivateKey
         }
 
         ASN1Encodable privKey = info.parsePrivateKey();
-        if (privKey instanceof DERInteger)
+        if (privKey instanceof ASN1Integer)
         {
-            DERInteger          derD = DERInteger.getInstance(privKey);
+            ASN1Integer          derD = ASN1Integer.getInstance(privKey);
 
             this.d = derD.getValue();
         }
@@ -292,10 +291,10 @@ public class JCEECPrivateKey
 
         if (ecSpec instanceof ECNamedCurveSpec)
         {
-            DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
+            ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
             if (curveOid == null)  // guess it's the OID
             {
-                curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
+                curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
             }
             params = new X962Parameters(curveOid);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
index 4bf2e68..c82be8c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
@@ -38,6 +38,8 @@ import org.bouncycastle.jce.interfaces.ECPointEncoder;
 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
 import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.custom.sec.SecP256K1Point;
+import org.bouncycastle.math.ec.custom.sec.SecP256R1Point;
 
 public class JCEECPublicKey
     implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder
@@ -439,14 +441,7 @@ public class JCEECPublicKey
     {
         if (ecSpec == null)
         {
-            if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp)
-            {
-                return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getAffineXCoord(), q.getAffineYCoord());
-            }
-            else
-            {
-                return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getAffineXCoord(), q.getAffineYCoord());
-            }
+            return q.getDetachedPoint();
         }
 
         return q;
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java
index afaddfa..6c21f87 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java
@@ -13,8 +13,6 @@ import javax.crypto.spec.DHPrivateKeySpec;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -74,8 +72,8 @@ public class JCEElGamalPrivateKey
         PrivateKeyInfo  info)
         throws IOException
     {
-        ElGamalParameter     params = new ElGamalParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DERInteger      derX = ASN1Integer.getInstance(info.parsePrivateKey());
+        ElGamalParameter     params = ElGamalParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
+        ASN1Integer      derX = ASN1Integer.getInstance(info.parsePrivateKey());
 
         this.x = derX.getValue();
         this.elSpec = new ElGamalParameterSpec(params.getP(), params.getG());
@@ -111,7 +109,7 @@ public class JCEElGamalPrivateKey
      */
     public byte[] getEncoded()
     {
-        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new DERInteger(getX()));
+        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new ASN1Integer(getX()));
     }
 
     public ElGamalParameterSpec getParameters()
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java
index cb7a0ab..30780c8 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java
@@ -9,8 +9,7 @@ import javax.crypto.interfaces.DHPublicKey;
 import javax.crypto.spec.DHParameterSpec;
 import javax.crypto.spec.DHPublicKeySpec;
 
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -75,12 +74,12 @@ public class JCEElGamalPublicKey
     JCEElGamalPublicKey(
         SubjectPublicKeyInfo    info)
     {
-        ElGamalParameter        params = new ElGamalParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DERInteger              derY = null;
+        ElGamalParameter        params = ElGamalParameter.getInstance(info.getAlgorithm().getParameters());
+        ASN1Integer              derY = null;
 
         try
         {
-            derY = (DERInteger)info.parsePublicKey();
+            derY = (ASN1Integer)info.parsePublicKey();
         }
         catch (IOException e)
         {
@@ -103,7 +102,7 @@ public class JCEElGamalPublicKey
 
     public byte[] getEncoded()
     {
-        return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new DERInteger(y));
+        return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new ASN1Integer(y));
     }
 
     public ElGamalParameterSpec getParameters()
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
deleted file mode 100644
index 46104b2..0000000
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
+++ /dev/null
@@ -1,613 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.CipherSpi;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.ShortBufferException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamBlockCipher;
-import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.engines.BlowfishEngine;
-import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.RC4Engine;
-import org.bouncycastle.crypto.engines.SkipjackEngine;
-import org.bouncycastle.crypto.engines.TwofishEngine;
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey;
-import org.bouncycastle.jcajce.provider.symmetric.util.PBE;
-
-public class JCEStreamCipher
-    extends CipherSpi
-    implements PBE
-{
-    //
-    // specs we can handle.
-    //
-    private Class[]                 availableSpecs =
-                                    {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
-                                        IvParameterSpec.class,
-                                        PBEParameterSpec.class
-                                    };
-
-    private StreamCipher       cipher;
-    private ParametersWithIV   ivParam;
-
-    private int                     ivLength = 0;
-
-    private PBEParameterSpec        pbeSpec = null;
-    private String                  pbeAlgorithm = null;
-
-    private AlgorithmParameters engineParams;
-
-    protected JCEStreamCipher(
-        StreamCipher engine,
-        int          ivLength)
-    {
-        cipher = engine;
-        this.ivLength = ivLength;
-    }
-        
-    protected JCEStreamCipher(
-        BlockCipher engine,
-        int         ivLength)
-    {
-        this.ivLength = ivLength;
-
-        cipher = new StreamBlockCipher(engine);
-    }
-
-    protected int engineGetBlockSize() 
-    {
-        return 0;
-    }
-
-    protected byte[] engineGetIV() 
-    {
-        return (ivParam != null) ? ivParam.getIV() : null;
-    }
-
-    protected int engineGetKeySize(
-        Key     key) 
-    {
-        return key.getEncoded().length * 8;
-    }
-
-    protected int engineGetOutputSize(
-        int     inputLen) 
-    {
-        return inputLen;
-    }
-
-    protected AlgorithmParameters engineGetParameters() 
-    {
-        if (engineParams == null)
-        {
-            if (pbeSpec != null)
-            {
-                try
-                {
-                    AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
-                    engineParams.init(pbeSpec);
-                    
-                    return engineParams;
-                }
-                catch (Exception e)
-                {
-                    return null;
-                }
-            }
-        }
-        
-        return engineParams;
-    }
-
-    /**
-     * should never be called.
-     */
-    protected void engineSetMode(
-        String  mode) 
-    {
-        if (!mode.equalsIgnoreCase("ECB"))
-        {
-            throw new IllegalArgumentException("can't support mode " + mode);
-        }
-    }
-
-    /**
-     * should never be called.
-     */
-    protected void engineSetPadding(
-        String  padding) 
-    throws NoSuchPaddingException
-    {
-        if (!padding.equalsIgnoreCase("NoPadding"))
-        {
-            throw new NoSuchPaddingException("Padding " + padding + " unknown.");
-        }
-    }
-
-    protected void engineInit(
-        int                     opmode,
-        Key                     key,
-        AlgorithmParameterSpec  params,
-        SecureRandom            random) 
-        throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        CipherParameters        param;
-
-        this.pbeSpec = null;
-        this.pbeAlgorithm = null;
-        
-        this.engineParams = null;
-        
-        //
-        // basic key check
-        //
-        if (!(key instanceof SecretKey))
-        {
-            throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption.");
-        }
-        
-        if (key instanceof BCPBEKey)
-        {
-            BCPBEKey k = (BCPBEKey)key;
-            
-            if (k.getOID() != null)
-            {
-                pbeAlgorithm = k.getOID().getId();
-            }
-            else
-            {
-                pbeAlgorithm = k.getAlgorithm();
-            }
-            
-            if (k.getParam() != null)
-            {
-                param = k.getParam();                
-                pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount());
-            }
-            else if (params instanceof PBEParameterSpec)
-            {
-                param = PBE.Util.makePBEParameters(k, params, cipher.getAlgorithmName());
-                pbeSpec = (PBEParameterSpec)params;
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set.");
-            }
-            
-            if (k.getIvSize() != 0)
-            {
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params == null)
-        {
-            param = new KeyParameter(key.getEncoded());
-        }
-        else if (params instanceof IvParameterSpec)
-        {
-            param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV());
-            ivParam = (ParametersWithIV)param;
-        }
-        else
-        {
-            throw new IllegalArgumentException("unknown parameter type.");
-        }
-
-        if ((ivLength != 0) && !(param instanceof ParametersWithIV))
-        {
-            SecureRandom    ivRandom = random;
-
-            if (ivRandom == null)
-            {
-                ivRandom = new SecureRandom();
-            }
-
-            if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE))
-            {
-                byte[]  iv = new byte[ivLength];
-
-                ivRandom.nextBytes(iv);
-                param = new ParametersWithIV(param, iv);
-                ivParam = (ParametersWithIV)param;
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("no IV set when one expected");
-            }
-        }
-
-        switch (opmode)
-        {
-        case Cipher.ENCRYPT_MODE:
-        case Cipher.WRAP_MODE:
-            cipher.init(true, param);
-            break;
-        case Cipher.DECRYPT_MODE:
-        case Cipher.UNWRAP_MODE:
-            cipher.init(false, param);
-            break;
-        default:
-            System.out.println("eeek!");
-        }
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        AlgorithmParameters params,
-        SecureRandom        random) 
-        throws InvalidKeyException, InvalidAlgorithmParameterException
-    {
-        AlgorithmParameterSpec  paramSpec = null;
-
-        if (params != null)
-        {
-            for (int i = 0; i != availableSpecs.length; i++)
-            {
-                try
-                {
-                    paramSpec = params.getParameterSpec(availableSpecs[i]);
-                    break;
-                }
-                catch (Exception e)
-                {
-                    continue;
-                }
-            }
-
-            if (paramSpec == null)
-            {
-                throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString());
-            }
-        }
-
-        engineInit(opmode, key, paramSpec, random);
-        engineParams = params;
-    }
-
-    protected void engineInit(
-        int                 opmode,
-        Key                 key,
-        SecureRandom        random) 
-        throws InvalidKeyException
-    {
-        try
-        {
-            engineInit(opmode, key, (AlgorithmParameterSpec)null, random);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new InvalidKeyException(e.getMessage());
-        }
-    }
-
-    protected byte[] engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen) 
-    {
-        byte[]  out = new byte[inputLen];
-
-        cipher.processBytes(input, inputOffset, inputLen, out, 0);
-
-        return out;
-    }
-
-    protected int engineUpdate(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset) 
-        throws ShortBufferException 
-    {
-        try
-        {
-        cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-
-        return inputLen;
-        }
-        catch (DataLengthException e)
-        {
-            throw new ShortBufferException(e.getMessage());
-        }
-    }
-
-    protected byte[] engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen)
-        throws BadPaddingException, IllegalBlockSizeException
-    {
-        if (inputLen != 0)
-        {
-            byte[] out = engineUpdate(input, inputOffset, inputLen);
-
-            cipher.reset();
-            
-            return out;
-        }
-
-        cipher.reset();
-        
-        return new byte[0];
-    }
-
-    protected int engineDoFinal(
-        byte[]  input,
-        int     inputOffset,
-        int     inputLen,
-        byte[]  output,
-        int     outputOffset)
-        throws BadPaddingException
-    {
-        if (inputLen != 0)
-        {
-            cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-        }
-
-        cipher.reset();
-        
-        return inputLen;
-    }
-
-    protected byte[] engineWrap(
-         Key     key)
-     throws IllegalBlockSizeException, InvalidKeyException
-     {
-         byte[] encoded = key.getEncoded();
-         if (encoded == null)
-         {
-             throw new InvalidKeyException("Cannot wrap key, null encoding.");
-         }
-
-         try
-         {
-             return engineDoFinal(encoded, 0, encoded.length);
-         }
-         catch (BadPaddingException e)
-         {
-             throw new IllegalBlockSizeException(e.getMessage());
-         }
-     }
-
-     protected Key engineUnwrap(
-         byte[] wrappedKey,
-         String wrappedKeyAlgorithm,
-         int wrappedKeyType)
-         throws InvalidKeyException
-     {
-         byte[] encoded;
-         try
-         {
-             encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length);
-         }
-         catch (BadPaddingException e)
-         {
-             throw new InvalidKeyException(e.getMessage());
-         }
-         catch (IllegalBlockSizeException e2)
-         {
-             throw new InvalidKeyException(e2.getMessage());
-         }
-
-         if (wrappedKeyType == Cipher.SECRET_KEY)
-         {
-             return new SecretKeySpec(encoded, wrappedKeyAlgorithm);
-         }
-         else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY)
-         {
-             /*
-              * The caller doesn't know the algorithm as it is part of
-              * the encrypted data.
-              */
-             try
-             {
-                 PrivateKeyInfo in = PrivateKeyInfo.getInstance(encoded);
-
-                 PrivateKey privKey = BouncyCastleProvider.getPrivateKey(in);
-
-                 if (privKey != null)
-                 {
-                     return privKey;
-                 }
-                 else
-                 {
-                     throw new InvalidKeyException("algorithm " + in.getPrivateKeyAlgorithm().getAlgorithm() + " not supported");
-                 }
-             }
-             catch (Exception e)
-             {
-                 throw new InvalidKeyException("Invalid key encoding.");
-             }
-         }
-         else
-         {
-             try
-             {
-                 KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
-
-                 if (wrappedKeyType == Cipher.PUBLIC_KEY)
-                 {
-                     return kf.generatePublic(new X509EncodedKeySpec(encoded));
-                 }
-                 else if (wrappedKeyType == Cipher.PRIVATE_KEY)
-                 {
-                     return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));
-                 }
-             }
-             catch (NoSuchProviderException e)
-             {
-                 throw new InvalidKeyException("Unknown key type " + e.getMessage());
-             }
-             catch (NoSuchAlgorithmException e)
-             {
-                 throw new InvalidKeyException("Unknown key type " + e.getMessage());
-             }
-             catch (InvalidKeySpecException e2)
-             {
-                 throw new InvalidKeyException("Unknown key type " + e2.getMessage());
-             }
-
-             throw new InvalidKeyException("Unknown key type " + wrappedKeyType);
-         }
-     }
-
-    /*
-     * The ciphers that inherit from us.
-     */
-
-    /**
-     * DES
-     */
-    static public class DES_CFB8
-        extends JCEStreamCipher
-    {
-        public DES_CFB8()
-        {
-            super(new CFBBlockCipher(new DESEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * DESede
-     */
-    static public class DESede_CFB8
-        extends JCEStreamCipher
-    {
-        public DESede_CFB8()
-        {
-            super(new CFBBlockCipher(new DESedeEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * SKIPJACK
-     */
-    static public class Skipjack_CFB8
-        extends JCEStreamCipher
-    {
-        public Skipjack_CFB8()
-        {
-            super(new CFBBlockCipher(new SkipjackEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Blowfish
-     */
-    static public class Blowfish_CFB8
-        extends JCEStreamCipher
-    {
-        public Blowfish_CFB8()
-        {
-            super(new CFBBlockCipher(new BlowfishEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Twofish
-     */
-    static public class Twofish_CFB8
-        extends JCEStreamCipher
-    {
-        public Twofish_CFB8()
-        {
-            super(new CFBBlockCipher(new TwofishEngine(), 8), 128);
-        }
-    }
-
-    /**
-     * DES
-     */
-    static public class DES_OFB8
-        extends JCEStreamCipher
-    {
-        public DES_OFB8()
-        {
-            super(new OFBBlockCipher(new DESEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * DESede
-     */
-    static public class DESede_OFB8
-        extends JCEStreamCipher
-    {
-        public DESede_OFB8()
-        {
-            super(new OFBBlockCipher(new DESedeEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * SKIPJACK
-     */
-    static public class Skipjack_OFB8
-        extends JCEStreamCipher
-    {
-        public Skipjack_OFB8()
-        {
-            super(new OFBBlockCipher(new SkipjackEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Blowfish
-     */
-    static public class Blowfish_OFB8
-        extends JCEStreamCipher
-    {
-        public Blowfish_OFB8()
-        {
-            super(new OFBBlockCipher(new BlowfishEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Twofish
-     */
-    static public class Twofish_OFB8
-        extends JCEStreamCipher
-    {
-        public Twofish_OFB8()
-        {
-            super(new OFBBlockCipher(new TwofishEngine(), 8), 128);
-        }
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java
index 50a714c..3bd6d30 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java
@@ -14,8 +14,6 @@ import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DSAParameter;
@@ -57,7 +55,7 @@ public class JDKDSAPrivateKey
         throws IOException
     {
         DSAParameter    params = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
-        DERInteger      derX = ASN1Integer.getInstance(info.parsePrivateKey());
+        ASN1Integer      derX = ASN1Integer.getInstance(info.parsePrivateKey());
 
         this.x = derX.getValue();
         this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG());
@@ -95,7 +93,7 @@ public class JDKDSAPrivateKey
     {
         try
         {
-            PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG())), new DERInteger(getX()));
+            PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG())), new ASN1Integer(getX()));
 
             return info.getEncoded(ASN1Encoding.DER);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java
index 85a39a4..80bbf3c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java
@@ -11,8 +11,7 @@ import java.security.spec.DSAPublicKeySpec;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DSAParameter;
@@ -61,11 +60,11 @@ public class JDKDSAPublicKey
         SubjectPublicKeyInfo    info)
     {
 
-        DERInteger              derY;
+        ASN1Integer              derY;
 
         try
         {
-            derY = (DERInteger)info.parsePublicKey();
+            derY = (ASN1Integer)info.parsePublicKey();
         }
         catch (IOException e)
         {
@@ -103,10 +102,10 @@ public class JDKDSAPublicKey
         {
             if (dsaSpec == null)
             {
-                return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new DERInteger(y)).getEncoded(ASN1Encoding.DER);
+                return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new ASN1Integer(y)).getEncoded(ASN1Encoding.DER);
             }
 
-            return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG())), new DERInteger(y)).getEncoded(ASN1Encoding.DER);
+            return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG())), new ASN1Integer(y)).getEncoded(ASN1Encoding.DER);
         }
         catch (IOException e)
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java
index 14aef43..115c198 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.jce.provider;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.Principal;
@@ -9,6 +10,10 @@ import java.security.cert.CertPathBuilderResult;
 import java.security.cert.CertPathBuilderSpi;
 import java.security.cert.CertPathParameters;
 import java.security.cert.CertPathValidator;
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.PKIXBuilderParameters;
@@ -24,12 +29,20 @@ import java.util.Set;
 
 import javax.security.auth.x500.X500Principal;
 
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.jcajce.PKIXCertStoreSelector;
+import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
 import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
+import org.bouncycastle.util.Encodable;
 import org.bouncycastle.util.Selector;
+import org.bouncycastle.util.Store;
+import org.bouncycastle.util.StoreException;
 import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
+import org.bouncycastle.x509.ExtendedPKIXParameters;
 import org.bouncycastle.x509.X509AttributeCertStoreSelector;
 import org.bouncycastle.x509.X509AttributeCertificate;
 import org.bouncycastle.x509.X509CertStoreSelector;
+import org.bouncycastle.x509.X509Store;
 
 public class PKIXAttrCertPathBuilderSpi
     extends CertPathBuilderSpi
@@ -45,24 +58,37 @@ public class PKIXAttrCertPathBuilderSpi
             throws CertPathBuilderException, InvalidAlgorithmParameterException
     {
         if (!(params instanceof PKIXBuilderParameters)
-                && !(params instanceof ExtendedPKIXBuilderParameters))
+                && !(params instanceof ExtendedPKIXBuilderParameters)
+                && !(params instanceof PKIXExtendedBuilderParameters))
         {
             throw new InvalidAlgorithmParameterException(
                     "Parameters must be an instance of "
                             + PKIXBuilderParameters.class.getName() + " or "
-                            + ExtendedPKIXBuilderParameters.class.getName()
+                            + PKIXExtendedBuilderParameters.class.getName()
                             + ".");
         }
 
-        ExtendedPKIXBuilderParameters pkixParams;
-        if (params instanceof ExtendedPKIXBuilderParameters)
+        List targetStores = new ArrayList();
+
+        PKIXExtendedBuilderParameters paramsPKIX;
+        if (params instanceof PKIXBuilderParameters)
         {
-            pkixParams = (ExtendedPKIXBuilderParameters) params;
+            PKIXExtendedBuilderParameters.Builder paramsPKIXBldr = new PKIXExtendedBuilderParameters.Builder((PKIXBuilderParameters)params);
+
+            if (params instanceof ExtendedPKIXParameters)
+            {
+                ExtendedPKIXBuilderParameters extPKIX = (ExtendedPKIXBuilderParameters)params;
+
+                paramsPKIXBldr.addExcludedCerts(extPKIX.getExcludedCerts());
+                paramsPKIXBldr.setMaxPathLength(extPKIX.getMaxPathLength());
+                targetStores = extPKIX.getStores();
+            }
+
+            paramsPKIX = paramsPKIXBldr.build();
         }
         else
         {
-            pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters
-                    .getInstance((PKIXBuilderParameters) params);
+            paramsPKIX = (PKIXExtendedBuilderParameters)params;
         }
 
         Collection targets;
@@ -72,7 +98,7 @@ public class PKIXAttrCertPathBuilderSpi
 
         // search target certificates
 
-        Selector certSelect = pkixParams.getTargetConstraints();
+        Selector certSelect = paramsPKIX.getBaseParameters().getTargetConstraints();
         if (!(certSelect instanceof X509AttributeCertStoreSelector))
         {
             throw new CertPathBuilderException(
@@ -81,9 +107,10 @@ public class PKIXAttrCertPathBuilderSpi
                             + " for "+this.getClass().getName()+" class.");
         }
 
+
         try
         {
-            targets = CertPathValidatorUtilities.findCertificates((X509AttributeCertStoreSelector)certSelect, pkixParams.getStores());
+            targets = findCertificates((X509AttributeCertStoreSelector)certSelect, targetStores);
         }
         catch (AnnotatedException e)
         {
@@ -115,8 +142,9 @@ public class PKIXAttrCertPathBuilderSpi
                     {
                         selector.setSubject(((X500Principal)principals[i]).getEncoded());
                     }
-                    issuers.addAll(CertPathValidatorUtilities.findCertificates(selector, pkixParams.getStores()));
-                    issuers.addAll(CertPathValidatorUtilities.findCertificates(selector, pkixParams.getCertStores()));
+                    PKIXCertStoreSelector certStoreSelector = new PKIXCertStoreSelector.Builder(selector).build();
+                    issuers.addAll(CertPathValidatorUtilities.findCertificates(certStoreSelector, paramsPKIX.getBaseParameters().getCertStores()));
+                    issuers.addAll(CertPathValidatorUtilities.findCertificates(certStoreSelector, paramsPKIX.getBaseParameters().getCertificateStores()));
                 }
                 catch (AnnotatedException e)
                 {
@@ -139,7 +167,7 @@ public class PKIXAttrCertPathBuilderSpi
             Iterator it = issuers.iterator();
             while (it.hasNext() && result == null)
             {
-                result = build(cert, (X509Certificate)it.next(), pkixParams, certPathList);
+                result = build(cert, (X509Certificate)it.next(), paramsPKIX, certPathList);
             }
         }
 
@@ -162,7 +190,7 @@ public class PKIXAttrCertPathBuilderSpi
     private Exception certPathException;
 
     private CertPathBuilderResult build(X509AttributeCertificate attrCert, X509Certificate tbvCert,
-            ExtendedPKIXBuilderParameters pkixParams, List tbvPath)
+            PKIXExtendedBuilderParameters pkixParams, List tbvPath)
 
     {
         // If tbvCert is readily present in tbvPath, it indicates having run
@@ -208,8 +236,8 @@ public class PKIXAttrCertPathBuilderSpi
         try
         {
             // check whether the issuer of <tbvCert> is a TrustAnchor
-            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(),
-                pkixParams.getSigProvider()) != null)
+            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getBaseParameters().getTrustAnchors(),
+                pkixParams.getBaseParameters().getSigProvider()) != null)
             {
                 CertPath certPath;
                 PKIXCertPathValidatorResult result;
@@ -243,10 +271,13 @@ public class PKIXAttrCertPathBuilderSpi
             }
             else
             {
+                List stores = new ArrayList();
+
+                stores.addAll(pkixParams.getBaseParameters().getCertificateStores());
                 // add additional X.509 stores from locations in certificate
                 try
                 {
-                    CertPathValidatorUtilities.addAdditionalStoresFromAltNames(tbvCert, pkixParams);
+                    stores.addAll(CertPathValidatorUtilities.getAdditionalStoresFromAltNames(tbvCert.getExtensionValue(Extension.issuerAlternativeName.getId()), pkixParams.getBaseParameters().getNamedCertificateStoreMap()));
                 }
                 catch (CertificateParsingException e)
                 {
@@ -259,7 +290,7 @@ public class PKIXAttrCertPathBuilderSpi
                 // of the stores
                 try
                 {
-                    issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams));
+                    issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams.getBaseParameters().getCertStores(), stores));
                 }
                 catch (AnnotatedException e)
                 {
@@ -300,4 +331,31 @@ public class PKIXAttrCertPathBuilderSpi
         return builderResult;
     }
 
+    protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
+                                                     List certStores)
+        throws AnnotatedException
+    {
+        Set certs = new HashSet();
+        Iterator iter = certStores.iterator();
+
+        while (iter.hasNext())
+        {
+            Object obj = iter.next();
+
+            if (obj instanceof Store)
+            {
+                Store certStore = (Store)obj;
+                try
+                {
+                    certs.addAll(certStore.getMatches(certSelect));
+                }
+                catch (StoreException e)
+                {
+                    throw new AnnotatedException(
+                            "Problem while picking certificates from X.509 store.", e);
+                }
+            }
+        }
+        return certs;
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java
index c1759ba..ee72703 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java
@@ -1,15 +1,22 @@
 package org.bouncycastle.jce.provider;
 
 import java.security.InvalidAlgorithmParameterException;
+import java.security.Provider;
+import java.security.Security;
 import java.security.cert.CertPath;
 import java.security.cert.CertPathParameters;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.CertPathValidatorResult;
 import java.security.cert.CertPathValidatorSpi;
+import java.security.cert.PKIXParameters;
 import java.security.cert.X509Certificate;
 import java.util.Date;
+import java.util.HashSet;
 import java.util.Set;
 
+import org.bouncycastle.jcajce.PKIXExtendedParameters;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
 import org.bouncycastle.util.Selector;
 import org.bouncycastle.x509.ExtendedPKIXParameters;
@@ -24,6 +31,11 @@ import org.bouncycastle.x509.X509AttributeCertificate;
 public class PKIXAttrCertPathValidatorSpi
     extends CertPathValidatorSpi
 {
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
+    public PKIXAttrCertPathValidatorSpi()
+    {
+    }
 
     /**
      * Validates an attribute certificate with the given certificate path.
@@ -38,30 +50,56 @@ public class PKIXAttrCertPathValidatorSpi
      * necessary to correctly validate this attribute certificate.
      * <p>
      * The attribute certificate issuer must be added to the trusted attribute
-     * issuers with {@link ExtendedPKIXParameters#setTrustedACIssuers(Set)}.
+     * issuers with {@link org.bouncycastle.x509.ExtendedPKIXParameters#setTrustedACIssuers(java.util.Set)}.
      * 
      * @param certPath The certificate path which belongs to the attribute
      *            certificate issuer public key certificate.
      * @param params The PKIX parameters.
      * @return A <code>PKIXCertPathValidatorResult</code> of the result of
      *         validating the <code>certPath</code>.
-     * @throws InvalidAlgorithmParameterException if <code>params</code> is
+     * @throws java.security.InvalidAlgorithmParameterException if <code>params</code> is
      *             inappropriate for this validator.
-     * @throws CertPathValidatorException if the verification fails.
+     * @throws java.security.cert.CertPathValidatorException if the verification fails.
      */
     public CertPathValidatorResult engineValidate(CertPath certPath,
         CertPathParameters params) throws CertPathValidatorException,
         InvalidAlgorithmParameterException
     {
-        if (!(params instanceof ExtendedPKIXParameters))
+        if (!(params instanceof ExtendedPKIXParameters || params instanceof PKIXExtendedParameters))
         {
             throw new InvalidAlgorithmParameterException(
                 "Parameters must be a "
                     + ExtendedPKIXParameters.class.getName() + " instance.");
         }
-        ExtendedPKIXParameters pkixParams = (ExtendedPKIXParameters) params;
+        Set attrCertCheckers = new HashSet();
+        Set prohibitedACAttrbiutes = new HashSet();
+        Set necessaryACAttributes = new HashSet();
+        Set trustedACIssuers = new HashSet();
+
+        PKIXExtendedParameters paramsPKIX;
+        if (params instanceof PKIXParameters)
+        {
+            PKIXExtendedParameters.Builder paramsPKIXBldr = new PKIXExtendedParameters.Builder((PKIXParameters)params);
+
+            if (params instanceof ExtendedPKIXParameters)
+            {
+                ExtendedPKIXParameters extPKIX = (ExtendedPKIXParameters)params;
+
+                paramsPKIXBldr.setUseDeltasEnabled(extPKIX.isUseDeltasEnabled());
+                paramsPKIXBldr.setValidityModel(extPKIX.getValidityModel());
+                attrCertCheckers = extPKIX.getAttrCertCheckers();
+                prohibitedACAttrbiutes = extPKIX.getProhibitedACAttributes();
+                necessaryACAttributes = extPKIX.getNecessaryACAttributes();
+            }
+
+            paramsPKIX = paramsPKIXBldr.build();
+        }
+        else
+        {
+            paramsPKIX = (PKIXExtendedParameters)params;
+        }
 
-        Selector certSelect = pkixParams.getTargetConstraints();
+        Selector certSelect = paramsPKIX.getTargetConstraints();
         if (!(certSelect instanceof X509AttributeCertStoreSelector))
         {
             throw new InvalidAlgorithmParameterException(
@@ -69,31 +107,31 @@ public class PKIXAttrCertPathValidatorSpi
                     + X509AttributeCertStoreSelector.class.getName() + " for "
                     + this.getClass().getName() + " class.");
         }
+
         X509AttributeCertificate attrCert = ((X509AttributeCertStoreSelector) certSelect)
             .getAttributeCert();
 
-        CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, pkixParams);
-        CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, pkixParams);
+        CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, paramsPKIX);
+        CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, paramsPKIX);
         X509Certificate issuerCert = (X509Certificate) certPath
             .getCertificates().get(0);
-        RFC3281CertPathUtilities.processAttrCert3(issuerCert, pkixParams);
-        RFC3281CertPathUtilities.processAttrCert4(issuerCert, pkixParams);
-        RFC3281CertPathUtilities.processAttrCert5(attrCert, pkixParams);
+        RFC3281CertPathUtilities.processAttrCert3(issuerCert, paramsPKIX);
+        RFC3281CertPathUtilities.processAttrCert4(issuerCert, trustedACIssuers);
+        RFC3281CertPathUtilities.processAttrCert5(attrCert, paramsPKIX);
         // 6 already done in X509AttributeCertStoreSelector
-        RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, pkixParams);
-        RFC3281CertPathUtilities.additionalChecks(attrCert, pkixParams);
+        RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, paramsPKIX, attrCertCheckers);
+        RFC3281CertPathUtilities.additionalChecks(attrCert, prohibitedACAttrbiutes, necessaryACAttributes);
         Date date = null;
         try
         {
-            date = CertPathValidatorUtilities
-                .getValidCertDateFromValidityModel(pkixParams, null, -1);
+            date = CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, null, -1);
         }
         catch (AnnotatedException e)
         {
             throw new ExtCertPathValidatorException(
                 "Could not get validity date from attribute certificate.", e);
         }
-        RFC3281CertPathUtilities.checkCRLs(attrCert, pkixParams, issuerCert, date, certPath.getCertificates());
+        RFC3281CertPathUtilities.checkCRLs(attrCert, paramsPKIX, issuerCert, date, certPath.getCertificates(), helper);
         return result;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
index c94016d..f43e185 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
@@ -2,7 +2,6 @@ package org.bouncycastle.jce.provider;
 
 import java.security.cert.CertStore;
 import java.security.cert.CertStoreException;
-import java.security.cert.PKIXParameters;
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
@@ -12,14 +11,14 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
+import org.bouncycastle.jcajce.PKIXCRLStore;
+import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
+import org.bouncycastle.util.Store;
 import org.bouncycastle.util.StoreException;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.X509CRLStoreSelector;
-import org.bouncycastle.x509.X509Store;
 
-public class PKIXCRLUtil
+class PKIXCRLUtil
 {
-    public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate)
+    public Set findCRLs(PKIXCRLStoreSelector crlselect, Date validityDate, List certStores, List pkixCrlStores)
         throws AnnotatedException
     {
         Set initialSet = new HashSet();
@@ -27,9 +26,8 @@ public class PKIXCRLUtil
         // get complete CRL(s)
         try
         {
-            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
-            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores()));
-            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
+            initialSet.addAll(findCRLs(crlselect, pkixCrlStores));
+            initialSet.addAll(findCRLs(crlselect, certStores));
         }
         catch (AnnotatedException e)
         {
@@ -37,12 +35,6 @@ public class PKIXCRLUtil
         }
 
         Set finalSet = new HashSet();
-        Date validityDate = currentDate;
-
-        if (paramsPKIX.getDate() != null)
-        {
-            validityDate = paramsPKIX.getDate();
-        }
 
         // based on RFC 5280 6.3.3
         for (Iterator it = initialSet.iterator(); it.hasNext();)
@@ -70,38 +62,20 @@ public class PKIXCRLUtil
         return finalSet;
     }
 
-    public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX)
-        throws AnnotatedException
-    {
-        Set completeSet = new HashSet();
-
-        // get complete CRL(s)
-        try
-        {
-            completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
-        }
-
-        return completeSet;
-    }
-
-/**
+    /**
      * Return a Collection of all CRLs found in the X509Store's that are
      * matching the crlSelect criteriums.
      *
-     * @param crlSelect a {@link X509CRLStoreSelector} object that will be used
+     * @param crlSelect a {@link org.bouncycastle.jcajce.PKIXCRLStoreSelector} object that will be used
      *            to select the CRLs
      * @param crlStores a List containing only
-     *            {@link org.bouncycastle.x509.X509Store  X509Store} objects.
+     *            {@link Store} objects.
      *            These are used to search for CRLs
      *
      * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be
      *         empty but never <code>null</code>.
      */
-    private final Collection findCRLs(X509CRLStoreSelector crlSelect,
+    private final Collection findCRLs(PKIXCRLStoreSelector crlSelect,
         List crlStores) throws AnnotatedException
     {
         Set crls = new HashSet();
@@ -114,9 +88,9 @@ public class PKIXCRLUtil
         {
             Object obj = iter.next();
 
-            if (obj instanceof X509Store)
+            if (obj instanceof Store)
             {
-                X509Store store = (X509Store)obj;
+                Store store = (Store)obj;
 
                 try
                 {
@@ -135,7 +109,7 @@ public class PKIXCRLUtil
 
                 try
                 {
-                    crls.addAll(store.getCRLs(crlSelect));
+                    crls.addAll(PKIXCRLStoreSelector.getCRLs(crlSelect, store));
                     foundValidStore = true;
                 }
                 catch (CertStoreException e)
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
index 384eb86..b713395 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
@@ -6,8 +6,6 @@ import java.security.cert.CertPathBuilderException;
 import java.security.cert.CertPathBuilderResult;
 import java.security.cert.CertPathBuilderSpi;
 import java.security.cert.CertPathParameters;
-import java.security.cert.CertPathValidator;
-import java.security.cert.CertificateFactory;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.PKIXBuilderParameters;
 import java.security.cert.PKIXCertPathBuilderResult;
@@ -19,10 +17,15 @@ import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.jcajce.PKIXCertStore;
+import org.bouncycastle.jcajce.PKIXCertStoreSelector;
+import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
+import org.bouncycastle.jcajce.PKIXExtendedParameters;
+import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
 import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
-import org.bouncycastle.util.Selector;
 import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.X509CertStoreSelector;
+import org.bouncycastle.x509.ExtendedPKIXParameters;
 
 /**
  * Implements the PKIX CertPathBuilding algorithm for BouncyCastle.
@@ -42,23 +45,45 @@ public class PKIXCertPathBuilderSpi
         throws CertPathBuilderException, InvalidAlgorithmParameterException
     {
         if (!(params instanceof PKIXBuilderParameters)
-            && !(params instanceof ExtendedPKIXBuilderParameters))
+            && !(params instanceof ExtendedPKIXBuilderParameters)
+            && !(params instanceof PKIXExtendedBuilderParameters))
         {
             throw new InvalidAlgorithmParameterException(
                 "Parameters must be an instance of "
                     + PKIXBuilderParameters.class.getName() + " or "
-                    + ExtendedPKIXBuilderParameters.class.getName() + ".");
+                    + PKIXExtendedBuilderParameters.class.getName() + ".");
         }
 
-        ExtendedPKIXBuilderParameters pkixParams = null;
-        if (params instanceof ExtendedPKIXBuilderParameters)
+        PKIXExtendedBuilderParameters paramsPKIX;
+        if (params instanceof PKIXBuilderParameters)
         {
-            pkixParams = (ExtendedPKIXBuilderParameters) params;
+            PKIXExtendedParameters.Builder paramsPKIXBldr = new PKIXExtendedParameters.Builder((PKIXBuilderParameters)params);
+            PKIXExtendedBuilderParameters.Builder paramsBldrPKIXBldr;
+
+            if (params instanceof ExtendedPKIXParameters)
+            {
+                ExtendedPKIXBuilderParameters extPKIX = (ExtendedPKIXBuilderParameters)params;
+
+ ;
+                for (Iterator it = extPKIX.getAdditionalStores().iterator(); it.hasNext();)
+                {
+                     paramsPKIXBldr.addCertificateStore((PKIXCertStore)it.next());
+                }
+                paramsBldrPKIXBldr  = new PKIXExtendedBuilderParameters.Builder(paramsPKIXBldr.build());
+
+                paramsBldrPKIXBldr.addExcludedCerts(extPKIX.getExcludedCerts());
+                paramsBldrPKIXBldr.setMaxPathLength(extPKIX.getMaxPathLength());
+            }
+            else
+            {
+                paramsBldrPKIXBldr  = new PKIXExtendedBuilderParameters.Builder((PKIXBuilderParameters)params);
+            }
+
+            paramsPKIX = paramsBldrPKIXBldr.build();
         }
         else
         {
-            pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters
-                .getInstance((PKIXBuilderParameters) params);
+            paramsPKIX = (PKIXExtendedBuilderParameters)params;
         }
 
         Collection targets;
@@ -68,19 +93,12 @@ public class PKIXCertPathBuilderSpi
 
         // search target certificates
 
-        Selector certSelect = pkixParams.getTargetConstraints();
-        if (!(certSelect instanceof X509CertStoreSelector))
-        {
-            throw new CertPathBuilderException(
-                "TargetConstraints must be an instance of "
-                    + X509CertStoreSelector.class.getName() + " for "
-                    + this.getClass().getName() + " class.");
-        }
+        PKIXCertStoreSelector certSelect = paramsPKIX.getBaseParameters().getTargetConstraints();
 
         try
         {
-            targets = CertPathValidatorUtilities.findCertificates((X509CertStoreSelector)certSelect, pkixParams.getStores());
-            targets.addAll(CertPathValidatorUtilities.findCertificates((X509CertStoreSelector)certSelect, pkixParams.getCertStores()));
+            targets = CertPathValidatorUtilities.findCertificates(certSelect, paramsPKIX.getBaseParameters().getCertificateStores());
+            targets.addAll(CertPathValidatorUtilities.findCertificates(certSelect, paramsPKIX.getBaseParameters().getCertStores()));
         }
         catch (AnnotatedException e)
         {
@@ -102,7 +120,7 @@ public class PKIXCertPathBuilderSpi
         while (targetIter.hasNext() && result == null)
         {
             cert = (X509Certificate) targetIter.next();
-            result = build(cert, pkixParams, certPathList);
+            result = build(cert, paramsPKIX, certPathList);
         }
 
         if (result == null && certPathException != null)
@@ -128,7 +146,7 @@ public class PKIXCertPathBuilderSpi
     private Exception certPathException;
 
     protected CertPathBuilderResult build(X509Certificate tbvCert,
-        ExtendedPKIXBuilderParameters pkixParams, List tbvPath)
+        PKIXExtendedBuilderParameters pkixParams, List tbvPath)
     {
         // If tbvCert is readily present in tbvPath, it indicates having run
         // into a cycle in the
@@ -155,13 +173,13 @@ public class PKIXCertPathBuilderSpi
         tbvPath.add(tbvCert);
 
         CertificateFactory cFact;
-        CertPathValidator validator;
+        PKIXCertPathValidatorSpi validator;
         CertPathBuilderResult builderResult = null;
 
         try
         {
-            cFact = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
-            validator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
+            cFact = new CertificateFactory();
+            validator = new PKIXCertPathValidatorSpi();
         }
         catch (Exception e)
         {
@@ -172,8 +190,8 @@ public class PKIXCertPathBuilderSpi
         try
         {
             // check whether the issuer of <tbvCert> is a TrustAnchor
-            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(),
-                pkixParams.getSigProvider()) != null)
+            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getBaseParameters().getTrustAnchors(),
+                pkixParams.getBaseParameters().getSigProvider()) != null)
             {
                 // exception message from possibly later tried certification
                 // chains
@@ -181,7 +199,7 @@ public class PKIXCertPathBuilderSpi
                 PKIXCertPathValidatorResult result = null;
                 try
                 {
-                    certPath = cFact.generateCertPath(tbvPath);
+                    certPath = cFact.engineGenerateCertPath(tbvPath);
                 }
                 catch (Exception e)
                 {
@@ -192,7 +210,7 @@ public class PKIXCertPathBuilderSpi
 
                 try
                 {
-                    result = (PKIXCertPathValidatorResult) validator.validate(
+                    result = (PKIXCertPathValidatorResult) validator.engineValidate(
                         certPath, pkixParams);
                 }
                 catch (Exception e)
@@ -208,16 +226,21 @@ public class PKIXCertPathBuilderSpi
             }
             else
             {
+                List stores = new ArrayList();
+
+
+                stores.addAll(pkixParams.getBaseParameters().getCertificateStores());
+
                 // add additional X.509 stores from locations in certificate
                 try
                 {
-                    CertPathValidatorUtilities.addAdditionalStoresFromAltNames(
-                        tbvCert, pkixParams);
+                    stores.addAll(CertPathValidatorUtilities.getAdditionalStoresFromAltNames(
+                        tbvCert.getExtensionValue(Extension.issuerAlternativeName.getId()), pkixParams.getBaseParameters().getNamedCertificateStoreMap()));
                 }
                 catch (CertificateParsingException e)
                 {
                     throw new AnnotatedException(
-                        "No additiontal X.509 stores can be added from certificate locations.",
+                        "No additional X.509 stores can be added from certificate locations.",
                         e);
                 }
                 Collection issuers = new HashSet();
@@ -225,7 +248,7 @@ public class PKIXCertPathBuilderSpi
                 // of the stores
                 try
                 {
-                    issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams));
+                    issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams.getBaseParameters().getCertStores(), stores));
                 }
                 catch (AnnotatedException e)
                 {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
index f28a02a..f87b427 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
@@ -18,11 +18,14 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
-import javax.security.auth.x500.X500Principal;
-
 import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
+import org.bouncycastle.jcajce.PKIXExtendedParameters;
+import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
 import org.bouncycastle.x509.ExtendedPKIXParameters;
 
@@ -33,6 +36,11 @@ import org.bouncycastle.x509.ExtendedPKIXParameters;
 public class PKIXCertPathValidatorSpi
         extends CertPathValidatorSpi
 {
+    private final JcaJceHelper helper = new BCJcaJceHelper();
+
+    public PKIXCertPathValidatorSpi()
+    {
+    }
 
     public CertPathValidatorResult engineValidate(
             CertPath certPath,
@@ -40,21 +48,36 @@ public class PKIXCertPathValidatorSpi
             throws CertPathValidatorException,
             InvalidAlgorithmParameterException
     {
-        if (!(params instanceof PKIXParameters))
+        if (!(params instanceof CertPathParameters))
         {
             throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName()
                     + " instance.");
         }
 
-        ExtendedPKIXParameters paramsPKIX;
-        if (params instanceof ExtendedPKIXParameters)
+        PKIXExtendedParameters paramsPKIX;
+        if (params instanceof PKIXParameters)
         {
-            paramsPKIX = (ExtendedPKIXParameters)params;
+            PKIXExtendedParameters.Builder paramsPKIXBldr = new PKIXExtendedParameters.Builder((PKIXParameters)params);
+
+            if (params instanceof ExtendedPKIXParameters)
+            {
+                ExtendedPKIXParameters extPKIX = (ExtendedPKIXParameters)params;
+
+                paramsPKIXBldr.setUseDeltasEnabled(extPKIX.isUseDeltasEnabled());
+                paramsPKIXBldr.setValidityModel(extPKIX.getValidityModel());
+            }
+
+            paramsPKIX = paramsPKIXBldr.build();
+        }
+        else if (params instanceof PKIXExtendedBuilderParameters)
+        {
+            paramsPKIX = ((PKIXExtendedBuilderParameters)params).getBaseParameters();
         }
         else
         {
-            paramsPKIX = ExtendedPKIXParameters.getInstance((PKIXParameters)params);
+            paramsPKIX = (PKIXExtendedParameters)params;
         }
+
         if (paramsPKIX.getTrustAnchors() == null)
         {
             throw new InvalidAlgorithmParameterException(
@@ -105,6 +128,9 @@ public class PKIXCertPathValidatorSpi
             throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
         }
 
+        // RFC 5280 - CRLs must originate from the same trust anchor as the target certificate.
+        paramsPKIX = new PKIXExtendedParameters.Builder(paramsPKIX).setTrustAnchor(trust).build();
+
         //
         // (e), (f), (g) are part of the paramsPKIX object.
         //
@@ -186,19 +212,19 @@ public class PKIXCertPathValidatorSpi
         // (g), (h), (i), (j)
         //
         PublicKey workingPublicKey;
-        X500Principal workingIssuerName;
+        X500Name workingIssuerName;
 
         X509Certificate sign = trust.getTrustedCert();
         try
         {
             if (sign != null)
             {
-                workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
+                workingIssuerName = PrincipalUtils.getSubjectPrincipal(sign);
                 workingPublicKey = sign.getPublicKey();
             }
             else
             {
-                workingIssuerName = new X500Principal(trust.getCAName());
+                workingIssuerName = PrincipalUtils.getCA(trust);
                 workingPublicKey = trust.getCAPublicKey();
             }
         }
@@ -218,7 +244,7 @@ public class PKIXCertPathValidatorSpi
             throw new ExtCertPathValidatorException(
                     "Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1);
         }
-        DERObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.getObjectId();
+        ASN1ObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.getAlgorithm();
         ASN1Encodable workingPublicKeyParameters = workingAlgId.getParameters();
 
         //
@@ -272,7 +298,7 @@ public class PKIXCertPathValidatorSpi
             //
 
             RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey,
-                verificationAlreadyPerformed, workingIssuerName, sign);
+                verificationAlreadyPerformed, workingIssuerName, sign, helper);
 
             RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
 
@@ -357,12 +383,12 @@ public class PKIXCertPathValidatorSpi
                 sign = cert;
 
                 // (c)
-                workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
+                workingIssuerName = PrincipalUtils.getSubjectPrincipal(sign);
 
                 // (d)
                 try
                 {
-                    workingPublicKey = CertPathValidatorUtilities.getNextWorkingKey(certPath.getCertificates(), index);
+                    workingPublicKey = CertPathValidatorUtilities.getNextWorkingKey(certPath.getCertificates(), index, helper);
                 }
                 catch (CertPathValidatorException e)
                 {
@@ -371,7 +397,7 @@ public class PKIXCertPathValidatorSpi
 
                 workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey);
                 // (f)
-                workingPublicKeyAlgorithm = workingAlgId.getObjectId();
+                workingPublicKeyAlgorithm = workingAlgId.getAlgorithm();
                 // (e)
                 workingPublicKeyParameters = workingAlgId.getParameters();
             }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
index 7ecc486..0742712 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
@@ -635,13 +635,17 @@ public class PKIXNameConstraintValidator
     private boolean emailIsConstrained(String email, String constraint)
     {
         String sub = email.substring(email.indexOf('@') + 1);
-        // a particular mailbox
+        // a particular mailbox or @domain
         if (constraint.indexOf('@') != -1)
         {
             if (email.equalsIgnoreCase(constraint))
             {
                 return true;
             }
+            if (sub.equalsIgnoreCase(constraint.substring(1)))
+            {
+                return true;
+            }
         }
         // on particular host
         else if (!(constraint.charAt(0) == '.'))
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java
index 3437605..d89e920 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java
@@ -165,4 +165,9 @@ public class PKIXPolicyNode
         
         return _node;
     }
+
+    public void setExpectedPolicies(Set expectedPolicies)
+    {
+        this.expectedPolicies = expectedPolicies;
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PrincipalUtils.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PrincipalUtils.java
new file mode 100644
index 0000000..9059079
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PrincipalUtils.java
@@ -0,0 +1,53 @@
+package org.bouncycastle.jce.provider;
+
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509CRL;
+import java.security.cert.X509CRLEntry;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.x509.X509AttributeCertificate;
+
+class PrincipalUtils
+{
+    static X500Name getSubjectPrincipal(X509Certificate cert)
+    {
+        return X500Name.getInstance(cert.getSubjectX500Principal().getEncoded());
+    }
+
+    static X500Name getIssuerPrincipal(X509CRL crl)
+    {
+        return X500Name.getInstance(crl.getIssuerX500Principal().getEncoded());
+    }
+
+    static X500Name getIssuerPrincipal(X509Certificate cert)
+    {
+        return X500Name.getInstance(cert.getIssuerX500Principal().getEncoded());
+    }
+
+    static X500Name getCA(TrustAnchor trustAnchor)
+    {
+        return X500Name.getInstance(trustAnchor.getCA().getEncoded());
+    }
+
+    /**
+     * Returns the issuer of an attribute certificate or certificate.
+     *
+     * @param cert The attribute certificate or certificate.
+     * @return The issuer as <code>X500Principal</code>.
+     */
+    static X500Name getEncodedIssuerPrincipal(
+        Object cert)
+    {
+        if (cert instanceof X509Certificate)
+        {
+            return getIssuerPrincipal((X509Certificate)cert);
+        }
+        else
+        {
+            return X500Name.getInstance(((X500Principal)((X509AttributeCertificate)cert).getIssuer().getPrincipals()[0]).getEncoded());
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
index 769edb8..d67a77e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
@@ -5,15 +5,17 @@ import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.PublicKey;
 import java.security.cert.CertPath;
-import java.security.cert.CertPathBuilder;
 import java.security.cert.CertPathBuilderException;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.CertificateExpiredException;
 import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.PKIXCertPathChecker;
 import java.security.cert.X509CRL;
+import java.security.cert.X509CRLSelector;
+import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
 import java.security.cert.X509Extension;
+import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
@@ -24,47 +26,51 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.Vector;
-
-import javax.security.auth.x500.X500Principal;
+import java.util.TimeZone;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1String;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.style.BCStyle;
 import org.bouncycastle.asn1.x509.BasicConstraints;
 import org.bouncycastle.asn1.x509.CRLDistPoint;
 import org.bouncycastle.asn1.x509.CRLReason;
 import org.bouncycastle.asn1.x509.DistributionPoint;
 import org.bouncycastle.asn1.x509.DistributionPointName;
+import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.GeneralNames;
 import org.bouncycastle.asn1.x509.GeneralSubtree;
 import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
 import org.bouncycastle.asn1.x509.NameConstraints;
 import org.bouncycastle.asn1.x509.PolicyInformation;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.jcajce.PKIXCRLStore;
+import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
+import org.bouncycastle.jcajce.PKIXCertStoreSelector;
+import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
+import org.bouncycastle.jcajce.PKIXExtendedParameters;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
+import org.bouncycastle.jce.PrincipalUtil;
 import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
 import org.bouncycastle.util.Arrays;
-import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.X509CRLStoreSelector;
-import org.bouncycastle.x509.X509CertStoreSelector;
 
-public class RFC3280CertPathUtilities
+class RFC3280CertPathUtilities
 {
     private static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil();
 
     /**
      * If the complete CRL includes an issuing distribution point (IDP) CRL
      * extension check the following:
-     * <p/>
+     * <p>
      * (i) If the distribution point name is present in the IDP CRL extension
      * and the distribution field is present in the DP, then verify that one of
      * the names in the IDP matches one of the names in the DP. If the
@@ -73,17 +79,17 @@ public class RFC3280CertPathUtilities
      * names in the IDP matches one of the names in the cRLIssuer field of the
      * DP.
      * </p>
-     * <p/>
+     * <p>
      * (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL
      * extension, verify that the certificate does not include the basic
      * constraints extension with the cA boolean asserted.
      * </p>
-     * <p/>
+     * <p>
      * (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL
      * extension, verify that the certificate includes the basic constraints
      * extension with the cA boolean asserted.
      * </p>
-     * <p/>
+     * <p>
      * (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
      * </p>
      *
@@ -131,20 +137,18 @@ public class RFC3280CertPathUtilities
                     ASN1EncodableVector vec = new ASN1EncodableVector();
                     try
                     {
-                        Enumeration e = ASN1Sequence.getInstance(
-                            ASN1Sequence.fromByteArray(CertPathValidatorUtilities.getIssuerPrincipal(crl)
-                                .getEncoded())).getObjects();
+                        Enumeration e = ASN1Sequence.getInstance(PrincipalUtils.getIssuerPrincipal(crl)).getObjects();
                         while (e.hasMoreElements())
                         {
                             vec.add((ASN1Encodable)e.nextElement());
                         }
                     }
-                    catch (IOException e)
+                    catch (Exception e)
                     {
                         throw new AnnotatedException("Could not read CRL issuer.", e);
                     }
                     vec.add(dpName.getName());
-                    names.add(new GeneralName(X509Name.getInstance(new DERSequence(vec))));
+                    names.add(new GeneralName(X500Name.getInstance(new DERSequence(vec))));
                 }
                 boolean matches = false;
                 // verify that one of the names in the IDP matches one
@@ -168,11 +172,10 @@ public class RFC3280CertPathUtilities
                             genNames = new GeneralName[1];
                             try
                             {
-                                genNames[0] = new GeneralName(new X509Name(
-                                    (ASN1Sequence)ASN1Sequence.fromByteArray(CertPathValidatorUtilities
-                                        .getEncodedIssuerPrincipal(cert).getEncoded())));
+                                genNames[0] = new GeneralName(X500Name.getInstance(PrincipalUtils
+                                    .getEncodedIssuerPrincipal(cert).getEncoded()));
                             }
-                            catch (IOException e)
+                            catch (Exception e)
                             {
                                 throw new AnnotatedException("Could not read certificate issuer.", e);
                             }
@@ -186,7 +189,7 @@ public class RFC3280CertPathUtilities
                                 vec.add((ASN1Encodable)e.nextElement());
                             }
                             vec.add(dpName.getName());
-                            genNames[j] = new GeneralName(new X509Name(new DERSequence(vec)));
+                            genNames[j] = new GeneralName(X500Name.getInstance(new DERSequence(vec)));
                         }
                     }
                     if (genNames != null)
@@ -294,7 +297,16 @@ public class RFC3280CertPathUtilities
                 isIndirect = true;
             }
         }
-        byte[] issuerBytes = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded();
+        byte[] issuerBytes;
+
+        try
+        {
+            issuerBytes = PrincipalUtils.getIssuerPrincipal(crl).getEncoded();
+        }
+        catch (IOException e)
+        {
+            throw new AnnotatedException("Exception encoding CRL issuer: " + e.getMessage(), e);
+        }
 
         boolean matchIssuer = false;
         if (dp.getCRLIssuer() != null)
@@ -329,8 +341,8 @@ public class RFC3280CertPathUtilities
         }
         else
         {
-            if (CertPathValidatorUtilities.getIssuerPrincipal(crl).equals(
-                CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert)))
+            if (PrincipalUtils.getIssuerPrincipal(crl).equals(
+                PrincipalUtils.getEncodedIssuerPrincipal(cert)))
             {
                 matchIssuer = true;
             }
@@ -375,33 +387,33 @@ public class RFC3280CertPathUtilities
 
     }
 
-    public static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId();
+    public static final String CERTIFICATE_POLICIES = Extension.certificatePolicies.getId();
 
-    public static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId();
+    public static final String POLICY_MAPPINGS = Extension.policyMappings.getId();
 
-    public static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId();
+    public static final String INHIBIT_ANY_POLICY = Extension.inhibitAnyPolicy.getId();
 
-    public static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId();
+    public static final String ISSUING_DISTRIBUTION_POINT = Extension.issuingDistributionPoint.getId();
 
-    public static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId();
+    public static final String FRESHEST_CRL = Extension.freshestCRL.getId();
 
-    public static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId();
+    public static final String DELTA_CRL_INDICATOR = Extension.deltaCRLIndicator.getId();
 
-    public static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId();
+    public static final String POLICY_CONSTRAINTS = Extension.policyConstraints.getId();
 
-    public static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId();
+    public static final String BASIC_CONSTRAINTS = Extension.basicConstraints.getId();
 
-    public static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId();
+    public static final String CRL_DISTRIBUTION_POINTS = Extension.cRLDistributionPoints.getId();
 
-    public static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId();
+    public static final String SUBJECT_ALTERNATIVE_NAME = Extension.subjectAlternativeName.getId();
 
-    public static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId();
+    public static final String NAME_CONSTRAINTS = Extension.nameConstraints.getId();
 
-    public static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId();
+    public static final String AUTHORITY_KEY_IDENTIFIER = Extension.authorityKeyIdentifier.getId();
 
-    public static final String KEY_USAGE = X509Extensions.KeyUsage.getId();
+    public static final String KEY_USAGE = Extension.keyUsage.getId();
 
-    public static final String CRL_NUMBER = X509Extensions.CRLNumber.getId();
+    public static final String CRL_NUMBER = Extension.cRLNumber.getId();
 
     public static final String ANY_POLICY = "2.5.29.32.0";
 
@@ -436,18 +448,19 @@ public class RFC3280CertPathUtilities
         Object cert,
         X509Certificate defaultCRLSignCert,
         PublicKey defaultCRLSignKey,
-        ExtendedPKIXParameters paramsPKIX,
-        List certPathCerts)
+        PKIXExtendedParameters paramsPKIX,
+        List certPathCerts,
+        JcaJceHelper helper)
         throws AnnotatedException
     {
         // (f)
 
         // get issuer from CRL
-        X509CertStoreSelector selector = new X509CertStoreSelector();
+        X509CertSelector certSelector = new X509CertSelector();
         try
         {
-            byte[] issuerPrincipal = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded();
-            selector.setSubject(issuerPrincipal);
+            byte[] issuerPrincipal = PrincipalUtils.getIssuerPrincipal(crl).getEncoded();
+            certSelector.setSubject(issuerPrincipal);
         }
         catch (IOException e)
         {
@@ -455,12 +468,13 @@ public class RFC3280CertPathUtilities
                 "Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e);
         }
 
+        PKIXCertStoreSelector selector = new PKIXCertStoreSelector.Builder(certSelector).build();
+
         // get CRL signing certs
         Collection coll;
         try
         {
-            coll = CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getStores());
-            coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getAdditionalStores()));
+            coll = CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getCertificateStores());
             coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getCertStores()));
         }
         catch (AnnotatedException e)
@@ -491,13 +505,13 @@ public class RFC3280CertPathUtilities
             }
             try
             {
-                CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
-                selector = new X509CertStoreSelector();
-                selector.setCertificate(signingCert);
-                ExtendedPKIXParameters temp = (ExtendedPKIXParameters)paramsPKIX.clone();
-                temp.setTargetCertConstraints(selector);
-                ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters)ExtendedPKIXBuilderParameters
-                    .getInstance(temp);
+                PKIXCertPathBuilderSpi builder = new PKIXCertPathBuilderSpi();
+                X509CertSelector tmpCertSelector = new X509CertSelector();
+                tmpCertSelector.setCertificate(signingCert);
+
+                PKIXExtendedParameters.Builder paramsBuilder = new PKIXExtendedParameters.Builder(paramsPKIX)
+                    .setTargetConstraints(new PKIXCertStoreSelector.Builder(tmpCertSelector).build());
+
                 /*
                  * if signingCert is placed not higher on the cert path a
                  * dependency loop results. CRL for cert is checked, but
@@ -509,19 +523,22 @@ public class RFC3280CertPathUtilities
                  */
                 if (certPathCerts.contains(signingCert))
                 {
-                    params.setRevocationEnabled(false);
+                    paramsBuilder.setRevocationEnabled(false);
                 }
                 else
                 {
-                    params.setRevocationEnabled(true);
+                    paramsBuilder.setRevocationEnabled(true);
                 }
-                List certs = builder.build(params).getCertPath().getCertificates();
+
+                PKIXExtendedBuilderParameters extParams = new PKIXExtendedBuilderParameters.Builder(paramsBuilder.build()).build();
+
+                List certs = builder.engineBuild(extParams).getCertPath().getCertificates();
                 validCerts.add(signingCert);
-                validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
+                validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0, helper));
             }
             catch (CertPathBuilderException e)
             {
-                throw new AnnotatedException("Internal error.", e);
+                throw new AnnotatedException("CertPath for CRL signer failed to validate.", e);
             }
             catch (CertPathValidatorException e)
             {
@@ -529,7 +546,7 @@ public class RFC3280CertPathUtilities
             }
             catch (Exception e)
             {
-                throw new RuntimeException(e.getMessage());
+                throw new AnnotatedException(e.getMessage());
             }
         }
 
@@ -616,7 +633,7 @@ public class RFC3280CertPathUtilities
 
     protected static Set processCRLA1i(
         Date currentDate,
-        ExtendedPKIXParameters paramsPKIX,
+        PKIXExtendedParameters paramsPKIX,
         X509Certificate cert,
         X509CRL crl)
         throws AnnotatedException
@@ -648,19 +665,24 @@ public class RFC3280CertPathUtilities
             }
             if (freshestCRL != null)
             {
+                List crlStores = new ArrayList();
+
+                crlStores.addAll(paramsPKIX.getCRLStores());
+
                 try
                 {
-                    CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(freshestCRL, paramsPKIX);
+                    crlStores.addAll(CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(freshestCRL, paramsPKIX.getNamedCRLStoreMap()));
                 }
                 catch (AnnotatedException e)
                 {
                     throw new AnnotatedException(
                         "No new delta CRL locations could be added from Freshest CRL extension.", e);
                 }
+
                 // get delta CRL(s)
                 try
                 {
-                    set.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl));
+                    set.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, crl, paramsPKIX.getCertStores(), crlStores));
                 }
                 catch (AnnotatedException e)
                 {
@@ -673,33 +695,41 @@ public class RFC3280CertPathUtilities
 
     protected static Set[] processCRLA1ii(
         Date currentDate,
-        ExtendedPKIXParameters paramsPKIX,
+        PKIXExtendedParameters paramsPKIX,
         X509Certificate cert,
         X509CRL crl)
         throws AnnotatedException
     {
         Set deltaSet = new HashSet();
-        X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
+        X509CRLSelector crlselect = new X509CRLSelector();
         crlselect.setCertificateChecking(cert);
 
         try
         {
-            crlselect.addIssuerName(crl.getIssuerX500Principal().getEncoded());
+            crlselect.addIssuerName(PrincipalUtils.getIssuerPrincipal(crl).getEncoded());
         }
         catch (IOException e)
         {
             throw new AnnotatedException("Cannot extract issuer from CRL." + e, e);
         }
 
-        crlselect.setCompleteCRLEnabled(true);
-        Set completeSet = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
+        PKIXCRLStoreSelector extSelect = new PKIXCRLStoreSelector.Builder(crlselect).setCompleteCRLEnabled(true).build();
+
+        Date validityDate = currentDate;
+
+        if (paramsPKIX.getDate() != null)
+        {
+            validityDate = paramsPKIX.getDate();
+        }
+
+        Set completeSet = CRL_UTIL.findCRLs(extSelect, validityDate, paramsPKIX.getCertStores(), paramsPKIX.getCRLStores());
 
         if (paramsPKIX.isUseDeltasEnabled())
         {
             // get delta CRL(s)
             try
             {
-                deltaSet.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl));
+                deltaSet.addAll(CertPathValidatorUtilities.getDeltaCRLs(validityDate, crl, paramsPKIX.getCertStores(), paramsPKIX.getCRLStores()));
             }
             catch (AnnotatedException e)
             {
@@ -725,7 +755,7 @@ public class RFC3280CertPathUtilities
     protected static void processCRLC(
         X509CRL deltaCRL,
         X509CRL completeCRL,
-        ExtendedPKIXParameters pkixParams)
+        PKIXExtendedParameters pkixParams)
         throws AnnotatedException
     {
         if (deltaCRL == null)
@@ -746,7 +776,7 @@ public class RFC3280CertPathUtilities
         if (pkixParams.isUseDeltasEnabled())
         {
             // (c) (1)
-            if (!deltaCRL.getIssuerX500Principal().equals(completeCRL.getIssuerX500Principal()))
+            if (!PrincipalUtils.getIssuerPrincipal(deltaCRL).equals(PrincipalUtils.getIssuerPrincipal(completeCRL)))
             {
                 throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.");
             }
@@ -833,7 +863,7 @@ public class RFC3280CertPathUtilities
         X509CRL deltacrl,
         Object cert,
         CertStatus certStatus,
-        ExtendedPKIXParameters pkixParams)
+        PKIXExtendedParameters pkixParams)
         throws AnnotatedException
     {
         if (pkixParams.isUseDeltasEnabled() && deltacrl != null)
@@ -891,8 +921,8 @@ public class RFC3280CertPathUtilities
             for (int j = 0; j < mappings.size(); j++)
             {
                 ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j);
-                String id_p = ((DERObjectIdentifier)mapping.getObjectAt(0)).getId();
-                String sd_p = ((DERObjectIdentifier)mapping.getObjectAt(1)).getId();
+                String id_p = ((ASN1ObjectIdentifier)mapping.getObjectAt(0)).getId();
+                String sd_p = ((ASN1ObjectIdentifier)mapping.getObjectAt(1)).getId();
                 Set tmp;
 
                 if (!m_idp.containsKey(id_p))
@@ -1070,14 +1100,14 @@ public class RFC3280CertPathUtilities
 
             for (int j = 0; j < mappings.size(); j++)
             {
-                DERObjectIdentifier issuerDomainPolicy = null;
-                DERObjectIdentifier subjectDomainPolicy = null;
+                ASN1ObjectIdentifier issuerDomainPolicy = null;
+                ASN1ObjectIdentifier subjectDomainPolicy = null;
                 try
                 {
                     ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
 
-                    issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
-                    subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
+                    issuerDomainPolicy = ASN1ObjectIdentifier.getInstance(mapping.getObjectAt(0));
+                    subjectDomainPolicy = ASN1ObjectIdentifier.getInstance(mapping.getObjectAt(1));
                 }
                 catch (Exception e)
                 {
@@ -1162,13 +1192,12 @@ public class RFC3280CertPathUtilities
         //
         if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n)))
         {
-            X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert);
-            ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded());
+            X500Name principal = PrincipalUtils.getSubjectPrincipal(cert);
             ASN1Sequence dns;
 
             try
             {
-                dns = DERSequence.getInstance(aIn.readObject());
+                dns = DERSequence.getInstance(principal.getEncoded());
             }
             catch (Exception e)
             {
@@ -1198,10 +1227,11 @@ public class RFC3280CertPathUtilities
                 throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e,
                     certPath, index);
             }
-            Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress);
-            for (Enumeration e = emails.elements(); e.hasMoreElements();)
+            RDN[] emails = X500Name.getInstance(dns).getRDNs(BCStyle.EmailAddress);
+            for (int eI = 0; eI != emails.length; eI++)
             {
-                String email = (String)e.nextElement();
+                // TODO: this should take into account multi-valued RDNs
+                String email = ((ASN1String)emails[eI].getFirst().getValue()).getString();
                 GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email);
                 try
                 {
@@ -1284,7 +1314,7 @@ public class RFC3280CertPathUtilities
             while (e.hasMoreElements())
             {
                 PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
-                DERObjectIdentifier pOid = pInfo.getPolicyIdentifier();
+                ASN1ObjectIdentifier pOid = pInfo.getPolicyIdentifier();
 
                 pols.add(pOid.getId());
 
@@ -1363,9 +1393,9 @@ public class RFC3280CertPathUtilities
                                 {
                                     _policy = (String)_tmp;
                                 }
-                                else if (_tmp instanceof DERObjectIdentifier)
+                                else if (_tmp instanceof ASN1ObjectIdentifier)
                                 {
-                                    _policy = ((DERObjectIdentifier)_tmp).getId();
+                                    _policy = ((ASN1ObjectIdentifier)_tmp).getId();
                                 }
                                 else
                                 {
@@ -1448,12 +1478,13 @@ public class RFC3280CertPathUtilities
 
     protected static void processCertA(
         CertPath certPath,
-        ExtendedPKIXParameters paramsPKIX,
+        PKIXExtendedParameters paramsPKIX,
         int index,
         PublicKey workingPublicKey,
         boolean verificationAlreadyPerformed,
-        X500Principal workingIssuerName,
-        X509Certificate sign)
+        X500Name workingIssuerName,
+        X509Certificate sign,
+        JcaJceHelper helper)
         throws ExtCertPathValidatorException
     {
         List certs = certPath.getCertificates();
@@ -1504,7 +1535,7 @@ public class RFC3280CertPathUtilities
             try
             {
                 checkCRLs(paramsPKIX, cert, CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX,
-                    certPath, index), sign, workingPublicKey, certs);
+                    certPath, index), sign, workingPublicKey, certs, helper);
             }
             catch (AnnotatedException e)
             {
@@ -1520,9 +1551,9 @@ public class RFC3280CertPathUtilities
         //
         // (a) (4) name chaining
         //
-        if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).equals(workingIssuerName))
+        if (!PrincipalUtils.getEncodedIssuerPrincipal(cert).equals(workingIssuerName))
         {
-            throw new ExtCertPathValidatorException("IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert)
+            throw new ExtCertPathValidatorException("IssuerName(" + PrincipalUtils.getEncodedIssuerPrincipal(cert)
                 + ") does not match SubjectName(" + workingIssuerName + ") of signing certificate.", null,
                 certPath, index);
         }
@@ -1565,7 +1596,7 @@ public class RFC3280CertPathUtilities
                     ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
                     if (constraint.getTagNo() == 0)
                     {
-                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
+                        tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue();
                         if (tmpInt < explicitPolicy)
                         {
                             return tmpInt;
@@ -1619,7 +1650,7 @@ public class RFC3280CertPathUtilities
                     ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
                     if (constraint.getTagNo() == 1)
                     {
-                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
+                        tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue();
                         if (tmpInt < policyMapping)
                         {
                             return tmpInt;
@@ -1723,14 +1754,15 @@ public class RFC3280CertPathUtilities
      */
     private static void checkCRL(
         DistributionPoint dp,
-        ExtendedPKIXParameters paramsPKIX,
+        PKIXExtendedParameters paramsPKIX,
         X509Certificate cert,
         Date validDate,
         X509Certificate defaultCRLSignCert,
         PublicKey defaultCRLSignKey,
         CertStatus certStatus,
         ReasonsMask reasonMask,
-        List certPathCerts)
+        List certPathCerts,
+        JcaJceHelper helper)
         throws AnnotatedException
     {
         Date currentDate = new Date(System.currentTimeMillis());
@@ -1774,16 +1806,23 @@ public class RFC3280CertPathUtilities
 
                 // (f)
                 Set keys = RFC3280CertPathUtilities.processCRLF(crl, cert, defaultCRLSignCert, defaultCRLSignKey,
-                    paramsPKIX, certPathCerts);
+                    paramsPKIX, certPathCerts, helper);
                 // (g)
                 PublicKey key = RFC3280CertPathUtilities.processCRLG(crl, keys);
 
                 X509CRL deltaCRL = null;
 
+                Date validityDate = currentDate;
+
+                if (paramsPKIX.getDate() != null)
+                {
+                    validityDate = paramsPKIX.getDate();
+                }
+
                 if (paramsPKIX.isUseDeltasEnabled())
                 {
                     // get delta CRLs
-                    Set deltaCRLs = CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl);
+                    Set deltaCRLs = CertPathValidatorUtilities.getDeltaCRLs(validityDate, crl, paramsPKIX.getCertStores(), paramsPKIX.getCRLStores());
                     // we only want one valid delta CRL
                     // (h)
                     deltaCRL = RFC3280CertPathUtilities.processCRLH(deltaCRLs, key);
@@ -1802,7 +1841,7 @@ public class RFC3280CertPathUtilities
                  * the CRL validity time
                  */
 
-                if (paramsPKIX.getValidityModel() != ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL)
+                if (paramsPKIX.getValidityModel() != PKIXExtendedParameters.CHAIN_VALIDITY_MODEL)
                 {
                     /*
                      * if a certificate has expired, but was revoked, it is not
@@ -1842,8 +1881,8 @@ public class RFC3280CertPathUtilities
                 if (criticalExtensions != null)
                 {
                     criticalExtensions = new HashSet(criticalExtensions);
-                    criticalExtensions.remove(X509Extensions.IssuingDistributionPoint.getId());
-                    criticalExtensions.remove(X509Extensions.DeltaCRLIndicator.getId());
+                    criticalExtensions.remove(Extension.issuingDistributionPoint.getId());
+                    criticalExtensions.remove(Extension.deltaCRLIndicator.getId());
 
                     if (!criticalExtensions.isEmpty())
                     {
@@ -1857,8 +1896,8 @@ public class RFC3280CertPathUtilities
                     if (criticalExtensions != null)
                     {
                         criticalExtensions = new HashSet(criticalExtensions);
-                        criticalExtensions.remove(X509Extensions.IssuingDistributionPoint.getId());
-                        criticalExtensions.remove(X509Extensions.DeltaCRLIndicator.getId());
+                        criticalExtensions.remove(Extension.issuingDistributionPoint.getId());
+                        criticalExtensions.remove(Extension.deltaCRLIndicator.getId());
                         if (!criticalExtensions.isEmpty())
                         {
                             throw new AnnotatedException("Delta CRL contains unsupported critical extension.");
@@ -1893,12 +1932,13 @@ public class RFC3280CertPathUtilities
      *                            or some error occurs.
      */
     protected static void checkCRLs(
-        ExtendedPKIXParameters paramsPKIX,
+        PKIXExtendedParameters paramsPKIX,
         X509Certificate cert,
         Date validDate,
         X509Certificate sign,
         PublicKey workingPublicKey,
-        List certPathCerts)
+        List certPathCerts,
+        JcaJceHelper helper)
         throws AnnotatedException
     {
         AnnotatedException lastException = null;
@@ -1912,9 +1952,15 @@ public class RFC3280CertPathUtilities
         {
             throw new AnnotatedException("CRL distribution point extension could not be read.", e);
         }
+
+        PKIXExtendedParameters.Builder paramsBldr = new PKIXExtendedParameters.Builder(paramsPKIX);
         try
         {
-            CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX);
+            List extras = CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX.getNamedCRLStoreMap());
+            for (Iterator it = extras.iterator(); it.hasNext();)
+            {
+                paramsBldr.addCRLStore((PKIXCRLStore)it.next());
+            }
         }
         catch (AnnotatedException e)
         {
@@ -1923,6 +1969,7 @@ public class RFC3280CertPathUtilities
         }
         CertStatus certStatus = new CertStatus();
         ReasonsMask reasonsMask = new ReasonsMask();
+        PKIXExtendedParameters finalParams = paramsBldr.build();
 
         boolean validCrlFound = false;
         // for each distribution point
@@ -1941,10 +1988,9 @@ public class RFC3280CertPathUtilities
             {
                 for (int i = 0; i < dps.length && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons(); i++)
                 {
-                    ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters)paramsPKIX.clone();
                     try
                     {
-                        checkCRL(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts);
+                        checkCRL(dps[i], finalParams, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts, helper);
                         validCrlFound = true;
                     }
                     catch (AnnotatedException e)
@@ -1973,7 +2019,7 @@ public class RFC3280CertPathUtilities
                 ASN1Primitive issuer = null;
                 try
                 {
-                    issuer = new ASN1InputStream(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded())
+                    issuer = new ASN1InputStream(PrincipalUtils.getEncodedIssuerPrincipal(cert).getEncoded())
                         .readObject();
                 }
                 catch (Exception e)
@@ -1982,9 +2028,9 @@ public class RFC3280CertPathUtilities
                 }
                 DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(
                     new GeneralName(GeneralName.directoryName, issuer))), null, null);
-                ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters)paramsPKIX.clone();
+                PKIXExtendedParameters paramsPKIXClone = (PKIXExtendedParameters)paramsPKIX.clone();
                 checkCRL(dp, paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask,
-                    certPathCerts);
+                    certPathCerts, helper);
                 validCrlFound = true;
             }
             catch (AnnotatedException e)
@@ -2004,7 +2050,9 @@ public class RFC3280CertPathUtilities
         }
         if (certStatus.getCertStatus() != CertStatus.UNREVOKED)
         {
-            String message = "Certificate revocation after " + certStatus.getRevocationDate();
+            SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z");
+            df.setTimeZone(TimeZone.getTimeZone("UTC"));
+            String message = "Certificate revocation after " + df.format(certStatus.getRevocationDate());
             message += ", reason: " + crlReasons[certStatus.getCertStatus()];
             throw new AnnotatedException(message);
         }
@@ -2029,10 +2077,10 @@ public class RFC3280CertPathUtilities
         //
         // (j)
         //
-        DERInteger iap = null;
+        ASN1Integer iap = null;
         try
         {
-            iap = DERInteger.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
+            iap = ASN1Integer.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
                 RFC3280CertPathUtilities.INHIBIT_ANY_POLICY));
         }
         catch (Exception e)
@@ -2335,7 +2383,7 @@ public class RFC3280CertPathUtilities
                     case 0:
                         try
                         {
-                            tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
+                            tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue();
                         }
                         catch (Exception e)
                         {
@@ -2387,7 +2435,7 @@ public class RFC3280CertPathUtilities
 
     protected static PKIXPolicyNode wrapupCertG(
         CertPath certPath,
-        ExtendedPKIXParameters paramsPKIX,
+        PKIXExtendedParameters paramsPKIX,
         Set userInitialPolicySet,
         int index,
         List[] policyNodes,
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java
index 19dbae1..b515306 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java
@@ -5,6 +5,7 @@ import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.Principal;
+import java.security.Provider;
 import java.security.PublicKey;
 import java.security.cert.CertPath;
 import java.security.cert.CertPathBuilder;
@@ -13,11 +14,14 @@ import java.security.cert.CertPathBuilderResult;
 import java.security.cert.CertPathValidator;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.CertPathValidatorResult;
+import java.security.cert.CertSelector;
 import java.security.cert.CertificateExpiredException;
 import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509CRL;
+import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -36,9 +40,13 @@ import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.GeneralNames;
 import org.bouncycastle.asn1.x509.TargetInformation;
 import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.jcajce.PKIXCRLStore;
+import org.bouncycastle.jcajce.PKIXCertStoreSelector;
+import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
 import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.ExtendedPKIXParameters;
+import org.bouncycastle.jcajce.PKIXExtendedParameters;
 import org.bouncycastle.x509.PKIXAttrCertChecker;
 import org.bouncycastle.x509.X509AttributeCertificate;
 import org.bouncycastle.x509.X509CertStoreSelector;
@@ -60,7 +68,7 @@ class RFC3281CertPathUtilities
 
     protected static void processAttrCert7(X509AttributeCertificate attrCert,
         CertPath certPath, CertPath holderCertPath,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
+        PKIXExtendedParameters pkixParams, Set attrCertCheckers) throws CertPathValidatorException
     {
         // TODO:
         // AA Controls
@@ -90,7 +98,7 @@ class RFC3281CertPathUtilities
             }
         }
         set.remove(TARGET_INFORMATION);
-        for (Iterator it = pkixParams.getAttrCertCheckers().iterator(); it
+        for (Iterator it = attrCertCheckers.iterator(); it
             .hasNext();)
         {
             ((PKIXAttrCertChecker) it.next()).check(attrCert, certPath,
@@ -120,8 +128,8 @@ class RFC3281CertPathUtilities
      *             status cannot be checked or some error occurs.
      */
     protected static void checkCRLs(X509AttributeCertificate attrCert,
-        ExtendedPKIXParameters paramsPKIX, X509Certificate issuerCert,
-        Date validDate, List certPathCerts) throws CertPathValidatorException
+        PKIXExtendedParameters paramsPKIX, X509Certificate issuerCert,
+        Date validDate, List certPathCerts, JcaJceHelper helper) throws CertPathValidatorException
     {
         if (paramsPKIX.isRevocationEnabled())
         {
@@ -140,11 +148,12 @@ class RFC3281CertPathUtilities
                         "CRL distribution point extension could not be read.",
                         e);
                 }
+
+                List crlStores = new ArrayList();
+
                 try
                 {
-                    CertPathValidatorUtilities
-                        .addAdditionalStoresFromCRLDistributionPoint(crldp,
-                            paramsPKIX);
+                    crlStores.addAll(CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX.getNamedCRLStoreMap()));
                 }
                 catch (AnnotatedException e)
                 {
@@ -152,6 +161,16 @@ class RFC3281CertPathUtilities
                         "No additional CRL locations could be decoded from CRL distribution point extension.",
                         e);
                 }
+
+                PKIXExtendedParameters.Builder bldr = new PKIXExtendedParameters.Builder(paramsPKIX);
+
+                for (Iterator it = crlStores.iterator(); it.hasNext(); )
+                {
+                    bldr.addCRLStore((PKIXCRLStore)crlStores);
+                }
+
+                paramsPKIX = bldr.build();
+
                 CertStatus certStatus = new CertStatus();
                 ReasonsMask reasonsMask = new ReasonsMask();
 
@@ -176,11 +195,12 @@ class RFC3281CertPathUtilities
                             && certStatus.getCertStatus() == CertStatus.UNREVOKED
                             && !reasonsMask.isAllReasons(); i++)
                         {
-                            ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX
-                                .clone();
+                            PKIXExtendedParameters paramsPKIXClone = (PKIXExtendedParameters)paramsPKIX
+                                    .clone();
+
                             checkCRL(dps[i], attrCert, paramsPKIXClone,
                                 validDate, issuerCert, certStatus, reasonsMask,
-                                certPathCerts);
+                                certPathCerts, helper);
                             validCrlFound = true;
                         }
                     }
@@ -226,10 +246,10 @@ class RFC3281CertPathUtilities
                             new DistributionPointName(0, new GeneralNames(
                                 new GeneralName(GeneralName.directoryName,
                                     issuer))), null, null);
-                        ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX
+                        PKIXExtendedParameters paramsPKIXClone = (PKIXExtendedParameters) paramsPKIX
                             .clone();
                         checkCRL(dp, attrCert, paramsPKIXClone, validDate,
-                            issuerCert, certStatus, reasonsMask, certPathCerts);
+                            issuerCert, certStatus, reasonsMask, certPathCerts, helper);
                         validCrlFound = true;
                     }
                     catch (AnnotatedException e)
@@ -278,10 +298,10 @@ class RFC3281CertPathUtilities
     }
 
     protected static void additionalChecks(X509AttributeCertificate attrCert,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
+        Set prohibitedACAttributes, Set necessaryACAttributes) throws CertPathValidatorException
     {
         // 1
-        for (Iterator it = pkixParams.getProhibitedACAttributes().iterator(); it
+        for (Iterator it = prohibitedACAttributes.iterator(); it
             .hasNext();)
         {
             String oid = (String) it.next();
@@ -292,7 +312,7 @@ class RFC3281CertPathUtilities
                         + oid + ".");
             }
         }
-        for (Iterator it = pkixParams.getNecessaryACAttributes().iterator(); it
+        for (Iterator it = necessaryACAttributes.iterator(); it
             .hasNext();)
         {
             String oid = (String) it.next();
@@ -306,7 +326,7 @@ class RFC3281CertPathUtilities
     }
 
     protected static void processAttrCert5(X509AttributeCertificate attrCert,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
+        PKIXExtendedParameters pkixParams) throws CertPathValidatorException
     {
         try
         {
@@ -326,9 +346,9 @@ class RFC3281CertPathUtilities
     }
 
     protected static void processAttrCert4(X509Certificate acIssuerCert,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
+        Set trustedACIssuers) throws CertPathValidatorException
     {
-        Set set = pkixParams.getTrustedACIssuers();
+        Set set = trustedACIssuers;
         boolean trusted = false;
         for (Iterator it = set.iterator(); it.hasNext();)
         {
@@ -348,7 +368,7 @@ class RFC3281CertPathUtilities
     }
 
     protected static void processAttrCert3(X509Certificate acIssuerCert,
-        ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
+        PKIXExtendedParameters pkixParams) throws CertPathValidatorException
     {
         if (acIssuerCert.getKeyUsage() != null
             && (!acIssuerCert.getKeyUsage()[0] && !acIssuerCert.getKeyUsage()[1]))
@@ -364,7 +384,7 @@ class RFC3281CertPathUtilities
     }
 
     protected static CertPathValidatorResult processAttrCert2(
-        CertPath certPath, ExtendedPKIXParameters pkixParams)
+        CertPath certPath, PKIXExtendedParameters pkixParams)
         throws CertPathValidatorException
     {
         CertPathValidator validator = null;
@@ -417,7 +437,7 @@ class RFC3281CertPathUtilities
      *             </ul>
      */
     protected static CertPath processAttrCert1(
-        X509AttributeCertificate attrCert, ExtendedPKIXParameters pkixParams)
+        X509AttributeCertificate attrCert, PKIXExtendedParameters pkixParams)
         throws CertPathValidatorException
     {
         CertPathBuilderResult result = null;
@@ -425,7 +445,7 @@ class RFC3281CertPathUtilities
         Set holderPKCs = new HashSet();
         if (attrCert.getHolder().getIssuer() != null)
         {
-            X509CertStoreSelector selector = new X509CertStoreSelector();
+            X509CertSelector selector = new X509CertSelector();
             selector.setSerialNumber(attrCert.getHolder().getSerialNumber());
             Principal[] principals = attrCert.getHolder().getIssuer();
             for (int i = 0; i < principals.length; i++)
@@ -438,7 +458,7 @@ class RFC3281CertPathUtilities
                             .getEncoded());
                     }
                     holderPKCs.addAll(CertPathValidatorUtilities
-                        .findCertificates(selector, pkixParams.getStores()));
+                        .findCertificates(new PKIXCertStoreSelector.Builder(selector).build(), pkixParams.getCertStores()));
                 }
                 catch (AnnotatedException e)
                 {
@@ -472,7 +492,7 @@ class RFC3281CertPathUtilities
                             .getEncoded());
                     }
                     holderPKCs.addAll(CertPathValidatorUtilities
-                        .findCertificates(selector, pkixParams.getStores()));
+                        .findCertificates(new PKIXCertStoreSelector.Builder(selector).build(), pkixParams.getCertStores()));
                 }
                 catch (AnnotatedException e)
                 {
@@ -493,14 +513,14 @@ class RFC3281CertPathUtilities
             }
         }
         // verify cert paths for PKCs
-        ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters
-            .getInstance(pkixParams);
+        PKIXExtendedParameters.Builder paramsBldr = new PKIXExtendedParameters.Builder(pkixParams);
+
         CertPathValidatorException lastException = null;
         for (Iterator it = holderPKCs.iterator(); it.hasNext();)
         {
             X509CertStoreSelector selector = new X509CertStoreSelector();
             selector.setCertificate((X509Certificate) it.next());
-            params.setTargetConstraints(selector);
+            paramsBldr.setTargetConstraints(new PKIXCertStoreSelector.Builder(selector).build());
             CertPathBuilder builder = null;
             try
             {
@@ -518,8 +538,7 @@ class RFC3281CertPathUtilities
             }
             try
             {
-                result = builder.build(ExtendedPKIXBuilderParameters
-                    .getInstance(params));
+                result = builder.build(new PKIXExtendedBuilderParameters.Builder(paramsBldr.build()).build());
             }
             catch (CertPathBuilderException e)
             {
@@ -558,9 +577,9 @@ class RFC3281CertPathUtilities
      *             cannot be checked or some error occurs.
      */
     private static void checkCRL(DistributionPoint dp,
-        X509AttributeCertificate attrCert, ExtendedPKIXParameters paramsPKIX,
+        X509AttributeCertificate attrCert, PKIXExtendedParameters paramsPKIX,
         Date validDate, X509Certificate issuerCert, CertStatus certStatus,
-        ReasonsMask reasonMask, List certPathCerts) throws AnnotatedException
+        ReasonsMask reasonMask, List certPathCerts, JcaJceHelper helper) throws AnnotatedException
     {
 
         /*
@@ -584,7 +603,7 @@ class RFC3281CertPathUtilities
         /*
          * We always get timely valid CRLs, so there is no step (a) (1).
          * "locally cached" CRLs are assumed to be in getStore(), additional
-         * CRLs must be enabled in the ExtendedPKIXParameters and are in
+         * CRLs must be enabled in the PKIXExtendedParameters and are in
          * getAdditionalStore()
          */
 
@@ -618,8 +637,7 @@ class RFC3281CertPathUtilities
                 }
 
                 // (f)
-                Set keys = RFC3280CertPathUtilities.processCRLF(crl, attrCert,
-                    null, null, paramsPKIX, certPathCerts);
+                Set keys = RFC3280CertPathUtilities.processCRLF(crl, attrCert, null, null, paramsPKIX, certPathCerts, helper);
                 // (g)
                 PublicKey key = RFC3280CertPathUtilities.processCRLG(crl, keys);
 
@@ -628,8 +646,7 @@ class RFC3281CertPathUtilities
                 if (paramsPKIX.isUseDeltasEnabled())
                 {
                     // get delta CRLs
-                    Set deltaCRLs = CertPathValidatorUtilities.getDeltaCRLs(
-                        currentDate, paramsPKIX, crl);
+                    Set deltaCRLs = CertPathValidatorUtilities.getDeltaCRLs(currentDate, crl, paramsPKIX.getCertStores(), paramsPKIX.getCRLStores());
                     // we only want one valid delta CRL
                     // (h)
                     deltaCRL = RFC3280CertPathUtilities.processCRLH(deltaCRLs,
@@ -649,7 +666,7 @@ class RFC3281CertPathUtilities
                  * the CRL vality time
                  */
 
-                if (paramsPKIX.getValidityModel() != ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL)
+                if (paramsPKIX.getValidityModel() != PKIXExtendedParameters.CHAIN_VALIDITY_MODEL)
                 {
                     /*
                      * if a certificate has expired, but was revoked, it is not
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java
index 847f32b..08f61c2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java
@@ -8,10 +8,10 @@ import java.util.Collection;
 import java.util.List;
 
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.SignedData;
 import org.bouncycastle.x509.X509AttributeCertificate;
@@ -36,7 +36,7 @@ public class X509AttrCertParser
         ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
 
         if (seq.size() > 1
-                && seq.getObjectAt(0) instanceof DERObjectIdentifier)
+                && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
         {
             if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
             {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
index b5b4f13..c9ee77c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
@@ -62,7 +62,7 @@ public class X509CRLObject
     private boolean isHashCodeSet = false;
     private int     hashCodeValue;
 
-    static boolean isIndirectCRL(X509CRL crl)
+    public static boolean isIndirectCRL(X509CRL crl)
         throws CRLException
     {
         try
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java
index 40f0a64..0d1eca7 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java
@@ -10,10 +10,10 @@ import java.util.Collection;
 import java.util.List;
 
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.SignedData;
 import org.bouncycastle.asn1.x509.CertificateList;
@@ -37,7 +37,7 @@ public class X509CRLParser
         ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
 
         if (seq.size() > 1
-                && seq.getObjectAt(0) instanceof DERObjectIdentifier)
+                && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
         {
             if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
             {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java
index a407ba8..0663735 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java
@@ -10,10 +10,10 @@ import java.util.Collection;
 import java.util.List;
 
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.SignedData;
 import org.bouncycastle.x509.X509StreamParserSpi;
@@ -36,7 +36,7 @@ public class X509CertParser
         ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
 
         if (seq.size() > 1
-                && seq.getObjectAt(0) instanceof DERObjectIdentifier)
+                && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
         {
             if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
             {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
index 3797607..f526994 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
@@ -45,7 +45,7 @@ import org.bouncycastle.jce.X509LDAPCertStoreParameters;
  * information of the subject (for all kind of certificates) or issuer (for
  * CRLs), respectively, if a X509CertSelector is given with that details. For
  * CRLs, CA certificates and cross certificates a coarse search is made only for
- * entries with that content to get more possibly matchign results.
+ * entries with that content to get more possibly matching results.
  */
 public class X509LDAPCertStoreSpi
     extends CertStoreSpi
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
index c9a1388..eb1e556 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
@@ -11,9 +11,9 @@ import java.security.spec.PSSParameterSpec;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Null;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -66,21 +66,21 @@ class X509SignatureUtil
         
         if (params != null && !derNull.equals(params))
         {
-            if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
+            if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
             {
                 RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
                 
-                return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1";
+                return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1";
             }
-            if (sigAlgId.getObjectId().equals(X9ObjectIdentifiers.ecdsa_with_SHA2))
+            if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2))
             {
                 ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params);
                 
-                return getDigestAlgName((DERObjectIdentifier)ecDsaParams.getObjectAt(0)) + "withECDSA";
+                return getDigestAlgName(ASN1ObjectIdentifier.getInstance(ecDsaParams.getObjectAt(0))) + "withECDSA";
             }
         }
 
-        return sigAlgId.getObjectId().getId();
+        return sigAlgId.getAlgorithm().getId();
     }
     
     /**
@@ -88,7 +88,7 @@ class X509SignatureUtil
      * representations rather the the algorithm identifier (if possible).
      */
     private static String getDigestAlgName(
-        DERObjectIdentifier digestAlgOID)
+        ASN1ObjectIdentifier digestAlgOID)
     {
         if (PKCSObjectIdentifiers.md5.equals(digestAlgOID))
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java
index e67c25b..2a6a2c3 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java
@@ -49,12 +49,12 @@ public class X509StoreCertPairCollection extends X509StoreSpi
     /**
      * Returns a colelction of certificate pairs which match the given
      * <code>selector</code>.
-     * <p/>
+     * <p>
      * The returned collection contains
      * {@link org.bouncycastle.x509.X509CertificatePair}s. The selector must be
      * a {@link org.bouncycastle.x509.X509CertPairStoreSelector} to select
      * certificate pairs.
-     *
+     * </p>
      * @return A collection with matching certificate pairs.
      */
     public Collection engineGetMatches(Selector selector)
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java
index 96baa12..245f305 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java
@@ -49,15 +49,15 @@ public class X509StoreLDAPAttrCerts extends X509StoreSpi
     /**
      * Returns a collection of matching attribute certificates from the LDAP
      * location.
-     * <p/>
+     * <p>
      * The selector must be a of type
      * <code>X509AttributeCertStoreSelector</code>. If it is not an empty
      * collection is returned.
-     * <p/>
-     * <p/>
+     * </p>
+     * <p>
      * The subject and the serial number should be reasonable criterias for a
      * selector.
-     *
+     * </p>
      * @param selector The selector to use for finding.
      * @return A collection with the matches.
      * @throws StoreException if an exception occurs while searching.
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java
index 5f4dfb4..8af4ade 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java
@@ -48,12 +48,12 @@ public class X509StoreLDAPCRLs extends X509StoreSpi
 
     /**
      * Returns a collection of matching CRLs from the LDAP location.
-     * <p/>
+     * <p>
      * The selector must be a of type <code>X509CRLStoreSelector</code>. If
      * it is not an empty collection is returned.
-     * <p/>
+     * </p><p>
      * The issuer should be a reasonable criteria for a selector.
-     *
+     * </p>
      * @param selector The selector to use for finding.
      * @return A collection with the matches.
      * @throws StoreException if an exception occurs while searching.
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java
index f5687d8..3d3036d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java
@@ -49,13 +49,13 @@ public class X509StoreLDAPCertPairs extends X509StoreSpi
     /**
      * Returns a collection of matching cross certificate pairs from the LDAP
      * location.
-     * <p/>
+     * <p>
      * The selector must be a of type <code>X509CertPairStoreSelector</code>.
      * If it is not an empty collection is returned.
-     * <p/>
-     * <p/>
+     * </p>
+     * <p>
      * The subject should be a reasonable criteria for a selector.
-     *
+     * </p>
      * @param selector The selector to use for finding.
      * @return A collection with the matches.
      * @throws StoreException if an exception occurs while searching.
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java
index dd811a1..c8463ef 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java
@@ -52,17 +52,17 @@ public class X509StoreLDAPCerts
 
     /**
      * Returns a collection of matching certificates from the LDAP location.
-     * <p/>
+     * <p>
      * The selector must be a of type <code>X509CertStoreSelector</code>. If
      * it is not an empty collection is returned.
-     * <p/>
+     * </p><p>
      * The implementation searches only for CA certificates, if the method
      * {@link java.security.cert.X509CertSelector#getBasicConstraints()} is
      * greater or equal to 0. If it is -2 only end certificates are searched.
-     * <p/>
+     * </p><p>
      * The subject and the serial number for end certificates should be
      * reasonable criterias for a selector.
-     *
+     * </p>
      * @param selector The selector to use for finding.
      * @return A collection with the matches.
      * @throws StoreException if an exception occurs while searching.
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AEADTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AEADTest.java
index d2f1405..7d89515 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AEADTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AEADTest.java
@@ -6,7 +6,9 @@ import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
 import java.security.Security;
+import java.security.spec.InvalidParameterSpecException;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -46,18 +48,62 @@ public class AEADTest extends SimpleTest
 
     public void performTest() throws Exception
     {
+        boolean aeadAvailable = false;
         try
         {
             this.getClass().getClassLoader().loadClass("javax.crypto.spec.GCMParameterSpec");
-
+            aeadAvailable = true;
+        }
+        catch (ClassNotFoundException e)
+        {
+        }
+        if (aeadAvailable)
+        {
             checkCipherWithAD(K2, N2, A2, P2, C2_short);
             testGCMParameterSpec(K2, N2, A2, P2, C2);
             testGCMParameterSpecWithRepeatKey(K2, N2, A2, P2, C2);
             testGCMGeneric(KGCM, NGCM, new byte[0], new byte[0], CGCM);
+            testGCMParameterSpecWithMultipleUpdates(K2, N2, A2, P2, C2);
         }
-        catch (ClassNotFoundException e)
+        else
+        {
+            System.err.println("GCM AEADTests disabled due to JDK");
+        }
+        testTampering(aeadAvailable);
+    }
+
+    private void testTampering(boolean aeadAvailable)
+        throws InvalidKeyException,
+        InvalidAlgorithmParameterException,
+        NoSuchAlgorithmException,
+        NoSuchProviderException,
+        NoSuchPaddingException,
+        IllegalBlockSizeException,
+        BadPaddingException
+    {
+        Cipher eax = Cipher.getInstance("AES/EAX/NoPadding", "BC");
+        final SecretKeySpec key = new SecretKeySpec(new byte[eax.getBlockSize()], eax.getAlgorithm());
+        final IvParameterSpec iv = new IvParameterSpec(new byte[eax.getBlockSize()]);
+
+        eax.init(Cipher.ENCRYPT_MODE, key, iv);
+        byte[] ciphertext = eax.doFinal(new byte[100]);
+        ciphertext[0] = (byte)(ciphertext[0] + 1);  // Tamper
+
+        try
         {
-            System.err.println("AEADTest disabled due to JDK");
+            eax.init(Cipher.DECRYPT_MODE, key, iv);
+            eax.doFinal(ciphertext);
+            fail("Tampered ciphertext should be invalid");
+        }
+        catch (BadPaddingException e)
+        {
+            if (aeadAvailable)
+            {
+                if (!e.getClass().getName().equals("javax.crypto.AEADBadTagException"))
+                {
+                    fail("Tampered AEAD ciphertext should fail with AEADBadTagException when available.");
+                }
+            }
         }
     }
 
@@ -140,6 +186,62 @@ public class AEADTest extends SimpleTest
         }
     }
 
+    private void testGCMParameterSpecWithMultipleUpdates(byte[] K,
+                                      byte[] N,
+                                      byte[] A,
+                                      byte[] P,
+                                      byte[] C)
+        throws Exception
+    {
+        Cipher eax = Cipher.getInstance("AES/EAX/NoPadding", "BC");
+        SecretKeySpec key = new SecretKeySpec(K, "AES");
+        SecureRandom random = new SecureRandom();
+
+        // GCMParameterSpec mapped to AEADParameters and overrides default MAC
+        // size
+        GCMParameterSpec spec = new GCMParameterSpec(128, N);
+
+        for (int i = 900; i != 1024; i++)
+        {
+            byte[] message = new byte[i];
+
+            random.nextBytes(message);
+
+            eax.init(Cipher.ENCRYPT_MODE, key, spec);
+
+            byte[] out = new byte[eax.getOutputSize(i)];
+
+            int offSet = 0;
+
+            int count;
+            for (count = 0; count < i / 21; count++)
+            {
+                offSet += eax.update(message, count * 21, 21, out, offSet);
+            }
+
+            offSet += eax.doFinal(message, count * 21, i - (count * 21), out, offSet);
+
+            byte[] dec = new byte[i];
+            int    len = offSet;
+
+            eax.init(Cipher.DECRYPT_MODE, key, spec);
+
+            offSet = 0;
+            for (count = 0; count < len / 10; count++)
+            {
+                offSet += eax.update(out, count * 10, 10, dec, offSet);
+            }
+
+            offSet += eax.doFinal(out, count * 10, len - (count * 10), dec, offSet);
+
+            if (!Arrays.areEqual(message, dec) || offSet != message.length)
+            {
+                fail("message mismatch");
+            }
+        }
+    }
+
+
     private void testGCMParameterSpecWithRepeatKey(byte[] K,
                                                    byte[] N,
                                                    byte[] A,
@@ -192,7 +294,7 @@ public class AEADTest extends SimpleTest
         throws InvalidKeyException,
         NoSuchAlgorithmException, NoSuchPaddingException,
         IllegalBlockSizeException, BadPaddingException,
-        InvalidAlgorithmParameterException, NoSuchProviderException, IOException
+        InvalidAlgorithmParameterException, NoSuchProviderException, IOException, InvalidParameterSpecException
     {
         Cipher eax = Cipher.getInstance("AES/GCM/NoPadding", "BC");
         SecretKeySpec key = new SecretKeySpec(K, "AES");
@@ -230,6 +332,18 @@ public class AEADTest extends SimpleTest
         {
             fail("parameters mismatch");
         }
+
+        GCMParameterSpec gcmSpec = algParams.getParameterSpec(GCMParameterSpec.class);
+
+        if (!Arrays.areEqual(gcmSpec.getIV(), gcmParameters.getNonce()) || gcmSpec.getTLen() != gcmParameters.getIcvLen() * 8)
+        {
+            fail("spec parameters mismatch");
+        }
+
+        if (!Arrays.areEqual(eax.getIV(), gcmParameters.getNonce()))
+        {
+            fail("iv mismatch");
+        }
     }
 
     public static void main(String[] args) throws Exception
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AESTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AESTest.java
index b9ea133..72a8a34 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AESTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AESTest.java
@@ -1,8 +1,11 @@
 package org.bouncycastle.jce.provider.test;
 
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.encoders.Hex;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.security.Key;
+import java.security.Security;
 
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
@@ -10,12 +13,11 @@ import javax.crypto.CipherOutputStream;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.DataInputStream;
-import java.io.IOException;
-import java.security.Key;
-import java.security.Security;
+
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.crypto.prng.FixedSecureRandom;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.util.encoders.Hex;
 
 /**
  * basic test class for the AES cipher vectors from FIPS-197
@@ -351,6 +353,19 @@ public class AESTest
         
         wrapTest(1, "AESWrap", kek1, in1, out1);
 
+        byte[]  kek2 = Hex.decode("000102030405060708090a0b0c0d0e0f");
+        byte[]  in2 = Hex.decode("00112233445566778899aabbccddeeff");
+        byte[]  out2 = Hex.decode("7c8798dfc802553b3f00bb4315e3a087322725c92398b9c112c74d0925c63b61");
+        String  rndData = "68d38e9635962288d4daa1df203e3e2a15adb2f1da8998b72ac24ab1c78cceac";
+
+        wrapTest(2, "AESRFC3211WRAP", kek2,  kek2, new FixedSecureRandom(Hex.decode(rndData + rndData)), in2, out2);
+
+        byte[] kek3 = Hex.decode("5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8");
+        byte[] in3 = Hex.decode("c37b7e6492584340bed12207808941155068f738");
+        byte[] out3 = Hex.decode("138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a");
+
+        wrapTest(3, "AESRFC5649WRAP", kek3, in3, out3);
+
         String[] oids = {
                 NISTObjectIdentifiers.id_aes128_ECB.getId(),
                 NISTObjectIdentifiers.id_aes128_CBC.getId(),
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AttrCertData.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AttrCertData.java
new file mode 100644
index 0000000..3e49657
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AttrCertData.java
@@ -0,0 +1,119 @@
+package org.bouncycastle.jce.provider.test;
+
+import java.math.BigInteger;
+import java.security.spec.RSAPrivateCrtKeySpec;
+
+import org.bouncycastle.util.encoders.Base64;
+
+public class AttrCertData
+{
+    private static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
+                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+                new BigInteger("11", 16),
+                new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
+                new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
+                new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
+                new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
+                new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
+                new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
+
+    public static byte[]  attrCert = Base64.decode(
+            "MIIHQDCCBqkCAQEwgZChgY2kgYowgYcxHDAaBgkqhkiG9w0BCQEWDW1sb3JjaEB2"
+          + "dC5lZHUxHjAcBgNVBAMTFU1hcmt1cyBMb3JjaCAobWxvcmNoKTEbMBkGA1UECxMS"
+          + "VmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAyMQswCQYDVQQKEwJ2"
+          + "dDELMAkGA1UEBhMCVVMwgYmkgYYwgYMxGzAZBgkqhkiG9w0BCQEWDHNzaGFoQHZ0"
+          + "LmVkdTEbMBkGA1UEAxMSU3VtaXQgU2hhaCAoc3NoYWgpMRswGQYDVQQLExJWaXJn"
+          + "aW5pYSBUZWNoIFVzZXIxEDAOBgNVBAsTB0NsYXNzIDExCzAJBgNVBAoTAnZ0MQsw"
+          + "CQYDVQQGEwJVUzANBgkqhkiG9w0BAQQFAAIBBTAiGA8yMDAzMDcxODE2MDgwMloY"
+          + "DzIwMDMwNzI1MTYwODAyWjCCBU0wggVJBgorBgEEAbRoCAEBMYIFORaCBTU8UnVs"
+          + "ZSBSdWxlSWQ9IkZpbGUtUHJpdmlsZWdlLVJ1bGUiIEVmZmVjdD0iUGVybWl0Ij4K"
+          + "IDxUYXJnZXQ+CiAgPFN1YmplY3RzPgogICA8U3ViamVjdD4KICAgIDxTdWJqZWN0"
+          + "TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5j"
+          + "dGlvbjpzdHJpbmctZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlw"
+          + "ZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIj4KICAg"
+          + "ICAgIENOPU1hcmt1cyBMb3JjaDwvQXR0cmlidXRlVmFsdWU+CiAgICAgPFN1Ympl"
+          + "Y3RBdHRyaWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFt"
+          + "ZXM6dGM6eGFjbWw6MS4wOnN1YmplY3Q6c3ViamVjdC1pZCIgRGF0YVR5cGU9Imh0"
+          + "dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI3N0cmluZyIgLz4gCiAgICA8"
+          + "L1N1YmplY3RNYXRjaD4KICAgPC9TdWJqZWN0PgogIDwvU3ViamVjdHM+CiAgPFJl"
+          + "c291cmNlcz4KICAgPFJlc291cmNlPgogICAgPFJlc291cmNlTWF0Y2ggTWF0Y2hJ"
+          + "ZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjpzdHJpbmct"
+          + "ZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlwZT0iaHR0cDovL3d3"
+          + "dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIj4KICAgICAgaHR0cDovL3p1"
+          + "bmkuY3MudnQuZWR1PC9BdHRyaWJ1dGVWYWx1ZT4KICAgICA8UmVzb3VyY2VBdHRy"
+          + "aWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6"
+          + "eGFjbWw6MS4wOnJlc291cmNlOnJlc291cmNlLWlkIiBEYXRhVHlwZT0iaHR0cDov"
+          + "L3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIiAvPiAKICAgIDwvUmVz"
+          + "b3VyY2VNYXRjaD4KICAgPC9SZXNvdXJjZT4KICA8L1Jlc291cmNlcz4KICA8QWN0"
+          + "aW9ucz4KICAgPEFjdGlvbj4KICAgIDxBY3Rpb25NYXRjaCBNYXRjaElkPSJ1cm46"
+          + "b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmZ1bmN0aW9uOnN0cmluZy1lcXVhbCI+"
+          + "CiAgICAgPEF0dHJpYnV0ZVZhbHVlIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9y"
+          + "Zy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciPgpEZWxlZ2F0ZSBBY2Nlc3MgICAgIDwv"
+          + "QXR0cmlidXRlVmFsdWU+CgkgIDxBY3Rpb25BdHRyaWJ1dGVEZXNpZ25hdG9yIEF0"
+          + "dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmFjdGlvbjph"
+          + "Y3Rpb24taWQiIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj"
+          + "aGVtYSNzdHJpbmciIC8+IAogICAgPC9BY3Rpb25NYXRjaD4KICAgPC9BY3Rpb24+"
+          + "CiAgPC9BY3Rpb25zPgogPC9UYXJnZXQ+CjwvUnVsZT4KMA0GCSqGSIb3DQEBBAUA"
+          + "A4GBAGiJSM48XsY90HlYxGmGVSmNR6ZW2As+bot3KAfiCIkUIOAqhcphBS23egTr"
+          + "6asYwy151HshbPNYz+Cgeqs45KkVzh7bL/0e1r8sDVIaaGIkjHK3CqBABnfSayr3"
+          + "Rd1yBoDdEv8Qb+3eEPH6ab9021AsLEnJ6LWTmybbOpMNZ3tv");
+
+    byte[]  signCert = Base64.decode(
+            "MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
+          + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
+          + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
+          + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
+          + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
+          + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
+          + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
+          + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
+          + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
+          + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
+          + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
+          + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
+          + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
+          + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
+          + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
+          + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
+          + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
+          + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
+          + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
+          + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
+          + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
+          + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
+          + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
+          + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
+          + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
+          + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
+          + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
+          + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
+          + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
+          + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
+          + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
+          + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
+          + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
+          + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
+          + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
+          + "3g==");
+
+    static byte[] certWithBaseCertificateID = Base64.decode(
+            "MIIBqzCCARQCAQEwSKBGMD6kPDA6MQswCQYDVQQGEwJJVDEOMAwGA1UEChMFVU5JVE4xDDAKBgNV"
+          + "BAsTA0RJVDENMAsGA1UEAxMEcm9vdAIEAVMVjqB6MHikdjB0MQswCQYDVQQGEwJBVTEoMCYGA1UE"
+          + "ChMfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECxMaQm91bmN5IFByaW1h"
+          + "cnkgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUJvdW5jeSBDYXN0bGUwDQYJKoZIhvcNAQEFBQACBQKW"
+          + "RhnHMCIYDzIwMDUxMjEyMTIwMDQyWhgPMjAwNTEyMTkxMjAxMzJaMA8wDQYDVRhIMQaBBGVWSVAw"
+          + "DQYJKoZIhvcNAQEFBQADgYEAUAVin9StDaA+InxtXq/av6rUQLI9p1X6louBcj4kYJnxRvTrHpsr"
+          + "N3+i9Uq/uk5lRdAqmPFvcmSbuE3TRAsjrXON5uFiBBKZ1AouLqcr8nHbwcdwjJ9TyUNO9I4hfpSH"
+          + "UHHXMtBKgp4MOkhhX8xTGyWg3hp23d3GaUeg/IYlXBI=");
+    
+    byte[] holderCertWithBaseCertificateID = Base64.decode(
+            "MIIBwDCCASmgAwIBAgIEAVMVjjANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJJVDEOMAwGA1UE"
+          + "ChMFVU5JVE4xDDAKBgNVBAsTA0RJVDENMAsGA1UEAxMEcm9vdDAeFw0wNTExMTExMjAxMzJaFw0w"
+          + "NjA2MTYxMjAxMzJaMD4xCzAJBgNVBAYTAklUMQ4wDAYDVQQKEwVVTklUTjEMMAoGA1UECxMDRElU"
+          + "MREwDwYDVQQDEwhMdWNhQm9yejBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr"
+          + "5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERoxUw"
+          + "EzARBglghkgBhvhCAQEEBAMCBDAwDQYJKoZIhvcNAQEFBQADgYEAsX50VPQQCWmHvPq9y9DeCpmS"
+          + "4szcpFAhpZyn6gYRwY9CRZVtmZKH8713XhkGDWcIEMcG0u3oTz3tdKgPU5uyIPrDEWr6w8ClUj4x"
+          + "5aVz5c2223+dVY7KES//JSB2bE/KCIchN3kAioQ4K8O3e0OL6oDVjsqKGw5bfahgKuSIk/Q=");
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AttrCertSelectorTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AttrCertSelectorTest.java
deleted file mode 100644
index cc556d4..0000000
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AttrCertSelectorTest.java
+++ /dev/null
@@ -1,241 +0,0 @@
-package org.bouncycastle.jce.provider.test;
-
-import java.io.ByteArrayInputStream;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.Security;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.util.Date;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.Target;
-import org.bouncycastle.asn1.x509.TargetInformation;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.test.SimpleTest;
-import org.bouncycastle.util.test.Test;
-import org.bouncycastle.util.test.TestResult;
-import org.bouncycastle.x509.AttributeCertificateHolder;
-import org.bouncycastle.x509.AttributeCertificateIssuer;
-import org.bouncycastle.x509.X509Attribute;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509V2AttributeCertificateGenerator;
-
-public class AttrCertSelectorTest
-    extends SimpleTest
-{
-
-    static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
-        new BigInteger(
-            "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
-            16),
-        new BigInteger("11", 16),
-        new BigInteger(
-            "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
-            16), new BigInteger(
-            "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
-            16), new BigInteger(
-            "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
-            16), new BigInteger(
-            "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
-            16), new BigInteger(
-            "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
-            16), new BigInteger(
-            "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
-            16));
-
-    static final byte[] holderCert = Base64
-        .decode("MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
-            + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
-            + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
-            + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
-            + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
-            + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
-            + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
-            + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
-            + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
-            + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
-            + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
-            + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
-            + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
-            + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
-            + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
-            + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
-            + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
-            + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
-            + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
-            + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
-            + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
-            + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
-            + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
-            + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
-            + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
-            + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
-            + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
-            + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
-            + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
-            + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
-            + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
-            + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
-            + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
-            + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
-            + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
-            + "3g==");
-
-    public String getName()
-    {
-        return "AttrCertSelector";
-    }
-
-    private X509AttributeCertificate createAttrCert() throws Exception
-    {
-        CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
-        X509Certificate iCert = (X509Certificate) fact
-            .generateCertificate(new ByteArrayInputStream(holderCert));
-
-        //
-        // a sample key pair.
-        //
-        // RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-        // new BigInteger(
-        // "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
-        // 16), new BigInteger("11", 16));
-
-        //
-        // set up the keys
-        //
-        PrivateKey privKey;
-
-        KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
-
-        privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
-
-        X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
-
-        // the actual attributes
-        GeneralName roleName = new GeneralName(GeneralName.rfc822Name,
-            "DAU123456789@test.com");
-        ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
-        roleSyntax.add(roleName);
-
-        // roleSyntax OID: 2.5.24.72
-        X509Attribute attributes = new X509Attribute("2.5.24.72",
-            new DERSequence(roleSyntax));
-
-        gen.addAttribute(attributes);
-        gen.setHolder(new AttributeCertificateHolder(PrincipalUtil.getSubjectX509Principal(iCert)));
-        gen.setIssuer(new AttributeCertificateIssuer(new X509Principal(
-            "cn=test")));
-        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        gen.setSerialNumber(BigInteger.valueOf(1));
-        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        Target targetName = new Target(Target.targetName, new GeneralName(GeneralName.dNSName,
-            "www.test.com"));
-
-        Target targetGroup = new Target(Target.targetGroup, new GeneralName(
-            GeneralName.directoryName, "o=Test, ou=Test"));
-        Target[] targets = new Target[2];
-        targets[0] = targetName;
-        targets[1] = targetGroup;
-        TargetInformation targetInformation = new TargetInformation(targets);
-        gen.addExtension(X509Extensions.TargetInformation.getId(), true,
-            targetInformation);
-
-        return gen.generate(privKey, "BC");
-    }
-
-    public void testSelector() throws Exception
-    {
-        X509AttributeCertificate aCert = createAttrCert();
-        X509AttributeCertStoreSelector sel = new X509AttributeCertStoreSelector();
-        sel.setAttributeCert(aCert);
-        boolean match = sel.match(aCert);
-        if (!match)
-        {
-            fail("Selector does not match attribute certificate.");
-        }
-        sel.setAttributeCert(null);
-        match = sel.match(aCert);
-        if (!match)
-        {
-            fail("Selector does not match attribute certificate.");
-        }
-        sel.setHolder(aCert.getHolder());
-        match = sel.match(aCert);
-        if (!match)
-        {
-            fail("Selector does not match attribute certificate holder.");
-        }
-        sel.setHolder(null);
-        sel.setIssuer(aCert.getIssuer());
-        match = sel.match(aCert);
-        if (!match)
-        {
-            fail("Selector does not match attribute certificate issuer.");
-        }
-        sel.setIssuer(null);
-
-        CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
-        X509Certificate iCert = (X509Certificate) fact
-            .generateCertificate(new ByteArrayInputStream(holderCert));
-        match = aCert.getHolder().match(iCert);
-        if (!match)
-        {
-            fail("Issuer holder does not match signing certificate of attribute certificate.");
-        }
-
-        sel.setSerialNumber(aCert.getSerialNumber());
-        match = sel.match(aCert);
-        if (!match)
-        {
-            fail("Selector does not match attribute certificate serial number.");
-        }
-
-        sel.setAttributeCertificateValid(new Date());
-        match = sel.match(aCert);
-        if (!match)
-        {
-            fail("Selector does not match attribute certificate time.");
-        }
-
-        sel.addTargetName(new GeneralName(2, "www.test.com"));
-        match = sel.match(aCert);
-        if (!match)
-        {
-            fail("Selector does not match attribute certificate target name.");
-        }
-        sel.setTargetNames(null);
-        sel.addTargetGroup(new GeneralName(4, "o=Test, ou=Test"));
-        match = sel.match(aCert);
-        if (!match)
-        {
-            fail("Selector does not match attribute certificate target group.");
-        }
-        sel.setTargetGroups(null);
-    }
-
-    public void performTest() throws Exception
-    {
-        Security.addProvider(new BouncyCastleProvider());
-        testSelector();
-    }
-
-    public static void main(String[] args)
-    {
-        Test test = new AttrCertSelectorTest();
-        TestResult result = test.perform();
-        System.out.println(result);
-    }
-}
-
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AttrCertTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AttrCertTest.java
deleted file mode 100644
index 416ba49..0000000
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/AttrCertTest.java
+++ /dev/null
@@ -1,634 +0,0 @@
-package org.bouncycastle.jce.provider.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.cert.CertStore;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.X509Certificate;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1String;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.test.SimpleTest;
-import org.bouncycastle.x509.AttributeCertificateHolder;
-import org.bouncycastle.x509.AttributeCertificateIssuer;
-import org.bouncycastle.x509.X509Attribute;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
-import org.bouncycastle.x509.X509V2AttributeCertificateGenerator;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-public class AttrCertTest
-    extends SimpleTest
-{
-    private static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
-                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-                new BigInteger("11", 16),
-                new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
-                new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
-                new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
-                new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
-                new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
-                new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
-    public static byte[]  attrCert = Base64.decode(
-            "MIIHQDCCBqkCAQEwgZChgY2kgYowgYcxHDAaBgkqhkiG9w0BCQEWDW1sb3JjaEB2"
-          + "dC5lZHUxHjAcBgNVBAMTFU1hcmt1cyBMb3JjaCAobWxvcmNoKTEbMBkGA1UECxMS"
-          + "VmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAyMQswCQYDVQQKEwJ2"
-          + "dDELMAkGA1UEBhMCVVMwgYmkgYYwgYMxGzAZBgkqhkiG9w0BCQEWDHNzaGFoQHZ0"
-          + "LmVkdTEbMBkGA1UEAxMSU3VtaXQgU2hhaCAoc3NoYWgpMRswGQYDVQQLExJWaXJn"
-          + "aW5pYSBUZWNoIFVzZXIxEDAOBgNVBAsTB0NsYXNzIDExCzAJBgNVBAoTAnZ0MQsw"
-          + "CQYDVQQGEwJVUzANBgkqhkiG9w0BAQQFAAIBBTAiGA8yMDAzMDcxODE2MDgwMloY"
-          + "DzIwMDMwNzI1MTYwODAyWjCCBU0wggVJBgorBgEEAbRoCAEBMYIFORaCBTU8UnVs"
-          + "ZSBSdWxlSWQ9IkZpbGUtUHJpdmlsZWdlLVJ1bGUiIEVmZmVjdD0iUGVybWl0Ij4K"
-          + "IDxUYXJnZXQ+CiAgPFN1YmplY3RzPgogICA8U3ViamVjdD4KICAgIDxTdWJqZWN0"
-          + "TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5j"
-          + "dGlvbjpzdHJpbmctZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlw"
-          + "ZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIj4KICAg"
-          + "ICAgIENOPU1hcmt1cyBMb3JjaDwvQXR0cmlidXRlVmFsdWU+CiAgICAgPFN1Ympl"
-          + "Y3RBdHRyaWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFt"
-          + "ZXM6dGM6eGFjbWw6MS4wOnN1YmplY3Q6c3ViamVjdC1pZCIgRGF0YVR5cGU9Imh0"
-          + "dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI3N0cmluZyIgLz4gCiAgICA8"
-          + "L1N1YmplY3RNYXRjaD4KICAgPC9TdWJqZWN0PgogIDwvU3ViamVjdHM+CiAgPFJl"
-          + "c291cmNlcz4KICAgPFJlc291cmNlPgogICAgPFJlc291cmNlTWF0Y2ggTWF0Y2hJ"
-          + "ZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjpzdHJpbmct"
-          + "ZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlwZT0iaHR0cDovL3d3"
-          + "dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIj4KICAgICAgaHR0cDovL3p1"
-          + "bmkuY3MudnQuZWR1PC9BdHRyaWJ1dGVWYWx1ZT4KICAgICA8UmVzb3VyY2VBdHRy"
-          + "aWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6"
-          + "eGFjbWw6MS4wOnJlc291cmNlOnJlc291cmNlLWlkIiBEYXRhVHlwZT0iaHR0cDov"
-          + "L3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIiAvPiAKICAgIDwvUmVz"
-          + "b3VyY2VNYXRjaD4KICAgPC9SZXNvdXJjZT4KICA8L1Jlc291cmNlcz4KICA8QWN0"
-          + "aW9ucz4KICAgPEFjdGlvbj4KICAgIDxBY3Rpb25NYXRjaCBNYXRjaElkPSJ1cm46"
-          + "b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmZ1bmN0aW9uOnN0cmluZy1lcXVhbCI+"
-          + "CiAgICAgPEF0dHJpYnV0ZVZhbHVlIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9y"
-          + "Zy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciPgpEZWxlZ2F0ZSBBY2Nlc3MgICAgIDwv"
-          + "QXR0cmlidXRlVmFsdWU+CgkgIDxBY3Rpb25BdHRyaWJ1dGVEZXNpZ25hdG9yIEF0"
-          + "dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmFjdGlvbjph"
-          + "Y3Rpb24taWQiIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj"
-          + "aGVtYSNzdHJpbmciIC8+IAogICAgPC9BY3Rpb25NYXRjaD4KICAgPC9BY3Rpb24+"
-          + "CiAgPC9BY3Rpb25zPgogPC9UYXJnZXQ+CjwvUnVsZT4KMA0GCSqGSIb3DQEBBAUA"
-          + "A4GBAGiJSM48XsY90HlYxGmGVSmNR6ZW2As+bot3KAfiCIkUIOAqhcphBS23egTr"
-          + "6asYwy151HshbPNYz+Cgeqs45KkVzh7bL/0e1r8sDVIaaGIkjHK3CqBABnfSayr3"
-          + "Rd1yBoDdEv8Qb+3eEPH6ab9021AsLEnJ6LWTmybbOpMNZ3tv");
-
-    byte[]  signCert = Base64.decode(
-            "MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
-          + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
-          + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
-          + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
-          + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
-          + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
-          + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
-          + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
-          + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
-          + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
-          + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
-          + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
-          + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
-          + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
-          + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
-          + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
-          + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
-          + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
-          + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
-          + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
-          + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
-          + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
-          + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
-          + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
-          + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
-          + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
-          + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
-          + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
-          + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
-          + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
-          + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
-          + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
-          + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
-          + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
-          + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
-          + "3g==");
-
-    static byte[] certWithBaseCertificateID = Base64.decode(
-            "MIIBqzCCARQCAQEwSKBGMD6kPDA6MQswCQYDVQQGEwJJVDEOMAwGA1UEChMFVU5JVE4xDDAKBgNV"
-          + "BAsTA0RJVDENMAsGA1UEAxMEcm9vdAIEAVMVjqB6MHikdjB0MQswCQYDVQQGEwJBVTEoMCYGA1UE"
-          + "ChMfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECxMaQm91bmN5IFByaW1h"
-          + "cnkgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUJvdW5jeSBDYXN0bGUwDQYJKoZIhvcNAQEFBQACBQKW"
-          + "RhnHMCIYDzIwMDUxMjEyMTIwMDQyWhgPMjAwNTEyMTkxMjAxMzJaMA8wDQYDVRhIMQaBBGVWSVAw"
-          + "DQYJKoZIhvcNAQEFBQADgYEAUAVin9StDaA+InxtXq/av6rUQLI9p1X6louBcj4kYJnxRvTrHpsr"
-          + "N3+i9Uq/uk5lRdAqmPFvcmSbuE3TRAsjrXON5uFiBBKZ1AouLqcr8nHbwcdwjJ9TyUNO9I4hfpSH"
-          + "UHHXMtBKgp4MOkhhX8xTGyWg3hp23d3GaUeg/IYlXBI=");
-    
-    byte[] holderCertWithBaseCertificateID = Base64.decode(
-            "MIIBwDCCASmgAwIBAgIEAVMVjjANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJJVDEOMAwGA1UE"
-          + "ChMFVU5JVE4xDDAKBgNVBAsTA0RJVDENMAsGA1UEAxMEcm9vdDAeFw0wNTExMTExMjAxMzJaFw0w"
-          + "NjA2MTYxMjAxMzJaMD4xCzAJBgNVBAYTAklUMQ4wDAYDVQQKEwVVTklUTjEMMAoGA1UECxMDRElU"
-          + "MREwDwYDVQQDEwhMdWNhQm9yejBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr"
-          + "5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERoxUw"
-          + "EzARBglghkgBhvhCAQEEBAMCBDAwDQYJKoZIhvcNAQEFBQADgYEAsX50VPQQCWmHvPq9y9DeCpmS"
-          + "4szcpFAhpZyn6gYRwY9CRZVtmZKH8713XhkGDWcIEMcG0u3oTz3tdKgPU5uyIPrDEWr6w8ClUj4x"
-          + "5aVz5c2223+dVY7KES//JSB2bE/KCIchN3kAioQ4K8O3e0OL6oDVjsqKGw5bfahgKuSIk/Q=");
-
-    
-    public String getName()
-    {
-        return "AttrCertTest";
-    }
-
-    private void testCertWithBaseCertificateID()
-        throws Exception
-    {
-        X509AttributeCertificate attrCert = new X509V2AttributeCertificate(certWithBaseCertificateID);
-        CertificateFactory       fact = CertificateFactory.getInstance("X.509", "BC");   
-        X509Certificate          cert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
-        
-        AttributeCertificateHolder holder = attrCert.getHolder();
-        
-        if (holder.getEntityNames() != null)
-        {
-            fail("entity names set when none expected");
-        }
-        
-        if (!holder.getSerialNumber().equals(cert.getSerialNumber()))
-        {
-            fail("holder serial number doesn't match");
-        }
-
-        if (!holder.getIssuer()[0].equals(cert.getIssuerX500Principal()))
-        {
-            fail("holder issuer doesn't match");
-        }
-        
-        if (!holder.match(cert))
-        {
-            fail("holder not matching holder certificate");
-        }
-
-        if (!holder.equals(holder.clone()))
-        {
-            fail("holder clone test failed");
-        }
-
-        if (!attrCert.getIssuer().equals(attrCert.getIssuer().clone()))
-        {
-            fail("issuer clone test failed");
-        }
-        
-        //equalityAndHashCodeTest(attrCert, certWithBaseCertificateID);
-    }
-
-    private void equalityAndHashCodeTest(X509AttributeCertificate attrCert, byte[] encoding)
-        throws IOException
-    {
-        if (!attrCert.equals(attrCert))
-        {
-            fail("same certificate not equal");
-        }
-
-        if (!attrCert.getHolder().equals(attrCert.getHolder()))
-        {
-            fail("same holder not equal");
-        }
-
-        if (!attrCert.getIssuer().equals(attrCert.getIssuer()))
-        {
-            fail("same issuer not equal");
-        }
-
-        if (attrCert.getHolder().equals(attrCert.getIssuer()))
-        {
-            fail("wrong holder equal");
-        }
-
-        if (attrCert.getIssuer().equals(attrCert.getHolder()))
-        {
-            fail("wrong issuer equal");
-        }
-
-        X509AttributeCertificate attrCert2 = new X509V2AttributeCertificate(encoding);
-
-        if (attrCert2.getHolder().hashCode() != attrCert.getHolder().hashCode())
-        {
-            fail("holder hashCode test failed");
-        }
-
-        if (!attrCert2.getHolder().equals(attrCert.getHolder()))
-        {
-            fail("holder equals test failed");
-        }
-
-        if (attrCert2.getIssuer().hashCode() != attrCert.getIssuer().hashCode())
-        {
-            fail("issuer hashCode test failed");
-        }
-
-        if (!attrCert2.getIssuer().equals(attrCert.getIssuer()))
-        {
-            fail("issuer equals test failed");
-        }
-    }
-
-    private void testGenerateWithCert()
-        throws Exception
-    {
-        CertificateFactory          fact = CertificateFactory.getInstance("X.509","BC");
-        X509Certificate             iCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));
-        
-        //
-        // a sample key pair.
-        //
-        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16));
-
-        //
-        // set up the keys
-        //
-        PrivateKey          privKey;
-        PublicKey           pubKey;
-
-        KeyFactory  kFact = KeyFactory.getInstance("RSA", "BC");
-
-        privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
-        pubKey = kFact.generatePublic(pubKeySpec);
-        
-        X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
-        
-        // the actual attributes
-        GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
-        ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
-        roleSyntax.add(roleName);
-
-        // roleSyntax OID: 2.5.24.72
-        X509Attribute attributes = new X509Attribute("2.5.24.72",
-                new DERSequence(roleSyntax));
-
-        gen.addAttribute(attributes);
-        gen.setHolder(new AttributeCertificateHolder(iCert));
-        gen.setIssuer(new AttributeCertificateIssuer(new X509Principal("cn=test")));
-        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        gen.setSerialNumber(BigInteger.ONE);
-        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-        
-        X509AttributeCertificate aCert = gen.generate(privKey, "BC");
-        
-        aCert.checkValidity();
-        
-        aCert.verify(pubKey, "BC");
-        
-        AttributeCertificateHolder holder = aCert.getHolder();
-        
-        if (holder.getEntityNames() != null)
-        {
-            fail("entity names set when none expected");
-        }
-        
-        if (!holder.getSerialNumber().equals(iCert.getSerialNumber()))
-        {
-            fail("holder serial number doesn't match");
-        }
-
-        if (!holder.getIssuer()[0].equals(iCert.getIssuerX500Principal()))
-        {
-            fail("holder issuer doesn't match");
-        }
-        
-        if (!holder.match(iCert))
-        {
-            fail("generated holder not matching holder certificate");
-        }
-        
-        X509Attribute[] attrs = aCert.getAttributes("2.5.24.72");
-        
-        if (attrs == null)
-        {
-            fail("attributes related to 2.5.24.72 not found");
-        }
-        
-        X509Attribute attr = attrs[0];
-        
-        if (!attr.getOID().equals("2.5.24.72"))
-        {
-            fail("attribute oid mismatch");
-        }
-        
-        ASN1Encodable[] values = attr.getValues();
-        
-        GeneralName role = GeneralNames.getInstance(values[0]).getNames()[0];
-        
-        if (role.getTagNo() != GeneralName.rfc822Name)
-        {
-            fail("wrong general name type found in role");
-        }
-        
-        if (!((ASN1String)role.getName()).getString().equals("DAU123456789"))
-        {
-            fail("wrong general name value found in role");
-        }
-        
-        X509Certificate             sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
-        
-        if (holder.match(sCert))
-        {
-            fail("generated holder matching wrong certificate");
-        }
-
-        equalityAndHashCodeTest(aCert, aCert.getEncoded());
-    }
-    
-    private void testGenerateWithPrincipal()
-        throws Exception
-    {
-        CertificateFactory          fact = CertificateFactory.getInstance("X.509","BC");
-        X509Certificate             iCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));
-        
-        //
-        // a sample key pair.
-        //
-        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16));
-    
-        //
-        // set up the keys
-        //
-        PrivateKey          privKey;
-        PublicKey           pubKey;
-    
-        KeyFactory  kFact = KeyFactory.getInstance("RSA", "BC");
-    
-        privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
-        pubKey = kFact.generatePublic(pubKeySpec);
-        
-        X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
-        
-        // the actual attributes
-        GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
-        ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
-        roleSyntax.add(roleName);
-    
-        // roleSyntax OID: 2.5.24.72
-        X509Attribute attributes = new X509Attribute("2.5.24.72",
-                new DERSequence(roleSyntax));
-    
-        gen.addAttribute(attributes);
-        gen.setHolder(new AttributeCertificateHolder(iCert.getSubjectX500Principal()));
-        gen.setIssuer(new AttributeCertificateIssuer(new X509Principal("cn=test")));
-        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        gen.setSerialNumber(BigInteger.ONE);
-        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-        
-        X509AttributeCertificate aCert = gen.generate(privKey, "BC");
-        
-        aCert.checkValidity();
-        
-        aCert.verify(pubKey, "BC");
-        
-        AttributeCertificateHolder holder = aCert.getHolder();
-        
-        if (holder.getEntityNames() == null)
-        {
-            fail("entity names not set when expected");
-        }
-        
-        if (holder.getSerialNumber() != null)
-        {
-            fail("holder serial number found when none expected");
-        }
-    
-        if (holder.getIssuer() != null)
-        {
-            fail("holder issuer found when none expected");
-        }
-        
-        if (!holder.match(iCert))
-        {
-            fail("generated holder not matching holder certificate");
-        }
-        
-        X509Certificate             sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
-        
-        if (holder.match(sCert))
-        {
-            fail("principal generated holder matching wrong certificate");
-        }
-
-        equalityAndHashCodeTest(aCert, aCert.getEncoded());
-    }
-    
-    public void performTest()
-        throws Exception
-    {
-        X509AttributeCertificate    aCert = new X509V2AttributeCertificate(attrCert);
-        CertificateFactory          fact = CertificateFactory.getInstance("X.509","BC");
-        X509Certificate             sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));
-        
-        aCert.verify(sCert.getPublicKey(), "BC");
-        
-        //
-        // search test
-        //
-        
-        List      list = new ArrayList();
-        
-        list.add(sCert);
-        
-        CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
-        CertStore store = CertStore.getInstance("Collection", ccsp);
-        
-        Collection certs = store.getCertificates(aCert.getIssuer());
-        if (certs.size() != 1 || !certs.contains(sCert))
-        {
-            fail("sCert not found by issuer");
-        }
-        
-        X509Attribute[] attrs = aCert.getAttributes("1.3.6.1.4.1.6760.8.1.1");
-        if (attrs == null || attrs.length != 1)
-        {
-            fail("attribute not found");
-        }
-
-        //
-        // reencode test
-        //
-        aCert = new X509V2AttributeCertificate(aCert.getEncoded());
-        
-        aCert.verify(sCert.getPublicKey(), "BC");
-        
-        X509AttributeCertificate saCert = new X509V2AttributeCertificate(new ByteArrayInputStream(aCert.getEncoded()));
-        
-        if (!aCert.getNotAfter().equals(saCert.getNotAfter()))
-        {
-            fail("failed date comparison");
-        }
-        
-        // base generator test
-        
-        //
-        // a sample key pair.
-        //
-        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec privKeySpec = RSA_PRIVATE_KEY_SPEC;
-
-        //
-        // set up the keys
-        //
-        PrivateKey          privKey;
-        PublicKey           pubKey;
-
-        KeyFactory  kFact = KeyFactory.getInstance("RSA", "BC");
-
-        privKey = kFact.generatePrivate(privKeySpec);
-        pubKey = kFact.generatePublic(pubKeySpec);
-        
-        X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
-        
-        gen.addAttribute(attrs[0]);
-        gen.setHolder(aCert.getHolder());
-        gen.setIssuer(aCert.getIssuer());
-        gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        gen.setSerialNumber(aCert.getSerialNumber());
-        gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-        
-        aCert = gen.generate(privKey, "BC");
-        
-        aCert.checkValidity();
-        
-        aCert.verify(pubKey, "BC");
-        
-        // as the issuer is the same this should still work (even though it is not
-        // technically correct
-        
-        certs = store.getCertificates(aCert.getIssuer());
-        if (certs.size() != 1 || !certs.contains(sCert))
-        {
-            fail("sCert not found by issuer");
-        }
-        
-        attrs = aCert.getAttributes("1.3.6.1.4.1.6760.8.1.1");
-        if (attrs == null || attrs.length != 1)
-        {
-            fail("attribute not found");
-        }
-        
-        //
-        // reencode test
-        //
-        aCert = new X509V2AttributeCertificate(aCert.getEncoded());
-        
-        aCert.verify(pubKey, "BC");
-        
-        AttributeCertificateIssuer  issuer = aCert.getIssuer();
-        
-        Principal[] principals = issuer.getPrincipals();
-        
-        //
-        // test holder
-        //
-        AttributeCertificateHolder holder = aCert.getHolder();
-        
-        if (holder.getEntityNames() == null)
-        {
-            fail("entity names not set");
-        }
-        
-        if (holder.getSerialNumber() != null)
-        {
-            fail("holder serial number set when none expected");
-        }
-
-        if (holder.getIssuer() != null)
-        {
-            fail("holder issuer set when none expected");
-        }
-        
-        principals = holder.getEntityNames();
-        
-        if (!principals[0].toString().equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), EMAILADDRESS=mlorch@vt.edu"))
-        {
-            fail("principal[0] for entity names don't match");
-        }
-
-        //
-        // extension test
-        //
-        
-        if (aCert.hasUnsupportedCriticalExtension())
-        {
-            fail("unsupported extensions found with no extensions");
-        }
-        
-        gen.addExtension("1.1", true, new DEROctetString(new byte[10]));
-        
-        gen.addExtension("2.2", false, new DEROctetString(new byte[20]));
-        
-        aCert = gen.generate(privKey, "BC");
-        
-        Set exts = aCert.getCriticalExtensionOIDs();
-        
-        if (exts.size() != 1 || !exts.contains("1.1"))
-        {
-            fail("critical extension test failed");
-        }
-
-        exts = aCert.getNonCriticalExtensionOIDs();
-        
-        if (exts.size() != 1 || !exts.contains("2.2"))
-        {
-            fail("non-critical extension test failed");
-        }
-        
-        if (!aCert.hasUnsupportedCriticalExtension())
-        {
-            fail("unsupported extensions not found");
-        }
-        
-        byte[]        extString = aCert.getExtensionValue("1.1");
-        ASN1Encodable extValue = X509ExtensionUtil.fromExtensionValue(extString);
-        
-        if (!extValue.equals(new DEROctetString(new byte[10])))
-        {
-            fail("wrong extension value found for 1.1");
-        }
-        
-        testCertWithBaseCertificateID();
-        testGenerateWithCert();
-        testGenerateWithPrincipal();
-    }
-
-    public static void main(
-        String[]    args)
-    {
-        Security.addProvider(new BouncyCastleProvider());
-
-        runTest(new AttrCertTest());
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/BaseBlockCipherTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/BaseBlockCipherTest.java
index ebc5600..379bd44 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/BaseBlockCipherTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/BaseBlockCipherTest.java
@@ -1,15 +1,17 @@
 package org.bouncycastle.jce.provider.test;
 
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.test.SimpleTest;
-import org.bouncycastle.util.test.TestFailedException;
+import java.security.Key;
+import java.security.SecureRandom;
 
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
-import java.security.Key;
+
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+import org.bouncycastle.util.test.TestFailedException;
 
 public abstract class BaseBlockCipherTest
     extends SimpleTest
@@ -104,9 +106,29 @@ public abstract class BaseBlockCipherTest
         byte[]  out)
         throws Exception
     {
+        wrapTest(id, wrappingAlgorithm, kek, null, null, in, out);
+    }
+
+    protected void wrapTest(
+        int     id,
+        String  wrappingAlgorithm,
+        byte[]  kek,
+        byte[] iv,
+        SecureRandom rand,
+        byte[]  in,
+        byte[]  out)
+        throws Exception
+    {
         Cipher wrapper = Cipher.getInstance(wrappingAlgorithm, "BC");
 
-        wrapper.init(Cipher.WRAP_MODE, new SecretKeySpec(kek, algorithm));
+        if (iv != null)
+        {
+            wrapper.init(Cipher.WRAP_MODE, new SecretKeySpec(kek, algorithm), new IvParameterSpec(iv), rand);
+        }
+        else
+        {
+            wrapper.init(Cipher.WRAP_MODE, new SecretKeySpec(kek, algorithm), rand);
+        }
 
         try
         {
@@ -125,7 +147,14 @@ public abstract class BaseBlockCipherTest
             fail("failed wrap test exception " + e.toString(), e);
         }
 
-        wrapper.init(Cipher.UNWRAP_MODE, new SecretKeySpec(kek, algorithm));
+        if (iv != null)
+        {
+            wrapper.init(Cipher.UNWRAP_MODE, new SecretKeySpec(kek, algorithm), new IvParameterSpec(iv));
+        }
+        else
+        {
+            wrapper.init(Cipher.UNWRAP_MODE, new SecretKeySpec(kek, algorithm));
+        }
 
         try
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertPathBuilderTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertPathBuilderTest.java
index 85f4fad..42f5878 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertPathBuilderTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertPathBuilderTest.java
@@ -16,7 +16,6 @@ import java.security.cert.X509CRL;
 import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
-import java.util.Calendar;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashSet;
@@ -49,8 +48,7 @@ public class CertPathBuilderTest
         list.add(interCrl);
         CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
         CertStore store = CertStore.getInstance("Collection", ccsp, "BC");
-        Calendar validDate = Calendar.getInstance();
-        validDate.set(2008,8,4,14,49,10);
+        Date validDate = new Date(rootCrl.getThisUpdate().getTime() + 60 * 60 * 1000);
 
             //Searching for rootCert by subjectDN without CRL
         Set trust = new HashSet();
@@ -61,7 +59,7 @@ public class CertPathBuilderTest
         targetConstraints.setSubject(finalCert.getSubjectX500Principal().getEncoded());
         PKIXBuilderParameters params = new PKIXBuilderParameters(trust, targetConstraints);
         params.addCertStore(store);
-        params.setDate(validDate.getTime());
+        params.setDate(validDate);
         PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) cpb.build(params);
         CertPath                  path = result.getCertPath();
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertPathValidatorTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertPathValidatorTest.java
index d1857b8..d4c2b42 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertPathValidatorTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertPathValidatorTest.java
@@ -21,8 +21,8 @@ import java.security.cert.X509CRL;
 import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
-import java.util.Calendar;
 import java.util.Collection;
+import java.util.Date;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -216,8 +216,7 @@ public class CertPathValidatorTest
         CertStoreParameters ccsp = new CollectionCertStoreParameters(list);
         CertStore store = CertStore.getInstance("Collection", ccsp);
 
-        Calendar validDate = Calendar.getInstance();
-        validDate.set(2010,0,8,2,21,10);
+        Date validDate = new Date(crl.getThisUpdate().getTime() + 60 * 60 * 1000);
 
             //validating path
         List certchain = new ArrayList();
@@ -237,11 +236,42 @@ public class CertPathValidatorTest
         param.setTargetCertConstraints(certSelector);
         param.addCertStore(store);
         param.setRevocationEnabled(true);
-        param.setDate(validDate.getTime());
+        param.setDate(validDate);
 
         PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult)cpv.validate(cp, param);
     }
 
+    private void checkPolicyProcessingAtDomainMatch()
+        throws Exception
+    {
+        CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
+
+        X509Certificate   root = (X509Certificate)cf.generateCertificate(this.getClass().getResourceAsStream("qvRooCa3.crt"));
+        X509Certificate   ca1 = (X509Certificate)cf.generateCertificate(this.getClass().getResourceAsStream("suvaRoot1.crt"));
+        X509Certificate   ca2 = (X509Certificate)cf.generateCertificate(this.getClass().getResourceAsStream("suvaEmail1.crt"));
+        X509Certificate   ee = (X509Certificate)cf.generateCertificate(this.getClass().getResourceAsStream("suvaEE.crt"));
+
+        List certchain = new ArrayList();
+        certchain.add(ee);
+        certchain.add(ca2);
+        certchain.add(ca1);
+
+        Set trust = new HashSet();
+        trust.add(new TrustAnchor(root, null));
+
+        CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
+        PKIXParameters param = new PKIXParameters(trust);
+        param.setRevocationEnabled(false);
+
+        CertPath cp = cf.generateCertPath(certchain);
+
+        MyChecker checker = new MyChecker();
+        param.addCertPathChecker(checker);
+
+        PKIXCertPathValidatorResult result =
+            (PKIXCertPathValidatorResult) cpv.validate(cp, param);
+    }
+
     public void performTest()
         throws Exception
     {
@@ -261,8 +291,7 @@ public class CertPathValidatorTest
         list.add(interCrl);
         CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
         CertStore store = CertStore.getInstance("Collection", ccsp, "BC");
-        Calendar validDate = Calendar.getInstance();
-        validDate.set(2008,8,4,14,49,10);
+        Date validDate = new Date(rootCrl.getThisUpdate().getTime() + 60 * 60 * 1000);
             //validating path
         List certchain = new ArrayList();
         certchain.add(finalCert);
@@ -274,7 +303,7 @@ public class CertPathValidatorTest
         CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
         PKIXParameters param = new PKIXParameters(trust);
         param.addCertStore(store);
-        param.setDate(validDate.getTime());
+        param.setDate(validDate);
         MyChecker checker = new MyChecker();
         param.addCertPathChecker(checker);
 
@@ -310,8 +339,7 @@ public class CertPathValidatorTest
 
             ccsp = new CollectionCertStoreParameters(list);
             store = CertStore.getInstance("Collection", ccsp);
-            validDate = Calendar.getInstance();
-            validDate.set(2004,2,21,2,21,10);
+            validDate = new Date(finalCert.getNotBefore().getTime() + 60 * 60 * 1000);
 
                 //validating path
             certchain = new ArrayList();
@@ -325,7 +353,7 @@ public class CertPathValidatorTest
             param = new PKIXParameters(trust);
             param.addCertStore(store);
             param.setRevocationEnabled(false);
-            param.setDate(validDate.getTime());
+            param.setDate(validDate);
 
             result =(PKIXCertPathValidatorResult) cpv.validate(cp, param);
             policyTree = result.getPolicyTree();
@@ -343,6 +371,7 @@ public class CertPathValidatorTest
         }
 
         checkCircProcessing();
+        checkPolicyProcessingAtDomainMatch();
     }
 
     public String getName()
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java
index 7977f1c..1ad59fa 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java
@@ -1,85 +1,39 @@
 package org.bouncycastle.jce.provider.test;
 
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
 import java.security.KeyFactory;
 import java.security.KeyPair;
-import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.SecureRandom;
 import java.security.Security;
-import java.security.Signature;
 import java.security.cert.CRL;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateParsingException;
 import java.security.cert.X509CRL;
-import java.security.cert.X509CRLEntry;
 import java.security.cert.X509Certificate;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.util.Collection;
-import java.util.Date;
-import java.util.Hashtable;
 import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.Vector;
 
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.DEREnumerated;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
 import org.bouncycastle.asn1.cms.ContentInfo;
 import org.bouncycastle.asn1.cms.SignedData;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.KeyPurposeId;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.X509KeyUsage;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.interfaces.ECPointEncoder;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.ECPrivateKeySpec;
-import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.io.Streams;
 import org.bouncycastle.util.test.SimpleTest;
-import org.bouncycastle.x509.X509V1CertificateGenerator;
-import org.bouncycastle.x509.X509V2CRLGenerator;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
+import org.bouncycastle.util.test.TestFailedException;
 
 public class CertTest
     extends SimpleTest
@@ -1255,7 +1209,8 @@ public class CertTest
 
     public void checkSelfSignedCertificate(
         int     id,
-        byte[]  bytes)
+        byte[]  bytes,
+        String  sigAlgName)
     {
         ByteArrayInputStream    bIn;
         String                  dump = "";
@@ -1271,588 +1226,23 @@ public class CertTest
             PublicKey    k = cert.getPublicKey();
 
             cert.verify(k);
-            // System.out.println(cert);
-        }
-        catch (Exception e)
-        {
-            fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e);
-        }
-
-    }
-
-    /**
-     * we generate a self signed certificate for the sake of testing - RSA
-     */
-    public void checkCreation1()
-        throws Exception
-    {
-        //
-        // a sample key pair.
-        //
-        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16),
-            new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
-            new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
-            new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
-            new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
-            new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
-            new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
-        //
-        // set up the keys
-        //
-        PrivateKey          privKey;
-        PublicKey           pubKey;
-
-        KeyFactory  fact = KeyFactory.getInstance("RSA", "BC");
-
-        privKey = fact.generatePrivate(privKeySpec);
-        pubKey = fact.generatePublic(pubKeySpec);
-
-        //
-        // distinguished name table.
-        //
-        Vector                      ord = new Vector();
-        Vector                      values = new Vector();
-
-        ord.addElement(X509Principal.C);
-        ord.addElement(X509Principal.O);
-        ord.addElement(X509Principal.L);
-        ord.addElement(X509Principal.ST);
-        ord.addElement(X509Principal.E);
-
-        values.addElement("AU");
-        values.addElement("The Legion of the Bouncy Castle");
-        values.addElement("Melbourne");
-        values.addElement("Victoria");
-        values.addElement("feedback-crypto@bouncycastle.org");
-
-        //
-        // extensions
-        //
-
-        //
-        // create the certificate - version 3 - without extensions
-        //
-        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();
-
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal(ord, values));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal(ord, values));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
-
-        X509Certificate cert = certGen.generate(privKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(pubKey);
-
-        Set dummySet = cert.getNonCriticalExtensionOIDs();
-        if (dummySet != null)
-        {
-            fail("non-critical oid set should be null");
-        }
-        dummySet = cert.getCriticalExtensionOIDs();
-        if (dummySet != null)
-        {
-            fail("critical oid set should be null");
-        }
-
-        //
-        // create the certificate - version 3 - with extensions
-        //
-        certGen = new X509V3CertificateGenerator();
-
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal(ord, values));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal(ord, values));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm("MD5WithRSAEncryption");
-        certGen.addExtension("2.5.29.15", true,
-            new X509KeyUsage(X509KeyUsage.encipherOnly));
-        certGen.addExtension("2.5.29.37", true,
-            new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
-        certGen.addExtension("2.5.29.17", true,
-            new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
-
-        cert = certGen.generate(privKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(pubKey);
-
-        ByteArrayInputStream   sbIn = new ByteArrayInputStream(cert.getEncoded());
-        ASN1InputStream        sdIn = new ASN1InputStream(sbIn);
-        ByteArrayInputStream   bIn = new ByteArrayInputStream(cert.getEncoded());
-        CertificateFactory     certFact = CertificateFactory.getInstance("X.509", "BC");
-
-        cert = (X509Certificate)certFact.generateCertificate(bIn);
-
-        if (!cert.getKeyUsage()[7])
-        {
-            fail("error generating cert - key usage wrong.");
-        }
-        
-        List l = cert.getExtendedKeyUsage();
-        if (!l.get(0).equals(KeyPurposeId.anyExtendedKeyUsage.getId()))
-        {
-            fail("failed extended key usage test");
-        }
-
-        Collection c = cert.getSubjectAlternativeNames();
-        Iterator   it = c.iterator();
-        while (it.hasNext())
-        {
-            List    gn = (List)it.next();
-            if (!gn.get(1).equals("test@test.test"))
+            if (sigAlgName != null && !sigAlgName.equals(((X509Certificate)cert).getSigAlgName()))
             {
-                fail("failed subject alternative names test");
+                fail("sigAlgName not matched on certificate: " + sigAlgName);
             }
-        }
-
-        // System.out.println(cert);
-
-        //
-        // create the certificate - version 1
-        //
-        X509V1CertificateGenerator  certGen1 = new X509V1CertificateGenerator();
-
-        certGen1.setSerialNumber(BigInteger.valueOf(1));
-        certGen1.setIssuerDN(new X509Principal(ord, values));
-        certGen1.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen1.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen1.setSubjectDN(new X509Principal(ord, values));
-        certGen1.setPublicKey(pubKey);
-        certGen1.setSignatureAlgorithm("MD5WithRSAEncryption");
-
-        cert = certGen1.generate(privKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(pubKey);
-
-        bIn = new ByteArrayInputStream(cert.getEncoded());
-        certFact = CertificateFactory.getInstance("X.509", "BC");
-
-        cert = (X509Certificate)certFact.generateCertificate(bIn);
-
-        // System.out.println(cert);
-        if (!cert.getIssuerDN().equals(cert.getSubjectDN()))
-        {
-            fail("name comparison fails");
-        }
-    }
-
-    /**
-     * we generate a self signed certificate for the sake of testing - DSA
-     */
-    public void checkCreation2()
-    {
-        //
-        // set up the keys
-        //
-        PrivateKey          privKey;
-        PublicKey           pubKey;
-
-        try
-        {
-            KeyPairGenerator    g = KeyPairGenerator.getInstance("DSA", "SUN");
-
-            g.initialize(512, new SecureRandom());
-
-            KeyPair p = g.generateKeyPair();
-
-            privKey = p.getPrivate();
-            pubKey = p.getPublic();
-        }
-        catch (Exception e)
-        {
-            fail("error setting up keys - " + e.toString());
-            return;
-        }
-
-        //
-        // distinguished name table.
-        //
-        Vector                      ord = new Vector();
-        Vector                      values = new Vector();
-
-        ord.addElement(X509Principal.C);
-        ord.addElement(X509Principal.O);
-        ord.addElement(X509Principal.L);
-        ord.addElement(X509Principal.ST);
-        ord.addElement(X509Principal.E);
-
-        values.addElement("AU");
-        values.addElement("The Legion of the Bouncy Castle");
-        values.addElement("Melbourne");
-        values.addElement("Victoria");
-        values.addElement("feedback-crypto@bouncycastle.org");
-
-        //
-        // extensions
-        //
-
-        //
-        // create the certificate - version 3
-        //
-        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();
-
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal(ord, values));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal(ord, values));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm("SHA1withDSA");
-
-        try
-        {
-            X509Certificate cert = certGen.generate(privKey);
-
-            cert.checkValidity(new Date());
-
-            cert.verify(pubKey);
-
-            ByteArrayInputStream    bIn = new ByteArrayInputStream(cert.getEncoded());
-            CertificateFactory      fact = CertificateFactory.getInstance("X.509", "BC");
-
-            cert = (X509Certificate)fact.generateCertificate(bIn);
 
             // System.out.println(cert);
         }
-        catch (Exception e)
-        {
-            fail("error setting generating cert - " + e.toString());
-        }
-
-        //
-        // create the certificate - version 1
-        //
-        X509V1CertificateGenerator  certGen1 = new X509V1CertificateGenerator();
-
-        certGen1.setSerialNumber(BigInteger.valueOf(1));
-        certGen1.setIssuerDN(new X509Principal(ord, values));
-        certGen1.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen1.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen1.setSubjectDN(new X509Principal(ord, values));
-        certGen1.setPublicKey(pubKey);
-        certGen1.setSignatureAlgorithm("SHA1withDSA");
-
-        try
-        {
-            X509Certificate cert = certGen1.generate(privKey);
-
-            cert.checkValidity(new Date());
-
-            cert.verify(pubKey);
-
-            ByteArrayInputStream    bIn = new ByteArrayInputStream(cert.getEncoded());
-            CertificateFactory      fact = CertificateFactory.getInstance("X.509", "BC");
-
-            cert = (X509Certificate)fact.generateCertificate(bIn);
-
-            //System.out.println(cert);
-        }
-        catch (Exception e)
-        {
-            fail("error setting generating cert - " + e.toString());
-        }
-        
-        //
-        // exception test
-        //
-        try
-        {
-            certGen.setPublicKey(dudPublicKey);
-            
-            fail("key without encoding not detected in v1");
-        }
-        catch (IllegalArgumentException e)
-        {
-            // expected
-        }
-    }
-
-    /**
-     * we generate a self signed certificate for the sake of testing - ECDSA
-     */
-    public void checkCreation3()
-    {
-        ECCurve curve = new ECCurve.Fp(
-            new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
-            new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
-            new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
-
-        ECParameterSpec spec = new ECParameterSpec(
-            curve,
-            curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
-            new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
-        
-
-        ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(
-            new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
-            spec);
-
-        ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(
-            curve.decodePoint(Hex.decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
-            spec);
-
-        //
-        // set up the keys
-        //
-        PrivateKey          privKey;
-        PublicKey           pubKey;
-
-        try
-        {
-            KeyFactory     fact = KeyFactory.getInstance("ECDSA", "BC");
-
-            privKey = fact.generatePrivate(privKeySpec);
-            pubKey = fact.generatePublic(pubKeySpec);
-        }
-        catch (Exception e)
-        {
-            fail("error setting up keys - " + e.toString());
-            return;
-        }
-
-        //
-        // distinguished name table.
-        //
-        Hashtable                   attrs = new Hashtable();
-        Vector                      order = new Vector();
-
-        attrs.put(X509Principal.C, "AU");
-        attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        attrs.put(X509Principal.L, "Melbourne");
-        attrs.put(X509Principal.ST, "Victoria");
-        attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
-
-        order.addElement(X509Principal.C);
-        order.addElement(X509Principal.O);
-        order.addElement(X509Principal.L);
-        order.addElement(X509Principal.ST);
-        order.addElement(X509Principal.E);
-
-
-        //
-        // toString test
-        //
-        X509Principal p = new X509Principal(order, attrs);
-        String  s = p.toString();
-
-        if (!s.equals("C=AU,O=The Legion of the Bouncy Castle,L=Melbourne,ST=Victoria,E=feedback-crypto@bouncycastle.org"))
+        catch (TestFailedException e)
         {
-            fail("ordered X509Principal test failed - s = " + s + ".");
-        }
-
-//        p = new X509Principal(attrs);
-//        s = p.toString();
-//
-//        //
-//        // we need two of these as the hash code for strings changed...
-//        //
-//        if (!s.equals("O=The Legion of the Bouncy Castle,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU") && !s.equals("ST=Victoria,L=Melbourne,C=AU,E=feedback-crypto@bouncycastle.org,O=The Legion of the Bouncy Castle"))
-//        {
-//            fail("unordered X509Principal test failed.");
-//        }
-
-        //
-        // create the certificate - version 3
-        //
-        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();
-
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal(order, attrs));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal(order, attrs));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm("SHA1withECDSA");
-
-        try
-        {
-            X509Certificate cert = certGen.generate(privKey);
-
-            cert.checkValidity(new Date());
-
-            cert.verify(pubKey);
-
-            ByteArrayInputStream    bIn = new ByteArrayInputStream(cert.getEncoded());
-            CertificateFactory      fact = CertificateFactory.getInstance("X.509", "BC");
-
-            cert = (X509Certificate)fact.generateCertificate(bIn);
-
-            //
-            // try with point compression turned off
-            //
-            ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED");
-            
-            certGen.setPublicKey(pubKey);
-            
-            cert = certGen.generate(privKey, "BC");
-
-            cert.checkValidity(new Date());
-
-            cert.verify(pubKey);
-
-            bIn = new ByteArrayInputStream(cert.getEncoded());
-            fact = CertificateFactory.getInstance("X.509", "BC");
-
-            cert = (X509Certificate)fact.generateCertificate(bIn);
-            // System.out.println(cert);
+            throw e;
         }
         catch (Exception e)
         {
-            fail("error setting generating cert - " + e.toString());
-        }
-
-        X509Principal pr = new X509Principal("O=\"The Bouncy Castle, The Legion of\",E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU");
-
-        if (!pr.toString().equals("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU"))
-        {
-            fail("string based X509Principal test failed.");
-        }
-
-        pr = new X509Principal("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU");
-
-        if (!pr.toString().equals("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU"))
-        {
-            fail("string based X509Principal test failed.");
+            fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e);
         }
 
     }
-
-    /**
-     * we generate a self signed certificate for the sake of testing - SHA224withECDSA
-     */
-    private void createECCert(String algorithm, DERObjectIdentifier algOid)
-        throws Exception
-    {
-        ECCurve.Fp curve = new ECCurve.Fp(
-            new BigInteger("6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151"), // q (or p)
-            new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 16),   // a
-            new BigInteger("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 16));  // b
-
-        ECParameterSpec spec = new ECParameterSpec(
-            curve,
-            curve.decodePoint(Hex.decode("0200C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")), // G
-            new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 16)); // n
-
-        ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(
-            new BigInteger("5769183828869504557786041598510887460263120754767955773309066354712783118202294874205844512909370791582896372147797293913785865682804434049019366394746072023"), // d
-            spec);
-
-        ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(
-            curve.decodePoint(Hex.decode("02006BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
-            spec);
-
-        //
-        // set up the keys
-        //
-        PrivateKey          privKey;
-        PublicKey           pubKey;
-
-        KeyFactory     fact = KeyFactory.getInstance("ECDSA", "BC");
-
-        privKey = fact.generatePrivate(privKeySpec);
-        pubKey = fact.generatePublic(pubKeySpec);
-
-
-        //
-        // distinguished name table.
-        //
-        Hashtable                   attrs = new Hashtable();
-        Vector                      order = new Vector();
-
-        attrs.put(X509Principal.C, "AU");
-        attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        attrs.put(X509Principal.L, "Melbourne");
-        attrs.put(X509Principal.ST, "Victoria");
-        attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
-
-        order.addElement(X509Principal.C);
-        order.addElement(X509Principal.O);
-        order.addElement(X509Principal.L);
-        order.addElement(X509Principal.ST);
-        order.addElement(X509Principal.E);
-
-        //
-        // create the certificate - version 3
-        //
-        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();
-
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal(order, attrs));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal(order, attrs));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm(algorithm);
-
-
-        X509Certificate cert = certGen.generate(privKey, "BC");
-
-        cert.checkValidity(new Date());
-
-        cert.verify(pubKey);
-
-        ByteArrayInputStream    bIn = new ByteArrayInputStream(cert.getEncoded());
-        CertificateFactory      certFact = CertificateFactory.getInstance("X.509", "BC");
-
-        cert = (X509Certificate)certFact.generateCertificate(bIn);
-
-        //
-        // try with point compression turned off
-        //
-        ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED");
-        
-        certGen.setPublicKey(pubKey);
-        
-        cert = certGen.generate(privKey, "BC");
-
-        cert.checkValidity(new Date());
-
-        cert.verify(pubKey);
-
-        bIn = new ByteArrayInputStream(cert.getEncoded());
-        certFact = CertificateFactory.getInstance("X.509", "BC");
-
-        cert = (X509Certificate)certFact.generateCertificate(bIn);
-        
-        if (!cert.getSigAlgOID().equals(algOid.toString()))
-        {
-            fail("ECDSA oid incorrect.");
-        }
-        
-        if (cert.getSigAlgParams() != null)
-        {
-            fail("sig parameters present");
-        }
-        
-        Signature sig = Signature.getInstance(algorithm, "BC");
-        
-        sig.initVerify(pubKey);
-        
-        sig.update(cert.getTBSCertificate());
-        
-        if (!sig.verify(cert.getSignature()))
-        {
-            fail("EC certificate signature not mapped correctly.");
-        }
-        // System.out.println(cert);
-    }
     
     private void checkCRL(
         int     id,
@@ -1878,527 +1268,6 @@ public class CertTest
 
     }
 
-    public void checkCRLCreation1()
-        throws Exception
-    {
-        KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-        X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
-        Date                 now = new Date();
-        KeyPair              pair = kpGen.generateKeyPair();
-        
-        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
-        
-        crlGen.setThisUpdate(now);
-        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
-        
-        crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
-        
-        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
-        
-        X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");
-        
-        if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
-        {
-            fail("failed CRL issuer test");
-        }
-        
-        byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
-        
-        if (authExt == null)
-        {
-            fail("failed to find CRL extension");
-        }
-        
-        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
-        
-        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
-        
-        if (entry == null)
-        {
-            fail("failed to find CRL entry");
-        }
-        
-        if (!entry.getSerialNumber().equals(BigInteger.ONE))
-        {
-            fail("CRL cert serial number does not match");
-        }
-        
-        if (!entry.hasExtensions())
-        {
-            fail("CRL entry extension not found");
-        }
-    
-        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
-    
-        if (ext != null)
-        {
-            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);
-                                                                       
-            if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
-            {
-                fail("CRL entry reasonCode wrong");
-            }
-        }
-        else
-        {
-            fail("CRL entry reasonCode not found");
-        }
-    }
-    
-    public void checkCRLCreation2()
-        throws Exception
-    {
-        KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-        X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
-        Date                 now = new Date();
-        KeyPair              pair = kpGen.generateKeyPair();
-        
-        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
-        
-        crlGen.setThisUpdate(now);
-        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
-        
-        Vector extOids = new Vector();
-        Vector extValues = new Vector();
-        
-        CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn);
-        
-        try
-        {
-            extOids.addElement(X509Extensions.ReasonCode);
-            extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded())));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("error encoding reason: " + e);
-        }
-        
-        X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
-        
-        crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
-        
-        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
-        
-        X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");
-        
-        if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
-        {
-            fail("failed CRL issuer test");
-        }
-        
-        byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
-        
-        if (authExt == null)
-        {
-            fail("failed to find CRL extension");
-        }
-        
-        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
-        
-        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
-        
-        if (entry == null)
-        {
-            fail("failed to find CRL entry");
-        }
-        
-        if (!entry.getSerialNumber().equals(BigInteger.ONE))
-        {
-            fail("CRL cert serial number does not match");
-        }
-        
-        if (!entry.hasExtensions())
-        {
-            fail("CRL entry extension not found");
-        }
-
-        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
-
-        if (ext != null)
-        {
-            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);
-                                                                       
-            if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
-            {
-                fail("CRL entry reasonCode wrong");
-            }
-        }
-        else
-        {
-            fail("CRL entry reasonCode not found");
-        }
-    }
-    
-    public void checkCRLCreation3()
-        throws Exception
-    {
-        KeyPairGenerator     kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-        X509V2CRLGenerator   crlGen = new X509V2CRLGenerator();
-        Date                 now = new Date();
-        KeyPair              pair = kpGen.generateKeyPair();
-        
-        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
-        
-        crlGen.setThisUpdate(now);
-        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
-        
-        Vector extOids = new Vector();
-        Vector extValues = new Vector();
-        
-        CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn);
-        
-        try
-        {
-            extOids.addElement(X509Extensions.ReasonCode);
-            extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded())));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("error encoding reason: " + e);
-        }
-        
-        X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
-        
-        crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
-        
-        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
-        
-        X509CRL    crl = crlGen.generate(pair.getPrivate(), "BC");
-        
-        if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
-        {
-            fail("failed CRL issuer test");
-        }
-        
-        byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
-        
-        if (authExt == null)
-        {
-            fail("failed to find CRL extension");
-        }
-        
-        AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
-        
-        X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
-        
-        if (entry == null)
-        {
-            fail("failed to find CRL entry");
-        }
-        
-        if (!entry.getSerialNumber().equals(BigInteger.ONE))
-        {
-            fail("CRL cert serial number does not match");
-        }
-        
-        if (!entry.hasExtensions())
-        {
-            fail("CRL entry extension not found");
-        }
-    
-        byte[]  ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
-    
-        if (ext != null)
-        {
-            DEREnumerated   reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext);
-                                                                       
-            if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
-            {
-                fail("CRL entry reasonCode wrong");
-            }
-        }
-        else
-        {
-            fail("CRL entry reasonCode not found");
-        }
-        
-        //
-        // check loading of existing CRL
-        //
-        crlGen = new X509V2CRLGenerator();
-        now = new Date();
-        
-        crlGen.setIssuerDN(new X500Principal("CN=Test CA"));
-        
-        crlGen.setThisUpdate(now);
-        crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-        crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
-        
-        crlGen.addCRL(crl);
-        
-        crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions);
-        
-        crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
-        
-        X509CRL    newCrl = crlGen.generate(pair.getPrivate(), "BC");
-        
-        int     count = 0;
-        boolean oneFound = false;
-        boolean twoFound = false;
-        
-        Iterator it = newCrl.getRevokedCertificates().iterator();
-        while (it.hasNext())
-        {
-            X509CRLEntry crlEnt = (X509CRLEntry)it.next();
-
-            if (crlEnt.getSerialNumber().intValue() == 1)
-            {
-                oneFound = true;
-            }
-            else if (crlEnt.getSerialNumber().intValue() == 2)
-            {
-                twoFound = true;
-            }
-            
-            count++;
-        }
-        
-        if (count != 2)
-        {
-            fail("wrong number of CRLs found");
-        }
-
-        if (!oneFound || !twoFound)
-        {
-            fail("wrong CRLs found in copied list");
-        }
-
-        //
-        // check factory read back
-        //
-        CertificateFactory cFact = CertificateFactory.getInstance("X.509", "BC");
-
-        X509CRL readCrl = (X509CRL)cFact.generateCRL(new ByteArrayInputStream(newCrl.getEncoded()));
-
-        if (readCrl == null)
-        {
-            fail("crl not returned!");
-        }
-
-        Collection col = cFact.generateCRLs(new ByteArrayInputStream(newCrl.getEncoded()));
-
-        if (col.size() != 1)
-        {
-            fail("wrong number of CRLs found in collection");
-        }
-    }
-    
-    /**
-     * we generate a self signed certificate for the sake of testing - GOST3410
-     */
-    public void checkCreation4()
-        throws Exception
-    {
-        //
-        // set up the keys
-        //
-        PrivateKey          privKey;
-        PublicKey           pubKey;
-
-        KeyPairGenerator    g = KeyPairGenerator.getInstance("GOST3410", "BC");
-        GOST3410ParameterSpec gost3410P = new GOST3410ParameterSpec("GostR3410-94-CryptoPro-A");
-
-        g.initialize(gost3410P, new SecureRandom());
-
-        KeyPair p = g.generateKeyPair();
-
-        privKey = p.getPrivate();
-        pubKey = p.getPublic();
-
-        //
-        // distinguished name table.
-        //
-        Hashtable                   attrs = new Hashtable();
-        Vector                      order = new Vector();
-
-        attrs.put(X509Principal.C, "AU");
-        attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        attrs.put(X509Principal.L, "Melbourne");
-        attrs.put(X509Principal.ST, "Victoria");
-        attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org");
-
-        order.addElement(X509Principal.C);
-        order.addElement(X509Principal.O);
-        order.addElement(X509Principal.L);
-        order.addElement(X509Principal.ST);
-        order.addElement(X509Principal.E);
-
-        //
-        // extensions
-        //
-
-        //
-        // create the certificate - version 3
-        //
-        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();
-
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal(order, attrs));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal(order, attrs));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm("GOST3411withGOST3410");
-
-        X509Certificate cert = certGen.generate(privKey, "BC");
-
-        cert.checkValidity(new Date());
-
-        //
-        // check verifies in general
-        //
-        cert.verify(pubKey);
-
-        //
-        // check verifies with contained key
-        //
-        cert.verify(cert.getPublicKey());
-        
-        ByteArrayInputStream    bIn = new ByteArrayInputStream(cert.getEncoded());
-        CertificateFactory      fact = CertificateFactory.getInstance("X.509", "BC");
-
-        cert = (X509Certificate)fact.generateCertificate(bIn);
-
-        //System.out.println(cert);
-
-        //check getEncoded()
-        byte[]  bytesch = cert.getEncoded();
-    }
-    
-    public void checkCreation5()
-        throws Exception
-    {
-        //
-        // a sample key pair.
-        //
-        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16));
-    
-        RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16),
-            new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
-            new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
-            new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
-            new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
-            new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
-            new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-    
-        //
-        // set up the keys
-        //
-        SecureRandom        rand = new SecureRandom();
-        PrivateKey          privKey;
-        PublicKey           pubKey;
-    
-        KeyFactory  fact = KeyFactory.getInstance("RSA", "BC");
-    
-        privKey = fact.generatePrivate(privKeySpec);
-        pubKey = fact.generatePublic(pubKeySpec);
-    
-        //
-        // distinguished name table.
-        //
-        Vector                      ord = new Vector();
-        Vector                      values = new Vector();
-    
-        ord.addElement(X509Principal.C);
-        ord.addElement(X509Principal.O);
-        ord.addElement(X509Principal.L);
-        ord.addElement(X509Principal.ST);
-        ord.addElement(X509Principal.E);
-    
-        values.addElement("AU");
-        values.addElement("The Legion of the Bouncy Castle");
-        values.addElement("Melbourne");
-        values.addElement("Victoria");
-        values.addElement("feedback-crypto@bouncycastle.org");
-    
-        //
-        // create base certificate - version 3
-        //
-        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();
-    
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal(ord, values));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal(ord, values));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm("MD5WithRSAEncryption");
-        certGen.addExtension("2.5.29.15", true,
-            new X509KeyUsage(X509KeyUsage.encipherOnly));
-        certGen.addExtension("2.5.29.37", true,
-            new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
-        certGen.addExtension("2.5.29.17", true,
-            new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
-    
-        X509Certificate baseCert = certGen.generate(privKey, "BC");
-        
-        //
-        // copy certificate
-        //
-        certGen = new X509V3CertificateGenerator();
-        
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal(ord, values));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal(ord, values));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm("MD5WithRSAEncryption");
-
-        certGen.copyAndAddExtension(new DERObjectIdentifier("2.5.29.15"), true, baseCert);
-        certGen.copyAndAddExtension("2.5.29.37", false, baseCert);
-        
-        X509Certificate cert = certGen.generate(privKey, "BC");
-        
-        cert.checkValidity(new Date());
-    
-        cert.verify(pubKey);
-    
-        if (!areEqual(baseCert.getExtensionValue("2.5.29.15"), cert.getExtensionValue("2.5.29.15")))
-        {
-            fail("2.5.29.15 differs");
-        }
-        
-        if (!areEqual(baseCert.getExtensionValue("2.5.29.37"), cert.getExtensionValue("2.5.29.37")))
-        {
-            fail("2.5.29.37 differs");
-        }
-        
-        //
-        // exception test
-        //
-        try
-        {
-            certGen.copyAndAddExtension("2.5.99.99", true, baseCert);
-            
-            fail("exception not thrown on dud extension copy");
-        }
-        catch (CertificateParsingException e)
-        {
-            // expected
-        }
-        
-        try
-        {
-            certGen.setPublicKey(dudPublicKey);
-            
-            certGen.generate(privKey, "BC");
-            
-            fail("key without encoding not detected in v3");
-        }
-        catch (IllegalArgumentException e)
-        {
-            // expected
-        }
-    }
-    
     private void testForgedSignature() 
         throws Exception
     {
@@ -2473,7 +1342,7 @@ public class CertTest
         ASN1EncodableVector certs = new ASN1EncodableVector();
 
         certs.add(new ASN1InputStream(CertPathTest.rootCertBin).readObject());
-        certs.add(new DERTaggedObject(false, 2, new ASN1InputStream(AttrCertTest.attrCert).readObject()));
+        certs.add(new DERTaggedObject(false, 2, new ASN1InputStream(AttrCertData.attrCert).readObject()));
 
         ASN1EncodableVector crls = new ASN1EncodableVector();
 
@@ -2494,6 +1363,12 @@ public class CertTest
         {
             fail("PKCS7 crl not read");
         }
+
+        if (!"SHA256WITHRSA".equals(crl.getSigAlgName()))
+        {
+            fail("signature ID not matched in CRL: " + crl.getSigAlgName());
+        }
+
         Collection col = cf.generateCertificates(new ByteArrayInputStream(info.getEncoded()));
         if (col.size() != 1 || !col.contains(cert))
         {
@@ -2557,90 +1432,6 @@ public class CertTest
         }
     }
 
-    private void createPSSCert(String algorithm)
-        throws Exception
-    {
-        KeyPair pair = generateLongFixedKeys();
-
-        PrivateKey privKey = pair.getPrivate();
-        PublicKey pubKey = pair.getPublic();
-
-        //
-        // distinguished name table.
-        //
-        Vector                      ord = new Vector();
-        Vector                      values = new Vector();
-
-        ord.addElement(X509Principal.C);
-        ord.addElement(X509Principal.O);
-        ord.addElement(X509Principal.L);
-        ord.addElement(X509Principal.ST);
-        ord.addElement(X509Principal.E);
-
-        values.addElement("AU");
-        values.addElement("The Legion of the Bouncy Castle");
-        values.addElement("Melbourne");
-        values.addElement("Victoria");
-        values.addElement("feedback-crypto@bouncycastle.org");
-
-        //
-        // create base certificate - version 3
-        //
-        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();
-
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal(ord, values));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal(ord, values));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm(algorithm);
-        certGen.addExtension("2.5.29.15", true,
-            new X509KeyUsage(X509KeyUsage.encipherOnly));
-        certGen.addExtension("2.5.29.37", true,
-            new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
-        certGen.addExtension(Extension.subjectAlternativeName.getId(), true,
-            new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
-        certGen.addExtension(Extension.issuerAlternativeName, false,
-            new GeneralNames(new GeneralName(GeneralName.directoryName, new X500Name("O=Test, OU=Testing, C=AU"))));
-
-        X509Certificate baseCert = certGen.generate(privKey, "BC");
-
-        Collection names = baseCert.getSubjectAlternativeNames();
-
-        if (names.size() != 1)
-        {
-            fail("subject alt names size incorrect");
-        }
-
-        List name = (List)names.iterator().next();
-        if(!name.get(0).equals(Integers.valueOf(GeneralName.rfc822Name)))
-        {
-            fail("subject alt name type incorrect");
-        }
-
-        names = baseCert.getIssuerAlternativeNames();
-
-        if (names.size() != 1)
-        {
-            fail("issuer alt names size incorrect");
-        }
-
-        name = (List)names.iterator().next();
-        if(!name.get(0).equals(Integers.valueOf(GeneralName.directoryName)))
-        {
-            fail("issuer alt name type incorrect");
-        }
-
-        // check IETF output (reverse of default BC)
-        if (!name.get(1).equals("c=AU,ou=Testing,o=Test"))
-        {
-            fail("issuer alt name dir string incorrect");
-        }
-
-        baseCert.verify(pubKey);
-    }
-
     private KeyPair generateLongFixedKeys()
         throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException
     {
@@ -2677,55 +1468,6 @@ public class CertTest
         x509.verify(x509.getPublicKey(), "BC");
     }
 
-    private void testNullDerNullCert()
-        throws Exception
-    {
-        KeyPair pair = generateLongFixedKeys();
-        PublicKey pubKey = pair.getPublic();
-        PrivateKey privKey = pair.getPrivate();
-
-        X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();
-
-        certGen.setSerialNumber(BigInteger.valueOf(1));
-        certGen.setIssuerDN(new X509Principal("CN=Test"));
-        certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-        certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-        certGen.setSubjectDN(new X509Principal("CN=Test"));
-        certGen.setPublicKey(pubKey);
-        certGen.setSignatureAlgorithm("MD5WithRSAEncryption");
-        X509Certificate cert = certGen.generate(privKey, "BC");
-
-        X509CertificateStructure struct = X509CertificateStructure.getInstance(ASN1Primitive.fromByteArray(cert.getEncoded()));
-
-        ASN1Encodable tbsCertificate = struct.getTBSCertificate();
-        AlgorithmIdentifier sig = struct.getSignatureAlgorithm();
-
-        ASN1EncodableVector v = new ASN1EncodableVector();
-
-        v.add(tbsCertificate);
-        v.add(new AlgorithmIdentifier(sig.getObjectId()));
-        v.add(struct.getSignature());
-
-        // verify
-        ByteArrayInputStream    bIn;
-        String                  dump = "";
-
-        try
-        {
-            bIn = new ByteArrayInputStream(new DERSequence(v).getEncoded());
-
-            CertificateFactory  fact = CertificateFactory.getInstance("X.509", "BC");
-
-            cert = (X509Certificate)fact.generateCertificate(bIn);
-
-            cert.verify(cert.getPublicKey());
-        }
-        catch (Exception e)
-        {
-            fail(dump + System.getProperty("line.separator") + getName() + ": testNullDerNull failed - exception " + e.toString(), e);
-        }
-    }
-
     private void checkComparison(byte[] encCert)
         throws NoSuchProviderException, CertificateException
     {
@@ -2740,10 +1482,11 @@ public class CertTest
             fail("BC/Sun equals test failed");
         }
 
-        if (bcCert.hashCode() != sunCert.hashCode())
-        {
-            fail("BC/Sun hashCode test failed");
-        }
+        // Yes, they actually changed hashCode() on a certificate in JDK 1.8...
+//        if (bcCert.hashCode() != sunCert.hashCode())
+//        {
+//            fail("BC/Sun hashCode test failed");
+//        }
     }
 
     private void testV1CRL()
@@ -2762,7 +1505,6 @@ public class CertTest
 
         jceCRL.verify(jceIssuer.getPublicKey());
 
-
         // verify CRL with BC provider
         CertificateFactory bcFac = CertificateFactory.getInstance("X.509", "BC");
 
@@ -2774,6 +1516,16 @@ public class CertTest
         jceCRL.verify(bcIssuer.getPublicKey());
 
         bcCRL.verify(bcIssuer.getPublicKey());
+
+        if (!"SHA1WITHRSA".equals(bcCRL.getSigAlgName()))
+        {
+            fail("signature ID not matched in CRL");
+        }
+
+        if (!"SHA1WITHRSA".equals(bcIssuer.getSigAlgName()))
+        {
+            fail("signature ID not matched in certificate");
+        }
     }
 
     private void testCertPathEncAvailableTest()
@@ -2818,24 +1570,24 @@ public class CertTest
         checkComparison(cert1);
 
         checkKeyUsage(8, keyUsage);
-        checkSelfSignedCertificate(9, uncompressedPtEC);
+        checkSelfSignedCertificate(9, uncompressedPtEC, "ECDSA");
         checkNameCertificate(10, nameCert);
 
-        checkSelfSignedCertificate(11, probSelfSignedCert);
-        checkSelfSignedCertificate(12, gostCA1);
-        checkSelfSignedCertificate(13, gostCA2);
-        checkSelfSignedCertificate(14, gost341094base);
-        checkSelfSignedCertificate(15, gost34102001base);
-        checkSelfSignedCertificate(16, gost341094A);
-        checkSelfSignedCertificate(17, gost341094B);
-        checkSelfSignedCertificate(18, gost34102001A);
+        checkSelfSignedCertificate(11, probSelfSignedCert, "SHA1WITHRSA");
+        checkSelfSignedCertificate(12, gostCA1, "GOST3410");
+        checkSelfSignedCertificate(13, gostCA2, "GOST3411WITHECGOST3410");
+        checkSelfSignedCertificate(14, gost341094base, "GOST3410");
+        checkSelfSignedCertificate(15, gost34102001base, "GOST3411WITHECGOST3410");
+        checkSelfSignedCertificate(16, gost341094A, "GOST3410");
+        checkSelfSignedCertificate(17, gost341094B, "GOST3410");
+        checkSelfSignedCertificate(18, gost34102001A, "GOST3411WITHECGOST3410");
 
         try
         {
-            checkSelfSignedCertificate(19, uaczo1);
-            checkSelfSignedCertificate(20, uaczo2);
-            checkSelfSignedCertificate(21, uaczo3);
-            checkSelfSignedCertificate(22, uaczo4);
+            checkSelfSignedCertificate(19, uaczo1, "GOST3411WITHDSTU4145LE");
+            checkSelfSignedCertificate(20, uaczo2, "GOST3411WITHDSTU4145LE");
+            checkSelfSignedCertificate(21, uaczo3, "GOST3411WITHDSTU4145LE");
+            checkSelfSignedCertificate(22, uaczo4, "GOST3411WITHDSTU4145LE");
         }
         catch (Exception e)
         {
@@ -2847,35 +1599,12 @@ public class CertTest
 
         checkCRL(1, crl1);
 
-        checkCreation1();
-        checkCreation2();
-        checkCreation3();
-        checkCreation4();
-        checkCreation5();
-
-        createECCert("SHA1withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        createECCert("SHA224withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
-        createECCert("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
-        createECCert("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
-        createECCert("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-
-        createPSSCert("SHA1withRSAandMGF1");
-        createPSSCert("SHA224withRSAandMGF1");
-        createPSSCert("SHA256withRSAandMGF1");
-        createPSSCert("SHA384withRSAandMGF1");
-
-        checkCRLCreation1();
-        checkCRLCreation2();
-        checkCRLCreation3();
-
         pemTest();
         pkcs7Test();
         rfc4491Test();
         
         testForgedSignature();
 
-        testNullDerNullCert();
-
         checkCertificate(18, emptyDNCert);
 
         testCertPathEncAvailableTest();
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CipherStreamTest2.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CipherStreamTest2.java
index de9533c..2201c8a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CipherStreamTest2.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CipherStreamTest2.java
@@ -1,14 +1,10 @@
 package org.bouncycastle.jce.provider.test;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.OutputStream;
+import java.io.*;
 import java.security.Key;
 import java.security.Security;
 
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
+import javax.crypto.*;
 import javax.crypto.spec.IvParameterSpec;
 
 import org.bouncycastle.crypto.io.InvalidCipherTextIOException;
@@ -21,9 +17,11 @@ import org.bouncycastle.util.test.SimpleTest;
 public class CipherStreamTest2
     extends SimpleTest
 {
+    private int streamSize;
+
     public String getName()
     {
-        return "CipherStreamTest";
+        return "CipherStreamTest2";
     }
 
     private void testModes(String algo, String[] transforms, boolean authenticated)
@@ -33,32 +31,38 @@ public class CipherStreamTest2
         for (int i = 0; i != transforms.length; i++)
         {
             String transform = transforms[i];
+            String cipherName = algo + transform;
 
-            testWriteRead(algo + transform, key, authenticated, true, false);
-            testWriteRead(algo + transform, key, authenticated, true, true);
-            testWriteRead(algo + transform, key, authenticated, false, false);
-            testWriteRead(algo + transform, key, authenticated, false, true);
-            testReadWrite(algo + transform, key, authenticated, true, false);
-            testReadWrite(algo + transform, key, authenticated, true, true);
-            testReadWrite(algo + transform, key, authenticated, false, false);
-            testReadWrite(algo + transform, key, authenticated, false, true);
-
-            if (!(transform.indexOf("CTS") > -1))
+            boolean cts = transform.indexOf("CTS") > -1;
+            if (cts && streamSize < Cipher.getInstance(cipherName, "BC").getBlockSize())
+            {
+                continue;
+            }
+            testWriteRead(cipherName, key, authenticated, true, false);
+            testWriteRead(cipherName, key, authenticated, true, true);
+            testWriteRead(cipherName, key, authenticated, false, false);
+            testWriteRead(cipherName, key, authenticated, false, true);
+            testReadWrite(cipherName, key, authenticated, true, false);
+            testReadWrite(cipherName, key, authenticated, true, true);
+            testReadWrite(cipherName, key, authenticated, false, false);
+            testReadWrite(cipherName, key, authenticated, false, true);
+
+            if (!cts)
             {
-                testWriteReadEmpty(algo + transform, key, authenticated, true, false);
-                testWriteReadEmpty(algo + transform, key, authenticated, true, true);
-                testWriteReadEmpty(algo + transform, key, authenticated, false, false);
-                testWriteReadEmpty(algo + transform, key, authenticated, false, true);
+                testWriteReadEmpty(cipherName, key, authenticated, true, false);
+                testWriteReadEmpty(cipherName, key, authenticated, true, true);
+                testWriteReadEmpty(cipherName, key, authenticated, false, false);
+                testWriteReadEmpty(cipherName, key, authenticated, false, true);
             }
 
             if (authenticated)
             {
-                testTamperedRead(algo + transform, key, true, true);
-                testTamperedRead(algo + transform, key, true, false);
-                testTruncatedRead(algo + transform, key, true, true);
-                testTruncatedRead(algo + transform, key, true, false);
-                testTamperedWrite(algo + transform, key, true, true);
-                testTamperedWrite(algo + transform, key, true, false);
+                testTamperedRead(cipherName, key, true, true);
+                testTamperedRead(cipherName, key, true, false);
+                testTruncatedRead(cipherName, key, true, true);
+                testTruncatedRead(cipherName, key, true, false);
+                testTamperedWrite(cipherName, key, true, true);
+                testTamperedWrite(cipherName, key, true, false);
             }
         }
     }
@@ -94,7 +98,7 @@ public class CipherStreamTest2
             decrypt.init(Cipher.DECRYPT_MODE, key);
         }
 
-        byte[] ciphertext = encrypt.doFinal(new byte[1000]);
+        byte[] ciphertext = encrypt.doFinal(new byte[streamSize]);
 
         // Tamper
         ciphertext[0] += 1;
@@ -111,6 +115,10 @@ public class CipherStreamTest2
         {
             // Expected
         }
+        catch (IOException e)       //     cause will be AEADBadTagException
+        {
+            // Expected
+        }
         try
         {
             input.close();
@@ -140,10 +148,10 @@ public class CipherStreamTest2
             decrypt.init(Cipher.DECRYPT_MODE, key);
         }
 
-        byte[] ciphertext = encrypt.doFinal(new byte[1000]);
+        byte[] ciphertext = encrypt.doFinal(new byte[streamSize]);
 
         // Truncate to just smaller than complete tag
-        byte[] truncated = new byte[ciphertext.length - 1000 - 1];
+        byte[] truncated = new byte[ciphertext.length - streamSize - 1];
         System.arraycopy(ciphertext, 0, truncated, 0, truncated.length);
 
         // Tamper
@@ -162,6 +170,11 @@ public class CipherStreamTest2
                 // Expected
                 break;
             }
+            catch (IOException e)
+            {
+                // Expected from JDK 1.7 on
+                break;
+            }
             catch (Exception e)
             {
                 fail("Unexpected exception : " + name, e, authenticated, useBc);
@@ -201,7 +214,7 @@ public class CipherStreamTest2
             decrypt.init(Cipher.DECRYPT_MODE, key);
         }
 
-        byte[] ciphertext = encrypt.doFinal(new byte[1000]);
+        byte[] ciphertext = encrypt.doFinal(new byte[streamSize]);
 
         // Tamper
         ciphertext[0] += 1;
@@ -230,7 +243,7 @@ public class CipherStreamTest2
     private void testWriteRead(String name, Key key, boolean authenticated, boolean useBc, boolean blocks)
         throws Exception
     {
-        byte[] data = new byte[1000];
+        byte[] data = new byte[streamSize];
         for (int i = 0; i < data.length; i++)
         {
             data[i] = (byte)(i % 255);
@@ -271,10 +284,10 @@ public class CipherStreamTest2
             OutputStream cOut = createOutputStream(bOut, encrypt, useBc);
             if (blocks)
             {
-                int chunkSize = data.length / 8;
+                int chunkSize = Math.max(1, data.length / 8);
                 for (int i = 0; i < data.length; i += chunkSize)
                 {
-                    cOut.write(data, i, chunkSize);
+                    cOut.write(data, i, Math.min(chunkSize, data.length - i));
                 }
             }
             else
@@ -434,6 +447,17 @@ public class CipherStreamTest2
     public void performTest()
         throws Exception
     {
+        int[] testSizes = new int[]{0, 1, 7, 8, 9, 15, 16, 17, 1023, 1024, 1025, 2047, 2048, 2049, 4095, 4096, 4097};
+        for (int i = 0; i < testSizes.length; i++)
+        {
+            this.streamSize = testSizes[i];
+            performTests();
+        }
+    }
+
+    private void performTests()
+        throws Exception
+    {
         final String[] blockCiphers64 = new String[]{"BLOWFISH", "DES", "DESEDE", "TEA", "CAST5", "RC2", "XTEA"};
 
         for (int i = 0; i != blockCiphers64.length; i++)
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/DHTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/DHTest.java
index 4ab21ed..6b9ad4e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/DHTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/DHTest.java
@@ -33,9 +33,11 @@ import javax.crypto.spec.DHPublicKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jce.ECNamedCurveTable;
 import org.bouncycastle.jce.ECPointUtil;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.encoders.Hex;
@@ -567,6 +569,53 @@ public class DHTest
             fail(size + " bit 3-way test failed (c and b differ)");
         }
     }
+
+    private void testECDH(String algorithm, String cipher, int keyLen)
+        throws Exception
+    {
+        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp521r1");
+        KeyPairGenerator g = KeyPairGenerator.getInstance(algorithm, "BC");
+
+        g.initialize(parameterSpec);
+
+        //
+        // a side
+        //
+        KeyPair aKeyPair = g.generateKeyPair();
+
+        KeyAgreement aKeyAgree = KeyAgreement.getInstance(algorithm, "BC");
+
+        aKeyAgree.init(aKeyPair.getPrivate());
+
+        //
+        // b side
+        //
+        KeyPair bKeyPair = g.generateKeyPair();
+
+        KeyAgreement bKeyAgree = KeyAgreement.getInstance(algorithm, "BC");
+
+        bKeyAgree.init(bKeyPair.getPrivate());
+
+        //
+        // agreement
+        //
+        aKeyAgree.doPhase(bKeyPair.getPublic(), true);
+        bKeyAgree.doPhase(aKeyPair.getPublic(), true);
+
+        SecretKey k1 = aKeyAgree.generateSecret(cipher);
+        SecretKey k2 = bKeyAgree.generateSecret(cipher);
+
+        if (!k1.equals(k2))
+        {
+            fail(algorithm + " 2-way test failed");
+        }
+
+        if (k1.getEncoded().length != keyLen / 8)
+        {
+            fail("key for " + cipher + " the wrong size expected " + keyLen / 8 + " got " + k1.getEncoded().length);
+        }
+    }
+
     private void testECDH(String algorithm)
         throws Exception
     {
@@ -915,8 +964,15 @@ public class DHTest
         testGP("DIFFIEHELLMAN", 1024, 256, g1024, p1024);
         testExplicitWrapping(512, 0, g512, p512);
         testRandom(256);
+
         testECDH("ECDH");
         testECDH("ECDHC");
+        testECDH("ECDH", "AES", 256);
+        testECDH("ECDH", "DESEDE", 192);
+        testECDH("ECDH", "DES", 64);
+        testECDH("ECDHwithSHA1KDF", "AES", 256);
+        testECDH("ECDHwithSHA1KDF", "DESEDE", 192);
+
         testExceptions();
         testDESAndDESede(g768, p768);
         testInitialise();
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/DSATest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/DSATest.java
index e047899..3e2ebd4 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/DSATest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/DSATest.java
@@ -25,10 +25,10 @@ import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
@@ -191,7 +191,7 @@ public class DSATest
 
         signer.init(false, keyParams);
 
-        if (!signer.verifySignature(dummySha1, DERInteger.getInstance(derSig.getObjectAt(0)).getValue(), DERInteger.getInstance(derSig.getObjectAt(1)).getValue()))
+        if (!signer.verifySignature(dummySha1, ASN1Integer.getInstance(derSig.getObjectAt(0)).getValue(), ASN1Integer.getInstance(derSig.getObjectAt(1)).getValue()))
         {
             fail("NONEwithDSA not really NONE!");
         }
@@ -474,7 +474,7 @@ public class DSATest
         }
     }
 
-    private void testECDSA239bitBinary(String algorithm, DERObjectIdentifier oid)
+    private void testECDSA239bitBinary(String algorithm, ASN1ObjectIdentifier oid)
         throws Exception
     {
         byte[] kData = BigIntegers.asUnsignedByteArray(new BigInteger("171278725565216523967285789236956265265265235675811949404040041670216363"));
@@ -971,8 +971,8 @@ public class DSATest
 
         BigInteger[]            sig = new BigInteger[2];
 
-        sig[0] = ((DERInteger)s.getObjectAt(0)).getValue();
-        sig[1] = ((DERInteger)s.getObjectAt(1)).getValue();
+        sig[0] = ((ASN1Integer)s.getObjectAt(0)).getValue();
+        sig[1] = ((ASN1Integer)s.getObjectAt(1)).getValue();
 
         return sig;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java
index 802134c..87773da 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java
@@ -11,11 +11,14 @@ import java.security.InvalidKeyException;
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.security.Security;
 import java.security.Signature;
+import java.security.SignatureException;
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.spec.AlgorithmParameterSpec;
@@ -27,22 +30,29 @@ import java.security.spec.ECPoint;
 import java.security.spec.ECPrivateKeySpec;
 import java.security.spec.ECPublicKeySpec;
 import java.security.spec.EllipticCurve;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
+import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
 import org.bouncycastle.jce.ECKeyUtil;
 import org.bouncycastle.jce.ECNamedCurveTable;
 import org.bouncycastle.jce.ECPointUtil;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.util.BigIntegers;
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.FixedSecureRandom;
@@ -150,6 +160,61 @@ public class ECDSA5Test
         }
     }
 
+    // test BSI algorithm support.
+    private void testBSI()
+        throws Exception
+    {
+        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("ECDSA", "BC");
+
+        kpGen.initialize(new ECGenParameterSpec(TeleTrusTObjectIdentifiers.brainpoolP512r1.getId()));
+
+        KeyPair kp = kpGen.generateKeyPair();
+
+        byte[] data = "Hello World!!!".getBytes();
+        String[] cvcAlgs = { "SHA1WITHCVC-ECDSA", "SHA224WITHCVC-ECDSA",
+                             "SHA256WITHCVC-ECDSA", "SHA384WITHCVC-ECDSA",
+                             "SHA512WITHCVC-ECDSA" };
+        String[] cvcOids = { EACObjectIdentifiers.id_TA_ECDSA_SHA_1.getId(), EACObjectIdentifiers.id_TA_ECDSA_SHA_224.getId(),
+                             EACObjectIdentifiers.id_TA_ECDSA_SHA_256.getId(), EACObjectIdentifiers.id_TA_ECDSA_SHA_384.getId(),
+                             EACObjectIdentifiers.id_TA_ECDSA_SHA_512.getId() };
+
+        testBsiAlgorithms(kp, data, cvcAlgs, cvcOids);
+
+        String[] plainAlgs = { "SHA1WITHPLAIN-ECDSA", "SHA224WITHPLAIN-ECDSA",
+                             "SHA256WITHPLAIN-ECDSA", "SHA384WITHPLAIN-ECDSA",
+                             "SHA512WITHPLAIN-ECDSA", "RIPEMD160WITHPLAIN-ECDSA" };
+        String[] plainOids = { BSIObjectIdentifiers.ecdsa_plain_SHA1.getId(), BSIObjectIdentifiers.ecdsa_plain_SHA224.getId(),
+                                BSIObjectIdentifiers.ecdsa_plain_SHA256.getId(), BSIObjectIdentifiers.ecdsa_plain_SHA384.getId(),
+                                BSIObjectIdentifiers.ecdsa_plain_SHA512.getId(), BSIObjectIdentifiers.ecdsa_plain_RIPEMD160.getId() };
+
+        testBsiAlgorithms(kp, data, plainAlgs, plainOids);
+    }
+
+    private void testBsiAlgorithms(KeyPair kp, byte[] data, String[] algs, String[] oids)
+        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException
+    {
+        for (int i = 0; i != algs.length; i++)
+        {
+            Signature sig1 = Signature.getInstance(algs[i], "BC");
+            Signature sig2 = Signature.getInstance(oids[i], "BC");
+
+            sig1.initSign(kp.getPrivate());
+
+            sig1.update(data);
+
+            byte[] sig = sig1.sign();
+
+            sig2.initVerify(kp.getPublic());
+
+            sig2.update(data);
+
+            if (!sig2.verify(sig))
+            {
+                fail("BSI CVC signature failed: " + algs[i]);
+            }
+        }
+    }
+
     /**
      * X9.62 - 1998,<br>
      * J.2.1, Page 100, ECDSA over the field F2m<br>
@@ -695,8 +760,16 @@ public class ECDSA5Test
     {
         public void nextBytes(byte[] bytes)
         {
-            byte[] src = BigInteger.valueOf(1000).toByteArray();
-            System.arraycopy(src, 0, bytes, bytes.length - src.length, src.length);
+            byte[] src = new BigInteger("e2eb6663f551331bda00b90f1272c09d980260c1a70cab1ec481f6c937f34b62", 16).toByteArray();
+
+            if (src.length <= bytes.length)
+            {
+                System.arraycopy(src, 0, bytes, bytes.length - src.length, src.length);
+            }
+            else
+            {
+                System.arraycopy(src, 0, bytes, 0, bytes.length);
+            }
         }
     }
 
@@ -734,6 +807,87 @@ public class ECDSA5Test
         }
     }
 
+    private void testNamedCurveSigning()
+        throws Exception
+    {
+        testCustomNamedCurveSigning("secp256r1");
+
+        try
+        {
+            testCustomNamedCurveSigning("secp256k1");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("first coefficient is negative"))     // bogus jdk 1.5 exception...
+            {
+                throw e;
+            }
+        }
+    }
+
+    private void testCustomNamedCurveSigning(String name)
+        throws Exception
+    {
+        X9ECParameters x9Params = ECUtil.getNamedCurveByOid(ECUtil.getNamedCurveOid(name));
+
+        // TODO: one day this may have to change
+        if (x9Params.getCurve() instanceof ECCurve.Fp)
+        {
+            fail("curve not custom curve!!");
+        }
+
+        AlgorithmParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(name);
+        KeyPairGenerator keygen = KeyPairGenerator.getInstance("EC", "BC");
+        keygen.initialize(ecSpec, new ECRandom());
+
+        KeyPair keys = keygen.generateKeyPair();
+
+        PrivateKeyInfo priv1 = PrivateKeyInfo.getInstance(keys.getPrivate().getEncoded());
+        SubjectPublicKeyInfo pub1 = SubjectPublicKeyInfo.getInstance(keys.getPublic().getEncoded());
+
+        keygen = KeyPairGenerator.getInstance("EC", "BC");
+        keygen.initialize(new ECGenParameterSpec("secp256r1"), new ECRandom());
+
+        Signature ecdsaSigner = Signature.getInstance("ECDSA", "BC");
+
+        ecdsaSigner.initSign(keys.getPrivate());
+
+        ecdsaSigner.update(new byte[100]);
+
+        byte[] sig = ecdsaSigner.sign();
+
+        ecdsaSigner.initVerify(keys.getPublic());
+
+        ecdsaSigner.update(new byte[100]);
+
+        if (!ecdsaSigner.verify(sig))
+        {
+            fail("signature failed to verify");
+        }
+
+        KeyFactory kFact = KeyFactory.getInstance("EC", "BC");
+
+        PublicKey pub = kFact.generatePublic(new X509EncodedKeySpec(pub1.getEncoded()));
+        PrivateKey pri = kFact.generatePrivate(new PKCS8EncodedKeySpec(priv1.getEncoded()));
+
+        ecdsaSigner = Signature.getInstance("ECDSA", "BC");
+
+        ecdsaSigner.initSign(pri);
+
+        ecdsaSigner.update(new byte[100]);
+
+        sig = ecdsaSigner.sign();
+
+        ecdsaSigner.initVerify(pub);
+
+        ecdsaSigner.update(new byte[100]);
+
+        if (!ecdsaSigner.verify(sig))
+        {
+            fail("signature failed to verify");
+        }
+    }
+
     protected BigInteger[] derDecode(
         byte[]  encoding)
         throws IOException
@@ -744,8 +898,8 @@ public class ECDSA5Test
 
         BigInteger[]            sig = new BigInteger[2];
 
-        sig[0] = ((DERInteger)s.getObjectAt(0)).getValue();
-        sig[1] = ((DERInteger)s.getObjectAt(1)).getValue();
+        sig[0] = ((ASN1Integer)s.getObjectAt(0)).getValue();
+        sig[1] = ((ASN1Integer)s.getObjectAt(1)).getValue();
 
         return sig;
     }
@@ -766,6 +920,8 @@ public class ECDSA5Test
         testGeneration();
         testKeyPairGenerationWithOIDs();
         testNamedCurveParameterPreservation();
+        testNamedCurveSigning();
+        testBSI();
     }
 
     public static void main(
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECIESTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECIESTest.java
index 9af0670..ad2b8b2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECIESTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECIESTest.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.jce.provider.test;
 
+import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.SecureRandom;
@@ -85,8 +86,30 @@ public class ECIESTest
         // Testing ECIES with 256-bit curve using DES
         g.initialize(256, new SecureRandom());
         doTest("256-bit", g, "ECIESwithDESEDE", params);
-           
-        
+
+        // Testing ECIES with 256-bit curve using DES-CBC
+        g.initialize(256, new SecureRandom());
+        doTest("256-bit", g, "ECIESwithDESEDE-CBC", params);
+
+        params = new IESParameterSpec(derivation, encoding, 128, 128, Hex.decode("0001020304050607"));
+        g.initialize(256, new SecureRandom());
+        doTest("256-bit", g, "ECIESwithDESEDE-CBC", params);
+
+        try
+        {
+            params = new IESParameterSpec(derivation, encoding, 128, 128, new byte[10]);
+            g.initialize(256, new SecureRandom());
+            doTest("256-bit", g, "ECIESwithDESEDE-CBC", params);
+            fail("DESEDE no exception!");
+        }
+        catch (InvalidAlgorithmParameterException e)
+        {
+            if (!e.getMessage().equals("NONCE in IES Parameters needs to be 8 bytes long"))
+            {
+                fail("DESEDE wrong message!");
+            }
+        }
+
         c1 = new org.bouncycastle.jcajce.provider.asymmetric.ec.IESCipher.ECIESwithAES();
         c2 = new org.bouncycastle.jcajce.provider.asymmetric.ec.IESCipher.ECIESwithAES();
         params = new IESParameterSpec(derivation, encoding, 128, 128);
@@ -102,7 +125,29 @@ public class ECIESTest
         // Testing ECIES with 256-bit curve using AES
         g.initialize(256, new SecureRandom());
         doTest("256-bit", g, "ECIESwithAES", params);
-        
+
+        // Testing ECIES with 256-bit curve using AES-CBC
+        g.initialize(256, new SecureRandom());
+        doTest("256-bit", g, "ECIESwithAES-CBC", params);
+
+        params = new IESParameterSpec(derivation, encoding, 128, 128, Hex.decode("000102030405060708090a0b0c0d0e0f"));
+        g.initialize(256, new SecureRandom());
+        doTest("256-bit", g, "ECIESwithAES-CBC", params);
+
+        try
+        {
+            params = new IESParameterSpec(derivation, encoding, 128, 128, new byte[10]);
+            g.initialize(256, new SecureRandom());
+            doTest("256-bit", g, "ECIESwithAES-CBC", params);
+            fail("AES no exception!");
+        }
+        catch (InvalidAlgorithmParameterException e)
+        {
+            if (!e.getMessage().equals("NONCE in IES Parameters needs to be 16 bytes long"))
+            {
+                fail("AES wrong message!");
+            }
+        }
     }
 
     public void doTest(
@@ -112,7 +157,7 @@ public class ECIESTest
         IESParameterSpec    p)
         throws Exception
     {
-        
+
         byte[] message = Hex.decode("0102030405060708090a0b0c0d0e0f10111213141516");
         byte[] out1, out2;
 
@@ -142,29 +187,30 @@ public class ECIESTest
             fail(testname + " test failed with non-null parameters, DHAES mode false.");
         
 
-        c1 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding","BC");
-        c2 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding","BC");
-
-        // Testing with null parameters and DHAES mode on
-        c1.init(Cipher.ENCRYPT_MODE, Pub, new SecureRandom());
-        c2.init(Cipher.DECRYPT_MODE, Priv, new SecureRandom());
-
-        out1 = c1.doFinal(message, 0, message.length);
-        out2 = c2.doFinal(out1, 0, out1.length);
-        if (!areEqual(out2, message))
-            fail(testname + " test failed with null parameters, DHAES mode true.");
-     
-        c1 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding");
-        c2 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding");
-
-        // Testing with given parameters and DHAES mode on
-        c1.init(Cipher.ENCRYPT_MODE, Pub, p, new SecureRandom());
-        c2.init(Cipher.DECRYPT_MODE, Priv, p, new SecureRandom());
-
-        out1 = c1.doFinal(message, 0, message.length);
-        out2 = c2.doFinal(out1, 0, out1.length);
-        if (!areEqual(out2, message))
-            fail(testname + " test failed with non-null parameters, DHAES mode true.");
+// TODO: DHAES mode is not currently implemented, perhaps it shouldn't be...
+//        c1 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding","BC");
+//        c2 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding","BC");
+//
+//        // Testing with null parameters and DHAES mode on
+//        c1.init(Cipher.ENCRYPT_MODE, Pub, new SecureRandom());
+//        c2.init(Cipher.DECRYPT_MODE, Priv, new SecureRandom());
+//
+//        out1 = c1.doFinal(message, 0, message.length);
+//        out2 = c2.doFinal(out1, 0, out1.length);
+//        if (!areEqual(out2, message))
+//            fail(testname + " test failed with null parameters, DHAES mode true.");
+//
+//        c1 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding");
+//        c2 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding");
+//
+//        // Testing with given parameters and DHAES mode on
+//        c1.init(Cipher.ENCRYPT_MODE, Pub, p, new SecureRandom());
+//        c2.init(Cipher.DECRYPT_MODE, Priv, p, new SecureRandom());
+//
+//        out1 = c1.doFinal(message, 0, message.length);
+//        out2 = c2.doFinal(out1, 0, out1.length);
+//        if (!areEqual(out2, message))
+//            fail(testname + " test failed with non-null parameters, DHAES mode true.");
         
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECNRTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECNRTest.java
index dc60a5c..7469506 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECNRTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ECNRTest.java
@@ -11,8 +11,8 @@ import java.security.Security;
 import java.security.Signature;
 
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jce.spec.ECParameterSpec;
 import org.bouncycastle.jce.spec.ECPrivateKeySpec;
@@ -218,8 +218,8 @@ public class ECNRTest
 
         BigInteger[]            sig = new BigInteger[2];
 
-        sig[0] = ((DERInteger)s.getObjectAt(0)).getValue();
-        sig[1] = ((DERInteger)s.getObjectAt(1)).getValue();
+        sig[0] = ((ASN1Integer)s.getObjectAt(0)).getValue();
+        sig[1] = ((ASN1Integer)s.getObjectAt(1)).getValue();
 
         return sig;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PKCS10CertRequestTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PKCS10CertRequestTest.java
index 35139c5..65ed291 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PKCS10CertRequestTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PKCS10CertRequestTest.java
@@ -14,7 +14,7 @@ import java.security.spec.RSAPublicKeySpec;
 import java.util.Hashtable;
 import java.util.Vector;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
@@ -23,10 +23,13 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x509.BasicConstraints;
 import org.bouncycastle.asn1.x509.KeyUsage;
 import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Extension;
 import org.bouncycastle.asn1.x509.X509Extensions;
 import org.bouncycastle.asn1.x509.X509Name;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
 import org.bouncycastle.jce.ECNamedCurveTable;
 import org.bouncycastle.jce.PKCS10CertificationRequest;
@@ -41,7 +44,6 @@ import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.SimpleTest;
-import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
 
 /**
  **/
@@ -145,7 +147,7 @@ public class PKCS10CertRequestTest
     /*
      * we generate a self signed certificate for the sake of testing - SHA224withECDSA
      */
-    private void createECRequest(String algorithm, DERObjectIdentifier algOid, DERObjectIdentifier curveOid)
+    private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid, ASN1ObjectIdentifier curveOid)
         throws Exception
     {
         ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(curveOid.getId());
@@ -217,7 +219,7 @@ public class PKCS10CertRequestTest
         }
     }
 
-    private void createECRequest(String algorithm, DERObjectIdentifier algOid)
+    private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid)
         throws Exception
     {
         ECCurve.Fp curve = new ECCurve.Fp(
@@ -424,7 +426,7 @@ public class PKCS10CertRequestTest
         oids.add(X509Extensions.KeyUsage);
         values.add(new X509Extension(true, new DEROctetString(
             new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign))));
-        SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pair.getPublic());
+        SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())));
         X509Extension ski = new X509Extension(false, new DEROctetString(subjectKeyIdentifier));
         oids.add(X509Extensions.SubjectKeyIdentifier);
         values.add(ski);
@@ -521,7 +523,7 @@ public class PKCS10CertRequestTest
         createECRequest("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         createECRequest("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
 
-        createECRequest("SHA1withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1, new DERObjectIdentifier("1.3.132.0.34"));
+        createECRequest("SHA1withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1, new ASN1ObjectIdentifier("1.3.132.0.34"));
 
         createECGOSTRequest();
 
@@ -533,6 +535,17 @@ public class PKCS10CertRequestTest
         nullPointerTest();
     }
 
+    private static byte[] getDigest(SubjectPublicKeyInfo spki)
+    {
+        Digest digest = new SHA1Digest();
+        byte[]  resBuf = new byte[digest.getDigestSize()];
+
+        byte[] bytes = spki.getPublicKeyData().getBytes();
+        digest.update(bytes, 0, bytes.length);
+        digest.doFinal(resBuf, 0);
+        return resBuf;
+    }
+
     public static void main(
         String[]    args)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PKCS12StoreTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PKCS12StoreTest.java
index 0828440..1faa65d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PKCS12StoreTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PKCS12StoreTest.java
@@ -35,7 +35,7 @@ import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.Pfx;
 import org.bouncycastle.asn1.pkcs.SafeBag;
-import org.bouncycastle.jcajce.provider.config.PKCS12StoreParameter;
+import org.bouncycastle.jcajce.PKCS12StoreParameter;
 import org.bouncycastle.jce.PKCS12Util;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
@@ -665,6 +665,34 @@ public class PKCS12StoreTest
             fail("Failed DER encoding test.");
         }
 
+
+        //
+        // save test using LoadStoreParameter  - old version
+        //
+        bOut = new ByteArrayOutputStream();
+
+        storeParam = new org.bouncycastle.jcajce.provider.config.PKCS12StoreParameter(bOut, passwd, true);
+
+        store.store(storeParam);
+
+        data = bOut.toByteArray();
+
+        stream = new ByteArrayInputStream(data);
+        store.load(stream, passwd);
+
+        key = (PrivateKey)store.getKey(pName, null);
+
+        if (!((RSAPrivateKey)key).getModulus().equals(mod))
+        {
+            fail("Modulus doesn't match.");
+        }
+
+        outer = new ASN1StreamParser(data).readObject();
+        if (!(outer instanceof DERSequenceParser))
+        {
+            fail("Failed DER encoding test.");
+        }
+
         //
         // save test using LoadStoreParameter
         //
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PSSTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PSSTest.java
index c886c39..44d18ab 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PSSTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/PSSTest.java
@@ -14,7 +14,7 @@ import java.security.spec.PSSParameterSpec;
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -201,7 +201,7 @@ public class PSSTest
         rawModeTest("SHA512withRSA/PSS", NISTObjectIdentifiers.id_sha512, priv2048Key, pub2048Key, random);
     }
 
-    private void rawModeTest(String sigName, DERObjectIdentifier digestOID,
+    private void rawModeTest(String sigName, ASN1ObjectIdentifier digestOID,
             PrivateKey privKey, PublicKey pubKey, SecureRandom random) throws Exception
     {
         byte[] sampleMessage = new byte[1000 + random.nextInt(100)];
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/RSATest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/RSATest.java
index c1f4582..ba138ec 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/RSATest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/RSATest.java
@@ -39,6 +39,7 @@ import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.pkcs.RSAESOAEPparams;
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -149,6 +150,20 @@ public class RSATest
         PublicKey   pub2048Key = fact.generatePublic(pub2048KeySpec);
 
         //
+        // key without CRT coefficients
+        //
+        PrivateKeyInfo keyInfo = PrivateKeyInfo.getInstance(privKey.getEncoded());
+        BigInteger zero = BigInteger.valueOf(0);
+        PKCS8EncodedKeySpec noCrtSpec = new PKCS8EncodedKeySpec(new PrivateKeyInfo(keyInfo.getPrivateKeyAlgorithm(),
+                                                   new org.bouncycastle.asn1.pkcs.RSAPrivateKey(privKeySpec.getModulus(), privKeySpec.getPublicExponent(), privKeySpec.getPrivateExponent(), zero, zero, zero, zero, zero)).getEncoded());
+
+        PrivateKey noCrtKey = fact.generatePrivate(noCrtSpec);
+        if (noCrtKey instanceof RSAPrivateCrtKey)
+        {
+            fail("private key without CRT coefficients returned as CRT key");
+        }
+
+        //
         // No Padding
         //
         Cipher c = Cipher.getInstance("RSA", "BC");
@@ -671,7 +686,7 @@ public class RSATest
         }
 
         oaepCompatibilityTest("SHA-1", priv2048Key, pub2048Key);
-        oaepCompatibilityTest("SHA-224", priv2048Key, pub2048Key);
+        // TODO: oaepCompatibilityTest("SHA-224", priv2048Key, pub2048Key);      commented out as fails in JDK 1.7
         oaepCompatibilityTest("SHA-256", priv2048Key, pub2048Key);
         oaepCompatibilityTest("SHA-384", priv2048Key, pub2048Key);
         oaepCompatibilityTest("SHA-512", priv2048Key, pub2048Key);
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/RegressionTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/RegressionTest.java
index e98330e..2dce85e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/RegressionTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/RegressionTest.java
@@ -34,7 +34,6 @@ public class RegressionTest
         new ElGamalTest(),
         new IESTest(),
         new SigTest(),
-        new AttrCertTest(),
         new CertTest(),
         new PKCS10CertRequestTest(),
         new EncryptedPrivateKeyInfoTest(),
@@ -49,7 +48,6 @@ public class RegressionTest
         new NamedCurveTest(),
         new PKIXTest(),
         new NetscapeCertRequestTest(),
-        new X509StoreTest(),
         new X509StreamParserTest(),
         new X509CertificatePairTest(),
         new CertPathTest(),
@@ -64,7 +62,6 @@ public class RegressionTest
         new PKIXNameConstraintsTest(),
         new MultiCertStoreTest(),
         new NoekeonTest(),
-        new AttrCertSelectorTest(),
         new SerialisationTest(),
         new SigNameTest(),
         new MQVTest(),
@@ -78,7 +75,8 @@ public class RegressionTest
         new SHA3Test(),
         new SkeinTest(),
         new Shacal2Test(),
-        new DetDSATest()
+        new DetDSATest(),
+        new ThreefishTest()
     };
 
     public static void main(
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/Shacal2Test.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/Shacal2Test.java
index 4b4954a..14157b1 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/Shacal2Test.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/Shacal2Test.java
@@ -5,14 +5,21 @@ import java.io.ByteArrayOutputStream;
 import java.io.DataInputStream;
 import java.io.IOException;
 import java.security.Key;
+import java.security.SecureRandom;
 import java.security.Security;
+import java.security.spec.KeySpec;
 
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
 import javax.crypto.CipherOutputStream;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.SimpleTest;
 
@@ -36,6 +43,45 @@ public class Shacal2Test
         return "Shacal2";
     }
 
+    private static final int KEY_SIZE_BITS = 512;
+
+        private static final byte[] TEST_BYTES = new byte[ 1536 ];
+
+        private static final char[] TEST_PASSWORD = new char[ 1536 ];
+
+        static
+        {
+            new SecureRandom().nextBytes( TEST_BYTES );
+            int total = TEST_PASSWORD.length;
+            for ( char c = 'A'; c <= 'Z' && total > 0; TEST_PASSWORD[TEST_PASSWORD.length - total] = c, c++, total-- );
+        }
+
+        private void blockTest()
+            throws Exception
+        {
+            final byte[] salt = new byte[KEY_SIZE_BITS / 8];
+            new SecureRandom().nextBytes(salt);
+
+            final KeySpec keySpec = new PBEKeySpec(TEST_PASSWORD, salt, 262144, KEY_SIZE_BITS);
+            final SecretKey secretKey = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2", "BC").
+                generateSecret(keySpec).getEncoded(), "Shacal2");
+
+            final Cipher cipher = Cipher.getInstance("Shacal2/CBC/ISO10126Padding", "BC");
+            cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+
+            final byte[] iv = cipher.getIV();
+            final byte[] ciphertext = cipher.doFinal(TEST_BYTES);
+
+            cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
+
+            final byte[] cleartext = cipher.doFinal(ciphertext);
+
+            if (!Arrays.areEqual(TEST_BYTES, cleartext))
+            {
+                fail("Invalid cleartext.");
+            }
+        }
+
     public void testECB(
         int strength,
         byte[] keyBytes,
@@ -142,6 +188,8 @@ public class Shacal2Test
                 Hex.decode(cipherTests[i + 2]),
                 Hex.decode(cipherTests[i + 3]));
         }
+
+        blockTest();
     }
 
     public static void main(
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SigNameTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SigNameTest.java
index 0ed90c3..19f9e6d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SigNameTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SigNameTest.java
@@ -66,6 +66,15 @@ public class SigNameTest
         checkName("SHA1withRSA/ISO9796-2");
         checkName("MD5withRSA/ISO9796-2");
         checkName("RIPEMD160withRSA/ISO9796-2");
+
+        checkName("RIPEMD128withRSA/X9.31");
+        checkName("RIPEMD160withRSA/X9.31");
+        checkName("SHA1withRSA/X9.31");
+        checkName("SHA224withRSA/X9.31");
+        checkName("SHA256withRSA/X9.31");
+        checkName("SHA384withRSA/X9.31");
+        checkName("SHA512withRSA/X9.31");
+        checkName("WhirlpoolwithRSA/X9.31");
     }
 
     public String getName()
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SigTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SigTest.java
index 1863ca6..2c2f512 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SigTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SigTest.java
@@ -1,15 +1,19 @@
 package org.bouncycastle.jce.provider.test;
 
 import java.math.BigInteger;
+import java.security.InvalidKeyException;
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.security.Security;
 import java.security.Signature;
+import java.security.SignatureException;
 import java.security.spec.RSAPrivateKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 
@@ -303,22 +307,20 @@ public class SigTest
             fail("SHA1/ISO verification failed");
         }
 
-        sig = Signature.getInstance("RIPEMD160WithRSA/ISO9796-2", "BC");
-
-        sig.initSign(signingKey);
+        trySig("RIPEMD160WithRSA/ISO9796-2", data, signingKey, verifyKey);
 
-        sig.update(data);
+        trySig("RIPEMD128WithRSA/X9.31", data, signingKey, verifyKey);
+        trySig("RIPEMD160WithRSA/X9.31", data, signingKey, verifyKey);
+        trySig("SHA1WithRSA/X9.31", data, signingKey, verifyKey);
+        trySig("SHA224WithRSA/X9.31", data, signingKey, verifyKey);
+        trySig("SHA256withRSA/X9.31", data, signingKey, verifyKey);
+        trySig("SHA384WithRSA/X9.31", data, signingKey, verifyKey);
+        trySig("SHA512WithRSA/X9.31", data, signingKey, verifyKey);
+        trySig("WhirlpoolWithRSA/X9.31", data, signingKey, verifyKey);
 
-        sigBytes = sig.sign();
-
-        sig.initVerify(verifyKey);
-
-        sig.update(data);
-
-        if (!sig.verify(sigBytes))
-        {
-            fail("RIPEMD160/ISO verification failed");
-        }
+        shouldPassSignatureX931Test1();
+        shouldPassSignatureX931Test2();
+        shouldPassSignatureX931Test3();
 
         //
         // standard vector test - B.1.3 RIPEMD160, implicit.
@@ -358,6 +360,137 @@ public class SigTest
         }
     }
 
+    private void trySig(String algorithm, byte[] data, PrivateKey signingKey, PublicKey verifyKey)
+        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException
+    {
+        Signature sig;
+        byte[] sigBytes;
+        sig = Signature.getInstance(algorithm, "BC");
+
+        sig.initSign(signingKey);
+
+        sig.update(data);
+
+        sigBytes = sig.sign();
+
+        sig.initVerify(verifyKey);
+
+        sig.update(data);
+
+        if (!sig.verify(sigBytes))
+        {
+            fail(algorithm + " verification failed");
+        }
+    }
+
+    private void shouldPassSignatureX931Test1()
+        throws Exception
+    {
+        BigInteger n = new BigInteger("c9be1b28f8caccca65d86cc3c9bbcc13eccc059df3b80bd2292b811eff3aa0dd75e1e85c333b8e3fa9bed53bb20f5359ff4e6900c5e9a388e3a4772a583a79e2299c76582c2b27694b65e9ba22e66bfb817f8b70b22206d7d8ae488c86dbb7137c26d5eff9b33c90e6cee640630313b7a715802e15142fef498c404a8de19674974785f0f852e2d470fe85a2e54ffca9f5851f672b71df691785a5cdabe8f14aa628942147de7593b2cf962414a5b59c632c4e14f1768c0ab2e9250824beea60a3529f11bf5e070ce90a47686eb0be1086fb21f0827f55295b4a48307db0b048c05a4aec3f488c576ca6f1879d354224c7e84cbcd8e76dd217a3de54dba73c35", 16);
+        BigInteger e = new BigInteger("e75b1b", 16);
+        byte[] msg = Hex.decode("5bb0d1c0ef9b5c7af2477fe08d45523d3842a4b2db943f7033126c2a7829bacb3d2cfc6497ec91688189e81b7f8742488224ba320ce983ce9480722f2cc5bc42611f00bb6311884f660ccc244788378673532edb05284fd92e83f6f6dab406209032e6af9a33c998677933e32d6fb95fd27408940d7728f9c9c40267ca1d20ce");
+        byte[] sig = Hex.decode("0fe8bb8e3109a1eb7489ef35bf4c1a0780071da789c8bd226a4170538eafefdd30b732d628f0e87a0b9450051feae9754d4fb61f57862d10f0bacc4f660d13281d0cd1141c006ade5186ff7d961a4c6cd0a4b352fc1295c5afd088f80ac1f8e192ef116a010a442655fe8ff5eeacea15807906fb0f0dfa86e680d4c005872357f7ece9aa4e20b15d5f709b30f08648ecaa34f2fbf54eb6b414fa2ff6f87561f70163235e69ccb4ac82a2e46d3be214cc2ef5263b569b2d8fd839b21a9e102665105ea762bda25bb446cfd831487a6b846100dee113ae95ae64f4af22c428c87bab809541c962bb3a56d4c86588e0af4ebc7fcc66dadced311051356d3ea745f7");
+
+        RSAPublicKeySpec rsaPublic = new RSAPublicKeySpec(n, e);
+        Signature signer = Signature.getInstance("SHA1withRSA/X9.31", "BC");
+
+        signer.initVerify(KeyFactory.getInstance("RSA", "BC").generatePublic(rsaPublic));
+
+        signer.update(msg, 0, msg.length);
+
+        if (!signer.verify(sig))
+        {
+            fail("RSA X931 verify test 1 failed.");
+        }
+    }
+
+    private void shouldPassSignatureX931Test2()
+        throws Exception
+    {
+        BigInteger n = new BigInteger("b746ba6c3c0be64bbe33aa55b2929b0af4e86d773d44bfe5914db9287788c4663984b61a418d2eecca30d752ff6b620a07ec72eeb2b422d2429da352407b99982800b9dd7697be6a7b1baa98ca5f4fc2fe33400f20b9dba337ac25c987804165d4a6e0ee4d18eabd6de5abdfe578cae6713ff91d16c80a5bb20217fe614d9509e75a43e1825327b9da8f0a9f6eeaa1c04b69fb4bacc073569fff4ab491becbe6d0441d437fc3fa823239c4a0f75321666b68dd3f66e2dd394089a15bcc288a68a4eb0a48e17d639743b9dea0a91cc35820544732aff253f8ca9967c609dc01c2f8cd0313a7a91cfa94ff74289a1d2b6f19d1811f4b9a65f4cce9e5759b4cc64f", 16);
+        BigInteger e = new BigInteger("dcbbdb", 16);
+        byte[] msg = Hex.decode("a5d3c8a060f897bbbc20ae0955052f37fbc70986b6e11c65075c9f457142bfa93856897c69020aa81a91b5e4f39e05cdeecc63395ab849c8262ca8bc5c96870aecb8edb0aba0024a9bdb71e06de6100344e5c318bc979ef32b8a49a8278ba99d4861bce42ebbc5c8c666aaa6cac39aff8779f2cae367620f9edd4cb1d80b6c8c");
+        byte[] sig = Hex.decode("39fbbd1804c689a533b0043f84da0f06081038c0fbf31e443e46a05e58f50de5198bbca40522afefaba3aed7082a6cb93b1da39f1f5a42246bf64930781948d300549bef0f8d554ecfca60a1b1ecba95a7014ee4545ad4f0c4e3a31942c6738b4ccd6244b6a21267dadf0826a5f713f13b1f5a9ab8501d957a26d4948278ac67851071a315674bdab173bfef2c2690c8373da6bf3d69f30c0e5da8883de872f59521b40793854085641adf98d13db991c5d0a8aaa0222934fa33332e90ef0b954e195cb267d6ffb36c96e14d1ec7b915a87598b4461a3146566354dc2ae748c84ee0cd46543b53ebff8cdf47725b280a1f799fb6ebb4a31ad2bdd5178250f83a");
+
+        RSAPublicKeySpec rsaPublic = new RSAPublicKeySpec(n, e);
+        Signature signer = Signature.getInstance("SHA224withRSA/X9.31", "BC");
+
+        signer.initVerify(KeyFactory.getInstance("RSA", "BC").generatePublic(rsaPublic));
+
+        signer.update(msg, 0, msg.length);
+
+        if (!signer.verify(sig))
+        {
+            fail("RSA X931 verify test 2 failed.");
+        }
+    }
+
+    private void shouldPassSignatureX931Test3()
+        throws Exception
+    {
+        BigInteger n = new BigInteger("dcb5686a3d2063a3f9cf7b9b32d2d3765b4c449b09b4960245a9111cd3b0cbd3260496885b8e1fa5db33b03efcc759d9c1afe29d93c6faebc7e0efada334b5b9a29655e2da2c8f11103d8203be311feab7ae88e9f1b2ec7d8fc655d77202b1681dd9717ec0f525b35584987e19539635a1ed23ca482a00149c609a23dc1645fd", 16);
+        BigInteger e = new BigInteger("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc9f7", 16);
+        BigInteger d = new BigInteger("189d6345099098992e0c9ca5f281e1338092342fa0acc85cc2a111f30f9bd2fb4753cd1a48ef0ddca9bf1af33ec76fb2e23a9fb4896c26f2235b516f7c05ef7ae81e70f4b491a5fedba9b935e9c76d761a813ce7776ff8a1e5efe1166ff2eca26aa900da88c908d51af9de26977fe39719cc781df32216fa41b838f0c63803c3", 16);
+
+        RSAPublicKeySpec rsaPublic = new RSAPublicKeySpec(n, e);
+        RSAPrivateKeySpec rsaPriv = new RSAPrivateKeySpec(n, d);
+
+        PrivateKey privateKey = KeyFactory.getInstance("RSA", "BC").generatePrivate(rsaPriv);
+        PublicKey publicKey = KeyFactory.getInstance("RSA", "BC").generatePublic(rsaPublic);
+
+
+        byte[] msg = Hex.decode("911475c6e210ef4ac65b6fe8d2bfe5e01b959771b137c4ef69b88716e0d2ff9ebc1fad0f358c1dd7d50cc99a7b893ac9a6207076f08d8467d9e48c69c683bfe64a44dabaa3f7c243880f6ab7229bf7bb587822314fc5de5131983bfb2eef8b4bc1eac36f353724b567cd1ae8cddd64ddb7057549d5c81ad5fa3b5e751f00abf5");
+        byte[] sig = Hex.decode("02c50ec0ac8a7f38ef5630c396964d6a6daaa7e3083ab5b57fa2a2632f3b70e2e85c8456cd774d45d7e44fcb063f0f04fff9f1e3adfda11272535a92cb59320b190b5ee4261f23d6ceaa925df3a7bfa42e26bf61ea9645d9d64b3c90a820802768a6e209c9f83705375a3867afccc037e8242a98fa4c3db6b2d9877754d47289");
+
+        doGenVerify("SHA1withRSA/X9.31", privateKey, publicKey, msg, sig);
+
+        msg = Hex.decode("911475c6e210ef4ac65b6fe8d2bfe5e01b959771b137c4ef69b88716e0d2ff9ebc1fad0f358c1dd7d50cc99a7b893ac9a6207076f08d8467d9e48c69c683bfe64a44dabaa3f7c243880f6ab7229bf7bb587822314fc5de5131983bfb2eef8b4bc1eac36f353724b567cd1ae8cddd64ddb7057549d5c81ad5fa3b5e751f00abf5");
+        sig = Hex.decode("2e2e279850ce21e34228a8e810d3ba835c51932e03c5e8886e99036f25a9a43aa5e33168274b7bfc1745ce8fc7ff3335f0927920f09fe9d4a6fac5e546eaf5aedc7e11ba75d33ae1487857b017930e69ec63a10971ca062c0e24f5b08226e59446d02a7827ceecbbcf6ecf0ffa7b3dff3e1a76b5f7432f804a4aa858e18877a5");
+
+        doGenVerify("SHA224withRSA/X9.31", privateKey, publicKey, msg, sig);
+
+        msg = Hex.decode("911475c6e210ef4ac65b6fe8d2bfe5e01b959771b137c4ef69b88716e0d2ff9ebc1fad0f358c1dd7d50cc99a7b893ac9a6207076f08d8467d9e48c69c683bfe64a44dabaa3f7c243880f6ab7229bf7bb587822314fc5de5131983bfb2eef8b4bc1eac36f353724b567cd1ae8cddd64ddb7057549d5c81ad5fa3b5e751f00abf5");
+        sig = Hex.decode("4f917837c2aedfb13e8c039cb076e399de39c2a964e418ad541745ff8062ca967d2ce6d51190732d3db089e48e31e95746f306314468c7d2248ace2cfbf4d67c59629a6e61813d52c1a84ea9d21a73b0afa7e871217f2ebeffeaa1268278edfcb7f2f98d1d32ef835123906e8d5f896d1af6877e304a39b03cf014ddaf850911");
+
+        doGenVerify("SHA256withRSA/X9.31", privateKey, publicKey, msg, sig);
+
+        msg = Hex.decode("7d1f36e728dd03b07825c5dcdf6ea933136e1eb819dd8a8aa27c3b0c9b56a0440045b981f1b9cc4107b55a51e81a5136192883cc1442572d9bf1bed44b2c690374d73a612889f8e8929246fe893dd6e26552da4a12dfbb4b63380e78a83dc44e82dba0d0f6d6ef6ec1c5732beb5ea0ff9ff30b7a3a3d1faba2591140d91017ee");
+        sig = Hex.decode("1210a59883326234d363155876818f43bdbe7ba758c44104ad771984636e13ecfbad97beb138a836b2d94dafd910ecb5b6ba7de6125a15f683af96220b3370e92ea2e1fb22fcd5e83def31728d9196b59308eb4498dadeddad66e26152b456e613ecc5fc8a7ed33f0608ea1ef886949f3741ab8c41ee453de877e5acea33a557");
+
+        doGenVerify("SHA384withRSA/X9.31", privateKey, publicKey, msg, sig);
+
+        msg = Hex.decode("911475c6e210ef4ac65b6fe8d2bfe5e01b959771b137c4ef69b88716e0d2ff9ebc1fad0f358c1dd7d50cc99a7b893ac9a6207076f08d8467d9e48c69c683bfe64a44dabaa3f7c243880f6ab7229bf7bb587822314fc5de5131983bfb2eef8b4bc1eac36f353724b567cd1ae8cddd64ddb7057549d5c81ad5fa3b5e751f00abf5");
+        sig = Hex.decode("154bbde6991b6c8c137a62595619e0038e6787703568a213cff95dac33bc871f7a45f8a3471b823451d1262f7a8932f11d5f93cadbc63daf840e0bbd7d317b57d385be706b58670afac7f055f67d8834f574863b1e295b2a85905bb9926f3114be2be59ad7782321578a451b91587bda7cd6a5051c0fd934af28d5d479463642");
+
+        doGenVerify("SHA512withRSA/X9.31", privateKey, publicKey, msg, sig);
+    }
+
+    private void doGenVerify(String algorithm, PrivateKey privateKey, PublicKey publicKey, byte[] msg, byte[] sig)
+        throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException
+    {
+        Signature signer = Signature.getInstance(algorithm, "BC");
+
+        signer.initSign(privateKey);
+
+        signer.update(msg, 0, msg.length);
+
+        byte[] s = signer.sign();
+
+        if (!Arrays.areEqual(sig, s))
+        {
+           fail(algorithm + " sig test 3 failed.");
+        }
+
+        signer.initVerify(publicKey);
+
+        signer.update(msg, 0, msg.length);
+
+        if (!signer.verify(sig))
+        {
+            fail(algorithm + " verify test 3 failed.");
+        }
+    }
+
     public String getName()
     {
         return "SigTest";
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SipHashTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SipHashTest.java
index 9120e88..5986141 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SipHashTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/SipHashTest.java
@@ -1,8 +1,13 @@
 package org.bouncycastle.jce.provider.test;
 
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.Security;
 
+import javax.crypto.KeyGenerator;
 import javax.crypto.Mac;
+import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -16,6 +21,42 @@ public class SipHashTest
     public void performTest()
         throws Exception
     {
+        testMac();
+        testKeyGenerator();
+    }
+
+    private void testKeyGenerator()
+        throws NoSuchAlgorithmException,
+        NoSuchProviderException
+    {
+        testKeyGen("SipHash");
+        testKeyGen("SipHash-2-4");
+        testKeyGen("SipHash-4-8");
+    }
+
+    private void testKeyGen(String algorithm)
+        throws NoSuchAlgorithmException,
+        NoSuchProviderException
+    {
+        KeyGenerator kg = KeyGenerator.getInstance(algorithm, "BC");
+
+        SecretKey key = kg.generateKey();
+
+        if (!key.getAlgorithm().equalsIgnoreCase("SipHash"))
+        {
+            fail("Unexpected algorithm name in key", "SipHash", key.getAlgorithm());
+        }
+        if (key.getEncoded().length != 16)
+        {
+            fail("Expected 128 bit key");
+        }
+    }
+
+    private void testMac()
+        throws NoSuchAlgorithmException,
+        NoSuchProviderException,
+        InvalidKeyException
+    {
         byte[] key = Hex.decode("000102030405060708090a0b0c0d0e0f");
         byte[] input = Hex.decode("000102030405060708090a0b0c0d0e");
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/TestUtils.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/TestUtils.java
index 4751fb2..4d57efe 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/TestUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/TestUtils.java
@@ -24,14 +24,17 @@ import org.bouncycastle.asn1.x509.BasicConstraints;
 import org.bouncycastle.asn1.x509.CRLNumber;
 import org.bouncycastle.asn1.x509.CRLReason;
 import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.jce.PrincipalUtil;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.x509.X509V1CertificateGenerator;
 import org.bouncycastle.x509.X509V2CRLGenerator;
 import org.bouncycastle.x509.X509V3CertificateGenerator;
 import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
-import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
 
 /**
  * Test Utils
@@ -81,7 +84,7 @@ class TestUtils
         certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
     
         certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
-        certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
+        certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(intKey.getEncoded()))));
         certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
         certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
 
@@ -102,7 +105,7 @@ class TestUtils
         certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
         
         certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
-        certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
+        certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(entityKey.getEncoded()))));
         certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
         certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
 
@@ -282,5 +285,17 @@ class TestUtils
         {
             return new byte[0];
         }
+
+    }
+
+    private static byte[] getDigest(SubjectPublicKeyInfo spki)
+    {
+        Digest digest = new SHA1Digest();
+        byte[]  resBuf = new byte[digest.getDigestSize()];
+
+        byte[] bytes = spki.getPublicKeyData().getBytes();
+        digest.update(bytes, 0, bytes.length);
+        digest.doFinal(resBuf, 0);
+        return resBuf;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ThreefishTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ThreefishTest.java
new file mode 100644
index 0000000..c278787
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/ThreefishTest.java
@@ -0,0 +1,80 @@
+package org.bouncycastle.jce.provider.test;
+
+import java.security.Security;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class ThreefishTest
+    extends SimpleTest
+{
+
+    private static final byte[] SECRET_KEY_1024 =
+        {
+            -15, -32, 56, 110, 22, -42, -26, 34, 25, 17, -83, -2, -78, 112, 49, 127, -4, 70, -110, -21, -10, -114, -82, -122,
+            78, 53, -105, -44, 34, 45, -102, -19, -30, 73, 87, 19, 25, -92, -64, -72, 11, 125, -92, -124, -126, -70, -92, 54,
+            46, 3, 86, -108, 71, -42, 44, -110, -36, -31, -48, -84, -19, 102, 124, -118, 17, -84, -119, 126, 37, -8, -13, 21,
+            -4, 86, 104, -85, -44, 82, 60, -61, -95, -9, -92, 68, -123, -111, -53, -36, -47, 36, -92, 121, 95, 25, 73, 124,
+            -13, -7, -106, -32, 75, -30, -25, -95, 120, 88, 2, 55, 68, -113, -60, 104, 59, 57, -86, -79, -110, -126, -44,
+            -18, 73, -37, -128, -40, -62, -15, 23, 87
+        };
+
+    private static final byte[] TEST_BYTES = new byte[1536];
+
+    public String getName()
+    {
+        return "Threefish";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+        // padding test at 128 pad bytes.
+
+        final SecretKey secretKey = new SecretKeySpec(SECRET_KEY_1024, "Threefish-1024");
+
+        Cipher cipher = Cipher.getInstance("Threefish-1024/CBC/ISO10126Padding", "BC");
+        cipher.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(new byte[128]));
+
+        byte[] iv = cipher.getIV();
+        byte[] ciphertext = cipher.doFinal(TEST_BYTES);
+
+        cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
+
+        byte[] cleartext = cipher.doFinal(ciphertext);
+
+        if (!Arrays.areEqual(TEST_BYTES, cleartext))
+        {
+            fail("Invalid cleartext - ISO10126Padding.");
+        }
+
+        cipher = Cipher.getInstance("Threefish-1024/CBC/PKCS7Padding", "BC");
+        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+
+        iv = cipher.getIV();
+        ciphertext = cipher.doFinal(TEST_BYTES);
+
+        cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
+
+        cleartext = cipher.doFinal(ciphertext);
+
+        if (!Arrays.areEqual(TEST_BYTES, cleartext))
+        {
+            fail("Invalid cleartext - PKCS7.");
+        }
+    }
+
+    public static void main(final String[] args)
+        throws Exception
+    {
+        Security.addProvider(new BouncyCastleProvider());
+
+        runTest(new ThreefishTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/X509StoreTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/X509StoreTest.java
deleted file mode 100644
index 5897117..0000000
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/X509StoreTest.java
+++ /dev/null
@@ -1,345 +0,0 @@
-package org.bouncycastle.jce.provider.test;
-
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.test.SimpleTest;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509CRLStoreSelector;
-import org.bouncycastle.x509.X509CertPairStoreSelector;
-import org.bouncycastle.x509.X509CertStoreSelector;
-import org.bouncycastle.x509.X509CertificatePair;
-import org.bouncycastle.x509.X509CollectionStoreParameters;
-import org.bouncycastle.x509.X509Store;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
-
-import java.io.ByteArrayInputStream;
-import java.math.BigInteger;
-import java.security.Security;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
-import java.util.List;
-
-public class X509StoreTest
-    extends SimpleTest
-{
-    private void certPairTest()
-        throws Exception
-    {
-        CertificateFactory cf = CertificateFactory.getInstance("X.509",
-                "BC");
-
-        X509Certificate rootCert = (X509Certificate)cf
-                .generateCertificate(new ByteArrayInputStream(
-                        CertPathTest.rootCertBin));
-        X509Certificate interCert = (X509Certificate)cf
-                .generateCertificate(new ByteArrayInputStream(
-                        CertPathTest.interCertBin));
-        X509Certificate finalCert = (X509Certificate)cf
-                .generateCertificate(new ByteArrayInputStream(
-                        CertPathTest.finalCertBin));
-
-        // Testing CollectionCertStore generation from List
-        X509CertificatePair pair1 = new X509CertificatePair(rootCert, interCert);
-        List certList = new ArrayList();
-
-        certList.add(pair1);
-        certList.add(new X509CertificatePair(interCert, finalCert));
-
-        X509CollectionStoreParameters ccsp = new X509CollectionStoreParameters(certList);
-
-        X509Store certStore = X509Store.getInstance("CertificatePair/Collection", ccsp, "BC");
-        X509CertPairStoreSelector selector = new X509CertPairStoreSelector();
-        X509CertStoreSelector fwSelector = new X509CertStoreSelector();
-
-        fwSelector.setSerialNumber(rootCert.getSerialNumber());
-        fwSelector.setSubject(rootCert.getIssuerDN().getName());
-        
-        selector.setForwardSelector(fwSelector);
-
-        Collection col = certStore.getMatches(selector);
-
-        if (col.size() != 1 || !col.contains(pair1))
-        {
-            fail("failed pair1 test");
-        }
-
-        col = certStore.getMatches(null);
-
-        if (col.size() != 2)
-        {
-            fail("failed null test");
-        }
-    }
-
-    public void performTest()
-        throws Exception
-    {
-        CertificateFactory cf = CertificateFactory.getInstance("X.509",
-                "BC");
-
-        X509Certificate rootCert = (X509Certificate)cf
-                .generateCertificate(new ByteArrayInputStream(
-                        CertPathTest.rootCertBin));
-        X509Certificate interCert = (X509Certificate)cf
-                .generateCertificate(new ByteArrayInputStream(
-                        CertPathTest.interCertBin));
-        X509Certificate finalCert = (X509Certificate)cf
-                .generateCertificate(new ByteArrayInputStream(
-                        CertPathTest.finalCertBin));
-        X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(
-                CertPathTest.rootCrlBin));
-        X509CRL interCrl = (X509CRL)cf
-                .generateCRL(new ByteArrayInputStream(
-                        CertPathTest.interCrlBin));
-
-        // Testing CollectionCertStore generation from List
-        List certList = new ArrayList();
-        certList.add(rootCert);
-        certList.add(interCert);
-        certList.add(finalCert);
-        X509CollectionStoreParameters ccsp = new X509CollectionStoreParameters(certList);
-        X509Store certStore = X509Store.getInstance("Certificate/Collection", ccsp, "BC");
-        // set default to be the same as for SUN X500 name
-        X509Principal.DefaultReverse = true;
-
-        // Searching for rootCert by subjectDN
-    
-        X509CertStoreSelector targetConstraints = new X509CertStoreSelector();
-        targetConstraints.setSubject(PrincipalUtil.getSubjectX509Principal(rootCert).getEncoded());
-        Collection certs = certStore.getMatches(targetConstraints);
-        if (certs.size() != 1 || !certs.contains(rootCert))
-        {
-            fail("rootCert not found by subjectDN");
-        }
-
-        // Searching for rootCert by subjectDN encoded as byte
-        targetConstraints = new X509CertStoreSelector();
-        targetConstraints.setSubject(PrincipalUtil.getSubjectX509Principal(rootCert).getEncoded());
-        certs = certStore.getMatches(targetConstraints);
-        if (certs.size() != 1 || !certs.contains(rootCert))
-        {
-            fail("rootCert not found by encoded subjectDN");
-        }
-
-        X509Principal.DefaultReverse = false;
-
-        // Searching for rootCert by public key encoded as byte
-        targetConstraints = new X509CertStoreSelector();
-        targetConstraints.setSubjectPublicKey(rootCert.getPublicKey().getEncoded());
-        certs = certStore.getMatches(targetConstraints);
-        if (certs.size() != 1 || !certs.contains(rootCert))
-        {
-            fail("rootCert not found by encoded public key");
-        }
-
-        // Searching for interCert by issuerDN
-        targetConstraints = new X509CertStoreSelector();
-        targetConstraints.setIssuer(PrincipalUtil.getSubjectX509Principal(rootCert).getEncoded());
-        certs = certStore.getMatches(targetConstraints);
-        if (certs.size() != 2)
-        {
-            fail("did not found 2 certs");
-        }
-        if (!certs.contains(rootCert))
-        {
-            fail("rootCert not found");
-        }
-        if (!certs.contains(interCert))
-        {
-            fail("interCert not found");
-        }
-
-        // Searching for rootCrl by issuerDN
-        List crlList = new ArrayList();
-        crlList.add(rootCrl);
-        crlList.add(interCrl);
-        ccsp = new X509CollectionStoreParameters(crlList);
-        X509Store store = X509Store.getInstance("CRL/Collection", ccsp, "BC");
-        X509CRLStoreSelector targetConstraintsCRL = new X509CRLStoreSelector();
-        targetConstraintsCRL.setIssuers(Collections.singleton(rootCrl.getIssuerX500Principal()));
-        Collection crls = store.getMatches(targetConstraintsCRL);
-        if (crls.size() != 1 || !crls.contains(rootCrl))
-        {
-            fail("rootCrl not found");
-        }
-
-        crls = certStore.getMatches(targetConstraintsCRL);
-        if (crls.size() != 0)
-        {
-            fail("error using wrong selector (CRL)");
-        }
-        certs = store.getMatches(targetConstraints);
-        if (certs.size() != 0)
-        {
-            fail("error using wrong selector (certs)");
-        }
-        // Searching for attribute certificates
-        X509V2AttributeCertificate attrCert = new X509V2AttributeCertificate(AttrCertTest.attrCert);
-        X509AttributeCertificate attrCert2 = new X509V2AttributeCertificate(AttrCertTest.certWithBaseCertificateID);
-
-        List attrList = new ArrayList();
-        attrList.add(attrCert);
-        attrList.add(attrCert2);
-        ccsp = new X509CollectionStoreParameters(attrList);
-        store = X509Store.getInstance("AttributeCertificate/Collection", ccsp, "BC");
-        X509AttributeCertStoreSelector attrSelector = new X509AttributeCertStoreSelector();
-        attrSelector.setHolder(attrCert.getHolder());
-        if (!attrSelector.getHolder().equals(attrCert.getHolder()))
-        {
-            fail("holder get not correct");
-        }
-        Collection attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 1 || !attrs.contains(attrCert))
-        {
-            fail("attrCert not found on holder");
-        }
-        attrSelector.setHolder(attrCert2.getHolder());
-        if (attrSelector.getHolder().equals(attrCert.getHolder()))
-        {
-            fail("holder get not correct");
-        }
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 1 || !attrs.contains(attrCert2))
-        {
-            fail("attrCert2 not found on holder");
-        }
-        attrSelector = new X509AttributeCertStoreSelector();
-        attrSelector.setIssuer(attrCert.getIssuer());
-        if (!attrSelector.getIssuer().equals(attrCert.getIssuer()))
-        {
-            fail("issuer get not correct");
-        }
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 1 || !attrs.contains(attrCert))
-        {
-            fail("attrCert not found on issuer");
-        }
-        attrSelector.setIssuer(attrCert2.getIssuer());
-        if (attrSelector.getIssuer().equals(attrCert.getIssuer()))
-        {
-            fail("issuer get not correct");
-        }
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 1 || !attrs.contains(attrCert2))
-        {
-            fail("attrCert2 not found on issuer");
-        }
-        attrSelector = new X509AttributeCertStoreSelector();
-        attrSelector.setAttributeCert(attrCert);
-        if (!attrSelector.getAttributeCert().equals(attrCert))
-        {
-            fail("attrCert get not correct");
-        }
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 1 || !attrs.contains(attrCert))
-        {
-            fail("attrCert not found on attrCert");
-        }
-        attrSelector = new X509AttributeCertStoreSelector();
-        attrSelector.setSerialNumber(attrCert.getSerialNumber());
-        if (!attrSelector.getSerialNumber().equals(attrCert.getSerialNumber()))
-        {
-            fail("serial number get not correct");
-        }
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 1 || !attrs.contains(attrCert))
-        {
-            fail("attrCert not found on serial number");
-        }
-        attrSelector = (X509AttributeCertStoreSelector)attrSelector.clone();
-        if (!attrSelector.getSerialNumber().equals(attrCert.getSerialNumber()))
-        {
-            fail("serial number get not correct");
-        }
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 1 || !attrs.contains(attrCert))
-        {
-            fail("attrCert not found on serial number");
-        }
-
-        attrSelector = new X509AttributeCertStoreSelector();
-        attrSelector.setAttributeCertificateValid(attrCert.getNotBefore());
-        if (!attrSelector.getAttributeCertificateValid().equals(attrCert.getNotBefore()))
-        {
-            fail("valid get not correct");
-        }
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 1 || !attrs.contains(attrCert))
-        {
-            fail("attrCert not found on valid");
-        }
-        attrSelector = new X509AttributeCertStoreSelector();
-        attrSelector.setAttributeCertificateValid(new Date(attrCert.getNotBefore().getTime() - 100));
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 0)
-        {
-            fail("attrCert found on before");
-        }
-        attrSelector.setAttributeCertificateValid(new Date(attrCert.getNotAfter().getTime() + 100));
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 0)
-        {
-            fail("attrCert found on after");
-        }
-        attrSelector.setSerialNumber(BigInteger.valueOf(10000));
-        attrs = store.getMatches(attrSelector);
-        if (attrs.size() != 0)
-        {
-            fail("attrCert found on wrong serial number");
-        }
-
-        attrSelector.setAttributeCert(null);
-        attrSelector.setAttributeCertificateValid(null);
-        attrSelector.setHolder(null);
-        attrSelector.setIssuer(null);
-        attrSelector.setSerialNumber(null);
-        if (attrSelector.getAttributeCert() != null)
-        {
-            fail("null attrCert");
-        }
-        if (attrSelector.getAttributeCertificateValid() != null)
-        {
-            fail("null attrCertValid");
-        }
-        if (attrSelector.getHolder() != null)
-        {
-            fail("null attrCert holder");
-        }
-        if (attrSelector.getIssuer() != null)
-        {
-            fail("null attrCert issuer");
-        }
-        if (attrSelector.getSerialNumber() != null)
-        {
-            fail("null attrCert serial");
-        }
-
-        attrs = certStore.getMatches(attrSelector);
-        if (attrs.size() != 0)
-        {
-            fail("error using wrong selector (attrs)");
-        }
-
-        certPairTest();
-    }
-
-    public String getName()
-    {
-        return "X509Store";
-    }
-
-    public static void main(String[] args)
-    {
-        Security.addProvider(new BouncyCastleProvider());
-
-        runTest(new X509StoreTest());
-    }
-
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/nist/NistCertPathTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/nist/NistCertPathTest.java
index ddbda5d..af94e4e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/nist/NistCertPathTest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/nist/NistCertPathTest.java
@@ -34,8 +34,9 @@ import junit.framework.TestCase;
 import junit.framework.TestSuite;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.x509.Extension;
 
 /**
  * NIST CertPath test data for RFC 3280
@@ -206,7 +207,7 @@ public class NistCertPathTest
                 new String[] { "NegativeSerialNumberCACert", "InvalidNegativeSerialNumberTest15EE" }, 
                 new String[] { TRUST_ANCHOR_ROOT_CRL, "NegativeSerialNumberCACRL" },
                 0,
-                "Certificate revocation after Fri Apr 20 00:57:20", "reason: keyCompromise");
+                "Certificate revocation after 2001-04-19 14:57:20 +0000", "reason: keyCompromise");
     }
     
     //
@@ -830,11 +831,11 @@ public class NistCertPathTest
         throws Exception
     {
         X509Certificate cert = loadCert(trustAnchorName);
-        byte[]          extBytes = cert.getExtensionValue(X509Extension.nameConstraints.getId());
+        byte[]          extBytes = cert.getExtensionValue(Extension.nameConstraints.getId());
         
         if (extBytes != null)
         {
-            ASN1Encodable extValue = X509ExtensionUtil.fromExtensionValue(extBytes);
+            ASN1Encodable extValue = ASN1Primitive.fromByteArray(ASN1OctetString.getInstance(extBytes).getOctets());
             
             return new TrustAnchor(cert, extValue.toASN1Primitive().getEncoded(ASN1Encoding.DER));
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java b/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java
index 47416a2..4e749a5 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java
@@ -7,9 +7,9 @@ import org.bouncycastle.math.ec.ECPoint;
 
 /**
  * specification signifying that the curve parameters can also be
- * refered to by name.
+ * referred to by name.
  * <p>
- * If you are using JDK 1.5 you should be looking at ECNamedCurveSpec.
+ * If you are using JDK 1.5 you should be looking at {@link ECNamedCurveSpec}.
  */
 public class ECNamedCurveParameterSpec
     extends ECParameterSpec
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java b/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java
index b3d239e..c1b5ccc 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java
@@ -6,6 +6,7 @@ import java.security.spec.ECFieldFp;
 import java.security.spec.ECPoint;
 import java.security.spec.EllipticCurve;
 
+import org.bouncycastle.math.ec.ECAlgorithms;
 import org.bouncycastle.math.ec.ECCurve;
 
 /**
@@ -21,9 +22,9 @@ public class ECNamedCurveSpec
         ECCurve  curve,
         byte[]   seed)
     {
-        if (curve instanceof ECCurve.Fp)
+        if (ECAlgorithms.isFpCurve(curve))
         {
-            return new EllipticCurve(new ECFieldFp(((ECCurve.Fp)curve).getQ()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed);
+            return new EllipticCurve(new ECFieldFp(curve.getField().getCharacteristic()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed);
         }
         else
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java b/bcprov/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java
index 165df9f..c18a88f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java
@@ -2,6 +2,8 @@ package org.bouncycastle.jce.spec;
 
 import java.security.spec.AlgorithmParameterSpec;
 
+import org.bouncycastle.util.Arrays;
+
 /**
  * Parameter spec for an integrated encryptor, as in IEEE P1363a
  */
@@ -12,6 +14,8 @@ public class IESParameterSpec
     private byte[] encoding;
     private int macKeySize;
     private int cipherKeySize;
+    private byte[] nonce;
+    private boolean usePointCompression;
 
 
     /**
@@ -26,7 +30,7 @@ public class IESParameterSpec
         byte[] encoding,
         int macKeySize)
     {
-        this(derivation, encoding, macKeySize, -1);
+        this(derivation, encoding, macKeySize, -1, null, false);
     }
 
 
@@ -44,6 +48,46 @@ public class IESParameterSpec
         int macKeySize,
         int cipherKeySize)
     {
+        this(derivation, encoding, macKeySize, cipherKeySize, null, false);
+    }
+
+    /**
+     * Set the IES engine parameters.
+     *
+     * @param derivation    the optional derivation vector for the KDF.
+     * @param encoding      the optional encoding vector for the KDF.
+     * @param macKeySize    the key size (in bits) for the MAC.
+     * @param cipherKeySize the key size (in bits) for the block cipher.
+     * @param nonce         an IV to use initialising the block cipher.
+     */
+    public IESParameterSpec(
+        byte[] derivation,
+        byte[] encoding,
+        int macKeySize,
+        int cipherKeySize,
+        byte[] nonce)
+    {
+        this(derivation, encoding, macKeySize, cipherKeySize, nonce, false);
+    }
+
+    /**
+     * Set the IES engine parameters.
+     *
+     * @param derivation    the optional derivation vector for the KDF.
+     * @param encoding      the optional encoding vector for the KDF.
+     * @param macKeySize    the key size (in bits) for the MAC.
+     * @param cipherKeySize the key size (in bits) for the block cipher.
+     * @param nonce         an IV to use initialising the block cipher.
+     * @param usePointCompression whether to use EC point compression or not (false by default)
+     */
+    public IESParameterSpec(
+        byte[] derivation,
+        byte[] encoding,
+        int macKeySize,
+        int cipherKeySize,
+        byte[] nonce,
+        boolean usePointCompression)
+    {
         if (derivation != null)
         {
             this.derivation = new byte[derivation.length];
@@ -66,15 +110,16 @@ public class IESParameterSpec
 
         this.macKeySize = macKeySize;
         this.cipherKeySize = cipherKeySize;
+        this.nonce = Arrays.clone(nonce);
+        this.usePointCompression = usePointCompression;
     }
 
-
     /**
      * return the derivation vector.
      */
     public byte[] getDerivationV()
     {
-        return derivation;
+        return Arrays.clone(derivation);
     }
 
     /**
@@ -82,7 +127,7 @@ public class IESParameterSpec
      */
     public byte[] getEncodingV()
     {
-        return encoding;
+        return Arrays.clone(encoding);
     }
 
     /**
@@ -101,4 +146,31 @@ public class IESParameterSpec
         return cipherKeySize;
     }
 
-}
+    /**
+     * Return the nonce (IV) value to be associated with message.
+     *
+     * @return block cipher IV for message.
+     */
+    public byte[] getNonce()
+    {
+        return Arrays.clone(nonce);
+    }
+
+    /**
+     * Set the 'point compression' flag.
+     */
+    public void setPointCompression(boolean usePointCompression)
+    {
+        this.usePointCompression = usePointCompression;
+    }
+
+    /**
+     * Return the 'point compression' flag.
+     *
+     * @return the point compression flag
+     */
+    public boolean getPointCompression()
+    {
+        return usePointCompression;
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/spec/package.html b/bcprov/src/main/java/org/bouncycastle/jce/spec/package.html
new file mode 100644
index 0000000..6f37057
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jce/spec/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Parameter specifications for supporting El Gamal, and Elliptic Curve.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/AbstractECMultiplier.java b/bcprov/src/main/java/org/bouncycastle/math/ec/AbstractECMultiplier.java
index 69ab797..d1f35c5 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/AbstractECMultiplier.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/AbstractECMultiplier.java
@@ -13,7 +13,13 @@ public abstract class AbstractECMultiplier implements ECMultiplier
         }
 
         ECPoint positive = multiplyPositive(p, k.abs());
-        return sign > 0 ? positive : positive.negate();
+        ECPoint result = sign > 0 ? positive : positive.negate();
+
+        /*
+         * Although the various multipliers ought not to produce invalid output under normal
+         * circumstances, a final check here is advised to guard against fault attacks.
+         */
+        return ECAlgorithms.validatePoint(result);
     }
 
     protected abstract ECPoint multiplyPositive(ECPoint p, BigInteger k);
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java
index d640b5f..7165bab 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java
@@ -2,8 +2,62 @@ package org.bouncycastle.math.ec;
 
 import java.math.BigInteger;
 
+import org.bouncycastle.math.ec.endo.ECEndomorphism;
+import org.bouncycastle.math.ec.endo.GLVEndomorphism;
+import org.bouncycastle.math.field.FiniteField;
+import org.bouncycastle.math.field.PolynomialExtensionField;
+
 public class ECAlgorithms
 {
+    public static boolean isF2mCurve(ECCurve c)
+    {
+        FiniteField field = c.getField();
+        return field.getDimension() > 1 && field.getCharacteristic().equals(ECConstants.TWO)
+            && field instanceof PolynomialExtensionField;
+    }
+
+    public static boolean isFpCurve(ECCurve c)
+    {
+        return c.getField().getDimension() == 1;
+    }
+
+    public static ECPoint sumOfMultiplies(ECPoint[] ps, BigInteger[] ks)
+    {
+        if (ps == null || ks == null || ps.length != ks.length || ps.length < 1)
+        {
+            throw new IllegalArgumentException("point and scalar arrays should be non-null, and of equal, non-zero, length");
+        }
+
+        int count = ps.length;
+        switch (count)
+        {
+        case 1:
+            return ps[0].multiply(ks[0]);
+        case 2:
+            return sumOfTwoMultiplies(ps[0], ks[0], ps[1], ks[1]);
+        default:
+            break;
+        }
+
+        ECPoint p = ps[0];
+        ECCurve c = p.getCurve();
+
+        ECPoint[] imported = new ECPoint[count];
+        imported[0] = p;
+        for (int i = 1; i < count; ++i)
+        {
+            imported[i] = importPoint(c, ps[i]);
+        }
+
+        ECEndomorphism endomorphism = c.getEndomorphism();
+        if (endomorphism instanceof GLVEndomorphism)
+        {
+            return validatePoint(implSumOfMultipliesGLV(imported, ks, (GLVEndomorphism)endomorphism));
+        }
+
+        return validatePoint(implSumOfMultiplies(imported, ks));
+    }
+
     public static ECPoint sumOfTwoMultiplies(ECPoint P, BigInteger a,
         ECPoint Q, BigInteger b)
     {
@@ -16,11 +70,18 @@ public class ECAlgorithms
             ECCurve.F2m f2mCurve = (ECCurve.F2m)cp;
             if (f2mCurve.isKoblitz())
             {
-                return P.multiply(a).add(Q.multiply(b));
+                return validatePoint(P.multiply(a).add(Q.multiply(b)));
             }
         }
 
-        return implShamirsTrick(P, a, Q, b);
+        ECEndomorphism endomorphism = cp.getEndomorphism();
+        if (endomorphism instanceof GLVEndomorphism)
+        {
+            return validatePoint(
+                implSumOfMultipliesGLV(new ECPoint[]{ P, Q }, new BigInteger[]{ a, b }, (GLVEndomorphism)endomorphism));
+        }
+
+        return validatePoint(implShamirsTrickWNaf(P, a, Q, b));
     }
 
     /*
@@ -48,7 +109,7 @@ public class ECAlgorithms
         ECCurve cp = P.getCurve();
         Q = importPoint(cp, Q);
 
-        return implShamirsTrick(P, k, Q, l);
+        return validatePoint(implShamirsTrickJsf(P, k, Q, l));
     }
 
     public static ECPoint importPoint(ECCurve c, ECPoint p)
@@ -61,7 +122,12 @@ public class ECAlgorithms
         return c.importPoint(p);
     }
 
-    static void implMontgomeryTrick(ECFieldElement[] zs, int off, int len)
+    public static void montgomeryTrick(ECFieldElement[] zs, int off, int len)
+    {
+        montgomeryTrick(zs, off, len, null);
+    }
+
+    public static void montgomeryTrick(ECFieldElement[] zs, int off, int len, ECFieldElement scale)
     {
         /*
          * Uses the "Montgomery Trick" to invert many field elements, with only a single actual
@@ -79,7 +145,14 @@ public class ECAlgorithms
             c[i] = c[i - 1].multiply(zs[off + i]);
         }
 
-        ECFieldElement u = c[--i].invert();
+        --i;
+
+        if (scale != null)
+        {
+            c[i] = c[i].multiply(scale);
+        }
+
+        ECFieldElement u = c[i].invert();
 
         while (i > 0)
         {
@@ -92,7 +165,50 @@ public class ECAlgorithms
         zs[off] = u;
     }
 
-    static ECPoint implShamirsTrick(ECPoint P, BigInteger k,
+    /**
+     * Simple shift-and-add multiplication. Serves as reference implementation
+     * to verify (possibly faster) implementations, and for very small scalars.
+     * 
+     * @param p
+     *            The point to multiply.
+     * @param k
+     *            The multiplier.
+     * @return The result of the point multiplication <code>kP</code>.
+     */
+    public static ECPoint referenceMultiply(ECPoint p, BigInteger k)
+    {
+        BigInteger x = k.abs();
+        ECPoint q = p.getCurve().getInfinity();
+        int t = x.bitLength();
+        if (t > 0)
+        {
+            if (x.testBit(0))
+            {
+                q = p;
+            }
+            for (int i = 1; i < t; i++)
+            {
+                p = p.twice();
+                if (x.testBit(i))
+                {
+                    q = q.add(p);
+                }
+            }
+        }
+        return k.signum() < 0 ? q.negate() : q;
+    }
+
+    public static ECPoint validatePoint(ECPoint p)
+    {
+        if (!p.isValid())
+        {
+            throw new IllegalArgumentException("Invalid point");
+        }
+
+        return p;
+    }
+
+    static ECPoint implShamirsTrickJsf(ECPoint P, BigInteger k,
         ECPoint Q, BigInteger l)
     {
         ECCurve curve = P.getCurve();
@@ -118,7 +234,9 @@ public class ECAlgorithms
         while (--i >= 0)
         {
             int jsfi = jsf[i];
-            int kDigit = (jsfi >> 4), lDigit = ((jsfi << 28) >> 28);
+
+            // NOTE: The shifting ensures the sign is extended correctly
+            int kDigit = ((jsfi << 24) >> 28), lDigit = ((jsfi << 28) >> 28);
 
             int index = 4 + (kDigit * 3) + lDigit;
             R = R.twicePlus(table[index]);
@@ -126,4 +244,238 @@ public class ECAlgorithms
 
         return R;
     }
+
+    static ECPoint implShamirsTrickWNaf(ECPoint P, BigInteger k,
+        ECPoint Q, BigInteger l)
+    {
+        boolean negK = k.signum() < 0, negL = l.signum() < 0;
+
+        k = k.abs();
+        l = l.abs();
+
+        int widthP = Math.max(2, Math.min(16, WNafUtil.getWindowSize(k.bitLength())));
+        int widthQ = Math.max(2, Math.min(16, WNafUtil.getWindowSize(l.bitLength())));
+
+        WNafPreCompInfo infoP = WNafUtil.precompute(P, widthP, true);
+        WNafPreCompInfo infoQ = WNafUtil.precompute(Q, widthQ, true);
+
+        ECPoint[] preCompP = negK ? infoP.getPreCompNeg() : infoP.getPreComp();
+        ECPoint[] preCompQ = negL ? infoQ.getPreCompNeg() : infoQ.getPreComp();
+        ECPoint[] preCompNegP = negK ? infoP.getPreComp() : infoP.getPreCompNeg();
+        ECPoint[] preCompNegQ = negL ? infoQ.getPreComp() : infoQ.getPreCompNeg();
+
+        byte[] wnafP = WNafUtil.generateWindowNaf(widthP, k);
+        byte[] wnafQ = WNafUtil.generateWindowNaf(widthQ, l);
+
+        return implShamirsTrickWNaf(preCompP, preCompNegP, wnafP, preCompQ, preCompNegQ, wnafQ);
+    }
+
+    static ECPoint implShamirsTrickWNaf(ECPoint P, BigInteger k, ECPointMap pointMapQ, BigInteger l)
+    {
+        boolean negK = k.signum() < 0, negL = l.signum() < 0;
+
+        k = k.abs();
+        l = l.abs();
+
+        int width = Math.max(2, Math.min(16, WNafUtil.getWindowSize(Math.max(k.bitLength(), l.bitLength()))));
+
+        ECPoint Q = WNafUtil.mapPointWithPrecomp(P, width, true, pointMapQ);
+        WNafPreCompInfo infoP = WNafUtil.getWNafPreCompInfo(P);
+        WNafPreCompInfo infoQ = WNafUtil.getWNafPreCompInfo(Q);
+
+        ECPoint[] preCompP = negK ? infoP.getPreCompNeg() : infoP.getPreComp();
+        ECPoint[] preCompQ = negL ? infoQ.getPreCompNeg() : infoQ.getPreComp();
+        ECPoint[] preCompNegP = negK ? infoP.getPreComp() : infoP.getPreCompNeg();
+        ECPoint[] preCompNegQ = negL ? infoQ.getPreComp() : infoQ.getPreCompNeg();
+
+        byte[] wnafP = WNafUtil.generateWindowNaf(width, k);
+        byte[] wnafQ = WNafUtil.generateWindowNaf(width, l);
+
+        return implShamirsTrickWNaf(preCompP, preCompNegP, wnafP, preCompQ, preCompNegQ, wnafQ);
+    }
+
+    private static ECPoint implShamirsTrickWNaf(ECPoint[] preCompP, ECPoint[] preCompNegP, byte[] wnafP,
+        ECPoint[] preCompQ, ECPoint[] preCompNegQ, byte[] wnafQ)
+    {
+        int len = Math.max(wnafP.length, wnafQ.length);
+
+        ECCurve curve = preCompP[0].getCurve();
+        ECPoint infinity = curve.getInfinity();
+
+        ECPoint R = infinity;
+        int zeroes = 0;
+
+        for (int i = len - 1; i >= 0; --i)
+        {
+            int wiP = i < wnafP.length ? wnafP[i] : 0;
+            int wiQ = i < wnafQ.length ? wnafQ[i] : 0;
+
+            if ((wiP | wiQ) == 0)
+            {
+                ++zeroes;
+                continue;
+            }
+
+            ECPoint r = infinity;
+            if (wiP != 0)
+            {
+                int nP = Math.abs(wiP);
+                ECPoint[] tableP = wiP < 0 ? preCompNegP : preCompP;
+                r = r.add(tableP[nP >>> 1]);
+            }
+            if (wiQ != 0)
+            {
+                int nQ = Math.abs(wiQ);
+                ECPoint[] tableQ = wiQ < 0 ? preCompNegQ : preCompQ;
+                r = r.add(tableQ[nQ >>> 1]);
+            }
+
+            if (zeroes > 0)
+            {
+                R = R.timesPow2(zeroes);
+                zeroes = 0;
+            }
+
+            R = R.twicePlus(r);
+        }
+
+        if (zeroes > 0)
+        {
+            R = R.timesPow2(zeroes);
+        }
+
+        return R;
+    }
+
+    static ECPoint implSumOfMultiplies(ECPoint[] ps, BigInteger[] ks)
+    {
+        int count = ps.length;
+        boolean[] negs = new boolean[count];
+        WNafPreCompInfo[] infos = new WNafPreCompInfo[count];
+        byte[][] wnafs = new byte[count][];
+
+        for (int i = 0; i < count; ++i)
+        {
+            BigInteger ki = ks[i]; negs[i] = ki.signum() < 0; ki = ki.abs();
+
+            int width = Math.max(2, Math.min(16, WNafUtil.getWindowSize(ki.bitLength())));
+            infos[i] = WNafUtil.precompute(ps[i], width, true);
+            wnafs[i] = WNafUtil.generateWindowNaf(width, ki);
+        }
+
+        return implSumOfMultiplies(negs, infos, wnafs);
+    }
+
+    static ECPoint implSumOfMultipliesGLV(ECPoint[] ps, BigInteger[] ks, GLVEndomorphism glvEndomorphism)
+    {
+        BigInteger n = ps[0].getCurve().getOrder();
+
+        int len = ps.length;
+
+        BigInteger[] abs = new BigInteger[len << 1];
+        for (int i = 0, j = 0; i < len; ++i)
+        {
+            BigInteger[] ab = glvEndomorphism.decomposeScalar(ks[i].mod(n));
+            abs[j++] = ab[0];
+            abs[j++] = ab[1];
+        }
+
+        ECPointMap pointMap = glvEndomorphism.getPointMap();
+        if (glvEndomorphism.hasEfficientPointMap())
+        {
+            return ECAlgorithms.implSumOfMultiplies(ps, pointMap, abs);
+        }
+
+        ECPoint[] pqs = new ECPoint[len << 1];
+        for (int i = 0, j = 0; i < len; ++i)
+        {
+            ECPoint p = ps[i], q = pointMap.map(p);
+            pqs[j++] = p;
+            pqs[j++] = q;
+        }
+        
+        return ECAlgorithms.implSumOfMultiplies(pqs, abs);
+
+    }
+
+    static ECPoint implSumOfMultiplies(ECPoint[] ps, ECPointMap pointMap, BigInteger[] ks)
+    {
+        int halfCount = ps.length, fullCount = halfCount << 1;
+
+        boolean[] negs = new boolean[fullCount];
+        WNafPreCompInfo[] infos = new WNafPreCompInfo[fullCount];
+        byte[][] wnafs = new byte[fullCount][];
+
+        for (int i = 0; i < halfCount; ++i)
+        {
+            int j0 = i << 1, j1 = j0 + 1;
+
+            BigInteger kj0 = ks[j0]; negs[j0] = kj0.signum() < 0; kj0 = kj0.abs();
+            BigInteger kj1 = ks[j1]; negs[j1] = kj1.signum() < 0; kj1 = kj1.abs();
+
+            int width = Math.max(2, Math.min(16, WNafUtil.getWindowSize(Math.max(kj0.bitLength(), kj1.bitLength()))));
+
+            ECPoint P = ps[i], Q = WNafUtil.mapPointWithPrecomp(P, width, true, pointMap);
+            infos[j0] = WNafUtil.getWNafPreCompInfo(P);
+            infos[j1] = WNafUtil.getWNafPreCompInfo(Q);
+            wnafs[j0] = WNafUtil.generateWindowNaf(width, kj0);
+            wnafs[j1] = WNafUtil.generateWindowNaf(width, kj1);
+        }
+
+        return implSumOfMultiplies(negs, infos, wnafs);
+    }
+
+    private static ECPoint implSumOfMultiplies(boolean[] negs, WNafPreCompInfo[] infos, byte[][] wnafs)
+    {
+        int len = 0, count = wnafs.length;
+        for (int i = 0; i < count; ++i)
+        {
+            len = Math.max(len, wnafs[i].length);
+        }
+
+        ECCurve curve = infos[0].getPreComp()[0].getCurve();
+        ECPoint infinity = curve.getInfinity();
+
+        ECPoint R = infinity;
+        int zeroes = 0;
+
+        for (int i = len - 1; i >= 0; --i)
+        {
+            ECPoint r = infinity;
+
+            for (int j = 0; j < count; ++j)
+            {
+                byte[] wnaf = wnafs[j];
+                int wi = i < wnaf.length ? wnaf[i] : 0;
+                if (wi != 0)
+                {
+                    int n = Math.abs(wi);
+                    WNafPreCompInfo info = infos[j];
+                    ECPoint[] table = (wi < 0 == negs[j]) ? info.getPreComp() : info.getPreCompNeg();
+                    r = r.add(table[n >>> 1]);
+                }
+            }
+
+            if (r == infinity)
+            {
+                ++zeroes;
+                continue;
+            }
+
+            if (zeroes > 0)
+            {
+                R = R.timesPow2(zeroes);
+                zeroes = 0;
+            }
+
+            R = R.twicePlus(r);
+        }
+
+        if (zeroes > 0)
+        {
+            R = R.timesPow2(zeroes);
+        }
+
+        return R;
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java
index 19f0062..0dc6853 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java
@@ -1,9 +1,15 @@
 package org.bouncycastle.math.ec;
 
 import java.math.BigInteger;
+import java.util.Hashtable;
 import java.util.Random;
 
+import org.bouncycastle.math.ec.endo.ECEndomorphism;
+import org.bouncycastle.math.ec.endo.GLVEndomorphism;
+import org.bouncycastle.math.field.FiniteField;
+import org.bouncycastle.math.field.FiniteFields;
 import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.Integers;
 
 /**
  * base class for an elliptic curve
@@ -28,11 +34,13 @@ public abstract class ECCurve
     public class Config
     {
         protected int coord;
+        protected ECEndomorphism endomorphism;
         protected ECMultiplier multiplier;
 
-        Config(int coord, ECMultiplier multiplier)
+        Config(int coord, ECEndomorphism endomorphism, ECMultiplier multiplier)
         {
             this.coord = coord;
+            this.endomorphism = endomorphism;
             this.multiplier = multiplier;
         }
 
@@ -42,6 +50,12 @@ public abstract class ECCurve
             return this;
         }
 
+        public Config setEndomorphism(ECEndomorphism endomorphism)
+        {
+            this.endomorphism = endomorphism;
+            return this;
+        }
+
         public Config setMultiplier(ECMultiplier multiplier)
         {
             this.multiplier = multiplier;
@@ -62,23 +76,57 @@ public abstract class ECCurve
             }
 
             c.coord = coord;
+            c.endomorphism = endomorphism;
             c.multiplier = multiplier;
 
             return c;
         }
     }
 
+    protected FiniteField field;
     protected ECFieldElement a, b;
+    protected BigInteger order, cofactor;
+
     protected int coord = COORD_AFFINE;
+    protected ECEndomorphism endomorphism = null;
     protected ECMultiplier multiplier = null;
 
+    protected ECCurve(FiniteField field)
+    {
+        this.field = field;
+    }
+
     public abstract int getFieldSize();
 
     public abstract ECFieldElement fromBigInteger(BigInteger x);
 
     public Config configure()
     {
-        return new Config(this.coord, this.multiplier);
+        return new Config(this.coord, this.endomorphism, this.multiplier);
+    }
+
+    public ECPoint validatePoint(BigInteger x, BigInteger y)
+    {
+        ECPoint p = createPoint(x, y);
+        if (!p.isValid())
+        {
+            throw new IllegalArgumentException("Invalid point coordinates");
+        }
+        return p;
+    }
+
+    /**
+     * @deprecated per-point compression property will be removed, use {@link #validatePoint(BigInteger, BigInteger)}
+     * and refer {@link ECPoint#getEncoded(boolean)}
+     */
+    public ECPoint validatePoint(BigInteger x, BigInteger y, boolean withCompression)
+    {
+        ECPoint p = createPoint(x, y, withCompression);
+        if (!p.isValid())
+        {
+            throw new IllegalArgumentException("Invalid point coordinates");
+        }
+        return p;
     }
 
     public ECPoint createPoint(BigInteger x, BigInteger y)
@@ -99,8 +147,15 @@ public abstract class ECCurve
 
     protected abstract ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression);
 
+    protected abstract ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression);
+
     protected ECMultiplier createDefaultMultiplier()
     {
+        if (endomorphism instanceof GLVEndomorphism)
+        {
+            return new GLVMultiplier(this, (GLVEndomorphism)endomorphism);
+        }
+
         return new WNafL2RMultiplier();
     }
 
@@ -109,26 +164,40 @@ public abstract class ECCurve
         return coord == COORD_AFFINE;
     }
 
-    public PreCompInfo getPreCompInfo(ECPoint p)
+    public PreCompInfo getPreCompInfo(ECPoint point, String name)
     {
-        checkPoint(p);
-        return p.preCompInfo;
+        checkPoint(point);
+        synchronized (point)
+        {
+            Hashtable table = point.preCompTable;
+            return table == null ? null : (PreCompInfo)table.get(name);
+        }
     }
 
     /**
-     * Sets the <code>PreCompInfo</code> for a point on this curve. Used by
+     * Adds <code>PreCompInfo</code> for a point on this curve, under a given name. Used by
      * <code>ECMultiplier</code>s to save the precomputation for this <code>ECPoint</code> for use
      * by subsequent multiplication.
      * 
      * @param point
      *            The <code>ECPoint</code> to store precomputations for.
+     * @param name
+     *            A <code>String</code> used to index precomputations of different types.
      * @param preCompInfo
      *            The values precomputed by the <code>ECMultiplier</code>.
      */
-    public void setPreCompInfo(ECPoint point, PreCompInfo preCompInfo)
+    public void setPreCompInfo(ECPoint point, String name, PreCompInfo preCompInfo)
     {
         checkPoint(point);
-        point.preCompInfo = preCompInfo;
+        synchronized (point)
+        {
+            Hashtable table = point.preCompTable;
+            if (null == table)
+            {
+                point.preCompTable = table = new Hashtable(4);
+            }
+            table.put(name, preCompInfo);
+        }
     }
 
     public ECPoint importPoint(ECPoint p)
@@ -145,7 +214,7 @@ public abstract class ECCurve
         // TODO Default behaviour could be improved if the two curves have the same coordinate system by copying any Z coordinates.
         p = p.normalize();
 
-        return createPoint(p.getXCoord().toBigInteger(), p.getYCoord().toBigInteger(), p.withCompression);
+        return validatePoint(p.getXCoord().toBigInteger(), p.getYCoord().toBigInteger(), p.withCompression);
     }
 
     /**
@@ -160,26 +229,57 @@ public abstract class ECCurve
      */
     public void normalizeAll(ECPoint[] points)
     {
-        checkPoints(points);
+        normalizeAll(points, 0, points.length, null);
+    }
 
-        if (this.getCoordinateSystem() == ECCurve.COORD_AFFINE)
+    /**
+     * Normalization ensures that any projective coordinate is 1, and therefore that the x, y
+     * coordinates reflect those of the equivalent point in an affine coordinate system. Where more
+     * than one point is to be normalized, this method will generally be more efficient than
+     * normalizing each point separately. An (optional) z-scaling factor can be applied; effectively
+     * each z coordinate is scaled by this value prior to normalization (but only one
+     * actual multiplication is needed).
+     * 
+     * @param points
+     *            An array of points that will be updated in place with their normalized versions,
+     *            where necessary
+     * @param off
+     *            The start of the range of points to normalize
+     * @param len
+     *            The length of the range of points to normalize
+     * @param iso
+     *            The (optional) z-scaling factor - can be null
+     */
+    public void normalizeAll(ECPoint[] points, int off, int len, ECFieldElement iso)
+    {
+        checkPoints(points, off, len);
+
+        switch (this.getCoordinateSystem())
         {
+        case ECCurve.COORD_AFFINE:
+        case ECCurve.COORD_LAMBDA_AFFINE:
+        {
+            if (iso != null)
+            {
+                throw new IllegalArgumentException("'iso' not valid for affine coordinates");
+            }
             return;
         }
+        }
 
         /*
          * Figure out which of the points actually need to be normalized
          */
-        ECFieldElement[] zs = new ECFieldElement[points.length];
-        int[] indices = new int[points.length];
+        ECFieldElement[] zs = new ECFieldElement[len];
+        int[] indices = new int[len];
         int count = 0;
-        for (int i = 0; i < points.length; ++i)
+        for (int i = 0; i < len; ++i)
         {
-            ECPoint p = points[i];
-            if (null != p && !p.isNormalized())
+            ECPoint p = points[off + i];
+            if (null != p && (iso != null || !p.isNormalized()))
             {
                 zs[count] = p.getZCoord(0);
-                indices[count++] = i;
+                indices[count++] = off + i;
             }
         }
 
@@ -188,7 +288,7 @@ public abstract class ECCurve
             return;
         }
 
-        ECAlgorithms.implMontgomeryTrick(zs, 0, count);
+        ECAlgorithms.montgomeryTrick(zs, 0, count, iso);
 
         for (int j = 0; j < count; ++j)
         {
@@ -199,6 +299,11 @@ public abstract class ECCurve
 
     public abstract ECPoint getInfinity();
 
+    public FiniteField getField()
+    {
+        return field;
+    }
+
     public ECFieldElement getA()
     {
         return a;
@@ -209,6 +314,16 @@ public abstract class ECCurve
         return b;
     }
 
+    public BigInteger getOrder()
+    {
+        return order;
+    }
+
+    public BigInteger getCofactor()
+    {
+        return cofactor;
+    }
+
     public int getCoordinateSystem()
     {
         return coord;
@@ -216,10 +331,15 @@ public abstract class ECCurve
 
     protected abstract ECPoint decompressPoint(int yTilde, BigInteger X1);
 
+    public ECEndomorphism getEndomorphism()
+    {
+        return endomorphism;
+    }
+
     /**
      * Sets the default <code>ECMultiplier</code>, unless already set. 
      */
-    public ECMultiplier getMultiplier()
+    public synchronized ECMultiplier getMultiplier()
     {
         if (this.multiplier == null)
         {
@@ -239,7 +359,8 @@ public abstract class ECCurve
         ECPoint p = null;
         int expectedLength = (getFieldSize() + 7) / 8;
 
-        switch (encoded[0])
+        byte type = encoded[0];
+        switch (type)
         {
         case 0x00: // infinity
         {
@@ -259,29 +380,56 @@ public abstract class ECCurve
                 throw new IllegalArgumentException("Incorrect length for compressed encoding");
             }
 
-            int yTilde = encoded[0] & 1;
+            int yTilde = type & 1;
             BigInteger X = BigIntegers.fromUnsignedByteArray(encoded, 1, expectedLength);
 
             p = decompressPoint(yTilde, X);
+            if (!p.satisfiesCofactor())
+            {
+                throw new IllegalArgumentException("Invalid point");
+            }
+
             break;
         }
         case 0x04: // uncompressed
+        {
+            if (encoded.length != (2 * expectedLength + 1))
+            {
+                throw new IllegalArgumentException("Incorrect length for uncompressed encoding");
+            }
+
+            BigInteger X = BigIntegers.fromUnsignedByteArray(encoded, 1, expectedLength);
+            BigInteger Y = BigIntegers.fromUnsignedByteArray(encoded, 1 + expectedLength, expectedLength);
+
+            p = validatePoint(X, Y);
+            break;
+        }
         case 0x06: // hybrid
         case 0x07: // hybrid
         {
             if (encoded.length != (2 * expectedLength + 1))
             {
-                throw new IllegalArgumentException("Incorrect length for uncompressed/hybrid encoding");
+                throw new IllegalArgumentException("Incorrect length for hybrid encoding");
             }
 
             BigInteger X = BigIntegers.fromUnsignedByteArray(encoded, 1, expectedLength);
             BigInteger Y = BigIntegers.fromUnsignedByteArray(encoded, 1 + expectedLength, expectedLength);
 
-            p = createPoint(X, Y);
+            if (Y.testBit(0) != (type == 0x07))
+            {
+                throw new IllegalArgumentException("Inconsistent Y coordinate in hybrid encoding");
+            }
+
+            p = validatePoint(X, Y);
             break;
         }
         default:
-            throw new IllegalArgumentException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16));
+            throw new IllegalArgumentException("Invalid point encoding 0x" + Integer.toString(type, 16));
+        }
+
+        if (type != 0x00 && p.isInfinity())
+        {
+            throw new IllegalArgumentException("Invalid infinity encoding");
         }
 
         return p;
@@ -297,14 +445,23 @@ public abstract class ECCurve
 
     protected void checkPoints(ECPoint[] points)
     {
+        checkPoints(points, 0, points.length);
+    }
+
+    protected void checkPoints(ECPoint[] points, int off, int len)
+    {
         if (points == null)
         {
             throw new IllegalArgumentException("'points' cannot be null");
         }
+        if (off < 0 || len < 0 || (off > (points.length - len)))
+        {
+            throw new IllegalArgumentException("invalid range specified for 'points'");
+        }
 
-        for (int i = 0; i < points.length; ++i)
+        for (int i = 0; i < len; ++i)
         {
-            ECPoint point = points[i];
+            ECPoint point = points[off + i];
             if (null != point && this != point.getCurve())
             {
                 throw new IllegalArgumentException("'points' entries must be null or on this curve");
@@ -312,10 +469,62 @@ public abstract class ECCurve
         }
     }
 
+    public boolean equals(ECCurve other)
+    {
+        return this == other
+            || (null != other
+                && getField().equals(other.getField())
+                && getA().toBigInteger().equals(other.getA().toBigInteger())
+                && getB().toBigInteger().equals(other.getB().toBigInteger()));
+    }
+
+    public boolean equals(Object obj) 
+    {
+        return this == obj || (obj instanceof ECCurve && equals((ECCurve)obj));
+    }
+
+    public int hashCode() 
+    {
+        return getField().hashCode()
+            ^ Integers.rotateLeft(getA().toBigInteger().hashCode(), 8)
+            ^ Integers.rotateLeft(getB().toBigInteger().hashCode(), 16);
+    }
+
+    public static abstract class AbstractFp extends ECCurve
+    {
+        protected AbstractFp(BigInteger q)
+        {
+            super(FiniteFields.getPrimeField(q));
+        }
+
+        protected ECPoint decompressPoint(int yTilde, BigInteger X1)
+        {
+            ECFieldElement x = this.fromBigInteger(X1);
+            ECFieldElement rhs = x.square().add(a).multiply(x).add(b);
+            ECFieldElement y = rhs.sqrt();
+
+            /*
+             * If y is not a square, then we haven't got a point on the curve
+             */
+            if (y == null)
+            {
+                throw new IllegalArgumentException("Invalid point compression");
+            }
+
+            if (y.testBitZero() != (yTilde == 1))
+            {
+                // Use the other root
+                y = y.negate();
+            }
+
+            return this.createRawPoint(x, y, true);
+        }
+    }
+
     /**
      * Elliptic curve over Fp
      */
-    public static class Fp extends ECCurve
+    public static class Fp extends AbstractFp
     {
         private static final int FP_DEFAULT_COORDS = COORD_JACOBIAN_MODIFIED;
 
@@ -324,29 +533,47 @@ public abstract class ECCurve
 
         public Fp(BigInteger q, BigInteger a, BigInteger b)
         {
+            this(q, a, b, null, null);
+        }
+
+        public Fp(BigInteger q, BigInteger a, BigInteger b, BigInteger order, BigInteger cofactor)
+        {
+            super(q);
+
             this.q = q;
             this.r = ECFieldElement.Fp.calculateResidue(q);
             this.infinity = new ECPoint.Fp(this, null, null);
 
             this.a = fromBigInteger(a);
             this.b = fromBigInteger(b);
+            this.order = order;
+            this.cofactor = cofactor;
             this.coord = FP_DEFAULT_COORDS;
         }
 
         protected Fp(BigInteger q, BigInteger r, ECFieldElement a, ECFieldElement b)
         {
+            this(q, r, a, b, null, null);
+        }
+
+        protected Fp(BigInteger q, BigInteger r, ECFieldElement a, ECFieldElement b, BigInteger order, BigInteger cofactor)
+        {
+            super(q);
+
             this.q = q;
             this.r = r;
             this.infinity = new ECPoint.Fp(this, null, null);
 
             this.a = a;
             this.b = b;
+            this.order = order;
+            this.cofactor = cofactor;
             this.coord = FP_DEFAULT_COORDS;
         }
 
         protected ECCurve cloneCurve()
         {
-            return new Fp(q, r, a, b);
+            return new Fp(q, r, a, b, order, cofactor);
         }
 
         public boolean supportsCoordinateSystem(int coord)
@@ -383,6 +610,11 @@ public abstract class ECCurve
             return new ECPoint.Fp(this, x, y, withCompression);
         }
 
+        protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+        {
+            return new ECPoint.Fp(this, x, y, zs, withCompression);
+        }
+
         public ECPoint importPoint(ECPoint p)
         {
             if (this != p.getCurve() && this.getCoordinateSystem() == COORD_JACOBIAN && !p.isInfinity())
@@ -405,58 +637,47 @@ public abstract class ECCurve
             return super.importPoint(p);
         }
 
-        protected ECPoint decompressPoint(int yTilde, BigInteger X1)
+        public ECPoint getInfinity()
         {
-            ECFieldElement x = fromBigInteger(X1);
-            ECFieldElement alpha = x.multiply(x.square().add(a)).add(b);
-            ECFieldElement beta = alpha.sqrt();
+            return infinity;
+        }
+    }
 
-            //
-            // if we can't find a sqrt we haven't got a point on the
-            // curve - run!
-            //
-            if (beta == null)
+    public static abstract class AbstractF2m extends ECCurve
+    {
+        private static FiniteField buildField(int m, int k1, int k2, int k3)
+        {
+            if (k1 == 0)
             {
-                throw new RuntimeException("Invalid point compression");
+                throw new IllegalArgumentException("k1 must be > 0");
             }
 
-            BigInteger betaValue = beta.toBigInteger();
-            if (betaValue.testBit(0) != (yTilde == 1))
+            if (k2 == 0)
             {
-                // Use the other root
-                beta = fromBigInteger(q.subtract(betaValue));
-            }
-
-            return new ECPoint.Fp(this, x, beta, true);
-        }
+                if (k3 != 0)
+                {
+                    throw new IllegalArgumentException("k3 must be 0 if k2 == 0");
+                }
 
-        public ECPoint getInfinity()
-        {
-            return infinity;
-        }
+                return FiniteFields.getBinaryExtensionField(new int[]{ 0, k1, m });
+            }
 
-        public boolean equals(
-            Object anObject) 
-        {
-            if (anObject == this) 
+            if (k2 <= k1)
             {
-                return true;
+                throw new IllegalArgumentException("k2 must be > k1");
             }
 
-            if (!(anObject instanceof ECCurve.Fp)) 
+            if (k3 <= k2)
             {
-                return false;
+                throw new IllegalArgumentException("k3 must be > k2");
             }
 
-            ECCurve.Fp other = (ECCurve.Fp) anObject;
-
-            return this.q.equals(other.q) 
-                    && a.equals(other.a) && b.equals(other.b);
+            return FiniteFields.getBinaryExtensionField(new int[]{ 0, k1, k2, k3, m });
         }
 
-        public int hashCode() 
+        protected AbstractF2m(int m, int k1, int k2, int k3)
         {
-            return a.hashCode() ^ b.hashCode() ^ q.hashCode();
+            super(buildField(m, k1, k2, k3));
         }
     }
 
@@ -464,9 +685,9 @@ public abstract class ECCurve
      * Elliptic curves over F2m. The Weierstrass equation is given by
      * <code>y<sup>2</sup> + xy = x<sup>3</sup> + ax<sup>2</sup> + b</code>.
      */
-    public static class F2m extends ECCurve
+    public static class F2m extends AbstractF2m
     {
-        private static final int F2M_DEFAULT_COORDS = COORD_AFFINE;
+        private static final int F2M_DEFAULT_COORDS = COORD_LAMBDA_PROJECTIVE;
 
         /**
          * The exponent <code>m</code> of <code>F<sub>2<sup>m</sup></sub></code>.
@@ -498,16 +719,6 @@ public abstract class ECCurve
          * represents the reduction polynomial <code>f(z)</code>.<br>
          */
         private int k3;  // can't be final - JDK 1.1
-
-        /**
-         * The order of the base point of the curve.
-         */
-        private BigInteger n;  // can't be final - JDK 1.1
-
-        /**
-         * The cofactor of the curve.
-         */
-        private BigInteger h;  // can't be final - JDK 1.1
         
          /**
          * The point at infinity on this curve.
@@ -563,8 +774,8 @@ public abstract class ECCurve
          * @param b The coefficient <code>b</code> in the Weierstrass equation
          * for non-supersingular elliptic curves over
          * <code>F<sub>2<sup>m</sup></sub></code>.
-         * @param n The order of the main subgroup of the elliptic curve.
-         * @param h The cofactor of the elliptic curve, i.e.
+         * @param order The order of the main subgroup of the elliptic curve.
+         * @param cofactor The cofactor of the elliptic curve, i.e.
          * <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
          */
         public F2m(
@@ -572,10 +783,10 @@ public abstract class ECCurve
             int k, 
             BigInteger a, 
             BigInteger b,
-            BigInteger n,
-            BigInteger h)
+            BigInteger order,
+            BigInteger cofactor)
         {
-            this(m, k, 0, 0, a, b, n, h);
+            this(m, k, 0, 0, a, b, order, cofactor);
         }
 
         /**
@@ -628,8 +839,8 @@ public abstract class ECCurve
          * @param b The coefficient <code>b</code> in the Weierstrass equation
          * for non-supersingular elliptic curves over
          * <code>F<sub>2<sup>m</sup></sub></code>.
-         * @param n The order of the main subgroup of the elliptic curve.
-         * @param h The cofactor of the elliptic curve, i.e.
+         * @param order The order of the main subgroup of the elliptic curve.
+         * @param cofactor The cofactor of the elliptic curve, i.e.
          * <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
          */
         public F2m(
@@ -639,40 +850,17 @@ public abstract class ECCurve
             int k3,
             BigInteger a, 
             BigInteger b,
-            BigInteger n,
-            BigInteger h)
+            BigInteger order,
+            BigInteger cofactor)
         {
+            super(m, k1, k2, k3);
+
             this.m = m;
             this.k1 = k1;
             this.k2 = k2;
             this.k3 = k3;
-            this.n = n;
-            this.h = h;
-
-            if (k1 == 0)
-            {
-                throw new IllegalArgumentException("k1 must be > 0");
-            }
-
-            if (k2 == 0)
-            {
-                if (k3 != 0)
-                {
-                    throw new IllegalArgumentException("k3 must be 0 if k2 == 0");
-                }
-            }
-            else
-            {
-                if (k2 <= k1)
-                {
-                    throw new IllegalArgumentException("k2 must be > k1");
-                }
-
-                if (k3 <= k2)
-                {
-                    throw new IllegalArgumentException("k3 must be > k2");
-                }
-            }
+            this.order = order;
+            this.cofactor = cofactor;
 
             this.infinity = new ECPoint.F2m(this, null, null);
             this.a = fromBigInteger(a);
@@ -680,14 +868,16 @@ public abstract class ECCurve
             this.coord = F2M_DEFAULT_COORDS;
         }
 
-        protected F2m(int m, int k1, int k2, int k3, ECFieldElement a, ECFieldElement b, BigInteger n, BigInteger h)
+        protected F2m(int m, int k1, int k2, int k3, ECFieldElement a, ECFieldElement b, BigInteger order, BigInteger cofactor)
         {
+            super(m, k1, k2, k3);
+
             this.m = m;
             this.k1 = k1;
             this.k2 = k2;
             this.k3 = k3;
-            this.n = n;
-            this.h = h;
+            this.order = order;
+            this.cofactor = cofactor;
 
             this.infinity = new ECPoint.F2m(this, null, null);
             this.a = a;
@@ -697,7 +887,7 @@ public abstract class ECCurve
 
         protected ECCurve cloneCurve()
         {
-            return new F2m(m, k1, k2, k3, a, b, n, h);
+            return new F2m(m, k1, k2, k3, a, b, order, cofactor);
         }
 
         public boolean supportsCoordinateSystem(int coord)
@@ -742,7 +932,14 @@ public abstract class ECCurve
             case COORD_LAMBDA_AFFINE:
             case COORD_LAMBDA_PROJECTIVE:
             {
-                if (!X.isZero())
+                if (X.isZero())
+                {
+                    if (!Y.square().equals(this.getB()))
+                    {
+                        throw new IllegalArgumentException();
+                    }
+                }
+                else
                 {
                     // Y becomes Lambda (X + Y/X) here
                     Y = Y.divide(X).add(X);
@@ -763,6 +960,11 @@ public abstract class ECCurve
             return new ECPoint.F2m(this, x, y, withCompression);
         }
 
+        protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+        {
+            return new ECPoint.F2m(this, x, y, zs, withCompression);
+        }
+
         public ECPoint getInfinity()
         {
             return infinity;
@@ -774,7 +976,7 @@ public abstract class ECCurve
          */
         public boolean isKoblitz()
         {
-            return n != null && h != null && a.bitLength() <= 1 && b.bitLength() == 1;
+            return order != null && cofactor != null && b.isOne() && (a.isZero() || a.isOne());
         }
 
         /**
@@ -817,49 +1019,47 @@ public abstract class ECCurve
          */
         protected ECPoint decompressPoint(int yTilde, BigInteger X1)
         {
-            ECFieldElement xp = fromBigInteger(X1);
-            ECFieldElement yp = null;
-            if (xp.isZero())
+            ECFieldElement x = fromBigInteger(X1), y = null;
+            if (x.isZero())
             {
-                yp = (ECFieldElement.F2m)b;
-                for (int i = 0; i < m - 1; i++)
-                {
-                    yp = yp.square();
-                }
+                y = b.sqrt();
             }
             else
             {
-                ECFieldElement beta = xp.add(a).add(b.multiply(xp.square().invert()));
+                ECFieldElement beta = x.square().invert().multiply(b).add(a).add(x);
                 ECFieldElement z = solveQuadraticEquation(beta);
-                if (z == null)
-                {
-                    throw new IllegalArgumentException("Invalid point compression");
-                }
-                if (z.testBitZero() != (yTilde == 1))
+                if (z != null)
                 {
-                    z = z.addOne();
+                    if (z.testBitZero() != (yTilde == 1))
+                    {
+                        z = z.addOne();
+                    }
+
+                    switch (this.getCoordinateSystem())
+                    {
+                    case COORD_LAMBDA_AFFINE:
+                    case COORD_LAMBDA_PROJECTIVE:
+                    {
+                        y = z.add(x);
+                        break;
+                    }
+                    default:
+                    {
+                        y = z.multiply(x);
+                        break;
+                    }
+                    }
                 }
+            }
 
-                yp = xp.multiply(z);
-
-                switch (this.getCoordinateSystem())
-                {
-                case COORD_LAMBDA_AFFINE:
-                case COORD_LAMBDA_PROJECTIVE:
-                {
-                    yp = yp.divide(xp).add(xp);
-                    break;
-                }
-                default:
-                {
-                    break;
-                }
-                }
+            if (y == null)
+            {
+                throw new IllegalArgumentException("Invalid point compression");
             }
 
-            return new ECPoint.F2m(this, xp, yp, true);
+            return this.createRawPoint(x, y, true);
         }
-        
+
         /**
          * Solves a quadratic equation <code>z<sup>2</sup> + z = beta</code>(X9.62
          * D.1.6) The other solution is <code>z + 1</code>.
@@ -903,31 +1103,6 @@ public abstract class ECCurve
 
             return z;
         }
-        
-        public boolean equals(
-            Object anObject)
-        {
-            if (anObject == this) 
-            {
-                return true;
-            }
-
-            if (!(anObject instanceof ECCurve.F2m)) 
-            {
-                return false;
-            }
-
-            ECCurve.F2m other = (ECCurve.F2m)anObject;
-
-            return (this.m == other.m) && (this.k1 == other.k1)
-                && (this.k2 == other.k2) && (this.k3 == other.k3)
-                && a.equals(other.a) && b.equals(other.b);
-        }
-
-        public int hashCode()
-        {
-            return this.a.hashCode() ^ this.b.hashCode() ^ m ^ k1 ^ k2 ^ k3;
-        }
 
         public int getM()
         {
@@ -959,14 +1134,20 @@ public abstract class ECCurve
             return k3;
         }
 
+        /**
+         * @deprecated use {@link #getOrder()} instead
+         */
         public BigInteger getN()
         {
-            return n;
+            return order;
         }
 
+        /**
+         * @deprecated use {@link #getCofactor()} instead
+         */
         public BigInteger getH()
         {
-            return h;
+            return cofactor;
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java
index 87608eb..5943882 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java
@@ -3,6 +3,8 @@ package org.bouncycastle.math.ec;
 import java.math.BigInteger;
 import java.util.Random;
 
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.BigIntegers;
 
@@ -27,11 +29,36 @@ public abstract class ECFieldElement
         return toBigInteger().bitLength();
     }
 
+    public boolean isOne()
+    {
+        return bitLength() == 1;
+    }
+
     public boolean isZero()
     {
         return 0 == toBigInteger().signum();
     }
 
+    public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
+    {
+        return multiply(b).subtract(x.multiply(y));
+    }
+
+    public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
+    {
+        return multiply(b).add(x.multiply(y));
+    }
+
+    public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y)
+    {
+        return square().subtract(x.multiply(y));
+    }
+
+    public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y)
+    {
+        return square().add(x.multiply(y));
+    }
+
     public boolean testBitZero()
     {
         return toBigInteger().testBit(0);
@@ -51,42 +78,10 @@ public abstract class ECFieldElement
     {
         BigInteger q, r, x;
 
-//        static int[] calculateNaf(BigInteger p)
-//        {
-//            int[] naf = WNafUtil.generateCompactNaf(p);
-//
-//            int bit = 0;
-//            for (int i = 0; i < naf.length; ++i)
-//            {
-//                int ni = naf[i];
-//                int digit = ni >> 16, zeroes = ni & 0xFFFF;
-//
-//                bit += zeroes;
-//                naf[i] = digit < 0 ? ~bit : bit;
-//                ++bit;
-//            }
-//
-//            int last = naf.length - 1;
-//            if (last > 0 && last <= 16)
-//            {
-//                int top = naf[last], top2 = naf[last - 1];
-//                if (top2 < 0)
-//                {
-//                    top2 = ~top2;
-//                }
-//                if (top - top2 >= 64)
-//                {
-//                    return naf;
-//                }
-//            }
-//
-//            return null;
-//        }
-
         static BigInteger calculateResidue(BigInteger p)
         {
             int bitLength = p.bitLength();
-            if (bitLength > 128)
+            if (bitLength >= 96)
             {
                 BigInteger firstWord = p.shiftRight(bitLength - 64);
                 if (firstWord.longValue() == -1L)
@@ -159,13 +154,7 @@ public abstract class ECFieldElement
 
         public ECFieldElement subtract(ECFieldElement b)
         {
-            BigInteger x2 = b.toBigInteger();
-            BigInteger x3 = x.subtract(x2);
-            if (x3.signum() < 0)
-            {
-                x3 = x3.add(q);
-            }
-            return new Fp(q, r, x3);
+            return new Fp(q, r, modSubtract(x, b.toBigInteger()));
         }
 
         public ECFieldElement multiply(ECFieldElement b)
@@ -173,27 +162,30 @@ public abstract class ECFieldElement
             return new Fp(q, r, modMult(x, b.toBigInteger()));
         }
 
+        public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
+        {
+            BigInteger ax = this.x, bx = b.toBigInteger(), xx = x.toBigInteger(), yx = y.toBigInteger();
+            BigInteger ab = ax.multiply(bx);
+            BigInteger xy = xx.multiply(yx);
+            return new Fp(q, r, modReduce(ab.subtract(xy)));
+        }
+
+        public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
+        {
+            BigInteger ax = this.x, bx = b.toBigInteger(), xx = x.toBigInteger(), yx = y.toBigInteger();
+            BigInteger ab = ax.multiply(bx);
+            BigInteger xy = xx.multiply(yx);
+            return new Fp(q, r, modReduce(ab.add(xy)));
+        }
+
         public ECFieldElement divide(ECFieldElement b)
         {
-            return new Fp(q, modMult(x, b.toBigInteger().modInverse(q)));
+            return new Fp(q, r, modMult(x, modInverse(b.toBigInteger())));
         }
 
         public ECFieldElement negate()
         {
-            BigInteger x2;
-            if (x.signum() == 0)
-            {
-                x2 = x;
-            }
-            else if (ONE.equals(r))
-            {
-                x2 = q.xor(x);
-            }
-            else
-            {
-                x2 = q.subtract(x);
-            }
-            return new Fp(q, r, x2);
+            return x.signum() == 0 ? this : new Fp(q, r, q.subtract(x));
         }
 
         public ECFieldElement square()
@@ -201,10 +193,26 @@ public abstract class ECFieldElement
             return new Fp(q, r, modMult(x, x));
         }
 
+        public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y)
+        {
+            BigInteger ax = this.x, xx = x.toBigInteger(), yx = y.toBigInteger();
+            BigInteger aa = ax.multiply(ax);
+            BigInteger xy = xx.multiply(yx);
+            return new Fp(q, r, modReduce(aa.subtract(xy)));
+        }
+
+        public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y)
+        {
+            BigInteger ax = this.x, xx = x.toBigInteger(), yx = y.toBigInteger();
+            BigInteger aa = ax.multiply(ax);
+            BigInteger xy = xx.multiply(yx);
+            return new Fp(q, r, modReduce(aa.add(xy)));
+        }
+
         public ECFieldElement invert()
         {
             // TODO Modular inversion can be faster for a (Generalized) Mersenne Prime.
-            return new Fp(q, r, x.modInverse(q));
+            return new Fp(q, r, modInverse(x));
         }
 
         // D.1.4 91
@@ -214,6 +222,11 @@ public abstract class ECFieldElement
          */
         public ECFieldElement sqrt()
         {
+            if (this.isZero() || this.isOne()) // earlier JDK compatibility
+            {
+                return this;
+            }
+
             if (!q.testBit(0))
             {
                 throw new RuntimeException("not done yet");
@@ -221,29 +234,44 @@ public abstract class ECFieldElement
 
             // note: even though this class implements ECConstants don't be tempted to
             // remove the explicit declaration, some J2ME environments don't cope.
-            // p mod 4 == 3
-            if (q.testBit(1))
+
+            if (q.testBit(1)) // q == 4m + 3
+            {
+                BigInteger e = q.shiftRight(2).add(ECConstants.ONE);
+                return checkSqrt(new Fp(q, r, x.modPow(e, q)));
+            }
+
+            if (q.testBit(2)) // q == 8m + 5
             {
-                // z = g^(u+1) + p, p = 4u + 3
-                ECFieldElement z = new Fp(q, r, x.modPow(q.shiftRight(2).add(ECConstants.ONE), q));
+                BigInteger t1 = x.modPow(q.shiftRight(3), q);
+                BigInteger t2 = modMult(t1, x);
+                BigInteger t3 = modMult(t2, t1);
+
+                if (t3.equals(ECConstants.ONE))
+                {
+                    return checkSqrt(new Fp(q, r, t2));
+                }
+
+                // TODO This is constant and could be precomputed
+                BigInteger t4 = ECConstants.TWO.modPow(q.shiftRight(2), q);
 
-                return z.square().equals(this) ? z : null;
+                BigInteger y = modMult(t2, t4);
+
+                return checkSqrt(new Fp(q, r, y));
             }
 
-            // p mod 4 == 1
-            BigInteger qMinusOne = q.subtract(ECConstants.ONE);
+            // q == 8m + 1
 
-            BigInteger legendreExponent = qMinusOne.shiftRight(1);
+            BigInteger legendreExponent = q.shiftRight(1);
             if (!(x.modPow(legendreExponent, q).equals(ECConstants.ONE)))
             {
                 return null;
             }
 
-            BigInteger u = qMinusOne.shiftRight(2);
-            BigInteger k = u.shiftLeft(1).add(ECConstants.ONE);
+            BigInteger X = this.x;
+            BigInteger fourX = modDouble(modDouble(X));
 
-            BigInteger Q = this.x;
-            BigInteger fourQ = modDouble(modDouble(Q));
+            BigInteger k = legendreExponent.add(ECConstants.ONE), qMinusOne = q.subtract(ECConstants.ONE);
 
             BigInteger U, V;
             Random rand = new Random();
@@ -255,94 +283,39 @@ public abstract class ECFieldElement
                     P = new BigInteger(q.bitLength(), rand);
                 }
                 while (P.compareTo(q) >= 0
-                    || !(P.multiply(P).subtract(fourQ).modPow(legendreExponent, q).equals(qMinusOne)));
+                    || !modReduce(P.multiply(P).subtract(fourX)).modPow(legendreExponent, q).equals(qMinusOne));
 
-                BigInteger[] result = lucasSequence(P, Q, k);
+                BigInteger[] result = lucasSequence(P, X, k);
                 U = result[0];
                 V = result[1];
 
-                if (modMult(V, V).equals(fourQ))
+                if (modMult(V, V).equals(fourX))
                 {
-                    // Integer division by 2, mod q
-                    if (V.testBit(0))
-                    {
-                        V = V.add(q);
-                    }
-
-                    V = V.shiftRight(1);
-
-                    //assert V.multiply(V).mod(q).equals(x);
-
-                    return new ECFieldElement.Fp(q, r, V);
+                    return new ECFieldElement.Fp(q, r, modHalfAbs(V));
                 }
             }
             while (U.equals(ECConstants.ONE) || U.equals(qMinusOne));
 
             return null;
-
-//            BigInteger qMinusOne = q.subtract(ECConstants.ONE);
-//            BigInteger legendreExponent = qMinusOne.shiftRight(1); //divide(ECConstants.TWO);
-//            if (!(x.modPow(legendreExponent, q).equals(ECConstants.ONE)))
-//            {
-//                return null;
-//            }
-//
-//            Random rand = new Random();
-//            BigInteger fourX = x.shiftLeft(2);
-//
-//            BigInteger r;
-//            do
-//            {
-//                r = new BigInteger(q.bitLength(), rand);
-//            }
-//            while (r.compareTo(q) >= 0
-//                || !(r.multiply(r).subtract(fourX).modPow(legendreExponent, q).equals(qMinusOne)));
-//
-//            BigInteger n1 = qMinusOne.shiftRight(2); //.divide(ECConstants.FOUR);
-//            BigInteger n2 = n1.add(ECConstants.ONE); //q.add(ECConstants.THREE).divide(ECConstants.FOUR);
-//
-//            BigInteger wOne = WOne(r, x, q);
-//            BigInteger wSum = W(n1, wOne, q).add(W(n2, wOne, q)).mod(q);
-//            BigInteger twoR = r.shiftLeft(1); //ECConstants.TWO.multiply(r);
-//
-//            BigInteger root = twoR.modPow(q.subtract(ECConstants.TWO), q)
-//                .multiply(x).mod(q)
-//                .multiply(wSum).mod(q);
-//
-//            return new Fp(q, root);
         }
 
-//        private static BigInteger W(BigInteger n, BigInteger wOne, BigInteger p)
-//        {
-//            if (n.equals(ECConstants.ONE))
-//            {
-//                return wOne;
-//            }
-//            boolean isEven = !n.testBit(0);
-//            n = n.shiftRight(1);//divide(ECConstants.TWO);
-//            if (isEven)
-//            {
-//                BigInteger w = W(n, wOne, p);
-//                return w.multiply(w).subtract(ECConstants.TWO).mod(p);
-//            }
-//            BigInteger w1 = W(n.add(ECConstants.ONE), wOne, p);
-//            BigInteger w2 = W(n, wOne, p);
-//            return w1.multiply(w2).subtract(wOne).mod(p);
-//        }
-//
-//        private BigInteger WOne(BigInteger r, BigInteger x, BigInteger p)
-//        {
-//            return r.multiply(r).multiply(x.modPow(q.subtract(ECConstants.TWO), q)).subtract(ECConstants.TWO).mod(p);
-//        }
+        private ECFieldElement checkSqrt(ECFieldElement z)
+        {
+            return z.square().equals(this) ? z : null;
+        }
 
         private BigInteger[] lucasSequence(
             BigInteger  P,
             BigInteger  Q,
             BigInteger  k)
         {
+            // TODO Research and apply "common-multiplicand multiplication here"
+
             int n = k.bitLength();
             int s = k.getLowestSetBit();
 
+            // assert k.testBit(s);
+
             BigInteger Uh = ECConstants.ONE;
             BigInteger Vl = ECConstants.TWO;
             BigInteger Vh = P;
@@ -405,6 +378,35 @@ public abstract class ECFieldElement
             return _2x;
         }
 
+        protected BigInteger modHalf(BigInteger x)
+        {
+            if (x.testBit(0))
+            {
+                x = q.add(x);
+            }
+            return x.shiftRight(1);
+        }
+
+        protected BigInteger modHalfAbs(BigInteger x)
+        {
+            if (x.testBit(0))
+            {
+                x = q.subtract(x);
+            }
+            return x.shiftRight(1);
+        }
+
+        protected BigInteger modInverse(BigInteger x)
+        {
+            int bits = getFieldSize();
+            int len = (bits + 31) >> 5;
+            int[] p = Nat.fromBigInteger(bits, q);
+            int[] n = Nat.fromBigInteger(bits, x);
+            int[] z = Nat.create(len);
+            Mod.invert(p, n, z);
+            return Nat.toBigInteger(len, z);
+        }
+
         protected BigInteger modMult(BigInteger x1, BigInteger x2)
         {
             return modReduce(x1.multiply(x2));
@@ -412,44 +414,20 @@ public abstract class ECFieldElement
 
         protected BigInteger modReduce(BigInteger x)
         {
-//            if (naf != null)
-//            {
-//                int last = naf.length - 1;
-//                int bits = naf[last];
-//                while (x.bitLength() > (bits + 1))
-//                {
-//                    BigInteger u = x.shiftRight(bits);
-//                    BigInteger v = x.subtract(u.shiftLeft(bits));
-//
-//                    x = v;
-//
-//                    for (int i = 0; i < last; ++i)
-//                    {
-//                        int ni = naf[i];
-//                        if (ni < 0)
-//                        {
-//                            x = x.add(u.shiftLeft(~ni));
-//                        }
-//                        else
-//                        {
-//                            x = x.subtract(u.shiftLeft(ni));
-//                        }
-//                    }
-//                }
-//                while (x.compareTo(q) >= 0)
-//                {
-//                    x = x.subtract(q);
-//                }
-//            }
-//            else
             if (r != null)
             {
+                boolean negative = x.signum() < 0;
+                if (negative)
+                {
+                    x = x.abs();
+                }
                 int qLen = q.bitLength();
+                boolean rIsOne = r.equals(ECConstants.ONE);
                 while (x.bitLength() > (qLen + 1))
                 {
                     BigInteger u = x.shiftRight(qLen);
                     BigInteger v = x.subtract(u.shiftLeft(qLen));
-                    if (!r.equals(ONE))
+                    if (!rIsOne)
                     {
                         u = u.multiply(r);
                     }
@@ -459,6 +437,10 @@ public abstract class ECFieldElement
                 {
                     x = x.subtract(q);
                 }
+                if (negative && x.signum() != 0)
+                {
+                    x = q.subtract(x);
+                }
             }
             else
             {
@@ -467,6 +449,16 @@ public abstract class ECFieldElement
             return x;
         }
 
+        protected BigInteger modSubtract(BigInteger x1, BigInteger x2)
+        {
+            BigInteger x3 = x1.subtract(x2);
+            if (x3.signum() < 0)
+            {
+                x3 = x3.add(q);
+            }
+            return x3;
+        }
+
         public boolean equals(Object other)
         {
             if (other == this)
@@ -489,467 +481,6 @@ public abstract class ECFieldElement
         }
     }
 
-//    /**
-//     * Class representing the Elements of the finite field
-//     * <code>F<sub>2<sup>m</sup></sub></code> in polynomial basis (PB)
-//     * representation. Both trinomial (TPB) and pentanomial (PPB) polynomial
-//     * basis representations are supported. Gaussian normal basis (GNB)
-//     * representation is not supported.
-//     */
-//    public static class F2m extends ECFieldElement
-//    {
-//        BigInteger x;
-//
-//        /**
-//         * Indicates gaussian normal basis representation (GNB). Number chosen
-//         * according to X9.62. GNB is not implemented at present.
-//         */
-//        public static final int GNB = 1;
-//
-//        /**
-//         * Indicates trinomial basis representation (TPB). Number chosen
-//         * according to X9.62.
-//         */
-//        public static final int TPB = 2;
-//
-//        /**
-//         * Indicates pentanomial basis representation (PPB). Number chosen
-//         * according to X9.62.
-//         */
-//        public static final int PPB = 3;
-//
-//        /**
-//         * TPB or PPB.
-//         */
-//        private int representation;
-//
-//        /**
-//         * The exponent <code>m</code> of <code>F<sub>2<sup>m</sup></sub></code>.
-//         */
-//        private int m;
-//
-//        /**
-//         * TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
-//         * x<sup>k</sup> + 1</code> represents the reduction polynomial
-//         * <code>f(z)</code>.<br>
-//         * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.<br>
-//         */
-//        private int k1;
-//
-//        /**
-//         * TPB: Always set to <code>0</code><br>
-//         * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.<br>
-//         */
-//        private int k2;
-//
-//        /**
-//         * TPB: Always set to <code>0</code><br>
-//         * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.<br>
-//         */
-//        private int k3;
-//        
-//        /**
-//         * Constructor for PPB.
-//         * @param m  The exponent <code>m</code> of
-//         * <code>F<sub>2<sup>m</sup></sub></code>.
-//         * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.
-//         * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.
-//         * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.
-//         * @param x The BigInteger representing the value of the field element.
-//         */
-//        public F2m(
-//            int m, 
-//            int k1, 
-//            int k2, 
-//            int k3,
-//            BigInteger x)
-//        {
-////            super(x);
-//            this.x = x;
-//
-//            if ((k2 == 0) && (k3 == 0))
-//            {
-//                this.representation = TPB;
-//            }
-//            else
-//            {
-//                if (k2 >= k3)
-//                {
-//                    throw new IllegalArgumentException(
-//                            "k2 must be smaller than k3");
-//                }
-//                if (k2 <= 0)
-//                {
-//                    throw new IllegalArgumentException(
-//                            "k2 must be larger than 0");
-//                }
-//                this.representation = PPB;
-//            }
-//
-//            if (x.signum() < 0)
-//            {
-//                throw new IllegalArgumentException("x value cannot be negative");
-//            }
-//
-//            this.m = m;
-//            this.k1 = k1;
-//            this.k2 = k2;
-//            this.k3 = k3;
-//        }
-//
-//        /**
-//         * Constructor for TPB.
-//         * @param m  The exponent <code>m</code> of
-//         * <code>F<sub>2<sup>m</sup></sub></code>.
-//         * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
-//         * x<sup>k</sup> + 1</code> represents the reduction
-//         * polynomial <code>f(z)</code>.
-//         * @param x The BigInteger representing the value of the field element.
-//         */
-//        public F2m(int m, int k, BigInteger x)
-//        {
-//            // Set k1 to k, and set k2 and k3 to 0
-//            this(m, k, 0, 0, x);
-//        }
-//
-//        public BigInteger toBigInteger()
-//        {
-//            return x;
-//        }
-//
-//        public String getFieldName()
-//        {
-//            return "F2m";
-//        }
-//
-//        public int getFieldSize()
-//        {
-//            return m;
-//        }
-//
-//        /**
-//         * Checks, if the ECFieldElements <code>a</code> and <code>b</code>
-//         * are elements of the same field <code>F<sub>2<sup>m</sup></sub></code>
-//         * (having the same representation).
-//         * @param a field element.
-//         * @param b field element to be compared.
-//         * @throws IllegalArgumentException if <code>a</code> and <code>b</code>
-//         * are not elements of the same field
-//         * <code>F<sub>2<sup>m</sup></sub></code> (having the same
-//         * representation). 
-//         */
-//        public static void checkFieldElements(
-//            ECFieldElement a,
-//            ECFieldElement b)
-//        {
-//            if ((!(a instanceof F2m)) || (!(b instanceof F2m)))
-//            {
-//                throw new IllegalArgumentException("Field elements are not "
-//                        + "both instances of ECFieldElement.F2m");
-//            }
-//
-//            if ((a.toBigInteger().signum() < 0) || (b.toBigInteger().signum() < 0))
-//            {
-//                throw new IllegalArgumentException(
-//                        "x value may not be negative");
-//            }
-//
-//            ECFieldElement.F2m aF2m = (ECFieldElement.F2m)a;
-//            ECFieldElement.F2m bF2m = (ECFieldElement.F2m)b;
-//
-//            if ((aF2m.m != bF2m.m) || (aF2m.k1 != bF2m.k1)
-//                    || (aF2m.k2 != bF2m.k2) || (aF2m.k3 != bF2m.k3))
-//            {
-//                throw new IllegalArgumentException("Field elements are not "
-//                        + "elements of the same field F2m");
-//            }
-//
-//            if (aF2m.representation != bF2m.representation)
-//            {
-//                // Should never occur
-//                throw new IllegalArgumentException(
-//                        "One of the field "
-//                                + "elements are not elements has incorrect representation");
-//            }
-//        }
-//
-//        /**
-//         * Computes <code>z * a(z) mod f(z)</code>, where <code>f(z)</code> is
-//         * the reduction polynomial of <code>this</code>.
-//         * @param a The polynomial <code>a(z)</code> to be multiplied by
-//         * <code>z mod f(z)</code>.
-//         * @return <code>z * a(z) mod f(z)</code>
-//         */
-//        private BigInteger multZModF(final BigInteger a)
-//        {
-//            // Left-shift of a(z)
-//            BigInteger az = a.shiftLeft(1);
-//            if (az.testBit(this.m)) 
-//            {
-//                // If the coefficient of z^m in a(z) equals 1, reduction
-//                // modulo f(z) is performed: Add f(z) to to a(z):
-//                // Step 1: Unset mth coeffient of a(z)
-//                az = az.clearBit(this.m);
-//
-//                // Step 2: Add r(z) to a(z), where r(z) is defined as
-//                // f(z) = z^m + r(z), and k1, k2, k3 are the positions of
-//                // the non-zero coefficients in r(z)
-//                az = az.flipBit(0);
-//                az = az.flipBit(this.k1);
-//                if (this.representation == PPB) 
-//                {
-//                    az = az.flipBit(this.k2);
-//                    az = az.flipBit(this.k3);
-//                }
-//            }
-//            return az;
-//        }
-//
-//        public ECFieldElement add(final ECFieldElement b)
-//        {
-//            // No check performed here for performance reasons. Instead the
-//            // elements involved are checked in ECPoint.F2m
-//            // checkFieldElements(this, b);
-//            if (b.toBigInteger().signum() == 0)
-//            {
-//                return this;
-//            }
-//
-//            return new F2m(this.m, this.k1, this.k2, this.k3, this.x.xor(b.toBigInteger()));
-//        }
-//
-//        public ECFieldElement subtract(final ECFieldElement b)
-//        {
-//            // Addition and subtraction are the same in F2m
-//            return add(b);
-//        }
-//
-//
-//        public ECFieldElement multiply(final ECFieldElement b)
-//        {
-//            // Left-to-right shift-and-add field multiplication in F2m
-//            // Input: Binary polynomials a(z) and b(z) of degree at most m-1
-//            // Output: c(z) = a(z) * b(z) mod f(z)
-//
-//            // No check performed here for performance reasons. Instead the
-//            // elements involved are checked in ECPoint.F2m
-//            // checkFieldElements(this, b);
-//            final BigInteger az = this.x;
-//            BigInteger bz = b.toBigInteger();
-//            BigInteger cz;
-//
-//            // Compute c(z) = a(z) * b(z) mod f(z)
-//            if (az.testBit(0)) 
-//            {
-//                cz = bz;
-//            } 
-//            else 
-//            {
-//                cz = ECConstants.ZERO;
-//            }
-//
-//            for (int i = 1; i < this.m; i++) 
-//            {
-//                // b(z) := z * b(z) mod f(z)
-//                bz = multZModF(bz);
-//
-//                if (az.testBit(i)) 
-//                {
-//                    // If the coefficient of x^i in a(z) equals 1, b(z) is added
-//                    // to c(z)
-//                    cz = cz.xor(bz);
-//                }
-//            }
-//            return new ECFieldElement.F2m(m, this.k1, this.k2, this.k3, cz);
-//        }
-//
-//
-//        public ECFieldElement divide(final ECFieldElement b)
-//        {
-//            // There may be more efficient implementations
-//            ECFieldElement bInv = b.invert();
-//            return multiply(bInv);
-//        }
-//
-//        public ECFieldElement negate()
-//        {
-//            // -x == x holds for all x in F2m
-//            return this;
-//        }
-//
-//        public ECFieldElement square()
-//        {
-//            // Naive implementation, can probably be speeded up using modular
-//            // reduction
-//            return multiply(this);
-//        }
-//
-//        public ECFieldElement invert()
-//        {
-//            // Inversion in F2m using the extended Euclidean algorithm
-//            // Input: A nonzero polynomial a(z) of degree at most m-1
-//            // Output: a(z)^(-1) mod f(z)
-//
-//            // u(z) := a(z)
-//            BigInteger uz = this.x;
-//            if (uz.signum() <= 0) 
-//            {
-//                throw new ArithmeticException("x is zero or negative, " +
-//                        "inversion is impossible");
-//            }
-//
-//            // v(z) := f(z)
-//            BigInteger vz = ECConstants.ZERO.setBit(m);
-//            vz = vz.setBit(0);
-//            vz = vz.setBit(this.k1);
-//            if (this.representation == PPB) 
-//            {
-//                vz = vz.setBit(this.k2);
-//                vz = vz.setBit(this.k3);
-//            }
-//
-//            // g1(z) := 1, g2(z) := 0
-//            BigInteger g1z = ECConstants.ONE;
-//            BigInteger g2z = ECConstants.ZERO;
-//
-//            // while u != 1
-//            while (!(uz.equals(ECConstants.ZERO))) 
-//            {
-//                // j := deg(u(z)) - deg(v(z))
-//                int j = uz.bitLength() - vz.bitLength();
-//
-//                // If j < 0 then: u(z) <-> v(z), g1(z) <-> g2(z), j := -j
-//                if (j < 0) 
-//                {
-//                    final BigInteger uzCopy = uz;
-//                    uz = vz;
-//                    vz = uzCopy;
-//
-//                    final BigInteger g1zCopy = g1z;
-//                    g1z = g2z;
-//                    g2z = g1zCopy;
-//
-//                    j = -j;
-//                }
-//
-//                // u(z) := u(z) + z^j * v(z)
-//                // Note, that no reduction modulo f(z) is required, because
-//                // deg(u(z) + z^j * v(z)) <= max(deg(u(z)), j + deg(v(z)))
-//                // = max(deg(u(z)), deg(u(z)) - deg(v(z)) + deg(v(z))
-//                // = deg(u(z))
-//                uz = uz.xor(vz.shiftLeft(j));
-//
-//                // g1(z) := g1(z) + z^j * g2(z)
-//                g1z = g1z.xor(g2z.shiftLeft(j));
-////                if (g1z.bitLength() > this.m) {
-////                    throw new ArithmeticException(
-////                            "deg(g1z) >= m, g1z = " + g1z.toString(16));
-////                }
-//            }
-//            return new ECFieldElement.F2m(
-//                    this.m, this.k1, this.k2, this.k3, g2z);
-//        }
-//
-//        public ECFieldElement sqrt()
-//        {
-//            throw new RuntimeException("Not implemented");
-//        }
-//
-//        /**
-//         * @return the representation of the field
-//         * <code>F<sub>2<sup>m</sup></sub></code>, either of
-//         * TPB (trinomial
-//         * basis representation) or
-//         * PPB (pentanomial
-//         * basis representation).
-//         */
-//        public int getRepresentation()
-//        {
-//            return this.representation;
-//        }
-//
-//        /**
-//         * @return the degree <code>m</code> of the reduction polynomial
-//         * <code>f(z)</code>.
-//         */
-//        public int getM()
-//        {
-//            return this.m;
-//        }
-//
-//        /**
-//         * @return TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
-//         * x<sup>k</sup> + 1</code> represents the reduction polynomial
-//         * <code>f(z)</code>.<br>
-//         * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.<br>
-//         */
-//        public int getK1()
-//        {
-//            return this.k1;
-//        }
-//
-//        /**
-//         * @return TPB: Always returns <code>0</code><br>
-//         * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.<br>
-//         */
-//        public int getK2()
-//        {
-//            return this.k2;
-//        }
-//
-//        /**
-//         * @return TPB: Always set to <code>0</code><br>
-//         * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.<br>
-//         */
-//        public int getK3()
-//        {
-//            return this.k3;
-//        }
-//
-//        public boolean equals(Object anObject)
-//        {
-//            if (anObject == this) 
-//            {
-//                return true;
-//            }
-//
-//            if (!(anObject instanceof ECFieldElement.F2m)) 
-//            {
-//                return false;
-//            }
-//
-//            ECFieldElement.F2m b = (ECFieldElement.F2m)anObject;
-//            
-//            return ((this.m == b.m) && (this.k1 == b.k1) && (this.k2 == b.k2)
-//                && (this.k3 == b.k3)
-//                && (this.representation == b.representation)
-//                && (this.x.equals(b.x)));
-//        }
-//
-//        public int hashCode()
-//        {
-//            return x.hashCode() ^ m ^ k1 ^ k2 ^ k3;
-//        }
-//    }
-
     /**
      * Class representing the Elements of the finite field
      * <code>F<sub>2<sup>m</sup></sub></code> in polynomial basis (PB)
@@ -987,32 +518,6 @@ public abstract class ECFieldElement
          */
         private int m;
 
-//        /**
-//         * TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
-//         * x<sup>k</sup> + 1</code> represents the reduction polynomial
-//         * <code>f(z)</code>.<br>
-//         * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.<br>
-//         */
-//        private int k1;
-//
-//        /**
-//         * TPB: Always set to <code>0</code><br>
-//         * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.<br>
-//         */
-//        private int k2;
-//
-//        /**
-//         * TPB: Always set to <code>0</code><br>
-//         * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
-//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-//         * represents the reduction polynomial <code>f(z)</code>.<br>
-//         */
-//        private int k3;
-
         private int[] ks;
 
         /**
@@ -1097,6 +602,11 @@ public abstract class ECFieldElement
             return x.degree();
         }
 
+        public boolean isOne()
+        {
+            return x.isOne();
+        }
+
         public boolean isZero()
         {
             return x.isZero();
@@ -1192,6 +702,29 @@ public abstract class ECFieldElement
             return new F2m(m, ks, x.modMultiply(((F2m)b).x, m, ks));
         }
 
+        public ECFieldElement multiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
+        {
+            return multiplyPlusProduct(b, x, y);
+        }
+
+        public ECFieldElement multiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
+        {
+            LongArray ax = this.x, bx = ((F2m)b).x, xx = ((F2m)x).x, yx = ((F2m)y).x;
+
+            LongArray ab = ax.multiply(bx, m, ks);
+            LongArray xy = xx.multiply(yx, m, ks);
+
+            if (ab == ax || ab == bx)
+            {
+                ab = (LongArray)ab.clone();
+            }
+
+            ab.addShiftedByWords(xy, 0);
+            ab.reduce(m, ks);
+
+            return new F2m(m, ks, ab);
+        }
+
         public ECFieldElement divide(final ECFieldElement b)
         {
             // There may be more efficient implementations
@@ -1210,6 +743,29 @@ public abstract class ECFieldElement
             return new F2m(m, ks, x.modSquare(m, ks));
         }
 
+        public ECFieldElement squareMinusProduct(ECFieldElement x, ECFieldElement y)
+        {
+            return squarePlusProduct(x, y);
+        }
+
+        public ECFieldElement squarePlusProduct(ECFieldElement x, ECFieldElement y)
+        {
+            LongArray ax = this.x, xx = ((F2m)x).x, yx = ((F2m)y).x;
+
+            LongArray aa = ax.square(m, ks);
+            LongArray xy = xx.multiply(yx, m, ks);
+
+            if (aa == ax)
+            {
+                aa = (LongArray)aa.clone();
+            }
+
+            aa.addShiftedByWords(xy, 0);
+            aa.reduce(m, ks);
+
+            return new F2m(m, ks, aa);
+        }
+
         public ECFieldElement invert()
         {
             return new ECFieldElement.F2m(this.m, this.ks, this.x.modInverse(m, ks));
@@ -1217,7 +773,14 @@ public abstract class ECFieldElement
 
         public ECFieldElement sqrt()
         {
-            throw new RuntimeException("Not implemented");
+            LongArray x1 = this.x;
+            if (x1.isOne() || x1.isZero())
+            {
+                return this;
+            }
+
+            LongArray x2 = x1.modSquareN(m - 1, m, ks);
+            return new ECFieldElement.F2m(m, ks, x2);
         }
 
         /**
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java
index 7f740e4..4db27e0 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java
@@ -1,6 +1,7 @@
 package org.bouncycastle.math.ec;
 
 import java.math.BigInteger;
+import java.util.Hashtable;
 
 /**
  * base class for points on elliptic curves.
@@ -47,7 +48,8 @@ public abstract class ECPoint
 
     protected boolean withCompression;
 
-    protected PreCompInfo preCompInfo = null;
+    // Hashtable is (String -> PreCompInfo)
+    protected Hashtable preCompTable = null;
 
     protected ECPoint(ECCurve curve, ECFieldElement x, ECFieldElement y)
     {
@@ -62,11 +64,26 @@ public abstract class ECPoint
         this.zs = zs;
     }
 
+    protected boolean satisfiesCofactor()
+    {
+        BigInteger h = curve.getCofactor();
+        return h == null || h.equals(ECConstants.ONE) || !ECAlgorithms.referenceMultiply(this, h).isInfinity();
+    }
+
+    protected abstract boolean satisfiesCurveEquation();
+
+    public final ECPoint getDetachedPoint()
+    {
+        return normalize().detach();
+    }
+
     public ECCurve getCurve()
     {
         return curve;
     }
 
+    protected abstract ECPoint detach();
+
     protected int getCurveCoordinateSystem()
     {
         // Cope with null curve, most commonly used by implicitlyCa
@@ -79,7 +96,7 @@ public abstract class ECPoint
      * Note: normalization can be expensive, this method is deprecated in favour
      * of caller-controlled normalization.
      * 
-     * @deprecated Use getAffineXCoord, or normalize() and getXCoord(), instead
+     * @deprecated Use getAffineXCoord(), or normalize() and getXCoord(), instead
      */
     public ECFieldElement getX()
     {
@@ -93,7 +110,7 @@ public abstract class ECPoint
      * Note: normalization can be expensive, this method is deprecated in favour
      * of caller-controlled normalization.
      * 
-     * @deprecated Use getAffineYCoord, or normalize() and getYCoord(), instead
+     * @deprecated Use getAffineYCoord(), or normalize() and getYCoord(), instead
      */
     public ECFieldElement getY()
     {
@@ -129,7 +146,7 @@ public abstract class ECPoint
      * 
      * Caution: depending on the curve's coordinate system, this may not be the same value as in an
      * affine coordinate system; use normalize() to get a point where the coordinates have their
-     * affine values, or use getAffineXCoord if you expect the point to already have been
+     * affine values, or use getAffineXCoord() if you expect the point to already have been
      * normalized.
      * 
      * @return the x-coordinate of this point
@@ -144,7 +161,7 @@ public abstract class ECPoint
      * 
      * Caution: depending on the curve's coordinate system, this may not be the same value as in an
      * affine coordinate system; use normalize() to get a point where the coordinates have their
-     * affine values, or use getAffineYCoord if you expect the point to already have been
+     * affine values, or use getAffineYCoord() if you expect the point to already have been
      * normalized.
      * 
      * @return the y-coordinate of this point
@@ -171,16 +188,21 @@ public abstract class ECPoint
         return copy;
     }
 
-    protected ECFieldElement getRawXCoord()
+    protected final ECFieldElement getRawXCoord()
     {
         return x;
     }
 
-    protected ECFieldElement getRawYCoord()
+    protected final ECFieldElement getRawYCoord()
     {
         return y;
     }
 
+    protected final ECFieldElement[] getRawZCoords()
+    {
+        return zs;
+    }
+
     protected void checkNormalized()
     {
         if (!isNormalized())
@@ -196,7 +218,7 @@ public abstract class ECPoint
         return coord == ECCurve.COORD_AFFINE
             || coord == ECCurve.COORD_LAMBDA_AFFINE
             || isInfinity()
-            || zs[0].bitLength() == 1;
+            || zs[0].isOne();
     }
 
     /**
@@ -222,7 +244,7 @@ public abstract class ECPoint
         default:
         {
             ECFieldElement Z1 = getZCoord(0);
-            if (Z1.bitLength() == 1)
+            if (Z1.isOne())
             {
                 return this;
             }
@@ -265,11 +287,54 @@ public abstract class ECPoint
         return x == null || y == null || (zs.length > 0 && zs[0].isZero());
     }
 
+    /**
+     * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)}
+     */
     public boolean isCompressed()
     {
         return this.withCompression;
     }
 
+    public boolean isValid()
+    {
+        if (isInfinity())
+        {
+            return true;
+        }
+
+        // TODO Sanity-check the field elements
+
+        ECCurve curve = getCurve();
+        if (curve != null)
+        {
+            if (!satisfiesCurveEquation())
+            {
+                return false;
+            }
+
+            if (!satisfiesCofactor())
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    public ECPoint scaleX(ECFieldElement scale)
+    {
+        return isInfinity()
+            ?   this
+            :   getCurve().createRawPoint(getRawXCoord().multiply(scale), getRawYCoord(), getRawZCoords(), this.withCompression);
+    }
+
+    public ECPoint scaleY(ECFieldElement scale)
+    {
+        return isInfinity()
+            ?   this
+            :   getCurve().createRawPoint(getRawXCoord(), getRawYCoord().multiply(scale), getRawZCoords(), this.withCompression);
+    }
+
     public boolean equals(ECPoint other)
     {
         if (null == other)
@@ -373,13 +438,19 @@ public abstract class ECPoint
         return sb.toString();
     }
 
+    /**
+     * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)}
+     */
     public byte[] getEncoded()
     {
         return getEncoded(this.withCompression);
     }
 
     /**
-     * return the field element encoded with point compression. (S 4.3.6)
+     * Get an encoding of the point value, optionally in compressed format.
+     * 
+     * @param compressed whether to generate a compressed point encoding.
+     * @return the point encoding
      */
     public byte[] getEncoded(boolean compressed)
     {
@@ -454,13 +525,84 @@ public abstract class ECPoint
         return this.getCurve().getMultiplier().multiply(this, k);
     }
 
+    public static abstract class AbstractFp extends ECPoint
+    {
+        protected AbstractFp(ECCurve curve, ECFieldElement x, ECFieldElement y)
+        {
+            super(curve, x, y);
+        }
+
+        protected AbstractFp(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs)
+        {
+            super(curve, x, y, zs);
+        }
+
+        protected boolean getCompressionYTilde()
+        {
+            return this.getAffineYCoord().testBitZero();
+        }
+
+        protected boolean satisfiesCurveEquation()
+        {
+            ECFieldElement X = this.x, Y = this.y, A = curve.getA(), B = curve.getB();
+            ECFieldElement lhs = Y.square();
+
+            switch (this.getCurveCoordinateSystem())
+            {
+            case ECCurve.COORD_AFFINE:
+                break;
+            case ECCurve.COORD_HOMOGENEOUS:
+            {
+                ECFieldElement Z = this.zs[0];
+                if (!Z.isOne())
+                {
+                    ECFieldElement Z2 = Z.square(), Z3 = Z.multiply(Z2);
+                    lhs = lhs.multiply(Z);
+                    A = A.multiply(Z2);
+                    B = B.multiply(Z3);
+                }
+                break;
+            }
+            case ECCurve.COORD_JACOBIAN:
+            case ECCurve.COORD_JACOBIAN_CHUDNOVSKY:
+            case ECCurve.COORD_JACOBIAN_MODIFIED:
+            {
+                ECFieldElement Z = this.zs[0];
+                if (!Z.isOne())
+                {
+                    ECFieldElement Z2 = Z.square(), Z4 = Z2.square(), Z6 = Z2.multiply(Z4);
+                    A = A.multiply(Z4);
+                    B = B.multiply(Z6);
+                }
+                break;
+            }
+            default:
+                throw new IllegalStateException("unsupported coordinate system");
+            }
+
+            ECFieldElement rhs = X.square().add(A).multiply(X).add(B);
+            return lhs.equals(rhs);
+        }
+
+        public ECPoint subtract(ECPoint b)
+        {
+            if (b.isInfinity())
+            {
+                return this;
+            }
+
+            // Add -b
+            return this.add(b.negate());
+        }
+    }
+
     /**
      * Elliptic curve points over Fp
      */
-    public static class Fp extends ECPoint
+    public static class Fp extends AbstractFp
     {
         /**
-         * Create a point which encodes with point compression.
+         * Create a point which encodes without point compression.
          * 
          * @param curve the curve to use
          * @param x affine x co-ordinate
@@ -474,7 +616,7 @@ public abstract class ECPoint
         }
 
         /**
-         * Create a point that encodes with or without point compresion.
+         * Create a point that encodes with or without point compression.
          * 
          * @param curve the curve to use
          * @param x affine x co-ordinate
@@ -487,7 +629,7 @@ public abstract class ECPoint
         {
             super(curve, x, y);
 
-            if ((x != null && y == null) || (x == null && y != null))
+            if ((x == null) != (y == null))
             {
                 throw new IllegalArgumentException("Exactly one of the field elements is null");
             }
@@ -502,9 +644,9 @@ public abstract class ECPoint
             this.withCompression = withCompression;
         }
 
-        protected boolean getCompressionYTilde()
+        protected ECPoint detach()
         {
-            return this.getAffineYCoord().testBitZero();
+            return new ECPoint.Fp(null, this.getAffineXCoord(), this.getAffineYCoord());
         }
 
         public ECFieldElement getZCoord(int index)
@@ -569,8 +711,8 @@ public abstract class ECPoint
                 ECFieldElement Z1 = this.zs[0];
                 ECFieldElement Z2 = b.zs[0];
 
-                boolean Z1IsOne = Z1.bitLength() == 1;
-                boolean Z2IsOne = Z2.bitLength() == 1;
+                boolean Z1IsOne = Z1.isOne();
+                boolean Z2IsOne = Z2.isOne();
 
                 ECFieldElement u1 = Z1IsOne ? Y2 : Y2.multiply(Z1);
                 ECFieldElement u2 = Z2IsOne ? Y1 : Y1.multiply(Z2);
@@ -600,7 +742,7 @@ public abstract class ECPoint
                 ECFieldElement A = u.square().multiply(w).subtract(vCubed).subtract(two(vSquaredV2));
 
                 ECFieldElement X3 = v.multiply(A);
-                ECFieldElement Y3 = vSquaredV2.subtract(A).multiply(u).subtract(vCubed.multiply(u2));
+                ECFieldElement Y3 = vSquaredV2.subtract(A).multiplyMinusProduct(u, u2, vCubed);
                 ECFieldElement Z3 = vCubed.multiply(w);
 
                 return new ECPoint.Fp(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression);
@@ -612,7 +754,7 @@ public abstract class ECPoint
                 ECFieldElement Z1 = this.zs[0];
                 ECFieldElement Z2 = b.zs[0];
 
-                boolean Z1IsOne = Z1.bitLength() == 1;
+                boolean Z1IsOne = Z1.isOne();
 
                 ECFieldElement X3, Y3, Z3, Z3Squared = null;
 
@@ -638,14 +780,7 @@ public abstract class ECPoint
                     Y3 = W1.subtract(X3).multiply(dy).subtract(A1);
                     Z3 = dx;
 
-                    if (Z1IsOne)
-                    {
-                        Z3Squared = C;
-                    }
-                    else
-                    {
-                        Z3 = Z3.multiply(Z1);
-                    }
+                    Z3 = Z3.multiply(Z1);
                 }
                 else
                 {
@@ -662,7 +797,7 @@ public abstract class ECPoint
                         S2 = Z1Cubed.multiply(Y2);
                     }
 
-                    boolean Z2IsOne = Z2.bitLength() == 1;
+                    boolean Z2IsOne = Z2.isOne();
                     ECFieldElement Z2Squared, U1, S1;
                     if (Z2IsOne)
                     {
@@ -697,8 +832,8 @@ public abstract class ECPoint
                     ECFieldElement V = HSquared.multiply(U1);
     
                     X3 = R.square().add(G).subtract(two(V));
-                    Y3 = V.subtract(X3).multiply(R).subtract(S1.multiply(G));
-    
+                    Y3 = V.subtract(X3).multiplyMinusProduct(R, G, S1);
+
                     Z3 = H;
                     if (!Z1IsOne)
                     {
@@ -735,6 +870,7 @@ public abstract class ECPoint
 
                 return new ECPoint.Fp(curve, X3, Y3, zs, this.withCompression);
             }
+
             default:
             {
                 throw new IllegalStateException("unsupported coordinate system");
@@ -778,14 +914,13 @@ public abstract class ECPoint
             {
                 ECFieldElement Z1 = this.zs[0];
 
-                boolean Z1IsOne = Z1.bitLength() == 1;
-                ECFieldElement Z1Squared = Z1IsOne ? Z1 : Z1.square();
+                boolean Z1IsOne = Z1.isOne();
 
                 // TODO Optimize for small negative a4 and -3
                 ECFieldElement w = curve.getA();
-                if (!Z1IsOne)
+                if (!w.isZero() && !Z1IsOne)
                 {
-                    w = w.multiply(Z1Squared);
+                    w = w.multiply(Z1.square());
                 }
                 w = w.add(three(X1.square()));
                 
@@ -795,9 +930,11 @@ public abstract class ECPoint
                 ECFieldElement _4B = four(B);
                 ECFieldElement h = w.square().subtract(two(_4B));
 
-                ECFieldElement X3 = two(h.multiply(s));
-                ECFieldElement Y3 = w.multiply(_4B.subtract(h)).subtract(two(two(t).square()));
-                ECFieldElement _4sSquared = Z1IsOne ? four(t) : two(s).square();
+                ECFieldElement _2s = two(s);
+                ECFieldElement X3 = h.multiply(_2s);
+                ECFieldElement _2t = two(t);
+                ECFieldElement Y3 = _4B.subtract(h).multiply(w).subtract(two(_2t.square()));
+                ECFieldElement _4sSquared = Z1IsOne ? two(_2t) : _2s.square();
                 ECFieldElement Z3 = two(_4sSquared).multiply(s);
 
                 return new ECPoint.Fp(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression);
@@ -807,8 +944,7 @@ public abstract class ECPoint
             {
                 ECFieldElement Z1 = this.zs[0];
 
-                boolean Z1IsOne = Z1.bitLength() == 1;
-                ECFieldElement Z1Squared = Z1IsOne ? Z1 : Z1.square();
+                boolean Z1IsOne = Z1.isOne();
 
                 ECFieldElement Y1Squared = Y1.square();
                 ECFieldElement T = Y1Squared.square();
@@ -819,6 +955,7 @@ public abstract class ECPoint
                 ECFieldElement M, S;
                 if (a4Neg.toBigInteger().equals(BigInteger.valueOf(3)))
                 {
+                    ECFieldElement Z1Squared = Z1IsOne ? Z1 : Z1.square();
                     M = three(X1.add(Z1Squared).multiply(X1.subtract(Z1Squared)));
                     S = four(Y1Squared.multiply(X1));
                 }
@@ -830,8 +967,9 @@ public abstract class ECPoint
                     {
                         M = M.add(a4);
                     }
-                    else
+                    else if (!a4.isZero())
                     {
+                        ECFieldElement Z1Squared = Z1.square();
                         ECFieldElement Z1Pow4 = Z1Squared.square();
                         if (a4Neg.bitLength() < a4.bitLength())
                         {
@@ -842,7 +980,8 @@ public abstract class ECPoint
                             M = M.add(Z1Pow4.multiply(a4));
                         }
                     }
-                    S = two(doubleProductFromSquares(X1, Y1Squared, X1Squared, T));
+//                  S = two(doubleProductFromSquares(X1, Y1Squared, X1Squared, T));
+                    S = four(X1.multiply(Y1Squared));
                 }
 
                 ECFieldElement X3 = M.square().subtract(two(S));
@@ -951,7 +1090,13 @@ public abstract class ECPoint
 
         public ECPoint threeTimes()
         {
-            if (this.isInfinity() || this.y.isZero())
+            if (this.isInfinity())
+            {
+                return this;
+            }
+
+            ECFieldElement Y1 = this.y;
+            if (Y1.isZero())
             {
                 return this;
             }
@@ -963,7 +1108,7 @@ public abstract class ECPoint
             {
             case ECCurve.COORD_AFFINE:
             {
-                ECFieldElement X1 = this.x, Y1 = this.y;
+                ECFieldElement X1 = this.x;
 
                 ECFieldElement _2Y1 = two(Y1); 
                 ECFieldElement X = _2Y1.square();
@@ -997,6 +1142,98 @@ public abstract class ECPoint
             }
         }
 
+        public ECPoint timesPow2(int e)
+        {
+            if (e < 0)
+            {
+                throw new IllegalArgumentException("'e' cannot be negative");
+            }
+            if (e == 0 || this.isInfinity())
+            {
+                return this;
+            }
+            if (e == 1)
+            {
+                return twice();
+            }
+
+            ECCurve curve = this.getCurve();
+
+            ECFieldElement Y1 = this.y;
+            if (Y1.isZero()) 
+            {
+                return curve.getInfinity();
+            }
+
+            int coord = curve.getCoordinateSystem();
+
+            ECFieldElement W1 = curve.getA();
+            ECFieldElement X1 = this.x;
+            ECFieldElement Z1 = this.zs.length < 1 ? curve.fromBigInteger(ECConstants.ONE) : this.zs[0];
+
+            if (!Z1.isOne())
+            {
+                switch (coord)
+                {
+                case ECCurve.COORD_HOMOGENEOUS:
+                    ECFieldElement Z1Sq = Z1.square();
+                    X1 = X1.multiply(Z1);
+                    Y1 = Y1.multiply(Z1Sq);
+                    W1 = calculateJacobianModifiedW(Z1, Z1Sq);
+                    break;
+                case ECCurve.COORD_JACOBIAN:
+                    W1 = calculateJacobianModifiedW(Z1, null);
+                    break;
+                case ECCurve.COORD_JACOBIAN_MODIFIED:
+                    W1 = getJacobianModifiedW();
+                    break;
+                }
+            }
+
+            for (int i = 0; i < e; ++i)
+            {
+                if (Y1.isZero()) 
+                {
+                    return curve.getInfinity();
+                }
+
+                ECFieldElement X1Squared = X1.square();
+                ECFieldElement M = three(X1Squared);
+                ECFieldElement _2Y1 = two(Y1);
+                ECFieldElement _2Y1Squared = _2Y1.multiply(Y1);
+                ECFieldElement S = two(X1.multiply(_2Y1Squared));
+                ECFieldElement _4T = _2Y1Squared.square();
+                ECFieldElement _8T = two(_4T);
+
+                if (!W1.isZero())
+                {
+                    M = M.add(W1);
+                    W1 = two(_8T.multiply(W1));
+                }
+
+                X1 = M.square().subtract(two(S));
+                Y1 = M.multiply(S.subtract(X1)).subtract(_8T);
+                Z1 = Z1.isOne() ? _2Y1 : _2Y1.multiply(Z1);
+            }
+
+            switch (coord)
+            {
+            case ECCurve.COORD_AFFINE:
+                ECFieldElement zInv = Z1.invert(), zInv2 = zInv.square(), zInv3 = zInv2.multiply(zInv);
+                return new Fp(curve, X1.multiply(zInv2), Y1.multiply(zInv3), this.withCompression);
+            case ECCurve.COORD_HOMOGENEOUS:
+                X1 = X1.multiply(Z1);
+                Z1 = Z1.multiply(Z1.square());
+                return new Fp(curve, X1, Y1, new ECFieldElement[]{ Z1 }, this.withCompression);
+            case ECCurve.COORD_JACOBIAN:
+                return new Fp(curve, X1, Y1, new ECFieldElement[]{ Z1 }, this.withCompression);
+            case ECCurve.COORD_JACOBIAN_MODIFIED:
+                return new Fp(curve, X1, Y1, new ECFieldElement[]{ Z1, W1 }, this.withCompression);
+            default:
+                throw new IllegalStateException("unsupported coordinate system");
+            }
+        }
+
         protected ECFieldElement two(ECFieldElement x)
         {
             return x.add(x);
@@ -1027,18 +1264,6 @@ public abstract class ECPoint
             return a.add(b).square().subtract(aSquared).subtract(bSquared);
         }
 
-        // D.3.2 pg 102 (see Note:)
-        public ECPoint subtract(ECPoint b)
-        {
-            if (b.isInfinity())
-            {
-                return this;
-            }
-
-            // Add -b
-            return add(b.negate());
-        }
-
         public ECPoint negate()
         {
             if (this.isInfinity())
@@ -1059,13 +1284,18 @@ public abstract class ECPoint
 
         protected ECFieldElement calculateJacobianModifiedW(ECFieldElement Z, ECFieldElement ZSquared)
         {
+            ECFieldElement a4 = this.getCurve().getA();
+            if (a4.isZero() || Z.isOne())
+            {
+                return a4;
+            }
+
             if (ZSquared == null)
             {
                 ZSquared = Z.square();
             }
 
             ECFieldElement W = ZSquared.square();
-            ECFieldElement a4 = this.getCurve().getA();
             ECFieldElement a4Neg = a4.negate();
             if (a4Neg.bitLength() < a4.bitLength())
             {
@@ -1095,23 +1325,105 @@ public abstract class ECPoint
 
             ECFieldElement X1Squared = X1.square();
             ECFieldElement M = three(X1Squared).add(W1);
-            ECFieldElement Y1Squared = Y1.square();
-            ECFieldElement T = Y1Squared.square();
-            ECFieldElement S = two(doubleProductFromSquares(X1, Y1Squared, X1Squared, T));
+            ECFieldElement _2Y1 = two(Y1);
+            ECFieldElement _2Y1Squared = _2Y1.multiply(Y1);
+            ECFieldElement S = two(X1.multiply(_2Y1Squared));
             ECFieldElement X3 = M.square().subtract(two(S));
-            ECFieldElement _8T = eight(T);
+            ECFieldElement _4T = _2Y1Squared.square();
+            ECFieldElement _8T = two(_4T);
             ECFieldElement Y3 = M.multiply(S.subtract(X3)).subtract(_8T);
             ECFieldElement W3 = calculateW ? two(_8T.multiply(W1)) : null;
-            ECFieldElement Z3 = two(Z1.bitLength() == 1 ? Y1 : Y1.multiply(Z1));
+            ECFieldElement Z3 = Z1.isOne() ? _2Y1 : _2Y1.multiply(Z1);
 
             return new ECPoint.Fp(this.getCurve(), X3, Y3, new ECFieldElement[]{ Z3, W3 }, this.withCompression);
         }
     }
 
+    public static abstract class AbstractF2m extends ECPoint
+    {
+        protected AbstractF2m(ECCurve curve, ECFieldElement x, ECFieldElement y)
+        {
+            super(curve, x, y);
+        }
+
+        protected AbstractF2m(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs)
+        {
+            super(curve, x, y, zs);
+        }
+
+        protected boolean satisfiesCurveEquation()
+        {
+            ECCurve curve = this.getCurve();
+            ECFieldElement X = this.x, A = curve.getA(), B = curve.getB();
+            
+            int coord = curve.getCoordinateSystem();
+            if (coord == ECCurve.COORD_LAMBDA_PROJECTIVE)
+            {
+                ECFieldElement Z = this.zs[0];
+                boolean ZIsOne = Z.isOne();
+
+                if (X.isZero())
+                {
+                    // NOTE: For x == 0, we expect the affine-y instead of the lambda-y 
+                    ECFieldElement Y = this.y;
+                    ECFieldElement lhs = Y.square(), rhs = B;
+                    if (!ZIsOne)
+                    {
+                        rhs = rhs.multiply(Z.square());
+                    }
+                    return lhs.equals(rhs);
+                }
+
+                ECFieldElement L = this.y, X2 = X.square();
+                ECFieldElement lhs, rhs;
+                if (ZIsOne)
+                {
+                    lhs = L.square().add(L).add(A);
+                    rhs = X2.square().add(B);
+                }
+                else
+                {
+                    ECFieldElement Z2 = Z.square(), Z4 = Z2.square();
+                    lhs = L.add(Z).multiplyPlusProduct(L, A, Z2);
+                    // TODO If sqrt(b) is precomputed this can be simplified to a single square
+                    rhs = X2.squarePlusProduct(B, Z4);
+                }
+                lhs = lhs.multiply(X2);
+                return lhs.equals(rhs);
+            }
+
+            ECFieldElement Y = this.y;
+            ECFieldElement lhs = Y.add(X).multiply(Y);
+
+            switch (coord)
+            {
+            case ECCurve.COORD_AFFINE:
+                break;
+            case ECCurve.COORD_HOMOGENEOUS:
+            {
+                ECFieldElement Z = this.zs[0];
+                if (!Z.isOne())
+                {
+                    ECFieldElement Z2 = Z.square(), Z3 = Z.multiply(Z2);
+                    lhs = lhs.multiply(Z);
+                    A = A.multiply(Z);
+                    B = B.multiply(Z3);
+                }
+                break;
+            }
+            default:
+                throw new IllegalStateException("unsupported coordinate system");
+            }
+
+            ECFieldElement rhs = X.add(A).multiply(X.square()).add(B);
+            return lhs.equals(rhs);
+        }
+    }
+
     /**
      * Elliptic curve points over F2m
      */
-    public static class F2m extends ECPoint
+    public static class F2m extends AbstractF2m
     {
         /**
          * @param curve base curve
@@ -1137,7 +1449,7 @@ public abstract class ECPoint
         {
             super(curve, x, y);
 
-            if ((x != null && y == null) || (x == null && y != null))
+            if ((x == null) != (y == null))
             {
                 throw new IllegalArgumentException("Exactly one of the field elements is null");
             }
@@ -1168,6 +1480,11 @@ public abstract class ECPoint
 //            checkCurveEquation();
         }
 
+        protected ECPoint detach()
+        {
+            return new ECPoint.F2m(null, this.getAffineXCoord(), this.getAffineYCoord()); // earlier JDK
+        }
+
         public ECFieldElement getYCoord()
         {
             int coord = this.getCurveCoordinateSystem();
@@ -1177,19 +1494,19 @@ public abstract class ECPoint
             case ECCurve.COORD_LAMBDA_AFFINE:
             case ECCurve.COORD_LAMBDA_PROJECTIVE:
             {
-                // TODO The X == 0 stuff needs further thought
-                if (this.isInfinity() || x.isZero())
+                ECFieldElement X = x, L = y;
+
+                if (this.isInfinity() || X.isZero())
                 {
-                    return y;
+                    return L;
                 }
 
                 // Y is actually Lambda (X + Y/X) here; convert to affine value on the fly
-                ECFieldElement X = x, L = y;
-                ECFieldElement Y = L.subtract(X).multiply(X);
+                ECFieldElement Y = L.add(X).multiply(X);
                 if (ECCurve.COORD_LAMBDA_PROJECTIVE == coord)
                 {
                     ECFieldElement Z = zs[0];
-                    if (Z.bitLength() != 1)
+                    if (!Z.isOne())
                     {
                         Y = Y.divide(Z);
                     }
@@ -1203,6 +1520,74 @@ public abstract class ECPoint
             }
         }
 
+        public ECPoint scaleX(ECFieldElement scale)
+        {
+            if (this.isInfinity())
+            {
+                return this;
+            }
+
+            int coord = this.getCurveCoordinateSystem();
+
+            switch (coord)
+            {
+            case ECCurve.COORD_LAMBDA_AFFINE:
+            {
+                // Y is actually Lambda (X + Y/X) here
+                ECFieldElement X = this.getRawXCoord(), L = this.getRawYCoord(); // earlier JDK
+
+                ECFieldElement X2 = X.multiply(scale);
+                ECFieldElement L2 = L.add(X).divide(scale).add(X2);
+
+                return this.getCurve().createRawPoint(X, L2, this.getRawZCoords(), this.withCompression); // earlier JDK
+            }
+            case ECCurve.COORD_LAMBDA_PROJECTIVE:
+            {
+                // Y is actually Lambda (X + Y/X) here
+                ECFieldElement X = this.getRawXCoord(), L = this.getRawYCoord(), Z = this.getRawZCoords()[0]; // earlier JDK
+
+                // We scale the Z coordinate also, to avoid an inversion
+                ECFieldElement X2 = X.multiply(scale.square());
+                ECFieldElement L2 = L.add(X).add(X2);
+                ECFieldElement Z2 = Z.multiply(scale);
+
+                return this.getCurve().createRawPoint(X2, L2, new ECFieldElement[]{ Z2 }, this.withCompression); // earlier JDK
+            }
+            default:
+            {
+                return super.scaleX(scale);
+            }
+            }
+        }
+
+        public ECPoint scaleY(ECFieldElement scale)
+        {
+            if (this.isInfinity())
+            {
+                return this;
+            }
+
+            int coord = this.getCurveCoordinateSystem();
+
+            switch (coord)
+            {
+            case ECCurve.COORD_LAMBDA_AFFINE:
+            case ECCurve.COORD_LAMBDA_PROJECTIVE:
+            {
+                ECFieldElement X = this.getRawXCoord(), L = this.getRawYCoord(); // earlier JDK
+
+                // Y is actually Lambda (X + Y/X) here
+                ECFieldElement L2 = L.add(X).multiply(scale).add(X);
+
+                return this.getCurve().createRawPoint(X, L2, this.getRawZCoords(), this.withCompression); // earlier JDK
+            }
+            default:
+            {
+                return super.scaleY(scale);
+            }
+            }
+        }
+
         protected boolean getCompressionYTilde()
         {
             ECFieldElement X = this.getRawXCoord();
@@ -1219,7 +1604,7 @@ public abstract class ECPoint
             case ECCurve.COORD_LAMBDA_PROJECTIVE:
             {
                 // Y is actually Lambda (X + Y/X) here
-                return Y.subtract(X).testBitZero();
+                return Y.testBitZero() != X.testBitZero();
             }
             default:
             {
@@ -1289,9 +1674,10 @@ public abstract class ECPoint
                 ECFieldElement Y1 = this.y;
                 ECFieldElement Y2 = b.y;
 
-                if (X1.equals(X2))
+                ECFieldElement dx = X1.add(X2), dy = Y1.add(Y2);
+                if (dx.isZero())
                 {
-                    if (Y1.equals(Y2))
+                    if (dy.isZero())
                     {
                         return (ECPoint.F2m)twice();
                     }
@@ -1299,10 +1685,9 @@ public abstract class ECPoint
                     return (ECPoint.F2m)curve.getInfinity();
                 }
 
-                ECFieldElement sumX = X1.add(X2);
-                ECFieldElement L = Y1.add(Y2).divide(sumX);
+                ECFieldElement L = dy.divide(dx);
 
-                ECFieldElement X3 = L.square().add(L).add(sumX).add(curve.getA());
+                ECFieldElement X3 = L.square().add(L).add(dx).add(curve.getA());
                 ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1);
 
                 return new ECPoint.F2m(curve, X3, Y3, this.withCompression);
@@ -1312,18 +1697,18 @@ public abstract class ECPoint
                 ECFieldElement Y1 = this.y, Z1 = this.zs[0];
                 ECFieldElement Y2 = b.y, Z2 = b.zs[0];
 
-                boolean Z2IsOne = Z2.bitLength() == 1;
+                boolean Z2IsOne = Z2.isOne();
 
-                ECFieldElement U1 = Z1.multiply(Y2); 
+                ECFieldElement U1 = Z1.multiply(Y2);
                 ECFieldElement U2 = Z2IsOne ? Y1 : Y1.multiply(Z2);
-                ECFieldElement U = U1.subtract(U2);
+                ECFieldElement U = U1.add(U2);
                 ECFieldElement V1 = Z1.multiply(X2);
                 ECFieldElement V2 = Z2IsOne ? X1 : X1.multiply(Z2);
-                ECFieldElement V = V1.subtract(V2);
+                ECFieldElement V = V1.add(V2);
 
-                if (V1.equals(V2))
+                if (V.isZero())
                 {
-                    if (U1.equals(U2))
+                    if (U.isZero())
                     {
                         return (ECPoint.F2m)twice();
                     }
@@ -1331,14 +1716,16 @@ public abstract class ECPoint
                     return (ECPoint.F2m)curve.getInfinity();
                 }
 
-                ECFieldElement VSq =  V.square();
+                ECFieldElement VSq = V.square();
+                ECFieldElement VCu = VSq.multiply(V);
                 ECFieldElement W = Z2IsOne ? Z1 : Z1.multiply(Z2);
-                ECFieldElement A = U.square().add(U.multiply(V).add(VSq.multiply(curve.getA()))).multiply(W).add(V.multiply(VSq));
+                ECFieldElement uv = U.add(V);
+                ECFieldElement A = uv.multiplyPlusProduct(U, VSq, curve.getA()).multiply(W).add(VCu);
 
                 ECFieldElement X3 = V.multiply(A);
                 ECFieldElement VSqZ2 = Z2IsOne ? VSq : VSq.multiply(Z2);
-                ECFieldElement Y3 = VSqZ2.multiply(U.multiply(X1).add(Y1.multiply(V))).add(A.multiply(U.add(V)));
-                ECFieldElement Z3 = VSq.multiply(V).multiply(W);
+                ECFieldElement Y3 = U.multiplyPlusProduct(X1, V, Y1).multiplyPlusProduct(VSqZ2, uv, A);
+                ECFieldElement Z3 = VCu.multiply(W);
 
                 return new ECPoint.F2m(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression);
             }
@@ -1346,13 +1733,18 @@ public abstract class ECPoint
             {
                 if (X1.isZero())
                 {
+                    if (X2.isZero())
+                    {
+                        return (ECPoint.F2m)curve.getInfinity();
+                    }
+
                     return b.addSimple(this);
                 }
 
                 ECFieldElement L1 = this.y, Z1 = this.zs[0];
                 ECFieldElement L2 = b.y, Z2 = b.zs[0];
 
-                boolean Z1IsOne = Z1.bitLength() == 1;
+                boolean Z1IsOne = Z1.isOne();
                 ECFieldElement U2 = X2, S2 = L2;
                 if (!Z1IsOne)
                 {
@@ -1360,7 +1752,7 @@ public abstract class ECPoint
                     S2 = S2.multiply(Z1);
                 }
 
-                boolean Z2IsOne = Z2.bitLength() == 1;
+                boolean Z2IsOne = Z2.isOne();
                 ECFieldElement U1 = X1, S1 = L1;
                 if (!Z2IsOne)
                 {
@@ -1385,13 +1777,21 @@ public abstract class ECPoint
                 if (X2.isZero())
                 {
                     // TODO This can probably be optimized quite a bit
+                    ECPoint p = this.normalize();
+                    X1 = p.getXCoord();
+                    ECFieldElement Y1 = p.getYCoord();
 
-                    ECFieldElement Y1 = getYCoord(), Y2 = L2;
+                    ECFieldElement Y2 = L2;
                     ECFieldElement L = Y1.add(Y2).divide(X1);
 
                     X3 = L.square().add(L).add(X1).add(curve.getA());
+                    if (X3.isZero())
+                    {
+                        return new ECPoint.F2m(curve, X3, curve.getB().sqrt(), this.withCompression);
+                    }
+
                     ECFieldElement Y3 = L.multiply(X1.add(X3)).add(X3).add(Y1);
-                    L3 = X3.isZero() ? Y3 : Y3.divide(X3).add(X3);
+                    L3 = Y3.divide(X3).add(X3);
                     Z3 = curve.fromBigInteger(ECConstants.ONE);
                 }
                 else
@@ -1400,14 +1800,20 @@ public abstract class ECPoint
     
                     ECFieldElement AU1 = A.multiply(U1);
                     ECFieldElement AU2 = A.multiply(U2);
+
+                    X3 = AU1.multiply(AU2);
+                    if (X3.isZero())
+                    {
+                        return new ECPoint.F2m(curve, X3, curve.getB().sqrt(), this.withCompression);
+                    }
+
                     ECFieldElement ABZ2 = A.multiply(B);
                     if (!Z2IsOne)
                     {
                         ABZ2 = ABZ2.multiply(Z2);
                     }
 
-                    X3 = AU1.multiply(AU2);
-                    L3 = AU2.add(B).square().add(ABZ2.multiply(L1.add(Z1)));
+                    L3 = AU2.add(B).squarePlusProduct(ABZ2, L1.add(Z1));
 
                     Z3 = ABZ2;
                     if (!Z1IsOne)
@@ -1514,7 +1920,7 @@ public abstract class ECPoint
                 ECFieldElement L1 = Y1.divide(X1).add(X1);
 
                 ECFieldElement X3 = L1.square().add(L1).add(curve.getA());
-                ECFieldElement Y3 = X1.square().add(X3.multiply(L1.addOne()));
+                ECFieldElement Y3 = X1.squarePlusProduct(X3, L1.addOne());
 
                 return new ECPoint.F2m(curve, X3, Y3, this.withCompression);
             }
@@ -1522,7 +1928,7 @@ public abstract class ECPoint
             {
                 ECFieldElement Y1 = this.y, Z1 = this.zs[0];
 
-                boolean Z1IsOne = Z1.bitLength() == 1;
+                boolean Z1IsOne = Z1.isOne();
                 ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1);
                 ECFieldElement Y1Z1 = Z1IsOne ? Y1 : Y1.multiply(Z1);
 
@@ -1530,10 +1936,11 @@ public abstract class ECPoint
                 ECFieldElement S = X1Sq.add(Y1Z1);
                 ECFieldElement V = X1Z1;
                 ECFieldElement vSquared = V.square();
-                ECFieldElement h = S.square().add(S.multiply(V)).add(curve.getA().multiply(vSquared));
+                ECFieldElement sv = S.add(V);
+                ECFieldElement h = sv.multiplyPlusProduct(S, vSquared, curve.getA());
 
                 ECFieldElement X3 = V.multiply(h);
-                ECFieldElement Y3 = h.multiply(S.add(V)).add(X1Sq.square().multiply(V));
+                ECFieldElement Y3 = X1Sq.square().multiplyPlusProduct(V, h, sv);
                 ECFieldElement Z3 = V.multiply(vSquared);    
 
                 return new ECPoint.F2m(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression);
@@ -1542,12 +1949,16 @@ public abstract class ECPoint
             {
                 ECFieldElement L1 = this.y, Z1 = this.zs[0];
 
-                boolean Z1IsOne = Z1.bitLength() == 1;
+                boolean Z1IsOne = Z1.isOne();
                 ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1);
                 ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square();
                 ECFieldElement a = curve.getA();
                 ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq);
                 ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq);
+                if (T.isZero())
+                {
+                    return new ECPoint.F2m(curve, T, curve.getB().sqrt(), withCompression);
+                }
 
                 ECFieldElement X3 = T.square();
                 ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq);
@@ -1557,14 +1968,30 @@ public abstract class ECPoint
                 if (b.bitLength() < (curve.getFieldSize() >> 1))
                 {
                     ECFieldElement t1 = L1.add(X1).square();
-                    ECFieldElement t2 = aZ1Sq.square();
-                    ECFieldElement t3 = curve.getB().multiply(Z1Sq.square());
-                    L3 = t1.add(T).add(Z1Sq).multiply(t1).add(t2.add(t3)).add(X3).add(a.addOne().multiply(Z3));
+                    ECFieldElement t2;
+                    if (b.isOne())
+                    {
+                        t2 = aZ1Sq.add(Z1Sq).square();
+                    }
+                    else
+                    {
+                        // TODO Can be calculated with one square if we pre-compute sqrt(b)
+                        t2 = aZ1Sq.squarePlusProduct(b, Z1Sq.square());
+                    }
+                    L3 = t1.add(T).add(Z1Sq).multiply(t1).add(t2).add(X3);
+                    if (a.isZero())
+                    {
+                        L3 = L3.add(Z3);
+                    }
+                    else if (!a.isOne())
+                    {
+                        L3 = L3.add(a.addOne().multiply(Z3));
+                    }
                 }
                 else
                 {
                     ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1);
-                    L3 = X1Z1.square().add(X3).add(T.multiply(L1Z1)).add(Z3);
+                    L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3);
                 }
 
                 return new ECPoint.F2m(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression);
@@ -1604,7 +2031,7 @@ public abstract class ECPoint
             {
                 // NOTE: twicePlus() only optimized for lambda-affine argument
                 ECFieldElement X2 = b.x, Z2 = b.zs[0];
-                if (X2.isZero() || Z2.bitLength() != 1)
+                if (X2.isZero() || !Z2.isOne())
                 {
                     return twice().add(b);
                 }
@@ -1619,13 +2046,28 @@ public abstract class ECPoint
 
                 ECFieldElement T = curve.getA().multiply(Z1Sq).add(L1Sq).add(L1Z1);
                 ECFieldElement L2plus1 = L2.addOne();
-                ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiply(T).add(X1Sq.multiply(Z1Sq));
+                ECFieldElement A = curve.getA().add(L2plus1).multiply(Z1Sq).add(L1Sq).multiplyPlusProduct(T, X1Sq, Z1Sq);
                 ECFieldElement X2Z1Sq = X2.multiply(Z1Sq);
                 ECFieldElement B = X2Z1Sq.add(T).square();
 
+                if (B.isZero())
+                {
+                    if (A.isZero())
+                    {
+                        return b.twice();
+                    }
+
+                    return curve.getInfinity();
+                }
+
+                if (A.isZero())
+                {
+                    return new ECPoint.F2m(curve, A, curve.getB().sqrt(), withCompression);
+                }
+
                 ECFieldElement X3 = A.square().multiply(X2Z1Sq);
                 ECFieldElement Z3 = A.multiply(B).multiply(Z1Sq);
-                ECFieldElement L3 = A.add(B).square().multiply(T).add(L2plus1.multiply(Z3));
+                ECFieldElement L3 = A.add(B).square().multiplyPlusProduct(T, L2plus1, Z3);
 
                 return new ECPoint.F2m(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression);
             }
@@ -1636,57 +2078,6 @@ public abstract class ECPoint
             }
         }
 
-        protected void checkCurveEquation()
-        {
-            if (this.isInfinity())
-            {
-                return;
-            }
-
-            ECFieldElement Z;
-            switch (this.getCurveCoordinateSystem())
-            {
-            case ECCurve.COORD_LAMBDA_AFFINE:
-                Z = curve.fromBigInteger(ECConstants.ONE);
-                break;
-            case ECCurve.COORD_LAMBDA_PROJECTIVE:
-                Z = this.zs[0];
-                break;
-            default:
-                return;
-            }
-
-            if (Z.isZero())
-            {
-                throw new IllegalStateException();
-            }
-
-            ECFieldElement X = this.x;
-            if (X.isZero())
-            {
-                // NOTE: For x == 0, we expect the affine-y instead of the lambda-y 
-                ECFieldElement Y = this.y;
-                if (!Y.square().equals(curve.getB().multiply(Z)))
-                {
-                    throw new IllegalStateException();
-                }
-
-                return;
-            }
-
-            ECFieldElement L = this.y;
-            ECFieldElement XSq = X.square();
-            ECFieldElement ZSq = Z.square();
-
-            ECFieldElement lhs = L.square().add(L.multiply(Z)).add(this.getCurve().getA().multiply(ZSq)).multiply(XSq);
-            ECFieldElement rhs = ZSq.square().multiply(this.getCurve().getB()).add(XSq.square());
-            
-            if (!lhs.equals(rhs))
-            {
-                throw new IllegalStateException("F2m Lambda-Projective invariant broken");
-            }
-        }
-
         public ECPoint negate()
         {
             if (this.isInfinity())
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECPointMap.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPointMap.java
new file mode 100644
index 0000000..439e8da
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPointMap.java
@@ -0,0 +1,6 @@
+package org.bouncycastle.math.ec;
+
+public interface ECPointMap
+{
+    ECPoint map(ECPoint p);
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/FixedPointCombMultiplier.java b/bcprov/src/main/java/org/bouncycastle/math/ec/FixedPointCombMultiplier.java
new file mode 100644
index 0000000..9fe00b9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/FixedPointCombMultiplier.java
@@ -0,0 +1,57 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+public class FixedPointCombMultiplier extends AbstractECMultiplier
+{
+    protected ECPoint multiplyPositive(ECPoint p, BigInteger k)
+    {
+        ECCurve c = p.getCurve();
+        int size = FixedPointUtil.getCombSize(c);
+
+        if (k.bitLength() > size)
+        {
+            /*
+             * TODO The comb works best when the scalars are less than the (possibly unknown) order.
+             * Still, if we want to handle larger scalars, we could allow customization of the comb
+             * size, or alternatively we could deal with the 'extra' bits either by running the comb
+             * multiple times as necessary, or by using an alternative multiplier as prelude.
+             */
+            throw new IllegalStateException("fixed-point comb doesn't support scalars larger than the curve order");
+        }
+
+        int minWidth = getWidthForCombSize(size);
+
+        FixedPointPreCompInfo info = FixedPointUtil.precompute(p, minWidth);
+        ECPoint[] lookupTable = info.getPreComp();
+        int width = info.getWidth();
+
+        int d = (size + width - 1) / width;
+
+        ECPoint R = c.getInfinity();
+
+        int top = d * width - 1; 
+        for (int i = 0; i < d; ++i)
+        {
+            int index = 0;
+
+            for (int j = top - i; j >= 0; j -= d)
+            {
+                index <<= 1;
+                if (k.testBit(j))
+                {
+                    index |= 1;
+                }
+            }
+
+            R = R.twicePlus(lookupTable[index]);
+        }
+
+        return R;
+    }
+
+    protected int getWidthForCombSize(int combSize)
+    {
+        return combSize > 257 ? 6 : 5;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/FixedPointPreCompInfo.java b/bcprov/src/main/java/org/bouncycastle/math/ec/FixedPointPreCompInfo.java
new file mode 100644
index 0000000..b7569aa
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/FixedPointPreCompInfo.java
@@ -0,0 +1,40 @@
+package org.bouncycastle.math.ec;
+
+/**
+ * Class holding precomputation data for fixed-point multiplications.
+ */
+public class FixedPointPreCompInfo implements PreCompInfo
+{
+    /**
+     * Array holding the precomputed <code>ECPoint</code>s used for a fixed
+     * point multiplication.
+     */
+    protected ECPoint[] preComp = null;
+
+    /**
+     * The width used for the precomputation. If a larger width precomputation
+     * is already available this may be larger than was requested, so calling
+     * code should refer to the actual width.
+     */
+    protected int width = -1;
+
+    public ECPoint[] getPreComp()
+    {
+        return preComp;
+    }
+
+    public void setPreComp(ECPoint[] preComp)
+    {
+        this.preComp = preComp;
+    }
+
+    public int getWidth()
+    {
+        return width;
+    }
+
+    public void setWidth(int width)
+    {
+        this.width = width;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/FixedPointUtil.java b/bcprov/src/main/java/org/bouncycastle/math/ec/FixedPointUtil.java
new file mode 100644
index 0000000..e4fbb8d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/FixedPointUtil.java
@@ -0,0 +1,71 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+public class FixedPointUtil
+{
+    public static final String PRECOMP_NAME = "bc_fixed_point";
+
+    public static int getCombSize(ECCurve c)
+    {
+        BigInteger order = c.getOrder();
+        return order == null ? c.getFieldSize() + 1 : order.bitLength(); 
+    }
+
+    public static FixedPointPreCompInfo getFixedPointPreCompInfo(PreCompInfo preCompInfo)
+    {
+        if ((preCompInfo != null) && (preCompInfo instanceof FixedPointPreCompInfo))
+        {
+            return (FixedPointPreCompInfo)preCompInfo;
+        }
+
+        return new FixedPointPreCompInfo();
+    }
+
+    public static FixedPointPreCompInfo precompute(ECPoint p, int minWidth)
+    {
+        ECCurve c = p.getCurve();
+
+        int n = 1 << minWidth;
+        FixedPointPreCompInfo info = getFixedPointPreCompInfo(c.getPreCompInfo(p, PRECOMP_NAME));
+        ECPoint[] lookupTable = info.getPreComp();
+
+        if (lookupTable == null || lookupTable.length < n)
+        {
+            int bits = getCombSize(c);
+            int d = (bits + minWidth - 1) / minWidth;
+
+            ECPoint[] pow2Table = new ECPoint[minWidth];
+            pow2Table[0] = p;
+            for (int i = 1; i < minWidth; ++i)
+            {
+                pow2Table[i] = pow2Table[i - 1].timesPow2(d);
+            }
+    
+            c.normalizeAll(pow2Table);
+    
+            lookupTable = new ECPoint[n];
+            lookupTable[0] = c.getInfinity();
+    
+            for (int bit = minWidth - 1; bit >= 0; --bit)
+            {
+                ECPoint pow2 = pow2Table[bit];
+
+                int step = 1 << bit;
+                for (int i = step; i < n; i += (step << 1))
+                {
+                    lookupTable[i] = lookupTable[i - step].add(pow2);
+                }
+            }
+
+            c.normalizeAll(lookupTable);
+
+            info.setPreComp(lookupTable);
+            info.setWidth(minWidth);
+
+            c.setPreCompInfo(p, PRECOMP_NAME, info);
+        }
+
+        return info;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/GLVMultiplier.java b/bcprov/src/main/java/org/bouncycastle/math/ec/GLVMultiplier.java
new file mode 100644
index 0000000..09b8366
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/GLVMultiplier.java
@@ -0,0 +1,42 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.endo.GLVEndomorphism;
+
+public class GLVMultiplier extends AbstractECMultiplier
+{
+    protected final ECCurve curve;
+    protected final GLVEndomorphism glvEndomorphism;
+
+    public GLVMultiplier(ECCurve curve, GLVEndomorphism glvEndomorphism)
+    {
+        if (curve == null || curve.getOrder() == null)
+        {
+            throw new IllegalArgumentException("Need curve with known group order");
+        }
+
+        this.curve = curve;
+        this.glvEndomorphism = glvEndomorphism;
+    }
+
+    protected ECPoint multiplyPositive(ECPoint p, BigInteger k)
+    {
+        if (!curve.equals(p.getCurve()))
+        {
+            throw new IllegalStateException();
+        }
+
+        BigInteger n = p.getCurve().getOrder();
+        BigInteger[] ab = glvEndomorphism.decomposeScalar(k.mod(n));
+        BigInteger a = ab[0], b = ab[1];
+
+        ECPointMap pointMap = glvEndomorphism.getPointMap();
+        if (glvEndomorphism.hasEfficientPointMap())
+        {
+            return ECAlgorithms.implShamirsTrickWNaf(p, a, pointMap, b);
+        }
+
+        return ECAlgorithms.implShamirsTrickWNaf(p, a, pointMap.map(p), b);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/IntArray.java b/bcprov/src/main/java/org/bouncycastle/math/ec/IntArray.java
deleted file mode 100644
index 34395a5..0000000
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/IntArray.java
+++ /dev/null
@@ -1,860 +0,0 @@
-package org.bouncycastle.math.ec;
-
-import org.bouncycastle.util.Arrays;
-
-import java.math.BigInteger;
-
-class IntArray
-{
-//    private static int DEINTERLEAVE_MASK = 0x55555555;
-
-    /*
-     * This expands 8 bit indices into 16 bit contents, by inserting 0s between bits.
-     * In a binary field, this operation is the same as squaring an 8 bit number.
-     */
-    private static final int[] INTERLEAVE_TABLE = new int[] { 0x0000, 0x0001, 0x0004, 0x0005, 0x0010, 0x0011, 0x0014,
-        0x0015, 0x0040, 0x0041, 0x0044, 0x0045, 0x0050, 0x0051, 0x0054, 0x0055, 0x0100, 0x0101, 0x0104, 0x0105, 0x0110,
-        0x0111, 0x0114, 0x0115, 0x0140, 0x0141, 0x0144, 0x0145, 0x0150, 0x0151, 0x0154, 0x0155, 0x0400, 0x0401, 0x0404,
-        0x0405, 0x0410, 0x0411, 0x0414, 0x0415, 0x0440, 0x0441, 0x0444, 0x0445, 0x0450, 0x0451, 0x0454, 0x0455, 0x0500,
-        0x0501, 0x0504, 0x0505, 0x0510, 0x0511, 0x0514, 0x0515, 0x0540, 0x0541, 0x0544, 0x0545, 0x0550, 0x0551, 0x0554,
-        0x0555, 0x1000, 0x1001, 0x1004, 0x1005, 0x1010, 0x1011, 0x1014, 0x1015, 0x1040, 0x1041, 0x1044, 0x1045, 0x1050,
-        0x1051, 0x1054, 0x1055, 0x1100, 0x1101, 0x1104, 0x1105, 0x1110, 0x1111, 0x1114, 0x1115, 0x1140, 0x1141, 0x1144,
-        0x1145, 0x1150, 0x1151, 0x1154, 0x1155, 0x1400, 0x1401, 0x1404, 0x1405, 0x1410, 0x1411, 0x1414, 0x1415, 0x1440,
-        0x1441, 0x1444, 0x1445, 0x1450, 0x1451, 0x1454, 0x1455, 0x1500, 0x1501, 0x1504, 0x1505, 0x1510, 0x1511, 0x1514,
-        0x1515, 0x1540, 0x1541, 0x1544, 0x1545, 0x1550, 0x1551, 0x1554, 0x1555, 0x4000, 0x4001, 0x4004, 0x4005, 0x4010,
-        0x4011, 0x4014, 0x4015, 0x4040, 0x4041, 0x4044, 0x4045, 0x4050, 0x4051, 0x4054, 0x4055, 0x4100, 0x4101, 0x4104,
-        0x4105, 0x4110, 0x4111, 0x4114, 0x4115, 0x4140, 0x4141, 0x4144, 0x4145, 0x4150, 0x4151, 0x4154, 0x4155, 0x4400,
-        0x4401, 0x4404, 0x4405, 0x4410, 0x4411, 0x4414, 0x4415, 0x4440, 0x4441, 0x4444, 0x4445, 0x4450, 0x4451, 0x4454,
-        0x4455, 0x4500, 0x4501, 0x4504, 0x4505, 0x4510, 0x4511, 0x4514, 0x4515, 0x4540, 0x4541, 0x4544, 0x4545, 0x4550,
-        0x4551, 0x4554, 0x4555, 0x5000, 0x5001, 0x5004, 0x5005, 0x5010, 0x5011, 0x5014, 0x5015, 0x5040, 0x5041, 0x5044,
-        0x5045, 0x5050, 0x5051, 0x5054, 0x5055, 0x5100, 0x5101, 0x5104, 0x5105, 0x5110, 0x5111, 0x5114, 0x5115, 0x5140,
-        0x5141, 0x5144, 0x5145, 0x5150, 0x5151, 0x5154, 0x5155, 0x5400, 0x5401, 0x5404, 0x5405, 0x5410, 0x5411, 0x5414,
-        0x5415, 0x5440, 0x5441, 0x5444, 0x5445, 0x5450, 0x5451, 0x5454, 0x5455, 0x5500, 0x5501, 0x5504, 0x5505, 0x5510,
-        0x5511, 0x5514, 0x5515, 0x5540, 0x5541, 0x5544, 0x5545, 0x5550, 0x5551, 0x5554, 0x5555 };
-
-    // For toString(); must have length 32
-    private static final String ZEROES = "00000000000000000000000000000000";
-
-    private final static byte[] bitLengths =
-    {
-        0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
-        5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
-        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
-        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
-        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8
-    };
-
-    public static int getWordLength(int bits)
-    {
-        return (bits + 31) >>> 5;
-    }
-
-    // TODO make m fixed for the IntArray, and hence compute T once and for all
-
-    private int[] m_ints;
-
-    public IntArray(int intLen)
-    {
-        m_ints = new int[intLen];
-    }
-
-    public IntArray(int[] ints)
-    {
-        m_ints = ints;
-    }
-
-    public IntArray(BigInteger bigInt)
-    {
-        if (bigInt == null || bigInt.signum() < 0)
-        {
-            throw new IllegalArgumentException("invalid F2m field value");
-        }
-
-        if (bigInt.signum() == 0)
-        {
-            m_ints = new int[] { 0 };
-            return;
-        }
-
-        byte[] barr = bigInt.toByteArray();
-        int barrLen = barr.length;
-        int barrStart = 0;
-        if (barr[0] == 0)
-        {
-            // First byte is 0 to enforce highest (=sign) bit is zero.
-            // In this case ignore barr[0].
-            barrLen--;
-            barrStart = 1;
-        }
-        int intLen = (barrLen + 3) / 4;
-        m_ints = new int[intLen];
-
-        int iarrJ = intLen - 1;
-        int rem = barrLen % 4 + barrStart;
-        int temp = 0;
-        int barrI = barrStart;
-        if (barrStart < rem)
-        {
-            for (; barrI < rem; barrI++)
-            {
-                temp <<= 8;
-                int barrBarrI = barr[barrI] & 0xFF;
-                temp |= barrBarrI;
-            }
-            m_ints[iarrJ--] = temp;
-        }
-
-        for (; iarrJ >= 0; iarrJ--)
-        {
-            temp = 0;
-            for (int i = 0; i < 4; i++)
-            {
-                temp <<= 8;
-                int barrBarrI = barr[barrI++] & 0xFF;
-                temp |= barrBarrI;
-            }
-            m_ints[iarrJ] = temp;
-        }
-    }
-
-    public boolean isZero()
-    {
-        int[] a = m_ints;
-        for (int i = 0; i < a.length; ++i)
-        {
-            if (a[i] != 0)
-            {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    public int getUsedLength()
-    {
-        return getUsedLengthFrom(m_ints.length);
-    }
-
-    public int getUsedLengthFrom(int from)
-    {
-        int[] a = m_ints;
-        from = Math.min(from, a.length);
-
-        if (from < 1)
-        {
-            return 0;
-        }
-
-        // Check if first element will act as sentinel
-        if (a[0] != 0)
-        {
-            while (a[--from] == 0)
-            {
-            }
-            return from + 1;
-        }
-
-        do
-        {
-            if (a[--from] != 0)
-            {
-                return from + 1;
-            }
-        }
-        while (from > 0);
-
-        return 0;
-    }
-
-    public int degree()
-    {
-        int i = m_ints.length, w;
-        do
-        {
-            if (i == 0)
-            {
-                return 0;
-            }
-            w = m_ints[--i];
-        }
-        while (w == 0);
-
-        return (i << 5) + bitLength(w);
-    }
-
-    private static int bitLength(int w)
-    {
-        int t = w >>> 16;
-        if (t == 0)
-        {
-            t = w >>> 8;
-            return (t == 0) ? bitLengths[w] : 8 + bitLengths[t];
-        }
-
-        int u = t >>> 8;
-        return (u == 0) ? 16 + bitLengths[t] : 24 + bitLengths[u];
-    }
-
-    private int[] resizedInts(int newLen)
-    {
-        int[] newInts = new int[newLen];
-        System.arraycopy(m_ints, 0, newInts, 0, Math.min(m_ints.length, newLen));
-        return newInts;
-    }
-
-    public BigInteger toBigInteger()
-    {
-        int usedLen = getUsedLength();
-        if (usedLen == 0)
-        {
-            return ECConstants.ZERO;
-        }
-
-        int highestInt = m_ints[usedLen - 1];
-        byte[] temp = new byte[4];
-        int barrI = 0;
-        boolean trailingZeroBytesDone = false;
-        for (int j = 3; j >= 0; j--)
-        {
-            byte thisByte = (byte) (highestInt >>> (8 * j));
-            if (trailingZeroBytesDone || (thisByte != 0))
-            {
-                trailingZeroBytesDone = true;
-                temp[barrI++] = thisByte;
-            }
-        }
-
-        int barrLen = 4 * (usedLen - 1) + barrI;
-        byte[] barr = new byte[barrLen];
-        for (int j = 0; j < barrI; j++)
-        {
-            barr[j] = temp[j];
-        }
-        // Highest value int is done now
-
-        for (int iarrJ = usedLen - 2; iarrJ >= 0; iarrJ--)
-        {
-            for (int j = 3; j >= 0; j--)
-            {
-                barr[barrI++] = (byte) (m_ints[iarrJ] >>> (8 * j));
-            }
-        }
-        return new BigInteger(1, barr);
-    }
-
-    private static int shiftLeft(int[] x, int count)
-    {
-        int prev = 0;
-        for (int i = 0; i < count; ++i)
-        {
-            int next = x[i];
-            x[i] = (next << 1) | prev;
-            prev = next >>> 31;
-        }
-        return prev;
-    }
-
-    public void addOneShifted(int shift)
-    {
-        if (shift >= m_ints.length)
-        {
-            m_ints = resizedInts(shift + 1);
-        }
-
-        m_ints[shift] ^= 1;
-    }
-
-    private void addShiftedByBits(IntArray other, int bits)
-    {
-        int words = bits >>> 5;
-        int shift = bits & 0x1F;
-
-        if (shift == 0)
-        {
-            addShiftedByWords(other, words);
-            return;
-        }
-
-        int otherUsedLen = other.getUsedLength();
-        if (otherUsedLen == 0)
-        {
-            return;
-        }
-
-        int minLen = otherUsedLen + words + 1;
-        if (minLen > m_ints.length)
-        {
-            m_ints = resizedInts(minLen);
-        }
-
-        int shiftInv = 32 - shift, prev = 0;
-        for (int i = 0; i < otherUsedLen; ++i)
-        {
-            int next = other.m_ints[i];
-            m_ints[i + words] ^= (next << shift) | prev;
-            prev = next >>> shiftInv;
-        }
-        m_ints[otherUsedLen + words] ^= prev;
-    }
-
-    private static int addShiftedByBits(int[] x, int[] y, int count, int shift)
-    {
-        int shiftInv = 32 - shift, prev = 0;
-        for (int i = 0; i < count; ++i)
-        {
-            int next = y[i];
-            x[i] ^= (next << shift) | prev;
-            prev = next >>> shiftInv;
-        }
-        return prev;
-    }
-
-    private static int addShiftedByBits(int[] x, int xOff, int[] y, int yOff, int count, int shift)
-    {
-        int shiftInv = 32 - shift, prev = 0;
-        for (int i = 0; i < count; ++i)
-        {
-            int next = y[yOff + i];
-            x[xOff + i] ^= (next << shift) | prev;
-            prev = next >>> shiftInv;
-        }
-        return prev;
-    }
-
-    public void addShiftedByWords(IntArray other, int words)
-    {
-        int otherUsedLen = other.getUsedLength();
-        if (otherUsedLen == 0)
-        {
-            return;
-        }
-
-        int minLen = otherUsedLen + words;
-        if (minLen > m_ints.length)
-        {
-            m_ints = resizedInts(minLen);
-        }
-
-        for (int i = 0; i < otherUsedLen; i++)
-        {
-            m_ints[words + i] ^= other.m_ints[i];
-        }
-    }
-
-    private static void addShiftedByWords(int[] x, int xOff, int[] y, int count)
-    {
-        for (int i = 0; i < count; ++i)
-        {
-            x[xOff + i] ^= y[i];
-        }
-    }
-
-    private static void add(int[] x, int[] y, int count)
-    {
-        for (int i = 0; i < count; ++i)
-        {
-            x[i] ^= y[i];
-        }
-    }
-
-    private static void distribute(int[] x, int dst1, int dst2, int src, int count)
-    {
-        for (int i = 0; i < count; ++i)
-        {
-            int v = x[src + i];
-            x[dst1 + i] ^= v;
-            x[dst2 + i] ^= v;
-        }
-    }
-
-    public int getLength()
-    {
-        return m_ints.length;
-    }
-
-    public void flipWord(int bit, int word)
-    {
-        int len = m_ints.length;
-        int n = bit >>> 5;
-        if (n < len)
-        {
-            int shift = bit & 0x1F;
-            if (shift == 0)
-            {
-                m_ints[n] ^= word;
-            }
-            else
-            {
-                m_ints[n] ^= word << shift;
-                if (++n < len)
-                {
-                    m_ints[n] ^= word >>> (32 - shift);
-                }
-            }
-        }
-    }
-
-    public int getWord(int bit)
-    {
-        int len = m_ints.length;
-        int n = bit >>> 5;
-        if (n >= len)
-        {
-            return 0;
-        }
-        int shift = bit & 0x1F;
-        if (shift == 0)
-        {
-            return m_ints[n];
-        }
-        int result = m_ints[n] >>> shift;
-        if (++n < len)
-        {
-            result |= m_ints[n] << (32 - shift);
-        }
-        return result;
-    }
-
-    public boolean testBitZero()
-    {
-        return m_ints.length > 0 && (m_ints[0] & 1) != 0;
-    }
-
-    public boolean testBit(int n)
-    {
-        // theInt = n / 32
-        int theInt = n >>> 5;
-        // theBit = n % 32
-        int theBit = n & 0x1F;
-        int tester = 1 << theBit;
-        return ((m_ints[theInt] & tester) != 0);
-    }
-
-    public void flipBit(int n)
-    {
-        // theInt = n / 32
-        int theInt = n >>> 5;
-        // theBit = n % 32
-        int theBit = n & 0x1F;
-        int flipper = 1 << theBit;
-        m_ints[theInt] ^= flipper;
-    }
-
-    public void setBit(int n)
-    {
-        // theInt = n / 32
-        int theInt = n >>> 5;
-        // theBit = n % 32
-        int theBit = n & 0x1F;
-        int setter = 1 << theBit;
-        m_ints[theInt] |= setter;
-    }
-
-    public void clearBit(int n)
-    {
-        // theInt = n / 32
-        int theInt = n >>> 5;
-        // theBit = n % 32
-        int theBit = n & 0x1F;
-        int setter = 1 << theBit;
-        m_ints[theInt] &= ~setter;
-    }
-
-    public IntArray multiply(IntArray other, int m)
-    {
-        int aLen = getUsedLength();
-        if (aLen == 0)
-        {
-            return new IntArray(1);
-        }
-
-        int bLen = other.getUsedLength();
-        if (bLen == 0)
-        {
-            return new IntArray(1);
-        }
-
-        IntArray A = this, B = other;
-        if (aLen > bLen)
-        {
-            A = other; B = this;
-            int tmp = aLen; aLen = bLen; bLen = tmp;
-        }
-
-        if (aLen == 1)
-        {
-            int a = A.m_ints[0];
-            int[] b = B.m_ints;
-            int[] c = new int[aLen + bLen];
-            if ((a & 1) != 0)
-            {
-                add(c, b, bLen);
-            }
-            int k = 1;
-            while ((a >>>= 1) != 0)
-            {
-                if ((a & 1) != 0)
-                {
-                    addShiftedByBits(c, b, bLen, k);
-                }
-                ++k;
-            }
-            return new IntArray(c);
-        }
-
-        // TODO It'd be better to be able to tune the width directly (need support for interleaving arbitrary widths)
-        int complexity = aLen <= 8 ? 1 : 2;
-
-        int width = 1 << complexity;
-        int shifts = (32 >>> complexity);
-
-        int bExt = bLen;
-        if ((B.m_ints[bLen - 1] >>> (33 - shifts)) != 0)
-        {
-            ++bExt;
-        }
-
-        int cLen = bExt + aLen;
-
-        int[] c = new int[cLen << width];
-        System.arraycopy(B.m_ints, 0, c, 0, bLen);
-        interleave(A.m_ints, 0, c, bExt, aLen, complexity);
-
-        int[] ci = new int[1 << width];
-        for (int i = 1; i < ci.length; ++i)
-        {
-            ci[i] = ci[i - 1] + cLen;
-        }
-
-        int MASK = (1 << width) - 1;
-
-        int k = 0;
-        for (;;)
-        {
-            for (int aPos = 0; aPos < aLen; ++aPos)
-            {
-                int index = (c[bExt + aPos] >>> k) & MASK;
-                if (index != 0)
-                {
-                    addShiftedByWords(c, aPos + ci[index], c, bExt);
-                }
-            }
-
-            if ((k += width) >= 32)
-            {
-                break;
-            }
-
-            shiftLeft(c, bExt);
-        }
-
-        int ciPos = ci.length, pow2 = ciPos >>> 1, offset = 32;
-        while (--ciPos > 1)
-        {
-            if (ciPos == pow2)
-            {
-                offset -= shifts;
-                addShiftedByBits(c, ci[1], c, ci[pow2], cLen, offset);
-                pow2 >>>= 1;
-            }
-            else
-            {
-                distribute(c, ci[pow2], ci[ciPos - pow2], ci[ciPos], cLen);
-            }
-        }
-
-        // TODO reduce in place to avoid extra copying
-        IntArray p = new IntArray(cLen);
-        System.arraycopy(c, ci[1], p.m_ints, 0, cLen);
-        return p;
-    }
-
-//    private static void deInterleave(int[] x, int xOff, int[] z, int zOff, int count, int rounds)
-//    {
-//        for (int i = 0; i < count; ++i)
-//        {
-//            z[zOff + i] = deInterleave(x[zOff + i], rounds);
-//        }
-//    }
-//
-//    private static int deInterleave(int x, int rounds)
-//    {
-//        while (--rounds >= 0)
-//        {
-//            x = deInterleave16(x & DEINTERLEAVE_MASK) | (deInterleave16((x >>> 1) & DEINTERLEAVE_MASK) << 16);
-//        }
-//        return x;
-//    }
-//
-//    private static int deInterleave16(int x)
-//    {
-//        x = (x | (x >>> 1)) & 0x33333333;
-//        x = (x | (x >>> 2)) & 0x0F0F0F0F;
-//        x = (x | (x >>> 4)) & 0x00FF00FF;
-//        x = (x | (x >>> 8)) & 0x0000FFFF;
-//        return x;
-//    }
-
-    public void reduce(int m, int[] ks)
-    {
-        int len = getUsedLength();
-        int mLen = (m + 31) >>> 5;
-        if (len < mLen)
-        {
-            return;
-        }
-
-        int _2m = m << 1;
-        int pos = Math.min(_2m - 2, (len << 5) - 1);
-
-        int kMax = ks[ks.length - 1];
-        if (kMax < m - 31)
-        {
-            reduceWordWise(pos, m, ks);
-        }
-        else
-        {
-            reduceBitWise(pos, m, ks);
-        }
-
-        // Instead of flipping the high bits in the loop, explicitly clear any partial word above m bits
-        int partial = m & 0x1F;
-        if (partial != 0)
-        {
-            m_ints[mLen - 1] &= (1 << partial) - 1;
-        }
-
-        if (len > mLen)
-        {
-            m_ints = resizedInts(mLen);
-        }
-    }
-
-    private void reduceBitWise(int from, int m, int[] ks)
-    {
-        for (int i = from; i >= m; --i)
-        {
-            if (testBit(i))
-            {
-//                clearBit(i);
-                int bit = i - m;
-                flipBit(bit);
-                int j = ks.length;
-                while (--j >= 0)
-                {
-                    flipBit(ks[j] + bit);
-                }
-            }
-        }
-    }
-
-    private void reduceWordWise(int from, int m, int[] ks)
-    {
-        int pos = m + ((from - m) & ~0x1F);
-        for (int i = pos; i >= m; i -= 32)
-        {
-            int word = getWord(i);
-            if (word != 0)
-            {
-//                flipWord(i);
-                int bit = i - m;
-                flipWord(bit, word);
-                int j = ks.length;
-                while (--j >= 0)
-                {
-                    flipWord(ks[j] + bit, word);
-                }
-            }
-        }
-    }
-
-    public IntArray square(int m)
-    {
-        int len = getUsedLength();
-        if (len == 0)
-        {
-            return this;
-        }
-
-        int _2len = len << 1;
-        int[] r = new int[_2len];
-
-        int pos = 0;
-        while (pos < _2len)
-        {
-            int mi = m_ints[pos >>> 1];
-            r[pos++] = interleave16(mi & 0xFFFF);
-            r[pos++] = interleave16(mi >>> 16);
-        }
-
-        return new IntArray(r);
-    }
-
-    private static void interleave(int[] x, int xOff, int[] z, int zOff, int count, int rounds)
-    {
-        for (int i = 0; i < count; ++i)
-        {
-            z[zOff + i] = interleave(x[xOff + i], rounds);
-        }
-    }
-
-    private static int interleave(int x, int rounds)
-    {
-        while (--rounds >= 0)
-        {
-            x = interleave16(x & 0xFFFF) | (interleave16(x >>> 16) << 1);
-        }
-        return x;
-    }
-
-    private static int interleave16(int n)
-    {
-        return INTERLEAVE_TABLE[n & 0xFF] | INTERLEAVE_TABLE[n >>> 8] << 16;
-    }
-
-    public IntArray modInverse(int m, int[] ks)
-    {
-        // Inversion in F2m using the extended Euclidean algorithm
-        // Input: A nonzero polynomial a(z) of degree at most m-1
-        // Output: a(z)^(-1) mod f(z)
-
-        int uzDegree = degree();
-        if (uzDegree == 1)
-        {
-            return this;
-        }
-
-        // u(z) := a(z)
-        IntArray uz = (IntArray)clone();
-
-        int t = getWordLength(m);
-
-        // v(z) := f(z)
-        IntArray vz = new IntArray(t);
-        vz.setBit(m);
-        vz.setBit(0);
-        vz.setBit(ks[0]);
-        if (ks.length > 1) 
-        {
-            vz.setBit(ks[1]);
-            vz.setBit(ks[2]);
-        }
-
-        // g1(z) := 1, g2(z) := 0
-        IntArray g1z = new IntArray(t);
-        g1z.setBit(0);
-        IntArray g2z = new IntArray(t);
-
-        while (uzDegree != 0)
-        {
-            // j := deg(u(z)) - deg(v(z))
-            int j = uzDegree - vz.degree();
-
-            // If j < 0 then: u(z) <-> v(z), g1(z) <-> g2(z), j := -j
-            if (j < 0) 
-            {
-                final IntArray uzCopy = uz;
-                uz = vz;
-                vz = uzCopy;
-
-                final IntArray g1zCopy = g1z;
-                g1z = g2z;
-                g2z = g1zCopy;
-
-                j = -j;
-            }
-
-            // u(z) := u(z) + z^j * v(z)
-            // Note, that no reduction modulo f(z) is required, because
-            // deg(u(z) + z^j * v(z)) <= max(deg(u(z)), j + deg(v(z)))
-            // = max(deg(u(z)), deg(u(z)) - deg(v(z)) + deg(v(z))
-            // = deg(u(z))
-            // uz = uz.xor(vz.shiftLeft(j));
-            uz.addShiftedByBits(vz, j);
-            uzDegree = uz.degree();
-
-            // g1(z) := g1(z) + z^j * g2(z)
-//            g1z = g1z.xor(g2z.shiftLeft(j));
-            if (uzDegree != 0)
-            {
-                g1z.addShiftedByBits(g2z, j);
-            }
-        }
-        return g2z;
-    }
-
-    public boolean equals(Object o)
-    {
-        if (!(o instanceof IntArray))
-        {
-            return false;
-        }
-        IntArray other = (IntArray) o;
-        int usedLen = getUsedLength();
-        if (other.getUsedLength() != usedLen)
-        {
-            return false;
-        }
-        for (int i = 0; i < usedLen; i++)
-        {
-            if (m_ints[i] != other.m_ints[i])
-            {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    public int hashCode()
-    {
-        int usedLen = getUsedLength();
-        int hash = 1;
-        for (int i = 0; i < usedLen; i++)
-        {
-            hash *= 31;
-            hash ^= m_ints[i];
-        }
-        return hash;
-    }
-
-    public Object clone()
-    {
-        return new IntArray(Arrays.clone(m_ints));
-    }
-
-    public String toString()
-    {
-        int i = getUsedLength();
-        if (i == 0)
-        {
-            return "0";
-        }
-
-        StringBuffer sb = new StringBuffer(Integer.toBinaryString(m_ints[--i]));
-        while (--i >= 0)
-        {
-            String s = Integer.toBinaryString(m_ints[i]);
-
-            // Add leading zeroes, except for highest significant word
-            int len = s.length();
-            if (len < 32)
-            {
-                sb.append(ZEROES.substring(len));
-            }
-
-            sb.append(s);
-        }
-        return sb.toString();
-    }
-}
-\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/LongArray.java b/bcprov/src/main/java/org/bouncycastle/math/ec/LongArray.java
index 7e8b172..e3069dc 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/LongArray.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/LongArray.java
@@ -371,6 +371,23 @@ class LongArray
         }
     }
 
+    public boolean isOne()
+    {
+        long[] a = m_ints;
+        if (a[0] != 1L)
+        {
+            return false;
+        }
+        for (int i = 1; i < a.length; ++i)
+        {
+            if (a[i] != 0L)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
     public boolean isZero()
     {
         long[] a = m_ints;
@@ -822,12 +839,12 @@ class LongArray
             add(c, cOff, b, 0, bLen);
         }
         int k = 1;
-        while ((a >>>= 1) != 0)
+        while ((a >>>= 1) != 0L)
         {
             if ((a & 1L) != 0L)
             {
                 long carry = addShiftedUp(c, cOff, b, 0, bLen, k);
-                if (carry != 0)
+                if (carry != 0L)
                 {
                     c[cOff + bLen] ^= carry;
                 }
@@ -871,8 +888,8 @@ class LongArray
 
         if (aLen == 1)
         {
-            long a = A.m_ints[0];
-            if (a == 1L)
+            long a0 = A.m_ints[0];
+            if (a0 == 1L)
             {
                 return B;
             }
@@ -880,13 +897,13 @@ class LongArray
             /*
              * Fast path for small A, with performance dependent only on the number of set bits
              */
-            long[] c = new long[cLen];
-            multiplyWord(a, B.m_ints, bLen, c, 0);
+            long[] c0 = new long[cLen];
+            multiplyWord(a0, B.m_ints, bLen, c0, 0);
 
             /*
              * Reduce the raw answer against the reduction coefficients
              */
-            return reduceResult(c, 0, cLen, m, ks);
+            return reduceResult(c0, 0, cLen, m, ks);
         }
 
         /*
@@ -1003,8 +1020,8 @@ class LongArray
 
         if (aLen == 1)
         {
-            long a = A.m_ints[0];
-            if (a == 1L)
+            long a0 = A.m_ints[0];
+            if (a0 == 1L)
             {
                 return B;
             }
@@ -1012,13 +1029,13 @@ class LongArray
             /*
              * Fast path for small A, with performance dependent only on the number of set bits
              */
-            long[] c = new long[cLen];
-            multiplyWord(a, B.m_ints, bLen, c, 0);
+            long[] c0 = new long[cLen];
+            multiplyWord(a0, B.m_ints, bLen, c0, 0);
 
             /*
              * Reduce the raw answer against the reduction coefficients
              */
-            return reduceResult(c, 0, cLen, m, ks);
+            return reduceResult(c0, 0, cLen, m, ks);
         }
 
         /*
@@ -1077,7 +1094,8 @@ class LongArray
                 aVal >>>= 4;
                 int v = (int)aVal & MASK;
                 addBoth(c, cOff, T0, ti[u], T1, ti[v], bMax);
-                if ((aVal >>>= 4) == 0L)
+                aVal >>>= 4;
+                if (aVal == 0L)
                 {
                     break;
                 }
@@ -1085,10 +1103,12 @@ class LongArray
             }
         }
 
-        int cOff = c.length;
-        while ((cOff -= cLen) != 0)
         {
-            addShiftedUp(c, cOff - cLen, c, cOff, cLen, 8);
+            int cOff = c.length;
+            while ((cOff -= cLen) != 0)
+            {
+                addShiftedUp(c, cOff - cLen, c, cOff, cLen, 8);
+            }
         }
 
         /*
@@ -1132,8 +1152,8 @@ class LongArray
 
         if (aLen == 1)
         {
-            long a = A.m_ints[0];
-            if (a == 1L)
+            long a0 = A.m_ints[0];
+            if (a0 == 1L)
             {
                 return B;
             }
@@ -1141,13 +1161,13 @@ class LongArray
             /*
              * Fast path for small A, with performance dependent only on the number of set bits
              */
-            long[] c = new long[cLen];
-            multiplyWord(a, B.m_ints, bLen, c, 0);
+            long[] c0 = new long[cLen];
+            multiplyWord(a0, B.m_ints, bLen, c0, 0);
 
             /*
              * Reduce the raw answer against the reduction coefficients
              */
-            return reduceResult(c, 0, cLen, m, ks);
+            return reduceResult(c0, 0, cLen, m, ks);
         }
 
         // NOTE: This works, but is slower than width 4 processing
@@ -1314,6 +1334,158 @@ class LongArray
         return reduceResult(c, ci[1], cLen, m, ks);
     }
 
+    public LongArray modReduce(int m, int[] ks)
+    {
+        long[] buf = Arrays.clone(m_ints);
+        int rLen = reduceInPlace(buf, 0, buf.length, m, ks);
+        return new LongArray(buf, 0, rLen);
+    }
+
+    public LongArray multiply(LongArray other, int m, int[] ks)
+    {
+        /*
+         * Find out the degree of each argument and handle the zero cases
+         */
+        int aDeg = degree();
+        if (aDeg == 0)
+        {
+            return this;
+        }
+        int bDeg = other.degree();
+        if (bDeg == 0)
+        {
+            return other;
+        }
+
+        /*
+         * Swap if necessary so that A is the smaller argument
+         */
+        LongArray A = this, B = other;
+        if (aDeg > bDeg)
+        {
+            A = other; B = this;
+            int tmp = aDeg; aDeg = bDeg; bDeg = tmp;
+        }
+
+        /*
+         * Establish the word lengths of the arguments and result
+         */
+        int aLen = (aDeg + 63) >>> 6;
+        int bLen = (bDeg + 63) >>> 6;
+        int cLen = (aDeg + bDeg + 62) >>> 6;
+
+        if (aLen == 1)
+        {
+            long a0 = A.m_ints[0];
+            if (a0 == 1L)
+            {
+                return B;
+            }
+
+            /*
+             * Fast path for small A, with performance dependent only on the number of set bits
+             */
+            long[] c0 = new long[cLen];
+            multiplyWord(a0, B.m_ints, bLen, c0, 0);
+
+            /*
+             * Reduce the raw answer against the reduction coefficients
+             */
+//            return reduceResult(c0, 0, cLen, m, ks);
+            return new LongArray(c0, 0, cLen);
+        }
+
+        /*
+         * Determine if B will get bigger during shifting
+         */
+        int bMax = (bDeg + 7 + 63) >>> 6;
+
+        /*
+         * Lookup table for the offset of each B in the tables
+         */
+        int[] ti = new int[16];
+
+        /*
+         * Precompute table of all 4-bit products of B
+         */
+        long[] T0 = new long[bMax << 4];
+        int tOff = bMax;
+        ti[1] = tOff;
+        System.arraycopy(B.m_ints, 0, T0, tOff, bLen);
+        for (int i = 2; i < 16; ++i)
+        {
+            ti[i] = (tOff += bMax);
+            if ((i & 1) == 0)
+            {
+                shiftUp(T0, tOff >>> 1, T0, tOff, bMax, 1);
+            }
+            else
+            {
+                add(T0, bMax, T0, tOff - bMax, T0, tOff, bMax);
+            }
+        }
+
+        /*
+         * Second table with all 4-bit products of B shifted 4 bits
+         */
+        long[] T1 = new long[T0.length];
+        shiftUp(T0, 0, T1, 0, T0.length, 4);
+//        shiftUp(T0, bMax, T1, bMax, tOff, 4);
+
+        long[] a = A.m_ints;
+        long[] c = new long[cLen << 3];
+
+        int MASK = 0xF;
+
+        /*
+         * Lopez-Dahab (Modified) algorithm
+         */
+
+        for (int aPos = 0; aPos < aLen; ++aPos)
+        {
+            long aVal = a[aPos];
+            int cOff = aPos;
+            for (;;)
+            {
+                int u = (int)aVal & MASK;
+                aVal >>>= 4;
+                int v = (int)aVal & MASK;
+                addBoth(c, cOff, T0, ti[u], T1, ti[v], bMax);
+                aVal >>>= 4;
+                if (aVal == 0L)
+                {
+                    break;
+                }
+                cOff += cLen;
+            }
+        }
+
+        {
+            int cOff = c.length;
+            while ((cOff -= cLen) != 0)
+            {
+                addShiftedUp(c, cOff - cLen, c, cOff, cLen, 8);
+            }
+        }
+
+        /*
+         * Finally the raw answer is collected, reduce it against the reduction coefficients
+         */
+//        return reduceResult(c, 0, cLen, m, ks);
+        return new LongArray(c, 0, cLen);
+    }
+
+    public void reduce(int m, int[] ks)
+    {
+        long[] buf = m_ints;
+        int rLen = reduceInPlace(buf, 0, buf.length, m, ks);
+        if (rLen < buf.length)
+        {
+            m_ints = new long[rLen];
+            System.arraycopy(buf, 0, m_ints, 0, rLen);
+        }
+    }
+
     private static LongArray reduceResult(long[] buf, int off, int len, int m, int[] ks)
     {
         int rLen = reduceInPlace(buf, off, len, m, ks);
@@ -1405,13 +1577,13 @@ class LongArray
     private static void reduceBit(long[] buf, int off, int bit, int m, int[] ks)
     {
         flipBit(buf, off, bit);
-        int base = bit - m;
+        int n = bit - m;
         int j = ks.length;
         while (--j >= 0)
         {
-            flipBit(buf, off, ks[j] + base);
+            flipBit(buf, off, ks[j] + n);
         }
-        flipBit(buf, off, base);
+        flipBit(buf, off, n);
     }
 
     private static void reduceWordWise(long[] buf, int off, int len, int toBit, int m, int[] ks)
@@ -1428,12 +1600,14 @@ class LongArray
             }
         }
 
-        int partial = toBit & 0x3F;
-        long word = buf[off + toPos] >>> partial;
-        if (word != 0)
         {
-            buf[off + toPos] ^= word << partial;
-            reduceWord(buf, off, toBit, word, m, ks);
+            int partial = toBit & 0x3F;
+            long word = buf[off + toPos] >>> partial;
+            if (word != 0)
+            {
+                buf[off + toPos] ^= word << partial;
+                reduceWord(buf, off, toBit, word, m, ks);
+            }
         }
     }
 
@@ -1502,37 +1676,59 @@ class LongArray
         return new LongArray(r, 0, reduceInPlace(r, 0, r.length, m, ks));
     }
 
-//    private LongArray modSquareN(int n, int m, int[] ks)
-//    {
-//        int len = getUsedLength();
-//        if (len == 0)
-//        {
-//            return this;
-//        }
-//
-//        int mLen = (m + 63) >>> 6;
-//        long[] r = new long[mLen << 1];
-//        System.arraycopy(m_ints, 0, r, 0, len);
-//
-//        while (--n >= 0)
-//        {
-//            squareInPlace(r, len, m, ks);
-//            len = reduceInPlace(r, 0, r.length, m, ks);
-//        }
-//
-//        return new LongArray(r, 0, len);
-//    }
-//
-//    private static void squareInPlace(long[] x, int xLen, int m, int[] ks)
-//    {
-//        int pos = xLen << 1;
-//        while (--xLen >= 0)
-//        {
-//            long xVal = x[xLen];
-//            x[--pos] = interleave2_32to64((int)(xVal >>> 32));
-//            x[--pos] = interleave2_32to64((int)xVal);
-//        }
-//    }
+    public LongArray modSquareN(int n, int m, int[] ks)
+    {
+        int len = getUsedLength();
+        if (len == 0)
+        {
+            return this;
+        }
+
+        int mLen = (m + 63) >>> 6;
+        long[] r = new long[mLen << 1];
+        System.arraycopy(m_ints, 0, r, 0, len);
+
+        while (--n >= 0)
+        {
+            squareInPlace(r, len, m, ks);
+            len = reduceInPlace(r, 0, r.length, m, ks);
+        }
+
+        return new LongArray(r, 0, len);
+    }
+
+    public LongArray square(int m, int[] ks)
+    {
+        int len = getUsedLength();
+        if (len == 0)
+        {
+            return this;
+        }
+
+        int _2len = len << 1;
+        long[] r = new long[_2len];
+
+        int pos = 0;
+        while (pos < _2len)
+        {
+            long mi = m_ints[pos >>> 1];
+            r[pos++] = interleave2_32to64((int)mi);
+            r[pos++] = interleave2_32to64((int)(mi >>> 32));
+        }
+
+        return new LongArray(r, 0, r.length);
+    }
+
+    private static void squareInPlace(long[] x, int xLen, int m, int[] ks)
+    {
+        int pos = xLen << 1;
+        while (--xLen >= 0)
+        {
+            long xVal = x[xLen];
+            x[--pos] = interleave2_32to64((int)(xVal >>> 32));
+            x[--pos] = interleave2_32to64((int)xVal);
+        }
+    }
 
     private static void interleave(long[] x, int xOff, long[] z, int zOff, int count, int width)
     {
@@ -1856,6 +2052,10 @@ class LongArray
          * Output: a(z)^(-1) mod f(z)
          */
         int uzDegree = degree();
+        if (uzDegree == 0)
+        {
+            throw new IllegalStateException();
+        }
         if (uzDegree == 1)
         {
             return this;
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ReferenceMultiplier.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ReferenceMultiplier.java
index 3601856..107e193 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/ReferenceMultiplier.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ReferenceMultiplier.java
@@ -4,34 +4,8 @@ import java.math.BigInteger;
 
 public class ReferenceMultiplier extends AbstractECMultiplier
 {
-    /**
-     * Simple shift-and-add multiplication. Serves as reference implementation
-     * to verify (possibly faster) implementations in
-     * {@link org.bouncycastle.math.ec.ECPoint ECPoint}.
-     * 
-     * @param p The point to multiply.
-     * @param k The factor by which to multiply.
-     * @return The result of the point multiplication <code>k * p</code>.
-     */
     protected ECPoint multiplyPositive(ECPoint p, BigInteger k)
     {
-        ECPoint q = p.getCurve().getInfinity();
-        int t = k.bitLength();
-        if (t > 0)
-        {
-            if (k.testBit(0))
-            {
-                q = p;
-            }
-            for (int i = 1; i < t; i++)
-            {
-                p = p.twice();
-                if (k.testBit(i))
-                {
-                    q = q.add(p);
-                }
-            }
-        }
-        return q;
+        return ECAlgorithms.referenceMultiply(p, k);
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ScaleXPointMap.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ScaleXPointMap.java
new file mode 100644
index 0000000..099f5fb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ScaleXPointMap.java
@@ -0,0 +1,16 @@
+package org.bouncycastle.math.ec;
+
+public class ScaleXPointMap implements ECPointMap
+{
+    protected final ECFieldElement scale;
+
+    public ScaleXPointMap(ECFieldElement scale)
+    {
+        this.scale = scale;
+    }
+
+    public ECPoint map(ECPoint p)
+    {
+        return p.scaleX(scale);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ScaleYPointMap.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ScaleYPointMap.java
new file mode 100644
index 0000000..a7a8790
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ScaleYPointMap.java
@@ -0,0 +1,16 @@
+package org.bouncycastle.math.ec;
+
+public class ScaleYPointMap implements ECPointMap
+{
+    protected final ECFieldElement scale;
+
+    public ScaleYPointMap(ECFieldElement scale)
+    {
+        this.scale = scale;
+    }
+
+    public ECPoint map(ECPoint p)
+    {
+        return p.scaleY(scale);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java b/bcprov/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java
index 96e666d..229fae4 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java
@@ -54,12 +54,6 @@ class SimpleBigDecimal
         this.scale = scale;
     }
 
-    private SimpleBigDecimal(SimpleBigDecimal limBigDec)
-    {
-        bigInt = limBigDec.bigInt;
-        scale = limBigDec.scale;
-    }
-
     private void checkScale(SimpleBigDecimal b)
     {
         if (scale != b.scale)
@@ -78,7 +72,7 @@ class SimpleBigDecimal
 
         if (newScale == scale)
         {
-            return new SimpleBigDecimal(this);
+            return this;
         }
 
         return new SimpleBigDecimal(bigInt.shiftLeft(newScale - scale),
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/Tnaf.java b/bcprov/src/main/java/org/bouncycastle/math/ec/Tnaf.java
index 42d6738..236bbc8 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/Tnaf.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/Tnaf.java
@@ -535,45 +535,36 @@ class Tnaf
         int m = curve.getM();
         int a = curve.getA().toBigInteger().intValue();
         byte mu = curve.getMu();
-        int h = curve.getH().intValue();
+        int shifts = getShiftsForCofactor(curve.getCofactor());
         int index = m + 3 - a;
         BigInteger[] ui = getLucas(mu, index, false);
-
-        BigInteger dividend0;
-        BigInteger dividend1;
         if (mu == 1)
         {
-            dividend0 = ECConstants.ONE.subtract(ui[1]);
-            dividend1 = ECConstants.ONE.subtract(ui[0]);
-        }
-        else if (mu == -1)
-        {
-            dividend0 = ECConstants.ONE.add(ui[1]);
-            dividend1 = ECConstants.ONE.add(ui[0]);
-        }
-        else
-        {
-            throw new IllegalArgumentException("mu must be 1 or -1");
+            ui[0] = ui[0].negate();
+            ui[1] = ui[1].negate();
         }
 
-        BigInteger[] si = new BigInteger[2];
+        BigInteger dividend0 = ECConstants.ONE.add(ui[1]).shiftRight(shifts);
+        BigInteger dividend1 = ECConstants.ONE.add(ui[0]).shiftRight(shifts).negate();
 
-        if (h == 2)
-        {
-            si[0] = dividend0.shiftRight(1);
-            si[1] = dividend1.shiftRight(1).negate();
-        }
-        else if (h == 4)
-        {
-            si[0] = dividend0.shiftRight(2);
-            si[1] = dividend1.shiftRight(2).negate();
-        }
-        else
+        return new BigInteger[] { dividend0, dividend1 };
+    }
+
+    protected static int getShiftsForCofactor(BigInteger h)
+    {
+        if (h != null)
         {
-            throw new IllegalArgumentException("h (Cofactor) must be 2 or 4");
+            if (h.equals(ECConstants.TWO))
+            {
+                return 1;
+            }
+            if (h.equals(ECConstants.FOUR))
+            {
+                return 2;
+            }
         }
 
-        return si;
+        throw new IllegalArgumentException("h (Cofactor) must be 2 or 4");
     }
 
     /**
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/WNafL2RMultiplier.java b/bcprov/src/main/java/org/bouncycastle/math/ec/WNafL2RMultiplier.java
index 59a9313..90b0847 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/WNafL2RMultiplier.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/WNafL2RMultiplier.java
@@ -31,7 +31,7 @@ public class WNafL2RMultiplier extends AbstractECMultiplier
         int i = wnaf.length;
 
         /*
-         * NOTE This code optimizes the first window using the precomputed points to substitute an
+         * NOTE: We try to optimize the first window using the precomputed points to substitute an
          * addition for 2 or more doublings.
          */
         if (i > 1)
@@ -42,19 +42,14 @@ public class WNafL2RMultiplier extends AbstractECMultiplier
             int n = Math.abs(digit);
             ECPoint[] table = digit < 0 ? preCompNeg : preComp;
 
-            /*
-             * NOTE: We use this optimization conservatively, since some coordinate systems have
-             * significantly cheaper doubling relative to addition.
-             * 
-             * (n << 2) selects precomputed values in the lower half of the table
-             * (n << 3) selects precomputed values in the lower quarter of the table
-             */
-            //if ((n << 2) < (1 << width))
-            if ((n << 3) < (1 << width))
+            // Optimization can only be used for values in the lower half of the table
+            if ((n << 2) < (1 << width))
             {
                 int highest = LongArray.bitLengths[n];
-                int lowBits =  n ^ (1 << (highest - 1));
+
+                // TODO Get addition/doubling cost ratio from curve and compare to 'scale' to see if worth substituting?
                 int scale = width - highest;
+                int lowBits =  n ^ (1 << (highest - 1));
 
                 int i1 = ((1 << (width - 1)) - 1);
                 int i2 = (lowBits << scale) + 1;
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java b/bcprov/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java
index d142ab7..e8f16e6 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java
@@ -10,47 +10,47 @@ public class WNafPreCompInfo implements PreCompInfo
      * Array holding the precomputed <code>ECPoint</code>s used for a Window
      * NAF multiplication.
      */
-    private ECPoint[] preComp = null;
+    protected ECPoint[] preComp = null;
 
     /**
      * Array holding the negations of the precomputed <code>ECPoint</code>s used
      * for a Window NAF multiplication.
      */
-    private ECPoint[] preCompNeg = null;
+    protected ECPoint[] preCompNeg = null;
 
     /**
      * Holds an <code>ECPoint</code> representing twice(this). Used for the
      * Window NAF multiplication to create or extend the precomputed values.
      */
-    private ECPoint twiceP = null;
+    protected ECPoint twice = null;
 
-    protected ECPoint[] getPreComp()
+    public ECPoint[] getPreComp()
     {
         return preComp;
     }
 
-    protected ECPoint[] getPreCompNeg()
+    public void setPreComp(ECPoint[] preComp)
     {
-        return preCompNeg;
+        this.preComp = preComp;
     }
 
-    protected void setPreComp(ECPoint[] preComp)
+    public ECPoint[] getPreCompNeg()
     {
-        this.preComp = preComp;
+        return preCompNeg;
     }
 
-    protected void setPreCompNeg(ECPoint[] preCompNeg)
+    public void setPreCompNeg(ECPoint[] preCompNeg)
     {
         this.preCompNeg = preCompNeg;
     }
 
-    protected ECPoint getTwiceP()
+    public ECPoint getTwice()
     {
-        return twiceP;
+        return twice;
     }
 
-    protected void setTwiceP(ECPoint twiceP)
+    public void setTwice(ECPoint twice)
     {
-        this.twiceP = twiceP;
+        this.twice = twice;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/WNafUtil.java b/bcprov/src/main/java/org/bouncycastle/math/ec/WNafUtil.java
index 6465d66..339689e 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/WNafUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/WNafUtil.java
@@ -4,7 +4,13 @@ import java.math.BigInteger;
 
 public abstract class WNafUtil
 {
-    private static int[] DEFAULT_WINDOW_SIZE_CUTOFFS = new int[]{ 13, 41, 121, 337, 897, 2305 };
+    public static final String PRECOMP_NAME = "bc_wnaf";
+
+    private static final int[] DEFAULT_WINDOW_SIZE_CUTOFFS = new int[]{ 13, 41, 121, 337, 897, 2305 };
+
+    private static final byte[] EMPTY_BYTES = new byte[0];
+    private static final int[] EMPTY_INTS = new int[0];
+    private static final ECPoint[] EMPTY_POINTS = new ECPoint[0];
 
     public static int[] generateCompactNaf(BigInteger k)
     {
@@ -12,30 +18,35 @@ public abstract class WNafUtil
         {
             throw new IllegalArgumentException("'k' must have bitlength < 2^16");
         }
+        if (k.signum() == 0)
+        {
+            return EMPTY_INTS;
+        }
 
         BigInteger _3k = k.shiftLeft(1).add(k);
 
-        int digits = _3k.bitLength() - 1;
-        int[] naf = new int[(digits + 1) >> 1];
+        int bits = _3k.bitLength();
+        int[] naf = new int[bits >> 1];
 
-        int length = 0, zeroes = 0;
-        for (int i = 1; i <= digits; ++i)
-        {
-            boolean _3kBit = _3k.testBit(i);
-            boolean kBit = k.testBit(i);
+        BigInteger diff = _3k.xor(k);
 
-            if (_3kBit == kBit)
+        int highBit = bits - 1, length = 0, zeroes = 0;
+        for (int i = 1; i < highBit; ++i)
+        {
+            if (!diff.testBit(i))
             {
                 ++zeroes;
+                continue;
             }
-            else
-            {
-                int digit  = kBit ? -1 : 1;
-                naf[length++] = (digit << 16) | zeroes;
-                zeroes = 0;
-            }
+
+            int digit  = k.testBit(i) ? -1 : 1;
+            naf[length++] = (digit << 16) | zeroes;
+            zeroes = 1;
+            ++i;
         }
 
+        naf[length++] = (1 << 16) | zeroes;
+
         if (naf.length > length)
         {
             naf = trim(naf, length);
@@ -59,6 +70,10 @@ public abstract class WNafUtil
         {
             throw new IllegalArgumentException("'k' must have bitlength < 2^16");
         }
+        if (k.signum() == 0)
+        {
+            return EMPTY_INTS;
+        }
 
         int[] wnaf = new int[k.bitLength() / width + 1];
 
@@ -114,9 +129,10 @@ public abstract class WNafUtil
         BigInteger k0 = g, k1 = h;
         int j = 0, d0 = 0, d1 = 0;
 
-        while (k0.signum() > 0 || k1.signum() > 0 || d0 > 0 || d1 > 0)
+        int offset = 0;
+        while ((d0 | d1) != 0 || k0.bitLength() > offset || k1.bitLength() > offset)
         {
-            int n0 = (k0.intValue() + d0) & 7, n1 = (k1.intValue() + d1) & 7;
+            int n0 = ((k0.intValue() >>> offset) + d0) & 7, n1 = ((k1.intValue() >>> offset) + d1) & 7;
 
             int u0 = n0 & 1;
             if (u0 != 0)
@@ -140,15 +156,19 @@ public abstract class WNafUtil
 
             if ((d0 << 1) == 1 + u0)
             {
-                d0 = 1 - d0;
+                d0 ^= 1;
             }
             if ((d1 << 1) == 1 + u1)
             {
-                d1 = 1 - d1;
+                d1 ^= 1;
             }
 
-            k0 = k0.shiftRight(1);
-            k1 = k1.shiftRight(1);
+            if (++offset == 30)
+            {
+                offset = 0;
+                k0 = k0.shiftRight(30);
+                k1 = k1.shiftRight(30);
+            }
 
             jsf[j++] = (byte)((u0 << 4) | (u1 & 0xF));
         }
@@ -164,19 +184,29 @@ public abstract class WNafUtil
 
     public static byte[] generateNaf(BigInteger k)
     {
+        if (k.signum() == 0)
+        {
+            return EMPTY_BYTES;
+        }
+
         BigInteger _3k = k.shiftLeft(1).add(k);
 
         int digits = _3k.bitLength() - 1;
         byte[] naf = new byte[digits];
 
-        for (int i = 1; i <= digits; ++i)
-        {
-            boolean _3kBit = _3k.testBit(i);
-            boolean kBit = k.testBit(i);
+        BigInteger diff = _3k.xor(k);
 
-            naf[i - 1] = (byte)(_3kBit == kBit ? 0 : kBit ? -1 : 1);
+        for (int i = 1; i < digits; ++i)
+        {
+            if (diff.testBit(i))
+            {
+                naf[i - 1] = (byte)(k.testBit(i) ? -1 : 1);
+                ++i;
+            }
         }
 
+        naf[digits - 1] = 1;
+
         return naf;
     }
 
@@ -203,6 +233,10 @@ public abstract class WNafUtil
         {
             throw new IllegalArgumentException("'width' must be in the range [2, 8]");
         }
+        if (k.signum() == 0)
+        {
+            return EMPTY_BYTES;
+        }
 
         byte[] wnaf = new byte[k.bitLength() + 1];
 
@@ -250,6 +284,24 @@ public abstract class WNafUtil
         return wnaf;
     }
 
+    public static int getNafWeight(BigInteger k)
+    {
+        if (k.signum() == 0)
+        {
+            return 0;
+        }
+
+        BigInteger _3k = k.shiftLeft(1).add(k);
+        BigInteger diff = _3k.xor(k);
+
+        return diff.bitCount();
+    }
+
+    public static WNafPreCompInfo getWNafPreCompInfo(ECPoint p)
+    {
+        return getWNafPreCompInfo(p.getCurve().getPreCompInfo(p, PRECOMP_NAME));
+    }
+
     public static WNafPreCompInfo getWNafPreCompInfo(PreCompInfo preCompInfo)
     {
         if ((preCompInfo != null) && (preCompInfo instanceof WNafPreCompInfo))
@@ -291,48 +343,143 @@ public abstract class WNafUtil
         return w + 2;
     }
 
-    public static WNafPreCompInfo precompute(ECPoint p, int width, boolean includeNegated)
+    public static ECPoint mapPointWithPrecomp(ECPoint p, int width, boolean includeNegated,
+        ECPointMap pointMap)
     {
         ECCurve c = p.getCurve();
-        WNafPreCompInfo wnafPreCompInfo = getWNafPreCompInfo(c.getPreCompInfo(p));
+        WNafPreCompInfo wnafPreCompP = precompute(p, width, includeNegated);
 
-        ECPoint[] preComp = wnafPreCompInfo.getPreComp();
-        if (preComp == null)
+        ECPoint q = pointMap.map(p);
+        WNafPreCompInfo wnafPreCompQ = getWNafPreCompInfo(c.getPreCompInfo(q, PRECOMP_NAME));
+
+        ECPoint twiceP = wnafPreCompP.getTwice();
+        if (twiceP != null)
         {
-            preComp = new ECPoint[]{ p };
+            ECPoint twiceQ = pointMap.map(twiceP);
+            wnafPreCompQ.setTwice(twiceQ);
         }
 
-        int preCompLen = preComp.length;
-        int reqPreCompLen = 1 << Math.max(0, width - 2);
+        ECPoint[] preCompP = wnafPreCompP.getPreComp();
+        ECPoint[] preCompQ = new ECPoint[preCompP.length];
+        for (int i = 0; i < preCompP.length; ++i)
+        {
+            preCompQ[i] = pointMap.map(preCompP[i]);
+        }
+        wnafPreCompQ.setPreComp(preCompQ);
 
-        if (preCompLen < reqPreCompLen)
+        if (includeNegated)
         {
-            ECPoint twiceP = wnafPreCompInfo.getTwiceP();
-            if (twiceP == null)
+            ECPoint[] preCompNegQ = new ECPoint[preCompQ.length];
+            for (int i = 0; i < preCompNegQ.length; ++i)
             {
-                twiceP = preComp[0].twice().normalize();
-                wnafPreCompInfo.setTwiceP(twiceP);
+                preCompNegQ[i] = preCompQ[i].negate();
             }
+            wnafPreCompQ.setPreCompNeg(preCompNegQ);
+        }
 
+        c.setPreCompInfo(q, PRECOMP_NAME, wnafPreCompQ);
+
+        return q;
+    }
+
+    public static WNafPreCompInfo precompute(ECPoint p, int width, boolean includeNegated)
+    {
+        ECCurve c = p.getCurve();
+        WNafPreCompInfo wnafPreCompInfo = getWNafPreCompInfo(c.getPreCompInfo(p, PRECOMP_NAME));
+
+        int iniPreCompLen = 0, reqPreCompLen = 1 << Math.max(0, width - 2);
+
+        ECPoint[] preComp = wnafPreCompInfo.getPreComp();
+        if (preComp == null)
+        {
+            preComp = EMPTY_POINTS;
+        }
+        else
+        {
+            iniPreCompLen = preComp.length;
+        }
+
+        if (iniPreCompLen < reqPreCompLen)
+        {
             preComp = resizeTable(preComp, reqPreCompLen);
 
-            /*
-             * TODO Okeya/Sakurai paper has precomputation trick and  "Montgomery's Trick" to speed this up.
-             * Also, co-Z arithmetic could avoid the subsequent normalization too.
-             */
-            for (int i = preCompLen; i < reqPreCompLen; i++)
+            if (reqPreCompLen == 1)
             {
+                preComp[0] = p.normalize();
+            }
+            else
+            {
+                int curPreCompLen = iniPreCompLen;
+                if (curPreCompLen == 0)
+                {
+                    preComp[0] = p;
+                    curPreCompLen = 1;
+                }
+
+                ECFieldElement iso = null;
+
+                if (reqPreCompLen == 2)
+                {
+                    preComp[1] = p.threeTimes();
+                }
+                else
+                {
+                    ECPoint twiceP = wnafPreCompInfo.getTwice(), last = preComp[curPreCompLen - 1];
+                    if (twiceP == null)
+                    {
+                        twiceP = preComp[0].twice();
+                        wnafPreCompInfo.setTwice(twiceP);
+
+                        /*
+                         * For Fp curves with Jacobian projective coordinates, use a (quasi-)isomorphism
+                         * where 'twiceP' is "affine", so that the subsequent additions are cheaper. This
+                         * also requires scaling the initial point's X, Y coordinates, and reversing the
+                         * isomorphism as part of the subsequent normalization.
+                         * 
+                         *  NOTE: The correctness of this optimization depends on:
+                         *      1) additions do not use the curve's A, B coefficients.
+                         *      2) no special cases (i.e. Q +/- Q) when calculating 1P, 3P, 5P, ...
+                         */
+                        if (ECAlgorithms.isFpCurve(c) && c.getFieldSize() >= 64)
+                        {
+                            switch (c.getCoordinateSystem())
+                            {
+                            case ECCurve.COORD_JACOBIAN:
+                            case ECCurve.COORD_JACOBIAN_CHUDNOVSKY:
+                            case ECCurve.COORD_JACOBIAN_MODIFIED:
+                            {
+                                iso = twiceP.getZCoord(0);
+                                twiceP = c.createPoint(twiceP.getXCoord().toBigInteger(), twiceP.getYCoord()
+                                    .toBigInteger());
+
+                                ECFieldElement iso2 = iso.square(), iso3 = iso2.multiply(iso);
+                                last = last.scaleX(iso2).scaleY(iso3);
+
+                                if (iniPreCompLen == 0)
+                                {
+                                    preComp[0] = last;
+                                }
+                                break;
+                            }
+                            }
+                        }
+                    }
+
+                    while (curPreCompLen < reqPreCompLen)
+                    {
+                        /*
+                         * Compute the new ECPoints for the precomputation array. The values 1, 3,
+                         * 5, ..., 2^(width-1)-1 times p are computed
+                         */
+                        preComp[curPreCompLen++] = last = last.add(twiceP);
+                    }
+                }
+
                 /*
-                 * Compute the new ECPoints for the precomputation array. The values 1, 3, 5, ...,
-                 * 2^(width-1)-1 times p are computed
+                 * Having oft-used operands in affine form makes operations faster.
                  */
-                preComp[i] = twiceP.add(preComp[i - 1]);
+                c.normalizeAll(preComp, iniPreCompLen, reqPreCompLen - iniPreCompLen, iso);
             }
-
-            /*
-             * Having oft-used operands in affine form makes operations faster.
-             */
-            c.normalizeAll(preComp);
         }
 
         wnafPreCompInfo.setPreComp(preComp);
@@ -365,7 +512,7 @@ public abstract class WNafUtil
             wnafPreCompInfo.setPreCompNeg(preCompNeg);
         }
 
-        c.setPreCompInfo(p, wnafPreCompInfo);
+        c.setPreCompInfo(p, PRECOMP_NAME, wnafPreCompInfo);
 
         return wnafPreCompInfo;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java b/bcprov/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java
index 7bd30ec..93d03b4 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java
@@ -8,6 +8,9 @@ import java.math.BigInteger;
  */
 public class WTauNafMultiplier extends AbstractECMultiplier
 {
+    // TODO Create WTauNafUtil class and move various functionality into it
+    static final String PRECOMP_NAME = "bc_wtnaf";
+
     /**
      * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
      * by <code>k</code> using the reduced <code>&tau;</code>-adic NAF (RTNAF)
@@ -33,7 +36,7 @@ public class WTauNafMultiplier extends AbstractECMultiplier
 
         ZTauElement rho = Tnaf.partModReduction(k, m, a, s, mu, (byte)10);
 
-        return multiplyWTnaf(p, rho, curve.getPreCompInfo(p), a, mu);
+        return multiplyWTnaf(p, rho, curve.getPreCompInfo(p, PRECOMP_NAME), a, mu);
     }
 
     /**
@@ -49,21 +52,12 @@ public class WTauNafMultiplier extends AbstractECMultiplier
     private ECPoint.F2m multiplyWTnaf(ECPoint.F2m p, ZTauElement lambda,
             PreCompInfo preCompInfo, byte a, byte mu)
     {
-        ZTauElement[] alpha;
-        if (a == 0)
-        {
-            alpha = Tnaf.alpha0;
-        }
-        else
-        {
-            // a == 1
-            alpha = Tnaf.alpha1;
-        }
+        ZTauElement[] alpha = (a == 0) ? Tnaf.alpha0 : Tnaf.alpha1;
 
         BigInteger tw = Tnaf.getTw(mu, Tnaf.WIDTH);
 
         byte[]u = Tnaf.tauAdicWNaf(mu, lambda, Tnaf.WIDTH,
-                BigInteger.valueOf(Tnaf.POW_2_WIDTH), tw, alpha);
+            BigInteger.valueOf(Tnaf.POW_2_WIDTH), tw, alpha);
 
         return multiplyFromWTnaf(p, u, preCompInfo);
     }
@@ -77,8 +71,7 @@ public class WTauNafMultiplier extends AbstractECMultiplier
      * @param u The the WTNAF of <code>&lambda;</code>..
      * @return <code>&lambda; * p</code>
      */
-    private static ECPoint.F2m multiplyFromWTnaf(ECPoint.F2m p, byte[] u,
-            PreCompInfo preCompInfo)
+    private static ECPoint.F2m multiplyFromWTnaf(ECPoint.F2m p, byte[] u, PreCompInfo preCompInfo)
     {
         ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
         byte a = curve.getA().toBigInteger().byteValue();
@@ -87,7 +80,10 @@ public class WTauNafMultiplier extends AbstractECMultiplier
         if ((preCompInfo == null) || !(preCompInfo instanceof WTauNafPreCompInfo))
         {
             pu = Tnaf.getPreComp(p, a);
-            curve.setPreCompInfo(p, new WTauNafPreCompInfo(pu));
+
+            WTauNafPreCompInfo pre = new WTauNafPreCompInfo();
+            pre.setPreComp(pu);
+            curve.setPreCompInfo(p, PRECOMP_NAME, pre);
         }
         else
         {
@@ -99,16 +95,16 @@ public class WTauNafMultiplier extends AbstractECMultiplier
         for (int i = u.length - 1; i >= 0; i--)
         {
             q = Tnaf.tau(q);
-            if (u[i] != 0)
+            byte ui = u[i];
+            if (ui != 0)
             {
-                if (u[i] > 0)
+                if (ui > 0)
                 {
-                    q = q.addSimple(pu[u[i]]);
+                    q = q.addSimple(pu[ui]);
                 }
                 else
                 {
-                    // u[i] < 0
-                    q = q.subtractSimple(pu[-u[i]]);
+                    q = q.subtractSimple(pu[-ui]);
                 }
             }
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java b/bcprov/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java
index d7c583f..190eecb 100644
--- a/bcprov/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java
@@ -4,7 +4,7 @@ package org.bouncycastle.math.ec;
  * Class holding precomputation data for the WTNAF (Window
  * <code>&tau;</code>-adic Non-Adjacent Form) algorithm.
  */
-class WTauNafPreCompInfo implements PreCompInfo
+public class WTauNafPreCompInfo implements PreCompInfo
 {
     /**
      * Array holding the precomputed <code>ECPoint.F2m</code>s used for the
@@ -12,28 +12,15 @@ class WTauNafPreCompInfo implements PreCompInfo
      * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
      * WTauNafMultiplier.multiply()}</code>.
      */
-    private ECPoint.F2m[] preComp = null;
+    protected ECPoint.F2m[] preComp = null;
 
-    /**
-     * Constructor for <code>WTauNafPreCompInfo</code>
-     * @param preComp Array holding the precomputed <code>ECPoint.F2m</code>s
-     * used for the WTNAF multiplication in <code>
-     * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
-     * WTauNafMultiplier.multiply()}</code>.
-     */
-    WTauNafPreCompInfo(ECPoint.F2m[] preComp)
+    public ECPoint.F2m[] getPreComp()
     {
-        this.preComp = preComp;
+        return preComp;
     }
 
-    /**
-     * @return the array holding the precomputed <code>ECPoint.F2m</code>s
-     * used for the WTNAF multiplication in <code>
-     * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
-     * WTauNafMultiplier.multiply()}</code>.
-     */
-    protected ECPoint.F2m[] getPreComp()
+    public void setPreComp(ECPoint.F2m[] preComp)
     {
-        return preComp;
+        this.preComp = preComp;
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519.java
new file mode 100644
index 0000000..e7839ce
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519.java
@@ -0,0 +1,80 @@
+package org.bouncycastle.math.ec.custom.djb;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat256;
+import org.bouncycastle.util.encoders.Hex;
+
+public class Curve25519 extends ECCurve.AbstractFp
+{
+    public static final BigInteger q = Nat256.toBigInteger(Curve25519Field.P);
+
+    private static final int Curve25519_DEFAULT_COORDS = COORD_JACOBIAN_MODIFIED;
+
+    protected Curve25519Point infinity;
+
+    public Curve25519()
+    {
+        super(q);
+
+        this.infinity = new Curve25519Point(this, null, null);
+
+        this.a = fromBigInteger(new BigInteger(1,
+            Hex.decode("2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA984914A144")));
+        this.b = fromBigInteger(new BigInteger(1,
+            Hex.decode("7B425ED097B425ED097B425ED097B425ED097B425ED097B4260B5E9C7710C864")));
+        this.order = new BigInteger(1, Hex.decode("1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED"));
+        this.cofactor = BigInteger.valueOf(8);
+
+        this.coord = Curve25519_DEFAULT_COORDS;
+    }
+
+    protected ECCurve cloneCurve()
+    {
+        return new Curve25519();
+    }
+
+    public boolean supportsCoordinateSystem(int coord)
+    {
+        switch (coord)
+        {
+        case COORD_JACOBIAN_MODIFIED:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public BigInteger getQ()
+    {
+        return q;
+    }
+
+    public int getFieldSize()
+    {
+        return q.bitLength();
+    }
+
+    public ECFieldElement fromBigInteger(BigInteger x)
+    {
+        return new Curve25519FieldElement(x);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        return new Curve25519Point(this, x, y, withCompression);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        return new Curve25519Point(this, x, y, zs, withCompression);
+    }
+
+    public ECPoint getInfinity()
+    {
+        return infinity;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Field.java
new file mode 100644
index 0000000..2e8e335
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Field.java
@@ -0,0 +1,254 @@
+package org.bouncycastle.math.ec.custom.djb;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat256;
+
+public class Curve25519Field
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    // 2^255 - 2^4 - 2^1 - 1
+    static final int[] P = new int[]{ 0xFFFFFFED, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+        0xFFFFFFFF, 0x7FFFFFFF };
+    private static final int P7 = 0x7FFFFFFF;
+    private static final int[] PExt = new int[]{ 0x00000169, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+        0x00000000, 0x00000000, 0x00000000, 0xFFFFFFED, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+        0xFFFFFFFF, 0x3FFFFFFF };
+    private static final int PInv = 0x13;
+
+    public static void add(int[] x, int[] y, int[] z)
+    {
+        Nat256.add(x, y, z);
+        if (Nat256.gte(z, P))
+        {
+            subPFrom(z);
+        }
+    }
+
+    public static void addExt(int[] xx, int[] yy, int[] zz)
+    {
+        Nat.add(16, xx, yy, zz);
+        if (Nat.gte(16, zz, PExt))
+        {
+            subPExtFrom(zz);
+        }
+    }
+
+    public static void addOne(int[] x, int[] z)
+    {
+        Nat.inc(8, x, z);
+        if (Nat256.gte(z, P))
+        {
+            subPFrom(z);
+        }
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        int[] z = Nat256.fromBigInteger(x);
+        while (Nat256.gte(z, P))
+        {
+            Nat256.subFrom(P, z);
+        }
+        return z;
+    }
+
+    public static void half(int[] x, int[] z)
+    {
+        if ((x[0] & 1) == 0)
+        {
+            Nat.shiftDownBit(8, x, 0, z);
+        }
+        else
+        {
+            Nat256.add(x, P, z);
+            Nat.shiftDownBit(8, z, 0);
+        }
+    }
+
+    public static void multiply(int[] x, int[] y, int[] z)
+    {
+        int[] tt = Nat256.createExt();
+        Nat256.mul(x, y, tt);
+        reduce(tt, z);
+    }
+
+    public static void multiplyAddToExt(int[] x, int[] y, int[] zz)
+    {
+        Nat256.mulAddTo(x, y, zz);
+        if (Nat.gte(16, zz, PExt))
+        {
+            subPExtFrom(zz);
+        }
+    }
+
+    public static void negate(int[] x, int[] z)
+    {
+        if (Nat256.isZero(x))
+        {
+            Nat256.zero(z);
+        }
+        else
+        {
+            Nat256.sub(P, x, z);
+        }
+    }
+
+    public static void reduce(int[] xx, int[] z)
+    {
+//        assert xx[15] >>> 30 == 0;
+
+        int xx07 = xx[7];
+        Nat.shiftUpBit(8, xx, 8, xx07, z, 0);
+        int c = Nat256.mulByWordAddTo(PInv, xx, z) << 1;
+        int z7 = z[7];
+        c += (z7 >>> 31) - (xx07 >>> 31);
+        z7 &= P7;
+        z7 += Nat.addWordTo(7, c * PInv, z);
+        z[7] = z7;
+        if (Nat256.gte(z, P))
+        {
+            subPFrom(z);
+        }
+    }
+
+    public static void reduce27(int x, int[] z)
+    {
+//        assert x >>> 26 == 0;
+
+        int z7 = z[7];
+        int c = (x << 1 | z7 >>> 31);
+        z7 &= P7;
+        z7 += Nat.addWordTo(7, c * PInv, z);
+        z[7] = z7;
+        if (Nat256.gte(z, P))
+        {
+            subPFrom(z);
+        }
+    }
+
+    public static void square(int[] x, int[] z)
+    {
+        int[] tt = Nat256.createExt();
+        Nat256.square(x, tt);
+        reduce(tt, z);
+    }
+
+    public static void squareN(int[] x, int n, int[] z)
+    {
+//        assert n > 0;
+
+        int[] tt = Nat256.createExt();
+        Nat256.square(x, tt);
+        reduce(tt, z);
+
+        while (--n > 0)
+        {
+            Nat256.square(z, tt);
+            reduce(tt, z);
+        }
+    }
+
+    public static void subtract(int[] x, int[] y, int[] z)
+    {
+        int c = Nat256.sub(x, y, z);
+        if (c != 0)
+        {
+            addPTo(z);
+        }
+    }
+
+    public static void subtractExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.sub(16, xx, yy, zz);
+        if (c != 0)
+        {
+            addPExtTo(zz);
+        }
+    }
+
+    public static void twice(int[] x, int[] z)
+    {
+        Nat.shiftUpBit(8, x, 0, z);
+        if (Nat256.gte(z, P))
+        {
+            subPFrom(z);
+        }
+    }
+
+    private static int addPTo(int[] z)
+    {
+        long c = (z[0] & M) - PInv;
+        z[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c = Nat.decAt(7, z, 1);
+        }
+        c += (z[7] & M) + ((P7 + 1) & M);
+        z[7] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    private static int addPExtTo(int[] zz)
+    {
+        long c = (zz[0] & M) + (PExt[0] & M);
+        zz[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c = Nat.incAt(8, zz, 1);
+        }
+        c += (zz[8] & M) - PInv;
+        zz[8] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c = Nat.decAt(15, zz, 9);
+        }
+        c += (zz[15] & M) + ((PExt[15] + 1) & M);
+        zz[15] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    private static int subPFrom(int[] z)
+    {
+        long c = (z[0] & M) + PInv;
+        z[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c = Nat.incAt(7, z, 1);
+        }
+        c += (z[7] & M) - ((P7 + 1) & M);
+        z[7] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    private static int subPExtFrom(int[] zz)
+    {
+        long c = (zz[0] & M) - (PExt[0] & M);
+        zz[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c = Nat.decAt(8, zz, 1);
+        }
+        c += (zz[8] & M) + PInv;
+        zz[8] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c = Nat.incAt(15, zz, 9);
+        }
+        c += (zz[15] & M) - ((PExt[15] + 1) & M);
+        zz[15] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519FieldElement.java
new file mode 100644
index 0000000..010b6f5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519FieldElement.java
@@ -0,0 +1,234 @@
+package org.bouncycastle.math.ec.custom.djb;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat256;
+import org.bouncycastle.util.Arrays;
+
+public class Curve25519FieldElement extends ECFieldElement
+{
+    public static final BigInteger Q = Curve25519.q;
+
+    // Calculated as ECConstants.TWO.modPow(Q.shiftRight(2), Q)
+    private static final int[] PRECOMP_POW2 = new int[]{ 0x4a0ea0b0, 0xc4ee1b27, 0xad2fe478, 0x2f431806,
+        0x3dfbd7a7, 0x2b4d0099, 0x4fc1df0b, 0x2b832480 };
+
+    protected int[] x;
+
+    public Curve25519FieldElement(BigInteger x)
+    {
+        if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0)
+        {
+            throw new IllegalArgumentException("x value invalid for Curve25519FieldElement");
+        }
+
+        this.x = Curve25519Field.fromBigInteger(x);
+    }
+
+    public Curve25519FieldElement()
+    {
+        this.x = Nat256.create();
+    }
+
+    protected Curve25519FieldElement(int[] x)
+    {
+        this.x = x;
+    }
+
+    public boolean isZero()
+    {
+        return Nat256.isZero(x);
+    }
+
+    public boolean isOne()
+    {
+        return Nat256.isOne(x);
+    }
+
+    public boolean testBitZero()
+    {
+        return Nat256.getBit(x, 0) == 1;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        return Nat256.toBigInteger(x);
+    }
+
+    public String getFieldName()
+    {
+        return "Curve25519Field";
+    }
+
+    public int getFieldSize()
+    {
+        return Q.bitLength();
+    }
+
+    public ECFieldElement add(ECFieldElement b)
+    {
+        int[] z = Nat256.create();
+        Curve25519Field.add(x, ((Curve25519FieldElement)b).x, z);
+        return new Curve25519FieldElement(z);
+    }
+
+    public ECFieldElement addOne()
+    {
+        int[] z = Nat256.create();
+        Curve25519Field.addOne(x, z);
+        return new Curve25519FieldElement(z);
+    }
+
+    public ECFieldElement subtract(ECFieldElement b)
+    {
+        int[] z = Nat256.create();
+        Curve25519Field.subtract(x, ((Curve25519FieldElement)b).x, z);
+        return new Curve25519FieldElement(z);
+    }
+
+    public ECFieldElement multiply(ECFieldElement b)
+    {
+        int[] z = Nat256.create();
+        Curve25519Field.multiply(x, ((Curve25519FieldElement)b).x, z);
+        return new Curve25519FieldElement(z);
+    }
+
+    public ECFieldElement divide(ECFieldElement b)
+    {
+//        return multiply(b.invert());
+        int[] z = Nat256.create();
+        Mod.invert(Curve25519Field.P, ((Curve25519FieldElement)b).x, z);
+        Curve25519Field.multiply(z, x, z);
+        return new Curve25519FieldElement(z);
+    }
+
+    public ECFieldElement negate()
+    {
+        int[] z = Nat256.create();
+        Curve25519Field.negate(x, z);
+        return new Curve25519FieldElement(z);
+    }
+
+    public ECFieldElement square()
+    {
+        int[] z = Nat256.create();
+        Curve25519Field.square(x, z);
+        return new Curve25519FieldElement(z);
+    }
+
+    public ECFieldElement invert()
+    {
+//        return new Curve25519FieldElement(toBigInteger().modInverse(Q));
+        int[] z = Nat256.create();
+        Mod.invert(Curve25519Field.P, x, z);
+        return new Curve25519FieldElement(z);
+    }
+
+    /**
+     * return a sqrt root - the routine verifies that the calculation returns the right value - if
+     * none exists it returns null.
+     */
+    public ECFieldElement sqrt()
+    {
+        /*
+         * Q == 8m + 5, so we use Pocklington's method for this case.
+         *
+         * First, raise this element to the exponent 2^252 - 2^1 (i.e. m + 1)
+         * 
+         * Breaking up the exponent's binary representation into "repunits", we get:
+         * { 251 1s } { 1 0s }
+         * 
+         * Therefore we need an addition chain containing 251 (the lengths of the repunits)
+         * We use: 1, 2, 3, 4, 7, 11, 15, 30, 60, 120, 131, [251]
+         */
+
+        int[] x1 = this.x;
+        if (Nat256.isZero(x1) || Nat256.isOne(x1))
+        {
+            return this;
+        }
+
+        int[] x2 = Nat256.create();
+        Curve25519Field.square(x1, x2);
+        Curve25519Field.multiply(x2, x1, x2);
+        int[] x3 = x2;
+        Curve25519Field.square(x2, x3);
+        Curve25519Field.multiply(x3, x1, x3);
+        int[] x4 = Nat256.create();
+        Curve25519Field.square(x3, x4);
+        Curve25519Field.multiply(x4, x1, x4);
+        int[] x7 = Nat256.create();
+        Curve25519Field.squareN(x4, 3, x7);
+        Curve25519Field.multiply(x7, x3, x7);
+        int[] x11 = x3;
+        Curve25519Field.squareN(x7, 4, x11);
+        Curve25519Field.multiply(x11, x4, x11);
+        int[] x15 = x7;
+        Curve25519Field.squareN(x11, 4, x15);
+        Curve25519Field.multiply(x15, x4, x15);
+        int[] x30 = x4;
+        Curve25519Field.squareN(x15, 15, x30);
+        Curve25519Field.multiply(x30, x15, x30);
+        int[] x60 = x15;
+        Curve25519Field.squareN(x30, 30, x60);
+        Curve25519Field.multiply(x60, x30, x60);
+        int[] x120 = x30;
+        Curve25519Field.squareN(x60, 60, x120);
+        Curve25519Field.multiply(x120, x60, x120);
+        int[] x131 = x60;
+        Curve25519Field.squareN(x120, 11, x131);
+        Curve25519Field.multiply(x131, x11, x131);
+        int[] x251 = x11;
+        Curve25519Field.squareN(x131, 120, x251);
+        Curve25519Field.multiply(x251, x120, x251);
+
+        int[] t1 = x251;
+        Curve25519Field.square(t1, t1);
+
+        int[] t2 = x120;
+        Curve25519Field.square(t1, t2);
+
+        if (Nat256.eq(x1, t2))
+        {
+            return new Curve25519FieldElement(t1);
+        }
+
+        /*
+         * If the first guess is incorrect, we multiply by a precomputed power of 2 to get the second guess,
+         * which is ((4x)^(m + 1))/2 mod Q
+         */
+        Curve25519Field.multiply(t1, PRECOMP_POW2, t1);
+
+        Curve25519Field.square(t1, t2);
+
+        if (Nat256.eq(x1, t2))
+        {
+            return new Curve25519FieldElement(t1);
+        }
+
+        return null;
+    }
+
+    public boolean equals(Object other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof Curve25519FieldElement))
+        {
+            return false;
+        }
+
+        Curve25519FieldElement o = (Curve25519FieldElement)other;
+        return Nat256.eq(x, o.x);
+    }
+
+    public int hashCode()
+    {
+        return Q.hashCode() ^ Arrays.hashCode(x, 0, 8);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Point.java
new file mode 100644
index 0000000..b2700e3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519Point.java
@@ -0,0 +1,348 @@
+package org.bouncycastle.math.ec.custom.djb;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat256;
+
+public class Curve25519Point extends ECPoint.AbstractFp
+{
+    /**
+     * Create a point which encodes with point compression.
+     * 
+     * @param curve the curve to use
+     * @param x affine x co-ordinate
+     * @param y affine y co-ordinate
+     * 
+     * @deprecated Use ECCurve.createPoint to construct points
+     */
+    public Curve25519Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this(curve, x, y, false);
+    }
+
+    /**
+     * Create a point that encodes with or without point compresion.
+     * 
+     * @param curve the curve to use
+     * @param x affine x co-ordinate
+     * @param y affine y co-ordinate
+     * @param withCompression if true encode with point compression
+     * 
+     * @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)}
+     */
+    public Curve25519Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        super(curve, x, y);
+
+        if ((x == null) != (y == null))
+        {
+            throw new IllegalArgumentException("Exactly one of the field elements is null");
+        }
+
+        this.withCompression = withCompression;
+    }
+
+    Curve25519Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        super(curve, x, y, zs);
+
+        this.withCompression = withCompression;
+    }
+
+    protected ECPoint detach()
+    {
+        return new Curve25519Point(null, getAffineXCoord(), getAffineYCoord());
+    }
+
+    public ECFieldElement getZCoord(int index)
+    {
+        if (index == 1)
+        {
+            return getJacobianModifiedW();
+        }
+
+        return super.getZCoord(index);
+    }
+
+    public ECPoint add(ECPoint b)
+    {
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return this;
+        }
+        if (this == b)
+        {
+            return twice();
+        }
+
+        ECCurve curve = this.getCurve();
+
+        Curve25519FieldElement X1 = (Curve25519FieldElement)this.x, Y1 = (Curve25519FieldElement)this.y,
+            Z1 = (Curve25519FieldElement)this.zs[0];
+        Curve25519FieldElement X2 = (Curve25519FieldElement)b.getXCoord(), Y2 = (Curve25519FieldElement)b.getYCoord(),
+            Z2 = (Curve25519FieldElement)b.getZCoord(0);
+
+        int c;
+        int[] tt1 = Nat256.createExt();
+        int[] t2 = Nat256.create();
+        int[] t3 = Nat256.create();
+        int[] t4 = Nat256.create();
+
+        boolean Z1IsOne = Z1.isOne();
+        int[] U2, S2;
+        if (Z1IsOne)
+        {
+            U2 = X2.x;
+            S2 = Y2.x;
+        }
+        else
+        {
+            S2 = t3;
+            Curve25519Field.square(Z1.x, S2);
+
+            U2 = t2;
+            Curve25519Field.multiply(S2, X2.x, U2);
+
+            Curve25519Field.multiply(S2, Z1.x, S2);
+            Curve25519Field.multiply(S2, Y2.x, S2);
+        }
+
+        boolean Z2IsOne = Z2.isOne();
+        int[] U1, S1;
+        if (Z2IsOne)
+        {
+            U1 = X1.x;
+            S1 = Y1.x;
+        }
+        else
+        {
+            S1 = t4;
+            Curve25519Field.square(Z2.x, S1);
+
+            U1 = tt1;
+            Curve25519Field.multiply(S1, X1.x, U1);
+
+            Curve25519Field.multiply(S1, Z2.x, S1);
+            Curve25519Field.multiply(S1, Y1.x, S1);
+        }
+
+        int[] H = Nat256.create();
+        Curve25519Field.subtract(U1, U2, H);
+
+        int[] R = t2;
+        Curve25519Field.subtract(S1, S2, R);
+
+        // Check if b == this or b == -this
+        if (Nat256.isZero(H))
+        {
+            if (Nat256.isZero(R))
+            {
+                // this == b, i.e. this must be doubled
+                return this.twice();
+            }
+
+            // this == -b, i.e. the result is the point at infinity
+            return curve.getInfinity();
+        }
+
+        int[] HSquared = Nat256.create();
+        Curve25519Field.square(H, HSquared);
+
+        int[] G = Nat256.create();
+        Curve25519Field.multiply(HSquared, H, G);
+
+        int[] V = t3;
+        Curve25519Field.multiply(HSquared, U1, V);
+
+        Curve25519Field.negate(G, G);
+        Nat256.mul(S1, G, tt1);
+
+        c = Nat256.addBothTo(V, V, G);
+        Curve25519Field.reduce27(c, G);
+
+        Curve25519FieldElement X3 = new Curve25519FieldElement(t4);
+        Curve25519Field.square(R, X3.x);
+        Curve25519Field.subtract(X3.x, G, X3.x);
+
+        Curve25519FieldElement Y3 = new Curve25519FieldElement(G);
+        Curve25519Field.subtract(V, X3.x, Y3.x);
+        Curve25519Field.multiplyAddToExt(Y3.x, R, tt1);
+        Curve25519Field.reduce(tt1, Y3.x);
+
+        Curve25519FieldElement Z3 = new Curve25519FieldElement(H);
+        if (!Z1IsOne)
+        {
+            Curve25519Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+        if (!Z2IsOne)
+        {
+            Curve25519Field.multiply(Z3.x, Z2.x, Z3.x);
+        }
+
+        int[] Z3Squared = (Z1IsOne && Z2IsOne) ? HSquared : null;
+
+        // TODO If the result will only be used in a subsequent addition, we don't need W3
+        Curve25519FieldElement W3 = calculateJacobianModifiedW((Curve25519FieldElement)Z3, Z3Squared);
+
+        ECFieldElement[] zs = new ECFieldElement[]{ Z3, W3 };
+
+        return new Curve25519Point(curve, X3, Y3, zs, this.withCompression);
+    }
+
+    public ECPoint twice()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECCurve curve = this.getCurve();
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero()) 
+        {
+            return curve.getInfinity();
+        }
+
+        return twiceJacobianModified(true);
+    }
+
+    public ECPoint twicePlus(ECPoint b)
+    {
+        if (this == b)
+        {
+            return threeTimes();
+        }
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return twice();
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero()) 
+        {
+            return b;
+        }
+
+        return twiceJacobianModified(false).add(b);
+    }
+
+    public ECPoint threeTimes()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero())
+        {
+            return this;
+        }
+
+        return twiceJacobianModified(false).add(this);
+    }
+
+    public ECPoint negate()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        return new Curve25519Point(this.getCurve(), this.x, this.y.negate(), this.zs, this.withCompression);
+    }
+
+    protected Curve25519FieldElement calculateJacobianModifiedW(Curve25519FieldElement Z, int[] ZSquared)
+    {
+        Curve25519FieldElement a4 = (Curve25519FieldElement)this.getCurve().getA();
+        if (Z.isOne())
+        {
+            return a4;
+        }
+
+        Curve25519FieldElement W = new Curve25519FieldElement();
+        if (ZSquared == null)
+        {
+            ZSquared = W.x;
+            Curve25519Field.square(Z.x, ZSquared);
+        }
+        Curve25519Field.square(ZSquared, W.x);
+        Curve25519Field.multiply(W.x, a4.x, W.x);
+        return W;
+    }
+
+    protected Curve25519FieldElement getJacobianModifiedW()
+    {
+        Curve25519FieldElement W = (Curve25519FieldElement)this.zs[1];
+        if (W == null)
+        {
+            // NOTE: Rarely, twicePlus will result in the need for a lazy W1 calculation here
+            this.zs[1] = W = calculateJacobianModifiedW((Curve25519FieldElement)this.zs[0], null);
+        }
+        return W;
+    }
+
+    protected Curve25519Point twiceJacobianModified(boolean calculateW)
+    {
+        Curve25519FieldElement X1 = (Curve25519FieldElement)this.x, Y1 = (Curve25519FieldElement)this.y,
+            Z1 = (Curve25519FieldElement)this.zs[0], W1 = getJacobianModifiedW();
+
+        int c;
+
+        int[] M = Nat256.create();
+        Curve25519Field.square(X1.x, M);
+        c = Nat256.addBothTo(M, M, M);
+        c += Nat256.addTo(W1.x, M);
+        Curve25519Field.reduce27(c, M);
+
+        int[] _2Y1 = Nat256.create();
+        Curve25519Field.twice(Y1.x, _2Y1);
+
+        int[] _2Y1Squared = Nat256.create();
+        Curve25519Field.multiply(_2Y1, Y1.x, _2Y1Squared);
+
+        int[] S = Nat256.create();
+        Curve25519Field.multiply(_2Y1Squared, X1.x, S);
+        Curve25519Field.twice(S, S);
+
+        int[] _8T = Nat256.create();
+        Curve25519Field.square(_2Y1Squared, _8T);
+        Curve25519Field.twice(_8T, _8T);
+
+        Curve25519FieldElement X3 = new Curve25519FieldElement(_2Y1Squared);
+        Curve25519Field.square(M, X3.x);
+        Curve25519Field.subtract(X3.x, S, X3.x);
+        Curve25519Field.subtract(X3.x, S, X3.x);
+
+        Curve25519FieldElement Y3 = new Curve25519FieldElement(S);
+        Curve25519Field.subtract(S, X3.x, Y3.x);
+        Curve25519Field.multiply(Y3.x, M, Y3.x);
+        Curve25519Field.subtract(Y3.x, _8T, Y3.x);
+
+        Curve25519FieldElement Z3 = new Curve25519FieldElement(_2Y1);
+        if (!Nat256.isOne(Z1.x))
+        {
+            Curve25519Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+
+        Curve25519FieldElement W3 = null;
+        if (calculateW)
+        {
+            W3 = new Curve25519FieldElement(_8T);
+            Curve25519Field.multiply(W3.x, W1.x, W3.x);
+            Curve25519Field.twice(W3.x, W3.x);
+        }
+
+        return new Curve25519Point(this.getCurve(), X3, Y3, new ECFieldElement[]{ Z3, W3 }, this.withCompression);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/package.html b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/package.html
new file mode 100644
index 0000000..344418b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/djb/package.html
@@ -0,0 +1,7 @@
+<html>
+<body bgcolor="#ffffff">
+Experimental implementation of curve25519. Note that the curve implementation is in the short-Weierstrass form,
+which is not the recommended (nor most suitable) approach. In particular, the input/output conventions are not
+compliant with standard implementations, and point conversions would be needed to interoperate.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Curve.java
new file mode 100644
index 0000000..b46cba6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Curve.java
@@ -0,0 +1,79 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+
+public class SecP192K1Curve extends ECCurve.AbstractFp
+{
+    public static final BigInteger q = new BigInteger(1,
+        Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37"));
+
+    private static final int SecP192K1_DEFAULT_COORDS = COORD_JACOBIAN;
+
+    protected SecP192K1Point infinity;
+
+    public SecP192K1Curve()
+    {
+        super(q);
+
+        this.infinity = new SecP192K1Point(this, null, null);
+
+        this.a = fromBigInteger(ECConstants.ZERO);
+        this.b = fromBigInteger(BigInteger.valueOf(3));
+        this.order = new BigInteger(1, Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D"));
+        this.cofactor = BigInteger.valueOf(1);
+
+        this.coord = SecP192K1_DEFAULT_COORDS;
+    }
+
+    protected ECCurve cloneCurve()
+    {
+        return new SecP192K1Curve();
+    }
+
+    public boolean supportsCoordinateSystem(int coord)
+    {
+        switch (coord)
+        {
+        case COORD_JACOBIAN:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public BigInteger getQ()
+    {
+        return q;
+    }
+
+    public int getFieldSize()
+    {
+        return q.bitLength();
+    }
+
+    public ECFieldElement fromBigInteger(BigInteger x)
+    {
+        return new SecP192K1FieldElement(x);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        return new SecP192K1Point(this, x, y, withCompression);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        return new SecP192K1Point(this, x, y, zs, withCompression);
+    }
+
+    public ECPoint getInfinity()
+    {
+        return infinity;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Field.java
new file mode 100644
index 0000000..1a0bde8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Field.java
@@ -0,0 +1,177 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat192;
+
+public class SecP192K1Field
+{
+    // 2^192 - 2^32 - 2^12 - 2^8 - 2^7 - 2^6 - 2^3 - 1
+    static final int[] P = new int[]{ 0xFFFFEE37, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+    static final int[] PExt = new int[]{ 0x013C4FD1, 0x00002392, 0x00000001, 0x00000000, 0x00000000,
+        0x00000000, 0xFFFFDC6E, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+    private static final int[] PExtInv = new int[]{ 0xFEC3B02F, 0xFFFFDC6D, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF,
+        0xFFFFFFFF, 0x00002391, 0x00000002 };
+    private static final int P5 = 0xFFFFFFFF;
+    private static final int PExt11 = 0xFFFFFFFF;
+    private static final int PInv33 = 0x11C9;
+
+    public static void add(int[] x, int[] y, int[] z)
+    {
+        int c = Nat192.add(x, y, z);
+        if (c != 0 || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            Nat.add33To(6, PInv33, z);
+        }
+    }
+
+    public static void addExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.add(12, xx, yy, zz);
+        if (c != 0 || (zz[11] == PExt11 && Nat.gte(12, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(12, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void addOne(int[] x, int[] z)
+    {
+        int c = Nat.inc(6, x, z);
+        if (c != 0 || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            Nat.add33To(6, PInv33, z);
+        }
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        int[] z = Nat192.fromBigInteger(x);
+        if (z[5] == P5 && Nat192.gte(z, P))
+        {
+            Nat192.subFrom(P, z);
+        }
+        return z;
+    }
+
+    public static void half(int[] x, int[] z)
+    {
+        if ((x[0] & 1) == 0)
+        {
+            Nat.shiftDownBit(6, x, 0, z);
+        }
+        else
+        {
+            int c = Nat192.add(x, P, z);
+            Nat.shiftDownBit(6, z, c);
+        }
+    }
+
+    public static void multiply(int[] x, int[] y, int[] z)
+    {
+        int[] tt = Nat192.createExt();
+        Nat192.mul(x, y, tt);
+        reduce(tt, z);
+    }
+
+    public static void multiplyAddToExt(int[] x, int[] y, int[] zz)
+    {
+        int c = Nat192.mulAddTo(x, y, zz);
+        if (c != 0 || (zz[11] == PExt11 && Nat.gte(12, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(12, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void negate(int[] x, int[] z)
+    {
+        if (Nat192.isZero(x))
+        {
+            Nat192.zero(z);
+        }
+        else
+        {
+            Nat192.sub(P, x, z);
+        }
+    }
+
+    public static void reduce(int[] xx, int[] z)
+    {
+        long cc = Nat192.mul33Add(PInv33, xx, 6, xx, 0, z, 0);
+        int c = Nat192.mul33DWordAdd(PInv33, cc, z, 0);
+
+        // assert c == 0L || c == 1L;
+
+        if (c != 0 || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            Nat.add33To(6, PInv33, z);
+        }
+    }
+
+    public static void reduce32(int x, int[] z)
+    {
+        if ((x != 0 && Nat192.mul33WordAdd(PInv33, x, z, 0) != 0)
+            || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            Nat.add33To(6, PInv33, z);
+        }
+    }
+
+    public static void square(int[] x, int[] z)
+    {
+        int[] tt = Nat192.createExt();
+        Nat192.square(x, tt);
+        reduce(tt, z);
+    }
+
+    public static void squareN(int[] x, int n, int[] z)
+    {
+//        assert n > 0;
+
+        int[] tt = Nat192.createExt();
+        Nat192.square(x, tt);
+        reduce(tt, z);
+
+        while (--n > 0)
+        {
+            Nat192.square(z, tt);
+            reduce(tt, z);
+        }
+    }
+
+    public static void subtract(int[] x, int[] y, int[] z)
+    {
+        int c = Nat192.sub(x, y, z);
+        if (c != 0)
+        {
+            Nat.sub33From(6, PInv33, z);
+        }
+    }
+
+    public static void subtractExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.sub(12, xx, yy, zz);
+        if (c != 0)
+        {
+            if (Nat.subFrom(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.decAt(12, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void twice(int[] x, int[] z)
+    {
+        int c = Nat.shiftUpBit(6, x, 0, z);
+        if (c != 0 || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            Nat.add33To(6, PInv33, z);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1FieldElement.java
new file mode 100644
index 0000000..0032f35
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1FieldElement.java
@@ -0,0 +1,213 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat192;
+import org.bouncycastle.util.Arrays;
+
+public class SecP192K1FieldElement extends ECFieldElement
+{
+    public static final BigInteger Q = SecP192K1Curve.q;
+
+    protected int[] x;
+
+    public SecP192K1FieldElement(BigInteger x)
+    {
+        if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0)
+        {
+            throw new IllegalArgumentException("x value invalid for SecP192K1FieldElement");
+        }
+
+        this.x = SecP192K1Field.fromBigInteger(x);
+    }
+
+    public SecP192K1FieldElement()
+    {
+        this.x = Nat192.create();
+    }
+
+    protected SecP192K1FieldElement(int[] x)
+    {
+        this.x = x;
+    }
+
+    public boolean isZero()
+    {
+        return Nat192.isZero(x);
+    }
+
+    public boolean isOne()
+    {
+        return Nat192.isOne(x);
+    }
+
+    public boolean testBitZero()
+    {
+        return Nat192.getBit(x, 0) == 1;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        return Nat192.toBigInteger(x);
+    }
+
+    public String getFieldName()
+    {
+        return "SecP192K1Field";
+    }
+
+    public int getFieldSize()
+    {
+        return Q.bitLength();
+    }
+
+    public ECFieldElement add(ECFieldElement b)
+    {
+        int[] z = Nat192.create();
+        SecP192K1Field.add(x, ((SecP192K1FieldElement)b).x, z);
+        return new SecP192K1FieldElement(z);
+    }
+
+    public ECFieldElement addOne()
+    {
+        int[] z = Nat192.create();
+        SecP192K1Field.addOne(x, z);
+        return new SecP192K1FieldElement(z);
+    }
+
+    public ECFieldElement subtract(ECFieldElement b)
+    {
+        int[] z = Nat192.create();
+        SecP192K1Field.subtract(x, ((SecP192K1FieldElement)b).x, z);
+        return new SecP192K1FieldElement(z);
+    }
+
+    public ECFieldElement multiply(ECFieldElement b)
+    {
+        int[] z = Nat192.create();
+        SecP192K1Field.multiply(x, ((SecP192K1FieldElement)b).x, z);
+        return new SecP192K1FieldElement(z);
+    }
+
+    public ECFieldElement divide(ECFieldElement b)
+    {
+//        return multiply(b.invert());
+        int[] z = Nat192.create();
+        Mod.invert(SecP192K1Field.P, ((SecP192K1FieldElement)b).x, z);
+        SecP192K1Field.multiply(z, x, z);
+        return new SecP192K1FieldElement(z);
+    }
+
+    public ECFieldElement negate()
+    {
+        int[] z = Nat192.create();
+        SecP192K1Field.negate(x, z);
+        return new SecP192K1FieldElement(z);
+    }
+
+    public ECFieldElement square()
+    {
+        int[] z = Nat192.create();
+        SecP192K1Field.square(x, z);
+        return new SecP192K1FieldElement(z);
+    }
+
+    public ECFieldElement invert()
+    {
+//        return new SecP192K1FieldElement(toBigInteger().modInverse(Q));
+        int[] z = Nat192.create();
+        Mod.invert(SecP192K1Field.P, x, z);
+        return new SecP192K1FieldElement(z);
+    }
+
+    /**
+     * return a sqrt root - the routine verifies that the calculation returns the right value - if
+     * none exists it returns null.
+     */
+    public ECFieldElement sqrt()
+    {
+        /*
+         * Raise this element to the exponent 2^190 - 2^30 - 2^10 - 2^6 - 2^5 - 2^4 - 2^1
+         * 
+         * Breaking up the exponent's binary representation into "repunits", we get:
+         * { 159 1s } { 1 0s } { 19 1s } { 1 0s } { 3 1s } { 3 0s} { 3 1s } { 1 0s }
+         * 
+         * Therefore we need an addition chain containing 3, 19, 159 (the lengths of the repunits)
+         * We use: 1, 2, [3], 6, 8, 16, [19], 35, 70, 140, [159]
+         */
+
+        int[] x1 = this.x;
+        if (Nat192.isZero(x1) || Nat192.isOne(x1))
+        {
+            return this;
+        }
+
+        int[] x2 = Nat192.create();
+        SecP192K1Field.square(x1, x2);
+        SecP192K1Field.multiply(x2, x1, x2);
+        int[] x3 = Nat192.create();
+        SecP192K1Field.square(x2, x3);
+        SecP192K1Field.multiply(x3, x1, x3);
+        int[] x6 = Nat192.create();
+        SecP192K1Field.squareN(x3, 3, x6);
+        SecP192K1Field.multiply(x6, x3, x6);
+        int[] x8 = x6;
+        SecP192K1Field.squareN(x6, 2, x8);
+        SecP192K1Field.multiply(x8, x2, x8);
+        int[] x16 = x2;
+        SecP192K1Field.squareN(x8, 8, x16);
+        SecP192K1Field.multiply(x16, x8, x16);
+        int[] x19 = x8;
+        SecP192K1Field.squareN(x16, 3, x19);
+        SecP192K1Field.multiply(x19, x3, x19);
+        int[] x35 = Nat192.create();
+        SecP192K1Field.squareN(x19, 16, x35);
+        SecP192K1Field.multiply(x35, x16, x35);
+        int[] x70 = x16;
+        SecP192K1Field.squareN(x35, 35, x70);
+        SecP192K1Field.multiply(x70, x35, x70);
+        int[] x140 = x35;
+        SecP192K1Field.squareN(x70, 70, x140);
+        SecP192K1Field.multiply(x140, x70, x140);
+        int[] x159 = x70;
+        SecP192K1Field.squareN(x140, 19, x159);
+        SecP192K1Field.multiply(x159, x19, x159);
+
+        int[] t1 = x159;
+        SecP192K1Field.squareN(t1, 20, t1);
+        SecP192K1Field.multiply(t1, x19, t1);
+        SecP192K1Field.squareN(t1, 4, t1);
+        SecP192K1Field.multiply(t1, x3, t1);
+        SecP192K1Field.squareN(t1, 6, t1);
+        SecP192K1Field.multiply(t1, x3, t1);
+        SecP192K1Field.square(t1, t1);
+
+        int[] t2 = x3;
+        SecP192K1Field.square(t1, t2);
+
+        return Nat192.eq(x1, t2) ? new SecP192K1FieldElement(t1) : null;        
+    }
+
+    public boolean equals(Object other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof SecP192K1FieldElement))
+        {
+            return false;
+        }
+
+        SecP192K1FieldElement o = (SecP192K1FieldElement)other;
+        return Nat192.eq(x, o.x);
+    }
+
+    public int hashCode()
+    {
+        return Q.hashCode() ^ Arrays.hashCode(x, 0, 6);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Point.java
new file mode 100644
index 0000000..eaa9727
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Point.java
@@ -0,0 +1,298 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat192;
+
+public class SecP192K1Point extends ECPoint.AbstractFp
+{
+    /**
+     * Create a point which encodes with point compression.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * 
+     * @deprecated Use ECCurve.createPoint to construct points
+     */
+    public SecP192K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this(curve, x, y, false);
+    }
+
+    /**
+     * Create a point that encodes with or without point compresion.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * @param withCompression
+     *            if true encode with point compression
+     * 
+     * @deprecated per-point compression property will be removed, refer
+     *             {@link #getEncoded(boolean)}
+     */
+    public SecP192K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        super(curve, x, y);
+
+        if ((x == null) != (y == null))
+        {
+            throw new IllegalArgumentException("Exactly one of the field elements is null");
+        }
+
+        this.withCompression = withCompression;
+    }
+
+    SecP192K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs,
+        boolean withCompression)
+    {
+        super(curve, x, y, zs);
+
+        this.withCompression = withCompression;
+    }
+
+    protected ECPoint detach()
+    {
+        return new SecP192K1Point(null, getAffineXCoord(), getAffineYCoord());
+    }
+
+    // B.3 pg 62
+    public ECPoint add(ECPoint b)
+    {
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return this;
+        }
+        if (this == b)
+        {
+            return twice();
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP192K1FieldElement X1 = (SecP192K1FieldElement)this.x, Y1 = (SecP192K1FieldElement)this.y;
+        SecP192K1FieldElement X2 = (SecP192K1FieldElement)b.getXCoord(), Y2 = (SecP192K1FieldElement)b.getYCoord();
+
+        SecP192K1FieldElement Z1 = (SecP192K1FieldElement)this.zs[0];
+        SecP192K1FieldElement Z2 = (SecP192K1FieldElement)b.getZCoord(0);
+
+        int c;
+        int[] tt1 = Nat192.createExt();
+        int[] t2 = Nat192.create();
+        int[] t3 = Nat192.create();
+        int[] t4 = Nat192.create();
+
+        boolean Z1IsOne = Z1.isOne();
+        int[] U2, S2;
+        if (Z1IsOne)
+        {
+            U2 = X2.x;
+            S2 = Y2.x;
+        }
+        else
+        {
+            S2 = t3;
+            SecP192K1Field.square(Z1.x, S2);
+
+            U2 = t2;
+            SecP192K1Field.multiply(S2, X2.x, U2);
+
+            SecP192K1Field.multiply(S2, Z1.x, S2);
+            SecP192K1Field.multiply(S2, Y2.x, S2);
+        }
+
+        boolean Z2IsOne = Z2.isOne();
+        int[] U1, S1;
+        if (Z2IsOne)
+        {
+            U1 = X1.x;
+            S1 = Y1.x;
+        }
+        else
+        {
+            S1 = t4;
+            SecP192K1Field.square(Z2.x, S1);
+
+            U1 = tt1;
+            SecP192K1Field.multiply(S1, X1.x, U1);
+
+            SecP192K1Field.multiply(S1, Z2.x, S1);
+            SecP192K1Field.multiply(S1, Y1.x, S1);
+        }
+
+        int[] H = Nat192.create();
+        SecP192K1Field.subtract(U1, U2, H);
+
+        int[] R = t2;
+        SecP192K1Field.subtract(S1, S2, R);
+
+        // Check if b == this or b == -this
+        if (Nat192.isZero(H))
+        {
+            if (Nat192.isZero(R))
+            {
+                // this == b, i.e. this must be doubled
+                return this.twice();
+            }
+
+            // this == -b, i.e. the result is the point at infinity
+            return curve.getInfinity();
+        }
+
+        int[] HSquared = t3;
+        SecP192K1Field.square(H, HSquared);
+
+        int[] G = Nat192.create();
+        SecP192K1Field.multiply(HSquared, H, G);
+
+        int[] V = t3;
+        SecP192K1Field.multiply(HSquared, U1, V);
+
+        SecP192K1Field.negate(G, G);
+        Nat192.mul(S1, G, tt1);
+
+        c = Nat192.addBothTo(V, V, G);
+        SecP192K1Field.reduce32(c, G);
+
+        SecP192K1FieldElement X3 = new SecP192K1FieldElement(t4);
+        SecP192K1Field.square(R, X3.x);
+        SecP192K1Field.subtract(X3.x, G, X3.x);
+
+        SecP192K1FieldElement Y3 = new SecP192K1FieldElement(G);
+        SecP192K1Field.subtract(V, X3.x, Y3.x);
+        SecP192K1Field.multiplyAddToExt(Y3.x, R, tt1);
+        SecP192K1Field.reduce(tt1, Y3.x);
+
+        SecP192K1FieldElement Z3 = new SecP192K1FieldElement(H);
+        if (!Z1IsOne)
+        {
+            SecP192K1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+        if (!Z2IsOne)
+        {
+            SecP192K1Field.multiply(Z3.x, Z2.x, Z3.x);
+        }
+
+        ECFieldElement[] zs = new ECFieldElement[] { Z3 };
+
+        return new SecP192K1Point(curve, X3, Y3, zs, this.withCompression);
+    }
+
+    // B.3 pg 62
+    public ECPoint twice()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP192K1FieldElement Y1 = (SecP192K1FieldElement)this.y;
+        if (Y1.isZero())
+        {
+            return curve.getInfinity();
+        }
+
+        SecP192K1FieldElement X1 = (SecP192K1FieldElement)this.x, Z1 = (SecP192K1FieldElement)this.zs[0];
+
+        int c;
+        
+        int[] Y1Squared = Nat192.create();
+        SecP192K1Field.square(Y1.x, Y1Squared);
+
+        int[] T = Nat192.create();
+        SecP192K1Field.square(Y1Squared, T);
+
+        int[] M = Nat192.create();
+        SecP192K1Field.square(X1.x, M);
+        c = Nat192.addBothTo(M, M, M);
+        SecP192K1Field.reduce32(c, M);
+
+        int[] S = Y1Squared;
+        SecP192K1Field.multiply(Y1Squared, X1.x, S);
+        c = Nat.shiftUpBits(6, S, 2, 0);
+        SecP192K1Field.reduce32(c, S);
+
+        int[] t1 = Nat192.create();
+        c = Nat.shiftUpBits(6, T, 3, 0, t1);
+        SecP192K1Field.reduce32(c, t1);
+
+        SecP192K1FieldElement X3 = new SecP192K1FieldElement(T);
+        SecP192K1Field.square(M, X3.x);
+        SecP192K1Field.subtract(X3.x, S, X3.x);
+        SecP192K1Field.subtract(X3.x, S, X3.x);
+
+        SecP192K1FieldElement Y3 = new SecP192K1FieldElement(S);
+        SecP192K1Field.subtract(S, X3.x, Y3.x);
+        SecP192K1Field.multiply(Y3.x, M, Y3.x);
+        SecP192K1Field.subtract(Y3.x, t1, Y3.x);
+
+        SecP192K1FieldElement Z3 = new SecP192K1FieldElement(M);
+        SecP192K1Field.twice(Y1.x, Z3.x);
+        if (!Z1.isOne())
+        {
+            SecP192K1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+
+        return new SecP192K1Point(curve, X3, Y3, new ECFieldElement[] { Z3 }, this.withCompression);
+    }
+
+    public ECPoint twicePlus(ECPoint b)
+    {
+        if (this == b)
+        {
+            return threeTimes();
+        }
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return twice();
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero())
+        {
+            return b;
+        }
+
+        return twice().add(b);
+    }
+
+    public ECPoint threeTimes()
+    {
+        if (this.isInfinity() || this.y.isZero())
+        {
+            return this;
+        }
+
+        // NOTE: Be careful about recursions between twicePlus and threeTimes
+        return twice().add(this);
+    }
+
+    public ECPoint negate()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        return new SecP192K1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Curve.java
new file mode 100644
index 0000000..be67100
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Curve.java
@@ -0,0 +1,80 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+
+public class SecP192R1Curve extends ECCurve.AbstractFp
+{
+    public static final BigInteger q = new BigInteger(1,
+        Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"));
+
+    private static final int SecP192R1_DEFAULT_COORDS = COORD_JACOBIAN;
+
+    protected SecP192R1Point infinity;
+
+    public SecP192R1Curve()
+    {
+        super(q);
+
+        this.infinity = new SecP192R1Point(this, null, null);
+
+        this.a = fromBigInteger(new BigInteger(1,
+            Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")));
+        this.b = fromBigInteger(new BigInteger(1,
+            Hex.decode("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")));
+        this.order = new BigInteger(1, Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"));
+        this.cofactor = BigInteger.valueOf(1);
+
+        this.coord = SecP192R1_DEFAULT_COORDS;
+    }
+
+    protected ECCurve cloneCurve()
+    {
+        return new SecP192R1Curve();
+    }
+
+    public boolean supportsCoordinateSystem(int coord)
+    {
+        switch (coord)
+        {
+        case COORD_JACOBIAN:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public BigInteger getQ()
+    {
+        return q;
+    }
+
+    public int getFieldSize()
+    {
+        return q.bitLength();
+    }
+
+    public ECFieldElement fromBigInteger(BigInteger x)
+    {
+        return new SecP192R1FieldElement(x);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        return new SecP192R1Point(this, x, y, withCompression);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        return new SecP192R1Point(this, x, y, zs, withCompression);
+    }
+
+    public ECPoint getInfinity()
+    {
+        return infinity;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Field.java
new file mode 100644
index 0000000..c8f5eed
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Field.java
@@ -0,0 +1,286 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat192;
+
+public class SecP192R1Field
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    // 2^192 - 2^64 - 1
+    static final int[] P = new int[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+    static final int[] PExt = new int[]{ 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001,
+        0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+    private static final int[] PExtInv = new int[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFE,
+        0xFFFFFFFF, 0x00000001, 0x00000000, 0x00000002 };
+    private static final int P5 = 0xFFFFFFFF;
+    private static final int PExt11 = 0xFFFFFFFF;
+
+    public static void add(int[] x, int[] y, int[] z)
+    {
+        int c = Nat192.add(x, y, z);
+        if (c != 0 || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void addExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.add(12, xx, yy, zz);
+        if (c != 0 || (zz[11] == PExt11 && Nat.gte(12, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(12, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void addOne(int[] x, int[] z)
+    {
+        int c = Nat.inc(6, x, z);
+        if (c != 0 || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        int[] z = Nat192.fromBigInteger(x);
+        if (z[5] == P5 && Nat192.gte(z, P))
+        {
+            Nat192.subFrom(P, z);
+        }
+        return z;
+    }
+
+    public static void half(int[] x, int[] z)
+    {
+        if ((x[0] & 1) == 0)
+        {
+            Nat.shiftDownBit(6, x, 0, z);
+        }
+        else
+        {
+            int c = Nat192.add(x, P, z);
+            Nat.shiftDownBit(6, z, c);
+        }
+    }
+
+    public static void multiply(int[] x, int[] y, int[] z)
+    {
+        int[] tt = Nat192.createExt();
+        Nat192.mul(x, y, tt);
+        reduce(tt, z);
+    }
+
+    public static void multiplyAddToExt(int[] x, int[] y, int[] zz)
+    {
+        int c = Nat192.mulAddTo(x, y, zz);
+        if (c != 0 || (zz[11] == PExt11 && Nat.gte(12, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(12, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void negate(int[] x, int[] z)
+    {
+        if (Nat192.isZero(x))
+        {
+            Nat192.zero(z);
+        }
+        else
+        {
+            Nat192.sub(P, x, z);
+        }
+    }
+
+    public static void reduce(int[] xx, int[] z)
+    {
+        long xx06 = xx[6] & M, xx07 = xx[7] & M, xx08 = xx[8] & M;
+        long xx09 = xx[9] & M, xx10 = xx[10] & M, xx11 = xx[11] & M;
+
+        long t0 = xx06 + xx10;
+        long t1 = xx07 + xx11;
+
+        long cc = 0;
+        cc += (xx[0] & M) + t0;
+        int z0 = (int)cc;
+        cc >>= 32;
+        cc += (xx[1] & M) + t1;
+        z[1] = (int)cc;
+        cc >>= 32;
+
+        t0 += xx08;
+        t1 += xx09;
+
+        cc += (xx[2] & M) + t0;
+        long z2 = cc & M;
+        cc >>= 32;
+        cc += (xx[3] & M) + t1;
+        z[3] = (int)cc;
+        cc >>= 32;
+
+        t0 -= xx06;
+        t1 -= xx07;
+
+        cc += (xx[4] & M) + t0;
+        z[4] = (int)cc;
+        cc >>= 32;
+        cc += (xx[5] & M) + t1;
+        z[5] = (int)cc;
+        cc >>= 32;
+
+        z2 += cc;
+
+        cc += (z0 & M);
+        z[0] = (int)cc;
+        cc >>= 32;
+        if (cc != 0)
+        {
+            cc += (z[1] & M);
+            z[1] = (int)cc;
+            z2 += cc >> 32;
+        }
+        z[2] = (int)z2;
+        cc = z2 >> 32;
+
+//      assert cc == 0 || cc == 1;
+
+        if ((cc != 0 && Nat.incAt(6, z, 3) != 0)
+            || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void reduce32(int x, int[] z)
+    {
+        long cc = 0;
+
+        if (x != 0)
+        {
+            long xx06 = x & M;
+    
+            cc += (z[0] & M) + xx06;
+            z[0] = (int)cc;
+            cc >>= 32;
+            if (cc != 0)
+            {
+                cc += (z[1] & M);
+                z[1] = (int)cc;
+                cc >>= 32;
+            }
+            cc += (z[2] & M) + xx06;
+            z[2] = (int)cc;
+            cc >>= 32;
+
+//            assert cc == 0 || cc == 1;
+        }
+
+        if ((cc != 0 && Nat.incAt(6, z, 3) != 0)
+            || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void square(int[] x, int[] z)
+    {
+        int[] tt = Nat192.createExt();
+        Nat192.square(x, tt);
+        reduce(tt, z);
+    }
+
+    public static void squareN(int[] x, int n, int[] z)
+    {
+//        assert n > 0;
+
+        int[] tt = Nat192.createExt();
+        Nat192.square(x, tt);
+        reduce(tt, z);
+
+        while (--n > 0)
+        {
+            Nat192.square(z, tt);
+            reduce(tt, z);
+        }
+    }
+
+    public static void subtract(int[] x, int[] y, int[] z)
+    {
+        int c = Nat192.sub(x, y, z);
+        if (c != 0)
+        {
+            subPInvFrom(z);
+        }
+    }
+
+    public static void subtractExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.sub(12, xx, yy, zz);
+        if (c != 0)
+        {
+            if (Nat.subFrom(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.decAt(12, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void twice(int[] x, int[] z)
+    {
+        int c = Nat.shiftUpBit(6, x, 0, z);
+        if (c != 0 || (z[5] == P5 && Nat192.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    private static void addPInvTo(int[] z)
+    {
+        long c = (z[0] & M) + 1;
+        z[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[1] & M);
+            z[1] = (int)c;
+            c >>= 32;
+        }
+        c += (z[2] & M) + 1;
+        z[2] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            Nat.incAt(6, z, 3);
+        }
+    }
+
+    private static void subPInvFrom(int[] z)
+    {
+        long c = (z[0] & M) - 1;
+        z[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[1] & M);
+            z[1] = (int)c;
+            c >>= 32;
+        }
+        c += (z[2] & M) - 1;
+        z[2] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            Nat.decAt(6, z, 3);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1FieldElement.java
new file mode 100644
index 0000000..68c8080
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1FieldElement.java
@@ -0,0 +1,190 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat192;
+import org.bouncycastle.util.Arrays;
+
+public class SecP192R1FieldElement extends ECFieldElement
+{
+    public static final BigInteger Q = SecP192R1Curve.q;
+
+    protected int[] x;
+
+    public SecP192R1FieldElement(BigInteger x)
+    {
+        if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0)
+        {
+            throw new IllegalArgumentException("x value invalid for SecP192R1FieldElement");
+        }
+
+        this.x = SecP192R1Field.fromBigInteger(x);
+    }
+
+    public SecP192R1FieldElement()
+    {
+        this.x = Nat192.create();
+    }
+
+    protected SecP192R1FieldElement(int[] x)
+    {
+        this.x = x;
+    }
+
+    public boolean isZero()
+    {
+        return Nat192.isZero(x);
+    }
+
+    public boolean isOne()
+    {
+        return Nat192.isOne(x);
+    }
+
+    public boolean testBitZero()
+    {
+        return Nat192.getBit(x, 0) == 1;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        return Nat192.toBigInteger(x);
+    }
+
+    public String getFieldName()
+    {
+        return "SecP192R1Field";
+    }
+
+    public int getFieldSize()
+    {
+        return Q.bitLength();
+    }
+
+    public ECFieldElement add(ECFieldElement b)
+    {
+        int[] z = Nat192.create();
+        SecP192R1Field.add(x, ((SecP192R1FieldElement)b).x, z);
+        return new SecP192R1FieldElement(z);
+    }
+
+    public ECFieldElement addOne()
+    {
+        int[] z = Nat192.create();
+        SecP192R1Field.addOne(x, z);
+        return new SecP192R1FieldElement(z);
+    }
+
+    public ECFieldElement subtract(ECFieldElement b)
+    {
+        int[] z = Nat192.create();
+        SecP192R1Field.subtract(x, ((SecP192R1FieldElement)b).x, z);
+        return new SecP192R1FieldElement(z);
+    }
+
+    public ECFieldElement multiply(ECFieldElement b)
+    {
+        int[] z = Nat192.create();
+        SecP192R1Field.multiply(x, ((SecP192R1FieldElement)b).x, z);
+        return new SecP192R1FieldElement(z);
+    }
+
+    public ECFieldElement divide(ECFieldElement b)
+    {
+//        return multiply(b.invert());
+        int[] z = Nat192.create();
+        Mod.invert(SecP192R1Field.P, ((SecP192R1FieldElement)b).x, z);
+        SecP192R1Field.multiply(z, x, z);
+        return new SecP192R1FieldElement(z);
+    }
+
+    public ECFieldElement negate()
+    {
+        int[] z = Nat192.create();
+        SecP192R1Field.negate(x, z);
+        return new SecP192R1FieldElement(z);
+    }
+
+    public ECFieldElement square()
+    {
+        int[] z = Nat192.create();
+        SecP192R1Field.square(x, z);
+        return new SecP192R1FieldElement(z);
+    }
+
+    public ECFieldElement invert()
+    {
+//        return new SecP192R1FieldElement(toBigInteger().modInverse(Q));
+        int[] z = Nat192.create();
+        Mod.invert(SecP192R1Field.P, x, z);
+        return new SecP192R1FieldElement(z);
+    }
+
+    // D.1.4 91
+    /**
+     * return a sqrt root - the routine verifies that the calculation returns the right value - if
+     * none exists it returns null.
+     */
+    public ECFieldElement sqrt()
+    {
+        // Raise this element to the exponent 2^190 - 2^62
+
+        int[] x1 = this.x;
+        if (Nat192.isZero(x1) || Nat192.isOne(x1))
+        {
+            return this;
+        }
+
+        int[] t1 = Nat192.create();
+        int[] t2 = Nat192.create();
+
+        SecP192R1Field.square(x1, t1);
+        SecP192R1Field.multiply(t1, x1, t1);
+
+        SecP192R1Field.squareN(t1, 2, t2);
+        SecP192R1Field.multiply(t2, t1, t2);
+
+        SecP192R1Field.squareN(t2, 4, t1);
+        SecP192R1Field.multiply(t1, t2, t1);
+
+        SecP192R1Field.squareN(t1, 8, t2);
+        SecP192R1Field.multiply(t2, t1, t2);
+
+        SecP192R1Field.squareN(t2, 16, t1);
+        SecP192R1Field.multiply(t1, t2, t1);
+
+        SecP192R1Field.squareN(t1, 32, t2);
+        SecP192R1Field.multiply(t2, t1, t2);
+
+        SecP192R1Field.squareN(t2, 64, t1);
+        SecP192R1Field.multiply(t1, t2, t1);
+
+        SecP192R1Field.squareN(t1, 62, t1);
+        SecP192R1Field.square(t1, t2);
+
+        return Nat192.eq(x1, t2) ? new SecP192R1FieldElement(t1) : null;
+    }
+
+    public boolean equals(Object other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof SecP192R1FieldElement))
+        {
+            return false;
+        }
+
+        SecP192R1FieldElement o = (SecP192R1FieldElement)other;
+        return Nat192.eq(x, o.x);
+    }
+
+    public int hashCode()
+    {
+        return Q.hashCode() ^ Arrays.hashCode(x, 0, 6);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Point.java
new file mode 100644
index 0000000..3ed72f8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192R1Point.java
@@ -0,0 +1,310 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat192;
+
+public class SecP192R1Point extends ECPoint.AbstractFp
+{
+    /**
+     * Create a point which encodes with point compression.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * 
+     * @deprecated Use ECCurve.createPoint to construct points
+     */
+    public SecP192R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this(curve, x, y, false);
+    }
+
+    /**
+     * Create a point that encodes with or without point compresion.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * @param withCompression
+     *            if true encode with point compression
+     * 
+     * @deprecated per-point compression property will be removed, refer
+     *             {@link #getEncoded(boolean)}
+     */
+    public SecP192R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        super(curve, x, y);
+
+        if ((x == null) != (y == null))
+        {
+            throw new IllegalArgumentException("Exactly one of the field elements is null");
+        }
+
+        this.withCompression = withCompression;
+    }
+
+    SecP192R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        super(curve, x, y, zs);
+
+        this.withCompression = withCompression;
+    }
+
+    protected ECPoint detach()
+    {
+        return new SecP192R1Point(null, getAffineXCoord(), getAffineYCoord());
+    }
+
+    // B.3 pg 62
+    public ECPoint add(ECPoint b)
+    {
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return this;
+        }
+        if (this == b)
+        {
+            return twice();
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP192R1FieldElement X1 = (SecP192R1FieldElement)this.x, Y1 = (SecP192R1FieldElement)this.y;
+        SecP192R1FieldElement X2 = (SecP192R1FieldElement)b.getXCoord(), Y2 = (SecP192R1FieldElement)b.getYCoord();
+
+        SecP192R1FieldElement Z1 = (SecP192R1FieldElement)this.zs[0];
+        SecP192R1FieldElement Z2 = (SecP192R1FieldElement)b.getZCoord(0);
+
+        int c;
+        int[] tt1 = Nat192.createExt();
+        int[] t2 = Nat192.create();
+        int[] t3 = Nat192.create();
+        int[] t4 = Nat192.create();
+
+        boolean Z1IsOne = Z1.isOne();
+        int[] U2, S2;
+        if (Z1IsOne)
+        {
+            U2 = X2.x;
+            S2 = Y2.x;
+        }
+        else
+        {
+            S2 = t3;
+            SecP192R1Field.square(Z1.x, S2);
+
+            U2 = t2;
+            SecP192R1Field.multiply(S2, X2.x, U2);
+
+            SecP192R1Field.multiply(S2, Z1.x, S2);
+            SecP192R1Field.multiply(S2, Y2.x, S2);
+        }
+
+        boolean Z2IsOne = Z2.isOne();
+        int[] U1, S1;
+        if (Z2IsOne)
+        {
+            U1 = X1.x;
+            S1 = Y1.x;
+        }
+        else
+        {
+            S1 = t4;
+            SecP192R1Field.square(Z2.x, S1);
+
+            U1 = tt1;
+            SecP192R1Field.multiply(S1, X1.x, U1);
+
+            SecP192R1Field.multiply(S1, Z2.x, S1);
+            SecP192R1Field.multiply(S1, Y1.x, S1);
+        }
+
+        int[] H = Nat192.create();
+        SecP192R1Field.subtract(U1, U2, H);
+
+        int[] R = t2;
+        SecP192R1Field.subtract(S1, S2, R);
+
+        // Check if b == this or b == -this
+        if (Nat192.isZero(H))
+        {
+            if (Nat192.isZero(R))
+            {
+                // this == b, i.e. this must be doubled
+                return this.twice();
+            }
+
+            // this == -b, i.e. the result is the point at infinity
+            return curve.getInfinity();
+        }
+
+        int[] HSquared = t3;
+        SecP192R1Field.square(H, HSquared);
+
+        int[] G = Nat192.create();
+        SecP192R1Field.multiply(HSquared, H, G);
+
+        int[] V = t3;
+        SecP192R1Field.multiply(HSquared, U1, V);
+
+        SecP192R1Field.negate(G, G);
+        Nat192.mul(S1, G, tt1);
+
+        c = Nat192.addBothTo(V, V, G);
+        SecP192R1Field.reduce32(c, G);
+
+        SecP192R1FieldElement X3 = new SecP192R1FieldElement(t4);
+        SecP192R1Field.square(R, X3.x);
+        SecP192R1Field.subtract(X3.x, G, X3.x);
+
+        SecP192R1FieldElement Y3 = new SecP192R1FieldElement(G);
+        SecP192R1Field.subtract(V, X3.x, Y3.x);
+        SecP192R1Field.multiplyAddToExt(Y3.x, R, tt1);
+        SecP192R1Field.reduce(tt1, Y3.x);
+
+        SecP192R1FieldElement Z3 = new SecP192R1FieldElement(H);
+        if (!Z1IsOne)
+        {
+            SecP192R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+        if (!Z2IsOne)
+        {
+            SecP192R1Field.multiply(Z3.x, Z2.x, Z3.x);
+        }
+
+        ECFieldElement[] zs = new ECFieldElement[]{ Z3 };
+
+        return new SecP192R1Point(curve, X3, Y3, zs, this.withCompression);
+    }
+
+    // B.3 pg 62
+    public ECPoint twice()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP192R1FieldElement Y1 = (SecP192R1FieldElement)this.y;
+        if (Y1.isZero())
+        {
+            return curve.getInfinity();
+        }
+
+        SecP192R1FieldElement X1 = (SecP192R1FieldElement)this.x, Z1 = (SecP192R1FieldElement)this.zs[0];
+
+        int c;
+        int[] t1 = Nat192.create();
+        int[] t2 = Nat192.create();
+
+        int[] Y1Squared = Nat192.create();
+        SecP192R1Field.square(Y1.x, Y1Squared);
+
+        int[] T = Nat192.create();
+        SecP192R1Field.square(Y1Squared, T);
+
+        boolean Z1IsOne = Z1.isOne();
+
+        int[] Z1Squared = Z1.x;
+        if (!Z1IsOne)
+        {
+            Z1Squared = t2;
+            SecP192R1Field.square(Z1.x, Z1Squared);
+        }
+
+        SecP192R1Field.subtract(X1.x, Z1Squared, t1);
+
+        int[] M = t2;
+        SecP192R1Field.add(X1.x, Z1Squared, M);
+        SecP192R1Field.multiply(M, t1, M);
+        c = Nat192.addBothTo(M, M, M);
+        SecP192R1Field.reduce32(c, M);
+
+        int[] S = Y1Squared;
+        SecP192R1Field.multiply(Y1Squared, X1.x, S);
+        c = Nat.shiftUpBits(6, S, 2, 0);
+        SecP192R1Field.reduce32(c, S);
+
+        c = Nat.shiftUpBits(6, T, 3, 0, t1);
+        SecP192R1Field.reduce32(c, t1);
+
+        SecP192R1FieldElement X3 = new SecP192R1FieldElement(T);
+        SecP192R1Field.square(M, X3.x);
+        SecP192R1Field.subtract(X3.x, S, X3.x);
+        SecP192R1Field.subtract(X3.x, S, X3.x);
+
+        SecP192R1FieldElement Y3 = new SecP192R1FieldElement(S);
+        SecP192R1Field.subtract(S, X3.x, Y3.x);
+        SecP192R1Field.multiply(Y3.x, M, Y3.x);
+        SecP192R1Field.subtract(Y3.x, t1, Y3.x);
+
+        SecP192R1FieldElement Z3 = new SecP192R1FieldElement(M);
+        SecP192R1Field.twice(Y1.x, Z3.x);
+        if (!Z1IsOne)
+        {
+            SecP192R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+
+        return new SecP192R1Point(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression);
+    }
+
+    public ECPoint twicePlus(ECPoint b)
+    {
+        if (this == b)
+        {
+            return threeTimes();
+        }
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return twice();
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero())
+        {
+            return b;
+        }
+
+        return twice().add(b);
+    }
+
+    public ECPoint threeTimes()
+    {
+        if (this.isInfinity() || this.y.isZero())
+        {
+            return this;
+        }
+
+        // NOTE: Be careful about recursions between twicePlus and threeTimes
+        return twice().add(this);
+    }
+
+    public ECPoint negate()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        return new SecP192R1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Curve.java
new file mode 100644
index 0000000..ad733da
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Curve.java
@@ -0,0 +1,78 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+
+public class SecP224K1Curve extends ECCurve.AbstractFp
+{
+    public static final BigInteger q = new BigInteger(1,
+        Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D"));
+
+    private static final int SECP224K1_DEFAULT_COORDS = COORD_JACOBIAN;
+
+    protected SecP224K1Point infinity;
+
+    public SecP224K1Curve()
+    {
+        super(q);
+
+        this.infinity = new SecP224K1Point(this, null, null);
+
+        this.a = fromBigInteger(ECConstants.ZERO);
+        this.b = fromBigInteger(BigInteger.valueOf(5));
+        this.order = new BigInteger(1, Hex.decode("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7"));
+        this.cofactor = BigInteger.valueOf(1);
+        this.coord = SECP224K1_DEFAULT_COORDS;
+    }
+
+    protected ECCurve cloneCurve()
+    {
+        return new SecP224K1Curve();
+    }
+
+    public boolean supportsCoordinateSystem(int coord)
+    {
+        switch (coord)
+        {
+        case COORD_JACOBIAN:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public BigInteger getQ()
+    {
+        return q;
+    }
+
+    public int getFieldSize()
+    {
+        return q.bitLength();
+    }
+
+    public ECFieldElement fromBigInteger(BigInteger x)
+    {
+        return new SecP224K1FieldElement(x);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        return new SecP224K1Point(this, x, y, withCompression);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        return new SecP224K1Point(this, x, y, zs, withCompression);
+    }
+
+    public ECPoint getInfinity()
+    {
+        return infinity;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Field.java
new file mode 100644
index 0000000..0146fec
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Field.java
@@ -0,0 +1,178 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat224;
+
+public class SecP224K1Field
+{
+    // 2^224 - 2^32 - 2^12 - 2^11 - 2^9 - 2^7 - 2^4 - 2 - 1
+    static final int[] P = new int[]{ 0xFFFFE56D, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+        0xFFFFFFFF };
+    static final int[] PExt = new int[]{ 0x02C23069, 0x00003526, 0x00000001, 0x00000000, 0x00000000,
+        0x00000000, 0x00000000, 0xFFFFCADA, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+    private static final int[] PExtInv = new int[]{ 0xFD3DCF97, 0xFFFFCAD9, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF,
+        0xFFFFFFFF, 0xFFFFFFFF, 0x00003525, 0x00000002 };
+    private static final int P6 = 0xFFFFFFFF;
+    private static final int PExt13 = 0xFFFFFFFF;
+    private static final int PInv33 = 0x1A93;
+
+    public static void add(int[] x, int[] y, int[] z)
+    {
+        int c = Nat224.add(x, y, z);
+        if (c != 0 || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            Nat.add33To(7, PInv33, z);
+        }
+    }
+
+    public static void addExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.add(14, xx, yy, zz);
+        if (c != 0 || (zz[13] == PExt13 && Nat.gte(14, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(14, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void addOne(int[] x, int[] z)
+    {
+        int c = Nat.inc(7, x, z);
+        if (c != 0 || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            Nat.add33To(7, PInv33, z);
+        }
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        int[] z = Nat224.fromBigInteger(x);
+        if (z[6] == P6 && Nat224.gte(z, P))
+        {
+            Nat.add33To(7, PInv33, z);
+        }
+        return z;
+    }
+
+    public static void half(int[] x, int[] z)
+    {
+        if ((x[0] & 1) == 0)
+        {
+            Nat.shiftDownBit(7, x, 0, z);
+        }
+        else
+        {
+            int c = Nat224.add(x, P, z);
+            Nat.shiftDownBit(7, z, c);
+        }
+    }
+
+    public static void multiply(int[] x, int[] y, int[] z)
+    {
+        int[] tt = Nat224.createExt();
+        Nat224.mul(x, y, tt);
+        reduce(tt, z);
+    }
+
+    public static void multiplyAddToExt(int[] x, int[] y, int[] zz)
+    {
+        int c = Nat224.mulAddTo(x, y, zz);
+        if (c != 0 || (zz[13] == PExt13 && Nat.gte(14, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(14, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void negate(int[] x, int[] z)
+    {
+        if (Nat224.isZero(x))
+        {
+            Nat224.zero(z);
+        }
+        else
+        {
+            Nat224.sub(P, x, z);
+        }
+    }
+
+    public static void reduce(int[] xx, int[] z)
+    {
+        long cc = Nat224.mul33Add(PInv33, xx, 7, xx, 0, z, 0);
+        int c = Nat224.mul33DWordAdd(PInv33, cc, z, 0);
+
+        // assert c == 0L || c == 1L;
+
+        if (c != 0 || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            Nat.add33To(7, PInv33, z);
+        }
+    }
+
+    public static void reduce32(int x, int[] z)
+    {
+        if ((x != 0 && Nat224.mul33WordAdd(PInv33, x, z, 0) != 0)
+            || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            Nat.add33To(7, PInv33, z);
+        }
+    }
+
+    public static void square(int[] x, int[] z)
+    {
+        int[] tt = Nat224.createExt();
+        Nat224.square(x, tt);
+        reduce(tt, z);
+    }
+
+    public static void squareN(int[] x, int n, int[] z)
+    {
+//        assert n > 0;
+
+        int[] tt = Nat224.createExt();
+        Nat224.square(x, tt);
+        reduce(tt, z);
+
+        while (--n > 0)
+        {
+            Nat224.square(z, tt);
+            reduce(tt, z);
+        }
+    }
+
+    public static void subtract(int[] x, int[] y, int[] z)
+    {
+        int c = Nat224.sub(x, y, z);
+        if (c != 0)
+        {
+            Nat.sub33From(7, PInv33, z);
+        }
+    }
+
+    public static void subtractExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.sub(14, xx, yy, zz);
+        if (c != 0)
+        {
+            if (Nat.subFrom(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.decAt(14, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void twice(int[] x, int[] z)
+    {
+        int c = Nat.shiftUpBit(7, x, 0, z);
+        if (c != 0 || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            Nat.add33To(7, PInv33, z);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1FieldElement.java
new file mode 100644
index 0000000..73f1999
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1FieldElement.java
@@ -0,0 +1,243 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat224;
+import org.bouncycastle.util.Arrays;
+
+public class SecP224K1FieldElement extends ECFieldElement
+{
+    public static final BigInteger Q = SecP224K1Curve.q;
+
+    // Calculated as ECConstants.TWO.modPow(Q.shiftRight(2), Q)
+    private static final int[] PRECOMP_POW2 = new int[]{ 0x33bfd202, 0xdcfad133, 0x2287624a, 0xc3811ba8,
+        0xa85558fc, 0x1eaef5d7, 0x8edf154c };
+
+    protected int[] x;
+
+    public SecP224K1FieldElement(BigInteger x)
+    {
+        if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0)
+        {
+            throw new IllegalArgumentException("x value invalid for SecP224K1FieldElement");
+        }
+
+        this.x = SecP224K1Field.fromBigInteger(x);
+    }
+
+    public SecP224K1FieldElement()
+    {
+        this.x = Nat224.create();
+    }
+
+    protected SecP224K1FieldElement(int[] x)
+    {
+        this.x = x;
+    }
+
+    public boolean isZero()
+    {
+        return Nat224.isZero(x);
+    }
+
+    public boolean isOne()
+    {
+        return Nat224.isOne(x);
+    }
+
+    public boolean testBitZero()
+    {
+        return Nat224.getBit(x, 0) == 1;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        return Nat224.toBigInteger(x);
+    }
+
+    public String getFieldName()
+    {
+        return "SecP224K1Field";
+    }
+
+    public int getFieldSize()
+    {
+        return Q.bitLength();
+    }
+
+    public ECFieldElement add(ECFieldElement b)
+    {
+        int[] z = Nat224.create();
+        SecP224K1Field.add(x, ((SecP224K1FieldElement)b).x, z);
+        return new SecP224K1FieldElement(z);
+    }
+
+    public ECFieldElement addOne()
+    {
+        int[] z = Nat224.create();
+        SecP224K1Field.addOne(x, z);
+        return new SecP224K1FieldElement(z);
+    }
+
+    public ECFieldElement subtract(ECFieldElement b)
+    {
+        int[] z = Nat224.create();
+        SecP224K1Field.subtract(x, ((SecP224K1FieldElement)b).x, z);
+        return new SecP224K1FieldElement(z);
+    }
+
+    public ECFieldElement multiply(ECFieldElement b)
+    {
+        int[] z = Nat224.create();
+        SecP224K1Field.multiply(x, ((SecP224K1FieldElement)b).x, z);
+        return new SecP224K1FieldElement(z);
+    }
+
+    public ECFieldElement divide(ECFieldElement b)
+    {
+//        return multiply(b.invert());
+        int[] z = Nat224.create();
+        Mod.invert(SecP224K1Field.P, ((SecP224K1FieldElement)b).x, z);
+        SecP224K1Field.multiply(z, x, z);
+        return new SecP224K1FieldElement(z);
+    }
+
+    public ECFieldElement negate()
+    {
+        int[] z = Nat224.create();
+        SecP224K1Field.negate(x, z);
+        return new SecP224K1FieldElement(z);
+    }
+
+    public ECFieldElement square()
+    {
+        int[] z = Nat224.create();
+        SecP224K1Field.square(x, z);
+        return new SecP224K1FieldElement(z);
+    }
+
+    public ECFieldElement invert()
+    {
+//        return new SecP224K1FieldElement(toBigInteger().modInverse(Q));
+        int[] z = Nat224.create();
+        Mod.invert(SecP224K1Field.P, x, z);
+        return new SecP224K1FieldElement(z);
+    }
+
+    // D.1.4 91
+    /**
+     * return a sqrt root - the routine verifies that the calculation returns the right value - if
+     * none exists it returns null.
+     */
+    public ECFieldElement sqrt()
+    {
+        /*
+         * Q == 8m + 5, so we use Pocklington's method for this case.
+         *
+         * First, raise this element to the exponent 2^221 - 2^29 - 2^9 - 2^8 - 2^6 - 2^4 - 2^1 (i.e. m + 1)
+         * 
+         * Breaking up the exponent's binary representation into "repunits", we get:
+         * { 191 1s } { 1 0s } { 19 1s } { 2 0s } { 1 1s } { 1 0s} { 1 1s } { 1 0s} { 3 1s } { 1 0s}
+         * 
+         * Therefore we need an addition chain containing 1, 3, 19, 191 (the lengths of the repunits)
+         * We use: [1], 2, [3], 4, 8, 11, [19], 23, 42, 84, 107, [191]
+         */
+
+        int[] x1 = this.x;
+        if (Nat224.isZero(x1) || Nat224.isOne(x1))
+        {
+            return this;
+        }
+
+        int[] x2 = Nat224.create();
+        SecP224K1Field.square(x1, x2);
+        SecP224K1Field.multiply(x2, x1, x2);
+        int[] x3 = x2;
+        SecP224K1Field.square(x2, x3);
+        SecP224K1Field.multiply(x3, x1, x3);
+        int[] x4 = Nat224.create();
+        SecP224K1Field.square(x3, x4);
+        SecP224K1Field.multiply(x4, x1, x4);
+        int[] x8 = Nat224.create();
+        SecP224K1Field.squareN(x4, 4, x8);
+        SecP224K1Field.multiply(x8, x4, x8);
+        int[] x11 = Nat224.create();
+        SecP224K1Field.squareN(x8, 3, x11);
+        SecP224K1Field.multiply(x11, x3, x11);
+        int[] x19 = x11;
+        SecP224K1Field.squareN(x11, 8, x19);
+        SecP224K1Field.multiply(x19, x8, x19);
+        int[] x23 = x8;
+        SecP224K1Field.squareN(x19, 4, x23);
+        SecP224K1Field.multiply(x23, x4, x23);
+        int[] x42 = x4;
+        SecP224K1Field.squareN(x23, 19, x42);
+        SecP224K1Field.multiply(x42, x19, x42);
+        int[] x84 = Nat224.create();
+        SecP224K1Field.squareN(x42, 42, x84);
+        SecP224K1Field.multiply(x84, x42, x84);
+        int[] x107 = x42;
+        SecP224K1Field.squareN(x84, 23, x107);
+        SecP224K1Field.multiply(x107, x23, x107);
+        int[] x191 = x23;
+        SecP224K1Field.squareN(x107, 84, x191);
+        SecP224K1Field.multiply(x191, x84, x191);
+
+        int[] t1 = x191;
+        SecP224K1Field.squareN(t1, 20, t1);
+        SecP224K1Field.multiply(t1, x19, t1);
+        SecP224K1Field.squareN(t1, 3, t1);
+        SecP224K1Field.multiply(t1, x1, t1);
+        SecP224K1Field.squareN(t1, 2, t1);
+        SecP224K1Field.multiply(t1, x1, t1);
+        SecP224K1Field.squareN(t1, 4, t1);
+        SecP224K1Field.multiply(t1, x3, t1);
+        SecP224K1Field.square(t1, t1);
+
+        int[] t2 = x84;
+        SecP224K1Field.square(t1, t2);
+
+        if (Nat224.eq(x1, t2))
+        {
+            return new SecP224K1FieldElement(t1);
+        }
+
+        /*
+         * If the first guess is incorrect, we multiply by a precomputed power of 2 to get the second guess,
+         * which is ((4x)^(m + 1))/2 mod Q
+         */
+        SecP224K1Field.multiply(t1, PRECOMP_POW2, t1);
+
+        SecP224K1Field.square(t1, t2);
+
+        if (Nat224.eq(x1, t2))
+        {
+            return new SecP224K1FieldElement(t1);
+        }
+
+        return null;
+    }
+
+    public boolean equals(Object other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof SecP224K1FieldElement))
+        {
+            return false;
+        }
+
+        SecP224K1FieldElement o = (SecP224K1FieldElement)other;
+        return Nat224.eq(x, o.x);
+    }
+
+    public int hashCode()
+    {
+        return Q.hashCode() ^ Arrays.hashCode(x, 0, 7);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Point.java
new file mode 100644
index 0000000..114623d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Point.java
@@ -0,0 +1,298 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat224;
+
+public class SecP224K1Point extends ECPoint.AbstractFp
+{
+    /**
+     * Create a point which encodes with point compression.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * 
+     * @deprecated Use ECCurve.createPoint to construct points
+     */
+    public SecP224K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this(curve, x, y, false);
+    }
+
+    /**
+     * Create a point that encodes with or without point compresion.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * @param withCompression
+     *            if true encode with point compression
+     * 
+     * @deprecated per-point compression property will be removed, refer
+     *             {@link #getEncoded(boolean)}
+     */
+    public SecP224K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        super(curve, x, y);
+
+        if ((x == null) != (y == null))
+        {
+            throw new IllegalArgumentException("Exactly one of the field elements is null");
+        }
+
+        this.withCompression = withCompression;
+    }
+
+    SecP224K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs,
+        boolean withCompression)
+    {
+        super(curve, x, y, zs);
+
+        this.withCompression = withCompression;
+    }
+
+    protected ECPoint detach()
+    {
+        return new SecP224K1Point(null, getAffineXCoord(), getAffineYCoord());
+    }
+
+    // B.3 pg 62
+    public ECPoint add(ECPoint b)
+    {
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return this;
+        }
+        if (this == b)
+        {
+            return twice();
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP224K1FieldElement X1 = (SecP224K1FieldElement)this.x, Y1 = (SecP224K1FieldElement)this.y;
+        SecP224K1FieldElement X2 = (SecP224K1FieldElement)b.getXCoord(), Y2 = (SecP224K1FieldElement)b.getYCoord();
+
+        SecP224K1FieldElement Z1 = (SecP224K1FieldElement)this.zs[0];
+        SecP224K1FieldElement Z2 = (SecP224K1FieldElement)b.getZCoord(0);
+
+        int c;
+        int[] tt1 = Nat224.createExt();
+        int[] t2 = Nat224.create();
+        int[] t3 = Nat224.create();
+        int[] t4 = Nat224.create();
+
+        boolean Z1IsOne = Z1.isOne();
+        int[] U2, S2;
+        if (Z1IsOne)
+        {
+            U2 = X2.x;
+            S2 = Y2.x;
+        }
+        else
+        {
+            S2 = t3;
+            SecP224K1Field.square(Z1.x, S2);
+
+            U2 = t2;
+            SecP224K1Field.multiply(S2, X2.x, U2);
+
+            SecP224K1Field.multiply(S2, Z1.x, S2);
+            SecP224K1Field.multiply(S2, Y2.x, S2);
+        }
+
+        boolean Z2IsOne = Z2.isOne();
+        int[] U1, S1;
+        if (Z2IsOne)
+        {
+            U1 = X1.x;
+            S1 = Y1.x;
+        }
+        else
+        {
+            S1 = t4;
+            SecP224K1Field.square(Z2.x, S1);
+
+            U1 = tt1;
+            SecP224K1Field.multiply(S1, X1.x, U1);
+
+            SecP224K1Field.multiply(S1, Z2.x, S1);
+            SecP224K1Field.multiply(S1, Y1.x, S1);
+        }
+
+        int[] H = Nat224.create();
+        SecP224K1Field.subtract(U1, U2, H);
+
+        int[] R = t2;
+        SecP224K1Field.subtract(S1, S2, R);
+
+        // Check if b == this or b == -this
+        if (Nat224.isZero(H))
+        {
+            if (Nat224.isZero(R))
+            {
+                // this == b, i.e. this must be doubled
+                return this.twice();
+            }
+
+            // this == -b, i.e. the result is the point at infinity
+            return curve.getInfinity();
+        }
+
+        int[] HSquared = t3;
+        SecP224K1Field.square(H, HSquared);
+
+        int[] G = Nat224.create();
+        SecP224K1Field.multiply(HSquared, H, G);
+
+        int[] V = t3;
+        SecP224K1Field.multiply(HSquared, U1, V);
+
+        SecP224K1Field.negate(G, G);
+        Nat224.mul(S1, G, tt1);
+
+        c = Nat224.addBothTo(V, V, G);
+        SecP224K1Field.reduce32(c, G);
+
+        SecP224K1FieldElement X3 = new SecP224K1FieldElement(t4);
+        SecP224K1Field.square(R, X3.x);
+        SecP224K1Field.subtract(X3.x, G, X3.x);
+
+        SecP224K1FieldElement Y3 = new SecP224K1FieldElement(G);
+        SecP224K1Field.subtract(V, X3.x, Y3.x);
+        SecP224K1Field.multiplyAddToExt(Y3.x, R, tt1);
+        SecP224K1Field.reduce(tt1, Y3.x);
+
+        SecP224K1FieldElement Z3 = new SecP224K1FieldElement(H);
+        if (!Z1IsOne)
+        {
+            SecP224K1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+        if (!Z2IsOne)
+        {
+            SecP224K1Field.multiply(Z3.x, Z2.x, Z3.x);
+        }
+
+        ECFieldElement[] zs = new ECFieldElement[] { Z3 };
+
+        return new SecP224K1Point(curve, X3, Y3, zs, this.withCompression);
+    }
+
+    // B.3 pg 62
+    public ECPoint twice()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP224K1FieldElement Y1 = (SecP224K1FieldElement)this.y;
+        if (Y1.isZero())
+        {
+            return curve.getInfinity();
+        }
+
+        SecP224K1FieldElement X1 = (SecP224K1FieldElement)this.x, Z1 = (SecP224K1FieldElement)this.zs[0];
+
+        int c;
+        
+        int[] Y1Squared = Nat224.create();
+        SecP224K1Field.square(Y1.x, Y1Squared);
+
+        int[] T = Nat224.create();
+        SecP224K1Field.square(Y1Squared, T);
+
+        int[] M = Nat224.create();
+        SecP224K1Field.square(X1.x, M);
+        c = Nat224.addBothTo(M, M, M);
+        SecP224K1Field.reduce32(c, M);
+
+        int[] S = Y1Squared;
+        SecP224K1Field.multiply(Y1Squared, X1.x, S);
+        c = Nat.shiftUpBits(7, S, 2, 0);
+        SecP224K1Field.reduce32(c, S);
+
+        int[] t1 = Nat224.create();
+        c = Nat.shiftUpBits(7, T, 3, 0, t1);
+        SecP224K1Field.reduce32(c, t1);
+
+        SecP224K1FieldElement X3 = new SecP224K1FieldElement(T);
+        SecP224K1Field.square(M, X3.x);
+        SecP224K1Field.subtract(X3.x, S, X3.x);
+        SecP224K1Field.subtract(X3.x, S, X3.x);
+
+        SecP224K1FieldElement Y3 = new SecP224K1FieldElement(S);
+        SecP224K1Field.subtract(S, X3.x, Y3.x);
+        SecP224K1Field.multiply(Y3.x, M, Y3.x);
+        SecP224K1Field.subtract(Y3.x, t1, Y3.x);
+
+        SecP224K1FieldElement Z3 = new SecP224K1FieldElement(M);
+        SecP224K1Field.twice(Y1.x, Z3.x);
+        if (!Z1.isOne())
+        {
+            SecP224K1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+
+        return new SecP224K1Point(curve, X3, Y3, new ECFieldElement[] { Z3 }, this.withCompression);
+    }
+
+    public ECPoint twicePlus(ECPoint b)
+    {
+        if (this == b)
+        {
+            return threeTimes();
+        }
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return twice();
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero())
+        {
+            return b;
+        }
+
+        return twice().add(b);
+    }
+
+    public ECPoint threeTimes()
+    {
+        if (this.isInfinity() || this.y.isZero())
+        {
+            return this;
+        }
+
+        // NOTE: Be careful about recursions between twicePlus and threeTimes
+        return twice().add(this);
+    }
+
+    public ECPoint negate()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        return new SecP224K1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Curve.java
new file mode 100644
index 0000000..c844329
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Curve.java
@@ -0,0 +1,80 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+
+public class SecP224R1Curve extends ECCurve.AbstractFp
+{
+    public static final BigInteger q = new BigInteger(1,
+        Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"));
+
+    private static final int SecP224R1_DEFAULT_COORDS = COORD_JACOBIAN;
+
+    protected SecP224R1Point infinity;
+
+    public SecP224R1Curve()
+    {
+        super(q);
+
+        this.infinity = new SecP224R1Point(this, null, null);
+
+        this.a = fromBigInteger(new BigInteger(1,
+            Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")));
+        this.b = fromBigInteger(new BigInteger(1,
+            Hex.decode("B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")));
+        this.order = new BigInteger(1, Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"));
+        this.cofactor = BigInteger.valueOf(1);
+
+        this.coord = SecP224R1_DEFAULT_COORDS;
+    }
+
+    protected ECCurve cloneCurve()
+    {
+        return new SecP224R1Curve();
+    }
+
+    public boolean supportsCoordinateSystem(int coord)
+    {
+        switch (coord)
+        {
+        case COORD_JACOBIAN:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public BigInteger getQ()
+    {
+        return q;
+    }
+
+    public int getFieldSize()
+    {
+        return q.bitLength();
+    }
+
+    public ECFieldElement fromBigInteger(BigInteger x)
+    {
+        return new SecP224R1FieldElement(x);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        return new SecP224R1Point(this, x, y, withCompression);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        return new SecP224R1Point(this, x, y, zs, withCompression);
+    }
+
+    public ECPoint getInfinity()
+    {
+        return infinity;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Field.java
new file mode 100644
index 0000000..02a86f0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Field.java
@@ -0,0 +1,298 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat224;
+
+public class SecP224R1Field
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    // 2^224 - 2^96 + 1
+    static final int[] P = new int[]{ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+    static final int[] PExt = new int[]{ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
+        0xFFFFFFFF, 0x00000000, 0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+    private static final int[] PExtInv = new int[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, 0x00000000,
+        0x00000000, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001 };
+    private static final int P6 = 0xFFFFFFFF;
+    private static final int PExt13 = 0xFFFFFFFF;
+
+    public static void add(int[] x, int[] y, int[] z)
+    {
+        int c = Nat224.add(x, y, z);
+        if (c != 0 || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void addExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.add(14, xx, yy, zz);
+        if (c != 0 || (zz[13] == PExt13 && Nat.gte(14, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(14, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void addOne(int[] x, int[] z)
+    {
+        int c = Nat.inc(7, x, z);
+        if (c != 0 || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        int[] z = Nat224.fromBigInteger(x);
+        if (z[6] == P6 && Nat224.gte(z, P))
+        {
+            Nat224.subFrom(P, z);
+        }
+        return z;
+    }
+
+    public static void half(int[] x, int[] z)
+    {
+        if ((x[0] & 1) == 0)
+        {
+            Nat.shiftDownBit(7, x, 0, z);
+        }
+        else
+        {
+            int c = Nat224.add(x, P, z);
+            Nat.shiftDownBit(7, z, c);
+        }
+    }
+
+    public static void multiply(int[] x, int[] y, int[] z)
+    {
+        int[] tt = Nat224.createExt();
+        Nat224.mul(x, y, tt);
+        reduce(tt, z);
+    }
+
+    public static void multiplyAddToExt(int[] x, int[] y, int[] zz)
+    {
+        int c = Nat224.mulAddTo(x, y, zz);
+        if (c != 0 || (zz[13] == PExt13 && Nat.gte(14, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(14, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void negate(int[] x, int[] z)
+    {
+        if (Nat224.isZero(x))
+        {
+            Nat224.zero(z);
+        }
+        else
+        {
+            Nat224.sub(P, x, z);
+        }
+    }
+
+    public static void reduce(int[] xx, int[] z)
+    {
+        long xx10 = xx[10] & M, xx11 = xx[11] & M, xx12 = xx[12] & M, xx13 = xx[13] & M;
+
+        final long n = 1;
+
+        long t0 = (xx[7] & M) + xx11 - n;
+        long t1 = (xx[8] & M) + xx12;
+        long t2 = (xx[9] & M) + xx13;
+
+        long cc = 0;
+        cc += (xx[0] & M) - t0;
+        long z0 = cc & M;
+        cc >>= 32;
+        cc += (xx[1] & M) - t1;
+        z[1] = (int)cc;
+        cc >>= 32;
+        cc += (xx[2] & M) - t2;
+        z[2] = (int)cc;
+        cc >>= 32;
+        cc += (xx[3] & M) + t0 - xx10;
+        long z3 = cc & M;
+        cc >>= 32;
+        cc += (xx[4] & M) + t1 - xx11;
+        z[4] = (int)cc;
+        cc >>= 32;
+        cc += (xx[5] & M) + t2 - xx12;
+        z[5] = (int)cc;
+        cc >>= 32;
+        cc += (xx[6] & M) + xx10 - xx13;
+        z[6] = (int)cc;
+        cc >>= 32;
+        cc += n;
+
+//        assert cc >= 0;
+
+        z3 += cc;
+
+        z0 -= cc;
+        z[0] = (int)z0;
+        cc = z0 >> 32;
+        if (cc != 0)
+        {
+            cc += (z[1] & M);
+            z[1] = (int)cc;
+            cc >>= 32;
+            cc += (z[2] & M);
+            z[2] = (int)cc;
+            z3 += cc >> 32;
+        }
+        z[3] = (int)z3;
+        cc = z3 >> 32;
+
+//        assert cc == 0 || cc == 1;
+
+        if ((cc != 0 && Nat.incAt(7, z, 4) != 0)
+            || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void reduce32(int x, int[] z)
+    {
+        long cc = 0;
+
+        if (x != 0)
+        {
+            long xx07 = x & M;
+    
+            cc += (z[0] & M) - xx07;
+            z[0] = (int)cc;
+            cc >>= 32;
+            if (cc != 0)
+            {
+                cc += (z[1] & M);
+                z[1] = (int)cc;
+                cc >>= 32;
+                cc += (z[2] & M);
+                z[2] = (int)cc;
+                cc >>= 32;
+            }
+            cc += (z[3] & M) + xx07;
+            z[3] = (int)cc;
+            cc >>= 32;
+
+//            assert cc == 0 || cc == 1;
+        }
+
+        if ((cc != 0 && Nat.incAt(7, z, 4) != 0)
+            || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void square(int[] x, int[] z)
+    {
+        int[] tt = Nat224.createExt();
+        Nat224.square(x, tt);
+        reduce(tt, z);
+    }
+
+    public static void squareN(int[] x, int n, int[] z)
+    {
+//        assert n > 0;
+
+        int[] tt = Nat224.createExt();
+        Nat224.square(x, tt);
+        reduce(tt, z);
+
+        while (--n > 0)
+        {
+            Nat224.square(z, tt);
+            reduce(tt, z);
+        }
+    }
+
+    public static void subtract(int[] x, int[] y, int[] z)
+    {
+        int c = Nat224.sub(x, y, z);
+        if (c != 0)
+        {
+            subPInvFrom(z);
+        }
+    }
+
+    public static void subtractExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.sub(14, xx, yy, zz);
+        if (c != 0)
+        {
+            if (Nat.subFrom(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.decAt(14, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void twice(int[] x, int[] z)
+    {
+        int c = Nat.shiftUpBit(7, x, 0, z);
+        if (c != 0 || (z[6] == P6 && Nat224.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    private static void addPInvTo(int[] z)
+    {
+        long c = (z[0] & M) - 1;
+        z[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[1] & M);
+            z[1] = (int)c;
+            c >>= 32;
+            c += (z[2] & M);
+            z[2] = (int)c;
+            c >>= 32;
+        }
+        c += (z[3] & M) + 1;
+        z[3] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            Nat.incAt(7, z, 4);
+        }
+    }
+
+    private static void subPInvFrom(int[] z)
+    {
+        long c = (z[0] & M) + 1;
+        z[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[1] & M);
+            z[1] = (int)c;
+            c >>= 32;
+            c += (z[2] & M);
+            z[2] = (int)c;
+            c >>= 32;
+        }
+        c += (z[3] & M) - 1;
+        z[3] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            Nat.decAt(7, z, 4);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1FieldElement.java
new file mode 100644
index 0000000..4a28f3d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1FieldElement.java
@@ -0,0 +1,273 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat224;
+import org.bouncycastle.util.Arrays;
+
+public class SecP224R1FieldElement extends ECFieldElement
+{
+    public static final BigInteger Q = SecP224R1Curve.q;
+
+    protected int[] x;
+
+    public SecP224R1FieldElement(BigInteger x)
+    {
+        if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0)
+        {
+            throw new IllegalArgumentException("x value invalid for SecP224R1FieldElement");
+        }
+
+        this.x = SecP224R1Field.fromBigInteger(x);
+    }
+
+    public SecP224R1FieldElement()
+    {
+        this.x = Nat224.create();
+    }
+
+    protected SecP224R1FieldElement(int[] x)
+    {
+        this.x = x;
+    }
+
+    public boolean isZero()
+    {
+        return Nat224.isZero(x);
+    }
+
+    public boolean isOne()
+    {
+        return Nat224.isOne(x);
+    }
+
+    public boolean testBitZero()
+    {
+        return Nat224.getBit(x, 0) == 1;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        return Nat224.toBigInteger(x);
+    }
+
+    public String getFieldName()
+    {
+        return "SecP224R1Field";
+    }
+
+    public int getFieldSize()
+    {
+        return Q.bitLength();
+    }
+
+    public ECFieldElement add(ECFieldElement b)
+    {
+        int[] z = Nat224.create();
+        SecP224R1Field.add(x, ((SecP224R1FieldElement)b).x, z);
+        return new SecP224R1FieldElement(z);
+    }
+
+    public ECFieldElement addOne()
+    {
+        int[] z = Nat224.create();
+        SecP224R1Field.addOne(x, z);
+        return new SecP224R1FieldElement(z);
+    }
+
+    public ECFieldElement subtract(ECFieldElement b)
+    {
+        int[] z = Nat224.create();
+        SecP224R1Field.subtract(x, ((SecP224R1FieldElement)b).x, z);
+        return new SecP224R1FieldElement(z);
+    }
+
+    public ECFieldElement multiply(ECFieldElement b)
+    {
+        int[] z = Nat224.create();
+        SecP224R1Field.multiply(x, ((SecP224R1FieldElement)b).x, z);
+        return new SecP224R1FieldElement(z);
+    }
+
+    public ECFieldElement divide(ECFieldElement b)
+    {
+//        return multiply(b.invert());
+        int[] z = Nat224.create();
+        Mod.invert(SecP224R1Field.P, ((SecP224R1FieldElement)b).x, z);
+        SecP224R1Field.multiply(z, x, z);
+        return new SecP224R1FieldElement(z);
+    }
+
+    public ECFieldElement negate()
+    {
+        int[] z = Nat224.create();
+        SecP224R1Field.negate(x, z);
+        return new SecP224R1FieldElement(z);
+    }
+
+    public ECFieldElement square()
+    {
+        int[] z = Nat224.create();
+        SecP224R1Field.square(x, z);
+        return new SecP224R1FieldElement(z);
+    }
+
+    public ECFieldElement invert()
+    {
+//        return new SecP224R1FieldElement(toBigInteger().modInverse(Q));
+        int[] z = Nat224.create();
+        Mod.invert(SecP224R1Field.P, x, z);
+        return new SecP224R1FieldElement(z);
+    }
+
+    /**
+     * return a sqrt root - the routine verifies that the calculation returns the right value - if
+     * none exists it returns null.
+     */
+    public ECFieldElement sqrt()
+    {
+        int[] c = this.x;
+        if (Nat224.isZero(c) || Nat224.isOne(c))
+        {
+            return this;
+        }
+
+        int[] nc = Nat224.create();
+        SecP224R1Field.negate(c, nc);
+
+        int[] r = Mod.random(SecP224R1Field.P);
+        int[] t = Nat224.create();
+
+        if (!isSquare(c))
+        {
+            return null;
+        }
+
+        while (!trySqrt(nc, r, t))
+        {
+            SecP224R1Field.addOne(r, r);
+        }
+
+        SecP224R1Field.square(t, r);
+
+        return Nat224.eq(c, r) ? new SecP224R1FieldElement(t) : null;
+    }
+
+    public boolean equals(Object other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof SecP224R1FieldElement))
+        {
+            return false;
+        }
+
+        SecP224R1FieldElement o = (SecP224R1FieldElement)other;
+        return Nat224.eq(x, o.x);
+    }
+
+    public int hashCode()
+    {
+        return Q.hashCode() ^ Arrays.hashCode(x, 0, 7);
+    }
+
+    private static boolean isSquare(int[] x)
+    {
+        int[] t1 = Nat224.create();
+        int[] t2 = Nat224.create();
+        Nat224.copy(x, t1);
+
+        for (int i = 0; i < 7; ++i)
+        {
+            Nat224.copy(t1, t2);
+            SecP224R1Field.squareN(t1, 1 << i, t1);
+            SecP224R1Field.multiply(t1, t2, t1);
+        }
+
+        SecP224R1Field.squareN(t1, 95, t1);
+        return Nat224.isOne(t1);
+    }
+
+    private static void RM(int[] nc, int[] d0, int[] e0, int[] d1, int[] e1, int[] f1, int[] t)
+    {
+        SecP224R1Field.multiply(e1, e0, t);
+        SecP224R1Field.multiply(t, nc, t);
+        SecP224R1Field.multiply(d1, d0, f1);
+        SecP224R1Field.add(f1, t, f1);
+        SecP224R1Field.multiply(d1, e0, t);
+        Nat224.copy(f1, d1);
+        SecP224R1Field.multiply(e1, d0, e1);
+        SecP224R1Field.add(e1, t, e1);
+        SecP224R1Field.square(e1, f1);
+        SecP224R1Field.multiply(f1, nc, f1);
+    }
+
+    private static void RP(int[] nc, int[] d1, int[] e1, int[] f1, int[] t)
+    {
+        Nat224.copy(nc, f1);
+
+        int[] d0 = Nat224.create();
+        int[] e0 = Nat224.create();
+
+        for (int i = 0; i < 7; ++i)
+        {
+            Nat224.copy(d1, d0);
+            Nat224.copy(e1, e0);
+
+            int j = 1 << i;
+            while (--j >= 0)
+            {
+                RS(d1, e1, f1, t);
+            }
+
+            RM(nc, d0, e0, d1, e1, f1, t);
+        }
+    }
+
+    private static void RS(int[] d, int[] e, int[] f, int[] t)
+    {
+        SecP224R1Field.multiply(e, d, e);
+        SecP224R1Field.twice(e, e);
+        SecP224R1Field.square(d, t);
+        SecP224R1Field.add(f, t, d);
+        SecP224R1Field.multiply(f, t, f);
+        int c = Nat.shiftUpBits(7, f, 2, 0);
+        SecP224R1Field.reduce32(c, f);
+    }
+
+    private static boolean trySqrt(int[] nc, int[] r, int[] t)
+    {
+        int[] d1 = Nat224.create();
+        Nat224.copy(r, d1);
+        int[] e1 = Nat224.create();
+        e1[0] = 1;
+        int[] f1 = Nat224.create();
+        RP(nc, d1, e1, f1, t);
+
+        int[] d0 = Nat224.create();
+        int[] e0 = Nat224.create();
+
+        for (int k = 1; k < 96; ++k)
+        {
+            Nat224.copy(d1, d0);
+            Nat224.copy(e1, e0);
+
+            RS(d1, e1, f1, t);
+
+            if (Nat224.isZero(d1))
+            {
+                Mod.invert(SecP224R1Field.P, e0, t);
+                SecP224R1Field.multiply(t, d0, t);
+                return true;
+            }
+        }
+
+        return false;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Point.java
new file mode 100644
index 0000000..df10b9b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224R1Point.java
@@ -0,0 +1,308 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat224;
+
+public class SecP224R1Point extends ECPoint.AbstractFp
+{
+    /**
+     * Create a point which encodes with point compression.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * 
+     * @deprecated Use ECCurve.createPoint to construct points
+     */
+    public SecP224R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this(curve, x, y, false);
+    }
+
+    /**
+     * Create a point that encodes with or without point compresion.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * @param withCompression
+     *            if true encode with point compression
+     * 
+     * @deprecated per-point compression property will be removed, refer
+     *             {@link #getEncoded(boolean)}
+     */
+    public SecP224R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        super(curve, x, y);
+
+        if ((x == null) != (y == null))
+        {
+            throw new IllegalArgumentException("Exactly one of the field elements is null");
+        }
+
+        this.withCompression = withCompression;
+    }
+
+    SecP224R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        super(curve, x, y, zs);
+
+        this.withCompression = withCompression;
+    }
+
+    protected ECPoint detach()
+    {
+        return new SecP224R1Point(null, getAffineXCoord(), getAffineYCoord());
+    }
+
+    public ECPoint add(ECPoint b)
+    {
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return this;
+        }
+        if (this == b)
+        {
+            return twice();
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP224R1FieldElement X1 = (SecP224R1FieldElement)this.x, Y1 = (SecP224R1FieldElement)this.y;
+        SecP224R1FieldElement X2 = (SecP224R1FieldElement)b.getXCoord(), Y2 = (SecP224R1FieldElement)b.getYCoord();
+
+        SecP224R1FieldElement Z1 = (SecP224R1FieldElement)this.zs[0];
+        SecP224R1FieldElement Z2 = (SecP224R1FieldElement)b.getZCoord(0);
+
+        int c;
+        int[] tt1 = Nat224.createExt();
+        int[] t2 = Nat224.create();
+        int[] t3 = Nat224.create();
+        int[] t4 = Nat224.create();
+
+        boolean Z1IsOne = Z1.isOne();
+        int[] U2, S2;
+        if (Z1IsOne)
+        {
+            U2 = X2.x;
+            S2 = Y2.x;
+        }
+        else
+        {
+            S2 = t3;
+            SecP224R1Field.square(Z1.x, S2);
+
+            U2 = t2;
+            SecP224R1Field.multiply(S2, X2.x, U2);
+
+            SecP224R1Field.multiply(S2, Z1.x, S2);
+            SecP224R1Field.multiply(S2, Y2.x, S2);
+        }
+
+        boolean Z2IsOne = Z2.isOne();
+        int[] U1, S1;
+        if (Z2IsOne)
+        {
+            U1 = X1.x;
+            S1 = Y1.x;
+        }
+        else
+        {
+            S1 = t4;
+            SecP224R1Field.square(Z2.x, S1);
+
+            U1 = tt1;
+            SecP224R1Field.multiply(S1, X1.x, U1);
+
+            SecP224R1Field.multiply(S1, Z2.x, S1);
+            SecP224R1Field.multiply(S1, Y1.x, S1);
+        }
+
+        int[] H = Nat224.create();
+        SecP224R1Field.subtract(U1, U2, H);
+
+        int[] R = t2;
+        SecP224R1Field.subtract(S1, S2, R);
+
+        // Check if b == this or b == -this
+        if (Nat224.isZero(H))
+        {
+            if (Nat224.isZero(R))
+            {
+                // this == b, i.e. this must be doubled
+                return this.twice();
+            }
+
+            // this == -b, i.e. the result is the point at infinity
+            return curve.getInfinity();
+        }
+
+        int[] HSquared = t3;
+        SecP224R1Field.square(H, HSquared);
+
+        int[] G = Nat224.create();
+        SecP224R1Field.multiply(HSquared, H, G);
+
+        int[] V = t3;
+        SecP224R1Field.multiply(HSquared, U1, V);
+
+        SecP224R1Field.negate(G, G);
+        Nat224.mul(S1, G, tt1);
+
+        c = Nat224.addBothTo(V, V, G);
+        SecP224R1Field.reduce32(c, G);
+
+        SecP224R1FieldElement X3 = new SecP224R1FieldElement(t4);
+        SecP224R1Field.square(R, X3.x);
+        SecP224R1Field.subtract(X3.x, G, X3.x);
+
+        SecP224R1FieldElement Y3 = new SecP224R1FieldElement(G);
+        SecP224R1Field.subtract(V, X3.x, Y3.x);
+        SecP224R1Field.multiplyAddToExt(Y3.x, R, tt1);
+        SecP224R1Field.reduce(tt1, Y3.x);
+
+        SecP224R1FieldElement Z3 = new SecP224R1FieldElement(H);
+        if (!Z1IsOne)
+        {
+            SecP224R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+        if (!Z2IsOne)
+        {
+            SecP224R1Field.multiply(Z3.x, Z2.x, Z3.x);
+        }
+
+        ECFieldElement[] zs = new ECFieldElement[]{ Z3 };
+
+        return new SecP224R1Point(curve, X3, Y3, zs, this.withCompression);
+    }
+
+    public ECPoint twice()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP224R1FieldElement Y1 = (SecP224R1FieldElement)this.y;
+        if (Y1.isZero())
+        {
+            return curve.getInfinity();
+        }
+
+        SecP224R1FieldElement X1 = (SecP224R1FieldElement)this.x, Z1 = (SecP224R1FieldElement)this.zs[0];
+
+        int c;
+        int[] t1 = Nat224.create();
+        int[] t2 = Nat224.create();
+
+        int[] Y1Squared = Nat224.create();
+        SecP224R1Field.square(Y1.x, Y1Squared);
+
+        int[] T = Nat224.create();
+        SecP224R1Field.square(Y1Squared, T);
+
+        boolean Z1IsOne = Z1.isOne();
+
+        int[] Z1Squared = Z1.x;
+        if (!Z1IsOne)
+        {
+            Z1Squared = t2;
+            SecP224R1Field.square(Z1.x, Z1Squared);
+        }
+
+        SecP224R1Field.subtract(X1.x, Z1Squared, t1);
+
+        int[] M = t2;
+        SecP224R1Field.add(X1.x, Z1Squared, M);
+        SecP224R1Field.multiply(M, t1, M);
+        c = Nat224.addBothTo(M, M, M);
+        SecP224R1Field.reduce32(c, M);
+
+        int[] S = Y1Squared;
+        SecP224R1Field.multiply(Y1Squared, X1.x, S);
+        c = Nat.shiftUpBits(7, S, 2, 0);
+        SecP224R1Field.reduce32(c, S);
+
+        c = Nat.shiftUpBits(7, T, 3, 0, t1);
+        SecP224R1Field.reduce32(c, t1);
+
+        SecP224R1FieldElement X3 = new SecP224R1FieldElement(T);
+        SecP224R1Field.square(M, X3.x);
+        SecP224R1Field.subtract(X3.x, S, X3.x);
+        SecP224R1Field.subtract(X3.x, S, X3.x);
+
+        SecP224R1FieldElement Y3 = new SecP224R1FieldElement(S);
+        SecP224R1Field.subtract(S, X3.x, Y3.x);
+        SecP224R1Field.multiply(Y3.x, M, Y3.x);
+        SecP224R1Field.subtract(Y3.x, t1, Y3.x);
+
+        SecP224R1FieldElement Z3 = new SecP224R1FieldElement(M);
+        SecP224R1Field.twice(Y1.x, Z3.x);
+        if (!Z1IsOne)
+        {
+            SecP224R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+
+        return new SecP224R1Point(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression);
+    }
+
+    public ECPoint twicePlus(ECPoint b)
+    {
+        if (this == b)
+        {
+            return threeTimes();
+        }
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return twice();
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero())
+        {
+            return b;
+        }
+
+        return twice().add(b);
+    }
+
+    public ECPoint threeTimes()
+    {
+        if (this.isInfinity() || this.y.isZero())
+        {
+            return this;
+        }
+
+        // NOTE: Be careful about recursions between twicePlus and threeTimes
+        return twice().add(this);
+    }
+
+    public ECPoint negate()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        return new SecP224R1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Curve.java
new file mode 100644
index 0000000..9b88576
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Curve.java
@@ -0,0 +1,78 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+
+public class SecP256K1Curve extends ECCurve.AbstractFp
+{
+    public static final BigInteger q = new BigInteger(1,
+        Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F"));
+
+    private static final int SECP256K1_DEFAULT_COORDS = COORD_JACOBIAN;
+
+    protected SecP256K1Point infinity;
+
+    public SecP256K1Curve()
+    {
+        super(q);
+
+        this.infinity = new SecP256K1Point(this, null, null);
+
+        this.a = fromBigInteger(ECConstants.ZERO);
+        this.b = fromBigInteger(BigInteger.valueOf(7));
+        this.order = new BigInteger(1, Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"));
+        this.cofactor = BigInteger.valueOf(1);
+        this.coord = SECP256K1_DEFAULT_COORDS;
+    }
+
+    protected ECCurve cloneCurve()
+    {
+        return new SecP256K1Curve();
+    }
+
+    public boolean supportsCoordinateSystem(int coord)
+    {
+        switch (coord)
+        {
+        case COORD_JACOBIAN:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public BigInteger getQ()
+    {
+        return q;
+    }
+
+    public int getFieldSize()
+    {
+        return q.bitLength();
+    }
+
+    public ECFieldElement fromBigInteger(BigInteger x)
+    {
+        return new SecP256K1FieldElement(x);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        return new SecP256K1Point(this, x, y, withCompression);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        return new SecP256K1Point(this, x, y, zs, withCompression);
+    }
+
+    public ECPoint getInfinity()
+    {
+        return infinity;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Field.java
new file mode 100644
index 0000000..c7b4def
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Field.java
@@ -0,0 +1,179 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat256;
+
+public class SecP256K1Field
+{
+    // 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
+    static final int[] P = new int[]{ 0xFFFFFC2F, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+        0xFFFFFFFF, 0xFFFFFFFF };
+    static final int[] PExt = new int[]{ 0x000E90A1, 0x000007A2, 0x00000001, 0x00000000, 0x00000000,
+        0x00000000, 0x00000000, 0x00000000, 0xFFFFF85E, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+        0xFFFFFFFF, 0xFFFFFFFF };
+    private static final int[] PExtInv = new int[]{ 0xFFF16F5F, 0xFFFFF85D, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF,
+        0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x000007A1, 0x00000002 };
+    private static final int P7 = 0xFFFFFFFF;
+    private static final int PExt15 = 0xFFFFFFFF;
+    private static final int PInv33 = 0x3D1;
+
+    public static void add(int[] x, int[] y, int[] z)
+    {
+        int c = Nat256.add(x, y, z);
+        if (c != 0 || (z[7] == P7 && Nat256.gte(z, P)))
+        {
+            Nat.add33To(8, PInv33, z);
+        }
+    }
+
+    public static void addExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.add(16, xx, yy, zz);
+        if (c != 0 || (zz[15] == PExt15 && Nat.gte(16, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(16, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void addOne(int[] x, int[] z)
+    {
+        int c = Nat.inc(8, x, z);
+        if (c != 0 || (z[7] == P7 && Nat256.gte(z, P)))
+        {
+            Nat.add33To(8, PInv33, z);
+        }
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        int[] z = Nat256.fromBigInteger(x);
+        if (z[7] == P7 && Nat256.gte(z, P))
+        {
+            Nat256.subFrom(P, z);
+        }
+        return z;
+    }
+
+    public static void half(int[] x, int[] z)
+    {
+        if ((x[0] & 1) == 0)
+        {
+            Nat.shiftDownBit(8, x, 0, z);
+        }
+        else
+        {
+            int c = Nat256.add(x, P, z);
+            Nat.shiftDownBit(8, z, c);
+        }
+    }
+
+    public static void multiply(int[] x, int[] y, int[] z)
+    {
+        int[] tt = Nat256.createExt();
+        Nat256.mul(x, y, tt);
+        reduce(tt, z);
+    }
+
+    public static void multiplyAddToExt(int[] x, int[] y, int[] zz)
+    {
+        int c = Nat256.mulAddTo(x, y, zz);
+        if (c != 0 || (zz[15] == PExt15 && Nat.gte(16, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(16, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void negate(int[] x, int[] z)
+    {
+        if (Nat256.isZero(x))
+        {
+            Nat256.zero(z);
+        }
+        else
+        {
+            Nat256.sub(P, x, z);
+        }
+    }
+
+    public static void reduce(int[] xx, int[] z)
+    {
+        long cc = Nat256.mul33Add(PInv33, xx, 8, xx, 0, z, 0);
+        int c = Nat256.mul33DWordAdd(PInv33, cc, z, 0);
+
+        // assert c == 0L || c == 1L;
+
+        if (c != 0 || (z[7] == P7 && Nat256.gte(z, P)))
+        {
+            Nat.add33To(8, PInv33, z);
+        }
+    }
+
+    public static void reduce32(int x, int[] z)
+    {
+        if ((x != 0 && Nat256.mul33WordAdd(PInv33, x, z, 0) != 0)
+            || (z[7] == P7 && Nat256.gte(z, P)))
+        {
+            Nat.add33To(8, PInv33, z);
+        }
+    }
+
+    public static void square(int[] x, int[] z)
+    {
+        int[] tt = Nat256.createExt();
+        Nat256.square(x, tt);
+        reduce(tt, z);
+    }
+
+    public static void squareN(int[] x, int n, int[] z)
+    {
+//        assert n > 0;
+
+        int[] tt = Nat256.createExt();
+        Nat256.square(x, tt);
+        reduce(tt, z);
+
+        while (--n > 0)
+        {
+            Nat256.square(z, tt);
+            reduce(tt, z);
+        }
+    }
+
+    public static void subtract(int[] x, int[] y, int[] z)
+    {
+        int c = Nat256.sub(x, y, z);
+        if (c != 0)
+        {
+            Nat.sub33From(8, PInv33, z);
+        }
+    }
+
+    public static void subtractExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.sub(16, xx, yy, zz);
+        if (c != 0)
+        {
+            if (Nat.subFrom(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.decAt(16, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void twice(int[] x, int[] z)
+    {
+        int c = Nat.shiftUpBit(8, x, 0, z);
+        if (c != 0 || (z[7] == P7 && Nat256.gte(z, P)))
+        {
+            Nat.add33To(8, PInv33, z);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1FieldElement.java
new file mode 100644
index 0000000..0f7e295
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1FieldElement.java
@@ -0,0 +1,215 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat256;
+import org.bouncycastle.util.Arrays;
+
+public class SecP256K1FieldElement extends ECFieldElement
+{
+    public static final BigInteger Q = SecP256K1Curve.q;
+
+    protected int[] x;
+
+    public SecP256K1FieldElement(BigInteger x)
+    {
+        if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0)
+        {
+            throw new IllegalArgumentException("x value invalid for SecP256K1FieldElement");
+        }
+
+        this.x = SecP256K1Field.fromBigInteger(x);
+    }
+
+    public SecP256K1FieldElement()
+    {
+        this.x = Nat256.create();
+    }
+
+    protected SecP256K1FieldElement(int[] x)
+    {
+        this.x = x;
+    }
+
+    public boolean isZero()
+    {
+        return Nat256.isZero(x);
+    }
+
+    public boolean isOne()
+    {
+        return Nat256.isOne(x);
+    }
+
+    public boolean testBitZero()
+    {
+        return Nat256.getBit(x, 0) == 1;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        return Nat256.toBigInteger(x);
+    }
+
+    public String getFieldName()
+    {
+        return "SecP256K1Field";
+    }
+
+    public int getFieldSize()
+    {
+        return Q.bitLength();
+    }
+
+    public ECFieldElement add(ECFieldElement b)
+    {
+        int[] z = Nat256.create();
+        SecP256K1Field.add(x, ((SecP256K1FieldElement)b).x, z);
+        return new SecP256K1FieldElement(z);
+    }
+
+    public ECFieldElement addOne()
+    {
+        int[] z = Nat256.create();
+        SecP256K1Field.addOne(x, z);
+        return new SecP256K1FieldElement(z);
+    }
+
+    public ECFieldElement subtract(ECFieldElement b)
+    {
+        int[] z = Nat256.create();
+        SecP256K1Field.subtract(x, ((SecP256K1FieldElement)b).x, z);
+        return new SecP256K1FieldElement(z);
+    }
+
+    public ECFieldElement multiply(ECFieldElement b)
+    {
+        int[] z = Nat256.create();
+        SecP256K1Field.multiply(x, ((SecP256K1FieldElement)b).x, z);
+        return new SecP256K1FieldElement(z);
+    }
+
+    public ECFieldElement divide(ECFieldElement b)
+    {
+//        return multiply(b.invert());
+        int[] z = Nat256.create();
+        Mod.invert(SecP256K1Field.P, ((SecP256K1FieldElement)b).x, z);
+        SecP256K1Field.multiply(z, x, z);
+        return new SecP256K1FieldElement(z);
+    }
+
+    public ECFieldElement negate()
+    {
+        int[] z = Nat256.create();
+        SecP256K1Field.negate(x, z);
+        return new SecP256K1FieldElement(z);
+    }
+
+    public ECFieldElement square()
+    {
+        int[] z = Nat256.create();
+        SecP256K1Field.square(x, z);
+        return new SecP256K1FieldElement(z);
+    }
+
+    public ECFieldElement invert()
+    {
+//        return new SecP256K1FieldElement(toBigInteger().modInverse(Q));
+        int[] z = Nat256.create();
+        Mod.invert(SecP256K1Field.P, x, z);
+        return new SecP256K1FieldElement(z);
+    }
+
+    // D.1.4 91
+    /**
+     * return a sqrt root - the routine verifies that the calculation returns the right value - if
+     * none exists it returns null.
+     */
+    public ECFieldElement sqrt()
+    {
+        /*
+         * Raise this element to the exponent 2^254 - 2^30 - 2^7 - 2^6 - 2^5 - 2^4 - 2^2
+         * 
+         * Breaking up the exponent's binary representation into "repunits", we get:
+         * { 223 1s } { 1 0s } { 22 1s } { 4 0s } { 2 1s } { 2 0s}
+         * 
+         * Therefore we need an addition chain containing 2, 22, 223 (the lengths of the repunits)
+         * We use: 1, [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223]
+         */
+
+        int[] x1 = this.x;
+        if (Nat256.isZero(x1) || Nat256.isOne(x1))
+        {
+            return this;
+        }
+
+        int[] x2 = Nat256.create();
+        SecP256K1Field.square(x1, x2);
+        SecP256K1Field.multiply(x2, x1, x2);
+        int[] x3 = Nat256.create();
+        SecP256K1Field.square(x2, x3);
+        SecP256K1Field.multiply(x3, x1, x3);
+        int[] x6 = Nat256.create();
+        SecP256K1Field.squareN(x3, 3, x6);
+        SecP256K1Field.multiply(x6, x3, x6);
+        int[] x9 = x6;
+        SecP256K1Field.squareN(x6, 3, x9);
+        SecP256K1Field.multiply(x9, x3, x9);
+        int[] x11 = x9;
+        SecP256K1Field.squareN(x9, 2, x11);
+        SecP256K1Field.multiply(x11, x2, x11);
+        int[] x22 = Nat256.create();
+        SecP256K1Field.squareN(x11, 11, x22);
+        SecP256K1Field.multiply(x22, x11, x22);
+        int[] x44 = x11;
+        SecP256K1Field.squareN(x22, 22, x44);
+        SecP256K1Field.multiply(x44, x22, x44);
+        int[] x88 = Nat256.create();
+        SecP256K1Field.squareN(x44, 44, x88);
+        SecP256K1Field.multiply(x88, x44, x88);
+        int[] x176 = Nat256.create();
+        SecP256K1Field.squareN(x88, 88, x176);
+        SecP256K1Field.multiply(x176, x88, x176);
+        int[] x220 = x88;
+        SecP256K1Field.squareN(x176, 44, x220);
+        SecP256K1Field.multiply(x220, x44, x220);
+        int[] x223 = x44;
+        SecP256K1Field.squareN(x220, 3, x223);
+        SecP256K1Field.multiply(x223, x3, x223);
+
+        int[] t1 = x223;
+        SecP256K1Field.squareN(t1, 23, t1);
+        SecP256K1Field.multiply(t1, x22, t1);
+        SecP256K1Field.squareN(t1, 6, t1);
+        SecP256K1Field.multiply(t1, x2, t1);
+        SecP256K1Field.squareN(t1, 2, t1);
+
+        int[] t2 = x2;
+        SecP256K1Field.square(t1, t2);
+
+        return Nat256.eq(x1, t2) ? new SecP256K1FieldElement(t1) : null;        
+    }
+
+    public boolean equals(Object other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof SecP256K1FieldElement))
+        {
+            return false;
+        }
+
+        SecP256K1FieldElement o = (SecP256K1FieldElement)other;
+        return Nat256.eq(x, o.x);
+    }
+
+    public int hashCode()
+    {
+        return Q.hashCode() ^ Arrays.hashCode(x, 0, 8);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Point.java
new file mode 100644
index 0000000..f57b200
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Point.java
@@ -0,0 +1,298 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat256;
+
+public class SecP256K1Point extends ECPoint.AbstractFp
+{
+    /**
+     * Create a point which encodes with point compression.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * 
+     * @deprecated Use ECCurve.createPoint to construct points
+     */
+    public SecP256K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this(curve, x, y, false);
+    }
+
+    /**
+     * Create a point that encodes with or without point compresion.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * @param withCompression
+     *            if true encode with point compression
+     * 
+     * @deprecated per-point compression property will be removed, refer
+     *             {@link #getEncoded(boolean)}
+     */
+    public SecP256K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        super(curve, x, y);
+
+        if ((x == null) != (y == null))
+        {
+            throw new IllegalArgumentException("Exactly one of the field elements is null");
+        }
+
+        this.withCompression = withCompression;
+    }
+
+    SecP256K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs,
+        boolean withCompression)
+    {
+        super(curve, x, y, zs);
+
+        this.withCompression = withCompression;
+    }
+
+    protected ECPoint detach()
+    {
+        return new SecP256K1Point(null, getAffineXCoord(), getAffineYCoord());
+    }
+
+    // B.3 pg 62
+    public ECPoint add(ECPoint b)
+    {
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return this;
+        }
+        if (this == b)
+        {
+            return twice();
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP256K1FieldElement X1 = (SecP256K1FieldElement)this.x, Y1 = (SecP256K1FieldElement)this.y;
+        SecP256K1FieldElement X2 = (SecP256K1FieldElement)b.getXCoord(), Y2 = (SecP256K1FieldElement)b.getYCoord();
+
+        SecP256K1FieldElement Z1 = (SecP256K1FieldElement)this.zs[0];
+        SecP256K1FieldElement Z2 = (SecP256K1FieldElement)b.getZCoord(0);
+
+        int c;
+        int[] tt1 = Nat256.createExt();
+        int[] t2 = Nat256.create();
+        int[] t3 = Nat256.create();
+        int[] t4 = Nat256.create();
+
+        boolean Z1IsOne = Z1.isOne();
+        int[] U2, S2;
+        if (Z1IsOne)
+        {
+            U2 = X2.x;
+            S2 = Y2.x;
+        }
+        else
+        {
+            S2 = t3;
+            SecP256K1Field.square(Z1.x, S2);
+
+            U2 = t2;
+            SecP256K1Field.multiply(S2, X2.x, U2);
+
+            SecP256K1Field.multiply(S2, Z1.x, S2);
+            SecP256K1Field.multiply(S2, Y2.x, S2);
+        }
+
+        boolean Z2IsOne = Z2.isOne();
+        int[] U1, S1;
+        if (Z2IsOne)
+        {
+            U1 = X1.x;
+            S1 = Y1.x;
+        }
+        else
+        {
+            S1 = t4;
+            SecP256K1Field.square(Z2.x, S1);
+
+            U1 = tt1;
+            SecP256K1Field.multiply(S1, X1.x, U1);
+
+            SecP256K1Field.multiply(S1, Z2.x, S1);
+            SecP256K1Field.multiply(S1, Y1.x, S1);
+        }
+
+        int[] H = Nat256.create();
+        SecP256K1Field.subtract(U1, U2, H);
+
+        int[] R = t2;
+        SecP256K1Field.subtract(S1, S2, R);
+
+        // Check if b == this or b == -this
+        if (Nat256.isZero(H))
+        {
+            if (Nat256.isZero(R))
+            {
+                // this == b, i.e. this must be doubled
+                return this.twice();
+            }
+
+            // this == -b, i.e. the result is the point at infinity
+            return curve.getInfinity();
+        }
+
+        int[] HSquared = t3;
+        SecP256K1Field.square(H, HSquared);
+
+        int[] G = Nat256.create();
+        SecP256K1Field.multiply(HSquared, H, G);
+
+        int[] V = t3;
+        SecP256K1Field.multiply(HSquared, U1, V);
+
+        SecP256K1Field.negate(G, G);
+        Nat256.mul(S1, G, tt1);
+
+        c = Nat256.addBothTo(V, V, G);
+        SecP256K1Field.reduce32(c, G);
+
+        SecP256K1FieldElement X3 = new SecP256K1FieldElement(t4);
+        SecP256K1Field.square(R, X3.x);
+        SecP256K1Field.subtract(X3.x, G, X3.x);
+
+        SecP256K1FieldElement Y3 = new SecP256K1FieldElement(G);
+        SecP256K1Field.subtract(V, X3.x, Y3.x);
+        SecP256K1Field.multiplyAddToExt(Y3.x, R, tt1);
+        SecP256K1Field.reduce(tt1, Y3.x);
+
+        SecP256K1FieldElement Z3 = new SecP256K1FieldElement(H);
+        if (!Z1IsOne)
+        {
+            SecP256K1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+        if (!Z2IsOne)
+        {
+            SecP256K1Field.multiply(Z3.x, Z2.x, Z3.x);
+        }
+
+        ECFieldElement[] zs = new ECFieldElement[] { Z3 };
+
+        return new SecP256K1Point(curve, X3, Y3, zs, this.withCompression);
+    }
+
+    // B.3 pg 62
+    public ECPoint twice()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP256K1FieldElement Y1 = (SecP256K1FieldElement)this.y;
+        if (Y1.isZero())
+        {
+            return curve.getInfinity();
+        }
+
+        SecP256K1FieldElement X1 = (SecP256K1FieldElement)this.x, Z1 = (SecP256K1FieldElement)this.zs[0];
+
+        int c;
+        
+        int[] Y1Squared = Nat256.create();
+        SecP256K1Field.square(Y1.x, Y1Squared);
+
+        int[] T = Nat256.create();
+        SecP256K1Field.square(Y1Squared, T);
+
+        int[] M = Nat256.create();
+        SecP256K1Field.square(X1.x, M);
+        c = Nat256.addBothTo(M, M, M);
+        SecP256K1Field.reduce32(c, M);
+
+        int[] S = Y1Squared;
+        SecP256K1Field.multiply(Y1Squared, X1.x, S);
+        c = Nat.shiftUpBits(8, S, 2, 0);
+        SecP256K1Field.reduce32(c, S);
+
+        int[] t1 = Nat256.create();
+        c = Nat.shiftUpBits(8, T, 3, 0, t1);
+        SecP256K1Field.reduce32(c, t1);
+
+        SecP256K1FieldElement X3 = new SecP256K1FieldElement(T);
+        SecP256K1Field.square(M, X3.x);
+        SecP256K1Field.subtract(X3.x, S, X3.x);
+        SecP256K1Field.subtract(X3.x, S, X3.x);
+
+        SecP256K1FieldElement Y3 = new SecP256K1FieldElement(S);
+        SecP256K1Field.subtract(S, X3.x, Y3.x);
+        SecP256K1Field.multiply(Y3.x, M, Y3.x);
+        SecP256K1Field.subtract(Y3.x, t1, Y3.x);
+
+        SecP256K1FieldElement Z3 = new SecP256K1FieldElement(M);
+        SecP256K1Field.twice(Y1.x, Z3.x);
+        if (!Z1.isOne())
+        {
+            SecP256K1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+
+        return new SecP256K1Point(curve, X3, Y3, new ECFieldElement[] { Z3 }, this.withCompression);
+    }
+
+    public ECPoint twicePlus(ECPoint b)
+    {
+        if (this == b)
+        {
+            return threeTimes();
+        }
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return twice();
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero())
+        {
+            return b;
+        }
+
+        return twice().add(b);
+    }
+
+    public ECPoint threeTimes()
+    {
+        if (this.isInfinity() || this.y.isZero())
+        {
+            return this;
+        }
+
+        // NOTE: Be careful about recursions between twicePlus and threeTimes
+        return twice().add(this);
+    }
+
+    public ECPoint negate()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        return new SecP256K1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Curve.java
new file mode 100644
index 0000000..5ff6a38
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Curve.java
@@ -0,0 +1,80 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+
+public class SecP256R1Curve extends ECCurve.AbstractFp
+{
+    public static final BigInteger q = new BigInteger(1,
+        Hex.decode("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"));
+
+    private static final int SecP256R1_DEFAULT_COORDS = COORD_JACOBIAN;
+
+    protected SecP256R1Point infinity;
+
+    public SecP256R1Curve()
+    {
+        super(q);
+
+        this.infinity = new SecP256R1Point(this, null, null);
+
+        this.a = fromBigInteger(new BigInteger(1,
+            Hex.decode("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")));
+        this.b = fromBigInteger(new BigInteger(1,
+            Hex.decode("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")));
+        this.order = new BigInteger(1, Hex.decode("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"));
+        this.cofactor = BigInteger.valueOf(1);
+
+        this.coord = SecP256R1_DEFAULT_COORDS;
+    }
+
+    protected ECCurve cloneCurve()
+    {
+        return new SecP256R1Curve();
+    }
+
+    public boolean supportsCoordinateSystem(int coord)
+    {
+        switch (coord)
+        {
+        case COORD_JACOBIAN:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public BigInteger getQ()
+    {
+        return q;
+    }
+
+    public int getFieldSize()
+    {
+        return q.bitLength();
+    }
+
+    public ECFieldElement fromBigInteger(BigInteger x)
+    {
+        return new SecP256R1FieldElement(x);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        return new SecP256R1Point(this, x, y, withCompression);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        return new SecP256R1Point(this, x, y, zs, withCompression);
+    }
+
+    public ECPoint getInfinity()
+    {
+        return infinity;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Field.java
new file mode 100644
index 0000000..985cb0e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Field.java
@@ -0,0 +1,312 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat256;
+
+public class SecP256R1Field
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    // 2^256 - 2^224 + 2^192 + 2^96 - 1
+    static final int[] P = new int[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000,
+        0x00000001, 0xFFFFFFFF };
+    static final int[] PExt = new int[]{ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
+        0xFFFFFFFF, 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, 0x00000001, 0xFFFFFFFE,
+        0x00000002, 0xFFFFFFFE };
+    private static final int P7 = 0xFFFFFFFF;
+    private static final int PExt15 = 0xFFFFFFFF;
+
+    public static void add(int[] x, int[] y, int[] z)
+    {
+        int c = Nat256.add(x, y, z);
+        if (c != 0 || (z[7] == P7 && Nat256.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void addExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.add(16, xx, yy, zz);
+        if (c != 0 || ((zz[15] & PExt15) == PExt15 && Nat.gte(16, zz, PExt)))
+        {
+            Nat.subFrom(16, PExt, zz);
+        }
+    }
+
+    public static void addOne(int[] x, int[] z)
+    {
+        int c = Nat.inc(8, x, z);
+        if (c != 0 || (z[7] == P7 && Nat256.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        int[] z = Nat256.fromBigInteger(x);
+        if (z[7] == P7 && Nat256.gte(z, P))
+        {
+            Nat256.subFrom(P, z);
+        }
+        return z;
+    }
+
+    public static void half(int[] x, int[] z)
+    {
+        if ((x[0] & 1) == 0)
+        {
+            Nat.shiftDownBit(8, x, 0, z);
+        }
+        else
+        {
+            int c = Nat256.add(x, P, z);
+            Nat.shiftDownBit(8, z, c);
+        }
+    }
+
+    public static void multiply(int[] x, int[] y, int[] z)
+    {
+        int[] tt = Nat256.createExt();
+        Nat256.mul(x, y, tt);
+        reduce(tt, z);
+    }
+
+    public static void multiplyAddToExt(int[] x, int[] y, int[] zz)
+    {
+        int c = Nat256.mulAddTo(x, y, zz);
+        if (c != 0 || ((zz[15] & PExt15) == PExt15 && Nat.gte(16, zz, PExt)))
+        {
+            Nat.subFrom(16, PExt, zz);
+        }
+    }
+
+    public static void negate(int[] x, int[] z)
+    {
+        if (Nat256.isZero(x))
+        {
+            Nat256.zero(z);
+        }
+        else
+        {
+            Nat256.sub(P, x, z);
+        }
+    }
+
+    public static void reduce(int[] xx, int[] z)
+    {
+        long xx08 = xx[8] & M, xx09 = xx[9] & M, xx10 = xx[10] & M, xx11 = xx[11] & M;
+        long xx12 = xx[12] & M, xx13 = xx[13] & M, xx14 = xx[14] & M, xx15 = xx[15] & M;
+
+        final long n = 6;
+
+        xx08 -= n;
+
+        long t0 = xx08 + xx09;
+        long t1 = xx09 + xx10;
+        long t2 = xx10 + xx11 - xx15;
+        long t3 = xx11 + xx12;
+        long t4 = xx12 + xx13;
+        long t5 = xx13 + xx14;
+        long t6 = xx14 + xx15;
+
+        long cc = 0;
+        cc += (xx[0] & M) + t0 - t3 - t5;
+        z[0] = (int)cc;
+        cc >>= 32;
+        cc += (xx[1] & M) + t1 - t4 - t6;
+        z[1] = (int)cc;
+        cc >>= 32;
+        cc += (xx[2] & M) + t2 - t5;
+        z[2] = (int)cc;
+        cc >>= 32;
+        cc += (xx[3] & M) + (t3 << 1) + xx13 - xx15 - t0;
+        z[3] = (int)cc;
+        cc >>= 32;
+        cc += (xx[4] & M) + (t4 << 1) + xx14 - t1;
+        z[4] = (int)cc;
+        cc >>= 32;
+        cc += (xx[5] & M) + (t5 << 1) - t2;
+        z[5] = (int)cc;
+        cc >>= 32;
+        cc += (xx[6] & M) + (t6 << 1) + t5 - t0;
+        z[6] = (int)cc;
+        cc >>= 32;
+        cc += (xx[7] & M) + (xx15 << 1) + xx08 - t2 - t4;
+        z[7] = (int)cc;
+        cc >>= 32;
+        cc += n;
+
+//        assert cc >= 0;
+
+        reduce32((int)cc, z);
+    }
+
+    public static void reduce32(int x, int[] z)
+    {
+        long cc = 0;
+
+        if (x != 0)
+        {
+            long xx08 = x & M;
+
+            cc += (z[0] & M) + xx08;
+            z[0] = (int)cc;
+            cc >>= 32;
+            if (cc != 0)
+            {
+                cc += (z[1] & M);
+                z[1] = (int)cc;
+                cc >>= 32;
+                cc += (z[2] & M);
+                z[2] = (int)cc;
+                cc >>= 32;
+            }
+            cc += (z[3] & M) - xx08;
+            z[3] = (int)cc;
+            cc >>= 32;
+            if (cc != 0)
+            {
+                cc += (z[4] & M);
+                z[4] = (int)cc;
+                cc >>= 32;
+                cc += (z[5] & M);
+                z[5] = (int)cc;
+                cc >>= 32;
+            }
+            cc += (z[6] & M) - xx08;
+            z[6] = (int)cc;
+            cc >>= 32;
+            cc += (z[7] & M) + xx08;
+            z[7] = (int)cc;
+            cc >>= 32;
+
+//          assert cc == 0 || cc == 1;
+        }
+
+        if (cc != 0 || (z[7] == P7 && Nat256.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void square(int[] x, int[] z)
+    {
+        int[] tt = Nat256.createExt();
+        Nat256.square(x, tt);
+        reduce(tt, z);
+    }
+
+    public static void squareN(int[] x, int n, int[] z)
+    {
+//        assert n > 0;
+
+        int[] tt = Nat256.createExt();
+        Nat256.square(x, tt);
+        reduce(tt, z);
+
+        while (--n > 0)
+        {
+            Nat256.square(z, tt);
+            reduce(tt, z);
+        }
+    }
+
+    public static void subtract(int[] x, int[] y, int[] z)
+    {
+        int c = Nat256.sub(x, y, z);
+        if (c != 0)
+        {
+            subPInvFrom(z);
+        }
+    }
+
+    public static void subtractExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.sub(16, xx, yy, zz);
+        if (c != 0)
+        {
+            Nat.addTo(16, PExt, zz);
+        }
+    }
+
+    public static void twice(int[] x, int[] z)
+    {
+        int c = Nat.shiftUpBit(8, x, 0, z);
+        if (c != 0 || (z[7] == P7 && Nat256.gte(z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    private static void addPInvTo(int[] z)
+    {
+        long c = (z[0] & M) + 1;
+        z[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[1] & M);
+            z[1] = (int)c;
+            c >>= 32;
+            c += (z[2] & M);
+            z[2] = (int)c;
+            c >>= 32;
+        }
+        c += (z[3] & M) - 1;
+        z[3] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[4] & M);
+            z[4] = (int)c;
+            c >>= 32;
+            c += (z[5] & M);
+            z[5] = (int)c;
+            c >>= 32;
+        }
+        c += (z[6] & M) - 1;
+        z[6] = (int)c;
+        c >>= 32;
+        c += (z[7] & M) + 1;
+        z[7] = (int)c;
+//        c >>= 32;
+    }
+
+    private static void subPInvFrom(int[] z)
+    {
+        long c = (z[0] & M) - 1;
+        z[0] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[1] & M);
+            z[1] = (int)c;
+            c >>= 32;
+            c += (z[2] & M);
+            z[2] = (int)c;
+            c >>= 32;
+        }
+        c += (z[3] & M) + 1;
+        z[3] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[4] & M);
+            z[4] = (int)c;
+            c >>= 32;
+            c += (z[5] & M);
+            z[5] = (int)c;
+            c >>= 32;
+        }
+        c += (z[6] & M) + 1;
+        z[6] = (int)c;
+        c >>= 32;
+        c += (z[7] & M) - 1;
+        z[7] = (int)c;
+//        c >>= 32;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1FieldElement.java
new file mode 100644
index 0000000..be250d1
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1FieldElement.java
@@ -0,0 +1,189 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat256;
+import org.bouncycastle.util.Arrays;
+
+public class SecP256R1FieldElement extends ECFieldElement
+{
+    public static final BigInteger Q = SecP256R1Curve.q;
+
+    protected int[] x;
+
+    public SecP256R1FieldElement(BigInteger x)
+    {
+        if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0)
+        {
+            throw new IllegalArgumentException("x value invalid for SecP256R1FieldElement");
+        }
+
+        this.x = SecP256R1Field.fromBigInteger(x);
+    }
+
+    public SecP256R1FieldElement()
+    {
+        this.x = Nat256.create();
+    }
+
+    protected SecP256R1FieldElement(int[] x)
+    {
+        this.x = x;
+    }
+
+    public boolean isZero()
+    {
+        return Nat256.isZero(x);
+    }
+
+    public boolean isOne()
+    {
+        return Nat256.isOne(x);
+    }
+
+    public boolean testBitZero()
+    {
+        return Nat256.getBit(x, 0) == 1;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        return Nat256.toBigInteger(x);
+    }
+
+    public String getFieldName()
+    {
+        return "SecP256R1Field";
+    }
+
+    public int getFieldSize()
+    {
+        return Q.bitLength();
+    }
+
+    public ECFieldElement add(ECFieldElement b)
+    {
+        int[] z = Nat256.create();
+        SecP256R1Field.add(x, ((SecP256R1FieldElement)b).x, z);
+        return new SecP256R1FieldElement(z);
+    }
+
+    public ECFieldElement addOne()
+    {
+        int[] z = Nat256.create();
+        SecP256R1Field.addOne(x, z);
+        return new SecP256R1FieldElement(z);
+    }
+
+    public ECFieldElement subtract(ECFieldElement b)
+    {
+        int[] z = Nat256.create();
+        SecP256R1Field.subtract(x, ((SecP256R1FieldElement)b).x, z);
+        return new SecP256R1FieldElement(z);
+    }
+
+    public ECFieldElement multiply(ECFieldElement b)
+    {
+        int[] z = Nat256.create();
+        SecP256R1Field.multiply(x, ((SecP256R1FieldElement)b).x, z);
+        return new SecP256R1FieldElement(z);
+    }
+
+    public ECFieldElement divide(ECFieldElement b)
+    {
+//        return multiply(b.invert());
+        int[] z = Nat256.create();
+        Mod.invert(SecP256R1Field.P, ((SecP256R1FieldElement)b).x, z);
+        SecP256R1Field.multiply(z, x, z);
+        return new SecP256R1FieldElement(z);
+    }
+
+    public ECFieldElement negate()
+    {
+        int[] z = Nat256.create();
+        SecP256R1Field.negate(x, z);
+        return new SecP256R1FieldElement(z);
+    }
+
+    public ECFieldElement square()
+    {
+        int[] z = Nat256.create();
+        SecP256R1Field.square(x, z);
+        return new SecP256R1FieldElement(z);
+    }
+
+    public ECFieldElement invert()
+    {
+//        return new SecP256R1FieldElement(toBigInteger().modInverse(Q));
+        int[] z = Nat256.create();
+        Mod.invert(SecP256R1Field.P, x, z);
+        return new SecP256R1FieldElement(z);
+    }
+
+    /**
+     * return a sqrt root - the routine verifies that the calculation returns the right value - if
+     * none exists it returns null.
+     */
+    public ECFieldElement sqrt()
+    {
+        // Raise this element to the exponent 2^254 - 2^222 + 2^190 + 2^94
+
+        int[] x1 = this.x;
+        if (Nat256.isZero(x1) || Nat256.isOne(x1))
+        {
+            return this;
+        }
+
+        int[] t1 = Nat256.create();
+        int[] t2 = Nat256.create();
+
+        SecP256R1Field.square(x1, t1);
+        SecP256R1Field.multiply(t1, x1, t1);
+
+        SecP256R1Field.squareN(t1, 2, t2);
+        SecP256R1Field.multiply(t2, t1, t2);
+
+        SecP256R1Field.squareN(t2, 4, t1);
+        SecP256R1Field.multiply(t1, t2, t1);
+
+        SecP256R1Field.squareN(t1, 8, t2);
+        SecP256R1Field.multiply(t2, t1, t2);
+
+        SecP256R1Field.squareN(t2, 16, t1);
+        SecP256R1Field.multiply(t1, t2, t1);
+
+        SecP256R1Field.squareN(t1, 32, t1);
+        SecP256R1Field.multiply(t1, x1, t1);
+
+        SecP256R1Field.squareN(t1, 96, t1);
+        SecP256R1Field.multiply(t1, x1, t1);
+
+        SecP256R1Field.squareN(t1, 94, t1);
+        SecP256R1Field.square(t1, t2);
+
+        return Nat256.eq(x1, t2) ? new SecP256R1FieldElement(t1) : null;
+    }
+
+    public boolean equals(Object other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof SecP256R1FieldElement))
+        {
+            return false;
+        }
+
+        SecP256R1FieldElement o = (SecP256R1FieldElement)other;
+        return Nat256.eq(x, o.x);
+    }
+
+    public int hashCode()
+    {
+        return Q.hashCode() ^ Arrays.hashCode(x, 0, 8);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Point.java
new file mode 100644
index 0000000..930fdc5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256R1Point.java
@@ -0,0 +1,308 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat256;
+
+public class SecP256R1Point extends ECPoint.AbstractFp
+{
+    /**
+     * Create a point which encodes with point compression.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * 
+     * @deprecated Use ECCurve.createPoint to construct points
+     */
+    public SecP256R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this(curve, x, y, false);
+    }
+
+    /**
+     * Create a point that encodes with or without point compresion.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * @param withCompression
+     *            if true encode with point compression
+     * 
+     * @deprecated per-point compression property will be removed, refer
+     *             {@link #getEncoded(boolean)}
+     */
+    public SecP256R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        super(curve, x, y);
+
+        if ((x == null) != (y == null))
+        {
+            throw new IllegalArgumentException("Exactly one of the field elements is null");
+        }
+
+        this.withCompression = withCompression;
+    }
+
+    SecP256R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        super(curve, x, y, zs);
+
+        this.withCompression = withCompression;
+    }
+
+    protected ECPoint detach()
+    {
+        return new SecP256R1Point(null, getAffineXCoord(), getAffineYCoord());
+    }
+
+    public ECPoint add(ECPoint b)
+    {
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return this;
+        }
+        if (this == b)
+        {
+            return twice();
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP256R1FieldElement X1 = (SecP256R1FieldElement)this.x, Y1 = (SecP256R1FieldElement)this.y;
+        SecP256R1FieldElement X2 = (SecP256R1FieldElement)b.getXCoord(), Y2 = (SecP256R1FieldElement)b.getYCoord();
+
+        SecP256R1FieldElement Z1 = (SecP256R1FieldElement)this.zs[0];
+        SecP256R1FieldElement Z2 = (SecP256R1FieldElement)b.getZCoord(0);
+
+        int c;
+        int[] tt1 = Nat256.createExt();
+        int[] t2 = Nat256.create();
+        int[] t3 = Nat256.create();
+        int[] t4 = Nat256.create();
+
+        boolean Z1IsOne = Z1.isOne();
+        int[] U2, S2;
+        if (Z1IsOne)
+        {
+            U2 = X2.x;
+            S2 = Y2.x;
+        }
+        else
+        {
+            S2 = t3;
+            SecP256R1Field.square(Z1.x, S2);
+
+            U2 = t2;
+            SecP256R1Field.multiply(S2, X2.x, U2);
+
+            SecP256R1Field.multiply(S2, Z1.x, S2);
+            SecP256R1Field.multiply(S2, Y2.x, S2);
+        }
+
+        boolean Z2IsOne = Z2.isOne();
+        int[] U1, S1;
+        if (Z2IsOne)
+        {
+            U1 = X1.x;
+            S1 = Y1.x;
+        }
+        else
+        {
+            S1 = t4;
+            SecP256R1Field.square(Z2.x, S1);
+
+            U1 = tt1;
+            SecP256R1Field.multiply(S1, X1.x, U1);
+
+            SecP256R1Field.multiply(S1, Z2.x, S1);
+            SecP256R1Field.multiply(S1, Y1.x, S1);
+        }
+
+        int[] H = Nat256.create();
+        SecP256R1Field.subtract(U1, U2, H);
+
+        int[] R = t2;
+        SecP256R1Field.subtract(S1, S2, R);
+
+        // Check if b == this or b == -this
+        if (Nat256.isZero(H))
+        {
+            if (Nat256.isZero(R))
+            {
+                // this == b, i.e. this must be doubled
+                return this.twice();
+            }
+
+            // this == -b, i.e. the result is the point at infinity
+            return curve.getInfinity();
+        }
+
+        int[] HSquared = t3;
+        SecP256R1Field.square(H, HSquared);
+
+        int[] G = Nat256.create();
+        SecP256R1Field.multiply(HSquared, H, G);
+
+        int[] V = t3;
+        SecP256R1Field.multiply(HSquared, U1, V);
+
+        SecP256R1Field.negate(G, G);
+        Nat256.mul(S1, G, tt1);
+
+        c = Nat256.addBothTo(V, V, G);
+        SecP256R1Field.reduce32(c, G);
+
+        SecP256R1FieldElement X3 = new SecP256R1FieldElement(t4);
+        SecP256R1Field.square(R, X3.x);
+        SecP256R1Field.subtract(X3.x, G, X3.x);
+
+        SecP256R1FieldElement Y3 = new SecP256R1FieldElement(G);
+        SecP256R1Field.subtract(V, X3.x, Y3.x);
+        SecP256R1Field.multiplyAddToExt(Y3.x, R, tt1);
+        SecP256R1Field.reduce(tt1, Y3.x);
+
+        SecP256R1FieldElement Z3 = new SecP256R1FieldElement(H);
+        if (!Z1IsOne)
+        {
+            SecP256R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+        if (!Z2IsOne)
+        {
+            SecP256R1Field.multiply(Z3.x, Z2.x, Z3.x);
+        }
+
+        ECFieldElement[] zs = new ECFieldElement[]{ Z3 };
+
+        return new SecP256R1Point(curve, X3, Y3, zs, this.withCompression);
+    }
+
+    public ECPoint twice()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP256R1FieldElement Y1 = (SecP256R1FieldElement)this.y;
+        if (Y1.isZero())
+        {
+            return curve.getInfinity();
+        }
+
+        SecP256R1FieldElement X1 = (SecP256R1FieldElement)this.x, Z1 = (SecP256R1FieldElement)this.zs[0];
+
+        int c;
+        int[] t1 = Nat256.create();
+        int[] t2 = Nat256.create();
+
+        int[] Y1Squared = Nat256.create();
+        SecP256R1Field.square(Y1.x, Y1Squared);
+
+        int[] T = Nat256.create();
+        SecP256R1Field.square(Y1Squared, T);
+
+        boolean Z1IsOne = Z1.isOne();
+
+        int[] Z1Squared = Z1.x;
+        if (!Z1IsOne)
+        {
+            Z1Squared = t2;
+            SecP256R1Field.square(Z1.x, Z1Squared);
+        }
+
+        SecP256R1Field.subtract(X1.x, Z1Squared, t1);
+
+        int[] M = t2;
+        SecP256R1Field.add(X1.x, Z1Squared, M);
+        SecP256R1Field.multiply(M, t1, M);
+        c = Nat256.addBothTo(M, M, M);
+        SecP256R1Field.reduce32(c, M);
+
+        int[] S = Y1Squared;
+        SecP256R1Field.multiply(Y1Squared, X1.x, S);
+        c = Nat.shiftUpBits(8, S, 2, 0);
+        SecP256R1Field.reduce32(c, S);
+
+        c = Nat.shiftUpBits(8, T, 3, 0, t1);
+        SecP256R1Field.reduce32(c, t1);
+
+        SecP256R1FieldElement X3 = new SecP256R1FieldElement(T);
+        SecP256R1Field.square(M, X3.x);
+        SecP256R1Field.subtract(X3.x, S, X3.x);
+        SecP256R1Field.subtract(X3.x, S, X3.x);
+
+        SecP256R1FieldElement Y3 = new SecP256R1FieldElement(S);
+        SecP256R1Field.subtract(S, X3.x, Y3.x);
+        SecP256R1Field.multiply(Y3.x, M, Y3.x);
+        SecP256R1Field.subtract(Y3.x, t1, Y3.x);
+
+        SecP256R1FieldElement Z3 = new SecP256R1FieldElement(M);
+        SecP256R1Field.twice(Y1.x, Z3.x);
+        if (!Z1IsOne)
+        {
+            SecP256R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+
+        return new SecP256R1Point(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression);
+    }
+
+    public ECPoint twicePlus(ECPoint b)
+    {
+        if (this == b)
+        {
+            return threeTimes();
+        }
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return twice();
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero())
+        {
+            return b;
+        }
+
+        return twice().add(b);
+    }
+
+    public ECPoint threeTimes()
+    {
+        if (this.isInfinity() || this.y.isZero())
+        {
+            return this;
+        }
+
+        // NOTE: Be careful about recursions between twicePlus and threeTimes
+        return twice().add(this);
+    }
+
+    public ECPoint negate()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        return new SecP256R1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Curve.java
new file mode 100644
index 0000000..27cbcdb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Curve.java
@@ -0,0 +1,80 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+
+public class SecP384R1Curve extends ECCurve.AbstractFp
+{
+    public static final BigInteger q = new BigInteger(1,
+        Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"));
+
+    private static final int SecP384R1_DEFAULT_COORDS = COORD_JACOBIAN;
+
+    protected SecP384R1Point infinity;
+
+    public SecP384R1Curve()
+    {
+        super(q);
+
+        this.infinity = new SecP384R1Point(this, null, null);
+
+        this.a = fromBigInteger(new BigInteger(1,
+            Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")));
+        this.b = fromBigInteger(new BigInteger(1,
+            Hex.decode("B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")));
+        this.order = new BigInteger(1, Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"));
+        this.cofactor = BigInteger.valueOf(1);
+
+        this.coord = SecP384R1_DEFAULT_COORDS;
+    }
+
+    protected ECCurve cloneCurve()
+    {
+        return new SecP384R1Curve();
+    }
+
+    public boolean supportsCoordinateSystem(int coord)
+    {
+        switch (coord)
+        {
+        case COORD_JACOBIAN:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public BigInteger getQ()
+    {
+        return q;
+    }
+
+    public int getFieldSize()
+    {
+        return q.bitLength();
+    }
+
+    public ECFieldElement fromBigInteger(BigInteger x)
+    {
+        return new SecP384R1FieldElement(x);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        return new SecP384R1Point(this, x, y, withCompression);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        return new SecP384R1Point(this, x, y, zs, withCompression);
+    }
+
+    public ECPoint getInfinity()
+    {
+        return infinity;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Field.java
new file mode 100644
index 0000000..f321a10
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Field.java
@@ -0,0 +1,295 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat384;
+
+public class SecP384R1Field
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    // 2^384 - 2^128 - 2^96 + 2^32 - 1
+    static final int[] P = new int[]{ 0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
+        0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+    static final int[] PExt = new int[]{ 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
+        0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFFFE, 0x00000001, 0x00000000,
+        0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+    private static final int[] PExtInv = new int[]{ 0xFFFFFFFF, 0x00000001, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0x00000001,
+        0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, 0xFFFFFFFE, 0xFFFFFFFF,
+        0x00000001, 0x00000002 };
+    private static final int P11 = 0xFFFFFFFF;
+    private static final int PExt23 = 0xFFFFFFFF;
+
+    public static void add(int[] x, int[] y, int[] z)
+    {
+        int c = Nat.add(12, x, y, z);
+        if (c != 0 || (z[11] == P11 && Nat.gte(12, z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void addExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.add(24, xx, yy, zz);
+        if (c != 0 || (zz[23] == PExt23 && Nat.gte(24, zz, PExt)))
+        {
+            if (Nat.addTo(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.incAt(24, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void addOne(int[] x, int[] z)
+    {
+        int c = Nat.inc(12, x, z);
+        if (c != 0 || (z[11] == P11 && Nat.gte(12, z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        int[] z = Nat.fromBigInteger(384, x);
+        if (z[11] == P11 && Nat.gte(12, z, P))
+        {
+            Nat.subFrom(12, P, z);
+        }
+        return z;
+    }
+
+    public static void half(int[] x, int[] z)
+    {
+        if ((x[0] & 1) == 0)
+        {
+            Nat.shiftDownBit(12, x, 0, z);
+        }
+        else
+        {
+            int c = Nat.add(12, x, P, z);
+            Nat.shiftDownBit(12, z, c);
+        }
+    }
+
+    public static void multiply(int[] x, int[] y, int[] z)
+    {
+        int[] tt = Nat.create(24);
+        Nat384.mul(x, y, tt);
+        reduce(tt, z);
+    }
+
+    public static void negate(int[] x, int[] z)
+    {
+        if (Nat.isZero(12, x))
+        {
+            Nat.zero(12, z);
+        }
+        else
+        {
+            Nat.sub(12, P, x, z);
+        }
+    }
+
+    public static void reduce(int[] xx, int[] z)
+    {
+        long xx16 = xx[16] & M, xx17 = xx[17] & M, xx18 = xx[18] & M, xx19 = xx[19] & M;
+        long xx20 = xx[20] & M, xx21 = xx[21] & M, xx22 = xx[22] & M, xx23 = xx[23] & M;
+
+        final long n = 1;
+
+        long t0 = (xx[12] & M) + xx20 - n;
+        long t1 = (xx[13] & M) + xx22;
+        long t2 = (xx[14] & M) + xx22 + xx23;
+        long t3 = (xx[15] & M) + xx23;
+        long t4 = xx17 + xx21;
+        long t5 = xx21 - xx23;
+        long t6 = xx22 - xx23;
+
+        long cc = 0;
+        cc += (xx[0] & M) + t0 + t5;
+        z[0] = (int)cc;
+        cc >>= 32;
+        cc += (xx[1] & M) + xx23 - t0 + t1;
+        z[1] = (int)cc;
+        cc >>= 32;
+        cc += (xx[2] & M) - xx21 - t1 + t2;
+        z[2] = (int)cc;
+        cc >>= 32;
+        cc += (xx[3] & M) + t0 - t2 + t3 + t5;
+        z[3] = (int)cc;
+        cc >>= 32;
+        cc += (xx[4] & M) + xx16 + xx21 + t0 + t1 - t3 + t5;
+        z[4] = (int)cc;
+        cc >>= 32;
+        cc += (xx[5] & M) - xx16 + t1 + t2 + t4;
+        z[5] = (int)cc;
+        cc >>= 32;
+        cc += (xx[6] & M) + xx18 - xx17 + t2 + t3;
+        z[6] = (int)cc;
+        cc >>= 32;
+        cc += (xx[7] & M) + xx16 + xx19 - xx18 + t3;
+        z[7] = (int)cc;
+        cc >>= 32;
+        cc += (xx[8] & M) + xx16 + xx17 + xx20 - xx19;
+        z[8] = (int)cc;
+        cc >>= 32;
+        cc += (xx[9] & M) + xx18 - xx20 + t4;
+        z[9] = (int)cc;
+        cc >>= 32;
+        cc += (xx[10] & M) + xx18 + xx19 - t5 + t6;
+        z[10] = (int)cc;
+        cc >>= 32;
+        cc += (xx[11] & M) + xx19 + xx20 - t6;
+        z[11] = (int)cc;
+        cc >>= 32;
+        cc += n;
+
+//        assert cc >= 0;
+
+        reduce32((int)cc, z);
+    }
+
+    public static void reduce32(int x, int[] z)
+    {
+        long cc = 0;
+        
+        if (x != 0)
+        {
+            long xx12 = x & M;
+    
+            cc += (z[0] & M) + xx12;
+            z[0] = (int)cc;
+            cc >>= 32;
+            cc += (z[1] & M) - xx12;
+            z[1] = (int)cc;
+            cc >>= 32;
+            if (cc != 0)
+            {
+                cc += (z[2] & M);
+                z[2] = (int)cc;
+                cc >>= 32;
+            }
+            cc += (z[3] & M) + xx12;
+            z[3] = (int)cc;
+            cc >>= 32;
+            cc += (z[4] & M) + xx12;
+            z[4] = (int)cc;
+            cc >>= 32;
+
+//            assert cc == 0 || cc == 1;
+        }
+
+        if ((cc != 0 && Nat.incAt(12, z, 5) != 0)
+            || (z[11] == P11 && Nat.gte(12, z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    public static void square(int[] x, int[] z)
+    {
+        int[] tt = Nat.create(24);
+        Nat384.square(x, tt);
+        reduce(tt, z);
+    }
+
+    public static void squareN(int[] x, int n, int[] z)
+    {
+//        assert n > 0;
+
+        int[] tt = Nat.create(24);
+        Nat384.square(x, tt);
+        reduce(tt, z);
+
+        while (--n > 0)
+        {
+            Nat384.square(z, tt);
+            reduce(tt, z);
+        }
+    }
+
+    public static void subtract(int[] x, int[] y, int[] z)
+    {
+        int c = Nat.sub(12, x, y, z);
+        if (c != 0)
+        {
+            subPInvFrom(z);
+        }
+    }
+
+    public static void subtractExt(int[] xx, int[] yy, int[] zz)
+    {
+        int c = Nat.sub(24, xx, yy, zz);
+        if (c != 0)
+        {
+            if (Nat.subFrom(PExtInv.length, PExtInv, zz) != 0)
+            {
+                Nat.decAt(24, zz, PExtInv.length);
+            }
+        }
+    }
+
+    public static void twice(int[] x, int[] z)
+    {
+        int c = Nat.shiftUpBit(12, x, 0, z);
+        if (c != 0 || (z[11] == P11 && Nat.gte(12, z, P)))
+        {
+            addPInvTo(z);
+        }
+    }
+
+    private static void addPInvTo(int[] z)
+    {
+        long c = (z[0] & M) + 1;
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) - 1;
+        z[1] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[2] & M);
+            z[2] = (int)c;
+            c >>= 32;
+        }
+        c += (z[3] & M) + 1;
+        z[3] = (int)c;
+        c >>= 32;
+        c += (z[4] & M) + 1;
+        z[4] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            Nat.incAt(12, z, 5);
+        }
+    }
+
+    private static void subPInvFrom(int[] z)
+    {
+        long c = (z[0] & M) - 1;
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) + 1;
+        z[1] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            c += (z[2] & M);
+            z[2] = (int)c;
+            c >>= 32;
+        }
+        c += (z[3] & M) - 1;
+        z[3] = (int)c;
+        c >>= 32;
+        c += (z[4] & M) - 1;
+        z[4] = (int)c;
+        c >>= 32;
+        if (c != 0)
+        {
+            Nat.decAt(12, z, 5);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1FieldElement.java
new file mode 100644
index 0000000..24e585d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1FieldElement.java
@@ -0,0 +1,211 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.util.Arrays;
+
+public class SecP384R1FieldElement extends ECFieldElement
+{
+    public static final BigInteger Q = SecP384R1Curve.q;
+
+    protected int[] x;
+
+    public SecP384R1FieldElement(BigInteger x)
+    {
+        if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0)
+        {
+            throw new IllegalArgumentException("x value invalid for SecP384R1FieldElement");
+        }
+
+        this.x = SecP384R1Field.fromBigInteger(x);
+    }
+
+    public SecP384R1FieldElement()
+    {
+        this.x = Nat.create(12);
+    }
+
+    protected SecP384R1FieldElement(int[] x)
+    {
+        this.x = x;
+    }
+
+    public boolean isZero()
+    {
+        return Nat.isZero(12, x);
+    }
+
+    public boolean isOne()
+    {
+        return Nat.isOne(12, x);
+    }
+
+    public boolean testBitZero()
+    {
+        return Nat.getBit(x, 0) == 1;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        return Nat.toBigInteger(12, x);
+    }
+
+    public String getFieldName()
+    {
+        return "SecP384R1Field";
+    }
+
+    public int getFieldSize()
+    {
+        return Q.bitLength();
+    }
+
+    public ECFieldElement add(ECFieldElement b)
+    {
+        int[] z = Nat.create(12);
+        SecP384R1Field.add(x, ((SecP384R1FieldElement)b).x, z);
+        return new SecP384R1FieldElement(z);
+    }
+
+    public ECFieldElement addOne()
+    {
+        int[] z = Nat.create(12);
+        SecP384R1Field.addOne(x, z);
+        return new SecP384R1FieldElement(z);
+    }
+
+    public ECFieldElement subtract(ECFieldElement b)
+    {
+        int[] z = Nat.create(12);
+        SecP384R1Field.subtract(x, ((SecP384R1FieldElement)b).x, z);
+        return new SecP384R1FieldElement(z);
+    }
+
+    public ECFieldElement multiply(ECFieldElement b)
+    {
+        int[] z = Nat.create(12);
+        SecP384R1Field.multiply(x, ((SecP384R1FieldElement)b).x, z);
+        return new SecP384R1FieldElement(z);
+    }
+
+    public ECFieldElement divide(ECFieldElement b)
+    {
+//        return multiply(b.invert());
+        int[] z = Nat.create(12);
+        Mod.invert(SecP384R1Field.P, ((SecP384R1FieldElement)b).x, z);
+        SecP384R1Field.multiply(z, x, z);
+        return new SecP384R1FieldElement(z);
+    }
+
+    public ECFieldElement negate()
+    {
+        int[] z = Nat.create(12);
+        SecP384R1Field.negate(x, z);
+        return new SecP384R1FieldElement(z);
+    }
+
+    public ECFieldElement square()
+    {
+        int[] z = Nat.create(12);
+        SecP384R1Field.square(x, z);
+        return new SecP384R1FieldElement(z);
+    }
+
+    public ECFieldElement invert()
+    {
+//        return new SecP384R1FieldElement(toBigInteger().modInverse(Q));
+        int[] z = Nat.create(12);
+        Mod.invert(SecP384R1Field.P, x, z);
+        return new SecP384R1FieldElement(z);
+    }
+
+    /**
+     * return a sqrt root - the routine verifies that the calculation returns the right value - if
+     * none exists it returns null.
+     */
+    public ECFieldElement sqrt()
+    {
+        // Raise this element to the exponent 2^382 - 2^126 - 2^94 + 2^30
+
+        int[] x1 = this.x;
+        if (Nat.isZero(12, x1) || Nat.isOne(12, x1))
+        {
+            return this;
+        }
+
+        int[] t1 = Nat.create(12);
+        int[] t2 = Nat.create(12);
+        int[] t3 = Nat.create(12);
+        int[] t4 = Nat.create(12);
+
+        SecP384R1Field.square(x1, t1);
+        SecP384R1Field.multiply(t1, x1, t1);
+
+        SecP384R1Field.squareN(t1, 2, t2);
+        SecP384R1Field.multiply(t2, t1, t2);
+
+        SecP384R1Field.square(t2, t2);
+        SecP384R1Field.multiply(t2, x1, t2);
+
+        SecP384R1Field.squareN(t2, 5, t3);
+        SecP384R1Field.multiply(t3, t2, t3);
+
+        SecP384R1Field.squareN(t3, 5, t4);
+        SecP384R1Field.multiply(t4, t2, t4);
+
+        SecP384R1Field.squareN(t4, 15, t2);
+        SecP384R1Field.multiply(t2, t4, t2);
+
+        SecP384R1Field.squareN(t2, 2, t3);
+        SecP384R1Field.multiply(t1, t3, t1);
+
+        SecP384R1Field.squareN(t3, 28, t3);
+        SecP384R1Field.multiply(t2, t3, t2);
+
+        SecP384R1Field.squareN(t2, 60, t3);
+        SecP384R1Field.multiply(t3, t2, t3);
+
+        int[] r = t2;
+
+        SecP384R1Field.squareN(t3, 120, r);
+        SecP384R1Field.multiply(r, t3, r);
+
+        SecP384R1Field.squareN(r, 15, r);
+        SecP384R1Field.multiply(r, t4, r);
+
+        SecP384R1Field.squareN(r, 33, r);
+        SecP384R1Field.multiply(r, t1, r);
+
+        SecP384R1Field.squareN(r, 64, r);
+        SecP384R1Field.multiply(r, x1, r);
+
+        SecP384R1Field.squareN(r, 30, t1);
+        SecP384R1Field.square(t1, t2);
+
+        return Nat.eq(12, x1, t2) ? new SecP384R1FieldElement(t1) : null;
+    }
+
+    public boolean equals(Object other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof SecP384R1FieldElement))
+        {
+            return false;
+        }
+
+        SecP384R1FieldElement o = (SecP384R1FieldElement)other;
+        return Nat.eq(12, x, o.x);
+    }
+
+    public int hashCode()
+    {
+        return Q.hashCode() ^ Arrays.hashCode(x, 0, 12);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Point.java
new file mode 100644
index 0000000..89f6bf4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP384R1Point.java
@@ -0,0 +1,309 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat384;
+
+public class SecP384R1Point extends ECPoint.AbstractFp
+{
+    /**
+     * Create a point which encodes with point compression.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * 
+     * @deprecated Use ECCurve.createPoint to construct points
+     */
+    public SecP384R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this(curve, x, y, false);
+    }
+
+    /**
+     * Create a point that encodes with or without point compresion.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * @param withCompression
+     *            if true encode with point compression
+     * 
+     * @deprecated per-point compression property will be removed, refer
+     *             {@link #getEncoded(boolean)}
+     */
+    public SecP384R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        super(curve, x, y);
+
+        if ((x == null) != (y == null))
+        {
+            throw new IllegalArgumentException("Exactly one of the field elements is null");
+        }
+
+        this.withCompression = withCompression;
+    }
+
+    SecP384R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        super(curve, x, y, zs);
+
+        this.withCompression = withCompression;
+    }
+
+    protected ECPoint detach()
+    {
+        return new SecP384R1Point(null, getAffineXCoord(), getAffineYCoord());
+    }
+
+    public ECPoint add(ECPoint b)
+    {
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return this;
+        }
+        if (this == b)
+        {
+            return twice();
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP384R1FieldElement X1 = (SecP384R1FieldElement)this.x, Y1 = (SecP384R1FieldElement)this.y;
+        SecP384R1FieldElement X2 = (SecP384R1FieldElement)b.getXCoord(), Y2 = (SecP384R1FieldElement)b.getYCoord();
+
+        SecP384R1FieldElement Z1 = (SecP384R1FieldElement)this.zs[0];
+        SecP384R1FieldElement Z2 = (SecP384R1FieldElement)b.getZCoord(0);
+
+        int c;
+        int[] tt1 = Nat.create(24);
+        int[] tt2 = Nat.create(24);
+        int[] t3 = Nat.create(12);
+        int[] t4 = Nat.create(12);
+
+        boolean Z1IsOne = Z1.isOne();
+        int[] U2, S2;
+        if (Z1IsOne)
+        {
+            U2 = X2.x;
+            S2 = Y2.x;
+        }
+        else
+        {
+            S2 = t3;
+            SecP384R1Field.square(Z1.x, S2);
+
+            U2 = tt2;
+            SecP384R1Field.multiply(S2, X2.x, U2);
+
+            SecP384R1Field.multiply(S2, Z1.x, S2);
+            SecP384R1Field.multiply(S2, Y2.x, S2);
+        }
+
+        boolean Z2IsOne = Z2.isOne();
+        int[] U1, S1;
+        if (Z2IsOne)
+        {
+            U1 = X1.x;
+            S1 = Y1.x;
+        }
+        else
+        {
+            S1 = t4;
+            SecP384R1Field.square(Z2.x, S1);
+
+            U1 = tt1;
+            SecP384R1Field.multiply(S1, X1.x, U1);
+
+            SecP384R1Field.multiply(S1, Z2.x, S1);
+            SecP384R1Field.multiply(S1, Y1.x, S1);
+        }
+
+        int[] H = Nat.create(12);
+        SecP384R1Field.subtract(U1, U2, H);
+
+        int[] R = Nat.create(12);
+        SecP384R1Field.subtract(S1, S2, R);
+
+        // Check if b == this or b == -this
+        if (Nat.isZero(12, H))
+        {
+            if (Nat.isZero(12, R))
+            {
+                // this == b, i.e. this must be doubled
+                return this.twice();
+            }
+
+            // this == -b, i.e. the result is the point at infinity
+            return curve.getInfinity();
+        }
+
+        int[] HSquared = t3;
+        SecP384R1Field.square(H, HSquared);
+
+        int[] G = Nat.create(12);
+        SecP384R1Field.multiply(HSquared, H, G);
+
+        int[] V = t3;
+        SecP384R1Field.multiply(HSquared, U1, V);
+
+        SecP384R1Field.negate(G, G);
+        Nat384.mul(S1, G, tt1);
+
+        c = Nat.addBothTo(12, V, V, G);
+        SecP384R1Field.reduce32(c, G);
+
+        SecP384R1FieldElement X3 = new SecP384R1FieldElement(t4);
+        SecP384R1Field.square(R, X3.x);
+        SecP384R1Field.subtract(X3.x, G, X3.x);
+
+        SecP384R1FieldElement Y3 = new SecP384R1FieldElement(G);
+        SecP384R1Field.subtract(V, X3.x, Y3.x);
+        Nat384.mul(Y3.x, R, tt2);
+        SecP384R1Field.addExt(tt1, tt2, tt1);
+        SecP384R1Field.reduce(tt1, Y3.x);
+
+        SecP384R1FieldElement Z3 = new SecP384R1FieldElement(H);
+        if (!Z1IsOne)
+        {
+            SecP384R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+        if (!Z2IsOne)
+        {
+            SecP384R1Field.multiply(Z3.x, Z2.x, Z3.x);
+        }
+
+        ECFieldElement[] zs = new ECFieldElement[]{ Z3 };
+
+        return new SecP384R1Point(curve, X3, Y3, zs, this.withCompression);
+    }
+
+    public ECPoint twice()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP384R1FieldElement Y1 = (SecP384R1FieldElement)this.y;
+        if (Y1.isZero())
+        {
+            return curve.getInfinity();
+        }
+
+        SecP384R1FieldElement X1 = (SecP384R1FieldElement)this.x, Z1 = (SecP384R1FieldElement)this.zs[0];
+
+        int c;
+        int[] t1 = Nat.create(12);
+        int[] t2 = Nat.create(12);
+
+        int[] Y1Squared = Nat.create(12);
+        SecP384R1Field.square(Y1.x, Y1Squared);
+
+        int[] T = Nat.create(12);
+        SecP384R1Field.square(Y1Squared, T);
+
+        boolean Z1IsOne = Z1.isOne();
+
+        int[] Z1Squared = Z1.x;
+        if (!Z1IsOne)
+        {
+            Z1Squared = t2;
+            SecP384R1Field.square(Z1.x, Z1Squared);
+        }
+
+        SecP384R1Field.subtract(X1.x, Z1Squared, t1);
+
+        int[] M = t2;
+        SecP384R1Field.add(X1.x, Z1Squared, M);
+        SecP384R1Field.multiply(M, t1, M);
+        c = Nat.addBothTo(12, M, M, M);
+        SecP384R1Field.reduce32(c, M);
+
+        int[] S = Y1Squared;
+        SecP384R1Field.multiply(Y1Squared, X1.x, S);
+        c = Nat.shiftUpBits(12, S, 2, 0);
+        SecP384R1Field.reduce32(c, S);
+
+        c = Nat.shiftUpBits(12, T, 3, 0, t1);
+        SecP384R1Field.reduce32(c, t1);
+
+        SecP384R1FieldElement X3 = new SecP384R1FieldElement(T);
+        SecP384R1Field.square(M, X3.x);
+        SecP384R1Field.subtract(X3.x, S, X3.x);
+        SecP384R1Field.subtract(X3.x, S, X3.x);
+
+        SecP384R1FieldElement Y3 = new SecP384R1FieldElement(S);
+        SecP384R1Field.subtract(S, X3.x, Y3.x);
+        SecP384R1Field.multiply(Y3.x, M, Y3.x);
+        SecP384R1Field.subtract(Y3.x, t1, Y3.x);
+
+        SecP384R1FieldElement Z3 = new SecP384R1FieldElement(M);
+        SecP384R1Field.twice(Y1.x, Z3.x);
+        if (!Z1IsOne)
+        {
+            SecP384R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+
+        return new SecP384R1Point(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression);
+    }
+
+    public ECPoint twicePlus(ECPoint b)
+    {
+        if (this == b)
+        {
+            return threeTimes();
+        }
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return twice();
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero())
+        {
+            return b;
+        }
+
+        return twice().add(b);
+    }
+
+    public ECPoint threeTimes()
+    {
+        if (this.isInfinity() || this.y.isZero())
+        {
+            return this;
+        }
+
+        // NOTE: Be careful about recursions between twicePlus and threeTimes
+        return twice().add(this);
+    }
+
+    public ECPoint negate()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        return new SecP384R1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Curve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Curve.java
new file mode 100644
index 0000000..16691b1
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Curve.java
@@ -0,0 +1,80 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.encoders.Hex;
+
+public class SecP521R1Curve extends ECCurve.AbstractFp
+{
+    public static final BigInteger q = new BigInteger(1,
+        Hex.decode("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"));
+
+    private static final int SecP521R1_DEFAULT_COORDS = COORD_JACOBIAN;
+
+    protected SecP521R1Point infinity;
+
+    public SecP521R1Curve()
+    {
+        super(q);
+
+        this.infinity = new SecP521R1Point(this, null, null);
+
+        this.a = fromBigInteger(new BigInteger(1,
+            Hex.decode("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC")));
+        this.b = fromBigInteger(new BigInteger(1,
+            Hex.decode("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00")));
+        this.order = new BigInteger(1, Hex.decode("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"));
+        this.cofactor = BigInteger.valueOf(1);
+
+        this.coord = SecP521R1_DEFAULT_COORDS;
+    }
+
+    protected ECCurve cloneCurve()
+    {
+        return new SecP521R1Curve();
+    }
+
+    public boolean supportsCoordinateSystem(int coord)
+    {
+        switch (coord)
+        {
+        case COORD_JACOBIAN:
+            return true;
+        default:
+            return false;
+        }
+    }
+
+    public BigInteger getQ()
+    {
+        return q;
+    }
+
+    public int getFieldSize()
+    {
+        return q.bitLength();
+    }
+
+    public ECFieldElement fromBigInteger(BigInteger x)
+    {
+        return new SecP521R1FieldElement(x);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        return new SecP521R1Point(this, x, y, withCompression);
+    }
+
+    protected ECPoint createRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        return new SecP521R1Point(this, x, y, zs, withCompression);
+    }
+
+    public ECPoint getInfinity()
+    {
+        return infinity;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Field.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Field.java
new file mode 100644
index 0000000..00f1066
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Field.java
@@ -0,0 +1,156 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.math.raw.Nat512;
+
+public class SecP521R1Field
+{
+    // 2^521 - 1
+    static final int[] P = new int[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+        0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x1FF };
+    private static final int P16 = 0x1FF;
+
+    public static void add(int[] x, int[] y, int[] z)
+    {
+        int c = Nat.add(16, x, y, z) + x[16] + y[16];
+        if (c > P16 || (c == P16 && Nat.eq(16, z, P)))
+        {
+            c += Nat.inc(16, z);
+            c &= P16;
+        }
+        z[16] = c;
+    }
+
+    public static void addOne(int[] x, int[] z)
+    {
+        int c = Nat.inc(16, x, z) + x[16];
+        if (c > P16 || (c == P16 && Nat.eq(16, z, P)))
+        {
+            c += Nat.inc(16, z);
+            c &= P16;
+        }
+        z[16] = c;
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        int[] z = Nat.fromBigInteger(521, x);
+        if (Nat.eq(17, z, P))
+        {
+            Nat.zero(17, z);
+        }
+        return z;
+    }
+
+    public static void half(int[] x, int[] z)
+    {
+        int x16 = x[16];
+        int c = Nat.shiftDownBit(16, x, x16, z);
+        z[16] = (x16 >>> 1) | (c >>> 23);
+    }
+
+    public static void multiply(int[] x, int[] y, int[] z)
+    {
+        int[] tt = Nat.create(33);
+        implMultiply(x, y, tt);
+        reduce(tt, z);
+    }
+
+    public static void negate(int[] x, int[] z)
+    {
+        if (Nat.isZero(17, x))
+        {
+            Nat.zero(17, z);
+        }
+        else
+        {
+            Nat.sub(17, P, x, z);
+        }
+    }
+
+    public static void reduce(int[] xx, int[] z)
+    {
+//        assert xx[32] >>> 18 == 0;
+
+        int xx32 = xx[32];
+        int c = Nat.shiftDownBits(16, xx, 16, 9, xx32, z, 0) >>> 23;
+        c += xx32 >>> 9;
+        c += Nat.addTo(16, xx, z);
+        if (c > P16 || (c == P16 && Nat.eq(16, z, P)))
+        {
+            c += Nat.inc(16, z);
+            c &= P16;
+        }
+        z[16] = c;
+    }
+
+    public static void reduce23(int[] z)
+    {
+        int z16 = z[16];
+        int c = Nat.addWordTo(16, z16 >>> 9, z) + (z16 & P16);
+        if (c > P16 || (c == P16 && Nat.eq(16, z, P)))
+        {
+            c += Nat.inc(16, z);
+            c &= P16;
+        }
+        z[16] = c;
+    }
+
+    public static void square(int[] x, int[] z)
+    {
+        int[] tt = Nat.create(33);
+        implSquare(x, tt);
+        reduce(tt, z);
+    }
+
+    public static void squareN(int[] x, int n, int[] z)
+    {
+//        assert n > 0;
+
+        int[] tt = Nat.create(33);
+        implSquare(x, tt);
+        reduce(tt, z);
+
+        while (--n > 0)
+        {
+            implSquare(z, tt);
+            reduce(tt, z);
+        }
+    }
+
+    public static void subtract(int[] x, int[] y, int[] z)
+    {
+        int c = Nat.sub(16, x, y, z) + x[16] - y[16];
+        if (c < 0)
+        {
+            c += Nat.dec(16, z);
+            c &= P16;
+        }
+        z[16] = c;
+    }
+
+    public static void twice(int[] x, int[] z)
+    {
+        int x16 = x[16];
+        int c = Nat.shiftUpBit(16, x, x16 << 23, z) | (x16 << 1);
+        z[16] = c & P16;
+    }
+
+    protected static void implMultiply(int[] x, int[] y, int[] zz)
+    {
+        Nat512.mul(x, y, zz);
+
+        int x16 = x[16], y16 = y[16];
+        zz[32] = Nat.mul31BothAdd(16, x16, y, y16, x, zz, 16) + (x16 * y16);
+    }
+
+    protected static void implSquare(int[] x, int[] zz)
+    {
+        Nat512.square(x, zz);
+
+        int x16 = x[16];
+        zz[32] = Nat.mulWordAddTo(16, x16 << 1, x, 0, zz, 16) + (x16 * x16);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1FieldElement.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1FieldElement.java
new file mode 100644
index 0000000..ce9b639
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1FieldElement.java
@@ -0,0 +1,169 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.raw.Mod;
+import org.bouncycastle.math.raw.Nat;
+import org.bouncycastle.util.Arrays;
+
+public class SecP521R1FieldElement extends ECFieldElement
+{
+    public static final BigInteger Q = SecP521R1Curve.q;
+
+    protected int[] x;
+
+    public SecP521R1FieldElement(BigInteger x)
+    {
+        if (x == null || x.signum() < 0 || x.compareTo(Q) >= 0)
+        {
+            throw new IllegalArgumentException("x value invalid for SecP521R1FieldElement");
+        }
+
+        this.x = SecP521R1Field.fromBigInteger(x);
+    }
+
+    public SecP521R1FieldElement()
+    {
+        this.x = Nat.create(17);
+    }
+
+    protected SecP521R1FieldElement(int[] x)
+    {
+        this.x = x;
+    }
+
+    public boolean isZero()
+    {
+        return Nat.isZero(17, x);
+    }
+
+    public boolean isOne()
+    {
+        return Nat.isOne(17, x);
+    }
+
+    public boolean testBitZero()
+    {
+        return Nat.getBit(x, 0) == 1;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        return Nat.toBigInteger(17, x);
+    }
+
+    public String getFieldName()
+    {
+        return "SecP521R1Field";
+    }
+
+    public int getFieldSize()
+    {
+        return Q.bitLength();
+    }
+
+    public ECFieldElement add(ECFieldElement b)
+    {
+        int[] z = Nat.create(17);
+        SecP521R1Field.add(x, ((SecP521R1FieldElement)b).x, z);
+        return new SecP521R1FieldElement(z);
+    }
+
+    public ECFieldElement addOne()
+    {
+        int[] z = Nat.create(17);
+        SecP521R1Field.addOne(x, z);
+        return new SecP521R1FieldElement(z);
+    }
+
+    public ECFieldElement subtract(ECFieldElement b)
+    {
+        int[] z = Nat.create(17);
+        SecP521R1Field.subtract(x, ((SecP521R1FieldElement)b).x, z);
+        return new SecP521R1FieldElement(z);
+    }
+
+    public ECFieldElement multiply(ECFieldElement b)
+    {
+        int[] z = Nat.create(17);
+        SecP521R1Field.multiply(x, ((SecP521R1FieldElement)b).x, z);
+        return new SecP521R1FieldElement(z);
+    }
+
+    public ECFieldElement divide(ECFieldElement b)
+    {
+//        return multiply(b.invert());
+        int[] z = Nat.create(17);
+        Mod.invert(SecP521R1Field.P, ((SecP521R1FieldElement)b).x, z);
+        SecP521R1Field.multiply(z, x, z);
+        return new SecP521R1FieldElement(z);
+    }
+
+    public ECFieldElement negate()
+    {
+        int[] z = Nat.create(17);
+        SecP521R1Field.negate(x, z);
+        return new SecP521R1FieldElement(z);
+    }
+
+    public ECFieldElement square()
+    {
+        int[] z = Nat.create(17);
+        SecP521R1Field.square(x, z);
+        return new SecP521R1FieldElement(z);
+    }
+
+    public ECFieldElement invert()
+    {
+//        return new SecP521R1FieldElement(toBigInteger().modInverse(Q));
+        int[] z = Nat.create(17);
+        Mod.invert(SecP521R1Field.P, x, z);
+        return new SecP521R1FieldElement(z);
+    }
+
+    // D.1.4 91
+    /**
+     * return a sqrt root - the routine verifies that the calculation returns the right value - if
+     * none exists it returns null.
+     */
+    public ECFieldElement sqrt()
+    {
+        // Raise this element to the exponent 2^519
+
+        int[] x1 = this.x;
+        if (Nat.isZero(17, x1) || Nat.isOne(17, x1))
+        {
+            return this;
+        }
+
+        int[] t1 = Nat.create(17);
+        int[] t2 = Nat.create(17);
+
+        SecP521R1Field.squareN(x1, 519, t1);
+        SecP521R1Field.square(t1, t2);
+
+        return Nat.eq(17, x1, t2) ? new SecP521R1FieldElement(t1) : null;
+    }
+
+    public boolean equals(Object other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof SecP521R1FieldElement))
+        {
+            return false;
+        }
+
+        SecP521R1FieldElement o = (SecP521R1FieldElement)other;
+        return Nat.eq(17, x, o.x);
+    }
+
+    public int hashCode()
+    {
+        return Q.hashCode() ^ Arrays.hashCode(x, 0, 17);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Point.java b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Point.java
new file mode 100644
index 0000000..d973715
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP521R1Point.java
@@ -0,0 +1,333 @@
+package org.bouncycastle.math.ec.custom.sec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.raw.Nat;
+
+public class SecP521R1Point extends ECPoint.AbstractFp
+{
+    /**
+     * Create a point which encodes with point compression.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * 
+     * @deprecated Use ECCurve.createPoint to construct points
+     */
+    public SecP521R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this(curve, x, y, false);
+    }
+
+    /**
+     * Create a point that encodes with or without point compresion.
+     * 
+     * @param curve
+     *            the curve to use
+     * @param x
+     *            affine x co-ordinate
+     * @param y
+     *            affine y co-ordinate
+     * @param withCompression
+     *            if true encode with point compression
+     * 
+     * @deprecated per-point compression property will be removed, refer
+     *             {@link #getEncoded(boolean)}
+     */
+    public SecP521R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+    {
+        super(curve, x, y);
+
+        if ((x == null) != (y == null))
+        {
+            throw new IllegalArgumentException("Exactly one of the field elements is null");
+        }
+
+        this.withCompression = withCompression;
+    }
+
+    SecP521R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, boolean withCompression)
+    {
+        super(curve, x, y, zs);
+
+        this.withCompression = withCompression;
+    }
+
+    protected ECPoint detach()
+    {
+        return new SecP521R1Point(null, getAffineXCoord(), getAffineYCoord());
+    }
+
+    public ECPoint add(ECPoint b)
+    {
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return this;
+        }
+        if (this == b)
+        {
+            return twice();
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP521R1FieldElement X1 = (SecP521R1FieldElement)this.x, Y1 = (SecP521R1FieldElement)this.y;
+        SecP521R1FieldElement X2 = (SecP521R1FieldElement)b.getXCoord(), Y2 = (SecP521R1FieldElement)b.getYCoord();
+
+        SecP521R1FieldElement Z1 = (SecP521R1FieldElement)this.zs[0];
+        SecP521R1FieldElement Z2 = (SecP521R1FieldElement)b.getZCoord(0);
+
+        int[] t1 = Nat.create(17);
+        int[] t2 = Nat.create(17);
+        int[] t3 = Nat.create(17);
+        int[] t4 = Nat.create(17);
+
+        boolean Z1IsOne = Z1.isOne();
+        int[] U2, S2;
+        if (Z1IsOne)
+        {
+            U2 = X2.x;
+            S2 = Y2.x;
+        }
+        else
+        {
+            S2 = t3;
+            SecP521R1Field.square(Z1.x, S2);
+
+            U2 = t2;
+            SecP521R1Field.multiply(S2, X2.x, U2);
+
+            SecP521R1Field.multiply(S2, Z1.x, S2);
+            SecP521R1Field.multiply(S2, Y2.x, S2);
+        }
+
+        boolean Z2IsOne = Z2.isOne();
+        int[] U1, S1;
+        if (Z2IsOne)
+        {
+            U1 = X1.x;
+            S1 = Y1.x;
+        }
+        else
+        {
+            S1 = t4;
+            SecP521R1Field.square(Z2.x, S1);
+
+            U1 = t1;
+            SecP521R1Field.multiply(S1, X1.x, U1);
+
+            SecP521R1Field.multiply(S1, Z2.x, S1);
+            SecP521R1Field.multiply(S1, Y1.x, S1);
+        }
+
+        int[] H = Nat.create(17);
+        SecP521R1Field.subtract(U1, U2, H);
+
+        int[] R = t2;
+        SecP521R1Field.subtract(S1, S2, R);
+
+        // Check if b == this or b == -this
+        if (Nat.isZero(17, H))
+        {
+            if (Nat.isZero(17, R))
+            {
+                // this == b, i.e. this must be doubled
+                return this.twice();
+            }
+
+            // this == -b, i.e. the result is the point at infinity
+            return curve.getInfinity();
+        }
+
+        int[] HSquared = t3;
+        SecP521R1Field.square(H, HSquared);
+
+        int[] G = Nat.create(17);
+        SecP521R1Field.multiply(HSquared, H, G);
+
+        int[] V = t3;
+        SecP521R1Field.multiply(HSquared, U1, V);
+
+        SecP521R1Field.multiply(S1, G, t1);
+
+        SecP521R1FieldElement X3 = new SecP521R1FieldElement(t4);
+        SecP521R1Field.square(R, X3.x);
+        SecP521R1Field.add(X3.x, G, X3.x);
+        SecP521R1Field.subtract(X3.x, V, X3.x);
+        SecP521R1Field.subtract(X3.x, V, X3.x);
+
+        SecP521R1FieldElement Y3 = new SecP521R1FieldElement(G);
+        SecP521R1Field.subtract(V, X3.x, Y3.x);
+        SecP521R1Field.multiply(Y3.x, R, t2);
+        SecP521R1Field.subtract(t2, t1, Y3.x);
+
+        SecP521R1FieldElement Z3 = new SecP521R1FieldElement(H);
+        if (!Z1IsOne)
+        {
+            SecP521R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+        if (!Z2IsOne)
+        {
+            SecP521R1Field.multiply(Z3.x, Z2.x, Z3.x);
+        }
+
+        ECFieldElement[] zs = new ECFieldElement[]{ Z3 };
+
+        return new SecP521R1Point(curve, X3, Y3, zs, this.withCompression);
+    }
+
+    public ECPoint twice()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        ECCurve curve = this.getCurve();
+
+        SecP521R1FieldElement Y1 = (SecP521R1FieldElement)this.y;
+        if (Y1.isZero())
+        {
+            return curve.getInfinity();
+        }
+
+        SecP521R1FieldElement X1 = (SecP521R1FieldElement)this.x, Z1 = (SecP521R1FieldElement)this.zs[0];
+
+        int[] t1 = Nat.create(17);
+        int[] t2 = Nat.create(17);
+
+        int[] Y1Squared = Nat.create(17);
+        SecP521R1Field.square(Y1.x, Y1Squared);
+
+        int[] T = Nat.create(17);
+        SecP521R1Field.square(Y1Squared, T);
+
+        boolean Z1IsOne = Z1.isOne();
+
+        int[] Z1Squared = Z1.x;
+        if (!Z1IsOne)
+        {
+            Z1Squared = t2;
+            SecP521R1Field.square(Z1.x, Z1Squared);
+        }
+
+        SecP521R1Field.subtract(X1.x, Z1Squared, t1);
+
+        int[] M = t2;
+        SecP521R1Field.add(X1.x, Z1Squared, M);
+        SecP521R1Field.multiply(M, t1, M);
+        Nat.addBothTo(17, M, M, M);
+        SecP521R1Field.reduce23(M);
+
+        int[] S = Y1Squared;
+        SecP521R1Field.multiply(Y1Squared, X1.x, S);
+        Nat.shiftUpBits(17, S, 2, 0);
+        SecP521R1Field.reduce23(S);
+
+        Nat.shiftUpBits(17, T, 3, 0, t1);
+        SecP521R1Field.reduce23(t1);
+
+        SecP521R1FieldElement X3 = new SecP521R1FieldElement(T);
+        SecP521R1Field.square(M, X3.x);
+        SecP521R1Field.subtract(X3.x, S, X3.x);
+        SecP521R1Field.subtract(X3.x, S, X3.x);
+
+        SecP521R1FieldElement Y3 = new SecP521R1FieldElement(S);
+        SecP521R1Field.subtract(S, X3.x, Y3.x);
+        SecP521R1Field.multiply(Y3.x, M, Y3.x);
+        SecP521R1Field.subtract(Y3.x, t1, Y3.x);
+
+        SecP521R1FieldElement Z3 = new SecP521R1FieldElement(M);
+        SecP521R1Field.twice(Y1.x, Z3.x);
+        if (!Z1IsOne)
+        {
+            SecP521R1Field.multiply(Z3.x, Z1.x, Z3.x);
+        }
+
+        return new SecP521R1Point(curve, X3, Y3, new ECFieldElement[]{ Z3 }, this.withCompression);
+    }
+
+    public ECPoint twicePlus(ECPoint b)
+    {
+        if (this == b)
+        {
+            return threeTimes();
+        }
+        if (this.isInfinity())
+        {
+            return b;
+        }
+        if (b.isInfinity())
+        {
+            return twice();
+        }
+
+        ECFieldElement Y1 = this.y;
+        if (Y1.isZero())
+        {
+            return b;
+        }
+
+        return twice().add(b);
+    }
+
+    public ECPoint threeTimes()
+    {
+        if (this.isInfinity() || this.y.isZero())
+        {
+            return this;
+        }
+
+        // NOTE: Be careful about recursions between twicePlus and threeTimes
+        return twice().add(this);
+    }
+
+    protected ECFieldElement two(ECFieldElement x)
+    {
+        return x.add(x);
+    }
+
+    protected ECFieldElement three(ECFieldElement x)
+    {
+        return two(x).add(x);
+    }
+
+    protected ECFieldElement four(ECFieldElement x)
+    {
+        return two(two(x));
+    }
+
+    protected ECFieldElement eight(ECFieldElement x)
+    {
+        return four(two(x));
+    }
+
+    protected ECFieldElement doubleProductFromSquares(ECFieldElement a, ECFieldElement b,
+        ECFieldElement aSquared, ECFieldElement bSquared)
+    {
+        /*
+         * NOTE: If squaring in the field is faster than multiplication, then this is a quicker
+         * way to calculate 2.A.B, if A^2 and B^2 are already known.
+         */
+        return a.add(b).square().subtract(aSquared).subtract(bSquared);
+    }
+
+    public ECPoint negate()
+    {
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        return new SecP521R1Point(curve, this.x, this.y.negate(), this.zs, this.withCompression);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/package.html b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/package.html
new file mode 100644
index 0000000..bb2845c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/custom/sec/package.html
@@ -0,0 +1,6 @@
+<html>
+<body bgcolor="#ffffff">
+Custom implementations of (most of) the curves over Fp from the SEC specification. Uses the new "raw" math classes
+in place of BigInteger, and includes customized modular reductions taking advantage of the special forms of the primes.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/endo/ECEndomorphism.java b/bcprov/src/main/java/org/bouncycastle/math/ec/endo/ECEndomorphism.java
new file mode 100644
index 0000000..2be0c01
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/endo/ECEndomorphism.java
@@ -0,0 +1,10 @@
+package org.bouncycastle.math.ec.endo;
+
+import org.bouncycastle.math.ec.ECPointMap;
+
+public interface ECEndomorphism
+{
+    ECPointMap getPointMap();
+
+    boolean hasEfficientPointMap();
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/endo/GLVEndomorphism.java b/bcprov/src/main/java/org/bouncycastle/math/ec/endo/GLVEndomorphism.java
new file mode 100644
index 0000000..8897bb3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/endo/GLVEndomorphism.java
@@ -0,0 +1,8 @@
+package org.bouncycastle.math.ec.endo;
+
+import java.math.BigInteger;
+
+public interface GLVEndomorphism extends ECEndomorphism
+{
+    BigInteger[] decomposeScalar(BigInteger k);
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBEndomorphism.java b/bcprov/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBEndomorphism.java
new file mode 100644
index 0000000..ab710d1
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBEndomorphism.java
@@ -0,0 +1,58 @@
+package org.bouncycastle.math.ec.endo;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPointMap;
+import org.bouncycastle.math.ec.ScaleXPointMap;
+
+public class GLVTypeBEndomorphism implements GLVEndomorphism
+{
+    protected final ECCurve curve;
+    protected final GLVTypeBParameters parameters;
+    protected final ECPointMap pointMap;
+
+    public GLVTypeBEndomorphism(ECCurve curve, GLVTypeBParameters parameters)
+    {
+        this.curve = curve;
+        this.parameters = parameters;
+        this.pointMap = new ScaleXPointMap(curve.fromBigInteger(parameters.getBeta()));
+    }
+
+    public BigInteger[] decomposeScalar(BigInteger k)
+    {
+        int bits = parameters.getBits();
+        BigInteger b1 = calculateB(k, parameters.getG1(), bits);
+        BigInteger b2 = calculateB(k, parameters.getG2(), bits);
+
+        BigInteger[] v1 = parameters.getV1(), v2 = parameters.getV2();
+        BigInteger a = k.subtract((b1.multiply(v1[0])).add(b2.multiply(v2[0])));
+        BigInteger b = (b1.multiply(v1[1])).add(b2.multiply(v2[1])).negate();
+
+        return new BigInteger[]{ a, b };
+    }
+
+    public ECPointMap getPointMap()
+    {
+        return pointMap;
+    }
+
+    public boolean hasEfficientPointMap()
+    {
+        return true;
+    }
+
+    protected BigInteger calculateB(BigInteger k, BigInteger g, int t)
+    {
+        boolean negative = (g.signum() < 0);
+        BigInteger b = k.multiply(g.abs());
+        boolean extra = b.testBit(t - 1);
+        b = b.shiftRight(t);
+        if (extra)
+        {
+            b = b.add(ECConstants.ONE);
+        }
+        return negative ? b.negate() : b;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBParameters.java b/bcprov/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBParameters.java
new file mode 100644
index 0000000..f02a882
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBParameters.java
@@ -0,0 +1,59 @@
+package org.bouncycastle.math.ec.endo;
+
+import java.math.BigInteger;
+
+public class GLVTypeBParameters
+{
+    protected final BigInteger beta;
+    protected final BigInteger lambda;
+    protected final BigInteger[] v1, v2;
+    protected final BigInteger g1, g2;
+    protected final int bits;
+
+    public GLVTypeBParameters(BigInteger beta, BigInteger lambda, BigInteger[] v1, BigInteger[] v2, BigInteger g1,
+        BigInteger g2, int bits)
+    {
+        this.beta = beta;
+        this.lambda = lambda;
+        this.v1 = v1;
+        this.v2 = v2;
+        this.g1 = g1;
+        this.g2 = g2;
+        this.bits = bits;
+    }
+
+    public BigInteger getBeta()
+    {
+        return beta;
+    }
+
+    public BigInteger getLambda()
+    {
+        return lambda;
+    }
+
+    public BigInteger[] getV1()
+    {
+        return v1;
+    }
+
+    public BigInteger[] getV2()
+    {
+        return v2;
+    }
+
+    public BigInteger getG1()
+    {
+        return g1;
+    }
+
+    public BigInteger getG2()
+    {
+        return g2;
+    }
+    
+    public int getBits()
+    {
+        return bits;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/package.html b/bcprov/src/main/java/org/bouncycastle/math/ec/package.html
new file mode 100644
index 0000000..a02605b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Math support for Elliptic Curve.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/tools/DiscoverEndomorphisms.java b/bcprov/src/main/java/org/bouncycastle/math/ec/tools/DiscoverEndomorphisms.java
new file mode 100644
index 0000000..4ee2de6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/ec/tools/DiscoverEndomorphisms.java
@@ -0,0 +1,373 @@
+package org.bouncycastle.math.ec.tools;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.asn1.x9.ECNamedCurveTable;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.math.ec.ECAlgorithms;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.util.BigIntegers;
+
+public class DiscoverEndomorphisms
+{
+    private static final int radix = 16;
+
+    public static void main(String[] args)
+    {
+        if (args.length < 1)
+        {
+            System.err.println("Expected a list of curve names as arguments");
+            return;
+        }
+
+        for (int i = 0; i < args.length; ++i)
+        {
+            discoverEndomorphism(args[i]);
+        }
+    }
+
+    private static void discoverEndomorphism(String curveName)
+    {
+        X9ECParameters x9 = ECNamedCurveTable.getByName(curveName);
+        if (x9 == null)
+        {
+            System.err.println("Unknown curve: " + curveName);
+            return;
+        }
+
+        ECCurve c = x9.getCurve();
+        if (ECAlgorithms.isFpCurve(c))
+        {
+            BigInteger characteristic = c.getField().getCharacteristic();
+
+            if (c.getA().isZero() && characteristic.mod(ECConstants.THREE).equals(ECConstants.ONE))
+            {
+                System.out.println("Curve '" + curveName + "' has a 'GLV Type B' endomorphism with these parameters: ");
+                printGLVTypeBParameters(x9);
+            }
+        }
+    }
+
+    private static void printGLVTypeBParameters(X9ECParameters x9)
+    {
+        BigInteger n = x9.getN();
+        BigInteger[] v1 = null;
+        BigInteger[] v2 = null;
+
+        // x^2 + x + 1 = 0 mod n
+        BigInteger lambda = solveQuadraticEquation(n, ECConstants.ONE, ECConstants.ONE);
+
+        BigInteger[] rt = extEuclidGLV(n, lambda);
+        v1 = new BigInteger[]{ rt[2], rt[3].negate() };
+        v2 = chooseShortest(new BigInteger[]{ rt[0], rt[1].negate() }, new BigInteger[]{ rt[4], rt[5].negate() });
+
+        /*
+         * If elements of v2 are not bounded by sqrt(n), then if r1/t1 are relatively prime there
+         * _may_ yet be a GLV generator, so search for it. See
+         * "Integer Decomposition for Fast Scalar Multiplication on Elliptic Curves", D. Kim, S. Lim
+         * (SAC 2002)
+         */
+        if (!isVectorBoundedBySqrt(v2, n) && areRelativelyPrime(v1[0], v1[1]))
+        {
+            BigInteger r = v1[0], t = v1[1], s = r.add(t.multiply(lambda)).divide(n);
+
+            BigInteger[] vw = extEuclidBezout(new BigInteger[]{ s.abs(), t.abs() });
+            BigInteger v = vw[0], w = vw[1];
+
+            if (s.signum() < 0)
+            {
+                v = v.negate();
+            }
+            if (t.signum() > 0)
+            {
+                w = w.negate();
+            }
+
+            BigInteger check = s.multiply(v).subtract(t.multiply(w));
+            if (!check.equals(ECConstants.ONE))
+            {
+                throw new IllegalStateException();
+            }
+
+            BigInteger x = w.multiply(n).subtract(v.multiply(lambda));
+
+            BigInteger base1 = v.negate();
+            BigInteger base2 = x.negate();
+
+            /*
+             * We calculate the range(s) conservatively large to avoid messy rounding issues, so
+             * there may be spurious candidate generators, but we won't miss any.
+             */
+            BigInteger sqrtN = isqrt(n.subtract(ECConstants.ONE)).add(ECConstants.ONE);
+
+            BigInteger[] I1 = calculateRange(base1, sqrtN, t);
+            BigInteger[] I2 = calculateRange(base2, sqrtN, r);
+
+            BigInteger[] range = intersect(I1, I2);
+            if (range != null)
+            {
+                for (BigInteger alpha = range[0]; alpha.compareTo(range[1]) <= 0; alpha = alpha.add(ECConstants.ONE))
+                {
+                    BigInteger[] candidate = new BigInteger[]{ x.add(alpha.multiply(r)), v.add(alpha.multiply(t)) };
+                    if (isShorter(candidate, v2))
+                    {
+                        v2 = candidate;
+                    }
+                }
+            }
+        }
+
+        /*
+         * 'Beta' is a field element of order 3. There are only two such values besides 1; determine which of them
+         * corresponds to our choice for 'Lambda'.
+         */
+        ECFieldElement beta;
+        {
+            ECPoint G = x9.getG().normalize();
+            ECPoint mapG = G.multiply(lambda).normalize();
+            if (!G.getYCoord().equals(mapG.getYCoord()))
+            {
+                throw new IllegalStateException("Derivation of GLV Type B parameters failed unexpectedly");
+            }
+    
+            BigInteger q = x9.getCurve().getField().getCharacteristic();
+            BigInteger e = q.divide(ECConstants.THREE);
+
+            SecureRandom random = new SecureRandom();
+            BigInteger b;
+            do
+            {
+                BigInteger r = BigIntegers.createRandomInRange(ECConstants.TWO, q.subtract(ECConstants.TWO), random);
+                b = r.modPow(e, q);
+            }
+            while (b.equals(ECConstants.ONE));
+
+            beta = x9.getCurve().fromBigInteger(ECConstants.TWO.modPow(e, q));
+
+            if (!G.getXCoord().multiply(beta).equals(mapG.getXCoord()))
+            {
+                beta = beta.square();
+                if (!G.getXCoord().multiply(beta).equals(mapG.getXCoord()))
+                {
+                    throw new IllegalStateException("Derivation of GLV Type B parameters failed unexpectedly");
+                }
+            }
+        }
+
+        /*
+         * These parameters are used to avoid division when decomposing the scalar in a GLV point multiplication
+         */
+        BigInteger d = (v1[0].multiply(v2[1])).subtract(v1[1].multiply(v2[0]));
+
+        int bits = n.bitLength() + 16 - (n.bitLength() & 7);
+        BigInteger g1 = roundQuotient(v2[1].shiftLeft(bits), d);
+        BigInteger g2 = roundQuotient(v1[1].shiftLeft(bits), d).negate();
+
+        printProperty("Beta", beta.toBigInteger().toString(radix));
+        printProperty("Lambda", lambda.toString(radix));
+        printProperty("v1", "{ " + v1[0].toString(radix) + ", " + v1[1].toString(radix) + " }");
+        printProperty("v2", "{ " + v2[0].toString(radix) + ", " + v2[1].toString(radix) + " }");
+        printProperty("(OPT) g1", g1.toString(radix));
+        printProperty("(OPT) g2", g2.toString(radix));
+        printProperty("(OPT) bits", Integer.toString(bits));
+    }
+
+    private static void printProperty(String name, Object value)
+    {
+        StringBuffer sb = new StringBuffer("  ");
+        sb.append(name);
+        while (sb.length() < 20)
+        {
+            sb.append(' ');
+        }
+        sb.append("= ");
+        sb.append(value.toString());
+        System.out.println(sb.toString());
+    }
+
+    private static boolean areRelativelyPrime(BigInteger a, BigInteger b)
+    {
+        return a.gcd(b).equals(ECConstants.ONE);
+    }
+
+    private static BigInteger[] calculateRange(BigInteger mid, BigInteger off, BigInteger div)
+    {
+        BigInteger i1 = mid.subtract(off).divide(div);
+        BigInteger i2 = mid.add(off).divide(div);
+        return order(i1, i2);
+    }
+
+    private static BigInteger[] extEuclidBezout(BigInteger[] ab)
+    {
+        boolean swap = ab[0].compareTo(ab[1]) < 0;
+        if (swap)
+        {
+            swap(ab);
+        }
+
+        BigInteger r0 = ab[0], r1 = ab[1];
+        BigInteger s0 = ECConstants.ONE, s1 = ECConstants.ZERO;
+        BigInteger t0 = ECConstants.ZERO, t1 = ECConstants.ONE;
+
+        while (r1.compareTo(ECConstants.ONE) > 0)
+        {
+            BigInteger[] qr = r0.divideAndRemainder(r1);
+            BigInteger q = qr[0], r2 = qr[1];
+
+            BigInteger s2 = s0.subtract(q.multiply(s1));
+            BigInteger t2 = t0.subtract(q.multiply(t1));
+
+            r0 = r1;
+            r1 = r2;
+            s0 = s1;
+            s1 = s2;
+            t0 = t1;
+            t1 = t2;
+        }
+
+        if (r1.signum() <= 0)
+        {
+            throw new IllegalStateException();
+        }
+
+        BigInteger[] st = new BigInteger[]{ s1, t1 };
+        if (swap)
+        {
+            swap(st);
+        }
+        return st;
+    }
+
+    private static BigInteger[] extEuclidGLV(BigInteger n, BigInteger lambda)
+    {
+        BigInteger r0 = n, r1 = lambda;
+        // BigInteger s0 = ECConstants.ONE, s1 = ECConstants.ZERO;
+        BigInteger t0 = ECConstants.ZERO, t1 = ECConstants.ONE;
+
+        for (;;)
+        {
+            BigInteger[] qr = r0.divideAndRemainder(r1);
+            BigInteger q = qr[0], r2 = qr[1];
+
+            // BigInteger s2 = s0.subtract(q.multiply(s1));
+            BigInteger t2 = t0.subtract(q.multiply(t1));
+
+            if (isLessThanSqrt(r1, n))
+            {
+                return new BigInteger[]{ r0, t0, r1, t1, r2, t2 };
+            }
+
+            r0 = r1;
+            r1 = r2;
+            // s0 = s1;
+            // s1 = s2;
+            t0 = t1;
+            t1 = t2;
+        }
+    }
+
+    private static BigInteger[] chooseShortest(BigInteger[] u, BigInteger[] v)
+    {
+        return isShorter(u, v) ? u : v;
+    }
+
+    private static BigInteger[] intersect(BigInteger[] ab, BigInteger[] cd)
+    {
+        BigInteger min = ab[0].max(cd[0]);
+        BigInteger max = ab[1].min(cd[1]);
+        if (min.compareTo(max) > 0)
+        {
+            return null;
+        }
+        return new BigInteger[]{ min, max };
+    }
+
+    private static boolean isLessThanSqrt(BigInteger a, BigInteger b)
+    {
+        a = a.abs();
+        b = b.abs();
+        int target = b.bitLength(), maxBits = a.bitLength() * 2, minBits = maxBits - 1;
+        return minBits <= target && (maxBits < target || a.multiply(a).compareTo(b) < 0);
+    }
+
+    private static boolean isShorter(BigInteger[] u, BigInteger[] v)
+    {
+        BigInteger u1 = u[0].abs(), u2 = u[1].abs(), v1 = v[0].abs(), v2 = v[1].abs();
+
+        // TODO Check whether "shorter" just means by rectangle norm:
+        // return u1.max(u2).compareTo(v1.max(v2)) < 0;
+
+        boolean c1 = u1.compareTo(v1) < 0, c2 = u2.compareTo(v2) < 0;
+        if (c1 == c2)
+        {
+            return c1;
+        }
+
+        BigInteger du = u1.multiply(u1).add(u2.multiply(u2));
+        BigInteger dv = v1.multiply(v1).add(v2.multiply(v2));
+
+        return du.compareTo(dv) < 0;
+    }
+
+    private static boolean isVectorBoundedBySqrt(BigInteger[] v, BigInteger n)
+    {
+        BigInteger max = v[0].abs().max(v[1].abs());
+        return isLessThanSqrt(max, n);
+    }
+
+    private static BigInteger[] order(BigInteger a, BigInteger b)
+    {
+        if (a.compareTo(b) <= 0)
+        {
+            return new BigInteger[]{ a, b };
+        }
+        return new BigInteger[]{ b, a };
+    }
+
+    private static BigInteger roundQuotient(BigInteger x, BigInteger y)
+    {
+        boolean negative = (x.signum() != y.signum());
+        x = x.abs();
+        y = y.abs();
+        BigInteger result = x.add(y.shiftRight(1)).divide(y);
+        return negative ? result.negate() : result;
+    }
+
+    private static BigInteger solveQuadraticEquation(BigInteger n, BigInteger r, BigInteger s)
+    {
+        BigInteger det = r.multiply(r).subtract(s.shiftLeft(2)).mod(n);
+
+        BigInteger root = new ECFieldElement.Fp(n, det).sqrt().toBigInteger();
+        if (!root.testBit(0))
+        {
+            root = n.subtract(root);
+        }
+
+        return root.shiftRight(1); // NOTE: implicit -1 of the low-bit
+    }
+
+    private static BigInteger isqrt(BigInteger x)
+    {
+        BigInteger g0 = x.shiftRight(x.bitLength() / 2);
+        for (;;)
+        {
+            BigInteger g1 = g0.add(x.divide(g0)).shiftRight(1);
+            if (g1.equals(g0))
+            {
+                return g1;
+            }
+            g0 = g1;
+        }
+    }
+
+    private static void swap(BigInteger[] ab)
+    {
+        BigInteger tmp = ab[0];
+        ab[0] = ab[1];
+        ab[1] = tmp;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/field/ExtensionField.java b/bcprov/src/main/java/org/bouncycastle/math/field/ExtensionField.java
new file mode 100644
index 0000000..dfefba7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/field/ExtensionField.java
@@ -0,0 +1,8 @@
+package org.bouncycastle.math.field;
+
+public interface ExtensionField extends FiniteField
+{
+    FiniteField getSubfield();
+
+    int getDegree();
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/field/FiniteField.java b/bcprov/src/main/java/org/bouncycastle/math/field/FiniteField.java
new file mode 100644
index 0000000..0a5baa0
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/field/FiniteField.java
@@ -0,0 +1,10 @@
+package org.bouncycastle.math.field;
+
+import java.math.BigInteger;
+
+public interface FiniteField
+{
+    BigInteger getCharacteristic();
+
+    int getDimension();
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/field/FiniteFields.java b/bcprov/src/main/java/org/bouncycastle/math/field/FiniteFields.java
new file mode 100644
index 0000000..7197ffd
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/field/FiniteFields.java
@@ -0,0 +1,53 @@
+package org.bouncycastle.math.field;
+
+import java.math.BigInteger;
+
+public abstract class FiniteFields
+{
+    static final FiniteField GF_2 = new PrimeField(BigInteger.valueOf(2));
+    static final FiniteField GF_3 = new PrimeField(BigInteger.valueOf(3));
+
+    public static PolynomialExtensionField getBinaryExtensionField(int[] exponents)
+    {
+        if (exponents[0] != 0)
+        {
+            throw new IllegalArgumentException("Irreducible polynomials in GF(2) must have constant term");
+        }
+        for (int i = 1; i < exponents.length; ++i)
+        {
+            if (exponents[i] <= exponents[i - 1])
+            {
+                throw new IllegalArgumentException("Polynomial exponents must be montonically increasing");
+            }
+        }
+
+        return new GenericPolynomialExtensionField(GF_2, new GF2Polynomial(exponents));
+    }
+
+//    public static PolynomialExtensionField getTernaryExtensionField(Term[] terms)
+//    {
+//        return new GenericPolynomialExtensionField(GF_3, new GF3Polynomial(terms));
+//    }
+
+    public static FiniteField getPrimeField(BigInteger characteristic)
+    {
+        int bitLength = characteristic.bitLength();
+        if (characteristic.signum() <= 0 || bitLength < 2)
+        {
+            throw new IllegalArgumentException("'characteristic' must be >= 2");
+        }
+
+        if (bitLength < 3)
+        {
+            switch (characteristic.intValue())
+            {
+            case 2:
+                return GF_2;
+            case 3:
+                return GF_3;
+            }
+        }
+
+        return new PrimeField(characteristic);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/field/GF2Polynomial.java b/bcprov/src/main/java/org/bouncycastle/math/field/GF2Polynomial.java
new file mode 100644
index 0000000..73be768
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/field/GF2Polynomial.java
@@ -0,0 +1,42 @@
+package org.bouncycastle.math.field;
+
+import org.bouncycastle.util.Arrays;
+
+class GF2Polynomial implements Polynomial
+{
+    protected final int[] exponents;
+
+    GF2Polynomial(int[] exponents)
+    {
+        this.exponents = Arrays.clone(exponents);
+    }
+
+    public int getDegree()
+    {
+        return exponents[exponents.length - 1];
+    }
+
+    public int[] getExponentsPresent()
+    {
+        return Arrays.clone(exponents);
+    }
+
+    public boolean equals(Object obj)
+    {
+        if (this == obj)
+        {
+            return true;
+        }
+        if (!(obj instanceof GF2Polynomial))
+        {
+            return false;
+        }
+        GF2Polynomial other = (GF2Polynomial)obj;
+        return Arrays.areEqual(exponents, other.exponents);
+    }
+
+    public int hashCode()
+    {
+        return Arrays.hashCode(exponents);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/field/GenericPolynomialExtensionField.java b/bcprov/src/main/java/org/bouncycastle/math/field/GenericPolynomialExtensionField.java
new file mode 100644
index 0000000..0b93a71
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/field/GenericPolynomialExtensionField.java
@@ -0,0 +1,62 @@
+package org.bouncycastle.math.field;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.util.Integers;
+
+class GenericPolynomialExtensionField implements PolynomialExtensionField
+{
+    protected final FiniteField subfield;
+    protected final Polynomial minimalPolynomial;
+
+    GenericPolynomialExtensionField(FiniteField subfield, Polynomial polynomial)
+    {
+        this.subfield = subfield;
+        this.minimalPolynomial = polynomial;
+    }
+
+    public BigInteger getCharacteristic()
+    {
+        return subfield.getCharacteristic();
+    }
+
+    public int getDimension()
+    {
+        return subfield.getDimension() * minimalPolynomial.getDegree();
+    }
+
+    public FiniteField getSubfield()
+    {
+        return subfield;
+    }
+
+    public int getDegree()
+    {
+        return minimalPolynomial.getDegree();
+    }
+
+    public Polynomial getMinimalPolynomial()
+    {
+        return minimalPolynomial;
+    }
+
+    public boolean equals(Object obj)
+    {
+        if (this == obj)
+        {
+            return true;
+        }
+        if (!(obj instanceof GenericPolynomialExtensionField))
+        {
+            return false;
+        }
+        GenericPolynomialExtensionField other = (GenericPolynomialExtensionField)obj;
+        return subfield.equals(other.subfield) && minimalPolynomial.equals(other.minimalPolynomial);
+    }
+
+    public int hashCode()
+    {
+        return subfield.hashCode()
+            ^ Integers.rotateLeft(minimalPolynomial.hashCode(), 16);
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/field/Polynomial.java b/bcprov/src/main/java/org/bouncycastle/math/field/Polynomial.java
new file mode 100644
index 0000000..e5ccd61
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/field/Polynomial.java
@@ -0,0 +1,12 @@
+package org.bouncycastle.math.field;
+
+public interface Polynomial
+{
+    int getDegree();
+
+//    BigInteger[] getCoefficients();
+
+    int[] getExponentsPresent();
+
+//    Term[] getNonZeroTerms();
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/field/PolynomialExtensionField.java b/bcprov/src/main/java/org/bouncycastle/math/field/PolynomialExtensionField.java
new file mode 100644
index 0000000..aedcbee
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/field/PolynomialExtensionField.java
@@ -0,0 +1,6 @@
+package org.bouncycastle.math.field;
+
+public interface PolynomialExtensionField extends ExtensionField
+{
+    Polynomial getMinimalPolynomial();
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/field/PrimeField.java b/bcprov/src/main/java/org/bouncycastle/math/field/PrimeField.java
new file mode 100644
index 0000000..fd1e253
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/field/PrimeField.java
@@ -0,0 +1,42 @@
+package org.bouncycastle.math.field;
+
+import java.math.BigInteger;
+
+class PrimeField implements FiniteField
+{
+    protected final BigInteger characteristic;
+
+    PrimeField(BigInteger characteristic)
+    {
+        this.characteristic = characteristic;
+    }
+
+    public BigInteger getCharacteristic()
+    {
+        return characteristic;
+    }
+
+    public int getDimension()
+    {
+        return 1;
+    }
+
+    public boolean equals(Object obj)
+    {
+        if (this == obj)
+        {
+            return true;
+        }
+        if (!(obj instanceof PrimeField))
+        {
+            return false;
+        }
+        PrimeField other = (PrimeField)obj;
+        return characteristic.equals(other.characteristic);
+    }
+
+    public int hashCode()
+    {
+        return characteristic.hashCode();
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/raw/Mod.java b/bcprov/src/main/java/org/bouncycastle/math/raw/Mod.java
new file mode 100644
index 0000000..47e6d8c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/raw/Mod.java
@@ -0,0 +1,199 @@
+package org.bouncycastle.math.raw;
+
+import java.util.Random;
+
+import org.bouncycastle.util.Pack;
+
+public abstract class Mod
+{
+    public static int inverse32(int d)
+    {
+//        int x = d + (((d + 1) & 4) << 1);   // d.x == 1 mod 2**4
+        int x = d;                          // d.x == 1 mod 2**3
+        x *= 2 - d * x;                     // d.x == 1 mod 2**6
+        x *= 2 - d * x;                     // d.x == 1 mod 2**12
+        x *= 2 - d * x;                     // d.x == 1 mod 2**24
+        x *= 2 - d * x;                     // d.x == 1 mod 2**48
+//        assert d * x == 1;
+        return  x;
+    }
+
+    public static void invert(int[] p, int[] x, int[] z)
+    {
+        int len = p.length;
+        if (Nat.isZero(len, x))
+        {
+            throw new IllegalArgumentException("'x' cannot be 0");
+        }
+        if (Nat.isOne(len, x))
+        {
+            System.arraycopy(x, 0, z, 0, len);
+            return;
+        }
+
+        int[] u = Nat.copy(len, x);
+        int[] a = Nat.create(len);
+        a[0] = 1;
+        int ac = 0;
+
+        if ((u[0] & 1) == 0)
+        {
+            ac = inversionStep(p, u, len, a, ac);
+        }
+        if (Nat.isOne(len, u))
+        {
+            inversionResult(p, ac, a, z);
+            return;
+        }
+
+        int[] v = Nat.copy(len, p);
+        int[] b = Nat.create(len);
+        int bc = 0;
+
+        int uvLen = len;
+
+        for (;;)
+        {
+            while (u[uvLen - 1] == 0 && v[uvLen - 1] == 0)
+            {
+                --uvLen;
+            }
+
+            if (Nat.gte(uvLen, u, v))
+            {
+                Nat.subFrom(uvLen, v, u);
+//              assert (u[0] & 1) == 0;
+                ac += Nat.subFrom(len, b, a) - bc;
+                ac = inversionStep(p, u, uvLen, a, ac);
+                if (Nat.isOne(uvLen, u))
+                {
+                    inversionResult(p, ac, a, z);
+                    return;
+                }
+            }
+            else
+            {
+                Nat.subFrom(uvLen, u, v);
+//              assert (v[0] & 1) == 0;
+                bc += Nat.subFrom(len, a, b) - ac;
+                bc = inversionStep(p, v, uvLen, b, bc);
+                if (Nat.isOne(uvLen, v))
+                {
+                    inversionResult(p, bc, b, z);
+                    return;
+                }
+            }
+        }
+    }
+
+    public static int[] random(int[] p)
+    {
+        int len = p.length;
+        Random rand = new Random();
+        int[] s = Nat.create(len);
+
+        int m = p[len - 1];
+        m |= m >>> 1;
+        m |= m >>> 2;
+        m |= m >>> 4;
+        m |= m >>> 8;
+        m |= m >>> 16;
+
+        do
+        {
+            for (int i = 0; i != len; i++)
+            {
+                s[i] = rand.nextInt();
+            }
+            s[len - 1] &= m;
+        }
+        while (Nat.gte(len, s, p));
+
+        return s;
+    }
+
+    public static void add(int[] p, int[] x, int[] y, int[] z)
+    {
+        int len = p.length;
+        int c = Nat.add(len, x, y, z);
+        if (c != 0)
+        {
+            Nat.subFrom(len, p, z);
+        }
+    }
+
+    public static void subtract(int[] p, int[] x, int[] y, int[] z)
+    {
+        int len = p.length;
+        int c = Nat.sub(len, x, y, z);
+        if (c != 0)
+        {
+            Nat.addTo(len, p, z);
+        }
+    }
+
+    private static void inversionResult(int[] p, int ac, int[] a, int[] z)
+    {
+        if (ac < 0)
+        {
+            Nat.add(p.length, a, p, z);
+        }
+        else
+        {
+            System.arraycopy(a, 0, z, 0, p.length);
+        }
+    }
+
+    private static int inversionStep(int[] p, int[] u, int uLen, int[] x, int xc)
+    {
+        int len = p.length;
+        int count = 0;
+        while (u[0] == 0)
+        {
+            Nat.shiftDownWord(uLen, u, 0);
+            count += 32;
+        }
+
+        {
+            int zeroes = getTrailingZeroes(u[0]);
+            if (zeroes > 0)
+            {
+                Nat.shiftDownBits(uLen, u, zeroes, 0);
+                count += zeroes;
+            }
+        }
+
+        for (int i = 0; i < count; ++i)
+        {
+            if ((x[0] & 1) != 0)
+            {
+                if (xc < 0)
+                {
+                    xc += Nat.addTo(len, p, x);
+                }
+                else
+                {
+                    xc += Nat.subFrom(len, p, x);
+                }
+            }
+
+//            assert xc == 0 || xc == 1;
+            Nat.shiftDownBit(len, x, xc);
+        }
+        
+        return xc;
+    }
+
+    private static int getTrailingZeroes(int x)
+    {
+//        assert x != 0;
+
+        int count = 0;
+        while ((x & 1) == 0)
+        {
+            x >>>= 1;
+            ++count;
+        }
+        return count;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/raw/Mont256.java b/bcprov/src/main/java/org/bouncycastle/math/raw/Mont256.java
new file mode 100644
index 0000000..750221f
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/raw/Mont256.java
@@ -0,0 +1,152 @@
+package org.bouncycastle.math.raw;
+
+public abstract class Mont256
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    public static int inverse32(int x)
+    {
+        // assert (x & 1) == 1;
+        int z = x; // x.z == 1 mod 2**3
+        z *= 2 - x * z; // x.z == 1 mod 2**6
+        z *= 2 - x * z; // x.z == 1 mod 2**12
+        z *= 2 - x * z; // x.z == 1 mod 2**24
+        z *= 2 - x * z; // x.z == 1 mod 2**48
+        // assert x * z == 1;
+        return z;
+    }
+
+    public static void multAdd(int[] x, int[] y, int[] z, int[] m, int mInv32)
+    {
+        int z_8 = 0;
+        long y_0 = y[0] & M;
+
+        for (int i = 0; i < 8; ++i)
+        {
+            long z_0 = z[0] & M;
+            long x_i = x[i] & M;
+
+            long prod1 = x_i * y_0;
+            long carry = (prod1 & M) + z_0;
+
+            long t = ((int)carry * mInv32) & M;
+
+            long prod2 = t * (m[0] & M);
+            carry += (prod2 & M);
+            // assert (int)carry == 0;
+            carry = (carry >>> 32) + (prod1 >>> 32) + (prod2 >>> 32);
+
+            for (int j = 1; j < 8; ++j)
+            {
+                prod1 = x_i * (y[j] & M);
+                prod2 = t * (m[j] & M);
+
+                carry += (prod1 & M) + (prod2 & M) + (z[j] & M);
+                z[j - 1] = (int)carry;
+                carry = (carry >>> 32) + (prod1 >>> 32) + (prod2 >>> 32);
+            }
+
+            carry += (z_8 & M);
+            z[7] = (int)carry;
+            z_8 = (int)(carry >>> 32);
+        }
+
+        if (z_8 != 0 || Nat256.gte(z, m))
+        {
+            Nat256.sub(z, m, z);
+        }
+    }
+
+    public static void multAddXF(int[] x, int[] y, int[] z, int[] m)
+    {
+        // assert m[0] == M;
+
+        int z_8 = 0;
+        long y_0 = y[0] & M;
+
+        for (int i = 0; i < 8; ++i)
+        {
+            long x_i = x[i] & M;
+
+            long carry = x_i * y_0 + (z[0] & M);
+            long t = carry & M;
+            carry = (carry >>> 32) + t;
+
+            for (int j = 1; j < 8; ++j)
+            {
+                long prod1 = x_i * (y[j] & M);
+                long prod2 = t * (m[j] & M);
+
+                carry += (prod1 & M) + (prod2 & M) + (z[j] & M);
+                z[j - 1] = (int)carry;
+                carry = (carry >>> 32) + (prod1 >>> 32) + (prod2 >>> 32);
+            }
+
+            carry += (z_8 & M);
+            z[7] = (int)carry;
+            z_8 = (int)(carry >>> 32);
+        }
+
+        if (z_8 != 0 || Nat256.gte(z, m))
+        {
+            Nat256.sub(z, m, z);
+        }
+    }
+
+    public static void reduce(int[] z, int[] m, int mInv32)
+    {
+        for (int i = 0; i < 8; ++i)
+        {
+            int z_0 = z[0];
+
+            long t = (z_0 * mInv32) & M;
+
+            long carry = t * (m[0] & M) + (z_0 & M);
+            // assert (int)carry == 0;
+            carry >>>= 32;
+
+            for (int j = 1; j < 8; ++j)
+            {
+                carry += t * (m[j] & M) + (z[j] & M);
+                z[j - 1] = (int)carry;
+                carry >>>= 32;
+            }
+
+            z[7] = (int)carry;
+            // assert carry >>> 32 == 0;
+        }
+
+        if (Nat256.gte(z, m))
+        {
+            Nat256.sub(z, m, z);
+        }
+    }
+
+    public static void reduceXF(int[] z, int[] m)
+    {
+        // assert m[0] == M;
+
+        for (int i = 0; i < 8; ++i)
+        {
+            int z_0 = z[0];
+
+            long t = z_0 & M;
+            long carry = t;
+
+            for (int j = 1; j < 8; ++j)
+            {
+                carry += t * (m[j] & M) + (z[j] & M);
+                z[j - 1] = (int)carry;
+                carry >>>= 32;
+            }
+
+            z[7] = (int)carry;
+            // assert carry >>> 32 == 0;
+        }
+
+        if (Nat256.gte(z, m))
+        {
+            Nat256.sub(z, m, z);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/raw/Nat.java b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat.java
new file mode 100644
index 0000000..75e1543
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat.java
@@ -0,0 +1,1038 @@
+package org.bouncycastle.math.raw;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.util.Pack;
+
+public abstract class Nat
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    public static int add(int len, int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (x[i] & M) + (y[i] & M);
+            z[i] = (int)c;
+            c >>>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int add33At(int len, int x, int[] z, int zPos)
+    {
+        // assert zPos <= (len - 2);
+        long c = (z[zPos + 0] & M) + (x & M);
+        z[zPos + 0] = (int)c;
+        c >>>= 32;
+        c += (z[zPos + 1] & M) + 1L;
+        z[zPos + 1] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zPos + 2);
+    }
+
+    public static int add33At(int len, int x, int[] z, int zOff, int zPos)
+    {
+        // assert zPos <= (len - 2);
+        long c = (z[zOff + zPos] & M) + (x & M);
+        z[zOff + zPos] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + zPos + 1] & M) + 1L;
+        z[zOff + zPos + 1] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zOff, zPos + 2);
+    }
+
+    public static int add33To(int len, int x, int[] z)
+    {
+        long c = (z[0] & M) + (x & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (z[1] & M) + 1L;
+        z[1] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, 2);
+    }
+
+    public static int add33To(int len, int x, int[] z, int zOff)
+    {
+        long c = (z[zOff + 0] & M) + (x & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 1] & M) + 1L;
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zOff, 2);
+    }
+
+    public static int addBothTo(int len, int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (x[i] & M) + (y[i] & M) + (z[i] & M);
+            z[i] = (int)c;
+            c >>>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int addBothTo(int len, int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (x[xOff + i] & M) + (y[yOff + i] & M) + (z[zOff + i] & M);
+            z[zOff + i] = (int)c;
+            c >>>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int addDWordAt(int len, long x, int[] z, int zPos)
+    {
+        // assert zPos <= (len - 2);
+        long c = (z[zPos + 0] & M) + (x & M);
+        z[zPos + 0] = (int)c;
+        c >>>= 32;
+        c += (z[zPos + 1] & M) + (x >>> 32);
+        z[zPos + 1] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zPos + 2);
+    }
+
+    public static int addDWordAt(int len, long x, int[] z, int zOff, int zPos)
+    {
+        // assert zPos <= (len - 2);
+        long c = (z[zOff + zPos] & M) + (x & M);
+        z[zOff + zPos] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + zPos + 1] & M) + (x >>> 32);
+        z[zOff + zPos + 1] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zOff, zPos + 2);
+    }
+
+    public static int addDWordTo(int len, long x, int[] z)
+    {
+        long c = (z[0] & M) + (x & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (z[1] & M) + (x >>> 32);
+        z[1] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, 2);
+    }
+
+    public static int addDWordTo(int len, long x, int[] z, int zOff)
+    {
+        long c = (z[zOff + 0] & M) + (x & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 1] & M) + (x >>> 32);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zOff, 2);
+    }
+
+    public static int addTo(int len, int[] x, int[] z)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (x[i] & M) + (z[i] & M);
+            z[i] = (int)c;
+            c >>>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int addTo(int len, int[] x, int xOff, int[] z, int zOff)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (x[xOff + i] & M) + (z[zOff + i] & M);
+            z[zOff + i] = (int)c;
+            c >>>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int addWordAt(int len, int x, int[] z, int zPos)
+    {
+        // assert zPos <= (len - 1);
+        long c = (x & M) + (z[zPos] & M);
+        z[zPos] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zPos + 1);
+    }
+
+    public static int addWordAt(int len, int x, int[] z, int zOff, int zPos)
+    {
+        // assert zPos <= (len - 1);
+        long c = (x & M) + (z[zOff + zPos] & M);
+        z[zOff + zPos] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zOff, zPos + 1);
+    }
+
+    public static int addWordTo(int len, int x, int[] z)
+    {
+        long c = (x & M) + (z[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, 1);
+    }
+
+    public static int addWordTo(int len, int x, int[] z, int zOff)
+    {
+        long c = (x & M) + (z[zOff] & M);
+        z[zOff] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zOff, 1);
+    }
+
+    public static int[] copy(int len, int[] x)
+    {
+        int[] z = new int[len];
+        System.arraycopy(x, 0, z, 0, len);
+        return z;
+    }
+
+    public static void copy(int len, int[] x, int[] z)
+    {
+        System.arraycopy(x, 0, z, 0, len);
+    }
+
+    public static int[] create(int len)
+    {
+        return new int[len];
+    }
+
+    public static int dec(int len, int[] z)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            if (--z[i] != -1)
+            {
+                return 0;
+            }
+        }
+        return -1;
+    }
+
+    public static int dec(int len, int[] x, int[] z)
+    {
+        int i = 0;
+        while (i < len)
+        {
+            int c = x[i] - 1;
+            z[i] = c;
+            ++i;
+            if (c != -1)
+            {
+                while (i < len)
+                {
+                    z[i] = x[i];
+                    ++i;
+                }
+                return 0;
+            }
+        }
+        return -1;
+    }
+
+    public static int decAt(int len, int[] z, int zPos)
+    {
+        // assert zPos <= len;
+        for (int i = zPos; i < len; ++i)
+        {
+            if (--z[i] != -1)
+            {
+                return 0;
+            }
+        }
+        return -1;
+    }
+
+    public static int decAt(int len, int[] z, int zOff, int zPos)
+    {
+        // assert zPos <= len;
+        for (int i = zPos; i < len; ++i)
+        {
+            if (--z[zOff + i] != -1)
+            {
+                return 0;
+            }
+        }
+        return -1;
+    }
+
+    public static boolean eq(int len, int[] x, int[] y)
+    {
+        for (int i = len - 1; i >= 0; --i)
+        {
+            if (x[i] != y[i])
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static int[] fromBigInteger(int bits, BigInteger x)
+    {
+        if (x.signum() < 0 || x.bitLength() > bits)
+        {
+            throw new IllegalArgumentException();
+        }
+
+        int len = (bits + 31) >> 5;
+        int[] z = create(len);
+        int i = 0;
+        while (x.signum() != 0)
+        {
+            z[i++] = x.intValue();
+            x = x.shiftRight(32);
+        }
+        return z;
+    }
+
+    public static int getBit(int[] x, int bit)
+    {
+        if (bit == 0)
+        {
+            return x[0] & 1;
+        }
+        int w = bit >> 5;
+        if (w < 0 || w >= x.length)
+        {
+            return 0;
+        }
+        int b = bit & 31;
+        return (x[w] >>> b) & 1;
+    }
+
+    public static boolean gte(int len, int[] x, int[] y)
+    {
+        for (int i = len - 1; i >= 0; --i)
+        {
+            int x_i = x[i] ^ Integer.MIN_VALUE;
+            int y_i = y[i] ^ Integer.MIN_VALUE;
+            if (x_i < y_i)
+                return false;
+            if (x_i > y_i)
+                return true;
+        }
+        return true;
+    }
+
+    public static int inc(int len, int[] z)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            if (++z[i] != 0)
+            {
+                return 0;
+            }
+        }
+        return 1;
+    }
+
+    public static int inc(int len, int[] x, int[] z)
+    {
+        int i = 0;
+        while (i < len)
+        {
+            int c = x[i] + 1;
+            z[i] = c;
+            ++i;
+            if (c != 0)
+            {
+                while (i < len)
+                {
+                    z[i] = x[i];
+                    ++i;
+                }
+                return 0;
+            }
+        }
+        return 1;
+    }
+
+    public static int incAt(int len, int[] z, int zPos)
+    {
+        // assert zPos <= len;
+        for (int i = zPos; i < len; ++i)
+        {
+            if (++z[i] != 0)
+            {
+                return 0;
+            }
+        }
+        return 1;
+    }
+
+    public static int incAt(int len, int[] z, int zOff, int zPos)
+    {
+        // assert zPos <= len;
+        for (int i = zPos; i < len; ++i)
+        {
+            if (++z[zOff + i] != 0)
+            {
+                return 0;
+            }
+        }
+        return 1;
+    }
+
+    public static boolean isOne(int len, int[] x)
+    {
+        if (x[0] != 1)
+        {
+            return false;
+        }
+        for (int i = 1; i < len; ++i)
+        {
+            if (x[i] != 0)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static boolean isZero(int len, int[] x)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            if (x[i] != 0)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static void mul(int len, int[] x, int[] y, int[] zz)
+    {
+        zz[len] = mulWord(len, x[0], y, zz);
+
+        for (int i = 1; i < len; ++i)
+        {
+            zz[i + len] = mulWordAddTo(len, x[i], y, 0, zz, i);
+        }
+    }
+
+    public static void mul(int len, int[] x, int xOff, int[] y, int yOff, int[] zz, int zzOff)
+    {
+        zz[zzOff + len] = mulWord(len, x[xOff], y, yOff, zz, zzOff);
+
+        for (int i = 1; i < len; ++i)
+        {
+            zz[zzOff + i + len] = mulWordAddTo(len, x[xOff + i], y, yOff, zz, zzOff + i);
+        }
+    }
+
+    public static int mulAddTo(int len, int[] x, int[] y, int[] zz)
+    {
+        long zc = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            long c = mulWordAddTo(len, x[i], y, 0, zz, i) & M;
+            c += zc + (zz[i + len] & M);
+            zz[i + len] = (int)c;
+            zc = c >>> 32;
+        }
+        return (int)zc;
+    }
+
+    public static int mulAddTo(int len, int[] x, int xOff, int[] y, int yOff, int[] zz, int zzOff)
+    {
+        long zc = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            long c = mulWordAddTo(len, x[xOff + i], y, yOff, zz, zzOff) & M;
+            c += zc + (zz[zzOff + len] & M);
+            zz[zzOff + len] = (int)c;
+            zc = c >>> 32;
+            ++zzOff;
+        }
+        return (int)zc;
+    }
+
+    public static int mul31BothAdd(int len, int a, int[] x, int b, int[] y, int[] z, int zOff)
+    {
+        long c = 0, aVal = a & M, bVal = b & M;
+        int i = 0;
+        do
+        {
+            c += aVal * (x[i] & M) + bVal * (y[i] & M) + (z[zOff + i] & M);
+            z[zOff + i] = (int)c;
+            c >>>= 32;
+        }
+        while (++i < len);
+        return (int)c;
+    }
+
+    public static int mulWord(int len, int x, int[] y, int[] z)
+    {
+        long c = 0, xVal = x & M;
+        int i = 0;
+        do
+        {
+            c += xVal * (y[i] & M);
+            z[i] = (int)c;
+            c >>>= 32;
+        }
+        while (++i < len);
+        return (int)c;
+    }
+
+    public static int mulWord(int len, int x, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0, xVal = x & M;
+        int i = 0;
+        do
+        {
+            c += xVal * (y[yOff + i] & M);
+            z[zOff + i] = (int)c;
+            c >>>= 32;
+        }
+        while (++i < len);
+        return (int)c;
+    }
+
+    public static int mulWordAddTo(int len, int x, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0, xVal = x & M;
+        int i = 0;
+        do
+        {
+            c += xVal * (y[yOff + i] & M) + (z[zOff + i] & M);
+            z[zOff + i] = (int)c;
+            c >>>= 32;
+        }
+        while (++i < len);
+        return (int)c;
+    }
+
+    public static int mulWordDwordAddAt(int len, int x, long y, int[] z, int zPos)
+    {
+        // assert zPos <= (len - 3);
+        long c = 0, xVal = x & M;
+        c += xVal * (y & M) + (z[zPos + 0] & M);
+        z[zPos + 0] = (int)c;
+        c >>>= 32;
+        c += xVal * (y >>> 32) + (z[zPos + 1] & M);
+        z[zPos + 1] = (int)c;
+        c >>>= 32;
+        c += (z[zPos + 2] & M);
+        z[zPos + 2] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : incAt(len, z, zPos + 3);
+    }
+
+    public static int shiftDownBit(int len, int[] z, int c)
+    {
+        int i = len;
+        while (--i >= 0)
+        {
+            int next = z[i];
+            z[i] = (next >>> 1) | (c << 31);
+            c = next;
+        }
+        return c << 31;
+    }
+
+    public static int shiftDownBit(int len, int[] z, int zOff, int c)
+    {
+        int i = len;
+        while (--i >= 0)
+        {
+            int next = z[zOff + i];
+            z[zOff + i] = (next >>> 1) | (c << 31);
+            c = next;
+        }
+        return c << 31;
+    }
+
+    public static int shiftDownBit(int len, int[] x, int c, int[] z)
+    {
+        int i = len;
+        while (--i >= 0)
+        {
+            int next = x[i];
+            z[i] = (next >>> 1) | (c << 31);
+            c = next;
+        }
+        return c << 31;
+    }
+
+    public static int shiftDownBit(int len, int[] x, int xOff, int c, int[] z, int zOff)
+    {
+        int i = len;
+        while (--i >= 0)
+        {
+            int next = x[xOff + i];
+            z[zOff + i] = (next >>> 1) | (c << 31);
+            c = next;
+        }
+        return c << 31;
+    }
+
+    public static int shiftDownBits(int len, int[] z, int bits, int c)
+    {
+//        assert bits > 0 && bits < 32;
+        int i = len;
+        while (--i >= 0)
+        {
+            int next = z[i];
+            z[i] = (next >>> bits) | (c << -bits);
+            c = next;
+        }
+        return c << -bits;
+    }
+
+    public static int shiftDownBits(int len, int[] z, int zOff, int bits, int c)
+    {
+//        assert bits > 0 && bits < 32;
+        int i = len;
+        while (--i >= 0)
+        {
+            int next = z[zOff + i];
+            z[zOff + i] = (next >>> bits) | (c << -bits);
+            c = next;
+        }
+        return c << -bits;
+    }
+
+    public static int shiftDownBits(int len, int[] x, int bits, int c, int[] z)
+    {
+//        assert bits > 0 && bits < 32;
+        int i = len;
+        while (--i >= 0)
+        {
+            int next = x[i];
+            z[i] = (next >>> bits) | (c << -bits);
+            c = next;
+        }
+        return c << -bits;
+    }
+
+    public static int shiftDownBits(int len, int[] x, int xOff, int bits, int c, int[] z, int zOff)
+    {
+//        assert bits > 0 && bits < 32;
+        int i = len;
+        while (--i >= 0)
+        {
+            int next = x[xOff + i];
+            z[zOff + i] = (next >>> bits) | (c << -bits);
+            c = next;
+        }
+        return c << -bits;
+    }
+
+    public static int shiftDownWord(int len, int[] z, int c)
+    {
+        int i = len;
+        while (--i >= 0)
+        {
+            int next = z[i];
+            z[i] = c;
+            c = next;
+        }
+        return c;
+    }
+
+    public static int shiftUpBit(int len, int[] z, int c)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            int next = z[i];
+            z[i] = (next << 1) | (c >>> 31);
+            c = next;
+        }
+        return c >>> 31;
+    }
+
+    public static int shiftUpBit(int len, int[] z, int zOff, int c)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            int next = z[zOff + i];
+            z[zOff + i] = (next << 1) | (c >>> 31);
+            c = next;
+        }
+        return c >>> 31;
+    }
+
+    public static int shiftUpBit(int len, int[] x, int c, int[] z)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            int next = x[i];
+            z[i] = (next << 1) | (c >>> 31);
+            c = next;
+        }
+        return c >>> 31;
+    }
+
+    public static int shiftUpBit(int len, int[] x, int xOff, int c, int[] z, int zOff)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            int next = x[xOff + i];
+            z[zOff + i] = (next << 1) | (c >>> 31);
+            c = next;
+        }
+        return c >>> 31;
+    }
+
+    public static int shiftUpBits(int len, int[] z, int bits, int c)
+    {
+//        assert bits > 0 && bits < 32;
+        for (int i = 0; i < len; ++i)
+        {
+            int next = z[i];
+            z[i] = (next << bits) | (c >>> -bits);
+            c = next;
+        }
+        return c >>> -bits;
+    }
+
+    public static int shiftUpBits(int len, int[] z, int zOff, int bits, int c)
+    {
+//        assert bits > 0 && bits < 32;
+        for (int i = 0; i < len; ++i)
+        {
+            int next = z[zOff + i];
+            z[zOff + i] = (next << bits) | (c >>> -bits);
+            c = next;
+        }
+        return c >>> -bits;
+    }
+
+    public static int shiftUpBits(int len, int[] x, int bits, int c, int[] z)
+    {
+//        assert bits > 0 && bits < 32;
+        for (int i = 0; i < len; ++i)
+        {
+            int next = x[i];
+            z[i] = (next << bits) | (c >>> -bits);
+            c = next;
+        }
+        return c >>> -bits;
+    }
+
+    public static int shiftUpBits(int len, int[] x, int xOff, int bits, int c, int[] z, int zOff)
+    {
+//        assert bits > 0 && bits < 32;
+        for (int i = 0; i < len; ++i)
+        {
+            int next = x[xOff + i];
+            z[zOff + i] = (next << bits) | (c >>> -bits);
+            c = next;
+        }
+        return c >>> -bits;
+    }
+
+    public static void square(int len, int[] x, int[] zz)
+    {
+        int extLen = len << 1;
+        int c = 0;
+        int j = len, k = extLen;
+        do
+        {
+            long xVal = (x[--j] & M);
+            long p = xVal * xVal;
+            zz[--k] = (c << 31) | (int)(p >>> 33);
+            zz[--k] = (int)(p >>> 1);
+            c = (int)p;
+        }
+        while (j > 0);
+
+        for (int i = 1; i < len; ++i)
+        {
+            c = squareWordAdd(x, i, zz);
+            addWordAt(extLen, c, zz, i << 1);
+        }
+
+        shiftUpBit(extLen, zz, x[0] << 31);
+    }
+
+    public static void square(int len, int[] x, int xOff, int[] zz, int zzOff)
+    {
+        int extLen = len << 1;
+        int c = 0;
+        int j = len, k = extLen;
+        do
+        {
+            long xVal = (x[xOff + --j] & M);
+            long p = xVal * xVal;
+            zz[zzOff + --k] = (c << 31) | (int)(p >>> 33);
+            zz[zzOff + --k] = (int)(p >>> 1);
+            c = (int)p;
+        }
+        while (j > 0);
+
+        for (int i = 1; i < len; ++i)
+        {
+            c = squareWordAdd(x, xOff, i, zz, zzOff);
+            addWordAt(extLen, c, zz, zzOff, i << 1);
+        }
+
+        shiftUpBit(extLen, zz, zzOff, x[xOff] << 31);
+    }
+
+    public static int squareWordAdd(int[] x, int xPos, int[] z)
+    {
+        long c = 0, xVal = x[xPos] & M;
+        int i = 0;
+        do
+        {
+            c += xVal * (x[i] & M) + (z[xPos + i] & M);
+            z[xPos + i] = (int)c;
+            c >>>= 32;
+        }
+        while (++i < xPos);
+        return (int)c;
+    }
+
+    public static int squareWordAdd(int[] x, int xOff, int xPos, int[] z, int zOff)
+    {
+        long c = 0, xVal = x[xOff + xPos] & M;
+        int i = 0;
+        do
+        {
+            c += xVal * (x[xOff + i] & M) + (z[xPos + zOff] & M);
+            z[xPos + zOff] = (int)c;
+            c >>>= 32;
+            ++zOff;
+        }
+        while (++i < xPos);
+        return (int)c;
+    }
+
+    public static int sub(int len, int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (x[i] & M) - (y[i] & M);
+            z[i] = (int)c;
+            c >>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int sub(int len, int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (x[xOff + i] & M) - (y[yOff + i] & M);
+            z[zOff + i] = (int)c;
+            c >>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int sub33At(int len, int x, int[] z, int zPos)
+    {
+        // assert zPos <= (len - 2);
+        long c = (z[zPos + 0] & M) - (x & M);
+        z[zPos + 0] = (int)c;
+        c >>= 32;
+        c += (z[zPos + 1] & M) - 1;
+        z[zPos + 1] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, zPos + 2);
+    }
+
+    public static int sub33At(int len, int x, int[] z, int zOff, int zPos)
+    {
+        // assert zPos <= (len - 2);
+        long c = (z[zOff + zPos] & M) - (x & M);
+        z[zOff + zPos] = (int)c;
+        c >>= 32;
+        c += (z[zOff + zPos + 1] & M) - 1;
+        z[zOff + zPos + 1] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, zOff, zPos + 2);
+    }
+
+    public static int sub33From(int len, int x, int[] z)
+    {
+        long c = (z[0] & M) - (x & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) - 1;
+        z[1] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, 2);
+    }
+
+    public static int sub33From(int len, int x, int[] z, int zOff)
+    {
+        long c = (z[zOff + 0] & M) - (x & M);
+        z[zOff + 0] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 1] & M) - 1;
+        z[zOff + 1] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, zOff, 2);
+    }
+
+    public static int subBothFrom(int len, int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (z[i] & M) - (x[i] & M) - (y[i] & M);
+            z[i] = (int)c;
+            c >>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int subBothFrom(int len, int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (z[zOff + i] & M) - (x[xOff + i] & M) - (y[yOff + i] & M);
+            z[zOff + i] = (int)c;
+            c >>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int subDWordAt(int len, long x, int[] z, int zPos)
+    {
+        // assert zPos <= (len - 2);
+        long c = (z[zPos + 0] & M) - (x & M);
+        z[zPos + 0] = (int)c;
+        c >>= 32;
+        c += (z[zPos + 1] & M) - (x >>> 32);
+        z[zPos + 1] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, zPos + 2);
+    }
+
+    public static int subDWordAt(int len, long x, int[] z, int zOff, int zPos)
+    {
+        // assert zPos <= (len - 2);
+        long c = (z[zOff + zPos] & M) - (x & M);
+        z[zOff + zPos] = (int)c;
+        c >>= 32;
+        c += (z[zOff + zPos + 1] & M) - (x >>> 32);
+        z[zOff + zPos + 1] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z,  zOff, zPos + 2);
+    }
+
+    public static int subDWordFrom(int len, long x, int[] z)
+    {
+        long c = (z[0] & M) - (x & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) - (x >>> 32);
+        z[1] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, 2);
+    }
+
+    public static int subDWordFrom(int len, long x, int[] z, int zOff)
+    {
+        long c = (z[zOff + 0] & M) - (x & M);
+        z[zOff + 0] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 1] & M) - (x >>> 32);
+        z[zOff + 1] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, zOff, 2);
+    }
+
+    public static int subFrom(int len, int[] x, int[] z)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (z[i] & M) - (x[i] & M);
+            z[i] = (int)c;
+            c >>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int subFrom(int len, int[] x, int xOff, int[] z, int zOff)
+    {
+        long c = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            c += (z[zOff + i] & M) - (x[xOff + i] & M);
+            z[zOff + i] = (int)c;
+            c >>= 32;
+        }
+        return (int)c;
+    }
+
+    public static int subWordAt(int len, int x, int[] z, int zPos)
+    {
+        // assert zPos <= (len - 1);
+        long c = (z[zPos] & M) - (x & M);
+        z[zPos] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, zPos + 1);
+    }
+
+    public static int subWordAt(int len, int x, int[] z, int zOff, int zPos)
+    {
+        // assert zPos <= (len - 1);
+        long c = (z[zOff + zPos] & M) - (x & M);
+        z[zOff + zPos] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, zOff, zPos + 1);
+    }
+
+    public static int subWordFrom(int len, int x, int[] z)
+    {
+        long c = (z[0] & M) - (x & M);
+        z[0] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, 1);
+    }
+
+    public static int subWordFrom(int len, int x, int[] z, int zOff)
+    {
+        long c = (z[zOff + 0] & M) - (x & M);
+        z[zOff + 0] = (int)c;
+        c >>= 32;
+        return c == 0 ? 0 : decAt(len, z, zOff, 1);
+    }
+
+    public static BigInteger toBigInteger(int len, int[] x)
+    {
+        byte[] bs = new byte[len << 2];
+        for (int i = 0; i < len; ++i)
+        {
+            int x_i = x[i];
+            if (x_i != 0)
+            {
+                Pack.intToBigEndian(x_i, bs, (len - 1 - i) << 2);
+            }
+        }
+        return new BigInteger(1, bs);
+    }
+
+    public static void zero(int len, int[] z)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            z[i] = 0;
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/raw/Nat192.java b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat192.java
new file mode 100644
index 0000000..e7e3dfa
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat192.java
@@ -0,0 +1,968 @@
+package org.bouncycastle.math.raw;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.util.Pack;
+
+public abstract class Nat192
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    public static int add(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) + (y[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (x[1] & M) + (y[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += (x[2] & M) + (y[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += (x[3] & M) + (y[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += (x[4] & M) + (y[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += (x[5] & M) + (y[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addBothTo(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) + (y[0] & M) + (z[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (x[1] & M) + (y[1] & M) + (z[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += (x[2] & M) + (y[2] & M) + (z[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += (x[3] & M) + (y[3] & M) + (z[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += (x[4] & M) + (y[4] & M) + (z[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += (x[5] & M) + (y[5] & M) + (z[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addTo(int[] x, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) + (z[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (x[1] & M) + (z[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += (x[2] & M) + (z[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += (x[3] & M) + (z[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += (x[4] & M) + (z[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += (x[5] & M) + (z[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addTo(int[] x, int xOff, int[] z, int zOff, int cIn)
+    {
+        long c = cIn & M;
+        c += (x[xOff + 0] & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 1] & M) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 2] & M) + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 3] & M) + (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 4] & M) + (z[zOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 5] & M) + (z[zOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addToEachOther(int[] u, int uOff, int[] v, int vOff)
+    {
+        long c = 0;
+        c += (u[uOff + 0] & M) + (v[vOff + 0] & M);
+        u[uOff + 0] = (int)c;
+        v[vOff + 0] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 1] & M) + (v[vOff + 1] & M);
+        u[uOff + 1] = (int)c;
+        v[vOff + 1] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 2] & M) + (v[vOff + 2] & M);
+        u[uOff + 2] = (int)c;
+        v[vOff + 2] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 3] & M) + (v[vOff + 3] & M);
+        u[uOff + 3] = (int)c;
+        v[vOff + 3] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 4] & M) + (v[vOff + 4] & M);
+        u[uOff + 4] = (int)c;
+        v[vOff + 4] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 5] & M) + (v[vOff + 5] & M);
+        u[uOff + 5] = (int)c;
+        v[vOff + 5] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static void copy(int[] x, int[] z)
+    {
+        z[0] = x[0];
+        z[1] = x[1];
+        z[2] = x[2];
+        z[3] = x[3];
+        z[4] = x[4];
+        z[5] = x[5];
+    }
+
+    public static int[] create()
+    {
+        return new int[6];
+    }
+
+    public static int[] createExt()
+    {
+        return new int[12];
+    }
+
+    public static boolean diff(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        boolean pos = gte(x, xOff, y, yOff);
+        if (pos)
+        {
+            sub(x, xOff, y, yOff, z, zOff);
+        }
+        else
+        {
+            sub(y, yOff, x, xOff, z, zOff);
+        }
+        return pos;
+    }
+
+    public static boolean eq(int[] x, int[] y)
+    {
+        for (int i = 5; i >= 0; --i)
+        {
+            if (x[i] != y[i])
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        if (x.signum() < 0 || x.bitLength() > 192)
+        {
+            throw new IllegalArgumentException();
+        }
+
+        int[] z = create();
+        int i = 0;
+        while (x.signum() != 0)
+        {
+            z[i++] = x.intValue();
+            x = x.shiftRight(32);
+        }
+        return z;
+    }
+
+    public static int getBit(int[] x, int bit)
+    {
+        if (bit == 0)
+        {
+            return x[0] & 1;
+        }
+        int w = bit >> 5;
+        if (w < 0 || w >= 6)
+        {
+            return 0;
+        }
+        int b = bit & 31;
+        return (x[w] >>> b) & 1;
+    }
+
+    public static boolean gte(int[] x, int[] y)
+    {
+        for (int i = 5; i >= 0; --i)
+        {
+            int x_i = x[i] ^ Integer.MIN_VALUE;
+            int y_i = y[i] ^ Integer.MIN_VALUE;
+            if (x_i < y_i)
+                return false;
+            if (x_i > y_i)
+                return true;
+        }
+        return true;
+    }
+
+    public static boolean gte(int[] x, int xOff, int[] y, int yOff)
+    {
+        for (int i = 5; i >= 0; --i)
+        {
+            int x_i = x[xOff + i] ^ Integer.MIN_VALUE;
+            int y_i = y[yOff + i] ^ Integer.MIN_VALUE;
+            if (x_i < y_i)
+                return false;
+            if (x_i > y_i)
+                return true;
+        }
+        return true;
+    }
+
+    public static boolean isOne(int[] x)
+    {
+        if (x[0] != 1)
+        {
+            return false;
+        }
+        for (int i = 1; i < 6; ++i)
+        {
+            if (x[i] != 0)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static boolean isZero(int[] x)
+    {
+        for (int i = 0; i < 6; ++i)
+        {
+            if (x[i] != 0)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static void mul(int[] x, int[] y, int[] zz)
+    {
+        long y_0 = y[0] & M;
+        long y_1 = y[1] & M;
+        long y_2 = y[2] & M;
+        long y_3 = y[3] & M;
+        long y_4 = y[4] & M;
+        long y_5 = y[5] & M;
+
+        {
+            long c = 0, x_0 = x[0] & M;
+            c += x_0 * y_0;
+            zz[0] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_1;
+            zz[1] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_2;
+            zz[2] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_3;
+            zz[3] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_4;
+            zz[4] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_5;
+            zz[5] = (int)c;
+            c >>>= 32;
+            zz[6] = (int)c;
+        }
+
+        for (int i = 1; i < 6; ++i)
+        {
+            long c = 0, x_i = x[i] & M;
+            c += x_i * y_0 + (zz[i + 0] & M);
+            zz[i + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[i + 1] & M);
+            zz[i + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[i + 2] & M);
+            zz[i + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[i + 3] & M);
+            zz[i + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[i + 4] & M);
+            zz[i + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[i + 5] & M);
+            zz[i + 5] = (int)c;
+            c >>>= 32;
+            zz[i + 6] = (int)c;
+        }
+    }
+
+    public static void mul(int[] x, int xOff, int[] y, int yOff, int[] zz, int zzOff)
+    {
+        long y_0 = y[yOff + 0] & M;
+        long y_1 = y[yOff + 1] & M;
+        long y_2 = y[yOff + 2] & M;
+        long y_3 = y[yOff + 3] & M;
+        long y_4 = y[yOff + 4] & M;
+        long y_5 = y[yOff + 5] & M;
+
+        {
+            long c = 0, x_0 = x[xOff + 0] & M;
+            c += x_0 * y_0;
+            zz[zzOff + 0] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_1;
+            zz[zzOff + 1] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_2;
+            zz[zzOff + 2] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_3;
+            zz[zzOff + 3] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_4;
+            zz[zzOff + 4] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_5;
+            zz[zzOff + 5] = (int)c;
+            c >>>= 32;
+            zz[zzOff + 6] = (int)c;
+        }
+
+        for (int i = 1; i < 6; ++i)
+        {
+            ++zzOff;
+            long c = 0, x_i = x[xOff + i] & M;
+            c += x_i * y_0 + (zz[zzOff + 0] & M);
+            zz[zzOff + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[zzOff + 1] & M);
+            zz[zzOff + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[zzOff + 2] & M);
+            zz[zzOff + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[zzOff + 3] & M);
+            zz[zzOff + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[zzOff + 4] & M);
+            zz[zzOff + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[zzOff + 5] & M);
+            zz[zzOff + 5] = (int)c;
+            c >>>= 32;
+            zz[zzOff + 6] = (int)c;
+        }
+    }
+
+    public static int mulAddTo(int[] x, int[] y, int[] zz)
+    {
+        long y_0 = y[0] & M;
+        long y_1 = y[1] & M;
+        long y_2 = y[2] & M;
+        long y_3 = y[3] & M;
+        long y_4 = y[4] & M;
+        long y_5 = y[5] & M;
+
+        long zc = 0;
+        for (int i = 0; i < 6; ++i)
+        {
+            long c = 0, x_i = x[i] & M;
+            c += x_i * y_0 + (zz[i + 0] & M);
+            zz[i + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[i + 1] & M);
+            zz[i + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[i + 2] & M);
+            zz[i + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[i + 3] & M);
+            zz[i + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[i + 4] & M);
+            zz[i + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[i + 5] & M);
+            zz[i + 5] = (int)c;
+            c >>>= 32;
+            c += zc + (zz[i + 6] & M);
+            zz[i + 6] = (int)c;
+            zc = c >>> 32;
+        }
+        return (int)zc;
+    }
+
+    public static int mulAddTo(int[] x, int xOff, int[] y, int yOff, int[] zz, int zzOff)
+    {
+        long y_0 = y[yOff + 0] & M;
+        long y_1 = y[yOff + 1] & M;
+        long y_2 = y[yOff + 2] & M;
+        long y_3 = y[yOff + 3] & M;
+        long y_4 = y[yOff + 4] & M;
+        long y_5 = y[yOff + 5] & M;
+
+        long zc = 0;
+        for (int i = 0; i < 6; ++i)
+        {
+            long c = 0, x_i = x[xOff + i] & M;
+            c += x_i * y_0 + (zz[zzOff + 0] & M);
+            zz[zzOff + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[zzOff + 1] & M);
+            zz[zzOff + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[zzOff + 2] & M);
+            zz[zzOff + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[zzOff + 3] & M);
+            zz[zzOff + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[zzOff + 4] & M);
+            zz[zzOff + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[zzOff + 5] & M);
+            zz[zzOff + 5] = (int)c;
+            c >>>= 32;
+            c += zc + (zz[zzOff + 6] & M);
+            zz[zzOff + 6] = (int)c;
+            zc = c >>> 32;
+            ++zzOff;
+        }
+        return (int)zc;
+    }
+
+    public static long mul33Add(int w, int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        // assert w >>> 31 == 0;
+
+        long c = 0, wVal = w & M;
+        long x0 = x[xOff + 0] & M;
+        c += wVal * x0 + (y[yOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        long x1 = x[xOff + 1] & M;
+        c += wVal * x1 + x0 + (y[yOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        long x2 = x[xOff + 2] & M;
+        c += wVal * x2 + x1 + (y[yOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        long x3 = x[xOff + 3] & M;
+        c += wVal * x3 + x2 + (y[yOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        long x4 = x[xOff + 4] & M;
+        c += wVal * x4 + x3 + (y[yOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        long x5 = x[xOff + 5] & M;
+        c += wVal * x5 + x4 + (y[yOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        c += x5;
+        return c;
+    }
+
+    public static int mulWordAddExt(int x, int[] yy, int yyOff, int[] zz, int zzOff)
+    {
+        // assert yyOff <= 6;
+        // assert zzOff <= 6;
+        long c = 0, xVal = x & M;
+        c += xVal * (yy[yyOff + 0] & M) + (zz[zzOff + 0] & M);
+        zz[zzOff + 0] = (int)c;
+        c >>>= 32;
+        c += xVal * (yy[yyOff + 1] & M) + (zz[zzOff + 1] & M);
+        zz[zzOff + 1] = (int)c;
+        c >>>= 32;
+        c += xVal * (yy[yyOff + 2] & M) + (zz[zzOff + 2] & M);
+        zz[zzOff + 2] = (int)c;
+        c >>>= 32;
+        c += xVal * (yy[yyOff + 3] & M) + (zz[zzOff + 3] & M);
+        zz[zzOff + 3] = (int)c;
+        c >>>= 32;
+        c += xVal * (yy[yyOff + 4] & M) + (zz[zzOff + 4] & M);
+        zz[zzOff + 4] = (int)c;
+        c >>>= 32;
+        c += xVal * (yy[yyOff + 5] & M) + (zz[zzOff + 5] & M);
+        zz[zzOff + 5] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int mul33DWordAdd(int x, long y, int[] z, int zOff)
+    {
+        // assert x >>> 31 == 0;
+        // assert zOff <= 2;
+
+        long c = 0, xVal = x & M;
+        long y00 = y & M;
+        c += xVal * y00 + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        long y01 = y >>> 32;
+        c += xVal * y01 + y00 + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += y01 + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : Nat.incAt(6, z, zOff, 4);
+    }
+
+    public static int mul33WordAdd(int x, int y, int[] z, int zOff)
+    {
+        // assert x >>> 31 == 0;
+        // assert zOff <= 3;
+
+        long c = 0, xVal = x & M, yVal = y & M;
+        c += yVal * xVal + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += yVal + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : Nat.incAt(6, z, zOff, 3);
+    }
+
+    public static int mulWordDwordAdd(int x, long y, int[] z, int zOff)
+    {
+        // assert zOff <= 3;
+        long c = 0, xVal = x & M;
+        c += xVal * (y & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += xVal * (y >>> 32) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : Nat.incAt(6, z, zOff, 3);
+    }
+
+    public static int mulWord(int x, int[] y, int[] z, int zOff)
+    {
+        long c = 0, xVal = x & M;
+        int i = 0;
+        do
+        {
+            c += xVal * (y[i] & M);
+            z[zOff + i] = (int)c;
+            c >>>= 32;
+        }
+        while (++i < 6);
+        return (int)c;
+    }
+
+    public static void square(int[] x, int[] zz)
+    {
+        long x_0 = x[0] & M;
+        long zz_1;
+
+        int c = 0, w;
+        {
+            int i = 5, j = 12;
+            do
+            {
+                long xVal = (x[i--] & M);
+                long p = xVal * xVal;
+                zz[--j] = (c << 31) | (int)(p >>> 33);
+                zz[--j] = (int)(p >>> 1);
+                c = (int)p;
+            }
+            while (i > 0);
+
+            {
+                long p = x_0 * x_0;
+                zz_1 = ((c << 31) & M) | (p >>> 33);
+                zz[0] = (int)p;
+                c = (int)(p >>> 32) & 1;
+            }
+        }
+
+        long x_1 = x[1] & M;
+        long zz_2 = zz[2] & M;
+
+        {
+            zz_1 += x_1 * x_0;
+            w = (int)zz_1;
+            zz[1] = (w << 1) | c;
+            c = w >>> 31;
+            zz_2 += zz_1 >>> 32;
+        }
+
+        long x_2 = x[2] & M;
+        long zz_3 = zz[3] & M;
+        long zz_4 = zz[4] & M;
+        {
+            zz_2 += x_2 * x_0;
+            w = (int)zz_2;
+            zz[2] = (w << 1) | c;
+            c = w >>> 31;
+            zz_3 += (zz_2 >>> 32) + x_2 * x_1;
+            zz_4 += zz_3 >>> 32;
+            zz_3 &= M;
+        }
+
+        long x_3 = x[3] & M;
+        long zz_5 = zz[5] & M;
+        long zz_6 = zz[6] & M;
+        {
+            zz_3 += x_3 * x_0;
+            w = (int)zz_3;
+            zz[3] = (w << 1) | c;
+            c = w >>> 31;
+            zz_4 += (zz_3 >>> 32) + x_3 * x_1;
+            zz_5 += (zz_4 >>> 32) + x_3 * x_2;
+            zz_4 &= M;
+            zz_6 += zz_5 >>> 32;
+            zz_5 &= M;
+        }
+
+        long x_4 = x[4] & M;
+        long zz_7 = zz[7] & M;
+        long zz_8 = zz[8] & M;
+        {
+            zz_4 += x_4 * x_0;
+            w = (int)zz_4;
+            zz[4] = (w << 1) | c;
+            c = w >>> 31;
+            zz_5 += (zz_4 >>> 32) + x_4 * x_1;
+            zz_6 += (zz_5 >>> 32) + x_4 * x_2;
+            zz_5 &= M;
+            zz_7 += (zz_6 >>> 32) + x_4 * x_3;
+            zz_6 &= M;
+            zz_8 += zz_7 >>> 32;
+            zz_7 &= M;
+        }
+
+        long x_5 = x[5] & M;
+        long zz_9 = zz[9] & M;
+        long zz_10 = zz[10] & M;
+        {
+            zz_5 += x_5 * x_0;
+            w = (int)zz_5;
+            zz[5] = (w << 1) | c;
+            c = w >>> 31;
+            zz_6 += (zz_5 >>> 32) + x_5 * x_1;
+            zz_7 += (zz_6 >>> 32) + x_5 * x_2;
+            zz_8 += (zz_7 >>> 32) + x_5 * x_3;
+            zz_9 += (zz_8 >>> 32) + x_5 * x_4;
+            zz_10 += zz_9 >>> 32;
+        }
+
+        w = (int)zz_6;
+        zz[6] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_7;
+        zz[7] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_8;
+        zz[8] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_9;
+        zz[9] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_10;
+        zz[10] = (w << 1) | c;
+        c = w >>> 31;
+        w = zz[11] + (int)(zz_10 >> 32);
+        zz[11] = (w << 1) | c;
+    }
+
+    public static void square(int[] x, int xOff, int[] zz, int zzOff)
+    {
+        long x_0 = x[xOff + 0] & M;
+        long zz_1;
+
+        int c = 0, w;
+        {
+            int i = 5, j = 12;
+            do
+            {
+                long xVal = (x[xOff + i--] & M);
+                long p = xVal * xVal;
+                zz[zzOff + --j] = (c << 31) | (int)(p >>> 33);
+                zz[zzOff + --j] = (int)(p >>> 1);
+                c = (int)p;
+            }
+            while (i > 0);
+
+            {
+                long p = x_0 * x_0;
+                zz_1 = ((c << 31) & M) | (p >>> 33);
+                zz[zzOff + 0] = (int)p;
+                c = (int)(p >>> 32) & 1;
+            }
+        }
+
+        long x_1 = x[xOff + 1] & M;
+        long zz_2 = zz[zzOff + 2] & M;
+
+        {
+            zz_1 += x_1 * x_0;
+            w = (int)zz_1;
+            zz[zzOff + 1] = (w << 1) | c;
+            c = w >>> 31;
+            zz_2 += zz_1 >>> 32;
+        }
+
+        long x_2 = x[xOff + 2] & M;
+        long zz_3 = zz[zzOff + 3] & M;
+        long zz_4 = zz[zzOff + 4] & M;
+        {
+            zz_2 += x_2 * x_0;
+            w = (int)zz_2;
+            zz[zzOff + 2] = (w << 1) | c;
+            c = w >>> 31;
+            zz_3 += (zz_2 >>> 32) + x_2 * x_1;
+            zz_4 += zz_3 >>> 32;
+            zz_3 &= M;
+        }
+
+        long x_3 = x[xOff + 3] & M;
+        long zz_5 = zz[zzOff + 5] & M;
+        long zz_6 = zz[zzOff + 6] & M;
+        {
+            zz_3 += x_3 * x_0;
+            w = (int)zz_3;
+            zz[zzOff + 3] = (w << 1) | c;
+            c = w >>> 31;
+            zz_4 += (zz_3 >>> 32) + x_3 * x_1;
+            zz_5 += (zz_4 >>> 32) + x_3 * x_2;
+            zz_4 &= M;
+            zz_6 += zz_5 >>> 32;
+            zz_5 &= M;
+        }
+
+        long x_4 = x[xOff + 4] & M;
+        long zz_7 = zz[zzOff + 7] & M;
+        long zz_8 = zz[zzOff + 8] & M;
+        {
+            zz_4 += x_4 * x_0;
+            w = (int)zz_4;
+            zz[zzOff + 4] = (w << 1) | c;
+            c = w >>> 31;
+            zz_5 += (zz_4 >>> 32) + x_4 * x_1;
+            zz_6 += (zz_5 >>> 32) + x_4 * x_2;
+            zz_5 &= M;
+            zz_7 += (zz_6 >>> 32) + x_4 * x_3;
+            zz_6 &= M;
+            zz_8 += zz_7 >>> 32;
+            zz_7 &= M;
+        }
+
+        long x_5 = x[xOff + 5] & M;
+        long zz_9 = zz[zzOff + 9] & M;
+        long zz_10 = zz[zzOff + 10] & M;
+        {
+            zz_5 += x_5 * x_0;
+            w = (int)zz_5;
+            zz[zzOff + 5] = (w << 1) | c;
+            c = w >>> 31;
+            zz_6 += (zz_5 >>> 32) + x_5 * x_1;
+            zz_7 += (zz_6 >>> 32) + x_5 * x_2;
+            zz_8 += (zz_7 >>> 32) + x_5 * x_3;
+            zz_9 += (zz_8 >>> 32) + x_5 * x_4;
+            zz_10 += zz_9 >>> 32;
+        }
+
+        w = (int)zz_6;
+        zz[zzOff + 6] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_7;
+        zz[zzOff + 7] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_8;
+        zz[zzOff + 8] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_9;
+        zz[zzOff + 9] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_10;
+        zz[zzOff + 10] = (w << 1) | c;
+        c = w >>> 31;
+        w = zz[zzOff + 11] + (int)(zz_10 >> 32);
+        zz[zzOff + 11] = (w << 1) | c;
+    }
+
+    public static int sub(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) - (y[0] & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (x[1] & M) - (y[1] & M);
+        z[1] = (int)c;
+        c >>= 32;
+        c += (x[2] & M) - (y[2] & M);
+        z[2] = (int)c;
+        c >>= 32;
+        c += (x[3] & M) - (y[3] & M);
+        z[3] = (int)c;
+        c >>= 32;
+        c += (x[4] & M) - (y[4] & M);
+        z[4] = (int)c;
+        c >>= 32;
+        c += (x[5] & M) - (y[5] & M);
+        z[5] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int sub(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (x[xOff + 0] & M) - (y[yOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 1] & M) - (y[yOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 2] & M) - (y[yOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 3] & M) - (y[yOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 4] & M) - (y[yOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 5] & M) - (y[yOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int subBothFrom(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (z[0] & M) - (x[0] & M) - (y[0] & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) - (x[1] & M) - (y[1] & M);
+        z[1] = (int)c;
+        c >>= 32;
+        c += (z[2] & M) - (x[2] & M) - (y[2] & M);
+        z[2] = (int)c;
+        c >>= 32;
+        c += (z[3] & M) - (x[3] & M) - (y[3] & M);
+        z[3] = (int)c;
+        c >>= 32;
+        c += (z[4] & M) - (x[4] & M) - (y[4] & M);
+        z[4] = (int)c;
+        c >>= 32;
+        c += (z[5] & M) - (x[5] & M) - (y[5] & M);
+        z[5] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int subFrom(int[] x, int[] z)
+    {
+        long c = 0;
+        c += (z[0] & M) - (x[0] & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) - (x[1] & M);
+        z[1] = (int)c;
+        c >>= 32;
+        c += (z[2] & M) - (x[2] & M);
+        z[2] = (int)c;
+        c >>= 32;
+        c += (z[3] & M) - (x[3] & M);
+        z[3] = (int)c;
+        c >>= 32;
+        c += (z[4] & M) - (x[4] & M);
+        z[4] = (int)c;
+        c >>= 32;
+        c += (z[5] & M) - (x[5] & M);
+        z[5] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int subFrom(int[] x, int xOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (z[zOff + 0] & M) - (x[xOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 1] & M) - (x[xOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 2] & M) - (x[xOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 3] & M) - (x[xOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 4] & M) - (x[xOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 5] & M) - (x[xOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static BigInteger toBigInteger(int[] x)
+    {
+        byte[] bs = new byte[24];
+        for (int i = 0; i < 6; ++i)
+        {
+            int x_i = x[i];
+            if (x_i != 0)
+            {
+                Pack.intToBigEndian(x_i, bs, (5 - i) << 2);
+            }
+        }
+        return new BigInteger(1, bs);
+    }
+
+    public static void zero(int[] z)
+    {
+        z[0] = 0;
+        z[1] = 0;
+        z[2] = 0;
+        z[3] = 0;
+        z[4] = 0;
+        z[5] = 0;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/raw/Nat224.java b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat224.java
new file mode 100644
index 0000000..bbe81ca
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat224.java
@@ -0,0 +1,1182 @@
+package org.bouncycastle.math.raw;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.util.Pack;
+
+public abstract class Nat224
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    public static int add(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) + (y[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (x[1] & M) + (y[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += (x[2] & M) + (y[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += (x[3] & M) + (y[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += (x[4] & M) + (y[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += (x[5] & M) + (y[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += (x[6] & M) + (y[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int add(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (x[xOff + 0] & M) + (y[yOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 1] & M) + (y[yOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 2] & M) + (y[yOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 3] & M) + (y[yOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 4] & M) + (y[yOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 5] & M) + (y[yOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 6] & M) + (y[yOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addBothTo(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) + (y[0] & M) + (z[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (x[1] & M) + (y[1] & M) + (z[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += (x[2] & M) + (y[2] & M) + (z[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += (x[3] & M) + (y[3] & M) + (z[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += (x[4] & M) + (y[4] & M) + (z[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += (x[5] & M) + (y[5] & M) + (z[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += (x[6] & M) + (y[6] & M) + (z[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addBothTo(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (x[xOff + 0] & M) + (y[yOff + 0] & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 1] & M) + (y[yOff + 1] & M) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 2] & M) + (y[yOff + 2] & M) + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 3] & M) + (y[yOff + 3] & M) + (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 4] & M) + (y[yOff + 4] & M) + (z[zOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 5] & M) + (y[yOff + 5] & M) + (z[zOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 6] & M) + (y[yOff + 6] & M) + (z[zOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addTo(int[] x, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) + (z[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (x[1] & M) + (z[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += (x[2] & M) + (z[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += (x[3] & M) + (z[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += (x[4] & M) + (z[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += (x[5] & M) + (z[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += (x[6] & M) + (z[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addTo(int[] x, int xOff, int[] z, int zOff, int cIn)
+    {
+        long c = cIn & M;
+        c += (x[xOff + 0] & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 1] & M) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 2] & M) + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 3] & M) + (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 4] & M) + (z[zOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 5] & M) + (z[zOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 6] & M) + (z[zOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addToEachOther(int[] u, int uOff, int[] v, int vOff)
+    {
+        long c = 0;
+        c += (u[uOff + 0] & M) + (v[vOff + 0] & M);
+        u[uOff + 0] = (int)c;
+        v[vOff + 0] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 1] & M) + (v[vOff + 1] & M);
+        u[uOff + 1] = (int)c;
+        v[vOff + 1] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 2] & M) + (v[vOff + 2] & M);
+        u[uOff + 2] = (int)c;
+        v[vOff + 2] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 3] & M) + (v[vOff + 3] & M);
+        u[uOff + 3] = (int)c;
+        v[vOff + 3] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 4] & M) + (v[vOff + 4] & M);
+        u[uOff + 4] = (int)c;
+        v[vOff + 4] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 5] & M) + (v[vOff + 5] & M);
+        u[uOff + 5] = (int)c;
+        v[vOff + 5] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 6] & M) + (v[vOff + 6] & M);
+        u[uOff + 6] = (int)c;
+        v[vOff + 6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static void copy(int[] x, int[] z)
+    {
+        z[0] = x[0];
+        z[1] = x[1];
+        z[2] = x[2];
+        z[3] = x[3];
+        z[4] = x[4];
+        z[5] = x[5];
+        z[6] = x[6];
+    }
+
+    public static int[] create()
+    {
+        return new int[7];
+    }
+
+    public static int[] createExt()
+    {
+        return new int[14];
+    }
+
+    public static boolean diff(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        boolean pos = gte(x, xOff, y, yOff);
+        if (pos)
+        {
+            sub(x, xOff, y, yOff, z, zOff);
+        }
+        else
+        {
+            sub(y, yOff, x, xOff, z, zOff);
+        }
+        return pos;
+    }
+
+    public static boolean eq(int[] x, int[] y)
+    {
+        for (int i = 6; i >= 0; --i)
+        {
+            if (x[i] != y[i])
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        if (x.signum() < 0 || x.bitLength() > 224)
+        {
+            throw new IllegalArgumentException();
+        }
+
+        int[] z = create();
+        int i = 0;
+        while (x.signum() != 0)
+        {
+            z[i++] = x.intValue();
+            x = x.shiftRight(32);
+        }
+        return z;
+    }
+
+    public static int getBit(int[] x, int bit)
+    {
+        if (bit == 0)
+        {
+            return x[0] & 1;
+        }
+        int w = bit >> 5;
+        if (w < 0 || w >= 7)
+        {
+            return 0;
+        }
+        int b = bit & 31;
+        return (x[w] >>> b) & 1;
+    }
+
+    public static boolean gte(int[] x, int[] y)
+    {
+        for (int i = 6; i >= 0; --i)
+        {
+            int x_i = x[i] ^ Integer.MIN_VALUE;
+            int y_i = y[i] ^ Integer.MIN_VALUE;
+            if (x_i < y_i)
+                return false;
+            if (x_i > y_i)
+                return true;
+        }
+        return true;
+    }
+
+    public static boolean gte(int[] x, int xOff, int[] y, int yOff)
+    {
+        for (int i = 6; i >= 0; --i)
+        {
+            int x_i = x[xOff + i] ^ Integer.MIN_VALUE;
+            int y_i = y[yOff + i] ^ Integer.MIN_VALUE;
+            if (x_i < y_i)
+                return false;
+            if (x_i > y_i)
+                return true;
+        }
+        return true;
+    }
+
+    public static boolean isOne(int[] x)
+    {
+        if (x[0] != 1)
+        {
+            return false;
+        }
+        for (int i = 1; i < 7; ++i)
+        {
+            if (x[i] != 0)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static boolean isZero(int[] x)
+    {
+        for (int i = 0; i < 7; ++i)
+        {
+            if (x[i] != 0)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static void mul(int[] x, int[] y, int[] zz)
+    {
+        long y_0 = y[0] & M;
+        long y_1 = y[1] & M;
+        long y_2 = y[2] & M;
+        long y_3 = y[3] & M;
+        long y_4 = y[4] & M;
+        long y_5 = y[5] & M;
+        long y_6 = y[6] & M;
+
+        {
+            long c = 0, x_0 = x[0] & M;
+            c += x_0 * y_0;
+            zz[0] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_1;
+            zz[1] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_2;
+            zz[2] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_3;
+            zz[3] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_4;
+            zz[4] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_5;
+            zz[5] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_6;
+            zz[6] = (int)c;
+            c >>>= 32;
+            zz[7] = (int)c;
+        }
+
+        for (int i = 1; i < 7; ++i)
+        {
+            long c = 0, x_i = x[i] & M;
+            c += x_i * y_0 + (zz[i + 0] & M);
+            zz[i + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[i + 1] & M);
+            zz[i + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[i + 2] & M);
+            zz[i + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[i + 3] & M);
+            zz[i + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[i + 4] & M);
+            zz[i + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[i + 5] & M);
+            zz[i + 5] = (int)c;
+            c >>>= 32;
+            c += x_i * y_6 + (zz[i + 6] & M);
+            zz[i + 6] = (int)c;
+            c >>>= 32;
+            zz[i + 7] = (int)c;
+        }
+    }
+
+    public static void mul(int[] x, int xOff, int[] y, int yOff, int[] zz, int zzOff)
+    {
+        long y_0 = y[yOff + 0] & M;
+        long y_1 = y[yOff + 1] & M;
+        long y_2 = y[yOff + 2] & M;
+        long y_3 = y[yOff + 3] & M;
+        long y_4 = y[yOff + 4] & M;
+        long y_5 = y[yOff + 5] & M;
+        long y_6 = y[yOff + 6] & M;
+
+        {
+            long c = 0, x_0 = x[xOff + 0] & M;
+            c += x_0 * y_0;
+            zz[zzOff + 0] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_1;
+            zz[zzOff + 1] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_2;
+            zz[zzOff + 2] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_3;
+            zz[zzOff + 3] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_4;
+            zz[zzOff + 4] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_5;
+            zz[zzOff + 5] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_6;
+            zz[zzOff + 6] = (int)c;
+            c >>>= 32;
+            zz[zzOff + 7] = (int)c;
+        }
+
+        for (int i = 1; i < 7; ++i)
+        {
+            ++zzOff;
+            long c = 0, x_i = x[xOff + i] & M;
+            c += x_i * y_0 + (zz[zzOff + 0] & M);
+            zz[zzOff + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[zzOff + 1] & M);
+            zz[zzOff + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[zzOff + 2] & M);
+            zz[zzOff + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[zzOff + 3] & M);
+            zz[zzOff + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[zzOff + 4] & M);
+            zz[zzOff + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[zzOff + 5] & M);
+            zz[zzOff + 5] = (int)c;
+            c >>>= 32;
+            c += x_i * y_6 + (zz[zzOff + 6] & M);
+            zz[zzOff + 6] = (int)c;
+            c >>>= 32;
+            zz[zzOff + 7] = (int)c;
+        }
+    }
+
+    public static int mulAddTo(int[] x, int[] y, int[] zz)
+    {
+        long y_0 = y[0] & M;
+        long y_1 = y[1] & M;
+        long y_2 = y[2] & M;
+        long y_3 = y[3] & M;
+        long y_4 = y[4] & M;
+        long y_5 = y[5] & M;
+        long y_6 = y[6] & M;
+
+        long zc = 0;
+        for (int i = 0; i < 7; ++i)
+        {
+            long c = 0, x_i = x[i] & M;
+            c += x_i * y_0 + (zz[i + 0] & M);
+            zz[i + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[i + 1] & M);
+            zz[i + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[i + 2] & M);
+            zz[i + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[i + 3] & M);
+            zz[i + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[i + 4] & M);
+            zz[i + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[i + 5] & M);
+            zz[i + 5] = (int)c;
+            c >>>= 32;
+            c += x_i * y_6 + (zz[i + 6] & M);
+            zz[i + 6] = (int)c;
+            c >>>= 32;
+            c += zc + (zz[i + 7] & M);
+            zz[i + 7] = (int)c;
+            zc = c >>> 32;
+        }
+        return (int)zc;
+    }
+
+    public static int mulAddTo(int[] x, int xOff, int[] y, int yOff, int[] zz, int zzOff)
+    {
+        long y_0 = y[yOff + 0] & M;
+        long y_1 = y[yOff + 1] & M;
+        long y_2 = y[yOff + 2] & M;
+        long y_3 = y[yOff + 3] & M;
+        long y_4 = y[yOff + 4] & M;
+        long y_5 = y[yOff + 5] & M;
+        long y_6 = y[yOff + 6] & M;
+
+        long zc = 0;
+        for (int i = 0; i < 7; ++i)
+        {
+            long c = 0, x_i = x[xOff + i] & M;
+            c += x_i * y_0 + (zz[zzOff + 0] & M);
+            zz[zzOff + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[zzOff + 1] & M);
+            zz[zzOff + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[zzOff + 2] & M);
+            zz[zzOff + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[zzOff + 3] & M);
+            zz[zzOff + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[zzOff + 4] & M);
+            zz[zzOff + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[zzOff + 5] & M);
+            zz[zzOff + 5] = (int)c;
+            c >>>= 32;
+            c += x_i * y_6 + (zz[zzOff + 6] & M);
+            zz[zzOff + 6] = (int)c;
+            c >>>= 32;
+            c += zc + (zz[zzOff + 7] & M);
+            zz[zzOff + 7] = (int)c;
+            zc = c >>> 32;
+            ++zzOff;
+        }
+        return (int)zc;
+    }
+
+    public static long mul33Add(int w, int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        // assert w >>> 31 == 0;
+
+        long c = 0, wVal = w & M;
+        long x0 = x[xOff + 0] & M;
+        c += wVal * x0 + (y[yOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        long x1 = x[xOff + 1] & M;
+        c += wVal * x1 + x0 + (y[yOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        long x2 = x[xOff + 2] & M;
+        c += wVal * x2 + x1 + (y[yOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        long x3 = x[xOff + 3] & M;
+        c += wVal * x3 + x2 + (y[yOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        long x4 = x[xOff + 4] & M;
+        c += wVal * x4 + x3 + (y[yOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        long x5 = x[xOff + 5] & M;
+        c += wVal * x5 + x4 + (y[yOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        long x6 = x[xOff + 6] & M;
+        c += wVal * x6 + x5 + (y[yOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        c += x6;
+        return c;
+    }
+
+    public static int mulByWord(int x, int[] z)
+    {
+        long c = 0, xVal = x & M;
+        c += xVal * (z[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int mulByWordAddTo(int x, int[] y, int[] z)
+    {
+        long c = 0, xVal = x & M;
+        c += xVal * (z[0] & M) + (y[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[1] & M) + (y[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[2] & M) + (y[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[3] & M) + (y[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[4] & M) + (y[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[5] & M) + (y[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[6] & M) + (y[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int mulWordAddTo(int x, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0, xVal = x & M;
+        c += xVal * (y[yOff + 0] & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 1] & M) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 2] & M) + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 3] & M) + (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 4] & M) + (z[zOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 5] & M) + (z[zOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 6] & M) + (z[zOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int mul33DWordAdd(int x, long y, int[] z, int zOff)
+    {
+        // assert x >>> 31 == 0;
+        // assert zOff <= 3;
+
+        long c = 0, xVal = x & M;
+        long y00 = y & M;
+        c += xVal * y00 + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        long y01 = y >>> 32;
+        c += xVal * y01 + y00 + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += y01 + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : Nat.incAt(7, z, zOff, 4);
+    }
+
+    public static int mul33WordAdd(int x, int y, int[] z, int zOff)
+    {
+        // assert x >>> 31 == 0;
+        // assert zOff <= 4;
+
+        long c = 0, xVal = x & M, yVal = y & M;
+        c += yVal * xVal + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += yVal + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : Nat.incAt(7, z, zOff, 3);
+    }
+
+    public static int mulWordDwordAdd(int x, long y, int[] z, int zOff)
+    {
+        // assert zOff <= 4;
+        long c = 0, xVal = x & M;
+        c += xVal * (y & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += xVal * (y >>> 32) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : Nat.incAt(7, z, zOff, 3);
+    }
+
+    public static int mulWord(int x, int[] y, int[] z, int zOff)
+    {
+        long c = 0, xVal = x & M;
+        int i = 0;
+        do
+        {
+            c += xVal * (y[i] & M);
+            z[zOff + i] = (int)c;
+            c >>>= 32;
+        }
+        while (++i < 7);
+        return (int)c;
+    }
+
+    public static void square(int[] x, int[] zz)
+    {
+        long x_0 = x[0] & M;
+        long zz_1;
+
+        int c = 0, w;
+        {
+            int i = 6, j = 14;
+            do
+            {
+                long xVal = (x[i--] & M);
+                long p = xVal * xVal;
+                zz[--j] = (c << 31) | (int)(p >>> 33);
+                zz[--j] = (int)(p >>> 1);
+                c = (int)p;
+            }
+            while (i > 0);
+
+            {
+                long p = x_0 * x_0;
+                zz_1 = ((c << 31) & M) | (p >>> 33);
+                zz[0] = (int)p;
+                c = (int)(p >>> 32) & 1;
+            }
+        }
+
+        long x_1 = x[1] & M;
+        long zz_2 = zz[2] & M;
+
+        {
+            zz_1 += x_1 * x_0;
+            w = (int)zz_1;
+            zz[1] = (w << 1) | c;
+            c = w >>> 31;
+            zz_2 += zz_1 >>> 32;
+        }
+
+        long x_2 = x[2] & M;
+        long zz_3 = zz[3] & M;
+        long zz_4 = zz[4] & M;
+        {
+            zz_2 += x_2 * x_0;
+            w = (int)zz_2;
+            zz[2] = (w << 1) | c;
+            c = w >>> 31;
+            zz_3 += (zz_2 >>> 32) + x_2 * x_1;
+            zz_4 += zz_3 >>> 32;
+            zz_3 &= M;
+        }
+
+        long x_3 = x[3] & M;
+        long zz_5 = zz[5] & M;
+        long zz_6 = zz[6] & M;
+        {
+            zz_3 += x_3 * x_0;
+            w = (int)zz_3;
+            zz[3] = (w << 1) | c;
+            c = w >>> 31;
+            zz_4 += (zz_3 >>> 32) + x_3 * x_1;
+            zz_5 += (zz_4 >>> 32) + x_3 * x_2;
+            zz_4 &= M;
+            zz_6 += zz_5 >>> 32;
+            zz_5 &= M;
+        }
+
+        long x_4 = x[4] & M;
+        long zz_7 = zz[7] & M;
+        long zz_8 = zz[8] & M;
+        {
+            zz_4 += x_4 * x_0;
+            w = (int)zz_4;
+            zz[4] = (w << 1) | c;
+            c = w >>> 31;
+            zz_5 += (zz_4 >>> 32) + x_4 * x_1;
+            zz_6 += (zz_5 >>> 32) + x_4 * x_2;
+            zz_5 &= M;
+            zz_7 += (zz_6 >>> 32) + x_4 * x_3;
+            zz_6 &= M;
+            zz_8 += zz_7 >>> 32;
+            zz_7 &= M;
+        }
+
+        long x_5 = x[5] & M;
+        long zz_9 = zz[9] & M;
+        long zz_10 = zz[10] & M;
+        {
+            zz_5 += x_5 * x_0;
+            w = (int)zz_5;
+            zz[5] = (w << 1) | c;
+            c = w >>> 31;
+            zz_6 += (zz_5 >>> 32) + x_5 * x_1;
+            zz_7 += (zz_6 >>> 32) + x_5 * x_2;
+            zz_6 &= M;
+            zz_8 += (zz_7 >>> 32) + x_5 * x_3;
+            zz_7 &= M;
+            zz_9 += (zz_8 >>> 32) + x_5 * x_4;
+            zz_8 &= M;
+            zz_10 += zz_9 >>> 32;
+            zz_9 &= M;
+        }
+
+        long x_6 = x[6] & M;
+        long zz_11 = zz[11] & M;
+        long zz_12 = zz[12] & M;
+        {
+            zz_6 += x_6 * x_0;
+            w = (int)zz_6;
+            zz[6] = (w << 1) | c;
+            c = w >>> 31;
+            zz_7 += (zz_6 >>> 32) + x_6 * x_1;
+            zz_8 += (zz_7 >>> 32) + x_6 * x_2;
+            zz_9 += (zz_8 >>> 32) + x_6 * x_3;
+            zz_10 += (zz_9 >>> 32) + x_6 * x_4;
+            zz_11 += (zz_10 >>> 32) + x_6 * x_5;
+            zz_12 += zz_11 >>> 32;
+        }
+
+        w = (int)zz_7;
+        zz[7] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_8;
+        zz[8] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_9;
+        zz[9] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_10;
+        zz[10] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_11;
+        zz[11] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_12;
+        zz[12] = (w << 1) | c;
+        c = w >>> 31;
+        w = zz[13] + (int)(zz_12 >> 32);
+        zz[13] = (w << 1) | c;
+    }
+
+    public static void square(int[] x, int xOff, int[] zz, int zzOff)
+    {
+        long x_0 = x[xOff + 0] & M;
+        long zz_1;
+
+        int c = 0, w;
+        {
+            int i = 6, j = 14;
+            do
+            {
+                long xVal = (x[xOff + i--] & M);
+                long p = xVal * xVal;
+                zz[zzOff + --j] = (c << 31) | (int)(p >>> 33);
+                zz[zzOff + --j] = (int)(p >>> 1);
+                c = (int)p;
+            }
+            while (i > 0);
+
+            {
+                long p = x_0 * x_0;
+                zz_1 = ((c << 31) & M) | (p >>> 33);
+                zz[zzOff + 0] = (int)p;
+                c = (int)(p >>> 32) & 1;
+            }
+        }
+
+        long x_1 = x[xOff + 1] & M;
+        long zz_2 = zz[zzOff + 2] & M;
+
+        {
+            zz_1 += x_1 * x_0;
+            w = (int)zz_1;
+            zz[zzOff + 1] = (w << 1) | c;
+            c = w >>> 31;
+            zz_2 += zz_1 >>> 32;
+        }
+
+        long x_2 = x[xOff + 2] & M;
+        long zz_3 = zz[zzOff + 3] & M;
+        long zz_4 = zz[zzOff + 4] & M;
+        {
+            zz_2 += x_2 * x_0;
+            w = (int)zz_2;
+            zz[zzOff + 2] = (w << 1) | c;
+            c = w >>> 31;
+            zz_3 += (zz_2 >>> 32) + x_2 * x_1;
+            zz_4 += zz_3 >>> 32;
+            zz_3 &= M;
+        }
+
+        long x_3 = x[xOff + 3] & M;
+        long zz_5 = zz[zzOff + 5] & M;
+        long zz_6 = zz[zzOff + 6] & M;
+        {
+            zz_3 += x_3 * x_0;
+            w = (int)zz_3;
+            zz[zzOff + 3] = (w << 1) | c;
+            c = w >>> 31;
+            zz_4 += (zz_3 >>> 32) + x_3 * x_1;
+            zz_5 += (zz_4 >>> 32) + x_3 * x_2;
+            zz_4 &= M;
+            zz_6 += zz_5 >>> 32;
+            zz_5 &= M;
+        }
+
+        long x_4 = x[xOff + 4] & M;
+        long zz_7 = zz[zzOff + 7] & M;
+        long zz_8 = zz[zzOff + 8] & M;
+        {
+            zz_4 += x_4 * x_0;
+            w = (int)zz_4;
+            zz[zzOff + 4] = (w << 1) | c;
+            c = w >>> 31;
+            zz_5 += (zz_4 >>> 32) + x_4 * x_1;
+            zz_6 += (zz_5 >>> 32) + x_4 * x_2;
+            zz_5 &= M;
+            zz_7 += (zz_6 >>> 32) + x_4 * x_3;
+            zz_6 &= M;
+            zz_8 += zz_7 >>> 32;
+            zz_7 &= M;
+        }
+
+        long x_5 = x[xOff + 5] & M;
+        long zz_9 = zz[zzOff + 9] & M;
+        long zz_10 = zz[zzOff + 10] & M;
+        {
+            zz_5 += x_5 * x_0;
+            w = (int)zz_5;
+            zz[zzOff + 5] = (w << 1) | c;
+            c = w >>> 31;
+            zz_6 += (zz_5 >>> 32) + x_5 * x_1;
+            zz_7 += (zz_6 >>> 32) + x_5 * x_2;
+            zz_6 &= M;
+            zz_8 += (zz_7 >>> 32) + x_5 * x_3;
+            zz_7 &= M;
+            zz_9 += (zz_8 >>> 32) + x_5 * x_4;
+            zz_8 &= M;
+            zz_10 += zz_9 >>> 32;
+            zz_9 &= M;
+        }
+
+        long x_6 = x[xOff + 6] & M;
+        long zz_11 = zz[zzOff + 11] & M;
+        long zz_12 = zz[zzOff + 12] & M;
+        {
+            zz_6 += x_6 * x_0;
+            w = (int)zz_6;
+            zz[zzOff + 6] = (w << 1) | c;
+            c = w >>> 31;
+            zz_7 += (zz_6 >>> 32) + x_6 * x_1;
+            zz_8 += (zz_7 >>> 32) + x_6 * x_2;
+            zz_9 += (zz_8 >>> 32) + x_6 * x_3;
+            zz_10 += (zz_9 >>> 32) + x_6 * x_4;
+            zz_11 += (zz_10 >>> 32) + x_6 * x_5;
+            zz_12 += zz_11 >>> 32;
+        }
+
+        w = (int)zz_7;
+        zz[zzOff + 7] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_8;
+        zz[zzOff + 8] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_9;
+        zz[zzOff + 9] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_10;
+        zz[zzOff + 10] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_11;
+        zz[zzOff + 11] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_12;
+        zz[zzOff + 12] = (w << 1) | c;
+        c = w >>> 31;
+        w = zz[zzOff + 13] + (int)(zz_12 >> 32);
+        zz[zzOff + 13] = (w << 1) | c;
+    }
+
+    public static int sub(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) - (y[0] & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (x[1] & M) - (y[1] & M);
+        z[1] = (int)c;
+        c >>= 32;
+        c += (x[2] & M) - (y[2] & M);
+        z[2] = (int)c;
+        c >>= 32;
+        c += (x[3] & M) - (y[3] & M);
+        z[3] = (int)c;
+        c >>= 32;
+        c += (x[4] & M) - (y[4] & M);
+        z[4] = (int)c;
+        c >>= 32;
+        c += (x[5] & M) - (y[5] & M);
+        z[5] = (int)c;
+        c >>= 32;
+        c += (x[6] & M) - (y[6] & M);
+        z[6] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int sub(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (x[xOff + 0] & M) - (y[yOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 1] & M) - (y[yOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 2] & M) - (y[yOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 3] & M) - (y[yOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 4] & M) - (y[yOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 5] & M) - (y[yOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 6] & M) - (y[yOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int subBothFrom(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (z[0] & M) - (x[0] & M) - (y[0] & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) - (x[1] & M) - (y[1] & M);
+        z[1] = (int)c;
+        c >>= 32;
+        c += (z[2] & M) - (x[2] & M) - (y[2] & M);
+        z[2] = (int)c;
+        c >>= 32;
+        c += (z[3] & M) - (x[3] & M) - (y[3] & M);
+        z[3] = (int)c;
+        c >>= 32;
+        c += (z[4] & M) - (x[4] & M) - (y[4] & M);
+        z[4] = (int)c;
+        c >>= 32;
+        c += (z[5] & M) - (x[5] & M) - (y[5] & M);
+        z[5] = (int)c;
+        c >>= 32;
+        c += (z[6] & M) - (x[6] & M) - (y[6] & M);
+        z[6] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int subFrom(int[] x, int[] z)
+    {
+        long c = 0;
+        c += (z[0] & M) - (x[0] & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) - (x[1] & M);
+        z[1] = (int)c;
+        c >>= 32;
+        c += (z[2] & M) - (x[2] & M);
+        z[2] = (int)c;
+        c >>= 32;
+        c += (z[3] & M) - (x[3] & M);
+        z[3] = (int)c;
+        c >>= 32;
+        c += (z[4] & M) - (x[4] & M);
+        z[4] = (int)c;
+        c >>= 32;
+        c += (z[5] & M) - (x[5] & M);
+        z[5] = (int)c;
+        c >>= 32;
+        c += (z[6] & M) - (x[6] & M);
+        z[6] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int subFrom(int[] x, int xOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (z[zOff + 0] & M) - (x[xOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 1] & M) - (x[xOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 2] & M) - (x[xOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 3] & M) - (x[xOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 4] & M) - (x[xOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 5] & M) - (x[xOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 6] & M) - (x[xOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static BigInteger toBigInteger(int[] x)
+    {
+        byte[] bs = new byte[28];
+        for (int i = 0; i < 7; ++i)
+        {
+            int x_i = x[i];
+            if (x_i != 0)
+            {
+                Pack.intToBigEndian(x_i, bs, (6 - i) << 2);
+            }
+        }
+        return new BigInteger(1, bs);
+    }
+
+    public static void zero(int[] z)
+    {
+        z[0] = 0;
+        z[1] = 0;
+        z[2] = 0;
+        z[3] = 0;
+        z[4] = 0;
+        z[5] = 0;
+        z[6] = 0;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/raw/Nat256.java b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat256.java
new file mode 100644
index 0000000..9886678
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat256.java
@@ -0,0 +1,1306 @@
+package org.bouncycastle.math.raw;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.util.Pack;
+
+public abstract class Nat256
+{
+    private static final long M = 0xFFFFFFFFL;
+
+    public static int add(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) + (y[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (x[1] & M) + (y[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += (x[2] & M) + (y[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += (x[3] & M) + (y[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += (x[4] & M) + (y[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += (x[5] & M) + (y[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += (x[6] & M) + (y[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        c += (x[7] & M) + (y[7] & M);
+        z[7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int add(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (x[xOff + 0] & M) + (y[yOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 1] & M) + (y[yOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 2] & M) + (y[yOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 3] & M) + (y[yOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 4] & M) + (y[yOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 5] & M) + (y[yOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 6] & M) + (y[yOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 7] & M) + (y[yOff + 7] & M);
+        z[zOff + 7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addBothTo(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) + (y[0] & M) + (z[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (x[1] & M) + (y[1] & M) + (z[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += (x[2] & M) + (y[2] & M) + (z[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += (x[3] & M) + (y[3] & M) + (z[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += (x[4] & M) + (y[4] & M) + (z[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += (x[5] & M) + (y[5] & M) + (z[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += (x[6] & M) + (y[6] & M) + (z[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        c += (x[7] & M) + (y[7] & M) + (z[7] & M);
+        z[7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addBothTo(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (x[xOff + 0] & M) + (y[yOff + 0] & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 1] & M) + (y[yOff + 1] & M) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 2] & M) + (y[yOff + 2] & M) + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 3] & M) + (y[yOff + 3] & M) + (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 4] & M) + (y[yOff + 4] & M) + (z[zOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 5] & M) + (y[yOff + 5] & M) + (z[zOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 6] & M) + (y[yOff + 6] & M) + (z[zOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 7] & M) + (y[yOff + 7] & M) + (z[zOff + 7] & M);
+        z[zOff + 7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addTo(int[] x, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) + (z[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += (x[1] & M) + (z[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += (x[2] & M) + (z[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += (x[3] & M) + (z[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += (x[4] & M) + (z[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += (x[5] & M) + (z[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += (x[6] & M) + (z[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        c += (x[7] & M) + (z[7] & M);
+        z[7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addTo(int[] x, int xOff, int[] z, int zOff, int cIn)
+    {
+        long c = cIn & M;
+        c += (x[xOff + 0] & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 1] & M) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 2] & M) + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 3] & M) + (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 4] & M) + (z[zOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 5] & M) + (z[zOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 6] & M) + (z[zOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        c += (x[xOff + 7] & M) + (z[zOff + 7] & M);
+        z[zOff + 7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int addToEachOther(int[] u, int uOff, int[] v, int vOff)
+    {
+        long c = 0;
+        c += (u[uOff + 0] & M) + (v[vOff + 0] & M);
+        u[uOff + 0] = (int)c;
+        v[vOff + 0] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 1] & M) + (v[vOff + 1] & M);
+        u[uOff + 1] = (int)c;
+        v[vOff + 1] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 2] & M) + (v[vOff + 2] & M);
+        u[uOff + 2] = (int)c;
+        v[vOff + 2] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 3] & M) + (v[vOff + 3] & M);
+        u[uOff + 3] = (int)c;
+        v[vOff + 3] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 4] & M) + (v[vOff + 4] & M);
+        u[uOff + 4] = (int)c;
+        v[vOff + 4] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 5] & M) + (v[vOff + 5] & M);
+        u[uOff + 5] = (int)c;
+        v[vOff + 5] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 6] & M) + (v[vOff + 6] & M);
+        u[uOff + 6] = (int)c;
+        v[vOff + 6] = (int)c;
+        c >>>= 32;
+        c += (u[uOff + 7] & M) + (v[vOff + 7] & M);
+        u[uOff + 7] = (int)c;
+        v[vOff + 7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static void copy(int[] x, int[] z)
+    {
+        z[0] = x[0];
+        z[1] = x[1];
+        z[2] = x[2];
+        z[3] = x[3];
+        z[4] = x[4];
+        z[5] = x[5];
+        z[6] = x[6];
+        z[7] = x[7];
+    }
+
+    public static int[] create()
+    {
+        return new int[8];
+    }
+
+    public static int[] createExt()
+    {
+        return new int[16];
+    }
+
+    public static boolean diff(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        boolean pos = gte(x, xOff, y, yOff);
+        if (pos)
+        {
+            sub(x, xOff, y, yOff, z, zOff);
+        }
+        else
+        {
+            sub(y, yOff, x, xOff, z, zOff);
+        }
+        return pos;
+    }
+
+    public static boolean eq(int[] x, int[] y)
+    {
+        for (int i = 7; i >= 0; --i)
+        {
+            if (x[i] != y[i])
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static int[] fromBigInteger(BigInteger x)
+    {
+        if (x.signum() < 0 || x.bitLength() > 256)
+        {
+            throw new IllegalArgumentException();
+        }
+
+        int[] z = create();
+        int i = 0;
+        while (x.signum() != 0)
+        {
+            z[i++] = x.intValue();
+            x = x.shiftRight(32);
+        }
+        return z;
+    }
+
+    public static int getBit(int[] x, int bit)
+    {
+        if (bit == 0)
+        {
+            return x[0] & 1;
+        }
+        if ((bit & 255) != bit)
+        {
+            return 0;
+        }
+        int w = bit >>> 5;
+        int b = bit & 31;
+        return (x[w] >>> b) & 1;
+    }
+
+    public static boolean gte(int[] x, int[] y)
+    {
+        for (int i = 7; i >= 0; --i)
+        {
+            int x_i = x[i] ^ Integer.MIN_VALUE;
+            int y_i = y[i] ^ Integer.MIN_VALUE;
+            if (x_i < y_i)
+                return false;
+            if (x_i > y_i)
+                return true;
+        }
+        return true;
+    }
+
+    public static boolean gte(int[] x, int xOff, int[] y, int yOff)
+    {
+        for (int i = 7; i >= 0; --i)
+        {
+            int x_i = x[xOff + i] ^ Integer.MIN_VALUE;
+            int y_i = y[yOff + i] ^ Integer.MIN_VALUE;
+            if (x_i < y_i)
+                return false;
+            if (x_i > y_i)
+                return true;
+        }
+        return true;
+    }
+
+    public static boolean isOne(int[] x)
+    {
+        if (x[0] != 1)
+        {
+            return false;
+        }
+        for (int i = 1; i < 8; ++i)
+        {
+            if (x[i] != 0)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static boolean isZero(int[] x)
+    {
+        for (int i = 0; i < 8; ++i)
+        {
+            if (x[i] != 0)
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static void mul(int[] x, int[] y, int[] zz)
+    {
+        long y_0 = y[0] & M;
+        long y_1 = y[1] & M;
+        long y_2 = y[2] & M;
+        long y_3 = y[3] & M;
+        long y_4 = y[4] & M;
+        long y_5 = y[5] & M;
+        long y_6 = y[6] & M;
+        long y_7 = y[7] & M;
+
+        {
+            long c = 0, x_0 = x[0] & M;
+            c += x_0 * y_0;
+            zz[0] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_1;
+            zz[1] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_2;
+            zz[2] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_3;
+            zz[3] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_4;
+            zz[4] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_5;
+            zz[5] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_6;
+            zz[6] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_7;
+            zz[7] = (int)c;
+            c >>>= 32;
+            zz[8] = (int)c;
+        }
+
+        for (int i = 1; i < 8; ++i)
+        {
+            long c = 0, x_i = x[i] & M;
+            c += x_i * y_0 + (zz[i + 0] & M);
+            zz[i + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[i + 1] & M);
+            zz[i + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[i + 2] & M);
+            zz[i + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[i + 3] & M);
+            zz[i + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[i + 4] & M);
+            zz[i + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[i + 5] & M);
+            zz[i + 5] = (int)c;
+            c >>>= 32;
+            c += x_i * y_6 + (zz[i + 6] & M);
+            zz[i + 6] = (int)c;
+            c >>>= 32;
+            c += x_i * y_7 + (zz[i + 7] & M);
+            zz[i + 7] = (int)c;
+            c >>>= 32;
+            zz[i + 8] = (int)c;
+        }
+    }
+
+    public static void mul(int[] x, int xOff, int[] y, int yOff, int[] zz, int zzOff)
+    {
+        long y_0 = y[yOff + 0] & M;
+        long y_1 = y[yOff + 1] & M;
+        long y_2 = y[yOff + 2] & M;
+        long y_3 = y[yOff + 3] & M;
+        long y_4 = y[yOff + 4] & M;
+        long y_5 = y[yOff + 5] & M;
+        long y_6 = y[yOff + 6] & M;
+        long y_7 = y[yOff + 7] & M;
+
+        {
+            long c = 0, x_0 = x[xOff + 0] & M;
+            c += x_0 * y_0;
+            zz[zzOff + 0] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_1;
+            zz[zzOff + 1] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_2;
+            zz[zzOff + 2] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_3;
+            zz[zzOff + 3] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_4;
+            zz[zzOff + 4] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_5;
+            zz[zzOff + 5] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_6;
+            zz[zzOff + 6] = (int)c;
+            c >>>= 32;
+            c += x_0 * y_7;
+            zz[zzOff + 7] = (int)c;
+            c >>>= 32;
+            zz[zzOff + 8] = (int)c;
+        }
+
+        for (int i = 1; i < 8; ++i)
+        {
+            ++zzOff;
+            long c = 0, x_i = x[xOff + i] & M;
+            c += x_i * y_0 + (zz[zzOff + 0] & M);
+            zz[zzOff + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[zzOff + 1] & M);
+            zz[zzOff + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[zzOff + 2] & M);
+            zz[zzOff + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[zzOff + 3] & M);
+            zz[zzOff + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[zzOff + 4] & M);
+            zz[zzOff + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[zzOff + 5] & M);
+            zz[zzOff + 5] = (int)c;
+            c >>>= 32;
+            c += x_i * y_6 + (zz[zzOff + 6] & M);
+            zz[zzOff + 6] = (int)c;
+            c >>>= 32;
+            c += x_i * y_7 + (zz[zzOff + 7] & M);
+            zz[zzOff + 7] = (int)c;
+            c >>>= 32;
+            zz[zzOff + 8] = (int)c;
+        }
+    }
+
+    public static int mulAddTo(int[] x, int[] y, int[] zz)
+    {
+        long y_0 = y[0] & M;
+        long y_1 = y[1] & M;
+        long y_2 = y[2] & M;
+        long y_3 = y[3] & M;
+        long y_4 = y[4] & M;
+        long y_5 = y[5] & M;
+        long y_6 = y[6] & M;
+        long y_7 = y[7] & M;
+
+        long zc = 0;
+        for (int i = 0; i < 8; ++i)
+        {
+            long c = 0, x_i = x[i] & M;
+            c += x_i * y_0 + (zz[i + 0] & M);
+            zz[i + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[i + 1] & M);
+            zz[i + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[i + 2] & M);
+            zz[i + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[i + 3] & M);
+            zz[i + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[i + 4] & M);
+            zz[i + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[i + 5] & M);
+            zz[i + 5] = (int)c;
+            c >>>= 32;
+            c += x_i * y_6 + (zz[i + 6] & M);
+            zz[i + 6] = (int)c;
+            c >>>= 32;
+            c += x_i * y_7 + (zz[i + 7] & M);
+            zz[i + 7] = (int)c;
+            c >>>= 32;
+            c += zc + (zz[i + 8] & M);
+            zz[i + 8] = (int)c;
+            zc = c >>> 32;
+        }
+        return (int)zc;
+    }
+
+    public static int mulAddTo(int[] x, int xOff, int[] y, int yOff, int[] zz, int zzOff)
+    {
+        long y_0 = y[yOff + 0] & M;
+        long y_1 = y[yOff + 1] & M;
+        long y_2 = y[yOff + 2] & M;
+        long y_3 = y[yOff + 3] & M;
+        long y_4 = y[yOff + 4] & M;
+        long y_5 = y[yOff + 5] & M;
+        long y_6 = y[yOff + 6] & M;
+        long y_7 = y[yOff + 7] & M;
+
+        long zc = 0;
+        for (int i = 0; i < 8; ++i)
+        {
+            long c = 0, x_i = x[xOff + i] & M;
+            c += x_i * y_0 + (zz[zzOff + 0] & M);
+            zz[zzOff + 0] = (int)c;
+            c >>>= 32;
+            c += x_i * y_1 + (zz[zzOff + 1] & M);
+            zz[zzOff + 1] = (int)c;
+            c >>>= 32;
+            c += x_i * y_2 + (zz[zzOff + 2] & M);
+            zz[zzOff + 2] = (int)c;
+            c >>>= 32;
+            c += x_i * y_3 + (zz[zzOff + 3] & M);
+            zz[zzOff + 3] = (int)c;
+            c >>>= 32;
+            c += x_i * y_4 + (zz[zzOff + 4] & M);
+            zz[zzOff + 4] = (int)c;
+            c >>>= 32;
+            c += x_i * y_5 + (zz[zzOff + 5] & M);
+            zz[zzOff + 5] = (int)c;
+            c >>>= 32;
+            c += x_i * y_6 + (zz[zzOff + 6] & M);
+            zz[zzOff + 6] = (int)c;
+            c >>>= 32;
+            c += x_i * y_7 + (zz[zzOff + 7] & M);
+            zz[zzOff + 7] = (int)c;
+            c >>>= 32;
+            c += zc + (zz[zzOff + 8] & M);
+            zz[zzOff + 8] = (int)c;
+            zc = c >>> 32;
+            ++zzOff;
+        }
+        return (int)zc;
+    }
+
+    public static long mul33Add(int w, int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        // assert w >>> 31 == 0;
+
+        long c = 0, wVal = w & M;
+        long x0 = x[xOff + 0] & M;
+        c += wVal * x0 + (y[yOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        long x1 = x[xOff + 1] & M;
+        c += wVal * x1 + x0 + (y[yOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        long x2 = x[xOff + 2] & M;
+        c += wVal * x2 + x1 + (y[yOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        long x3 = x[xOff + 3] & M;
+        c += wVal * x3 + x2 + (y[yOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        long x4 = x[xOff + 4] & M;
+        c += wVal * x4 + x3 + (y[yOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        long x5 = x[xOff + 5] & M;
+        c += wVal * x5 + x4 + (y[yOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        long x6 = x[xOff + 6] & M;
+        c += wVal * x6 + x5 + (y[yOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        long x7 = x[xOff + 7] & M;
+        c += wVal * x7 + x6 + (y[yOff + 7] & M);
+        z[zOff + 7] = (int)c;
+        c >>>= 32;
+        c += x7;
+        return c;
+    }
+
+    public static int mulByWord(int x, int[] z)
+    {
+        long c = 0, xVal = x & M;
+        c += xVal * (z[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[7] & M);
+        z[7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int mulByWordAddTo(int x, int[] y, int[] z)
+    {
+        long c = 0, xVal = x & M;
+        c += xVal * (z[0] & M) + (y[0] & M);
+        z[0] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[1] & M) + (y[1] & M);
+        z[1] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[2] & M) + (y[2] & M);
+        z[2] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[3] & M) + (y[3] & M);
+        z[3] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[4] & M) + (y[4] & M);
+        z[4] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[5] & M) + (y[5] & M);
+        z[5] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[6] & M) + (y[6] & M);
+        z[6] = (int)c;
+        c >>>= 32;
+        c += xVal * (z[7] & M) + (y[7] & M);
+        z[7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int mulWordAddTo(int x, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0, xVal = x & M;
+        c += xVal * (y[yOff + 0] & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 1] & M) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 2] & M) + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 3] & M) + (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 4] & M) + (z[zOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 5] & M) + (z[zOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 6] & M) + (z[zOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>>= 32;
+        c += xVal * (y[yOff + 7] & M) + (z[zOff + 7] & M);
+        z[zOff + 7] = (int)c;
+        c >>>= 32;
+        return (int)c;
+    }
+
+    public static int mul33DWordAdd(int x, long y, int[] z, int zOff)
+    {
+        // assert x >>> 31 == 0;
+        // assert zOff <= 4;
+
+        long c = 0, xVal = x & M;
+        long y00 = y & M;
+        c += xVal * y00 + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        long y01 = y >>> 32;
+        c += xVal * y01 + y00 + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += y01 + (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : Nat.incAt(8, z, zOff, 4);
+    }
+
+    public static int mul33WordAdd(int x, int y, int[] z, int zOff)
+    {
+        // assert x >>> 31 == 0;
+        // assert zOff <= 5;
+
+        long c = 0, xVal = x & M, yVal = y & M;
+        c += yVal * xVal + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += yVal + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : Nat.incAt(8, z, zOff, 3);
+    }
+
+    public static int mulWordDwordAdd(int x, long y, int[] z, int zOff)
+    {
+        // assert zOff <= 5;
+        long c = 0, xVal = x & M;
+        c += xVal * (y & M) + (z[zOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>>= 32;
+        c += xVal * (y >>> 32) + (z[zOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>>= 32;
+        c += (z[zOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>>= 32;
+        return c == 0 ? 0 : Nat.incAt(8, z, zOff, 3);
+    }
+
+    public static int mulWord(int x, int[] y, int[] z, int zOff)
+    {
+        long c = 0, xVal = x & M;
+        int i = 0;
+        do
+        {
+            c += xVal * (y[i] & M);
+            z[zOff + i] = (int)c;
+            c >>>= 32;
+        }
+        while (++i < 8);
+        return (int)c;
+    }
+
+    public static void square(int[] x, int[] zz)
+    {
+        long x_0 = x[0] & M;
+        long zz_1;
+
+        int c = 0, w;
+        {
+            int i = 7, j = 16;
+            do
+            {
+                long xVal = (x[i--] & M);
+                long p = xVal * xVal;
+                zz[--j] = (c << 31) | (int)(p >>> 33);
+                zz[--j] = (int)(p >>> 1);
+                c = (int)p;
+            }
+            while (i > 0);
+
+            {
+                long p = x_0 * x_0;
+                zz_1 = ((c << 31) & M) | (p >>> 33);
+                zz[0] = (int)p;
+                c = (int)(p >>> 32) & 1;
+            }
+        }
+
+        long x_1 = x[1] & M;
+        long zz_2 = zz[2] & M;
+
+        {
+            zz_1 += x_1 * x_0;
+            w = (int)zz_1;
+            zz[1] = (w << 1) | c;
+            c = w >>> 31;
+            zz_2 += zz_1 >>> 32;
+        }
+
+        long x_2 = x[2] & M;
+        long zz_3 = zz[3] & M;
+        long zz_4 = zz[4] & M;
+        {
+            zz_2 += x_2 * x_0;
+            w = (int)zz_2;
+            zz[2] = (w << 1) | c;
+            c = w >>> 31;
+            zz_3 += (zz_2 >>> 32) + x_2 * x_1;
+            zz_4 += zz_3 >>> 32;
+            zz_3 &= M;
+        }
+
+        long x_3 = x[3] & M;
+        long zz_5 = zz[5] & M;
+        long zz_6 = zz[6] & M;
+        {
+            zz_3 += x_3 * x_0;
+            w = (int)zz_3;
+            zz[3] = (w << 1) | c;
+            c = w >>> 31;
+            zz_4 += (zz_3 >>> 32) + x_3 * x_1;
+            zz_5 += (zz_4 >>> 32) + x_3 * x_2;
+            zz_4 &= M;
+            zz_6 += zz_5 >>> 32;
+            zz_5 &= M;
+        }
+
+        long x_4 = x[4] & M;
+        long zz_7 = zz[7] & M;
+        long zz_8 = zz[8] & M;
+        {
+            zz_4 += x_4 * x_0;
+            w = (int)zz_4;
+            zz[4] = (w << 1) | c;
+            c = w >>> 31;
+            zz_5 += (zz_4 >>> 32) + x_4 * x_1;
+            zz_6 += (zz_5 >>> 32) + x_4 * x_2;
+            zz_5 &= M;
+            zz_7 += (zz_6 >>> 32) + x_4 * x_3;
+            zz_6 &= M;
+            zz_8 += zz_7 >>> 32;
+            zz_7 &= M;
+        }
+
+        long x_5 = x[5] & M;
+        long zz_9 = zz[9] & M;
+        long zz_10 = zz[10] & M;
+        {
+            zz_5 += x_5 * x_0;
+            w = (int)zz_5;
+            zz[5] = (w << 1) | c;
+            c = w >>> 31;
+            zz_6 += (zz_5 >>> 32) + x_5 * x_1;
+            zz_7 += (zz_6 >>> 32) + x_5 * x_2;
+            zz_6 &= M;
+            zz_8 += (zz_7 >>> 32) + x_5 * x_3;
+            zz_7 &= M;
+            zz_9 += (zz_8 >>> 32) + x_5 * x_4;
+            zz_8 &= M;
+            zz_10 += zz_9 >>> 32;
+            zz_9 &= M;
+        }
+
+        long x_6 = x[6] & M;
+        long zz_11 = zz[11] & M;
+        long zz_12 = zz[12] & M;
+        {
+            zz_6 += x_6 * x_0;
+            w = (int)zz_6;
+            zz[6] = (w << 1) | c;
+            c = w >>> 31;
+            zz_7 += (zz_6 >>> 32) + x_6 * x_1;
+            zz_8 += (zz_7 >>> 32) + x_6 * x_2;
+            zz_7 &= M;
+            zz_9 += (zz_8 >>> 32) + x_6 * x_3;
+            zz_8 &= M;
+            zz_10 += (zz_9 >>> 32) + x_6 * x_4;
+            zz_9 &= M;
+            zz_11 += (zz_10 >>> 32) + x_6 * x_5;
+            zz_10 &= M;
+            zz_12 += zz_11 >>> 32;
+            zz_11 &= M;
+        }
+
+        long x_7 = x[7] & M;
+        long zz_13 = zz[13] & M;
+        long zz_14 = zz[14] & M;
+        {
+            zz_7 += x_7 * x_0;
+            w = (int)zz_7;
+            zz[7] = (w << 1) | c;
+            c = w >>> 31;
+            zz_8 += (zz_7 >>> 32) + x_7 * x_1;
+            zz_9 += (zz_8 >>> 32) + x_7 * x_2;
+            zz_10 += (zz_9 >>> 32) + x_7 * x_3;
+            zz_11 += (zz_10 >>> 32) + x_7 * x_4;
+            zz_12 += (zz_11 >>> 32) + x_7 * x_5;
+            zz_13 += (zz_12 >>> 32) + x_7 * x_6;
+            zz_14 += zz_13 >>> 32;
+        }
+
+        w = (int)zz_8;
+        zz[8] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_9;
+        zz[9] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_10;
+        zz[10] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_11;
+        zz[11] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_12;
+        zz[12] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_13;
+        zz[13] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_14;
+        zz[14] = (w << 1) | c;
+        c = w >>> 31;
+        w = zz[15] + (int)(zz_14 >> 32);
+        zz[15] = (w << 1) | c;
+    }
+
+    public static void square(int[] x, int xOff, int[] zz, int zzOff)
+    {
+        long x_0 = x[xOff + 0] & M;
+        long zz_1;
+
+        int c = 0, w;
+        {
+            int i = 7, j = 16;
+            do
+            {
+                long xVal = (x[xOff + i--] & M);
+                long p = xVal * xVal;
+                zz[zzOff + --j] = (c << 31) | (int)(p >>> 33);
+                zz[zzOff + --j] = (int)(p >>> 1);
+                c = (int)p;
+            }
+            while (i > 0);
+
+            {
+                long p = x_0 * x_0;
+                zz_1 = ((c << 31) & M) | (p >>> 33);
+                zz[zzOff + 0] = (int)p;
+                c = (int)(p >>> 32) & 1;
+            }
+        }
+
+        long x_1 = x[xOff + 1] & M;
+        long zz_2 = zz[zzOff + 2] & M;
+
+        {
+            zz_1 += x_1 * x_0;
+            w = (int)zz_1;
+            zz[zzOff + 1] = (w << 1) | c;
+            c = w >>> 31;
+            zz_2 += zz_1 >>> 32;
+        }
+
+        long x_2 = x[xOff + 2] & M;
+        long zz_3 = zz[zzOff + 3] & M;
+        long zz_4 = zz[zzOff + 4] & M;
+        {
+            zz_2 += x_2 * x_0;
+            w = (int)zz_2;
+            zz[zzOff + 2] = (w << 1) | c;
+            c = w >>> 31;
+            zz_3 += (zz_2 >>> 32) + x_2 * x_1;
+            zz_4 += zz_3 >>> 32;
+            zz_3 &= M;
+        }
+
+        long x_3 = x[xOff + 3] & M;
+        long zz_5 = zz[zzOff + 5] & M;
+        long zz_6 = zz[zzOff + 6] & M;
+        {
+            zz_3 += x_3 * x_0;
+            w = (int)zz_3;
+            zz[zzOff + 3] = (w << 1) | c;
+            c = w >>> 31;
+            zz_4 += (zz_3 >>> 32) + x_3 * x_1;
+            zz_5 += (zz_4 >>> 32) + x_3 * x_2;
+            zz_4 &= M;
+            zz_6 += zz_5 >>> 32;
+            zz_5 &= M;
+        }
+
+        long x_4 = x[xOff + 4] & M;
+        long zz_7 = zz[zzOff + 7] & M;
+        long zz_8 = zz[zzOff + 8] & M;
+        {
+            zz_4 += x_4 * x_0;
+            w = (int)zz_4;
+            zz[zzOff + 4] = (w << 1) | c;
+            c = w >>> 31;
+            zz_5 += (zz_4 >>> 32) + x_4 * x_1;
+            zz_6 += (zz_5 >>> 32) + x_4 * x_2;
+            zz_5 &= M;
+            zz_7 += (zz_6 >>> 32) + x_4 * x_3;
+            zz_6 &= M;
+            zz_8 += zz_7 >>> 32;
+            zz_7 &= M;
+        }
+
+        long x_5 = x[xOff + 5] & M;
+        long zz_9 = zz[zzOff + 9] & M;
+        long zz_10 = zz[zzOff + 10] & M;
+        {
+            zz_5 += x_5 * x_0;
+            w = (int)zz_5;
+            zz[zzOff + 5] = (w << 1) | c;
+            c = w >>> 31;
+            zz_6 += (zz_5 >>> 32) + x_5 * x_1;
+            zz_7 += (zz_6 >>> 32) + x_5 * x_2;
+            zz_6 &= M;
+            zz_8 += (zz_7 >>> 32) + x_5 * x_3;
+            zz_7 &= M;
+            zz_9 += (zz_8 >>> 32) + x_5 * x_4;
+            zz_8 &= M;
+            zz_10 += zz_9 >>> 32;
+            zz_9 &= M;
+        }
+
+        long x_6 = x[xOff + 6] & M;
+        long zz_11 = zz[zzOff + 11] & M;
+        long zz_12 = zz[zzOff + 12] & M;
+        {
+            zz_6 += x_6 * x_0;
+            w = (int)zz_6;
+            zz[zzOff + 6] = (w << 1) | c;
+            c = w >>> 31;
+            zz_7 += (zz_6 >>> 32) + x_6 * x_1;
+            zz_8 += (zz_7 >>> 32) + x_6 * x_2;
+            zz_7 &= M;
+            zz_9 += (zz_8 >>> 32) + x_6 * x_3;
+            zz_8 &= M;
+            zz_10 += (zz_9 >>> 32) + x_6 * x_4;
+            zz_9 &= M;
+            zz_11 += (zz_10 >>> 32) + x_6 * x_5;
+            zz_10 &= M;
+            zz_12 += zz_11 >>> 32;
+            zz_11 &= M;
+        }
+
+        long x_7 = x[xOff + 7] & M;
+        long zz_13 = zz[zzOff + 13] & M;
+        long zz_14 = zz[zzOff + 14] & M;
+        {
+            zz_7 += x_7 * x_0;
+            w = (int)zz_7;
+            zz[zzOff + 7] = (w << 1) | c;
+            c = w >>> 31;
+            zz_8 += (zz_7 >>> 32) + x_7 * x_1;
+            zz_9 += (zz_8 >>> 32) + x_7 * x_2;
+            zz_10 += (zz_9 >>> 32) + x_7 * x_3;
+            zz_11 += (zz_10 >>> 32) + x_7 * x_4;
+            zz_12 += (zz_11 >>> 32) + x_7 * x_5;
+            zz_13 += (zz_12 >>> 32) + x_7 * x_6;
+            zz_14 += zz_13 >>> 32;
+        }
+
+        w = (int)zz_8;
+        zz[zzOff + 8] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_9;
+        zz[zzOff + 9] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_10;
+        zz[zzOff + 10] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_11;
+        zz[zzOff + 11] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_12;
+        zz[zzOff + 12] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_13;
+        zz[zzOff + 13] = (w << 1) | c;
+        c = w >>> 31;
+        w = (int)zz_14;
+        zz[zzOff + 14] = (w << 1) | c;
+        c = w >>> 31;
+        w = zz[zzOff + 15] + (int)(zz_14 >> 32);
+        zz[zzOff + 15] = (w << 1) | c;
+    }
+
+    public static int sub(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (x[0] & M) - (y[0] & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (x[1] & M) - (y[1] & M);
+        z[1] = (int)c;
+        c >>= 32;
+        c += (x[2] & M) - (y[2] & M);
+        z[2] = (int)c;
+        c >>= 32;
+        c += (x[3] & M) - (y[3] & M);
+        z[3] = (int)c;
+        c >>= 32;
+        c += (x[4] & M) - (y[4] & M);
+        z[4] = (int)c;
+        c >>= 32;
+        c += (x[5] & M) - (y[5] & M);
+        z[5] = (int)c;
+        c >>= 32;
+        c += (x[6] & M) - (y[6] & M);
+        z[6] = (int)c;
+        c >>= 32;
+        c += (x[7] & M) - (y[7] & M);
+        z[7] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int sub(int[] x, int xOff, int[] y, int yOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (x[xOff + 0] & M) - (y[yOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 1] & M) - (y[yOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 2] & M) - (y[yOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 3] & M) - (y[yOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 4] & M) - (y[yOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 5] & M) - (y[yOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 6] & M) - (y[yOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>= 32;
+        c += (x[xOff + 7] & M) - (y[yOff + 7] & M);
+        z[zOff + 7] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int subBothFrom(int[] x, int[] y, int[] z)
+    {
+        long c = 0;
+        c += (z[0] & M) - (x[0] & M) - (y[0] & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) - (x[1] & M) - (y[1] & M);
+        z[1] = (int)c;
+        c >>= 32;
+        c += (z[2] & M) - (x[2] & M) - (y[2] & M);
+        z[2] = (int)c;
+        c >>= 32;
+        c += (z[3] & M) - (x[3] & M) - (y[3] & M);
+        z[3] = (int)c;
+        c >>= 32;
+        c += (z[4] & M) - (x[4] & M) - (y[4] & M);
+        z[4] = (int)c;
+        c >>= 32;
+        c += (z[5] & M) - (x[5] & M) - (y[5] & M);
+        z[5] = (int)c;
+        c >>= 32;
+        c += (z[6] & M) - (x[6] & M) - (y[6] & M);
+        z[6] = (int)c;
+        c >>= 32;
+        c += (z[7] & M) - (x[7] & M) - (y[7] & M);
+        z[7] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int subFrom(int[] x, int[] z)
+    {
+        long c = 0;
+        c += (z[0] & M) - (x[0] & M);
+        z[0] = (int)c;
+        c >>= 32;
+        c += (z[1] & M) - (x[1] & M);
+        z[1] = (int)c;
+        c >>= 32;
+        c += (z[2] & M) - (x[2] & M);
+        z[2] = (int)c;
+        c >>= 32;
+        c += (z[3] & M) - (x[3] & M);
+        z[3] = (int)c;
+        c >>= 32;
+        c += (z[4] & M) - (x[4] & M);
+        z[4] = (int)c;
+        c >>= 32;
+        c += (z[5] & M) - (x[5] & M);
+        z[5] = (int)c;
+        c >>= 32;
+        c += (z[6] & M) - (x[6] & M);
+        z[6] = (int)c;
+        c >>= 32;
+        c += (z[7] & M) - (x[7] & M);
+        z[7] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static int subFrom(int[] x, int xOff, int[] z, int zOff)
+    {
+        long c = 0;
+        c += (z[zOff + 0] & M) - (x[xOff + 0] & M);
+        z[zOff + 0] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 1] & M) - (x[xOff + 1] & M);
+        z[zOff + 1] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 2] & M) - (x[xOff + 2] & M);
+        z[zOff + 2] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 3] & M) - (x[xOff + 3] & M);
+        z[zOff + 3] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 4] & M) - (x[xOff + 4] & M);
+        z[zOff + 4] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 5] & M) - (x[xOff + 5] & M);
+        z[zOff + 5] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 6] & M) - (x[xOff + 6] & M);
+        z[zOff + 6] = (int)c;
+        c >>= 32;
+        c += (z[zOff + 7] & M) - (x[xOff + 7] & M);
+        z[zOff + 7] = (int)c;
+        c >>= 32;
+        return (int)c;
+    }
+
+    public static BigInteger toBigInteger(int[] x)
+    {
+        byte[] bs = new byte[32];
+        for (int i = 0; i < 8; ++i)
+        {
+            int x_i = x[i];
+            if (x_i != 0)
+            {
+                Pack.intToBigEndian(x_i, bs, (7 - i) << 2);
+            }
+        }
+        return new BigInteger(1, bs);
+    }
+
+    public static void zero(int[] z)
+    {
+        z[0] = 0;
+        z[1] = 0;
+        z[2] = 0;
+        z[3] = 0;
+        z[4] = 0;
+        z[5] = 0;
+        z[6] = 0;
+        z[7] = 0;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/raw/Nat384.java b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat384.java
new file mode 100644
index 0000000..889550e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat384.java
@@ -0,0 +1,43 @@
+package org.bouncycastle.math.raw;
+
+
+public abstract class Nat384
+{
+    public static void mul(int[] x, int[] y, int[] zz)
+    {
+        Nat192.mul(x, y, zz);
+        Nat192.mul(x, 6, y, 6, zz, 12);
+
+        int c18 = Nat192.addToEachOther(zz, 6, zz, 12);
+        int c12 = c18 + Nat192.addTo(zz, 0, zz, 6, 0);
+        c18 += Nat192.addTo(zz, 18, zz, 12, c12);
+
+        int[] dx = Nat192.create(), dy = Nat192.create();
+        boolean neg = Nat192.diff(x, 6, x, 0, dx, 0) != Nat192.diff(y, 6, y, 0, dy, 0);
+
+        int[] tt = Nat192.createExt();
+        Nat192.mul(dx, dy, tt);
+
+        c18 += neg ? Nat.addTo(12, tt, 0, zz, 6) : Nat.subFrom(12, tt, 0, zz, 6);
+        Nat.addWordAt(24, c18, zz, 18); 
+    }
+
+    public static void square(int[] x, int[] zz)
+    {
+        Nat192.square(x, zz);
+        Nat192.square(x, 6, zz, 12);
+
+        int c18 = Nat192.addToEachOther(zz, 6, zz, 12);
+        int c12 = c18 + Nat192.addTo(zz, 0, zz, 6, 0);
+        c18 += Nat192.addTo(zz, 18, zz, 12, c12);
+
+        int[] dx = Nat192.create();
+        Nat192.diff(x, 6, x, 0, dx, 0);
+
+        int[] tt = Nat192.createExt();
+        Nat192.square(dx, tt);
+
+        c18 += Nat.subFrom(12, tt, 0, zz, 6);
+        Nat.addWordAt(24, c18, zz, 18); 
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/raw/Nat512.java b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat512.java
new file mode 100644
index 0000000..594e8f5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/raw/Nat512.java
@@ -0,0 +1,43 @@
+package org.bouncycastle.math.raw;
+
+
+public abstract class Nat512
+{
+    public static void mul(int[] x, int[] y, int[] zz)
+    {
+        Nat256.mul(x, y, zz);
+        Nat256.mul(x, 8, y, 8, zz, 16);
+
+        int c24 = Nat256.addToEachOther(zz, 8, zz, 16);
+        int c16 = c24 + Nat256.addTo(zz, 0, zz, 8, 0);
+        c24 += Nat256.addTo(zz, 24, zz, 16, c16);
+
+        int[] dx = Nat256.create(), dy = Nat256.create();
+        boolean neg = Nat256.diff(x, 8, x, 0, dx, 0) != Nat256.diff(y, 8, y, 0, dy, 0);
+
+        int[] tt = Nat256.createExt();
+        Nat256.mul(dx, dy, tt);
+
+        c24 += neg ? Nat.addTo(16, tt, 0, zz, 8) : Nat.subFrom(16, tt, 0, zz, 8);
+        Nat.addWordAt(32, c24, zz, 24); 
+    }
+
+    public static void square(int[] x, int[] zz)
+    {
+        Nat256.square(x, zz);
+        Nat256.square(x, 8, zz, 16);
+
+        int c24 = Nat256.addToEachOther(zz, 8, zz, 16);
+        int c16 = c24 + Nat256.addTo(zz, 0, zz, 8, 0);
+        c24 += Nat256.addTo(zz, 24, zz, 16, c16);
+
+        int[] dx = Nat256.create();
+        Nat256.diff(x, 8, x, 0, dx, 0);
+
+        int[] tt = Nat256.createExt();
+        Nat256.square(dx, tt);
+
+        c24 += Nat.subFrom(16, tt, 0, zz, 8);
+        Nat.addWordAt(32, c24, zz, 24); 
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/math/raw/package.html b/bcprov/src/main/java/org/bouncycastle/math/raw/package.html
new file mode 100644
index 0000000..061958b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/math/raw/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Math support for raw multi-precision calculations.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java b/bcprov/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java
deleted file mode 100644
index b113e2f..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java
+++ /dev/null
@@ -1,366 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.X509Certificate;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
-import org.bouncycastle.asn1.ocsp.ResponseData;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-/**
- * <pre>
- * BasicOCSPResponse       ::= SEQUENCE {
- *    tbsResponseData      ResponseData,
- *    signatureAlgorithm   AlgorithmIdentifier,
- *    signature            BIT STRING,
- *    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- * </pre>
- *
- * @deprecated use classes in org.bouncycastle.cert.ocsp.
- */
-public class BasicOCSPResp
-    implements java.security.cert.X509Extension
-{
-    BasicOCSPResponse   resp;
-    ResponseData        data;
-    X509Certificate[]   chain = null;
-
-    public BasicOCSPResp(
-        BasicOCSPResponse   resp)
-    {
-        this.resp = resp;
-        this.data = resp.getTbsResponseData();
-    }
-
-    /**
-     * Return the DER encoding of the tbsResponseData field.
-     * @return DER encoding of tbsResponseData
-     * @throws OCSPException in the event of an encoding error.
-     */
-    public byte[] getTBSResponseData()
-        throws OCSPException
-    {
-        try
-        {
-            return resp.getTbsResponseData().getEncoded();
-        }
-        catch (IOException e)
-        {
-            throw new OCSPException("problem encoding tbsResponseData", e);
-        }
-    }
-    
-    public int getVersion()
-    {
-        return data.getVersion().getValue().intValue() + 1;
-    }
-
-    public RespID getResponderId()
-    {
-        return new RespID(data.getResponderID());
-    }
-
-    public Date getProducedAt()
-    {
-        try
-        {
-            return data.getProducedAt().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException:" + e.getMessage());
-        }
-    }
-
-    public SingleResp[] getResponses()
-    {
-        ASN1Sequence    s = data.getResponses();
-        SingleResp[]    rs = new SingleResp[s.size()];
-
-        for (int i = 0; i != rs.length; i++)
-        {
-            rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i)));
-        }
-
-        return rs;
-    }
-
-    public X509Extensions getResponseExtensions()
-    {
-        return X509Extensions.getInstance(data.getResponseExtensions());
-    }
-    
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        if (extns != null && !extns.isEmpty())
-        {
-            return true;
-        }
-
-        return false;
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getResponseExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getResponseExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encoding.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-
-    public String getSignatureAlgName()
-    {
-        return OCSPUtil.getAlgorithmName(resp.getSignatureAlgorithm().getObjectId());
-    }
-
-    public String getSignatureAlgOID()
-    {
-        return resp.getSignatureAlgorithm().getObjectId().getId();
-    }
-
-    /**
-     * @deprecated RespData class is no longer required as all functionality is
-     * available on this class.
-     * @return the RespData object
-     */
-    public RespData getResponseData()
-    {
-        return new RespData(resp.getTbsResponseData());
-    }
-
-    public byte[] getSignature()
-    {
-        return resp.getSignature().getBytes();
-    }
-
-    private List getCertList(
-        String provider) 
-        throws OCSPException, NoSuchProviderException
-    {
-        List                    certs = new ArrayList();
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-        CertificateFactory      cf;
-
-        try
-        {
-            cf = OCSPUtil.createX509CertificateFactory(provider);
-        }
-        catch (CertificateException ex)
-        {
-            throw new OCSPException("can't get certificate factory.", ex);
-        }
-
-        //
-        // load the certificates and revocation lists if we have any
-        //
-        ASN1Sequence s = resp.getCerts();
-
-        if (s != null)
-        {
-            Enumeration e = s.getObjects();
-
-            while (e.hasMoreElements())
-            {
-                try
-                {
-                    aOut.writeObject((ASN1Encodable)e.nextElement());
-
-                    certs.add(cf.generateCertificate(
-                        new ByteArrayInputStream(bOut.toByteArray())));
-                }
-                catch (IOException ex)
-                {
-                    throw new OCSPException(
-                            "can't re-encode certificate!", ex);
-                }
-                catch (CertificateException ex)
-                {
-                    throw new OCSPException(
-                            "can't re-encode certificate!", ex);
-                }
-
-                bOut.reset();
-            }
-        }
-        
-        return certs;
-    }
-    
-    public X509Certificate[] getCerts(
-        String  provider)
-        throws OCSPException, NoSuchProviderException
-    {
-        List                    certs = getCertList(provider);
-            
-        return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]);
-    }
-
-    /**
-     * Return the certificates, if any associated with the response.
-     * @param type type of CertStore to create
-     * @param provider provider to use
-     * @return a CertStore, possibly empty
-     * @throws NoSuchAlgorithmException
-     * @throws NoSuchProviderException
-     * @throws OCSPException
-     */
-    public CertStore getCertificates(
-        String type,
-        String provider) 
-        throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
-    {
-        try
-        {
-            CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
-            return OCSPUtil.createCertStoreInstance(type, params, provider);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new OCSPException("can't setup the CertStore", e);
-        }
-    }
-    
-    /**
-     * verify the signature against the tbsResponseData object we contain.
-     */
-    public boolean verify(
-        PublicKey   key,
-        String      sigProvider)
-        throws OCSPException, NoSuchProviderException
-    {
-        try
-        {
-            Signature signature = OCSPUtil.createSignatureInstance(this.getSignatureAlgName(), sigProvider);
-
-            signature.initVerify(key);
-
-            signature.update(resp.getTbsResponseData().getEncoded(ASN1Encoding.DER));
-
-            return signature.verify(this.getSignature());
-        }
-        catch (NoSuchProviderException e)
-        {
-            // TODO Why this special case?
-            throw e;
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("exception processing sig: " + e, e);
-        }
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return resp.getEncoded();
-    }
-    
-    public boolean equals(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-        
-        if (!(o instanceof BasicOCSPResp))
-        {
-            return false;
-        }
-        
-        BasicOCSPResp r = (BasicOCSPResp)o;
-        
-        return resp.equals(r.resp);
-    }
-    
-    public int hashCode()
-    {
-        return resp.hashCode();
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java b/bcprov/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java
deleted file mode 100644
index 841c0c3..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java
+++ /dev/null
@@ -1,344 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1GeneralizedTime;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
-import org.bouncycastle.asn1.ocsp.CertStatus;
-import org.bouncycastle.asn1.ocsp.ResponseData;
-import org.bouncycastle.asn1.ocsp.RevokedInfo;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-/**
- * Generator for basic OCSP response objects.
- *
- * @deprecated use classes in org.bouncycastle.cert.ocsp.
- */
-public class BasicOCSPRespGenerator
-{
-    private List            list = new ArrayList();
-    private X509Extensions  responseExtensions = null;
-    private RespID          responderID;
-
-    private class ResponseObject
-    {
-        CertificateID         certId;
-        CertStatus            certStatus;
-        DERGeneralizedTime    thisUpdate;
-        DERGeneralizedTime    nextUpdate;
-        X509Extensions        extensions;
-
-        public ResponseObject(
-            CertificateID     certId,
-            CertificateStatus certStatus,
-            Date              thisUpdate,
-            Date              nextUpdate,
-            X509Extensions    extensions)
-        {
-            this.certId = certId;
-
-            if (certStatus == null)
-            {
-                this.certStatus = new CertStatus();
-            }
-            else if (certStatus instanceof UnknownStatus)
-            {
-                this.certStatus = new CertStatus(2, DERNull.INSTANCE);
-            }
-            else 
-            {
-                RevokedStatus rs = (RevokedStatus)certStatus;
-                
-                if (rs.hasRevocationReason())
-                {
-                    this.certStatus = new CertStatus(
-                                            new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), CRLReason.lookup(rs.getRevocationReason())));
-                }
-                else
-                {
-                    this.certStatus = new CertStatus(
-                                            new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), null));
-                }
-            }
-
-            this.thisUpdate = new DERGeneralizedTime(thisUpdate);
-            
-            if (nextUpdate != null)
-            {
-                this.nextUpdate = new DERGeneralizedTime(nextUpdate);
-            }
-            else
-            {
-                this.nextUpdate = null;
-            }
-
-            this.extensions = extensions;
-        }
-
-        public SingleResponse toResponse()
-            throws Exception
-        {
-            return new SingleResponse(certId.toASN1Object(), certStatus, thisUpdate, nextUpdate, extensions);
-        }
-    }
-
-    /**
-     * basic constructor
-     */
-    public BasicOCSPRespGenerator(
-        RespID  responderID)
-    {
-        this.responderID = responderID;
-    }
-
-    /**
-     * construct with the responderID to be the SHA-1 keyHash of the passed in public key.
-     */
-    public BasicOCSPRespGenerator(
-        PublicKey       key)
-        throws OCSPException
-    {
-        this.responderID = new RespID(key);
-    }
-
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param certStatus status of the certificate - null if okay
-     */
-    public void addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus)
-    {
-        list.add(new ResponseObject(certID, certStatus, new Date(), null, null));
-    }
-
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param certStatus status of the certificate - null if okay
-     * @param singleExtensions optional extensions
-     */
-    public void addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus,
-        X509Extensions      singleExtensions)
-    {
-        list.add(new ResponseObject(certID, certStatus, new Date(), null, singleExtensions));
-    }
-    
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param nextUpdate date when next update should be requested
-     * @param certStatus status of the certificate - null if okay
-     * @param singleExtensions optional extensions
-     */
-    public void addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus,
-        Date                nextUpdate,
-        X509Extensions      singleExtensions)
-    {
-        list.add(new ResponseObject(certID, certStatus, new Date(), nextUpdate, singleExtensions));
-    }
-    
-    /**
-     * Add a response for a particular Certificate ID.
-     * 
-     * @param certID certificate ID details
-     * @param thisUpdate date this response was valid on
-     * @param nextUpdate date when next update should be requested
-     * @param certStatus status of the certificate - null if okay
-     * @param singleExtensions optional extensions
-     */
-    public void addResponse(
-        CertificateID       certID,
-        CertificateStatus   certStatus,
-        Date                thisUpdate,
-        Date                nextUpdate,
-        X509Extensions      singleExtensions)
-    {
-        list.add(new ResponseObject(certID, certStatus, thisUpdate, nextUpdate, singleExtensions));
-    }
-    
-    /**
-     * Set the extensions for the response.
-     * 
-     * @param responseExtensions the extension object to carry.
-     */
-    public void setResponseExtensions(
-        X509Extensions  responseExtensions)
-    {
-        this.responseExtensions = responseExtensions;
-    }
-
-    private BasicOCSPResp generateResponse(
-        String              signatureName,
-        PrivateKey          key,
-        X509Certificate[]   chain,
-        Date                producedAt,
-        String              provider,
-        SecureRandom        random)
-        throws OCSPException, NoSuchProviderException
-    {
-        Iterator    it = list.iterator();
-        DERObjectIdentifier signingAlgorithm;
-
-        try
-        {
-            signingAlgorithm = OCSPUtil.getAlgorithmOID(signatureName);
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("unknown signing algorithm specified");
-        }
-
-        ASN1EncodableVector responses = new ASN1EncodableVector();
-
-        while (it.hasNext())
-        {
-            try
-            {
-                responses.add(((ResponseObject)it.next()).toResponse());
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("exception creating Request", e);
-            }
-        }
-
-        ResponseData  tbsResp = new ResponseData(responderID.toASN1Object(), new DERGeneralizedTime(producedAt), new DERSequence(responses), responseExtensions);
-
-        Signature sig = null;
-
-        try
-        {
-            sig = OCSPUtil.createSignatureInstance(signatureName, provider);
-            if (random != null)
-            {
-                sig.initSign(key, random);
-            }
-            else
-            {
-                sig.initSign(key);
-            }
-        }
-        catch (NoSuchProviderException e)
-        {
-            // TODO Why this special case?
-            throw e;
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new OCSPException("exception creating signature: " + e, e);
-        }
-
-        DERBitString    bitSig = null;
-
-        try
-        {
-            sig.update(tbsResp.getEncoded(ASN1Encoding.DER));
-
-            bitSig = new DERBitString(sig.sign());
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("exception processing TBSRequest: " + e, e);
-        }
-
-        AlgorithmIdentifier sigAlgId = OCSPUtil.getSigAlgID(signingAlgorithm);
-
-        DERSequence chainSeq = null;
-        if (chain != null && chain.length > 0)
-        {
-            ASN1EncodableVector v = new ASN1EncodableVector();
-            try
-            {
-                for (int i = 0; i != chain.length; i++)
-                {
-                    v.add(new X509CertificateStructure(
-                        (ASN1Sequence)ASN1Primitive.fromByteArray(chain[i].getEncoded())));
-                }
-            }
-            catch (IOException e)
-            {
-                throw new OCSPException("error processing certs", e);
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new OCSPException("error encoding certs", e);
-            }
-
-            chainSeq = new DERSequence(v);
-        }
-
-        return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq));
-    }
-    
-    public BasicOCSPResp generate(
-        String             signingAlgorithm,
-        PrivateKey         key,
-        X509Certificate[]  chain,
-        Date               thisUpdate,
-        String             provider)
-        throws OCSPException, NoSuchProviderException, IllegalArgumentException
-    {
-        return generate(signingAlgorithm, key, chain, thisUpdate, provider, null);
-    }
-
-    public BasicOCSPResp generate(
-        String             signingAlgorithm,
-        PrivateKey         key,
-        X509Certificate[]  chain,
-        Date               producedAt,
-        String             provider,
-        SecureRandom       random)
-        throws OCSPException, NoSuchProviderException, IllegalArgumentException
-    {
-        if (signingAlgorithm == null)
-        {
-            throw new IllegalArgumentException("no signing algorithm specified");
-        }
-
-        return generateResponse(signingAlgorithm, key, chain, producedAt, provider, random);
-    }
-    
-    /**
-     * Return an iterator of the signature names supported by the generator.
-     * 
-     * @return an iterator containing recognised names.
-     */
-    public Iterator getSignatureAlgNames()
-    {
-        return OCSPUtil.getAlgNames();
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/CertificateID.java b/bcprov/src/main/java/org/bouncycastle/ocsp/CertificateID.java
deleted file mode 100644
index afba340..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/CertificateID.java
+++ /dev/null
@@ -1,170 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.CertID;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-
-public class CertificateID
-{
-    public static final String HASH_SHA1 = "1.3.14.3.2.26";
-
-    private final CertID id;
-
-    public CertificateID(
-        CertID id)
-    {
-        if (id == null)
-        {
-            throw new IllegalArgumentException("'id' cannot be null");
-        }
-        this.id = id;
-    }
-
-    /**
-     * create from an issuer certificate and the serial number of the
-     * certificate it signed.
-     *
-     * @param hashAlgorithm hash algorithm to use
-     * @param issuerCert issuing certificate
-     * @param number serial number
-     * @param provider provider to use for hashAlgorithm, null if the default one should be used.
-     *
-     * @exception OCSPException if any problems occur creating the id fields.
-     */
-    public CertificateID(
-        String          hashAlgorithm,
-        X509Certificate issuerCert,
-        BigInteger      number,
-        String          provider)
-        throws OCSPException
-    {
-        AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(
-            new DERObjectIdentifier(hashAlgorithm), DERNull.INSTANCE);
-
-        this.id = createCertID(hashAlg, issuerCert, new ASN1Integer(number), provider);
-    }
-
-    /**
-     * create using the BC provider
-     */
-    public CertificateID(
-        String          hashAlgorithm,
-        X509Certificate issuerCert,
-        BigInteger      number)
-        throws OCSPException
-    {
-        this(hashAlgorithm, issuerCert, number, "BC");
-    }
-
-    public String getHashAlgOID()
-    {
-        return id.getHashAlgorithm().getObjectId().getId();
-    }
-
-    public byte[] getIssuerNameHash()
-    {
-        return id.getIssuerNameHash().getOctets();
-    }
-
-    public byte[] getIssuerKeyHash()
-    {
-        return id.getIssuerKeyHash().getOctets();
-    }
-
-    /**
-     * return the serial number for the certificate associated
-     * with this request.
-     */
-    public BigInteger getSerialNumber()
-    {
-        return id.getSerialNumber().getValue();
-    }
-
-    public boolean matchesIssuer(X509Certificate issuerCert, String provider)
-        throws OCSPException
-    {
-        return createCertID(id.getHashAlgorithm(), issuerCert, id.getSerialNumber(), provider)
-            .equals(id);
-    }
-
-    public CertID toASN1Object()
-    {
-        return id;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof CertificateID))
-        {
-            return false;
-        }
-
-        CertificateID   obj = (CertificateID)o;
-
-        return id.toASN1Primitive().equals(obj.id.toASN1Primitive());
-    }
-
-    public int hashCode()
-    {
-        return id.toASN1Primitive().hashCode();
-    }
-
-    /**
-     * Create a new CertificateID for a new serial number derived from a previous one
-     * calculated for the same CA certificate.
-     *
-     * @param original the previously calculated CertificateID for the CA.
-     * @param newSerialNumber the serial number for the new certificate of interest.
-     *
-     * @return a new CertificateID for newSerialNumber
-     */
-    public static CertificateID deriveCertificateID(CertificateID original, BigInteger newSerialNumber)
-    {
-        return new CertificateID(new CertID(original.id.getHashAlgorithm(), original.id.getIssuerNameHash(), original.id.getIssuerKeyHash(), new ASN1Integer(newSerialNumber)));
-    }
-
-    private static CertID createCertID(AlgorithmIdentifier hashAlg, X509Certificate issuerCert,
-        ASN1Integer serialNumber, String provider)
-        throws OCSPException
-    {
-        try
-        {
-            MessageDigest digest = OCSPUtil.createDigestInstance(hashAlg.getAlgorithm() .getId(),
-                provider);
-
-            X509Principal issuerName = PrincipalUtil.getSubjectX509Principal(issuerCert);
-
-            digest.update(issuerName.getEncoded());
-
-            ASN1OctetString issuerNameHash = new DEROctetString(digest.digest());
-            PublicKey issuerKey = issuerCert.getPublicKey();
-
-            ASN1InputStream aIn = new ASN1InputStream(issuerKey.getEncoded());
-            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
-
-            digest.update(info.getPublicKeyData().getBytes());
-
-            ASN1OctetString issuerKeyHash = new DEROctetString(digest.digest());
-
-            return new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber);
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("problem creating ID: " + e, e);
-        }
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java b/bcprov/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java
deleted file mode 100644
index 992ca55..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java
+++ /dev/null
@@ -1,6 +0,0 @@
-package org.bouncycastle.ocsp;
-
-public interface CertificateStatus
-{
-    public static final CertificateStatus GOOD = null;
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPException.java b/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPException.java
deleted file mode 100644
index d354a31..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.ocsp;
-
-public class OCSPException
-    extends Exception
-{
-    Exception   e;
-
-    public OCSPException(
-        String name)
-    {
-        super(name);
-    }
-
-    public OCSPException(
-        String name,
-        Exception e)
-    {
-        super(name);
-
-        this.e = e;
-    }
-
-    public Exception getUnderlyingException()
-    {
-        return e;
-    }
-
-    public Throwable getCause()
-    {
-        return e;
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPReq.java b/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPReq.java
deleted file mode 100644
index 7e50621..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPReq.java
+++ /dev/null
@@ -1,417 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ocsp.OCSPRequest;
-import org.bouncycastle.asn1.ocsp.Request;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-/**
- * <pre>
- * OCSPRequest     ::=     SEQUENCE {
- *       tbsRequest                  TBSRequest,
- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
- *
- *   TBSRequest      ::=     SEQUENCE {
- *       version             [0]     EXPLICIT Version DEFAULT v1,
- *       requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
- *       requestList                 SEQUENCE OF Request,
- *       requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
- *
- *   Signature       ::=     SEQUENCE {
- *       signatureAlgorithm      AlgorithmIdentifier,
- *       signature               BIT STRING,
- *       certs               [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
- *
- *   Version         ::=             INTEGER  {  v1(0) }
- *
- *   Request         ::=     SEQUENCE {
- *       reqCert                     CertID,
- *       singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
- *
- *   CertID          ::=     SEQUENCE {
- *       hashAlgorithm       AlgorithmIdentifier,
- *       issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
- *       issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
- *       serialNumber        CertificateSerialNumber }
- * </pre>
- *
- * @deprecated use classes in org.bouncycastle.cert.ocsp.
- */
-public class OCSPReq
-    implements java.security.cert.X509Extension
-{
-    private OCSPRequest       req;
-
-    public OCSPReq(
-        OCSPRequest req)
-    {
-        this.req = req;
-    }
-    
-    public OCSPReq(
-        byte[]          req)
-        throws IOException
-    {
-        this(new ASN1InputStream(req));
-    }
-
-    public OCSPReq(
-        InputStream     in)
-        throws IOException
-    {
-        this(new ASN1InputStream(in));
-    }
-
-    private OCSPReq(
-        ASN1InputStream aIn) 
-        throws IOException
-    {
-        try
-        {
-            this.req = OCSPRequest.getInstance(aIn.readObject());
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IOException("malformed request: " + e.getMessage());
-        }
-        catch (ClassCastException e)
-        {
-            throw new IOException("malformed request: " + e.getMessage());
-        }
-    }
-
-    /**
-     * Return the DER encoding of the tbsRequest field.
-     * @return DER encoding of tbsRequest
-     * @throws OCSPException in the event of an encoding error.
-     */
-    public byte[] getTBSRequest()
-        throws OCSPException
-    {
-        try
-        {
-            return req.getTbsRequest().getEncoded();
-        }
-        catch (IOException e)
-        {
-            throw new OCSPException("problem encoding tbsRequest", e);
-        }
-    }
-    
-    public int getVersion()
-    {
-        return req.getTbsRequest().getVersion().getValue().intValue() + 1;
-    }
-    
-    public GeneralName getRequestorName()
-    {
-        return GeneralName.getInstance(req.getTbsRequest().getRequestorName());
-    }
-
-    public Req[] getRequestList()
-    {
-        ASN1Sequence    seq = req.getTbsRequest().getRequestList();
-        Req[]           requests = new Req[seq.size()];
-
-        for (int i = 0; i != requests.length; i++)
-        {
-            requests[i] = new Req(Request.getInstance(seq.getObjectAt(i)));
-        }
-
-        return requests;
-    }
-
-    public X509Extensions getRequestExtensions()
-    {
-        return X509Extensions.getInstance(req.getTbsRequest().getRequestExtensions());
-    }
-
-    /**
-     * return the object identifier representing the signature algorithm
-     */
-    public String getSignatureAlgOID()
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-
-        return req.getOptionalSignature().getSignatureAlgorithm().getObjectId().getId();
-    }
-
-    public byte[] getSignature()
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-
-        return req.getOptionalSignature().getSignature().getBytes();
-    }
-    
-    private List getCertList(
-        String provider) 
-        throws OCSPException, NoSuchProviderException
-    {
-        List                  certs = new ArrayList();
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        ASN1OutputStream      aOut = new ASN1OutputStream(bOut);
-        CertificateFactory    cf;
-
-        try
-        {
-            cf = OCSPUtil.createX509CertificateFactory(provider);
-        }
-        catch (CertificateException ex)
-        {
-            throw new OCSPException("can't get certificate factory.", ex);
-        }
-
-        //
-        // load the certificates if we have any
-        //
-        ASN1Sequence s = req.getOptionalSignature().getCerts();
-
-        if (s != null)
-        {
-            Enumeration e = s.getObjects();
-
-            while (e.hasMoreElements())
-            {
-                try
-                {
-                    aOut.writeObject((ASN1Encodable)e.nextElement());
-
-                    certs.add(cf.generateCertificate(
-                        new ByteArrayInputStream(bOut.toByteArray())));
-                }
-                catch (IOException ex)
-                {
-                    throw new OCSPException(
-                            "can't re-encode certificate!", ex);
-                }
-                catch (CertificateException ex)
-                {
-                    throw new OCSPException(
-                            "can't re-encode certificate!", ex);
-                }
-
-                bOut.reset();
-            }
-        }
-        
-        return certs;
-    }
-    
-    public X509Certificate[] getCerts(
-        String  provider)
-        throws OCSPException, NoSuchProviderException
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-    
-        List         certs = this.getCertList(provider);
-        
-        return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]);
-    }
-    
-    /**
-     * If the request is signed return a possibly empty CertStore containing the certificates in the
-     * request. If the request is not signed the method returns null.
-     * 
-     * @param type type of CertStore to return
-     * @param provider provider to use
-     * @return null if not signed, a CertStore otherwise
-     * @throws NoSuchAlgorithmException
-     * @throws NoSuchProviderException
-     * @throws OCSPException
-     */
-    public CertStore getCertificates(
-        String type,
-        String provider) 
-        throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException
-    {
-        if (!this.isSigned())
-        {
-            return null;
-        }
-        
-        try
-        {
-            CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider));
-            return OCSPUtil.createCertStoreInstance(type, params, provider);
-        }
-        catch (InvalidAlgorithmParameterException e)
-        {
-            throw new OCSPException("can't setup the CertStore", e);
-        }
-    }
-    
-    /**
-     * Return whether or not this request is signed.
-     * 
-     * @return true if signed false otherwise.
-     */
-    public boolean isSigned()
-    {
-        return req.getOptionalSignature() != null;
-    }
-
-    /**
-     * verify the signature against the TBSRequest object we contain.
-     */
-    public boolean verify(
-        PublicKey   key,
-        String      sigProvider)
-        throws OCSPException, NoSuchProviderException
-    {
-        if (!this.isSigned())
-        {
-            throw new OCSPException("attempt to verify signature on unsigned object");
-        }
-
-        try
-        {
-            Signature signature = OCSPUtil.createSignatureInstance(this.getSignatureAlgOID(), sigProvider);
-
-            signature.initVerify(key);
-
-            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-            aOut.writeObject(req.getTbsRequest());
-
-            signature.update(bOut.toByteArray());
-
-            return signature.verify(this.getSignature());
-        }
-        catch (NoSuchProviderException e)
-        {
-            // TODO Why this special case?
-            throw e;
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("exception processing sig: " + e, e);
-        }
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-        aOut.writeObject(req);
-
-        return bOut.toByteArray();
-    }
-
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        if (extns != null && !extns.isEmpty())
-        {
-            return true;
-        }
-
-        return false;
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getRequestExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getRequestExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new ASN1ObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encoding.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java b/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java
deleted file mode 100644
index 7de59cf..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java
+++ /dev/null
@@ -1,294 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.ocsp.OCSPRequest;
-import org.bouncycastle.asn1.ocsp.Request;
-import org.bouncycastle.asn1.ocsp.Signature;
-import org.bouncycastle.asn1.ocsp.TBSRequest;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.Extensions;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509Principal;
-
-/**
- * @deprecated use classes in org.bouncycastle.cert.ocsp.
- */
-public class OCSPReqGenerator
-{
-    private List            list = new ArrayList();
-    private GeneralName     requestorName = null;
-    private X509Extensions  requestExtensions = null;
-
-    private class RequestObject
-    {
-        CertificateID   certId;
-        X509Extensions  extensions;
-
-        public RequestObject(
-            CertificateID   certId,
-            X509Extensions  extensions)
-        {
-            this.certId = certId;
-            this.extensions = extensions;
-        }
-
-        public Request toRequest()
-            throws Exception
-        {
-            return new Request(certId.toASN1Object(), Extensions.getInstance(extensions));
-        }
-    }
-
-    /**
-     * Add a request for the given CertificateID.
-     * 
-     * @param certId certificate ID of interest
-     */
-    public void addRequest(
-        CertificateID   certId)
-    {
-        list.add(new RequestObject(certId, null));
-    }
-
-    /**
-     * Add a request with extensions
-     * 
-     * @param certId certificate ID of interest
-     * @param singleRequestExtensions the extensions to attach to the request
-     */
-    public void addRequest(
-        CertificateID   certId,
-        X509Extensions  singleRequestExtensions)
-    {
-        list.add(new RequestObject(certId, singleRequestExtensions));
-    }
-
-    /**
-     * Set the requestor name to the passed in X500Principal
-     * 
-     * @param requestorName a X500Principal representing the requestor name.
-     */
-    public void setRequestorName(
-        X500Principal        requestorName)
-    {
-        try
-        {
-            this.requestorName = new GeneralName(GeneralName.directoryName, new X509Principal(requestorName.getEncoded()));
-        }
-        catch (IOException e)
-        {
-            throw new IllegalArgumentException("cannot encode principal: " + e);
-        }
-    }
-
-    public void setRequestorName(
-        GeneralName         requestorName)
-    {
-        this.requestorName = requestorName;
-    }
-    
-    public void setRequestExtensions(
-        X509Extensions      requestExtensions)
-    {
-        this.requestExtensions = requestExtensions;
-    }
-
-    private OCSPReq generateRequest(
-        DERObjectIdentifier signingAlgorithm,
-        PrivateKey          key,
-        X509Certificate[]   chain,
-        String              provider,
-        SecureRandom        random)
-        throws OCSPException, NoSuchProviderException
-    {
-        Iterator    it = list.iterator();
-
-        ASN1EncodableVector requests = new ASN1EncodableVector();
-
-        while (it.hasNext())
-        {
-            try
-            {
-                requests.add(((RequestObject)it.next()).toRequest());
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("exception creating Request", e);
-            }
-        }
-
-        TBSRequest  tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions);
-
-        java.security.Signature sig = null;
-        Signature               signature = null;
-
-        if (signingAlgorithm != null)
-        {
-            if (requestorName == null)
-            {
-                throw new OCSPException("requestorName must be specified if request is signed.");
-            }
-            
-            try
-            {
-                sig = OCSPUtil.createSignatureInstance(signingAlgorithm.getId(), provider);
-                if (random != null)
-                {
-                    sig.initSign(key, random);
-                }
-                else
-                {
-                    sig.initSign(key);
-                }
-            }
-            catch (NoSuchProviderException e)
-            {
-                // TODO Why this special case?
-                throw e;
-            }
-            catch (GeneralSecurityException e)
-            {
-                throw new OCSPException("exception creating signature: " + e, e);
-            }
-
-            DERBitString    bitSig = null;
-
-            try
-            {
-                ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-                ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
-
-                aOut.writeObject(tbsReq);
-
-                sig.update(bOut.toByteArray());
-
-                bitSig = new DERBitString(sig.sign());
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("exception processing TBSRequest: " + e, e);
-            }
-
-            AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, DERNull.INSTANCE);
-
-            if (chain != null && chain.length > 0)
-            {
-                ASN1EncodableVector v = new ASN1EncodableVector();
-                try
-                {
-                    for (int i = 0; i != chain.length; i++)
-                    {
-                        v.add(new X509CertificateStructure(
-                            (ASN1Sequence)ASN1Primitive.fromByteArray(chain[i].getEncoded())));
-                    }
-                }
-                catch (IOException e)
-                {
-                    throw new OCSPException("error processing certs", e);
-                }
-                catch (CertificateEncodingException e)
-                {
-                    throw new OCSPException("error encoding certs", e);
-                }
-
-                signature = new Signature(sigAlgId, bitSig, new DERSequence(v));
-            }
-            else
-            {
-                signature = new Signature(sigAlgId, bitSig);
-            }
-        }
-
-        return new OCSPReq(new OCSPRequest(tbsReq, signature));
-    }
-    
-    /**
-     * Generate an unsigned request
-     * 
-     * @return the OCSPReq
-     * @throws OCSPException
-     */
-    public OCSPReq generate()
-        throws OCSPException
-    {
-        try
-        {
-            return generateRequest(null, null, null, null, null);
-        }
-        catch (NoSuchProviderException e)
-        {
-            //
-            // this shouldn't happen but...
-            //
-            throw new OCSPException("no provider! - " + e, e);
-        }
-    }
-
-    public OCSPReq generate(
-        String              signingAlgorithm,
-        PrivateKey          key,
-        X509Certificate[]   chain,
-        String              provider)
-        throws OCSPException, NoSuchProviderException, IllegalArgumentException
-    {
-        return generate(signingAlgorithm, key, chain, provider, null);
-    }
-
-    public OCSPReq generate(
-        String              signingAlgorithm,
-        PrivateKey          key,
-        X509Certificate[]   chain,
-        String              provider,
-        SecureRandom        random)
-        throws OCSPException, NoSuchProviderException, IllegalArgumentException
-    {
-        if (signingAlgorithm == null)
-        {
-            throw new IllegalArgumentException("no signing algorithm specified");
-        }
-
-        try
-        {
-            DERObjectIdentifier oid = OCSPUtil.getAlgorithmOID(signingAlgorithm);
-            
-            return generateRequest(oid, key, chain, provider, random);
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IllegalArgumentException("unknown signing algorithm specified: " + signingAlgorithm);
-        }
-    }
-    
-    /**
-     * Return an iterator of the signature names supported by the generator.
-     * 
-     * @return an iterator containing recognised names.
-     */
-    public Iterator getSignatureAlgNames()
-    {
-        return OCSPUtil.getAlgNames();
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPResp.java b/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPResp.java
deleted file mode 100644
index 3ec61cd..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPResp.java
+++ /dev/null
@@ -1,128 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
-import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
-import org.bouncycastle.asn1.ocsp.OCSPResponse;
-import org.bouncycastle.asn1.ocsp.ResponseBytes;
-
-/**
- * @deprecated use classes in org.bouncycastle.cert.ocsp.
- */
-public class OCSPResp
-{
-    private OCSPResponse    resp;
-
-    /**
-     * @deprecated use classes in org.bouncycastle.cert.ocsp.
-     */
-    public OCSPResp(
-        OCSPResponse    resp)
-    {
-        this.resp = resp;
-    }
-
-    /**
-     * @deprecated use classes in org.bouncycastle.cert.ocsp.
-     */
-    public OCSPResp(
-        byte[]          resp)
-        throws IOException
-    {
-        this(new ASN1InputStream(resp));
-    }
-
-    /**
-     * @deprecated use classes in org.bouncycastle.cert.ocsp.
-     */
-    public OCSPResp(
-        InputStream     in)
-        throws IOException
-    {
-        this(new ASN1InputStream(in));
-    }
-
-    private OCSPResp(
-        ASN1InputStream aIn)
-        throws IOException
-    {
-        try
-        {
-            this.resp = OCSPResponse.getInstance(aIn.readObject());
-        }
-        catch (IllegalArgumentException e)
-        {
-            throw new IOException("malformed response: " + e.getMessage());
-        }
-        catch (ClassCastException e)
-        {
-            throw new IOException("malformed response: " + e.getMessage());
-        }
-    }
-
-    public int getStatus()
-    {
-        return this.resp.getResponseStatus().getValue().intValue();
-    }
-
-    public Object getResponseObject()
-        throws OCSPException
-    {
-        ResponseBytes   rb = this.resp.getResponseBytes();
-
-        if (rb == null)
-        {
-            return null;
-        }
-
-        if (rb.getResponseType().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic))
-        {
-            try
-            {
-                ASN1Primitive obj = ASN1Primitive.fromByteArray(rb.getResponse().getOctets());
-                return new BasicOCSPResp(BasicOCSPResponse.getInstance(obj));
-            }
-            catch (Exception e)
-            {
-                throw new OCSPException("problem decoding object: " + e, e);
-            }
-        }
-
-        return rb.getResponse();
-    }
-
-    /**
-     * return the ASN.1 encoded representation of this object.
-     */
-    public byte[] getEncoded()
-        throws IOException
-    {
-        return resp.getEncoded();
-    }
-    
-    public boolean equals(Object o)
-    {
-        if (o == this)
-        {
-            return true;
-        }
-        
-        if (!(o instanceof OCSPResp))
-        {
-            return false;
-        }
-        
-        OCSPResp r = (OCSPResp)o;
-        
-        return resp.equals(r.resp);
-    }
-    
-    public int hashCode()
-    {
-        return resp.hashCode();
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java b/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java
deleted file mode 100644
index 1437ea8..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java
+++ /dev/null
@@ -1,60 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
-import org.bouncycastle.asn1.ocsp.OCSPResponse;
-import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
-import org.bouncycastle.asn1.ocsp.ResponseBytes;
-
-/**
- * base generator for an OCSP response - at the moment this only supports the
- * generation of responses containing BasicOCSP responses.
- *
- * @deprecated use classes in org.bouncycastle.cert.ocsp.
- */
-public class OCSPRespGenerator
-{
-    public static final int SUCCESSFUL            = 0;  // Response has valid confirmations
-    public static final int MALFORMED_REQUEST     = 1;  // Illegal confirmation request
-    public static final int INTERNAL_ERROR        = 2;  // Internal error in issuer
-    public static final int TRY_LATER             = 3;  // Try again later
-                                                        // (4) is not used
-    public static final int SIG_REQUIRED          = 5;  // Must sign the request
-    public static final int UNAUTHORIZED          = 6;  // Request unauthorized
-
-    public OCSPResp generate(
-        int     status,
-        Object  response)
-        throws OCSPException
-    {
-      if (response == null)
-      {
-              return new OCSPResp(new OCSPResponse(new OCSPResponseStatus(status),null));
-      }
-        if (response instanceof BasicOCSPResp)
-        {
-            BasicOCSPResp   r = (BasicOCSPResp)response;
-            ASN1OctetString octs;
-            
-            try
-            {
-                octs = new DEROctetString(r.getEncoded());
-            }
-            catch (IOException e)
-            {
-                throw new OCSPException("can't encode object.", e);
-            }
-
-            ResponseBytes   rb = new ResponseBytes(
-                    OCSPObjectIdentifiers.id_pkix_ocsp_basic, octs);
-
-            return new OCSPResp(new OCSPResponse(
-                                    new OCSPResponseStatus(status), rb));
-        }
-
-        throw new OCSPException("unknown response object");
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java b/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java
deleted file mode 100644
index f58000d..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.bouncycastle.ocsp;
-
-public interface OCSPRespStatus
-{
-    /**
-     * note 4 is not used.
-     */
-    public static final int SUCCESSFUL = 0;         // --Response has valid confirmations
-    public static final int MALFORMED_REQUEST = 1;  // --Illegal confirmation request
-    public static final int INTERNAL_ERROR = 2;     // --Internal error in issuer
-    public static final int TRY_LATER = 3;          // --Try again later
-    public static final int SIGREQUIRED = 5;        // --Must sign the request
-    public static final int UNAUTHORIZED = 6;       //  --Request unauthorized
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java b/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java
deleted file mode 100644
index ffb9245..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java
+++ /dev/null
@@ -1,198 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.util.Strings;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Signature;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreParameters;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-class OCSPUtil
-{
-    private static Hashtable algorithms = new Hashtable();
-    private static Hashtable oids = new Hashtable();
-    private static Set       noParams = new HashSet();
-    
-    static
-    {   
-        algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
-        algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
-        algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
-        algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-        algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
-        algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
-        algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
-        algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
-        algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
-        algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-
-        oids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WITHRSA");
-        oids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, "RIPEMD160WITHRSA");
-        oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, "RIPEMD128WITHRSA");
-        oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, "RIPEMD256WITHRSA");
-        oids.put(X9ObjectIdentifiers.id_dsa_with_sha1, "SHA1WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
-
-        //
-        // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
-        // The parameters field SHALL be NULL for RSA based signature algorithms.
-        //
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
-        noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
-    }
-     
-    static DERObjectIdentifier getAlgorithmOID(
-        String algorithmName)
-    {
-        algorithmName = Strings.toUpperCase(algorithmName);
-        
-        if (algorithms.containsKey(algorithmName))
-        {
-            return (DERObjectIdentifier)algorithms.get(algorithmName);
-        }
-        
-        return new DERObjectIdentifier(algorithmName);
-    }
-
-    static String getAlgorithmName(
-        DERObjectIdentifier oid)
-    {
-        if (oids.containsKey(oid))
-        {
-            return (String)oids.get(oid);
-        }
-        
-        return oid.getId();
-    }
-    
-    static AlgorithmIdentifier getSigAlgID(
-        DERObjectIdentifier sigOid)
-    {
-        if (noParams.contains(sigOid))
-        {
-            return new AlgorithmIdentifier(sigOid);
-        }
-        else
-        {
-            return new AlgorithmIdentifier(sigOid, DERNull.INSTANCE);
-        }
-    }
-    
-    static Iterator getAlgNames()
-    {
-        Enumeration e = algorithms.keys();
-        List        l = new ArrayList();
-        
-        while (e.hasMoreElements())
-        {
-            l.add(e.nextElement());
-        }
-        
-        return l.iterator();
-    }
-
-    static CertStore createCertStoreInstance(String type, CertStoreParameters params, String provider)
-        throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException
-    {
-        if (provider == null)
-        {
-            return CertStore.getInstance(type, params);
-        }
-
-        return CertStore.getInstance(type, params, provider);
-    }
-
-    static MessageDigest createDigestInstance(String digestName, String provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        if (provider == null)
-        {
-            return MessageDigest.getInstance(digestName);
-        }
-
-        return MessageDigest.getInstance(digestName, provider);
-    }
-
-    static Signature createSignatureInstance(String sigName, String provider)
-        throws NoSuchAlgorithmException, NoSuchProviderException
-    {
-        if (provider == null)
-        {
-            return Signature.getInstance(sigName);
-        }
-
-        return Signature.getInstance(sigName, provider);
-    }
-
-    static CertificateFactory createX509CertificateFactory(String provider)
-        throws CertificateException, NoSuchProviderException
-    {
-        if (provider == null)
-        {
-            return CertificateFactory.getInstance("X.509");
-        }
-
-        return CertificateFactory.getInstance("X.509", provider);
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/Req.java b/bcprov/src/main/java/org/bouncycastle/ocsp/Req.java
deleted file mode 100644
index 8acf019..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/Req.java
+++ /dev/null
@@ -1,108 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.ocsp.Request;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-public class Req
-    implements java.security.cert.X509Extension
-{
-    private Request req;
-
-    public Req(
-        Request req)
-    {
-        this.req = req;
-    }
-
-    public CertificateID getCertID()
-    {
-        return new CertificateID(req.getReqCert());
-    }
-
-    public X509Extensions getSingleRequestExtensions()
-    {
-        return X509Extensions.getInstance(req.getSingleRequestExtensions());
-    }
-    
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        if (extns != null && !extns.isEmpty())
-        {
-            return true;
-        }
-
-        return false;
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getSingleRequestExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getSingleRequestExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encoding.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/RespData.java b/bcprov/src/main/java/org/bouncycastle/ocsp/RespData.java
deleted file mode 100644
index 027e7a2..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/RespData.java
+++ /dev/null
@@ -1,142 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.text.ParseException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.ocsp.ResponseData;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-public class RespData
-    implements java.security.cert.X509Extension
-{
-    ResponseData    data;
-
-    public RespData(
-        ResponseData    data)
-    {
-        this.data = data;
-    }
-
-    public int getVersion()
-    {
-        return data.getVersion().getValue().intValue() + 1;
-    }
-
-    public RespID getResponderId()
-    {
-        return new RespID(data.getResponderID());
-    }
-
-    public Date getProducedAt()
-    {
-        try
-        {
-            return data.getProducedAt().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException:" + e.getMessage());
-        }
-    }
-
-    public SingleResp[] getResponses()
-    {
-        ASN1Sequence    s = data.getResponses();
-        SingleResp[]    rs = new SingleResp[s.size()];
-
-        for (int i = 0; i != rs.length; i++)
-        {
-            rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i)));
-        }
-
-        return rs;
-    }
-
-    public X509Extensions getResponseExtensions()
-    {
-        return X509Extensions.getInstance(data.getResponseExtensions());
-    }
-    
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        if (extns != null && !extns.isEmpty())
-        {
-            return true;
-        }
-
-        return false;
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getResponseExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getResponseExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encoding.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/RespID.java b/bcprov/src/main/java/org/bouncycastle/ocsp/RespID.java
deleted file mode 100644
index 631086c..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/RespID.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.security.MessageDigest;
-import java.security.PublicKey;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.ResponderID;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-
-/**
- * Carrier for a ResponderID.
- */
-public class RespID
-{
-    ResponderID id;
-
-    public RespID(
-        ResponderID id)
-    {
-        this.id = id;
-    }
-
-    public RespID(
-        X500Principal   name)
-    {
-        this.id = new ResponderID(X500Name.getInstance(name.getEncoded()));
-    }
-
-    public RespID(
-        PublicKey   key)
-        throws OCSPException
-    {
-        try
-        {
-            // TODO Allow specification of a particular provider
-            MessageDigest digest = OCSPUtil.createDigestInstance("SHA1", null);
-
-            ASN1InputStream aIn = new ASN1InputStream(key.getEncoded());
-            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
-
-            digest.update(info.getPublicKeyData().getBytes());
-
-            ASN1OctetString keyHash = new DEROctetString(digest.digest());
-
-            this.id = new ResponderID(keyHash);
-        }
-        catch (Exception e)
-        {
-            throw new OCSPException("problem creating ID: " + e, e);
-        }
-    }
-
-    public ResponderID toASN1Object()
-    {
-        return id;
-    }
-
-    public boolean equals(
-        Object  o)
-    {
-        if (!(o instanceof RespID))
-        {
-            return false;
-        }
-
-        RespID   obj = (RespID)o;
-
-        return id.equals(obj.id);
-    }
-
-    public int hashCode()
-    {
-        return id.hashCode();
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java b/bcprov/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java
deleted file mode 100644
index 004cade..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.text.ParseException;
-import java.util.Date;
-
-import org.bouncycastle.asn1.ASN1GeneralizedTime;
-import org.bouncycastle.asn1.ocsp.RevokedInfo;
-import org.bouncycastle.asn1.x509.CRLReason;
-
-/**
- * wrapper for the RevokedInfo object
- */
-public class RevokedStatus
-    implements CertificateStatus
-{
-    RevokedInfo info;
-
-    public RevokedStatus(
-        RevokedInfo info)
-    {
-        this.info = info;
-    }
-    
-    public RevokedStatus(
-        Date        revocationDate,
-        int         reason)
-    {
-        this.info = new RevokedInfo(new ASN1GeneralizedTime(revocationDate), CRLReason.lookup(reason));
-    }
-
-    public Date getRevocationTime()
-    {
-        try
-        {
-            return info.getRevocationTime().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException:" + e.getMessage());
-        }
-    }
-
-    public boolean hasRevocationReason()
-    {
-        return (info.getRevocationReason() != null);
-    }
-
-    /**
-     * return the revocation reason. Note: this field is optional, test for it
-     * with hasRevocationReason() first.
-     * @return the revocation reason value.
-     * @exception IllegalStateException if a reason is asked for and none is avaliable
-     */
-    public int getRevocationReason()
-    {
-        if (info.getRevocationReason() == null)
-        {
-            throw new IllegalStateException("attempt to get a reason where none is available");
-        }
-
-        return info.getRevocationReason().getValue().intValue();
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/SingleResp.java b/bcprov/src/main/java/org/bouncycastle/ocsp/SingleResp.java
deleted file mode 100644
index a378e3b..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/SingleResp.java
+++ /dev/null
@@ -1,164 +0,0 @@
-package org.bouncycastle.ocsp;
-
-import java.text.ParseException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.ocsp.CertStatus;
-import org.bouncycastle.asn1.ocsp.RevokedInfo;
-import org.bouncycastle.asn1.ocsp.SingleResponse;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-
-public class SingleResp
-    implements java.security.cert.X509Extension
-{
-    SingleResponse  resp;
-
-    public SingleResp(
-        SingleResponse  resp)
-    {
-        this.resp = resp;
-    }
-
-    public CertificateID getCertID()
-    {
-        return new CertificateID(resp.getCertID());
-    }
-
-    /**
-     * Return the status object for the response - null indicates good.
-     * 
-     * @return the status object for the response, null if it is good.
-     */
-    public Object getCertStatus()
-    {
-        CertStatus  s = resp.getCertStatus();
-
-        if (s.getTagNo() == 0)
-        {
-            return null;            // good
-        }
-        else if (s.getTagNo() == 1)
-        {
-            return new RevokedStatus(RevokedInfo.getInstance(s.getStatus()));
-        }
-
-        return new UnknownStatus();
-    }
-
-    public Date getThisUpdate()
-    {
-        try
-        {
-            return resp.getThisUpdate().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException: " + e.getMessage());
-        }
-    }
-
-    /**
-     * return the NextUpdate value - note: this is an optional field so may
-     * be returned as null.
-     *
-     * @return nextUpdate, or null if not present.
-     */
-    public Date getNextUpdate()
-    {
-        if (resp.getNextUpdate() == null)
-        {
-            return null;
-        }
-
-        try
-        {
-            return resp.getNextUpdate().getDate();
-        }
-        catch (ParseException e)
-        {
-            throw new IllegalStateException("ParseException: " + e.getMessage());
-        }
-    }
-
-    public X509Extensions getSingleExtensions()
-    {
-        return X509Extensions.getInstance(resp.getSingleExtensions());
-    }
-    
-    /**
-     * RFC 2650 doesn't specify any critical extensions so we return true
-     * if any are encountered.
-     * 
-     * @return true if any critical extensions are present.
-     */
-    public boolean hasUnsupportedCriticalExtension()
-    {
-        Set extns = getCriticalExtensionOIDs();
-        
-        return extns != null && !extns.isEmpty();
-    }
-
-    private Set getExtensionOIDs(boolean critical)
-    {
-        Set             set = new HashSet();
-        X509Extensions  extensions = this.getSingleExtensions();
-        
-        if (extensions != null)
-        {
-            Enumeration     e = extensions.oids();
-    
-            while (e.hasMoreElements())
-            {
-                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-                X509Extension       ext = extensions.getExtension(oid);
-    
-                if (critical == ext.isCritical())
-                {
-                    set.add(oid.getId());
-                }
-            }
-        }
-
-        return set;
-    }
-
-    public Set getCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(true);
-    }
-
-    public Set getNonCriticalExtensionOIDs()
-    {
-        return getExtensionOIDs(false);
-    }
-
-    public byte[] getExtensionValue(String oid)
-    {
-        X509Extensions exts = this.getSingleExtensions();
-
-        if (exts != null)
-        {
-            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
-
-            if (ext != null)
-            {
-                try
-                {
-                    return ext.getValue().getEncoded(ASN1Encoding.DER);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException("error encoding " + e.toString());
-                }
-            }
-        }
-
-        return null;
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java b/bcprov/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java
deleted file mode 100644
index cd04147..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package org.bouncycastle.ocsp;
-
-/**
- * wrapper for the UnknownInfo object
- */
-public class UnknownStatus
-    implements CertificateStatus
-{
-    public UnknownStatus()
-    {
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/package.html b/bcprov/src/main/java/org/bouncycastle/ocsp/package.html
new file mode 100644
index 0000000..ca4f531
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/ocsp/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Classes for dealing Online Certificate Status Protocol (OCSP) - RFC 2560.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/test/OCSPTest.java b/bcprov/src/main/java/org/bouncycastle/ocsp/test/OCSPTest.java
deleted file mode 100644
index 62a1f5e..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/test/OCSPTest.java
+++ /dev/null
@@ -1,865 +0,0 @@
-package org.bouncycastle.ocsp.test;
-
-import java.io.ByteArrayInputStream;
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Random;
-import java.util.Set;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.ocsp.BasicOCSPResp;
-import org.bouncycastle.ocsp.BasicOCSPRespGenerator;
-import org.bouncycastle.ocsp.CertificateID;
-import org.bouncycastle.ocsp.CertificateStatus;
-import org.bouncycastle.ocsp.OCSPReq;
-import org.bouncycastle.ocsp.OCSPReqGenerator;
-import org.bouncycastle.ocsp.OCSPResp;
-import org.bouncycastle.ocsp.OCSPRespGenerator;
-import org.bouncycastle.ocsp.Req;
-import org.bouncycastle.ocsp.SingleResp;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.test.SimpleTest;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-public class OCSPTest
-    extends SimpleTest
-{
-    byte[] testResp1 = Base64.decode(
-        "MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx"
-            + "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE"
-            + "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG"
-            + "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv"
-            + "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ"
-            + "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF"
-            + "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1"
-            + "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/"
-            + "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt"
-            + "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk"
-            + "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI"
-            + "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN"
-            + "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww"
-            + "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k"
-            + "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz"
-            + "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg"
-            + "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK"
-            + "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw"
-            + "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI"
-            + "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF"
-            + "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH"
-            + "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm"
-            + "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E"
-            + "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG"
-            + "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E"
-            + "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG"
-            + "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4"
-            + "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc"
-            + "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V"
-            + "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I"
-            + "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq"
-            + "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ");
-
-    byte[] testResp2 = Base64.decode(
-        "MIII1QoBAKCCCM4wggjKBgkrBgEFBQcwAQEEggi7MIIItzCBjqADAgEAoSMw"
-            + "ITEfMB0GA1UEAxMWT0NTUCBjZXJ0LVFBLUNMSUVOVC04NxgPMjAwMzA1MTky"
-            + "MDI2MzBaMFEwTzA6MAkGBSsOAwIaBQAEFJniwiUuyrhKIEF2TjVdVdCAOw0z"
-            + "BBR2olPKrPOJUVyGZ7BXOC4L2BmAqgIBL4AAGA8yMDAzMDUxOTIwMjYzMFow"
-            + "DQYJKoZIhvcNAQEEBQADggEBALImFU3kUtpNVf4tIFKg/1sDHvGpk5Pk0uhH"
-            + "TiNp6vdPfWjOgPkVXskx9nOTabVOBE8RusgwEcK1xeBXSHODb6mnjt9pkfv3"
-            + "ZdbFLFvH/PYjOb6zQOgdIOXhquCs5XbcaSFCX63hqnSaEqvc9w9ctmQwds5X"
-            + "tCuyCB1fWu/ie8xfuXR5XZKTBf5c6dO82qFE65gTYbGOxJBYiRieIPW1XutZ"
-            + "A76qla4m+WdxubV6SPG8PVbzmAseqjsJRn4jkSKOGenqSOqbPbZn9oBsU0Ku"
-            + "hul3pwsNJvcBvw2qxnWybqSzV+n4OvYXk+xFmtTjw8H9ChV3FYYDs8NuUAKf"
-            + "jw1IjWegggcOMIIHCjCCAzMwggIboAMCAQICAQIwDQYJKoZIhvcNAQEEBQAw"
-            + "bzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRAwDgYDVQQHEwdXYWx0aGFt"
-            + "MRYwFAYDVQQKEw1Gb3J1bSBTeXN0ZW1zMQswCQYDVQQLEwJRQTEcMBoGA1UE"
-            + "AxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMzAzMjEwNTAwMDBaFw0yNTAz"
-            + "MjEwNTAwMDBaMCExHzAdBgNVBAMTFk9DU1AgY2VydC1RQS1DTElFTlQtODcw"
-            + "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVuxRCZgJAYAftYuRy"
-            + "9axdtsHrkIJyVVRorLCTWOoLmx2tlrGqKbHOGKmvqEPEpeCDYQk+0WIlWMuM"
-            + "2pgiYAolwqSFBwCjkjQN3fCIHXiby0JBgCCLoe7wa0pZffE+8XZH0JdSjoT3"
-            + "2OYD19wWZeY2VB0JWJFWYAnIL+R5Eg7LwJ5QZSdvghnOWKTv60m/O1rC0see"
-            + "9lbPO+3jRuaDyCUKYy/YIKBYC9rtC4hS47jg70dTfmE2nccjn7rFCPBrVr4M"
-            + "5szqdRzwu3riL9W+IE99LTKXOH/24JX0S4woeGXMS6me7SyZE6x7P2tYkNXM"
-            + "OfXk28b3SJF75K7vX6T6ecWjAgMBAAGjKDAmMBMGA1UdJQQMMAoGCCsGAQUF"
-            + "BwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEEBQADggEBAKNSn7pp"
-            + "UEC1VTN/Iqk8Sc2cAYM7KSmeB++tuyes1iXY4xSQaEgOxRa5AvPAKnXKSzfY"
-            + "vqi9WLdzdkpTo4AzlHl5nqU/NCUv3yOKI9lECVMgMxLAvZgMALS5YXNZsqrs"
-            + "hP3ASPQU99+5CiBGGYa0PzWLstXLa6SvQYoHG2M8Bb2lHwgYKsyrUawcfc/s"
-            + "jE3jFJeyCyNwzH0eDJUVvW1/I3AhLNWcPaT9/VfyIWu5qqZU+ukV/yQXrKiB"
-            + "glY8v4QDRD4aWQlOuiV2r9sDRldOPJe2QSFDBe4NtBbynQ+MRvF2oQs/ocu+"
-            + "OAHX7uiskg9GU+9cdCWPwJf9cP/Zem6MemgwggPPMIICt6ADAgECAgEBMA0G"
-            + "CSqGSIb3DQEBBQUAMG8xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4G"
-            + "A1UEBxMHV2FsdGhhbTEWMBQGA1UEChMNRm9ydW0gU3lzdGVtczELMAkGA1UE"
-            + "CxMCUUExHDAaBgNVBAMTE0NlcnRpZmljYXRlIE1hbmFnZXIwHhcNMDMwMzIx"
-            + "MDUwMDAwWhcNMjUwMzIxMDUwMDAwWjBvMQswCQYDVQQGEwJVUzELMAkGA1UE"
-            + "CBMCTUExEDAOBgNVBAcTB1dhbHRoYW0xFjAUBgNVBAoTDUZvcnVtIFN5c3Rl"
-            + "bXMxCzAJBgNVBAsTAlFBMRwwGgYDVQQDExNDZXJ0aWZpY2F0ZSBNYW5hZ2Vy"
-            + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VeU+48VBjI0mGRt"
-            + "9qlD+WAhx3vv4KCOD5f3HWLj8D2DcoszVTVDqtRK+HS1eSpO/xWumyXhjV55"
-            + "FhG2eYi4e0clv0WyswWkGLqo7IxYn3ZhVmw04ohdTjdhVv8oS+96MUqPmvVW"
-            + "+MkVRyqm75HdgWhKRr/lEpDNm+RJe85xMCipkyesJG58p5tRmAZAAyRs3jYw"
-            + "5YIFwDOnt6PCme7ui4xdas2zolqOlynMuq0ctDrUPKGLlR4mVBzgAVPeatcu"
-            + "ivEQdB3rR6UN4+nv2jx9kmQNNb95R1M3J9xHfOWX176UWFOZHJwVq8eBGF9N"
-            + "pav4ZGBAyqagW7HMlo7Hw0FzUwIDAQABo3YwdDARBglghkgBhvhCAQEEBAMC"
-            + "AJcwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU64zBxl1yKES8tjU3/rBA"
-            + "NaeBpjkwHwYDVR0jBBgwFoAU64zBxl1yKES8tjU3/rBANaeBpjkwDgYDVR0P"
-            + "AQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQAzHnf+Z+UgxDVOpCu0DHF+"
-            + "qYZf8IaUQxLhUD7wjwnt3lJ0QV1z4oyc6Vs9J5xa8Mvf7u1WMmOxvN8r8Kb0"
-            + "k8DlFszLd0Qwr+NVu5NQO4Vn01UAzCtH4oX2bgrVzotqDnzZ4TcIr11EX3Nb"
-            + "tO8yWWl+xWIuxKoAO8a0Rh97TyYfAj4++GIm43b2zIvRXEWAytjz7rXUMwRC"
-            + "1ipRQwSA9gyw2y0s8emV/VwJQXsTe9xtDqlEC67b90V/BgL/jxck5E8yrY9Z"
-            + "gNxlOgcqscObisAkB5I6GV+dfa+BmZrhSJ/bvFMUrnFzjLFvZp/9qiK11r5K"
-            + "A5oyOoNv0w+8bbtMNEc1");
-
-    /**
-     * extra version number encoding.
-     */
-    private static byte[] irregReq = Base64.decode(
-          "MIIQpTBUoAMCAQAwTTBLMEkwCQYFKw4DAhoFAAQUIcFvFFVjPem15pKox4cfcnzF"
-        + "Kf4EFJf8OQzmVmyJ/hc4EhitQbXcqAzDAhB9ePsP19SuP6CsAgFwQuEAoIIQSzCC"
-        + "EEcwDQYJKoZIhvcNAQEFBQADgYEAlq/Tjl8OtFM8Tib1JYTiaPy9vFDr8UZhqXJI"
-        + "FyrdgtUyyDt0EcrgnBGacAeRZzF5sokIC6DjXweU7EItGqrpw/RaCUPUWFpPxR6y"
-        + "HjuzrLmICocTI9MH7dRUXm0qpxoY987sx1PtWB4pSR99ixBtq3OPNdsI0uJ+Qkei"
-        + "LbEZyvWggg+wMIIPrDCCA5owggKCoAMCAQICEEAxXx/eFe7gm/NX7AkcS68wDQYJ"
-        + "KoZIhvcNAQEFBQAwgZoxCzAJBgNVBAYTAlNFMTMwMQYDVQQKDCpMw6Ruc2bDtnJz"
-        + "w6RrcmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkxFTATBgNVBAUTDDExMTEx"
-        + "MTExMTExMTE/MD0GA1UEAww2TMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIFB1cmNo"
-        + "YXNlciBDQTEgZm9yIEJhbmtJRCBURVNUMB4XDTA4MTAwNjIyMDAwMFoXDTEwMTAx"
-        + "MDIxNTk1OVowgZExCzAJBgNVBAYTAlNFMTMwMQYDVQQKDCpMw6Ruc2bDtnJzw6Rr"
-        + "cmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkxFTATBgNVBAUTDDExMTExMTEx"
-        + "MTExMTE2MDQGA1UEAwwtTMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIE9DU1AgZm9y"
-        + "IEJhbmtJRCBURVNUMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5e/h6aL2m"
-        + "DVpWeu5e5p1Ps9kbvuuGeAp9zJDYLbZz7uzT67X+s59HaViroD2+2my/gg7rX7tK"
-        + "H9VXpJad1W9O19SjfNyxgeAMwVMkrbb4IlrQwu0v/Ub8JPxSWwZZXYiODq5abeXA"
-        + "abMYIHxSaSkhrsUj1dpSAohHLJRlq707swIDAQABo2cwZTAfBgNVHSMEGDAWgBTR"
-        + "vcp2QyNdNGZ+q7TjKSrrHZqxmDATBgNVHSAEDDAKMAgGBiqFcDwBBjAOBgNVHQ8B"
-        + "Af8EBAMCBkAwHQYDVR0OBBYEFF/3557FEvkA8iiPv2XcBclxKnTdMA0GCSqGSIb3"
-        + "DQEBBQUAA4IBAQAOxRvHO89XJ0v83BZdPFzEBA4B2Tqc1oABUn13S6fAkcGWvOmG"
-        + "eY61MK16aMnLPNDadZrAqJc6PEtVY57uaywE9acwv9XpHO0bcS94tLwvZZJ2KBt0"
-        + "Oq96gaI6gnJViUjyWjm+qBZvod0QPOLGv6wUPoiNcCpSid/COTjKpLYpCJj3ZWUV"
-        + "nsTRWSRVXsdY/xI0gs/A8/c5P1PuTxoi99RTmcruoFxvV4MmhWyX7IGqG4OAtLdo"
-        + "yefz/90FPGOrmqY9OgEb+gNuTM26YDvSs1dfarPl89d8jjwxHgNbZjh2VHFqKolJ"
-        + "8TB8ZS5aNvhHPumOOE47y95rTBxrxSmGvKb8MIIENDCCAxygAwIBAgIRAJAFaeOw"
-        + "7XbxH/DN/Vvhjx8wDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAlNFMTMwMQYD"
-        + "VQQKDCpMw6Ruc2bDtnJzw6RrcmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkx"
-        + "FTATBgNVBAUTDDExMTExMTExMTExMTE6MDgGA1UEAwwxTMOkbnNmw7Zyc8Oka3Jp"
-        + "bmdhciBCYW5rIFJvb3QgQ0ExIGZvciBCYW5rSUQgVEVTVDAeFw0wNzEwMDExMjAw"
-        + "MzdaFw0yOTA3MDExMjAwMzdaMIGaMQswCQYDVQQGEwJTRTEzMDEGA1UECgwqTMOk"
-        + "bnNmw7Zyc8Oka3JpbmdhciBCYW5rIEFrdGllYm9sYWcgKHB1YmwpMRUwEwYDVQQF"
-        + "EwwxMTExMTExMTExMTExPzA9BgNVBAMMNkzDpG5zZsO2cnPDpGtyaW5nYXIgQmFu"
-        + "ayBQdXJjaGFzZXIgQ0ExIGZvciBCYW5rSUQgVEVTVDCCASIwDQYJKoZIhvcNAQEB"
-        + "BQADggEPADCCAQoCggEBAMK5WbYojYRX1ZKrbxJBgbd4x503LfMWgr67sVD5L0NY"
-        + "1RPhZVFJRKJWvawE5/eXJ4oNQwc831h2jiOgINXuKyGXqdAVGBcpFwIxTfzxwT4l"
-        + "fvztr8pE6wk7mLLwKUvIjbM3EF1IL3zUI3UU/U5ioyGmcb/o4GGN71kMmvV/vrkU"
-        + "02/s7xicXNxYej4ExLiCkS5+j/+3sR47Uq5cL9e8Yg7t5/6FyLGQjKoS8HU/abYN"
-        + "4kpx/oyrxzrXMhnMVDiI8QX9NYGJwI8KZ/LU6GDq/NnZ3gG5v4l4UU1GhgUbrk4I"
-        + "AZPDu99zvwCtkdj9lJN0eDv8jdyEPZ6g1qPBE0pCNqcCAwEAAaN4MHYwDwYDVR0T"
-        + "AQH/BAUwAwEB/zATBgNVHSAEDDAKMAgGBiqFcDwBBjAOBgNVHQ8BAf8EBAMCAQYw"
-        + "HwYDVR0jBBgwFoAUnkjp1bkQUOrkRiLgxpxwAe2GQFYwHQYDVR0OBBYEFNG9ynZD"
-        + "I100Zn6rtOMpKusdmrGYMA0GCSqGSIb3DQEBBQUAA4IBAQAPVSC4HEd+yCtSgL0j"
-        + "NI19U2hJeP28lAD7OA37bcLP7eNrvfU/2tuqY7rEn1m44fUbifewdgR8x2DzhM0m"
-        + "fJcA5Z12PYUb85L9z8ewGQdyHLNlMpKSTP+0lebSc/obFbteC4jjuvux60y5KVOp"
-        + "osXbGw2qyrS6uhZJrTDP1B+bYg/XBttG+i7Qzx0S5Tq//VU9OfAQZWpvejadKAk9"
-        + "WCcXq6zALiJcxsUwOHZRvvHDxkHuf5eZpPvm1gaqa+G9CtV+oysZMU1eTRasBHsB"
-        + "NRWYfOSXggsyqRHfIAVieB4VSsB8WhZYm8UgYoLhAQfSJ5Xq5cwBOHkVj33MxAyP"
-        + "c7Y5MIID/zCCAuegAwIBAgIRAOXEoBcV4gV3Z92gk5AuRgwwDQYJKoZIhvcNAQEF"
-        + "BQAwZjEkMCIGA1UECgwbRmluYW5zaWVsbCBJRC1UZWtuaWsgQklEIEFCMR8wHQYD"
-        + "VQQLDBZCYW5rSUQgTWVtYmVyIEJhbmtzIENBMR0wGwYDVQQDDBRCYW5rSUQgUm9v"
-        + "dCBDQSBURVNUMjAeFw0wNzEwMDExMTQ1NDlaFw0yOTA4MDExMTU4MjVaMIGVMQsw"
-        + "CQYDVQQGEwJTRTEzMDEGA1UECgwqTMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIEFr"
-        + "dGllYm9sYWcgKHB1YmwpMRUwEwYDVQQFEwwxMTExMTExMTExMTExOjA4BgNVBAMM"
-        + "MUzDpG5zZsO2cnPDpGtyaW5nYXIgQmFuayBSb290IENBMSBmb3IgQmFua0lEIFRF"
-        + "U1QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBzn7IXIpyOGCCTuzL"
-        + "DKE/T+pFRTgFh3QgKtifZ4zxdvB2Sd5+90vUEGcGExUhzpgb9gOUrT1eE0XhdiUR"
-        + "YuYYpJI/nzPQWTsRtEaql7NHBPKnEauoA9oAhCT4pE5gLlqpTfkB8nAsRTI2XqpI"
-        + "hQ7vTvnTRx20xog21NIbz1GztV8H1kBH2eDvRX7cXGiugp6CXV/le9cB+/4TBNUN"
-        + "Xqupt79dM49KCoDuYr72W7Hv4BSWw3IInEN2m8T2X6UBpBGkCiGwLQy/+KOmYRK7"
-        + "1PSFC0rXDwOJ0HJ/8fHwx6vLMxHAQ6s/9vOW10MjgjSQlbVqH/4Pa+TlpWumSV4E"
-        + "l0z9AgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0gBAwwCjAIBgYqhXA8"
-        + "AQYwDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFJuTMPljHcYdrRO9sEi1amb4"
-        + "tE3VMB0GA1UdDgQWBBSeSOnVuRBQ6uRGIuDGnHAB7YZAVjANBgkqhkiG9w0BAQUF"
-        + "AAOCAQEArnW/9n+G+84JOgv1Wn4tsBBS7QgJp1rdCoiNrZPx2du/7Wz3wQVNKBjL"
-        + "eMCyLjg0OVHuq4hpCv9MZpUqdcUW8gpp4dLDAAd1uE7xqVuG8g4Ir5qocxbZHQew"
-        + "fnqSJJDlEZgDeZIzod92OO+htv0MWqKWbr3Mo2Hqhn+t0+UVWsW4k44e7rUw3xQq"
-        + "r2VdMJv/C68BXUgqh3pplUDjWyXfreiACTT0q3HT6v6WaihKCa2WY9Kd1IkDcLHb"
-        + "TZk8FqMmGn72SgJw3H5Dvu7AiZijjNAUulMnMpxBEKyFTU2xRBlZZVcp50VJ2F7+"
-        + "siisxbcYOAX4GztLMlcyq921Ov/ipDCCA88wggK3oAMCAQICEQCmaX+5+m5bF5us"
-        + "CtyMq41SMA0GCSqGSIb3DQEBBQUAMGYxJDAiBgNVBAoMG0ZpbmFuc2llbGwgSUQt"
-        + "VGVrbmlrIEJJRCBBQjEfMB0GA1UECwwWQmFua0lEIE1lbWJlciBCYW5rcyBDQTEd"
-        + "MBsGA1UEAwwUQmFua0lEIFJvb3QgQ0EgVEVTVDIwHhcNMDQwODEzMDcyMDEwWhcN"
-        + "MjkwODEyMTIwMjQ2WjBmMSQwIgYDVQQKDBtGaW5hbnNpZWxsIElELVRla25payBC"
-        + "SUQgQUIxHzAdBgNVBAsMFkJhbmtJRCBNZW1iZXIgQmFua3MgQ0ExHTAbBgNVBAMM"
-        + "FEJhbmtJRCBSb290IENBIFRFU1QyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB"
-        + "CgKCAQEA25D0f1gipbACk4Bg3t6ODUlCWOU0TWeTkzAHR7IRB5T++yvsVosedMMW"
-        + "6KYYTbPONeJSt5kydX+wZi9nVNdlhkNULLbDKWfRY7x+B9MR1Q0Kq/e4VR0uRsak"
-        + "Bv5iwEYZ7cSR63HfBaPTqQsGobq+wtGH5JeTBrmCt4A3kN1UWgX32Dv/I3m7v8bK"
-        + "iwh4cnvAD9PIOtq6pOmAkSvLvp8jCy3qFLe9KAxm8M/ZAmnxYaRV8DVEg57FGoG6"
-        + "oiG3Ixx8PSVVdzpFY4kuUFLi4ueMPwjnXFiBhhWJJeOtFG3Lc2aW3zvcDbD/MsDm"
-        + "rSZNTmtbOOou8xuMKjlNY9PU5MHIaQIDAQABo3gwdjAPBgNVHRMBAf8EBTADAQH/"
-        + "MBMGA1UdIAQMMAowCAYGKoVwPAEGMA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAW"
-        + "gBSbkzD5Yx3GHa0TvbBItWpm+LRN1TAdBgNVHQ4EFgQUm5Mw+WMdxh2tE72wSLVq"
-        + "Zvi0TdUwDQYJKoZIhvcNAQEFBQADggEBAIQ4ZBHWssA38pfNzH5A+H3SXpAlI8Jc"
-        + "LuoMVOIwwbfd1Up0xopCs+Ay41v8FZtcTMFqCVTih2nzVusTgnFBPMPJ2cnTlRue"
-        + "kAtVRNsiWn2/Ool/OXoYf5YnpgYu8t9jLCBCoDS5YJg714r9V9hCwfey8TCWBU80"
-        + "vL7EIfjK13nUxf8d49GzZlFMNqGDMjfMp1FYrHBGLZBr8br/G/7em1Cprw7iR8cw"
-        + "pddz+QXXFIrIz5Y9D/x1RrwoLibPw0kMrSwI2G4aCvoBySfbD6cpnJf6YHRctdSb"
-        + "755zhdBW7XWTl6ReUVuEt0hTFms4F60kFAi5hIbDRSN1Slv5yP2b0EA=");
-    public String getName()
-    {
-        return "OCSP";
-    }
-
-    private void testECDSA()
-        throws Exception
-    {
-        String signDN = "O=Bouncy Castle, C=AU";
-        KeyPair signKP = OCSPTestUtil.makeECKeyPair();
-        X509Certificate testCert = OCSPTestUtil.makeECDSACertificate(signKP, signDN, signKP, signDN);
-
-        String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
-        GeneralName origName = new GeneralName(new X509Name(origDN));
-
-        //
-        // general id value for our test issuer cert and a serial number.
-        //
-        CertificateID id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1));
-
-        //
-        // basic request generation
-        //
-        OCSPReqGenerator gen = new OCSPReqGenerator();
-        gen.addRequest(id);
-
-        OCSPReq req = gen.generate();
-
-        if (req.isSigned())
-        {
-            fail("signed but shouldn't be");
-        }
-
-        X509Certificate[] certs = req.getCerts("BC");
-
-        if (certs != null)
-        {
-            fail("null certs expected, but not found");
-        }
-
-        Req[] requests = req.getRequestList();
-
-        if (!requests[0].getCertID().equals(id))
-        {
-            fail("Failed isFor test");
-        }
-
-        //
-        // request generation with signing
-        //
-        X509Certificate[] chain = new X509Certificate[1];
-
-        gen = new OCSPReqGenerator();
-
-        gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
-        gen.addRequest(
-            new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)));
-
-        chain[0] = testCert;
-
-        req = gen.generate("SHA1withECDSA", signKP.getPrivate(), chain, "BC");
-
-        if (!req.isSigned())
-        {
-            fail("not signed but should be");
-        }
-
-        if (!req.verify(signKP.getPublic(), "BC"))
-        {
-            fail("signature failed to verify");
-        }
-
-        requests = req.getRequestList();
-
-        if (!requests[0].getCertID().equals(id))
-        {
-            fail("Failed isFor test");
-        }
-
-        certs = req.getCerts("BC");
-
-        if (certs == null)
-        {
-            fail("null certs found");
-        }
-
-        if (certs.length != 1 || !certs[0].equals(testCert))
-        {
-            fail("incorrect certs found in request");
-        }
-
-        //
-        // encoding test
-        //
-        byte[] reqEnc = req.getEncoded();
-
-        OCSPReq newReq = new OCSPReq(reqEnc);
-
-        if (!newReq.verify(signKP.getPublic(), "BC"))
-        {
-            fail("newReq signature failed to verify");
-        }
-
-        //
-        // request generation with signing and nonce
-        //
-        chain = new X509Certificate[1];
-
-        gen = new OCSPReqGenerator();
-
-        Vector oids = new Vector();
-        Vector values = new Vector();
-        byte[] sampleNonce = new byte[16];
-        Random rand = new Random();
-
-        rand.nextBytes(sampleNonce);
-
-        gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
-        oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
-        values.addElement(new X509Extension(false, new DEROctetString(new DEROctetString(sampleNonce))));
-
-        gen.setRequestExtensions(new X509Extensions(oids, values));
-
-        gen.addRequest(
-            new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)));
-
-        chain[0] = testCert;
-
-        req = gen.generate("SHA1withECDSA", signKP.getPrivate(), chain, "BC");
-
-        if (!req.isSigned())
-        {
-            fail("not signed but should be");
-        }
-
-        if (!req.verify(signKP.getPublic(), "BC"))
-        {
-            fail("signature failed to verify");
-        }
-
-        //
-        // extension check.
-        //
-        Set extOids = req.getCriticalExtensionOIDs();
-
-        if (extOids.size() != 0)
-        {
-            fail("wrong number of critical extensions in OCSP request.");
-        }
-
-        extOids = req.getNonCriticalExtensionOIDs();
-
-        if (extOids.size() != 1)
-        {
-            fail("wrong number of non-critical extensions in OCSP request.");
-        }
-
-        byte[] extValue = req.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId());
-
-        ASN1Encodable extObj = X509ExtensionUtil.fromExtensionValue(extValue);
-
-        if (!(extObj instanceof ASN1OctetString))
-        {
-            fail("wrong extension type found.");
-        }
-
-        if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce))
-        {
-            fail("wrong extension value found.");
-        }
-
-        //
-        // request list check
-        //
-        requests = req.getRequestList();
-
-        if (!requests[0].getCertID().equals(id))
-        {
-            fail("Failed isFor test");
-        }
-
-        //
-        // response generation
-        //
-        BasicOCSPRespGenerator respGen = new BasicOCSPRespGenerator(signKP.getPublic());
-
-        respGen.addResponse(id, CertificateStatus.GOOD);
-
-        BasicOCSPResp resp = respGen.generate("SHA1withECDSA", signKP.getPrivate(), chain, new Date(), "BC");
-    }
-
-    private void testRSA()
-        throws Exception
-    {
-        String signDN = "O=Bouncy Castle, C=AU";
-        KeyPair signKP = OCSPTestUtil.makeKeyPair();
-        X509Certificate testCert = OCSPTestUtil.makeCertificate(signKP, signDN, signKP, signDN);
-
-        String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
-        GeneralName origName = new GeneralName(new X509Name(origDN));
-
-        //
-        // general id value for our test issuer cert and a serial number.
-        //
-        CertificateID id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1));
-
-        //
-        // basic request generation
-        //
-        OCSPReqGenerator gen = new OCSPReqGenerator();
-
-        gen.addRequest(
-            new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)));
-
-        OCSPReq req = gen.generate();
-
-        if (req.isSigned())
-        {
-            fail("signed but shouldn't be");
-        }
-
-        X509Certificate[] certs = req.getCerts("BC");
-
-        if (certs != null)
-        {
-            fail("null certs expected, but not found");
-        }
-
-        Req[] requests = req.getRequestList();
-
-        if (!requests[0].getCertID().equals(id))
-        {
-            fail("Failed isFor test");
-        }
-
-        //
-        // request generation with signing
-        //
-        X509Certificate[] chain = new X509Certificate[1];
-
-        gen = new OCSPReqGenerator();
-
-        gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
-        gen.addRequest(
-            new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)));
-
-        chain[0] = testCert;
-
-        req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC");
-
-        if (!req.isSigned())
-        {
-            fail("not signed but should be");
-        }
-
-        if (!req.verify(signKP.getPublic(), "BC"))
-        {
-            fail("signature failed to verify");
-        }
-
-        requests = req.getRequestList();
-
-        if (!requests[0].getCertID().equals(id))
-        {
-            fail("Failed isFor test");
-        }
-
-        certs = req.getCerts("BC");
-
-        if (certs == null)
-        {
-            fail("null certs found");
-        }
-
-        if (certs.length != 1 || !certs[0].equals(testCert))
-        {
-            fail("incorrect certs found in request");
-        }
-
-        //
-        // encoding test
-        //
-        byte[] reqEnc = req.getEncoded();
-
-        OCSPReq newReq = new OCSPReq(reqEnc);
-
-        if (!newReq.verify(signKP.getPublic(), "BC"))
-        {
-            fail("newReq signature failed to verify");
-        }
-
-        //
-        // request generation with signing and nonce
-        //
-        chain = new X509Certificate[1];
-
-        gen = new OCSPReqGenerator();
-
-        Vector oids = new Vector();
-        Vector values = new Vector();
-        byte[] sampleNonce = new byte[16];
-        Random rand = new Random();
-
-        rand.nextBytes(sampleNonce);
-
-        gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
-        oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
-        values.addElement(new X509Extension(false, new DEROctetString(new DEROctetString(sampleNonce))));
-
-        gen.setRequestExtensions(new X509Extensions(oids, values));
-
-        gen.addRequest(
-            new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)));
-
-        chain[0] = testCert;
-
-        req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC");
-
-        if (!req.isSigned())
-        {
-            fail("not signed but should be");
-        }
-
-        if (!req.verify(signKP.getPublic(), "BC"))
-        {
-            fail("signature failed to verify");
-        }
-
-        //
-        // extension check.
-        //
-        Set extOids = req.getCriticalExtensionOIDs();
-
-        if (extOids.size() != 0)
-        {
-            fail("wrong number of critical extensions in OCSP request.");
-        }
-
-        extOids = req.getNonCriticalExtensionOIDs();
-
-        if (extOids.size() != 1)
-        {
-            fail("wrong number of non-critical extensions in OCSP request.");
-        }
-
-        byte[] extValue = req.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId());
-
-        ASN1Encodable extObj = X509ExtensionUtil.fromExtensionValue(extValue);
-
-        if (!(extObj instanceof ASN1OctetString))
-        {
-            fail("wrong extension type found.");
-        }
-
-        if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce))
-        {
-            fail("wrong extension value found.");
-        }
-
-        //
-        // request list check
-        //
-        requests = req.getRequestList();
-
-        if (!requests[0].getCertID().equals(id))
-        {
-            fail("Failed isFor test");
-        }
-
-        //
-        // response generation
-        //
-        BasicOCSPRespGenerator respGen = new BasicOCSPRespGenerator(signKP.getPublic());
-
-        respGen.addResponse(id, CertificateStatus.GOOD);
-
-        BasicOCSPResp resp = respGen.generate("SHA1withRSA", signKP.getPrivate(), chain, new Date(), "BC");
-        OCSPRespGenerator rGen = new OCSPRespGenerator();
-
-        byte[] enc = rGen.generate(OCSPRespGenerator.SUCCESSFUL, resp).getEncoded();
-    }
-
-    private void testIrregularVersionReq()
-        throws Exception
-    {
-        OCSPReq ocspRequest = new OCSPReq(irregReq);
-        X509Certificate cert = ocspRequest.getCerts("BC")[0];
-        if (!ocspRequest.verify(cert.getPublicKey(), "BC"))
-        {
-            fail("extra version encoding test failed");
-        }
-    }
-
-    public void performTest()
-        throws Exception
-    {
-        String signDN = "O=Bouncy Castle, C=AU";
-        KeyPair signKP = OCSPTestUtil.makeKeyPair();
-        X509Certificate testCert = OCSPTestUtil.makeCertificate(signKP, signDN, signKP, signDN);
-
-        String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
-        GeneralName origName = new GeneralName(new X509Name(origDN));
-
-        //
-        // general id value for our test issuer cert and a serial number.
-        //
-        CertificateID id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1));
-
-        //
-        // general id value for our test issuer cert and a serial number and the default provider
-        //
-        id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1), null);
-
-        //
-        // basic request generation
-        //
-        OCSPReqGenerator gen = new OCSPReqGenerator();
-
-        gen.addRequest(
-            new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)));
-
-        OCSPReq req = gen.generate();
-
-        if (req.isSigned())
-        {
-            fail("signed but shouldn't be");
-        }
-
-        X509Certificate[] certs = req.getCerts("BC");
-
-        if (certs != null)
-        {
-            fail("null certs expected, but not found");
-        }
-
-        Req[] requests = req.getRequestList();
-
-        if (!requests[0].getCertID().equals(id))
-        {
-            fail("Failed isFor test");
-        }
-
-        //
-        // request generation with signing
-        //
-        X509Certificate[] chain = new X509Certificate[1];
-
-        gen = new OCSPReqGenerator();
-
-        gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
-        gen.addRequest(
-            new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)));
-
-        chain[0] = testCert;
-
-        req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC");
-
-        if (!req.isSigned())
-        {
-            fail("not signed but should be");
-        }
-
-        if (!req.verify(signKP.getPublic(), "BC"))
-        {
-            fail("signature failed to verify");
-        }
-
-        requests = req.getRequestList();
-
-        if (!requests[0].getCertID().equals(id))
-        {
-            fail("Failed isFor test");
-        }
-
-        certs = req.getCerts("BC");
-
-        if (certs == null)
-        {
-            fail("null certs found");
-        }
-
-        if (certs.length != 1 || !certs[0].equals(testCert))
-        {
-            fail("incorrect certs found in request");
-        }
-
-        //
-        // encoding test
-        //
-        byte[] reqEnc = req.getEncoded();
-
-        OCSPReq newReq = new OCSPReq(reqEnc);
-
-        if (!newReq.verify(signKP.getPublic(), "BC"))
-        {
-            fail("newReq signature failed to verify");
-        }
-
-        //
-        // request generation with signing and nonce
-        //
-        chain = new X509Certificate[1];
-
-        gen = new OCSPReqGenerator();
-
-        Vector oids = new Vector();
-        Vector values = new Vector();
-        byte[] sampleNonce = new byte[16];
-        Random rand = new Random();
-
-        rand.nextBytes(sampleNonce);
-
-        gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
-        oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
-        values.addElement(new X509Extension(false, new DEROctetString(new DEROctetString(sampleNonce))));
-
-        gen.setRequestExtensions(new X509Extensions(oids, values));
-
-        gen.addRequest(
-            new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)));
-
-        chain[0] = testCert;
-
-        req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC");
-
-        if (!req.isSigned())
-        {
-            fail("not signed but should be");
-        }
-
-        if (!req.verify(signKP.getPublic(), "BC"))
-        {
-            fail("signature failed to verify");
-        }
-
-        //
-        // extension check.
-        //
-        Set extOids = req.getCriticalExtensionOIDs();
-
-        if (extOids.size() != 0)
-        {
-            fail("wrong number of critical extensions in OCSP request.");
-        }
-
-        extOids = req.getNonCriticalExtensionOIDs();
-
-        if (extOids.size() != 1)
-        {
-            fail("wrong number of non-critical extensions in OCSP request.");
-        }
-
-        byte[] extValue = req.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId());
-
-        ASN1Encodable extObj = X509ExtensionUtil.fromExtensionValue(extValue);
-
-        if (!(extObj instanceof ASN1OctetString))
-        {
-            fail("wrong extension type found.");
-        }
-
-        if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce))
-        {
-            fail("wrong extension value found.");
-        }
-
-        //
-        // request list check
-        //
-        requests = req.getRequestList();
-
-        if (!requests[0].getCertID().equals(id))
-        {
-            fail("Failed isFor test");
-        }
-
-        //
-        // response parsing - test 1
-        //
-        OCSPResp response = new OCSPResp(new ByteArrayInputStream(testResp1));
-
-        if (response.getStatus() != 0)
-        {
-            fail("response status not zero.");
-        }
-
-        BasicOCSPResp brep = (BasicOCSPResp)response.getResponseObject();
-        chain = brep.getCerts("BC");
-
-        if (!brep.verify(chain[0].getPublicKey(), "BC"))
-        {
-            fail("response 1 failed to verify.");
-        }
-
-        //
-        // test 2
-        //
-        SingleResp[] singleResp = brep.getResponses();
-
-        response = new OCSPResp(new ByteArrayInputStream(testResp2));
-
-        if (response.getStatus() != 0)
-        {
-            fail("response status not zero.");
-        }
-
-        brep = (BasicOCSPResp)response.getResponseObject();
-        chain = brep.getCerts("BC");
-
-        if (!brep.verify(chain[0].getPublicKey(), "BC"))
-        {
-            fail("response 2 failed to verify.");
-        }
-
-        singleResp = brep.getResponses();
-
-        //
-        // simple response generation
-        //
-        OCSPRespGenerator respGen = new OCSPRespGenerator();
-        OCSPResp resp = respGen.generate(OCSPRespGenerator.SUCCESSFUL, response.getResponseObject());
-
-        if (!resp.getResponseObject().equals(response.getResponseObject()))
-        {
-            fail("response fails to match");
-        }
-
-        testECDSA();
-        testRSA();
-        testIrregularVersionReq();
-    }
-
-    public static void main(
-        String[] args)
-    {
-        Security.addProvider(new BouncyCastleProvider());
-
-        runTest(new OCSPTest());
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/ocsp/test/OCSPTestUtil.java b/bcprov/src/main/java/org/bouncycastle/ocsp/test/OCSPTestUtil.java
deleted file mode 100644
index 229d860..0000000
--- a/bcprov/src/main/java/org/bouncycastle/ocsp/test/OCSPTestUtil.java
+++ /dev/null
@@ -1,181 +0,0 @@
-package org.bouncycastle.ocsp.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-
-import javax.crypto.KeyGenerator;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-
-public class OCSPTestUtil
-{
-    
-    public static SecureRandom     rand;
-    public static KeyPairGenerator kpg, eckpg;
-    public static KeyGenerator     desede128kg;
-    public static KeyGenerator     desede192kg;
-    public static KeyGenerator     rc240kg;
-    public static KeyGenerator     rc264kg;
-    public static KeyGenerator     rc2128kg;
-    public static BigInteger       serialNumber;
-    
-    public static final boolean DEBUG = true;
-    
-    static
-    {
-        try
-        {
-            rand = new SecureRandom();
-
-            kpg  = KeyPairGenerator.getInstance("RSA", "BC");
-            kpg.initialize(1024, rand);
-
-            serialNumber = new BigInteger("1");
-
-            eckpg = KeyPairGenerator.getInstance("ECDSA", "BC");
-            eckpg.initialize(192, rand);
-        }
-        catch(Exception ex)
-        {
-            throw new RuntimeException(ex.toString());
-        }
-    }
-    
-    public static KeyPair makeKeyPair()
-    {
-        return kpg.generateKeyPair();
-    }
-
-    public static KeyPair makeECKeyPair()
-    {
-        return eckpg.generateKeyPair();
-    }
-
-    public static X509Certificate makeCertificate(KeyPair _subKP,
-            String _subDN, KeyPair _issKP, String _issDN)
-            throws Exception
-    {
-
-        return makeCertificate(_subKP, _subDN, _issKP, _issDN, false);
-    }
-
-    public static X509Certificate makeECDSACertificate(KeyPair _subKP,
-            String _subDN, KeyPair _issKP, String _issDN)
-            throws Exception
-    {
-
-        return makeECDSACertificate(_subKP, _subDN, _issKP, _issDN, false);
-    }
-
-    public static X509Certificate makeCACertificate(KeyPair _subKP,
-            String _subDN, KeyPair _issKP, String _issDN)
-            throws Exception
-    {
-
-        return makeCertificate(_subKP, _subDN, _issKP, _issDN, true);
-    }
-
-    public static X509Certificate makeCertificate(KeyPair _subKP,
-            String _subDN, KeyPair _issKP, String _issDN, boolean _ca)
-            throws Exception
-    {
-        return makeCertificate(_subKP,_subDN, _issKP, _issDN, "MD5withRSA", _ca);
-    }
-
-    public static X509Certificate makeECDSACertificate(KeyPair _subKP,
-            String _subDN, KeyPair _issKP, String _issDN, boolean _ca)
-            throws Exception
-    {
-        return makeCertificate(_subKP,_subDN, _issKP, _issDN, "SHA1WithECDSA", _ca);
-    }
-
-    public static X509Certificate makeCertificate(KeyPair _subKP,
-            String _subDN, KeyPair _issKP, String _issDN, String algorithm, boolean _ca)
-            throws Exception
-    {
-
-        PublicKey _subPub = _subKP.getPublic();
-        PrivateKey _issPriv = _issKP.getPrivate();
-        PublicKey _issPub = _issKP.getPublic();
-
-        X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
-
-        _v3CertGen.reset();
-        _v3CertGen.setSerialNumber(allocateSerialNumber());
-        _v3CertGen.setIssuerDN(new X509Name(_issDN));
-        _v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
-        _v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
-                + (1000L * 60 * 60 * 24 * 100)));
-        _v3CertGen.setSubjectDN(new X509Name(_subDN));
-        _v3CertGen.setPublicKey(_subPub);
-        _v3CertGen.setSignatureAlgorithm(algorithm);
-
-        _v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
-                createSubjectKeyId(_subPub));
-
-        _v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
-                createAuthorityKeyId(_issPub));
-
-        _v3CertGen.addExtension(X509Extensions.BasicConstraints, false,
-                new BasicConstraints(_ca));
-
-        X509Certificate _cert = _v3CertGen.generate(_issPriv);
-
-        _cert.checkValidity(new Date());
-        _cert.verify(_issPub);
-
-        return _cert;
-    }
-
-    /*
-     * 
-     * INTERNAL METHODS
-     * 
-     */
-
-    private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey _pubKey)
-            throws IOException
-    {
-
-        ByteArrayInputStream _bais = new ByteArrayInputStream(_pubKey
-                .getEncoded());
-        SubjectPublicKeyInfo _info = new SubjectPublicKeyInfo(
-                (ASN1Sequence)new ASN1InputStream(_bais).readObject());
-
-        return new AuthorityKeyIdentifier(_info);
-    }
-
-    private static SubjectKeyIdentifier createSubjectKeyId(PublicKey _pubKey)
-            throws IOException
-    {
-
-        ByteArrayInputStream _bais = new ByteArrayInputStream(_pubKey
-                .getEncoded());
-        SubjectPublicKeyInfo _info = new SubjectPublicKeyInfo(
-                (ASN1Sequence)new ASN1InputStream(_bais).readObject());
-        return new SubjectKeyIdentifier(_info);
-    }
-
-    private static BigInteger allocateSerialNumber()
-    {
-        BigInteger _tmp = serialNumber;
-        serialNumber = serialNumber.add(BigInteger.valueOf(1));
-        return _tmp;
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/asn1/GMSSPublicKey.java b/bcprov/src/main/java/org/bouncycastle/pqc/asn1/GMSSPublicKey.java
index e4f8f50..fc5c4f2 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/asn1/GMSSPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/asn1/GMSSPublicKey.java
@@ -13,7 +13,6 @@ import org.bouncycastle.util.Arrays;
 /**
  * This class implements an ASN.1 encoded GMSS public key. The ASN.1 definition
  * of this structure is:
- * <p/>
  * <pre>
  *  GMSSPublicKey        ::= SEQUENCE{
  *      version         INTEGER
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/asn1/RainbowPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/pqc/asn1/RainbowPrivateKey.java
index 0606464..7c21691 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/asn1/RainbowPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/asn1/RainbowPrivateKey.java
@@ -14,9 +14,8 @@ import org.bouncycastle.pqc.crypto.rainbow.util.RainbowUtil;
 
 /**
  * Return the key data to encode in the PrivateKeyInfo structure.
- * <p/>
+ * <p>
  * The ASN.1 definition of the key structure is
- * <p/>
  * <pre>
  *   RainbowPrivateKey ::= SEQUENCE {
  *         CHOICE
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/asn1/RainbowPublicKey.java b/bcprov/src/main/java/org/bouncycastle/pqc/asn1/RainbowPublicKey.java
index 2073c55..febe538 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/asn1/RainbowPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/asn1/RainbowPublicKey.java
@@ -14,7 +14,6 @@ import org.bouncycastle.pqc.crypto.rainbow.util.RainbowUtil;
 /**
  * This class implements an ASN.1 encoded Rainbow public key. The ASN.1 definition
  * of this structure is:
- * <p/>
  * <pre>
  *       RainbowPublicKey ::= SEQUENCE {
  *         CHOICE
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java
index f84b7f3..013441e 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java
@@ -98,7 +98,6 @@ public class GMSSKeyPairGenerator
     /**
      * The standard constructor tries to generate the GMSS algorithm identifier
      * with the corresponding OID.
-     * <p/>
      *
      * @param digestProvider     provider for digest implementations.
      */
@@ -363,21 +362,21 @@ public class GMSSKeyPairGenerator
      * This method initializes the GMSS KeyPairGenerator using an integer value
      * <code>keySize</code> as input. It provides a simple use of the GMSS for
      * testing demands.
-     * <p/>
+     * <p>
      * A given <code>keysize</code> of less than 10 creates an amount 2^10
      * signatures. A keySize between 10 and 20 creates 2^20 signatures. Given an
      * integer greater than 20 the key pair generator creates 2^40 signatures.
      *
      * @param keySize      Assigns the parameters used for the GMSS signatures. There are
-     *                     3 choices:<br/>
-     *                     1. keysize <= 10: creates 2^10 signatures using the
-     *                     parameterset<br/>
-     *                     P = (2, (5, 5), (3, 3), (3, 3))<br/>
-     *                     2. keysize > 10 and <= 20: creates 2^20 signatures using the
-     *                     parameterset<br/>
-     *                     P = (2, (10, 10), (5, 4), (2, 2))<br/>
-     *                     3. keysize > 20: creates 2^40 signatures using the
-     *                     parameterset<br/>
+     *                     3 choices:<br>
+     *                     1. keysize &lt;= 10: creates 2^10 signatures using the
+     *                     parameterset<br>
+     *                     P = (2, (5, 5), (3, 3), (3, 3))<br>
+     *                     2. keysize &gt; 10 and &lt;= 20: creates 2^20 signatures using the
+     *                     parameterset<br>
+     *                     P = (2, (10, 10), (5, 4), (2, 2))<br>
+     *                     3. keysize &gt; 20: creates 2^40 signatures using the
+     *                     parameterset<br>
      *                     P = (2, (10, 10, 10, 10), (9, 9, 9, 3), (2, 2, 2, 2))
      * @param secureRandom not used by GMSS, the SHA1PRNG of the SUN Provider is always
      *                     used
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSParameters.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSParameters.java
index 0433261..aa89f76 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSParameters.java
@@ -32,7 +32,6 @@ public class GMSSParameters
 
     /**
      * The constructor for the parameters of the GMSSKeyPairGenerator.
-     * <p/>
      *
      * @param layers              the number of authentication tree layers
      * @param heightOfTrees       the height of the authentication trees
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSSigner.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSSigner.java
index 7cedf12..8832fb3 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSSigner.java
@@ -214,7 +214,6 @@ public class GMSSSigner
 
     /**
      * Signs a message.
-     * <p/>
      *
      * @return the signature.
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.java
index 096de75..d012ce7 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.java
@@ -20,7 +20,6 @@ public class WinternitzOTSVerify
 
     /**
      * The constructor
-     * <p/>
      *
      * @param digest the name of the hash function used by the OTS and the provider
      *               name of the hash function
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.java
index 51eaf53..23bf3fa 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.java
@@ -50,7 +50,6 @@ public class WinternitzOTSignature
     /**
      * The constructor generates an OTS key pair, using <code>seed0</code> and
      * the PRNG
-     * <p/>
      *
      * @param seed0    the seed for the PRGN
      * @param digest an array of strings, containing the name of the used hash
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/mceliece/McEliecePKCSCipher.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/mceliece/McEliecePKCSCipher.java
index 7a6be1b..b4eecfb 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/mceliece/McEliecePKCSCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/mceliece/McEliecePKCSCipher.java
@@ -209,7 +209,7 @@ public class McEliecePKCSCipher
         }
 
         // check if padding byte is valid
-        if (mrBytes[index] != 0x01)
+        if (index<0 || mrBytes[index] != 0x01)
         {
             throw new Exception("Bad Padding: invalid ciphertext");
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyGenerationParameters.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyGenerationParameters.java
index d5caa35..8d64ae2 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyGenerationParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyGenerationParameters.java
@@ -79,7 +79,7 @@ public class NTRUEncryptionKeyGenerationParameters
     public Digest hashAlg;
 
     /**
-     * Constructs a parameter set that uses ternary private keys (i.e. </code>polyType=SIMPLE</code>).
+     * Constructs a parameter set that uses ternary private keys (i.e. <code>polyType=SIMPLE</code>).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
@@ -116,7 +116,7 @@ public class NTRUEncryptionKeyGenerationParameters
     }
 
     /**
-     * Constructs a parameter set that uses product-form private keys (i.e. </code>polyType=PRODUCT</code>).
+     * Constructs a parameter set that uses product-form private keys (i.e. <code>polyType=PRODUCT</code>).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyPairGenerator.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyPairGenerator.java
index 7a648c8..f2751ca 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyPairGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyPairGenerator.java
@@ -10,7 +10,7 @@ import org.bouncycastle.pqc.math.ntru.polynomial.ProductFormPolynomial;
 import org.bouncycastle.pqc.math.ntru.util.Util;
 
 /**
- * Generates key pairs.<br/>
+ * Generates key pairs.<br>
  * The parameter p is hardcoded to 3.
  */
 public class NTRUEncryptionKeyPairGenerator
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionParameters.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionParameters.java
index eeb3839..b387bc2 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionParameters.java
@@ -42,7 +42,7 @@ public class NTRUEncryptionParameters
     public Digest hashAlg;
 
     /**
-     * Constructs a parameter set that uses ternary private keys (i.e. </code>polyType=SIMPLE</code>).
+     * Constructs a parameter set that uses ternary private keys (i.e. <code>polyType=SIMPLE</code>).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
@@ -78,7 +78,7 @@ public class NTRUEncryptionParameters
     }
 
     /**
-     * Constructs a parameter set that uses product-form private keys (i.e. </code>polyType=PRODUCT</code>).
+     * Constructs a parameter set that uses product-form private keys (i.e. <code>polyType=PRODUCT</code>).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionPrivateKeyParameters.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionPrivateKeyParameters.java
index d1ee858..bcf9418 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionPrivateKeyParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionPrivateKeyParameters.java
@@ -14,7 +14,7 @@ import org.bouncycastle.pqc.math.ntru.polynomial.SparseTernaryPolynomial;
 /**
  * A NtruEncrypt private key is essentially a polynomial named <code>f</code>
  * which takes different forms depending on whether product-form polynomials are used,
- * and on <code>fastP</code><br/>
+ * and on <code>fastP</code><br>
  * The inverse of <code>f</code> modulo <code>p</code> is precomputed on initialization.
  */
 public class NTRUEncryptionPrivateKeyParameters
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEngine.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEngine.java
index 1fb6a1d..77ff1c3 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEngine.java
@@ -17,7 +17,7 @@ import org.bouncycastle.pqc.math.ntru.polynomial.TernaryPolynomial;
 import org.bouncycastle.util.Arrays;
 
 /**
- * Encrypts, decrypts data and generates key pairs.<br/>
+ * Encrypts, decrypts data and generates key pairs.<br>
  * The parameter p is hardcoded to 3.
  */
 public class NTRUEngine
@@ -426,7 +426,7 @@ public class NTRUEngine
         System.arraycopy(cM, bLen + 1, cm, 0, cl);
         byte[] p0 = new byte[cM.length - (bLen + 1 + cl)];
         System.arraycopy(cM, bLen + 1 + cl, p0, 0, p0.length);
-        if (!Arrays.areEqual(p0, new byte[p0.length]))
+        if (!Arrays.constantTimeAreEqual(p0, new byte[p0.length]))
         {
            throw new InvalidCipherTextException("The message is not followed by zeroes");
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigner.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigner.java
index 0b8a078..19bf802 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigner.java
@@ -8,8 +8,12 @@ import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
 import org.bouncycastle.pqc.math.ntru.polynomial.Polynomial;
 
 /**
- * Signs, verifies data and generates key pairs.
- */
+* Signs, verifies data and generates key pairs.
+* @deprecated the NTRUSigner algorithm was broken in 2012 by Ducas and Nguyen. See
+* <a href="http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf">
+* http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf</a>
+* for details.
+*/
 public class NTRUSigner
 {
     private NTRUSigningParameters params;
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningKeyGenerationParameters.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningKeyGenerationParameters.java
index 1398e2b..b6ff8c5 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningKeyGenerationParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningKeyGenerationParameters.java
@@ -29,22 +29,22 @@ public class NTRUSigningKeyGenerationParameters
     /**
      * Gives 128 bits of security
      */
-    public static final NTRUSigningKeyGenerationParameters APR2011_439 = new NTRUSigningKeyGenerationParameters(439, 2048, 146, 1, BASIS_TYPE_TRANSPOSE, 0.165, 400, 280, false, true, KEY_GEN_ALG_RESULTANT, new SHA256Digest());
+    public static final NTRUSigningKeyGenerationParameters APR2011_439 = new NTRUSigningKeyGenerationParameters(439, 2048, 146, 1, BASIS_TYPE_TRANSPOSE, 0.165, 490, 280, false, true, KEY_GEN_ALG_RESULTANT, new SHA256Digest());
 
     /**
      * Like <code>APR2011_439</code>, this parameter set gives 128 bits of security but uses product-form polynomials
      */
-    public static final NTRUSigningKeyGenerationParameters APR2011_439_PROD = new NTRUSigningKeyGenerationParameters(439, 2048, 9, 8, 5, 1, BASIS_TYPE_TRANSPOSE, 0.165, 400, 280, false, true, KEY_GEN_ALG_RESULTANT, new SHA256Digest());
+    public static final NTRUSigningKeyGenerationParameters APR2011_439_PROD = new NTRUSigningKeyGenerationParameters(439, 2048, 9, 8, 5, 1, BASIS_TYPE_TRANSPOSE, 0.165, 490, 280, false, true, KEY_GEN_ALG_RESULTANT, new SHA256Digest());
 
     /**
      * Gives 256 bits of security
      */
-    public static final NTRUSigningKeyGenerationParameters APR2011_743 = new NTRUSigningKeyGenerationParameters(743, 2048, 248, 1, BASIS_TYPE_TRANSPOSE, 0.127, 405, 360, true, false, KEY_GEN_ALG_RESULTANT, new SHA512Digest());
+    public static final NTRUSigningKeyGenerationParameters APR2011_743 = new NTRUSigningKeyGenerationParameters(743, 2048, 248, 1, BASIS_TYPE_TRANSPOSE, 0.127, 560, 360, true, false, KEY_GEN_ALG_RESULTANT, new SHA512Digest());
 
     /**
      * Like <code>APR2011_439</code>, this parameter set gives 256 bits of security but uses product-form polynomials
      */
-    public static final NTRUSigningKeyGenerationParameters APR2011_743_PROD = new NTRUSigningKeyGenerationParameters(743, 2048, 11, 11, 15, 1, BASIS_TYPE_TRANSPOSE, 0.127, 405, 360, true, false, KEY_GEN_ALG_RESULTANT, new SHA512Digest());
+    public static final NTRUSigningKeyGenerationParameters APR2011_743_PROD = new NTRUSigningKeyGenerationParameters(743, 2048, 11, 11, 15, 1, BASIS_TYPE_TRANSPOSE, 0.127, 560, 360, true, false, KEY_GEN_ALG_RESULTANT, new SHA512Digest());
 
     /**
      * Generates key pairs quickly. Use for testing only.
@@ -75,7 +75,7 @@ public class NTRUSigningKeyGenerationParameters
     public int polyType;
 
     /**
-     * Constructs a parameter set that uses ternary private keys (i.e. </code>polyType=SIMPLE</code>).
+     * Constructs a parameter set that uses ternary private keys (i.e. <code>polyType=SIMPLE</code>).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
@@ -110,7 +110,7 @@ public class NTRUSigningKeyGenerationParameters
     }
 
     /**
-     * Constructs a parameter set that uses product-form private keys (i.e. </code>polyType=PRODUCT</code>).
+     * Constructs a parameter set that uses product-form private keys (i.e. <code>polyType=PRODUCT</code>).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningParameters.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningParameters.java
index bf70caf..2f018b0 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningParameters.java
@@ -29,7 +29,7 @@ public class NTRUSigningParameters
     public Digest hashAlg;
 
     /**
-     * Constructs a parameter set that uses ternary private keys (i.e. </code>polyType=SIMPLE</code>).
+     * Constructs a parameter set that uses ternary private keys (i.e. <code>polyType=SIMPLE</code>).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
@@ -52,7 +52,7 @@ public class NTRUSigningParameters
     }
 
     /**
-     * Constructs a parameter set that uses product-form private keys (i.e. </code>polyType=PRODUCT</code>).
+     * Constructs a parameter set that uses product-form private keys (i.e. <code>polyType=PRODUCT</code>).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningPrivateKeyParameters.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningPrivateKeyParameters.java
index 515f356..451422e 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningPrivateKeyParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningPrivateKeyParameters.java
@@ -126,7 +126,9 @@ public class NTRUSigningPrivateKeyParameters
     {
         final int prime = 31;
         int result = 1;
-        result = prime * result + ((bases == null) ? 0 : bases.hashCode());
+        result = prime * result;
+        if (bases==null) return result;
+        result += bases.hashCode();
         for (Basis basis : bases)
         {
             result += basis.hashCode();
@@ -150,12 +152,13 @@ public class NTRUSigningPrivateKeyParameters
             return false;
         }
         NTRUSigningPrivateKeyParameters other = (NTRUSigningPrivateKeyParameters)obj;
+        if ((bases == null) != (other.bases == null))
+        {
+            return false;
+        }
         if (bases == null)
         {
-            if (other.bases != null)
-            {
-                return false;
-            }
+            return true;
         }
         if (bases.size() != other.bases.size())
         {
@@ -382,4 +385,4 @@ public class NTRUSigningPrivateKeyParameters
             return true;
         }
     }
-}
-\ No newline at end of file
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/Layer.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/Layer.java
index 4c457ec..ae76922 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/Layer.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/Layer.java
@@ -10,14 +10,14 @@ import org.bouncycastle.util.Arrays;
 /**
  * This class represents a layer of the Rainbow Oil- and Vinegar Map. Each Layer
  * consists of oi polynomials with their coefficients, generated at random.
- * <p/>
+ * <p>
  * To sign a document, we solve a LES (linear equation system) for each layer in
  * order to find the oil variables of that layer and to be able to use the
  * variables to compute the signature. This functionality is implemented in the
  * RainbowSignature-class, by the aid of the private key.
- * <p/>
+ * <p>
  * Each layer is a part of the private key.
- * <p/>
+ * <p>
  * More information about the layer can be found in the paper of Jintai Ding,
  * Dieter Schmidt: Rainbow, a New Multivariable Polynomial Signature Scheme.
  * ACNS 2005: 164-175 (http://dx.doi.org/10.1007/11496137_12)
@@ -124,7 +124,7 @@ public class Layer
      * This method plugs in the vinegar variables into the polynomials of this
      * layer and computes the coefficients of the Oil-variables as well as the
      * free coefficient in each polynomial.
-     * <p/>
+     * <p>
      * It is needed for computing the Oil variables while signing.
      *
      * @param x vinegar variables of this layer that should be plugged into
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.java
index e7fe059..6b041cf 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.java
@@ -12,7 +12,7 @@ import org.bouncycastle.pqc.crypto.rainbow.util.GF2Field;
  * This class implements AsymmetricCipherKeyPairGenerator. It is used
  * as a generator for the private and public key of the Rainbow Signature
  * Scheme.
- * <p/>
+ * <p>
  * Detailed information about the key generation is to be found in the paper of
  * Jintai Ding, Dieter Schmidt: Rainbow, a New Multivariable Polynomial
  * Signature Scheme. ACNS 2005: 164-175 (http://dx.doi.org/10.1007/11496137_12)
@@ -49,7 +49,6 @@ public class RainbowKeyPairGenerator
     /**
      * The standard constructor tries to generate the Rainbow algorithm identifier
      * with the corresponding OID.
-     * <p/>
      */
     public RainbowKeyPairGenerator()
     {
@@ -120,11 +119,12 @@ public class RainbowKeyPairGenerator
 
     /**
      * This function generates the invertible affine linear map L1 = A1*x + b1
-     * <p/>
+     * <p>
      * The translation part b1, is stored in a separate array. The inverse of
      * the matrix-part of L1 A1inv is also computed here.
-     * <p/>
+     * </p><p>
      * This linear map hides the output of the map F. It is on k^(n-v1).
+     * </p>
      */
     private void generateL1()
     {
@@ -158,11 +158,12 @@ public class RainbowKeyPairGenerator
 
     /**
      * This function generates the invertible affine linear map L2 = A2*x + b2
-     * <p/>
+     * <p>
      * The translation part b2, is stored in a separate array. The inverse of
      * the matrix-part of L2 A2inv is also computed here.
-     * <p/>
+     * </p><p>
      * This linear map hides the output of the map F. It is on k^(n).
+     * </p>
      */
     private void generateL2()
     {
@@ -197,9 +198,10 @@ public class RainbowKeyPairGenerator
     /**
      * This function generates the private map F, which consists of u-1 layers.
      * Each layer consists of oi polynomials where oi = vi[i+1]-vi[i].
-     * <p/>
+     * <p>
      * The methods for the generation of the coefficients of these polynomials
      * are called here.
+     * </p>
      */
     private void generateF()
     {
@@ -213,11 +215,12 @@ public class RainbowKeyPairGenerator
 
     /**
      * This function computes the public key from the private key.
-     * <p/>
+     * <p>
      * The composition of F with L2 is computed, followed by applying L1 to the
      * composition's result. The singular and scalar values constitute to the
      * public key as is, the quadratic terms are compacted in
      * <tt>compactPublicKey()</tt>
+     * </p>
      */
     private void computePublicKey()
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.java
index b6014a5..979e759 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.java
@@ -12,7 +12,7 @@ import org.bouncycastle.pqc.crypto.rainbow.util.GF2Field;
  * It implements the sign and verify functions for the Rainbow Signature Scheme.
  * Here the message, which has to be signed, is updated. The use of
  * different hash functions is possible.
- * <p/>
+ * <p>
  * Detailed information about the signature and the verify-method is to be found
  * in the paper of Jintai Ding, Dieter Schmidt: Rainbow, a New Multivariable
  * Polynomial Signature Scheme. ACNS 2005: 164-175
@@ -96,10 +96,10 @@ public class RainbowSigner
     /**
      * This function signs the message that has been updated, making use of the
      * private key.
-     * <p/>
+     * <p>
      * For computing the signature, L1 and L2 are needed, as well as LES should
      * be solved for each layer in order to find the Oil-variables in the layer.
-     * <p/>
+     * <p>
      * The Vinegar-variables of the first layer are random generated.
      *
      * @param message the message
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.java
index 9a1115d..5bf2573 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.java
@@ -2,7 +2,7 @@ package org.bouncycastle.pqc.crypto.rainbow.util;
 
 /**
  * This class offers different operations on matrices in field GF2^8.
- * <p/>
+ * <p>
  * Implemented are functions:
  * - finding inverse of a matrix
  * - solving linear equation systems using the Gauss-Elimination method
@@ -88,7 +88,7 @@ public class ComputeInField
     /**
      * This function computes the inverse of a given matrix using the Gauss-
      * Elimination method.
-     * <p/>
+     * <p>
      * An exception is thrown if the matrix has no inverse
      *
      * @param coef the matrix which inverse matrix is needed
@@ -166,13 +166,13 @@ public class ComputeInField
      * Elimination under the diagonal.
      * This function changes a matrix so that it contains only zeros under the
      * diagonal(Ai,i) using only Gauss-Elimination operations.
-     * <p/>
+     * <p>
      * It is used in solveEquaton as well as in the function for
      * finding an inverse of a matrix: {@link}inverse. Both of them use the
      * Gauss-Elimination Method.
-     * <p/>
+     * </p><p>
      * The result is stored in the global matrix A
-     *
+     * </p>
      * @param usedForInverse This parameter shows if the function is used by the
      *                       solveEquation-function or by the inverse-function and according
      *                       to this creates matrices of different sizes.
@@ -229,10 +229,10 @@ public class ComputeInField
      * Elimination above the diagonal.
      * This function changes a matrix so that it contains only zeros above the
      * diagonal(Ai,i) using only Gauss-Elimination operations.
-     * <p/>
+     * <p>
      * It is used in the inverse-function
      * The result is stored in the global matrix A
-     *
+     * </p>
      * @throws RuntimeException in case a multiplicative inverse of 0 is needed
      */
     private void computeZerosAbove()
@@ -268,10 +268,10 @@ public class ComputeInField
      * of the linear equation system (LES) B*x = b,
      * where A a triangle-matrix is (contains only zeros under the diagonal)
      * and b is a vector
-     * <p/>
+     * <p>
      * If the multiplicative inverse of 0 is needed, an exception is thrown.
      * In this case is the LES not solvable
-     *
+     * </p>
      * @throws RuntimeException in case a multiplicative inverse of 0 is needed
      */
     private void substitute()
@@ -345,7 +345,7 @@ public class ComputeInField
 
     /**
      * This function multiplies a given matrix with a one-dimensional array.
-     * <p/>
+     * <p>
      * An exception is thrown, if the number of columns in the matrix and
      * the number of rows in the one-dim. array differ.
      *
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.java
index 7c28649..8d54279 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.java
@@ -3,10 +3,10 @@ package org.bouncycastle.pqc.crypto.rainbow.util;
 /**
  * This class provides the basic operations like addition, multiplication and
  * finding the multiplicative inverse of an element in GF2^8.
- * <p/>
+ * <p>
  * The operations are implemented using the irreducible polynomial
  * 1+x^2+x^3+x^6+x^8 ( 1 0100 1101 = 0x14d )
- * <p/>
+ * <p>
  * This class makes use of lookup tables(exps and logs) for implementing the
  * operations in order to increase the efficiency of Rainbow.
  */
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/AllTests.java
new file mode 100644
index 0000000..4559fdb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/AllTests.java
@@ -0,0 +1,47 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.bouncycastle.util.test.SimpleTestResult;
+
+public class AllTests
+    extends TestCase
+{   
+    public void testCrypto()
+    {   
+        org.bouncycastle.util.test.Test[] tests = RegressionTest.tests;
+        
+        for (int i = 0; i != tests.length; i++)
+        {
+            SimpleTestResult  result = (SimpleTestResult)tests[i].perform();
+
+            if (!result.isSuccessful())
+            {
+                fail(result.toString());
+            }
+        }
+    }
+    
+    public static void main (String[] args)
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+    
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("Lightweight PQ Crypto Tests");
+        
+        suite.addTestSuite(AllTests.class);
+        suite.addTestSuite(BitStringTest.class);
+        suite.addTestSuite(EncryptionKeyTest.class);
+        suite.addTestSuite(NTRUEncryptionParametersTest.class);
+        suite.addTestSuite(NTRUEncryptTest.class);
+        suite.addTestSuite(NTRUSignatureParametersTest.class);
+        suite.addTestSuite(NTRUSignatureKeyTest.class);
+        suite.addTestSuite(NTRUSignerTest.class);
+        suite.addTestSuite(NTRUSigningParametersTest.class);
+
+        return suite;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/BitStringTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/BitStringTest.java
new file mode 100644
index 0000000..85e1ffa
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/BitStringTest.java
@@ -0,0 +1,88 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.crypto.ntru.IndexGenerator.BitString;
+import org.bouncycastle.util.Arrays;
+
+public class BitStringTest
+    extends TestCase
+{
+    public void testAppendBitsByteArray()
+    {
+        BitString bs = new BitString();
+        bs.appendBits((byte)78);
+        assertBitStringEquals(bs, new byte[]{78});
+        bs.appendBits((byte)-5);
+        assertBitStringEquals(bs, new byte[]{78, -5});
+        bs.appendBits((byte)127);
+        assertBitStringEquals(bs, new byte[]{78, -5, 127});
+        bs.appendBits((byte)0);
+        assertBitStringEquals(bs, new byte[]{78, -5, 127, 0});
+        bs.appendBits((byte)100);
+        assertBitStringEquals(bs, new byte[]{78, -5, 127, 0, 100});
+    }
+
+    private void assertBitStringEquals(BitString bs, byte[] arr)
+    {
+        byte[] bsBytes = bs.getBytes();
+
+        assertTrue(bsBytes.length >= arr.length);
+        arr = copyOf(arr, bsBytes.length);
+        assertTrue(Arrays.areEqual(arr, bsBytes));
+    }
+
+    public void testGetTrailing()
+    {
+        BitString bs = new BitString();
+        bs.appendBits((byte)78);
+        BitString bs2 = bs.getTrailing(3);
+        assertBitStringEquals(bs2, new byte[]{6});
+
+        bs = new BitString();
+        bs.appendBits((byte)78);
+        bs.appendBits((byte)-5);
+        bs2 = bs.getTrailing(9);
+        assertBitStringEquals(bs2, new byte[]{78, 1});
+
+        bs2.appendBits((byte)100);
+        assertBitStringEquals(bs2, new byte[]{78, -55});
+        bs = bs2.getTrailing(13);
+        assertBitStringEquals(bs, new byte[]{78, 9});
+        bs2 = bs2.getTrailing(11);
+        assertBitStringEquals(bs2, new byte[]{78, 1});
+
+        bs2.appendBits((byte)100);
+        assertBitStringEquals(bs2, new byte[]{78, 33, 3});
+        bs2 = bs2.getTrailing(16);
+        assertBitStringEquals(bs2, new byte[]{78, 33});
+    }
+
+    public void testGetLeadingAsInt()
+    {
+        BitString bs = new BitString();
+        bs.appendBits((byte)78);
+        bs.appendBits((byte)42);
+        assertEquals(1, bs.getLeadingAsInt(3));
+        assertEquals(84, bs.getLeadingAsInt(9));
+        assertEquals(338, bs.getLeadingAsInt(11));
+
+        BitString bs2 = bs.getTrailing(11);
+        assertBitStringEquals(bs2, new byte[]{78, 2});
+        assertEquals(590, bs2.getLeadingAsInt(11));
+        assertEquals(9, bs2.getLeadingAsInt(5));
+
+        bs2.appendBits((byte)115);
+        assertEquals(230, bs2.getLeadingAsInt(9));
+        assertEquals(922, bs2.getLeadingAsInt(11));
+
+        bs2.appendBits((byte)-36);
+        assertEquals(55, bs2.getLeadingAsInt(6));
+    }
+
+    private byte[] copyOf(byte[] src, int length)
+    {
+        byte[] tmp = new byte[length];
+        System.arraycopy(src, 0, tmp, 0, tmp.length > src.length ? src.length : tmp.length);
+        return tmp;
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/EncryptionKeyTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/EncryptionKeyTest.java
new file mode 100644
index 0000000..f023406
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/EncryptionKeyTest.java
@@ -0,0 +1,51 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import junit.framework.TestCase;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionKeyPairGenerator;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionKeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionPublicKeyParameters;
+
+public class EncryptionKeyTest
+    extends TestCase
+{
+    public void testEncode()
+        throws IOException
+    {
+        for (NTRUEncryptionKeyGenerationParameters params : new NTRUEncryptionKeyGenerationParameters[]{NTRUEncryptionKeyGenerationParameters.APR2011_743, NTRUEncryptionKeyGenerationParameters.APR2011_743_FAST, NTRUEncryptionKeyGenerationParameters.EES1499EP1})
+        {
+            testEncode(params);
+        }
+    }
+
+    private void testEncode(NTRUEncryptionKeyGenerationParameters params)
+        throws IOException
+    {
+        NTRUEncryptionKeyPairGenerator kpGen = new NTRUEncryptionKeyPairGenerator();
+
+        kpGen.init(params);
+
+        AsymmetricCipherKeyPair kp = kpGen.generateKeyPair();
+        byte[] priv = ((NTRUEncryptionPrivateKeyParameters)kp.getPrivate()).getEncoded();
+        byte[] pub = ((NTRUEncryptionPublicKeyParameters)kp.getPublic()).getEncoded();
+
+        AsymmetricCipherKeyPair kp2 = new AsymmetricCipherKeyPair(new NTRUEncryptionPublicKeyParameters(pub, params.getEncryptionParameters()), new NTRUEncryptionPrivateKeyParameters(priv, params.getEncryptionParameters()));
+        assertEquals(kp.getPublic(), kp2.getPublic());
+        assertEquals(kp.getPrivate(), kp2.getPrivate());
+
+        ByteArrayOutputStream bos1 = new ByteArrayOutputStream();
+        ByteArrayOutputStream bos2 = new ByteArrayOutputStream();
+        ((NTRUEncryptionPrivateKeyParameters)kp.getPrivate()).writeTo(bos1);
+        ((NTRUEncryptionPublicKeyParameters)kp.getPublic()).writeTo(bos2);
+        ByteArrayInputStream bis1 = new ByteArrayInputStream(bos1.toByteArray());
+        ByteArrayInputStream bis2 = new ByteArrayInputStream(bos2.toByteArray());
+        AsymmetricCipherKeyPair  kp3 = new AsymmetricCipherKeyPair(new NTRUEncryptionPublicKeyParameters(bis2, params.getEncryptionParameters()), new NTRUEncryptionPrivateKeyParameters(bis1, params.getEncryptionParameters()));
+        assertEquals(kp.getPublic(), kp3.getPublic());
+        assertEquals(kp.getPrivate(), kp3.getPrivate());
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/GMSSSignerTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/GMSSSignerTest.java
new file mode 100644
index 0000000..69b2842
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/GMSSSignerTest.java
@@ -0,0 +1,88 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.Signer;
+import org.bouncycastle.crypto.digests.SHA224Digest;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.pqc.crypto.DigestingMessageSigner;
+import org.bouncycastle.pqc.crypto.gmss.GMSSDigestProvider;
+import org.bouncycastle.pqc.crypto.gmss.GMSSKeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.gmss.GMSSKeyPairGenerator;
+import org.bouncycastle.pqc.crypto.gmss.GMSSParameters;
+import org.bouncycastle.pqc.crypto.gmss.GMSSPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.gmss.GMSSSigner;
+import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.FixedSecureRandom;
+import org.bouncycastle.util.test.SimpleTest;
+
+
+public class GMSSSignerTest
+    extends SimpleTest
+{
+    byte[] keyData = Hex.decode("b5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
+
+    SecureRandom keyRandom = new FixedSecureRandom(new byte[][]{keyData, keyData});
+
+    public String getName()
+    {
+        return "GMSS";
+    }
+
+    public void performTest()
+        throws Exception
+    {
+
+        GMSSParameters params = new GMSSParameters(3,
+            new int[]{15, 15, 10}, new int[]{5, 5, 4}, new int[]{3, 3, 2});
+
+        GMSSDigestProvider digProvider = new GMSSDigestProvider()
+        {
+            public Digest get()
+            {
+                return new SHA224Digest();
+            }
+        };
+
+        GMSSKeyPairGenerator gmssKeyGen = new GMSSKeyPairGenerator(digProvider);
+
+        GMSSKeyGenerationParameters genParam = new GMSSKeyGenerationParameters(keyRandom, params);
+
+        gmssKeyGen.init(genParam);
+
+        AsymmetricCipherKeyPair pair = gmssKeyGen.generateKeyPair();
+
+        ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), keyRandom);
+
+        // TODO
+        Signer gmssSigner = new DigestingMessageSigner(new GMSSSigner(digProvider), new SHA224Digest());
+        gmssSigner.init(true, param);
+
+        byte[] message = BigIntegers.asUnsignedByteArray(new BigInteger("968236873715988614170569073515315707566766479517"));
+        gmssSigner.update(message, 0, message.length);
+        byte[] sig = gmssSigner.generateSignature();
+
+
+        gmssSigner.init(false, pair.getPublic());
+        gmssSigner.update(message, 0, message.length);
+        if (!gmssSigner.verifySignature(sig))
+        {
+            fail("verification fails");
+        }
+
+        if (!((GMSSPrivateKeyParameters)pair.getPrivate()).isUsed())
+        {
+            fail("private key not marked as used");
+        }
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new GMSSSignerTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McElieceFujisakiCipherTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McElieceFujisakiCipherTest.java
new file mode 100644
index 0000000..dfc44b6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McElieceFujisakiCipherTest.java
@@ -0,0 +1,102 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.security.SecureRandom;
+import java.util.Random;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyPairGenerator;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2Parameters;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceFujisakiCipher;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceFujisakiDigestCipher;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class McElieceFujisakiCipherTest
+    extends SimpleTest
+{
+
+    SecureRandom keyRandom = new SecureRandom();
+
+    public String getName()
+    {
+        return "McElieceFujisaki";
+
+    }
+
+
+    public void performTest()
+    {
+        int numPassesKPG = 1;
+        int numPassesEncDec = 10;
+        Random rand = new Random();
+        byte[] mBytes;
+        for (int j = 0; j < numPassesKPG; j++)
+        {
+
+            McElieceCCA2Parameters params = new McElieceCCA2Parameters();
+            McElieceCCA2KeyPairGenerator mcElieceCCA2KeyGen = new McElieceCCA2KeyPairGenerator();
+            McElieceCCA2KeyGenerationParameters genParam = new McElieceCCA2KeyGenerationParameters(keyRandom, params);
+
+            mcElieceCCA2KeyGen.init(genParam);
+            AsymmetricCipherKeyPair pair = mcElieceCCA2KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPublic(), keyRandom);
+            Digest msgDigest = new SHA256Digest();
+            McElieceFujisakiDigestCipher mcElieceFujisakiDigestCipher = new McElieceFujisakiDigestCipher(new McElieceFujisakiCipher(), msgDigest);
+
+
+            for (int k = 1; k <= numPassesEncDec; k++)
+            {
+                System.out.println("############### test: " + k);
+                // initialize for encryption
+                mcElieceFujisakiDigestCipher.init(true, param);
+
+                // generate random message
+                int mLength = (rand.nextInt() & 0x1f) + 1;;
+                mBytes = new byte[mLength];
+                rand.nextBytes(mBytes);
+
+                // encrypt
+                mcElieceFujisakiDigestCipher.update(mBytes, 0, mBytes.length);
+                byte[] enc = mcElieceFujisakiDigestCipher.messageEncrypt();
+
+                // initialize for decryption
+                mcElieceFujisakiDigestCipher.init(false, pair.getPrivate());
+                byte[] constructedmessage = mcElieceFujisakiDigestCipher.messageDecrypt(enc);
+
+                // XXX write in McElieceFujisakiDigestCipher?
+                msgDigest.update(mBytes, 0, mBytes.length);
+                byte[] hash = new byte[msgDigest.getDigestSize()];
+                msgDigest.doFinal(hash, 0);
+
+                boolean verified = true;
+                for (int i = 0; i < hash.length; i++)
+                {
+                    verified = verified && hash[i] == constructedmessage[i];
+                }
+
+                if (!verified)
+                {
+                    fail("en/decryption fails");
+                }
+                else
+                {
+                    System.out.println("test okay");
+                    System.out.println();
+                }
+
+            }
+        }
+
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new McElieceFujisakiCipherTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McElieceKobaraImaiCipherTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McElieceKobaraImaiCipherTest.java
new file mode 100644
index 0000000..849e656
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McElieceKobaraImaiCipherTest.java
@@ -0,0 +1,102 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.security.SecureRandom;
+import java.util.Random;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyPairGenerator;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2Parameters;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceKobaraImaiCipher;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceKobaraImaiDigestCipher;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class McElieceKobaraImaiCipherTest
+    extends SimpleTest
+{
+
+    SecureRandom keyRandom = new SecureRandom();
+
+    public String getName()
+    {
+        return "McElieceKobaraImai";
+
+    }
+
+
+    public void performTest()
+    {
+        int numPassesKPG = 1;
+        int numPassesEncDec = 10;
+        Random rand = new Random();
+        byte[] mBytes;
+        for (int j = 0; j < numPassesKPG; j++)
+        {
+
+            McElieceCCA2Parameters params = new McElieceCCA2Parameters();
+            McElieceCCA2KeyPairGenerator mcElieceCCA2KeyGen = new McElieceCCA2KeyPairGenerator();
+            McElieceCCA2KeyGenerationParameters genParam = new McElieceCCA2KeyGenerationParameters(keyRandom, params);
+
+            mcElieceCCA2KeyGen.init(genParam);
+            AsymmetricCipherKeyPair pair = mcElieceCCA2KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPublic(), keyRandom);
+            Digest msgDigest = new SHA256Digest();
+            McElieceKobaraImaiDigestCipher mcElieceKobaraImaiDigestCipher = new McElieceKobaraImaiDigestCipher(new McElieceKobaraImaiCipher(), msgDigest);
+
+
+            for (int k = 1; k <= numPassesEncDec; k++)
+            {
+                System.out.println("############### test: " + k);
+                // initialize for encryption
+                mcElieceKobaraImaiDigestCipher.init(true, param);
+
+                // generate random message
+                int mLength = (rand.nextInt() & 0x1f) + 1;
+                mBytes = new byte[mLength];
+                rand.nextBytes(mBytes);
+
+                // encrypt
+                mcElieceKobaraImaiDigestCipher.update(mBytes, 0, mBytes.length);
+                byte[] enc = mcElieceKobaraImaiDigestCipher.messageEncrypt();
+
+                // initialize for decryption
+                mcElieceKobaraImaiDigestCipher.init(false, pair.getPrivate());
+                byte[] constructedmessage = mcElieceKobaraImaiDigestCipher.messageDecrypt(enc);
+
+                // XXX write in McElieceFujisakiDigestCipher?
+                msgDigest.update(mBytes, 0, mBytes.length);
+                byte[] hash = new byte[msgDigest.getDigestSize()];
+                msgDigest.doFinal(hash, 0);
+
+                boolean verified = true;
+                for (int i = 0; i < hash.length; i++)
+                {
+                    verified = verified && hash[i] == constructedmessage[i];
+                }
+
+                if (!verified)
+                {
+                    fail("en/decryption fails");
+                }
+                else
+                {
+                    System.out.println("test okay");
+                    System.out.println();
+                }
+
+            }
+        }
+
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new McElieceKobaraImaiCipherTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McEliecePKCSCipherTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McEliecePKCSCipherTest.java
new file mode 100644
index 0000000..edb1d60
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McEliecePKCSCipherTest.java
@@ -0,0 +1,102 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.security.SecureRandom;
+import java.util.Random;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceKeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceKeyPairGenerator;
+import org.bouncycastle.pqc.crypto.mceliece.McEliecePKCSCipher;
+import org.bouncycastle.pqc.crypto.mceliece.McEliecePKCSDigestCipher;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceParameters;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class McEliecePKCSCipherTest
+    extends SimpleTest
+{
+
+    SecureRandom keyRandom = new SecureRandom();
+
+    public String getName()
+    {
+        return "McEliecePKCS";
+
+    }
+
+
+    public void performTest()
+    {
+        int numPassesKPG = 1;
+        int numPassesEncDec = 10;
+        Random rand = new Random();
+        byte[] mBytes;
+        for (int j = 0; j < numPassesKPG; j++)
+        {
+
+            McElieceParameters params = new McElieceParameters();
+            McElieceKeyPairGenerator mcElieceKeyGen = new McElieceKeyPairGenerator();
+            McElieceKeyGenerationParameters genParam = new McElieceKeyGenerationParameters(keyRandom, params);
+
+            mcElieceKeyGen.init(genParam);
+            AsymmetricCipherKeyPair pair = mcElieceKeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPublic(), keyRandom);
+            Digest msgDigest = new SHA256Digest();
+            McEliecePKCSDigestCipher mcEliecePKCSDigestCipher = new McEliecePKCSDigestCipher(new McEliecePKCSCipher(), msgDigest);
+
+
+            for (int k = 1; k <= numPassesEncDec; k++)
+            {
+                System.out.println("############### test: " + k);
+                // initialize for encryption
+                mcEliecePKCSDigestCipher.init(true, param);
+
+                // generate random message
+                int mLength = (rand.nextInt() & 0x1f) + 1;
+                mBytes = new byte[mLength];
+                rand.nextBytes(mBytes);
+
+                // encrypt
+                mcEliecePKCSDigestCipher.update(mBytes, 0, mBytes.length);
+                byte[] enc = mcEliecePKCSDigestCipher.messageEncrypt();
+
+                // initialize for decryption
+                mcEliecePKCSDigestCipher.init(false, pair.getPrivate());
+                byte[] constructedmessage = mcEliecePKCSDigestCipher.messageDecrypt(enc);
+
+                // XXX write in McElieceFujisakiDigestCipher?
+                msgDigest.update(mBytes, 0, mBytes.length);
+                byte[] hash = new byte[msgDigest.getDigestSize()];
+                msgDigest.doFinal(hash, 0);
+
+                boolean verified = true;
+                for (int i = 0; i < hash.length; i++)
+                {
+                    verified = verified && hash[i] == constructedmessage[i];
+                }
+
+                if (!verified)
+                {
+                    fail("en/decryption fails");
+                }
+                else
+                {
+                    System.out.println("test okay");
+                    System.out.println();
+                }
+
+            }
+        }
+
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new McEliecePKCSCipherTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McEliecePointchevalCipherTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McEliecePointchevalCipherTest.java
new file mode 100644
index 0000000..23ba3f9
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/McEliecePointchevalCipherTest.java
@@ -0,0 +1,102 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.security.SecureRandom;
+import java.util.Random;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyPairGenerator;
+import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2Parameters;
+import org.bouncycastle.pqc.crypto.mceliece.McEliecePointchevalCipher;
+import org.bouncycastle.pqc.crypto.mceliece.McEliecePointchevalDigestCipher;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class McEliecePointchevalCipherTest
+    extends SimpleTest
+{
+
+    SecureRandom keyRandom = new SecureRandom();
+
+    public String getName()
+    {
+        return "McElieceFujisaki";
+
+    }
+
+
+    public void performTest()
+    {
+        int numPassesKPG = 1;
+        int numPassesEncDec = 10;
+        Random rand = new Random();
+        byte[] mBytes;
+        for (int j = 0; j < numPassesKPG; j++)
+        {
+
+            McElieceCCA2Parameters params = new McElieceCCA2Parameters();
+            McElieceCCA2KeyPairGenerator mcElieceCCA2KeyGen = new McElieceCCA2KeyPairGenerator();
+            McElieceCCA2KeyGenerationParameters genParam = new McElieceCCA2KeyGenerationParameters(keyRandom, params);
+
+            mcElieceCCA2KeyGen.init(genParam);
+            AsymmetricCipherKeyPair pair = mcElieceCCA2KeyGen.generateKeyPair();
+
+            ParametersWithRandom param = new ParametersWithRandom(pair.getPublic(), keyRandom);
+            Digest msgDigest = new SHA256Digest();
+            McEliecePointchevalDigestCipher mcEliecePointchevalDigestCipher = new McEliecePointchevalDigestCipher(new McEliecePointchevalCipher(), msgDigest);
+
+
+            for (int k = 1; k <= numPassesEncDec; k++)
+            {
+                System.out.println("############### test: " + k);
+                // initialize for encryption
+                mcEliecePointchevalDigestCipher.init(true, param);
+
+                // generate random message
+                int mLength = (rand.nextInt() & 0x1f) + 1;
+                mBytes = new byte[mLength];
+                rand.nextBytes(mBytes);
+
+                // encrypt
+                mcEliecePointchevalDigestCipher.update(mBytes, 0, mBytes.length);
+                byte[] enc = mcEliecePointchevalDigestCipher.messageEncrypt();
+
+                // initialize for decryption
+                mcEliecePointchevalDigestCipher.init(false, pair.getPrivate());
+                byte[] constructedmessage = mcEliecePointchevalDigestCipher.messageDecrypt(enc);
+
+                // XXX write in McElieceFujisakiDigestCipher?
+                msgDigest.update(mBytes, 0, mBytes.length);
+                byte[] hash = new byte[msgDigest.getDigestSize()];
+                msgDigest.doFinal(hash, 0);
+
+                boolean verified = true;
+                for (int i = 0; i < hash.length; i++)
+                {
+                    verified = verified && hash[i] == constructedmessage[i];
+                }
+
+                if (!verified)
+                {
+                    fail("en/decryption fails");
+                }
+                else
+                {
+                    System.out.println("test okay");
+                    System.out.println();
+                }
+
+            }
+        }
+
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new McEliecePointchevalCipherTest());
+    }
+
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUEncryptTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUEncryptTest.java
new file mode 100644
index 0000000..df63a10
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUEncryptTest.java
@@ -0,0 +1,298 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEngine;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionKeyPairGenerator;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionKeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionPublicKeyParameters;
+import org.bouncycastle.pqc.crypto.ntru.NTRUParameters;
+import org.bouncycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.Polynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.SparseTernaryPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.TernaryPolynomial;
+import org.bouncycastle.util.Arrays;
+
+public class NTRUEncryptTest
+    extends TestCase
+{
+    public void testEncryptDecrypt()
+        throws InvalidCipherTextException
+    {
+        NTRUEncryptionKeyGenerationParameters params = NTRUEncryptionKeyGenerationParameters.APR2011_743.clone();
+        // set df1..df3 and dr1..dr3 so params can be used for SIMPLE as well as PRODUCT
+        params.df1 = NTRUEncryptionKeyGenerationParameters.APR2011_743_FAST.df1;
+        params.df2 = NTRUEncryptionKeyGenerationParameters.APR2011_743_FAST.df2;
+        params.df3 = NTRUEncryptionKeyGenerationParameters.APR2011_743_FAST.df3;
+        params.dr1 = NTRUEncryptionKeyGenerationParameters.APR2011_743_FAST.dr1;
+        params.dr2 = NTRUEncryptionKeyGenerationParameters.APR2011_743_FAST.dr2;
+        params.dr3 = NTRUEncryptionKeyGenerationParameters.APR2011_743_FAST.dr3;
+
+        int[] values = new int[] { NTRUParameters.TERNARY_POLYNOMIAL_TYPE_SIMPLE, NTRUParameters.TERNARY_POLYNOMIAL_TYPE_PRODUCT };
+
+        for (int i = 0; i != values.length; i++)
+        {
+            int polyType = values[i];
+
+            boolean[] booleans = {true, false};
+            for (int j = 0; j != booleans.length; j++)
+            {
+                params.polyType = polyType;
+                params.fastFp = booleans[j];
+
+                VisibleNTRUEngine ntru = new VisibleNTRUEngine();
+                NTRUEncryptionKeyPairGenerator ntruGen = new NTRUEncryptionKeyPairGenerator();
+
+                ntruGen.init(params);
+
+                AsymmetricCipherKeyPair kp = ntruGen.generateKeyPair();
+
+                testPolynomial(ntru, kp, params);
+
+                testText(ntru, kp, params);
+                // sparse/dense
+                params.sparse = !params.sparse;
+                testText(ntru, kp, params);
+                params.sparse = !params.sparse;
+
+                testEmpty(ntru, kp, params);
+                testMaxLength(ntru, kp, params);
+                testTooLong(ntru, kp, params);
+                testInvalidEncoding(ntru, kp, params);
+            }
+        }
+    }
+
+    // encrypts and decrypts a polynomial
+    private void testPolynomial(VisibleNTRUEngine ntru, AsymmetricCipherKeyPair kp, NTRUEncryptionKeyGenerationParameters params)
+    {
+        SecureRandom random = new SecureRandom();
+        IntegerPolynomial m = DenseTernaryPolynomial.generateRandom(params.N, random);
+        SparseTernaryPolynomial r = SparseTernaryPolynomial.generateRandom(params.N, params.dr, params.dr, random);
+
+        ntru.init(true, kp.getPublic());  // just to set params
+
+        IntegerPolynomial e = ntru.encrypt(m, r, ((NTRUEncryptionPublicKeyParameters)kp.getPublic()).h);
+        IntegerPolynomial c = ntru.decrypt(e, ((NTRUEncryptionPrivateKeyParameters)kp.getPrivate()).t, ((NTRUEncryptionPrivateKeyParameters)kp.getPrivate()).fp);
+
+        assertTrue(Arrays.areEqual(m.coeffs, c.coeffs));
+    }
+
+    // encrypts and decrypts text
+    private void testText(NTRUEngine ntru, AsymmetricCipherKeyPair  kp, NTRUEncryptionKeyGenerationParameters params)
+        throws InvalidCipherTextException
+    {
+        byte[] plainText = "text to encrypt".getBytes();
+
+        ntru.init(true, kp.getPublic());
+
+        byte[] encrypted = ntru.processBlock(plainText, 0, plainText.length);
+
+        ntru.init(false, kp.getPrivate());
+
+        byte[] decrypted = ntru.processBlock(encrypted, 0, encrypted.length);
+
+        assertTrue(Arrays.areEqual(plainText, decrypted));
+    }
+
+    // tests an empty message
+    private void testEmpty(NTRUEngine ntru, AsymmetricCipherKeyPair kp, NTRUEncryptionKeyGenerationParameters params)
+        throws InvalidCipherTextException
+    {
+        byte[] plainText = "".getBytes();
+
+        ntru.init(true, kp.getPublic());
+
+        byte[] encrypted = ntru.processBlock(plainText, 0, plainText.length);
+
+        ntru.init(false, kp.getPrivate());
+
+        byte[] decrypted = ntru.processBlock(encrypted, 0, encrypted.length);
+
+        assertTrue(Arrays.areEqual(plainText, decrypted));
+    }
+
+    // tests a message of the maximum allowed length
+    private void testMaxLength(NTRUEngine ntru, AsymmetricCipherKeyPair kp, NTRUEncryptionKeyGenerationParameters params)
+        throws InvalidCipherTextException
+    {
+        byte[] plainText = new byte[params.maxMsgLenBytes];
+        System.arraycopy("secret encrypted text".getBytes(), 0, plainText, 0, 21);
+        ntru.init(true, kp.getPublic());
+
+        byte[] encrypted = ntru.processBlock(plainText, 0, plainText.length);
+
+        ntru.init(false, kp.getPrivate());
+
+        byte[] decrypted = ntru.processBlock(encrypted, 0, encrypted.length);
+
+        assertTrue(Arrays.areEqual(plainText, decrypted));
+    }
+
+    // tests a message that is too long
+    private void testTooLong(NTRUEngine ntru, AsymmetricCipherKeyPair kp, NTRUEncryptionKeyGenerationParameters params)
+    {
+        byte[] plainText = new byte[params.maxMsgLenBytes + 1];
+        try
+        {
+            System.arraycopy("secret encrypted text".getBytes(), 0, plainText, 0, 21);
+
+            ntru.init(true, kp.getPublic());
+
+            byte[] encrypted = ntru.processBlock(plainText, 0, plainText.length);
+
+            ntru.init(false, kp.getPrivate());
+
+            byte[] decrypted = ntru.processBlock(encrypted, 0, encrypted.length);
+
+            assertTrue(Arrays.areEqual(plainText, decrypted));
+            fail("An exception should have been thrown!");
+        }
+        catch (DataLengthException ex)
+        {
+            assertEquals("Message too long: " + plainText.length + ">" + params.maxMsgLenBytes, ex.getMessage());
+        }
+        catch (InvalidCipherTextException e)
+        {
+            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
+        }
+    }
+
+    // tests that altering the public key *AFTER* encryption causes the decrypted message to be rejected
+    private void testInvalidEncoding(NTRUEngine ntru, AsymmetricCipherKeyPair kp, NTRUEncryptionKeyGenerationParameters params)
+    {
+        try
+        {
+            byte[] plainText = "secret encrypted text".getBytes();
+            ntru.init(true, kp.getPublic());
+
+            byte[] encrypted = ntru.processBlock(plainText, 0, plainText.length);
+
+            NTRUEncryptionPrivateKeyParameters orig = (NTRUEncryptionPrivateKeyParameters)kp.getPrivate();
+            IntegerPolynomial h = (IntegerPolynomial)((NTRUEncryptionPublicKeyParameters)kp.getPublic()).h.clone();
+            h.coeffs[0] = (h.coeffs[0] + 111) % params.q;   // alter h
+            NTRUEncryptionPrivateKeyParameters privKey = new NTRUEncryptionPrivateKeyParameters(h, orig.t, orig.fp, params.getEncryptionParameters());
+
+            ntru.init(false, privKey);
+
+            ntru.processBlock(encrypted, 0, encrypted.length);
+
+            fail("An exception should have been thrown!");
+        }
+        catch (InvalidCipherTextException ex)
+        {
+            assertEquals("Invalid message encoding", ex.getMessage());
+        }
+    }
+
+    // encrypts and decrypts text using an encoded key pair (fastFp=false, simple ternary polynomials)
+    public void testEncodedKeysSlow()
+        throws IOException, InvalidCipherTextException
+    {
+        byte[] plainText = "secret encrypted text".getBytes();
+
+        // dense polynomials
+        NTRUEncryptionKeyGenerationParameters params = NTRUEncryptionKeyGenerationParameters.APR2011_743;
+        NTRUEngine ntru = new NTRUEngine();
+
+        byte[] privBytes = {2, -94, 95, 65, -107, 27, 98, 62, -15, -62, 21, -4, 119, -117, 7, 68, 100, 113, -36, -82, 87, -87, -82, 24, -45, -75, -74, -108, 105, 24, 123, 117, 124, 74, -27, 42, -106, -78, 114, 27, 18, 77, -41, 105, -113, 39, 49, 46, 109, -69, 61, 77, 49, 117, 14, -29, 42, 3, 120, -121, -120, -37, 95, 84, 60, -9, -31, -64, 31, 72, 115, -15, 21, -6, 27, -60, -73, -29, -33, -81, -43, 106, 65, 114, 102, -14, -115, -96, 9, 54, 23, -18, -24, -76, 84, -41, -79, 35, 88, 11, 41, 67, 44, -63, -28, 76, 84, -41, -103, 106, -22, 35, -2, -40, -48, -121, -128, 76, 63, 123, -11, 103, -35, -32, 21, -51, -99, -40, -103, -12, 64, -80, 57, -56, 1, -51, 103, 83, 50, 111, -87, -98, 7, -109, 25, -51, 23, -92};
+        byte[] pubBytes = {91, -66, -25, -81, -66, -33, 25, -31, 48, 23, -38, 20, -30, -120, -17, 1, 21, 51, -11, 102, -50, 62, 71, 79, 32, -49, -57, 105, 21, -34, -45, -67, 113, -46, -103, 57, 28, -54, -21, 94, -112, -63, 105, -100, -95, 21, -52, 50, 11, -22, -63, -35, -42, 50, 93, -40, 23, 0, 121, 23, -93, 111, -98, -14, 92, -24, -117, -8, -109, -118, -4, -107, -60, 100, -128, -47, -92, -117, -108, 39, -113, 43, 48, 68, 95, 123, -112, 41, -27, -99, 59, 33, -57, -120, -44, 72, -98, -105, -91, -52, -89, 107, 119, 87, -36, -102, -83, 67, -8, 30, -54, 74, 93, 119, -3, 126, 69, -104, -44, -24, 124, 108, -125, 73, 98, 121, -49, -37, -24, 87, -71, 91, 8, -31, -50, 95, 112, 27, 97, -93, 3, -73, -54, -16, -92, -108, -74, 88, -5, 23, 70, 69, -49, -46, -50, 65, 69, -54, -41, 109, 8, -80, -23, -84, 120, -77, 26, 99, -104, -33, 82, 91, 22, -17, 113, -29, 66, -7, -114, -101, -111, -47, -1, -3, -57, 62, 79, -70, -58, 45, 76, 28, -117, 59, -117, 113, 84, -55, 48, 119, 58, -105, -20, 80, 102, 14, -69, -69, 5, 11, -87, 107, 15, 105, -69, -27, -24, 47, -18, -54, -45, -67, 27, -52, -20, -94, 64, -26, -58, 98, 33, -61, 71, -101, 120, 28, 113, 72, 127, 50, 123, 36, -97, 78, 32, -74, 105, 62, 92, 84, -17, 21, -75, 24, -90, -78, -4, -121, 47, -82, 119, 27, -61, 17, -66, 43, 96, -49, -6, 66, -13, -75, -95, 64, -12, -39, 111, 46, -3, -123, 82, 12, -26, -30, -29, 71, -108, -79, -112, 13, 16, -70, 7, 100, 84, 89, -100, 114, 47, 56, 71, 83, 63, -61, -39, -53, -100, 23, -31, -52, -46, 36, -13, 62, 107, 28, -28, 92, 116, -59, 28, -111, -23, -44, 21, -2, 127, -112, 54, -126, 13, -104, 47, -43, -109, -19, 107, -94, -126, 50, 92, -69, 1, 115, -121, -52, -100, 25, 126, -7, 86, 77, 72, -2, -104, -42, 98, -16, 54, -67, 117, 14, -73, 4, 58, 121, 35, 1, 99, -127, -9, -60, 32, -37, -106, 6, -108, -13, -62, 23, -20, -9, 21, 15, 4, 126, -112, 123, 34, -67, -51, 43, -30, -75, 119, -112, -58, -55, -90, 2, -5, -46, -12, 119, 87, 24, -52, 2, -29, 113, 61, -82, -101, 57, -11, -107, -11, 67, -42, -43, -13, 112, -49, 82, 60, 13, -50, 108, 64, -64, 53, -107, -9, 102, -33, 75, -100, -115, 102, -113, -48, 19, -119, -72, -65, 22, -65, -93, 34, -71, 75, 101, 54, 126, 75, 34, -21, -53, -36, 127, -21, 70, 24, 89, -88, 63, -43, -4, 68, 97, -45, -101, -125, -38, 98, -118, -34, -63, 23, 78, 15, 17, 101, -107, 119, -41, 107, 117, 17, 108, 43, -93, -6, -23, -30, 49, -61, 27, 61, -125, -68, 51, 40, -106, -61, 51, 127, 2, 123, 7, -50, -115, -32, -95, -96, 67, 4, 5, 59, -45, 61, 95, 14, 2, -76, -121, 8, 125, 16, -126, 58, 118, -32, 19, -113, -113, 120, -101, 86, 76, -90, 50, -92, 51, -92, 1, 121, -74, -101, -33, 53, -53, -83, 46, 20, -87, -112, -61, -87, 106, -126, 64, 99, -60, 70, 120, 47, -53, 36, 20, -90, 110, 61, -93, 55, -10, 85, 45, 52, 79, 87, 100, -81, -85, 34, 55, -91, 27, 116, -18, -71, -11, 87, -11, 76, 48, 97, -78, 64, -100, -59, -12, 19, -90, 121, 48, -19, 64, 113, -70, -14, -70, 92, 124, 42, 95, 7, -115, 36, 127, 73, 33, 30, 121, 88, 16, -90, 99, 120, -68, 64, -125, -78, 76, 112, 68, 8, 105, 10, -47, -124, 39, -107, -101, 46, -61, 118, -74, 102, -62, -6, -128, 17, -45, 61, 76, 63, -10, -41, 50, -113, 75, -83, -59, -51, -23, -61, 47, 7, -80, 126, -2, 79, -53, 110, -93, -38, -91, -22, 20, -84, -113, -124, -73, 124, 0, 33, -58, 63, -26, 52, 7, 74, 65, 38, -33, 21, -9, -1, 120, -16, 47, -96, 59, -64, 74, 6, 48, -67, -32, -26, 35, 68, 47, 82, 36, 52, 41, 112, -28, -22, -51, -6, -49, 105, 16, -34, 99, -41, 75, 7, 79, -22, -125, -30, -126, 35, 119, -43, -30, 32, 8, 44, -42, -98, 78, -92, -95, -10, -94, -1, -91, -122, 77, 0, 40, -23, 36, 85, 123, -57, -74, -69, -90, 89, 111, -120, 22, 5, -48, 114, 59, 31, 31, -25, -3, 24, 110, -110, 73, -40, 92, -26, -12, 52, 83, -98, -119, -6, -117, -89, 95, 83, -25, 122, -26, 114, 81, 25, 110, 79, -49, -39, 10, -78, -65, 57, -90, -46, -126, 15, -124, -104, -89, -66, -87, 24, -45, 39, -34, -40, -13, 106, 12, -25, -116, -47, 79, -81, 64, -17, -31, -70, 87, 36, 46, 102, 107, 48, 88, 34, 46, 24, 63, -100, 106, 27, 58, -71, 38, 60, -66, 45, -89, 39, -60, -116, -14, -119, 118, 0, -24, -9, 38, -71, -79, 124, -119, -64, -9, 71, -56, -82, -73, -69, 127, -1, -20, 123, 32, -43, 49, 5, 49, 105, -5, -2, 5, -105, -111, 89, -30, -41, -49, 61, 80, 69, 44, -33, -116, -45, -96, 63, 28, -17, -106, -94, 90, -40, -88, 122, 116, 116, 113, -65, 104, 119, -3, 96, -45, 18, -120, -111, 83, 43, -5, 101, 71, 48, 104, -112, -95, -46, 53, -96, -93, -126, 96, 56, 104, -111, 114, -1, -44, -120, -112, -19, 100, 41, -122, 23, -78, 33, -35, 11, 57, -18, 106, -40, 74, 61, 66, 54, -77, 96, 70, 108, -128, 91, -97, -36, -23, -86, -91, 44, 58, 117, 2, 26, 44, 95, 79, -101, -81, -92, 110, -81, -12, -88, -21, -83, 60, 93, -121, -114, -48, -34, -119, -1, 127, -121, 54, -128, -106, -39, -108, 81, 17, -3, -13, -57, 74, 41, -122, -65, -107, -118, -65, -61, 103, -69, 19};
+
+        byte[] fullBytes = new byte[pubBytes.length + privBytes.length];
+
+        System.arraycopy(pubBytes, 0, fullBytes, 0, pubBytes.length);
+        System.arraycopy(privBytes, 0, fullBytes, pubBytes.length, privBytes.length);
+
+        NTRUEncryptionPrivateKeyParameters priv = new NTRUEncryptionPrivateKeyParameters(fullBytes, params.getEncryptionParameters());
+        NTRUEncryptionPublicKeyParameters pub = new NTRUEncryptionPublicKeyParameters(pubBytes, params.getEncryptionParameters());
+        AsymmetricCipherKeyPair kp = new AsymmetricCipherKeyPair(pub, priv);
+
+        ntru.init(true, kp.getPublic());
+
+        byte[] encrypted = ntru.processBlock(plainText, 0, plainText.length);
+
+        ntru.init(false, kp.getPrivate());
+
+        byte[] decrypted = ntru.processBlock(encrypted, 0, encrypted.length);
+        assertTrue(Arrays.areEqual(plainText, decrypted));
+
+        // sparse polynomials
+        params = NTRUEncryptionKeyGenerationParameters.EES1499EP1;
+        ntru = new NTRUEngine();
+        privBytes = new byte[] {116, 7, 118, 121, 6, 77, -36, 60, 65, 108, 10, -106, 12, 9, -22, -113, 122, -31, -31, 18, 120, 81, -33, 5, 122, -76, 109, -30, -101, -45, 21, 13, -11, -49, -111, 46, 91, 4, -28, -109, 121, -119, -121, -58, -113, -9, -10, -25, -53, 40, -86, -22, -50, 42, 52, 107, 119, 17, 33, 125, -26, 33, 55, 25, -77, -65, -106, 116, -67, 91, 105, -7, 42, -107, -54, 101, 12, -12, 57, -116, 45, -107, -17, 110, 35, -64, 19, -38, -122, 115, -93, 53, 69, 66, -106, 17, 20, -71, 121, 23, -21, -45, 108, 97, 23, -98, -12, -41, -31, -53, 30, -42, 15, 85, -21, -89, 118, 42, -117, -39, 69, 0, -63, 83, 48, -80, -14, -123, -4, -116, -90, -107, -89, 119, 29, -30, 69, 22, -84, 47, 117, -123, 102, -116, 35, 93, -13, 84, -9, -122, 58, 101, 93, -106, -119, -35, -75, 76, 27, -125, -22, 68, 101, 49, 103, -13, -98, 93, -56, -110, -19, -12, 74, 104, 7, 6, -11, 47, 57, 90, 75, -30, 47, 66, -58, 14, 14, 70, 11, -119, -36, -118, -55, -53, 101, -73, -77, 33, -29, 96, -86, 38, 47, 103, 19, -37, -17, -50, -82, -87, -119, 37, -54, 77, -69, -16, -48, -52, 110, -26, 111, 35, 26, -53, -10, 9, -108, -34, 102, 7, -18, -72, -26, 24, -50, -43, 92, 56, -94, 23, -36, 60, 28, -121, 27, 127, -93, -79, -45, -60, 105, -6, -88, 72, -41, 47, -51, 3, 91, 116, 75, 122, -94, -113, 28, -96, -62, -29, -74, -85, -93, 51, 58, 72, 44, 9, 18, -48, -24, 73, 122, 60, -23, 83, -110, -7, -111, -69, 106, 51, 118, -83, -18, 109, -32, 40, 22};
+
+        pubBytes = new byte[] {-62, 56, 59, -46, 30, -19, 22, -115, -20, 117, -14, 3, 2, -57, 85, -24, 27, 57, 49, -93, -52, 87, 49, 96, 15, 95, -95, -86, -61, 50, -18, 3, 109, -55, -110, -57, 82, 124, -5, -57, 68, -18, 126, 114, 6, -22, 8, 121, 125, 29, -16, 112, -81, 27, -7, 109, -44, -123, -15, -14, 74, -126, 95, -94, -91, 119, 80, -48, 41, 49, 6, 104, 93, -97, -108, -82, 93, 70, -127, -113, -22, -103, 35, -115, 20, -115, 63, 57, -84, -18, -107, 81, 44, -16, 83, 71, -27, -2, -125, 87, 26, 100, -116, 110, 94, -46, -56, -82, 119, -110, -127, -99, -8, -118, 90, 64, -29, 102, 99, 92, 86, -117, 26, -89, 32, 17, 55, -65, -10, -5, -74, 19, 13, 113, -15, -103, 17, 10, -127, -95, -79, 19, 11, -24, 59, 28, -70, -55, -69, -105, -20, -117, 66, 4, 77, 116, -124, -62, 19, 109, 49, -120, 10, -15, 108, 84, 126, 122, -46, -37, 114, -78, -72, 34, -12, 25, -104, -3, 114, -94, 16, 31, 31, -124, -109, -64, 57, -47, -113, -26, 97, -58, 112, -40, 49, 80, -54, -115, -98, -60, -123, 91, 14, 75, -86, 77, -93, 68, 112, 82, 79, 28, -25, 49, -27, -112, 103, 60, -128, 95, -63, 2, -51, 2, -107, 80, 113, 18, 123, 24, 70, 77, -56, -48, 33, 89, 88, 29, 112, -102, -15, 52, -96, 17, -9, 6, -11, -119, 29, -107, -84, -19, 84, 124, 19, 90, -60, -41, 123, -81, 96, -119, 17, -61, 62, 55, 95, -73, -13, -60, 56, 77, 24, -39, -107, -78, 47, -91, 88, 90, 34, 112, -80, 83, -58, 127, 76, -97, -40, 78, -20, -1, -62, 19, 6, -43, -46, -36, -53, -22, -28, -119, 8, 19, 79, -9, -54, -126, -3, -20, -110, -82, 51, 3, 1, -123, -41, -40, -11, 91, -52, 48, 104, -11, -2, 49, 45, 52, -33, 109, -44, -30, -44, -83, -108, -10, 77, 106, 82, 3, 14, -48, -18, -79, -64, -34, -63, -18, 122, 33, 25, 44, 82, -112, 111, 68, 97, -58, -38, 25, 62, 78, 97, -36, 57, -19, 122, -18, -74, 67, -127, -24, 32, -45, 67, -106, 90, 0, 1, 91, 30, -80, 95, 9, 78, -4, -14, 16, 111, -56, -102, -90, 52, -1, 116, 19, -127, -23, -87, 103, -94, -111, 118, 53, -69, 77, 17, -3, 31, -53, -21, -78, 124, -88, 52, 117, 34, -52, -77, -107, -38, -102, 23, 73, -76, -88, 95, 64, -85, 12, 36, -86, 86, -17, 77, 121, 90, 24, -49, -107, 33, -116, 65, 13, 91, 118, -107, -21, 65, -59, 18, 125, 61, -65, -68, -19, 23, 88, 60, -6, 78, -8, 69, -62, -118, -93, 97, -64, -67, 28, 28, -87, -97, 72, -125, -119, 4, -43, 7, 22, -15, 52, 52, -82, -5, -51, 99, 20, -59, -2, -54, -67, 40, -128, -20, -37, 50, 123, 32, 8, -39, -105, 93, 73, 77, 84, 43, 89, 88, -6, 7, -108, 81, 27, 1, 50, 16, -101, 67, 95, 119, 105, 70, 99, -127, 22, 127, -33, -19, -113, -55, -100, 122, -86, 98, 53, 27, -95, 4, -121, -96, 87, 67, -98, -37, -10, 92, 29, -3, -115, -23, 37, 8, -30, 99, -117, 62, 101, 83, 49, 60, -83, -47, -33, 41, -118, 76, -7, 111, -15, 123, -59, 53, 2, -20, -57, 24, 57, 62, 84, -26, -11, 93, -118, 54, -13, 56, 77, -66, 18, -62, -76, 80, 98, 26, 120, -93, 55, 103, -1, 78, -92, 120, -23, -60, -75, 11, 53, -62, -94, -80, 120, 113, 33, -24, -64, -5, 23, 120, -14, 61, 26, -1, 56, 79, 34, 116, -16, -95, -71, 40, -89, -50, 71, -117, -109, 2, -2, -34, 94, -78, -88, -27, 70, 94, -86, 123, -49, 107, -65, -67, 84, 90, 123, -61, -2, 43, -119, -93, 75, -4, -81, 98, -36, 125, -23, -37, 81, 104, 90, -63, -52, 88, -96, -44, 25, 3, -37, -123, -48, 113, -76, -94, -109, -115, 37, -39, 104, -124, 82, -73, 100, 48, -54, -40, -65, 81, 16, -85, -41, 60, 42, 117, 65, 77, 14, -8, -56, 52, -118, -109, 125, 13, 64, -20, 125, -37, -74, -28, 118, 112, -126, 18, -101, 11, 75, 30, -4, -121, -13, -65, -13, -122, -53, -52, 20, -2, 67, 18, -106, 67, 83, -111, 15, 106, 10, 113, 53, -112, -3, 118, 8, -56, 40, 53, 23, -123, 96, 87, -118, -97, -116, -47, 85, -73, -85, -82, 124, -55, 55, 61, 46, 12, -6, 34, 22, -22, 3, 115, -49, 102, 23, 46, 39, 0, 118, 3, -45, 48, -73, -38, 29, -36, 11, -127, -86, 30, 29, -2, -108, -114, 64, 110, 86, -46, -91, -64, 95, -40, -65, 49, -79, -126, -37, -103, -71, 53, -85, 45, -51, 33, -28, -126, 36, -77, -120, 55, -54, 72, -21, 58, -87, -73, 18, -12, 20, -100, 30, 118, -83, -22, -90, 71, -64, 108, 101, -46, 36, 105, -46, -91, 60, -113, 72, 100, 82, -90, 106, -127, 65, -94, 17, 77, -10, -112, 46, 118, 72, -84, 57, -86, -114, 88, 91, 79, 30, 107, -35, 61, 81, 71, 40, -29, -6, -107, 61, -62, -6, 65, -68, 118, 61, 110, -115, -119, -73, 104, 59, -66, -89, -127, -8, -67, 122, -38, 79, -13, 93, 1, -32, -47, -3, 62, 88, -112, 105, 73, 96, 73, -104, -126, -69, 21, -22, 16, -85, 116, 9, 82, 54, -15, -55, -67, 68, -23, 16, -89, 48, -17, -107, 60, -43, -34, 66, -114, 63, -3, -26, 68, 68, -86, 120, -111, 99, 61, 101, 27, 93, 31, 90, -33, -94, 29, -89, 41, -80, 26, -23, -80, 27, 107, 69, -45, -123, 62, 63, 80, 1, -28, 52, -8, 35, -86, -127, 76, 102, 83, -104, -79, -98, 77, -28, 118, 18, -15, -98, -39, 2, -58, 95, 64, 105, -82, -7, 96, 110, 104, 127, 126, -124, 26, 36, 33, -42, 59, 82, 127, 42, -24, -61, -50, -18, -87, 22, -32, -125, -70, 103, -121, -112, -94, 58, -95, -97, 53, 95, -61, -83, 42, 37, 80, 51, -118, 125, 15, 67, 41, -97, 41, -121, 29, -88, 100, -113, 39, 101, 47, 91, -36, 48, -56, -13, 12, 37, 0, 81, 3, -40, 8, 36, -65, -11, -32, 108, 62, 79, 70, 91, -83, 2, -47, 0, 91, 10, 87, -19, -40, 96, 106, 41, 120, -53, 40, -114, 90, 64, 59, -115, 39, 2, 53, -49, -72, -114, 94, 5, 49, 74, 13, 50, -14, 76, -123, -11, -81, 100, 120, 16, -41, -72, -118, 28, 41, 98, 122, 27, 18, -108, -43, 51, -71, 93, -13, -42, -64, -118, -106, 45, 108, 72, -128, 58, -123, -29, -114, 15, 52, -72, 108, -62, 75, -15, 105, -89, 25, 37, 13, -21, -109, 68, 5, -89, 69, 10, -46, 18, -57, 77, -103, -74, 57, -43, -110, 1, -80, 82, 5, -9, -49, -53, 83, 4, 44, 64, -117, -67, -11, 1, -65, -81, 34, -23, -71, 14, 105, -93, 2, -120, 90, 92, -6, -128, -16, -51, 27, 123, 71, -117, -72, -81, 26, 28, 5, -117, -30, 22, -72, -76, -32, -14, 82, 90, 69, 74, -94, -72, -30, -17, 12, -37, -3, -80, 72, 2, -40, 41, 0, -53, 48, -37, -117, -128, -120, -80, 28, 49, -52, 114, -119, 92, -42, -105, 125, -95, 78, 76, 123, -56, 32, -66, 69, -58, 57, -77, -100, -70, 125, 53, -115, 8, 116, 88, -34, 86, -75, 55, 64, 79, -113, -124, -91, 50, -82, -119, 50, 11, 87, -14, -25, 15, -1, -49, -127, -5, -50, 72, -29, -78, 101, -119, -21, -15, 97, -63, 57, -123, -94, -24, -8, 104, 86, 79, 49, 102, -8, -76, 8, 69, 99, -64, -108, 70, 36, 71, -127, 56, 39, 78, 109, 42, -42, -2, 126, 17, -88, -65, -23, -64, 78, 87, 7, 6, -82, -98, 41, -46, -10, -25, 90, -73, 24, 127, -27, 118, -9, 81, -3, 115, -4, 47, 86, -30, -9, -50, 32, 86, 114, 58, -5, 78, 74, 36, 29, -126, 116, 117, -114, -92, -121, -36, -86, -18, 55, 49, 112, 43, 111, -99, -116, 70, 60, -63, 87, -4, -35, 15, 28, -27, -65, 66, 115, -33, 112, 94, 74, -22, 104, -56, -27, 39, -8, -53, -120, 8, -109, 73, -68, 67, 40, -59, 59, 121, -76, -41, -80, -54, -88, -120, -121, -118, -58, 74, -120, 82, -88, -113, 30, -8, 54, -126, -106, 37, -43, -74, -56, 40, -76, 93, 91, 28, -59, -30, -2, 107, 6, -89, -69, -121, -125, -109, 5, -94, -7, -2, -5, -67, 54, -90, 39, 5, -80, 93, -99, 82, -100, -128, -8, -39, -109, 66, -11, 99, -41, 18, -32, -122, 69, 6, -95, -21, 9, 19, -117, -34, -42, 11, 20, 84, 89, 91, -61, -13, -7, 55, 90, -15, 62, 59, -4, 125, -127, -24, -124, -99, -63, -23, 52, 111, -52, -60, -113, -65, -26, 127, 57, 21, 102, 101, -77, 66, -116, 117, 80, 7, 1, -96, -29, -99, 75, -73, 44, -99, 61, -73, 15, -18, 89, 95, 104, -12, 94, 33, 13, -49, 118, -84, -122, -2, -121, 62, -32, -80, 11, -10, 102, -67, 20, -3, 25, -6, 51, -17, -123, -76, 103, 3, 127, -107, -5, 122, 65, 22, 113, 120, 6, -19, -110, 86, 55, -88, -124, 0, -54, 17, 112, 15, 105, -28, 111, -93, 85, -59, -88, 28, 123, 55, 117, 10, 76, 54, -98, 116, 40, -65, -53, -80, 46, 66, -8, -114, 102, 66, 67, -117, 46, 21, -116, -38, 58, -105, 101, 37, -16, 5, 55, -33, -87, 72, 122, -114, -91, 41, -114, 77, 50, 109, 35, -61, 9, -55, -118, 126, -35, -108, 5, 62, 125, -109, -115, -55, 32, -71, 69, 110, 87, -82, 119, 26, 103, -77, -38, -13, 113, 74, 69, 116, 94, -21, 5, 35, 73, -80, -87, 80, 13, 108, 1, 82, -56, -35, -21, -78, -98, 121, 112, -117, 72, 47, 76, -97, -84, -110, -35, -19, -120, -13, 127, 5, 56, 72, -22, 110, -8, -71, 0, -57, -125, -101, 60, -64, -32, 1, 126, -109, 9, 84, 117, 62, -68, -106, 28, -118, -52, -81, 112, 11, 55, 68, -86, -65, 123, 83, 55, -72, 110, 63, -90, 31, 11, 90, -60, 20, 14, -36, 5, -92, 11, -100, 64, -57, -72, -105, 7, 103, 125, 99, -88, 32, -5, 41, -115, -11, 89, 81, 77, -33, -7, -123, -17, 109, 59, 40, -12, -61, 98, -91, 19, -36, 108, 118, -124, -82, -40, -124, -66, 19, 127, -73, -39, 99, 43, -16, -44, -83, -77, -34, 68, -118, -71, -116, 114, 120, -34, -105, -32, -46, 102, 73, -79, 7, 42, 35, -66, 125, 34, 113, 66, 78, 71, 6, 44, -17, 4, -80, 38, -59, 12, -8, -78, 103, 8, 80, 18, -74, 20, 3, 56, -20, 106, -1, -12, 83, 4, 68, -119, 84, -87, 97, -53, 102, 119, 34, -85, 22, -26, 55, -107, 96, -70, 77, -68, -96, -15, -22, -77, -55, 5, 103, -42, -87, 122, -80, -103, -37, -120, -56, -16, -51, -7, -19, -104, 120, 9, 54, -85, 48, -76, -38, 58, -68, 116, -20, -44, 22, -32, 75, -46, -41, 13, -100, 16, -59, -93, -115, 54, 22, -110, -46, -119, 44, -98, -48, 4, -58, -115, -57, 103, -56, 36, -63, 104, -114, -125, 92, 65, 117, -21, -59, -31, 56, -98, -126, 56, 47, -116, 100, 122, -98, 4, 26, -29, -127, -113, 73, 48, 106, 125, -69, -127, 62, 56, -79, 76, 84, -46, -31, -17, 94, -98, 62, 63, 118, -24, 63, 123, -93, -46, 103, 117, -120, -35, 19, 25, 15, -110, -125, 12, -75, -50, 103, 49, 47, 98, 92, 10, -88, 54, -53, 19, 25, -90, 93, -49, 64, 126, -106, -30, -52, 58, 37, 68, -18, -60, 15, -27, 93, -124, 88, 110, -80, -106, 88, 55, 108, -58, -43, -70, 76, 85, 98, 27, -66, 18, 75, 69, 114, 90, -26, -10, -12, -126, 84, -109, 108, 15, -115, 90, 11, -127, 63, -7, 47, 92, -72, 38, -58, -35, 18, 25, 12, -103, 0};
+
+        fullBytes = new byte[pubBytes.length + privBytes.length];
+
+        System.arraycopy(pubBytes, 0, fullBytes, 0, pubBytes.length);
+        System.arraycopy(privBytes, 0, fullBytes, pubBytes.length, privBytes.length);
+
+        priv = new NTRUEncryptionPrivateKeyParameters(fullBytes, params.getEncryptionParameters());
+        pub = new NTRUEncryptionPublicKeyParameters(pubBytes, params.getEncryptionParameters());
+        kp = new AsymmetricCipherKeyPair(pub, priv);
+        ntru.init(true, kp.getPublic());
+
+        encrypted = ntru.processBlock(plainText, 0, plainText.length);
+
+        ntru.init(false, kp.getPrivate());
+
+        decrypted = ntru.processBlock(encrypted, 0, encrypted.length);
+
+        assertTrue(Arrays.areEqual(plainText, decrypted));
+    }
+
+    // encrypts and decrypts text using an encoded key pair (fastFp=true)
+    public void testEncodedKeysFast()
+        throws IOException, InvalidCipherTextException
+    {
+        byte[] plainText = "secret encrypted text".getBytes();
+
+        NTRUEncryptionKeyGenerationParameters params = NTRUEncryptionKeyGenerationParameters.APR2011_743_FAST;
+        NTRUEngine ntru = new NTRUEngine();
+        byte[] privBytes = {10, 16, 2, 30, -40, -63, -109, -77, -72, -122, 66, 23, -30, -44, -82, 0, 95, 64, 68, 48, -62, -14, 26, -19, -72, -25, 72, 123, 98, 84, -83, 0, 7, 40, 65, 35, 68, 113, 12, -112, 32, -123, 58, 85, -30, -109, -74, 0, 34, -8, -126, 57, 30, 98, -107, -45, -88, 102, 68, 42, -30, -108, -89, 0, 38, -40, -61, 37, 82, 113, -115, 123, -100, 5, 46, 125, -23, 78, -111, -76, 36, -90, 67, -31, 10, 2, 96, -127, 21, 50, -79, 13, -125, -124, 38, 55, -67, -95, 81, -107, 12, 117, -86, 99, -127, 11};
+        byte[] pubBytes = {108, -76, -104, -75, -87, -65, -18, -5, 45, -57, -100, -83, 51, 99, 94, 15, -73, 89, -100, 40, -114, 91, -107, 104, 127, 22, 13, 5, -16, 69, -104, -126, -44, 119, 47, -48, 75, 66, 83, -37, -66, -84, 73, 52, 23, -27, 53, 63, 56, 14, -2, 43, -59, -85, -80, 46, 38, -126, 75, -8, -63, 88, 104, 13, 72, -25, -10, -58, -51, 117, -84, 115, -24, -53, 83, -103, -97, 46, 90, -82, -61, 113, -49, -24, -72, 24, -124, -42, -36, 7, 41, 8, 14, -71, -75, -84, -24, -39, 56, 67, 88, 67, 66, -13, 70, -119, -64, 74, -100, -58, 35, 105, -20, 93, 80, -116, -55, 37, -52, 64, 0, -36, -71, 8, 77, -10, -41, -22, -73, 4, -115, -74, -74, -73, 23, -10, -26, 48, 125, -114, -32, -116, 74, 19, -104, 59, 43, 4, 97, -84, 112, 45, 16, 3, -110, -13, 119, -6, 29, -80, 109, 82, -31, 82, 30, 76, -111, -122, -50, -69, -41, -123, 107, 78, -35, 24, -121, -87, -108, 13, 70, 32, -74, 112, 104, -40, -61, 86, -125, 60, -94, -5, -18, 55, 54, -128, 83, -88, 71, 71, -66, 29, -113, 120, 30, 16, -38, 37, 96, -90, 38, -85, 88, 59, 15, -69, 6, -8, 1, 1, 71, 12, 60, -26, -110, 97, 77, 33, 58, 63, 104, 108, 83, 72, -21, -99, 115, -125, -16, 12, 99, 68, 39, -97, -6, 17, 26, -59, 123, -110, -37, -71, 47, 50, 5, 110, -34, 89, -74, 20, 79, -108, -7, 42, 106, -112, 44, 107, 106, -50, 55, 127, -124, 53, 123, -119, -46, -114, -52, -85, 75, 34, -39, -125, 58, -5, -31, -81, -37, -94, -123, 113, 11, -104, -124, 96, -103, 9, 108, 115, 97, -6, 98, -43, 26, -89, -23, 83, 60, 34, -86, -54, 107, 78, -48, 118, -31, -19, 29, -106, 108, 117, 83, 119, 51, -45, 115, 108, -13, -89, -29, 29, -120, 108, 20, 22, -3, 22, 78, -109, 95, 3, -68, -10, -53, -117, -96, -49, 9, 7, 38, 116, 33, -65, 31, 9, -5, -73, 127, 52, 113, 87, -39, 119, -96, 74, -105, 75, -89, 63, 69, -109, -127, 92, -54, 17, -98, -23, -69, 123, -125, 23, -93, 44, -11, -25, -101, 120, -29, 113, -33, 0, -117, -100, -114, 22, 41, -46, 29, -109, 107, 37, -94, 125, 46, 17, 16, -65, -14, 105, -118, 51, -21, 121, -5, 56, 29, 30, -69, -38, -10, -77, -74, 6, -105, 83, 110, 23, 114, -11, -123, -14, 30, -11, -9, 84, -90, -20, -29, 72, -85, 97, -74, -59, -112, -15, -51, -105, 117, 123, -17, -64, -127, 127, -33, -102, 88, 77, 122, -127, -15, 121, -125, -32, 53, 113, 45, -22, 84, -87, 20, 36, 65, 83, -84, -66, -22, 4, 15, -108, -92, 109, -128, -48, 4, -27, -13, 25, 51, -10, 34, 87, 88, 38, -87, 89, -64, -62, 20, 78, 35, -26, -2, 55, 3, -72, -64, 30, 28, -105, 6, -37, -38, -8, 26, -118, 105, -37, -30, 85, -66, 105, -46, -37, -11, -72, 71, 43, -65, -44, 17, -79, 98, 79, -77, -111, 95, 74, 101, -40, -106, 14, -108, -112, 86, 108, 49, 72, -38, -103, -31, 65, -119, 8, 78, -89, 100, -28, 116, 94, 15, -18, 108, 101, 85, 8, -6, 111, -82, -49, -66, -89, 28, -84, -85, -119, 111, 45, 83, -60, -40, -45, -101, -105, -35, 123, -1, 13, -112, 79, -80, -85, -109, -71, 69, 104, 95, -93, 121, -17, 83, 117, -73, -63, -65, -107, -72, 118, -102, -56, 38, 79, 121, -25, -86, -81, -38, 8, 122, 97, 37, 82, -40, 53, 11, 124, -94, -76, -107, -125, -9, -119, 63, 52, -34, -72, -21, 59, 3, -100, -127, 47, -102, 19, -37, -45, -114, -65, 39, -106, 6, -127, -110, -38, 96, -38, -51, 110, -3, 28, 8, 102, -102, 96, -127, 109, -56, -53, -13, 59, -98, 92, 80, 1, 55, -91, -122, -105, 28, 69, -85, 109, -38, 105, 87, -5, 3, -102, 62, -92, 60, 43, -20, -7, -23, -84, 106, 121, -48, 123, -112, 56, -17, -52, 14, -123, -122, 64, 14, -23, -71, 60, 70, -121, 6, 37, -15, 77, 96, 104, -34, 58, -125, -61, 1, -26, 118, -78, -35, -1, 0, 5, 33, -98, -86, -127, 25, 56, -91, 82, -33, 60, -64, -86, 27, 31, -80, -79, 118, -12, -18, 40, -72, 32, 119, -28, -62, 100, -121, -71, -79, -9, 38, -37, 25, 65, -46, 8, -112, 37, 9, -56, 123, -40, -44, -90, -21, -54, -2, -7, 107, -93, 24, -126, 69, 42, -111, -84, 57, 69, -119, 21, 60, 57, -122, 111, -99, 49, -46, -119, 100, 98, 24, -62, 112, 122, 46, 18, -35, -67, 89, 104, 82, 12, 125, 57, -70, -112, -109, 96, 51, -68, 1, -101, -59, -92, 54, 85, -41, 17, 31, 94, 75, -128, 53, 84, 0, -83, -94, -123, 49, -30, -24, 18, 46, 48, -33, 120, 66, -69, 70, 23, -124, -117, 81, 96, 46, 47, -33, 83, -13, -14, -94, 49, 66, -46, 84, -27, -77, 6, 0, -75, -18, 86, -119, -88, 82, -50, 55, -20, 63, 55, -57, 22, -108, -103, -17, -22, 64, 65, 90, -34, -96, -117, 51, 119, -103, -35, 95, -15, -118, 2, -31, 31, -9, -58, 84, -75, 80, 39, -101, -56, 16, -75, 59, 48, -63, -24, -95, 119, 73, -110, -115, 49, -18, 54, -124, 112, -61, -40, -105, -118, -66, 15, -107, 75, 82, -70, -87, -11, -11, 48, 41, 119, -42, -34, -33, 57, 23, -14, -45, -125, -108, -75, 3, 44, 44, 58, 126, -126, -20, -123, 58, 114, 79, -102, -115, 115, 12, 66, 108, 84, 43, -46, -80, -41, -70, 111, -114, 123, 21, 1, 34, -72, 23, 105, -52, -39, -54, -119, 45, 77, -16, -66, -105, -11, 91, -46, 77, -104, -93, 52, -3, 17, 55, -10, 67, -33, 43, 75, -103, 106, 7, -35, -65, -21, 68, 118, -38, 59, -115, 31};
+
+        byte[] fullBytes = new byte[pubBytes.length + privBytes.length];
+
+        System.arraycopy(pubBytes, 0, fullBytes, 0, pubBytes.length);
+        System.arraycopy(privBytes, 0, fullBytes, pubBytes.length, privBytes.length);
+
+        NTRUEncryptionPrivateKeyParameters priv = new NTRUEncryptionPrivateKeyParameters(fullBytes, params.getEncryptionParameters());
+        NTRUEncryptionPublicKeyParameters pub = new NTRUEncryptionPublicKeyParameters(pubBytes, params.getEncryptionParameters());
+        AsymmetricCipherKeyPair kp = new AsymmetricCipherKeyPair(pub, priv);
+
+        ntru.init(true, kp.getPublic());
+
+        byte[] encrypted = ntru.processBlock(plainText, 0, plainText.length);
+
+        assertEquals(encrypted.length, ntru.getOutputBlockSize());
+
+        ntru.init(false, kp.getPrivate());
+
+        byte[] decrypted = ntru.processBlock(encrypted, 0, encrypted.length);
+
+        assertTrue(Arrays.areEqual(plainText, decrypted));
+    }
+
+    private class VisibleNTRUEngine
+        extends NTRUEngine
+    {
+        public IntegerPolynomial encrypt(IntegerPolynomial m, TernaryPolynomial r, IntegerPolynomial pubKey)
+        {
+            return super.encrypt(m, r, pubKey);
+        }
+
+        public IntegerPolynomial decrypt(IntegerPolynomial e, Polynomial priv_t, IntegerPolynomial priv_fp)
+        {
+            return super.decrypt(e, priv_t, priv_fp);
+        }
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUEncryptionParametersTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUEncryptionParametersTest.java
new file mode 100644
index 0000000..54f53ad
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUEncryptionParametersTest.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionKeyGenerationParameters;
+
+public class NTRUEncryptionParametersTest
+    extends TestCase
+{
+    public void testLoadSave()
+        throws IOException
+    {
+        NTRUEncryptionKeyGenerationParameters params = NTRUEncryptionKeyGenerationParameters.EES1499EP1;
+        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        params.writeTo(os);
+        ByteArrayInputStream is = new ByteArrayInputStream(os.toByteArray());
+        assertEquals(params, new NTRUEncryptionKeyGenerationParameters(is));
+    }
+
+    public void testEqualsHashCode()
+        throws IOException
+    {
+        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        NTRUEncryptionKeyGenerationParameters.EES1499EP1.writeTo(os);
+        ByteArrayInputStream is = new ByteArrayInputStream(os.toByteArray());
+        NTRUEncryptionKeyGenerationParameters params = new NTRUEncryptionKeyGenerationParameters(is);
+
+        assertEquals(params, NTRUEncryptionKeyGenerationParameters.EES1499EP1);
+        assertEquals(params.hashCode(), NTRUEncryptionKeyGenerationParameters.EES1499EP1.hashCode());
+
+        params.N += 1;
+        assertFalse(params.equals(NTRUEncryptionKeyGenerationParameters.EES1499EP1));
+        assertFalse(NTRUEncryptionKeyGenerationParameters.EES1499EP1.equals(params));
+        assertFalse(params.hashCode() == NTRUEncryptionKeyGenerationParameters.EES1499EP1.hashCode());
+    }
+
+    public void testClone()
+    {
+        NTRUEncryptionKeyGenerationParameters params = NTRUEncryptionKeyGenerationParameters.APR2011_439;
+        assertEquals(params, params.clone());
+
+        params = NTRUEncryptionKeyGenerationParameters.APR2011_439_FAST;
+        assertEquals(params, params.clone());
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSignatureKeyTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSignatureKeyTest.java
new file mode 100644
index 0000000..509839a
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSignatureKeyTest.java
@@ -0,0 +1,58 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import junit.framework.TestCase;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.pqc.crypto.ntru.NTRUSigner;
+import org.bouncycastle.pqc.crypto.ntru.NTRUSigningKeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.ntru.NTRUSigningKeyPairGenerator;
+import org.bouncycastle.pqc.crypto.ntru.NTRUSigningPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.ntru.NTRUSigningPublicKeyParameters;
+
+public class NTRUSignatureKeyTest
+    extends TestCase
+{
+    public void testEncode()
+        throws IOException
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157, NTRUSigningKeyGenerationParameters.TEST157_PROD})
+        {
+            testEncode(params);
+        }
+    }
+
+    private void testEncode(NTRUSigningKeyGenerationParameters params)
+        throws IOException
+    {
+        NTRUSigner ntru = new NTRUSigner(params.getSigningParameters());
+        NTRUSigningKeyPairGenerator kGen = new NTRUSigningKeyPairGenerator();
+
+        kGen.init(params);
+
+        AsymmetricCipherKeyPair kp = kGen.generateKeyPair();
+
+        NTRUSigningPrivateKeyParameters kPriv = (NTRUSigningPrivateKeyParameters)kp.getPrivate();
+        NTRUSigningPublicKeyParameters kPub = (NTRUSigningPublicKeyParameters)kp.getPublic();
+
+        // encode to byte[] and reconstruct
+        byte[] priv = kPriv.getEncoded();
+        byte[] pub = kPub.getEncoded();
+        AsymmetricCipherKeyPair kp2 = new AsymmetricCipherKeyPair(new NTRUSigningPublicKeyParameters(pub, params.getSigningParameters()), new NTRUSigningPrivateKeyParameters(priv, params));
+        assertEquals(kPub, kp2.getPublic());
+        assertEquals(kPriv, kp2.getPrivate());
+
+        // encode to OutputStream and reconstruct
+        ByteArrayOutputStream bos1 = new ByteArrayOutputStream();
+        ByteArrayOutputStream bos2 = new ByteArrayOutputStream();
+        kPriv.writeTo(bos1);
+        kPub.writeTo(bos2);
+        ByteArrayInputStream bis1 = new ByteArrayInputStream(bos1.toByteArray());
+        ByteArrayInputStream bis2 = new ByteArrayInputStream(bos2.toByteArray());
+        AsymmetricCipherKeyPair kp3 = new AsymmetricCipherKeyPair(new NTRUSigningPublicKeyParameters(bis2, params.getSigningParameters()), new NTRUSigningPrivateKeyParameters(bis1, params));
+        assertEquals(kPub, kp3.getPublic());
+        assertEquals(kPriv, kp3.getPrivate());
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSignatureParametersTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSignatureParametersTest.java
new file mode 100644
index 0000000..4c5751e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSignatureParametersTest.java
@@ -0,0 +1,64 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.crypto.ntru.NTRUSigningKeyGenerationParameters;
+
+public class NTRUSignatureParametersTest
+    extends TestCase
+{
+    public void testLoadSave()
+        throws IOException
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157, NTRUSigningKeyGenerationParameters.TEST157_PROD, NTRUSigningKeyGenerationParameters.APR2011_743, NTRUSigningKeyGenerationParameters.APR2011_743_PROD})
+        {
+            testLoadSave(params);
+        }
+    }
+
+    private void testLoadSave(NTRUSigningKeyGenerationParameters params)
+        throws IOException
+    {
+        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        params.writeTo(os);
+        ByteArrayInputStream is = new ByteArrayInputStream(os.toByteArray());
+        assertEquals(params, new NTRUSigningKeyGenerationParameters(is));
+    }
+
+    public void testEqualsHashCode()
+        throws IOException
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157, NTRUSigningKeyGenerationParameters.TEST157_PROD, NTRUSigningKeyGenerationParameters.APR2011_743, NTRUSigningKeyGenerationParameters.APR2011_743_PROD})
+        {
+            testEqualsHashCode(params);
+        }
+    }
+
+    private void testEqualsHashCode(NTRUSigningKeyGenerationParameters params)
+        throws IOException
+    {
+        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        params.writeTo(os);
+        ByteArrayInputStream is = new ByteArrayInputStream(os.toByteArray());
+        NTRUSigningKeyGenerationParameters params2 = new NTRUSigningKeyGenerationParameters(is);
+
+        assertEquals(params, params2);
+        assertEquals(params.hashCode(), params2.hashCode());
+
+        params.N += 1;
+        assertFalse(params.equals(params2));
+        assertFalse(params.equals(params2));
+        assertFalse(params.hashCode() == params2.hashCode());
+    }
+
+    public void testClone()
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157, NTRUSigningKeyGenerationParameters.TEST157_PROD, NTRUSigningKeyGenerationParameters.APR2011_743, NTRUSigningKeyGenerationParameters.APR2011_743_PROD})
+        {
+            assertEquals(params, params.clone());
+        }
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSignerTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSignerTest.java
new file mode 100644
index 0000000..3a765af
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSignerTest.java
@@ -0,0 +1,317 @@
+package org.bouncycastle.pqc.crypto.test;
+
+
+import junit.framework.TestCase;
+
+/**
+ * @deprecated algorithm no longer safe.
+ */
+public class NTRUSignerTest
+    extends TestCase
+{
+    public void testStub()
+    {
+
+    }
+    /*
+    public void testCreateBasis()
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157.clone(), NTRUSigningKeyGenerationParameters.TEST157_PROD.clone()})
+        {
+            testCreateBasis(params);
+        }
+    }
+
+    private void testCreateBasis(NTRUSigningKeyGenerationParameters params)
+    {
+        NTRUSigningKeyPairGenerator ntru = new NTRUSigningKeyPairGenerator();
+
+        ntru.init(params);
+
+        NTRUSigningKeyPairGenerator.FGBasis basis = (NTRUSigningKeyPairGenerator.FGBasis)ntru.generateBoundedBasis();
+        assertTrue(equalsQ(basis.f, basis.fPrime, basis.F, basis.G, params.q, params.N));
+
+        // test KeyGenAlg.FLOAT (default=RESULTANT)
+        params.keyGenAlg = NTRUSigningKeyGenerationParameters.KEY_GEN_ALG_FLOAT;
+        ntru.init(params);
+        basis = (NTRUSigningKeyPairGenerator.FGBasis)ntru.generateBoundedBasis();
+        assertTrue(equalsQ(basis.f, basis.fPrime, basis.F, basis.G, params.q, params.N));
+    }
+
+    // verifies that f*G-g*F=q
+    private boolean equalsQ(Polynomial f, Polynomial g, IntegerPolynomial F, IntegerPolynomial G, int q, int N)
+    {
+        IntegerPolynomial x = f.mult(G);
+        x.sub(g.mult(F));
+        boolean equalsQ = true;
+        for (int i = 1; i < x.coeffs.length; i++)
+        {
+            equalsQ &= x.coeffs[i] == 0;
+        }
+        equalsQ &= x.coeffs[0] == q;
+        return equalsQ;
+    }
+
+    /**
+     * a test for the one-method-call variants: sign(byte, SignatureKeyPair) and verify(byte[], byte[], SignatureKeyPair)
+     *
+    public void testSignVerify157()
+        throws IOException
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157.clone(), NTRUSigningKeyGenerationParameters.TEST157_PROD.clone(), NTRUSigningKeyGenerationParameters.APR2011_439.clone(), NTRUSigningKeyGenerationParameters.APR2011_439_PROD.clone(), NTRUSigningKeyGenerationParameters.APR2011_743.clone(), NTRUSigningKeyGenerationParameters.APR2011_743_PROD.clone()})
+        {
+            testSignVerify(params);
+        }
+    }
+
+    public void testSignVerify439()
+        throws IOException
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.APR2011_439.clone(), NTRUSigningKeyGenerationParameters.APR2011_439_PROD.clone()})
+        {
+            testSignVerify(params);
+        }
+    }
+//
+//    public void testSignVerify743()
+//        throws IOException
+//    {
+//        for (NTRUSigningKeyGenerationParameters params :  new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.APR2011_743.clone(), NTRUSigningKeyGenerationParameters.APR2011_743_PROD.clone()})
+//        {
+//            testSignVerify(params);
+//        }
+//    }
+
+    private void testSignVerify(NTRUSigningKeyGenerationParameters params)
+        throws IOException
+    {
+        NTRUSigner ntru = new NTRUSigner(params.getSigningParameters());
+        NTRUSigningKeyPairGenerator kGen = new NTRUSigningKeyPairGenerator();
+
+        kGen.init(params);
+
+        AsymmetricCipherKeyPair kp = kGen.generateKeyPair();
+
+        Random rng = new Random();
+        byte[] msg = new byte[10 + rng.nextInt(1000)];
+        rng.nextBytes(msg);
+
+        // sign and verify
+        ntru.init(true, kp.getPrivate());
+
+        ntru.update(msg, 0, msg.length);
+
+        byte[] s = ntru.generateSignature();
+
+        ntru.init(false, kp.getPublic());
+
+        ntru.update(msg, 0, msg.length);
+
+        boolean valid = ntru.verifySignature(s);
+
+        assertTrue(valid);
+
+        // altering the signature should make it invalid
+        s[rng.nextInt(params.N)] += 1;
+        ntru.init(false, kp.getPublic());
+
+        ntru.update(msg, 0, msg.length);
+
+        valid = ntru.verifySignature(s);
+        assertFalse(valid);
+
+        // test that a random signature fails
+        rng.nextBytes(s);
+
+        ntru.init(false, kp.getPublic());
+
+        ntru.update(msg, 0, msg.length);
+
+        valid = ntru.verifySignature(s);
+        assertFalse(valid);
+
+        // encode, decode keypair, test
+        NTRUSigningPrivateKeyParameters priv = new NTRUSigningPrivateKeyParameters(((NTRUSigningPrivateKeyParameters)kp.getPrivate()).getEncoded(), params);
+        NTRUSigningPublicKeyParameters pub = new NTRUSigningPublicKeyParameters(((NTRUSigningPublicKeyParameters)kp.getPublic()).getEncoded(), params.getSigningParameters());
+        kp = new AsymmetricCipherKeyPair(pub, priv);
+
+        ntru.init(true, kp.getPrivate());
+        ntru.update(msg, 0, msg.length);
+
+        s = ntru.generateSignature();
+
+        ntru.init(false, kp.getPublic());
+        ntru.update(msg, 0, msg.length);
+
+        valid = ntru.verifySignature(s);
+        assertTrue(valid);
+
+        // altering the signature should make it invalid
+        s[rng.nextInt(s.length)] += 1;
+        ntru.init(false, kp.getPublic());
+        ntru.update(msg, 0, msg.length);
+        valid = ntru.verifySignature(s);
+        assertFalse(valid);
+
+        // sparse/dense
+        params.sparse = !params.sparse;
+
+        ntru.init(true, kp.getPrivate());
+        ntru.update(msg, 0, msg.length);
+
+        s = ntru.generateSignature();
+
+        ntru.init(false, kp.getPublic());
+        ntru.update(msg, 0, msg.length);
+        valid = ntru.verifySignature(s);
+        assertTrue(valid);
+
+        s[rng.nextInt(s.length)] += 1;
+        ntru.init(false, kp.getPublic());
+        ntru.update(msg, 0, msg.length);
+        valid = ntru.verifySignature(s);
+        assertFalse(valid);
+        params.sparse = !params.sparse;
+
+        // decrease NormBound to force multiple signing attempts
+        NTRUSigningKeyGenerationParameters params2 = params.clone();
+        params2.normBoundSq *= 4.0 / 9;
+        params2.signFailTolerance = 10000;
+        ntru = new NTRUSigner(params2.getSigningParameters());
+
+        ntru.init(true, kp.getPrivate());
+        ntru.update(msg, 0, msg.length);
+
+        s = ntru.generateSignature();
+
+        ntru.init(false, kp.getPublic());
+        ntru.update(msg, 0, msg.length);
+        valid = ntru.verifySignature(s);
+
+        assertTrue(valid);
+
+        // test KeyGenAlg.FLOAT (default=RESULTANT)
+        params2 = params.clone();
+        params.keyGenAlg = NTRUSigningKeyGenerationParameters.KEY_GEN_ALG_FLOAT;
+        ntru = new NTRUSigner(params.getSigningParameters());
+
+        kGen.init(params);
+
+        kp = kGen.generateKeyPair();
+        ntru.init(true, kp.getPrivate());
+        ntru.update(msg, 0, msg.length);
+
+        s = ntru.generateSignature();
+        ntru.init(false, kp.getPublic());
+        ntru.update(msg, 0, msg.length);
+        valid = ntru.verifySignature(s);
+        assertTrue(valid);
+        s[rng.nextInt(s.length)] += 1;
+        ntru.init(false, kp.getPublic());
+        ntru.update(msg, 0, msg.length);
+        valid = ntru.verifySignature(s);
+        assertFalse(valid);
+    }
+
+    /**
+     * test for the initSign/update/sign and initVerify/update/verify variant
+     *
+    public void testInitUpdateSign()
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157.clone(), NTRUSigningKeyGenerationParameters.TEST157_PROD.clone()})
+        {
+            testInitUpdateSign(params);
+        }
+    }
+
+    private void testInitUpdateSign(NTRUSigningKeyGenerationParameters params)
+    {
+        NTRUSigner ntru = new NTRUSigner(params.getSigningParameters());
+        NTRUSigningKeyPairGenerator kGen = new NTRUSigningKeyPairGenerator();
+
+        kGen.init(params);
+
+        AsymmetricCipherKeyPair kp = kGen.generateKeyPair();
+
+        Random rng = new Random();
+        byte[] msg = new byte[10 + rng.nextInt(1000)];
+        rng.nextBytes(msg);
+
+        // sign and verify a message in two pieces each
+        ntru.init(true, kp.getPrivate());
+        int splitIdx = rng.nextInt(msg.length);
+        ntru.update(msg[0]);   // first byte
+        ntru.update(msg, 1, splitIdx - 1);   // part 1 of msg
+        ntru.update(msg, splitIdx, msg.length - splitIdx);
+        byte[] s = ntru.generateSignature();   // part 2 of msg
+        ntru.init(false, kp.getPublic());
+        splitIdx = rng.nextInt(msg.length);
+        ntru.update(msg, 0, splitIdx);   // part 1 of msg
+        ntru.update(msg, splitIdx, msg.length - splitIdx);   // part 2 of msg
+        boolean valid = ntru.verifySignature(s);
+        assertTrue(valid);
+        // verify the same signature with the one-step method
+        ntru.init(false, (NTRUSigningPublicKeyParameters)kp.getPublic());
+        ntru.update(msg, 0, msg.length);   // part 1 of msg
+        valid = ntru.verifySignature(s);
+        assertTrue(valid);
+
+        // sign using the one-step method and verify using the multi-step method
+        ntru.init(true, kp.getPrivate());
+        ntru.update(msg, 0, msg.length);
+        s = ntru.generateSignature();
+        ntru.init(false, (NTRUSigningPublicKeyParameters)kp.getPublic());
+        splitIdx = rng.nextInt(msg.length);
+        ntru.update(msg, 0, splitIdx);   // part 1 of msg
+        ntru.update(msg, splitIdx, msg.length - splitIdx);   // part 2 of msg
+        valid = ntru.verifySignature(s);
+        assertTrue(valid);
+    }
+
+    public void testCreateMsgRep()
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157.clone(), NTRUSigningKeyGenerationParameters.TEST157_PROD.clone()})
+        {
+            testCreateMsgRep(params);
+        }
+    }
+
+    private void testCreateMsgRep(NTRUSigningKeyGenerationParameters params)
+    {
+        VisibleNTRUSigner ntru = new VisibleNTRUSigner(params.getSigningParameters());
+        byte[] msgHash = "adfsadfsdfs23234234".getBytes();
+
+        // verify that the message representative is reproducible
+        IntegerPolynomial i1 = ntru.createMsgRep(msgHash, 1);
+        IntegerPolynomial i2 = ntru.createMsgRep(msgHash, 1);
+        assertTrue(Arrays.areEqual(i1.coeffs, i2.coeffs));
+        i1 = ntru.createMsgRep(msgHash, 5);
+        i2 = ntru.createMsgRep(msgHash, 5);
+        assertTrue(Arrays.areEqual(i1.coeffs, i2.coeffs));
+
+        i1 = ntru.createMsgRep(msgHash, 2);
+        i2 = ntru.createMsgRep(msgHash, 3);
+        assertFalse(Arrays.areEqual(i1.coeffs, i2.coeffs));
+    }
+
+    private class VisibleNTRUSigner
+        extends NTRUSigner
+    {
+
+        /**
+         * Constructs a new instance with a set of signature parameters.
+         *
+         * @param params signature parameters
+         *
+        public VisibleNTRUSigner(NTRUSigningParameters params)
+        {
+            super(params);
+        }
+
+        public IntegerPolynomial createMsgRep(byte[] hash, int i)
+        {
+            return super.createMsgRep(hash, i);
+        }
+    }
+    */
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSigningParametersTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSigningParametersTest.java
new file mode 100644
index 0000000..7cf7de8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/NTRUSigningParametersTest.java
@@ -0,0 +1,65 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.crypto.ntru.NTRUSigningKeyGenerationParameters;
+
+public class NTRUSigningParametersTest
+    extends TestCase
+{
+
+    public void testLoadSave()
+        throws IOException
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157, NTRUSigningKeyGenerationParameters.TEST157_PROD})
+        {
+            testLoadSave(params);
+        }
+    }
+
+    private void testLoadSave(NTRUSigningKeyGenerationParameters params)
+        throws IOException
+    {
+        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        params.writeTo(os);
+        ByteArrayInputStream is = new ByteArrayInputStream(os.toByteArray());
+        assertEquals(params, new NTRUSigningKeyGenerationParameters(is));
+    }
+
+    public void testEqualsHashCode()
+        throws IOException
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157, NTRUSigningKeyGenerationParameters.TEST157_PROD})
+        {
+            testEqualsHashCode(params);
+        }
+    }
+
+    private void testEqualsHashCode(NTRUSigningKeyGenerationParameters params)
+        throws IOException
+    {
+        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        params.writeTo(os);
+        ByteArrayInputStream is = new ByteArrayInputStream(os.toByteArray());
+        NTRUSigningKeyGenerationParameters params2 = new NTRUSigningKeyGenerationParameters(is);
+
+        assertEquals(params, params2);
+        assertEquals(params.hashCode(), params2.hashCode());
+
+        params.N += 1;
+        assertFalse(params.equals(params2));
+        assertFalse(params.equals(params2));
+        assertFalse(params.hashCode() == params2.hashCode());
+    }
+
+    public void testClone()
+    {
+        for (NTRUSigningKeyGenerationParameters params : new NTRUSigningKeyGenerationParameters[]{NTRUSigningKeyGenerationParameters.TEST157, NTRUSigningKeyGenerationParameters.TEST157_PROD})
+        {
+            assertEquals(params, params.clone());
+        }
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/RainbowSignerTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/RainbowSignerTest.java
new file mode 100644
index 0000000..ae6774b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/RainbowSignerTest.java
@@ -0,0 +1,67 @@
+package org.bouncycastle.pqc.crypto.test;
+
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.digests.SHA224Digest;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.pqc.crypto.DigestingMessageSigner;
+import org.bouncycastle.pqc.crypto.rainbow.RainbowKeyGenerationParameters;
+import org.bouncycastle.pqc.crypto.rainbow.RainbowKeyPairGenerator;
+import org.bouncycastle.pqc.crypto.rainbow.RainbowParameters;
+import org.bouncycastle.pqc.crypto.rainbow.RainbowSigner;
+import org.bouncycastle.util.BigIntegers;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.FixedSecureRandom;
+import org.bouncycastle.util.test.SimpleTest;
+
+
+public class RainbowSignerTest
+extends SimpleTest
+{
+    byte[] keyData = Hex.decode("b5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
+
+    SecureRandom    keyRandom = new FixedSecureRandom(new byte[][] { keyData, keyData });
+
+
+    public String getName()
+    {
+        return "Rainbow";
+    }
+
+    public void performTest()
+    {
+        RainbowParameters params = new RainbowParameters();
+
+        RainbowKeyPairGenerator rainbowKeyGen = new RainbowKeyPairGenerator();
+        RainbowKeyGenerationParameters genParam = new RainbowKeyGenerationParameters(keyRandom, params);
+
+        rainbowKeyGen.init(genParam);
+
+        AsymmetricCipherKeyPair pair = rainbowKeyGen.generateKeyPair();
+
+        ParametersWithRandom param = new ParametersWithRandom(pair.getPrivate(), keyRandom);
+
+        DigestingMessageSigner rainbowSigner = new DigestingMessageSigner(new RainbowSigner() , new SHA224Digest());
+        rainbowSigner.init(true, param);
+
+        byte[] message = BigIntegers.asUnsignedByteArray(new BigInteger("968236873715988614170569073515315707566766479517"));
+        rainbowSigner.update(message, 0, message.length);
+        byte[] sig = rainbowSigner.generateSignature();
+
+        rainbowSigner.init(false, pair.getPublic());
+        rainbowSigner.update(message, 0, message.length);
+        if (!rainbowSigner.verify(sig))
+        {
+            fail("verification fails");
+        }
+    }
+
+    public static void main(
+            String[]    args)
+    {
+        runTest(new RainbowSignerTest());
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/RegressionTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/RegressionTest.java
new file mode 100644
index 0000000..bc5a979
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/crypto/test/RegressionTest.java
@@ -0,0 +1,33 @@
+package org.bouncycastle.pqc.crypto.test;
+
+import org.bouncycastle.util.test.Test;
+import org.bouncycastle.util.test.TestResult;
+
+public class RegressionTest
+{
+    public static Test[]    tests = {
+        new GMSSSignerTest(),
+        new McElieceFujisakiCipherTest(),
+        new McElieceKobaraImaiCipherTest(),
+        new McEliecePKCSCipherTest(),
+        new McEliecePointchevalCipherTest(),
+        new RainbowSignerTest()
+    };
+
+    public static void main(
+        String[]    args)
+    {
+        for (int i = 0; i != tests.length; i++)
+        {
+            TestResult  result = tests[i].perform();
+            
+            if (result.getException() != null)
+            {
+                result.getException().printStackTrace();
+            }
+            
+            System.out.println(result);
+        }
+    }
+}
+
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java
index 340f032..0ef3601 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java
@@ -21,7 +21,7 @@ public class BouncyCastlePQCProvider
     extends Provider
     implements ConfigurableProvider
 {
-    private static String info = "BouncyCastle Post-Quantum Security Provider v1.50";
+    private static String info = "BouncyCastle Post-Quantum Security Provider v1.52";
 
     public static String PROVIDER_NAME = "BCPQC";
 
@@ -46,7 +46,7 @@ public class BouncyCastlePQCProvider
      */
     public BouncyCastlePQCProvider()
     {
-        super(PROVIDER_NAME, 1.50, info);
+        super(PROVIDER_NAME, 1.52, info);
 
         AccessController.doPrivileged(new PrivilegedAction()
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PrivateKey.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PrivateKey.java
index 72400de..92cdbca 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PrivateKey.java
@@ -250,9 +250,8 @@ public class BCMcElieceCCA2PrivateKey
 
     /**
      * Return the keyData to encode in the SubjectPublicKeyInfo structure.
-     * <p/>
+     * <p>
      * The ASN.1 definition of the key structure is
-     * <p/>
      * <pre>
      *   McEliecePrivateKey ::= SEQUENCE {
      *     m             INTEGER                  -- extension degree of the field
@@ -264,7 +263,7 @@ public class BCMcElieceCCA2PrivateKey
      *     sqRootMatrix  SEQUENCE OF OCTET STRING -- square root matrix
      *   }
      * </pre>
-     *
+     * </p>
      * @return the keyData to encode in the SubjectPublicKeyInfo structure
      */
     public byte[] getEncoded()
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PublicKey.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PublicKey.java
index 3646933..f606464 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PublicKey.java
@@ -182,9 +182,8 @@ public class BCMcElieceCCA2PublicKey
 
     /**
      * Return the keyData to encode in the SubjectPublicKeyInfo structure.
-     * <p/>
+     * <p>
      * The ASN.1 definition of the key structure is
-     * <p/>
      * <pre>
      *       McEliecePublicKey ::= SEQUENCE {
      *         n           Integer      -- length of the code
@@ -192,7 +191,7 @@ public class BCMcElieceCCA2PublicKey
      *         matrixG     OctetString  -- generator matrix as octet string
      *       }
      * </pre>
-     *
+     * </p>
      * @return the keyData to encode in the SubjectPublicKeyInfo structure
      */
     public byte[] getEncoded()
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePrivateKey.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePrivateKey.java
index be93b31..32ccd76 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePrivateKey.java
@@ -274,9 +274,9 @@ public class BCMcEliecePrivateKey
 
     /**
      * Return the key data to encode in the SubjectPublicKeyInfo structure.
-     * <p/>
+     * <p>
      * The ASN.1 definition of the key structure is
-     * <p/>
+     * <p>
      * <pre>
      *   McEliecePrivateKey ::= SEQUENCE {
      *     n          INTEGER                   -- length of the code
@@ -290,6 +290,7 @@ public class BCMcEliecePrivateKey
      *     qInv       SEQUENCE OF OCTET STRING  -- matrix used to compute square roots
      *   }
      * </pre>
+     * </p>
      *
      * @return the key data to encode in the SubjectPublicKeyInfo structure
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePublicKey.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePublicKey.java
index 4e278c9..e5b1d22 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePublicKey.java
@@ -189,9 +189,8 @@ public class BCMcEliecePublicKey
 
     /**
      * Return the keyData to encode in the SubjectPublicKeyInfo structure.
-     * <p/>
+     * <p>
      * The ASN.1 definition of the key structure is
-     * <p/>
      * <pre>
      *       McEliecePublicKey ::= SEQUENCE {
      *         n           Integer      -- length of the code
@@ -199,7 +198,7 @@ public class BCMcEliecePublicKey
      *         matrixG     OctetString  -- generator matrix as octet string
      *       }
      * </pre>
-     *
+     * </p>
      * @return the keyData to encode in the SubjectPublicKeyInfo structure
      */
     public byte[] getEncoded()
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPrivateKey.java
index 62ea4e2..93a50cb 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPrivateKey.java
@@ -18,14 +18,15 @@ import org.bouncycastle.pqc.jcajce.spec.RainbowPrivateKeySpec;
  * The Private key in Rainbow consists of the linear affine maps L1, L2 and the
  * map F, consisting of quadratic polynomials. In this implementation, we
  * denote: L1 = A1*x + b1 L2 = A2*x + b2
- * <p/>
+ * <p>
  * The coefficients of the polynomials in F are stored in 3-dimensional arrays
  * per layer. The indices of these arrays denote the polynomial, and the
  * variables.
- * <p/>
+ * </p><p>
  * More detailed information about the private key is to be found in the paper
  * of Jintai Ding, Dieter Schmidt: Rainbow, a New Multivariable Polynomial
  * Signature Scheme. ACNS 2005: 164-175 (http://dx.doi.org/10.1007/11496137_12)
+ * </p>
  */
 public class BCRainbowPrivateKey
     implements PrivateKey
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPublicKey.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPublicKey.java
index 453cb61..316ac0b 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPublicKey.java
@@ -15,19 +15,20 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * This class implements CipherParameters and PublicKey.
- * <p/>
+ * <p>
  * The public key in Rainbow consists of n - v1 polynomial components of the
  * private key's F and the field structure of the finite field k.
- * <p/>
+ * </p><p>
  * The quadratic (or mixed) coefficients of the polynomials from the public key
  * are stored in the 2-dimensional array in lexicographical order, requiring n *
  * (n + 1) / 2 entries for each polynomial. The singular terms are stored in a
  * 2-dimensional array requiring n entries per polynomial, the scalar term of
  * each polynomial is stored in a 1-dimensional array.
- * <p/>
+ * </p><p>
  * More detailed information on the public key is to be found in the paper of
  * Jintai Ding, Dieter Schmidt: Rainbow, a New Multivariable Polynomial
  * Signature Scheme. ACNS 2005: 164-175 (http://dx.doi.org/10.1007/11496137_12)
+ * </p>
  */
 public class BCRainbowPublicKey
     implements PublicKey
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyFactorySpi.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyFactorySpi.java
index c08fb8b..4874dc9 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyFactorySpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyFactorySpi.java
@@ -37,11 +37,8 @@ public class RainbowKeyFactorySpi
      * Converts, if possible, a key specification into a
      * {@link BCRainbowPrivateKey}. Currently, the following key specifications
      * are supported: {@link RainbowPrivateKeySpec}, {@link PKCS8EncodedKeySpec}.
-     * <p/>
-     * <p/>
-     * <p/>
+     * <p>
      * The ASN.1 definition of the key structure is
-     * <p/>
      * <pre>
      *   RainbowPrivateKey ::= SEQUENCE {
      *     oid        OBJECT IDENTIFIER         -- OID identifying the algorithm
@@ -61,8 +58,7 @@ public class RainbowKeyFactorySpi
      *     eta        OCTET
      *   }
      * </pre>
-     * <p/>
-     * <p/>
+     * </p>
      *
      * @param keySpec the key specification
      * @return the Rainbow private key
@@ -98,11 +94,8 @@ public class RainbowKeyFactorySpi
      * Converts, if possible, a key specification into a
      * {@link BCRainbowPublicKey}. Currently, the following key specifications are
      * supported:{@link X509EncodedKeySpec}.
-     * <p/>
-     * <p/>
-     * <p/>
+     * <p>
      * The ASN.1 definition of a public key's structure is
-     * <p/>
      * <pre>
      *    RainbowPublicKey ::= SEQUENCE {
      *      oid            OBJECT IDENTIFIER        -- OID identifying the algorithm
@@ -112,8 +105,7 @@ public class RainbowKeyFactorySpi
      *      coeffscalar       OCTET STRING             -- scalar coefficients
      *       }
      * </pre>
-     * <p/>
-     * <p/>
+     * </p>
      *
      * @param keySpec the key specification
      * @return the Rainbow public key
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricBlockCipher.java
index 29eb87c..7eb2ac1 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricBlockCipher.java
@@ -81,10 +81,10 @@ public abstract class AsymmetricBlockCipher
      * account any unprocessed (buffered) data from a previous update call, and
      * padding. The actual output length of the next update() or doFinal() call
      * may be smaller than the length returned by this method.
-     * <p/>
+     * <p>
      * If the input length plus the length of the buffered data exceeds the
      * maximum length, <tt>0</tt> is returned.
-     *
+     * </p>
      * @param inLen the length of the input
      * @return the length of the ciphertext or <tt>0</tt> if the input is too
      *         long.
@@ -106,16 +106,15 @@ public abstract class AsymmetricBlockCipher
     }
 
     /**
-     * <p/>
      * Returns the parameters used with this cipher.
-     * <p/>
+     * <p>
      * The returned parameters may be the same that were used to initialize this
      * cipher, or may contain the default set of parameters or a set of randomly
      * generated parameters used by the underlying cipher implementation
      * (provided that the underlying cipher implementation uses a default set of
      * parameters or creates new parameters if it needs parameters but was not
      * initialized with any).
-     * <p/>
+     * </p>
      *
      * @return the parameters used with this cipher, or null if this cipher does
      *         not use any parameters.
@@ -128,8 +127,7 @@ public abstract class AsymmetricBlockCipher
     /**
      * Initializes the cipher for encryption by forwarding it to
      * initEncrypt(Key, FlexiSecureRandom).
-     * <p/>
-     * <p/>
+     * <p>
      * If this cipher requires any algorithm parameters that cannot be derived
      * from the given key, the underlying cipher implementation is supposed to
      * generate the required parameters itself (using provider-specific default
@@ -137,7 +135,7 @@ public abstract class AsymmetricBlockCipher
      * InvalidKeyException if it is being initialized for decryption. The
      * generated parameters can be retrieved using engineGetParameters or
      * engineGetIV (if the parameter is an IV).
-     *
+     * </p>
      * @param key the encryption or decryption key.
      * @throws InvalidKeyException if the given key is inappropriate for initializing this
      * cipher.
@@ -159,7 +157,7 @@ public abstract class AsymmetricBlockCipher
     /**
      * Initialize this cipher for encryption by forwarding it to
      * initEncrypt(Key, FlexiSecureRandom, AlgorithmParameterSpec).
-     * <p/>
+     * <p>
      * If this cipher requires any algorithm parameters that cannot be derived
      * from the given key, the underlying cipher implementation is supposed to
      * generate the required parameters itself (using provider-specific default
@@ -167,7 +165,7 @@ public abstract class AsymmetricBlockCipher
      * InvalidKeyException if it is being initialized for decryption. The
      * generated parameters can be retrieved using engineGetParameters or
      * engineGetIV (if the parameter is an IV).
-     *
+     * </p>
      * @param key    the encryption or decryption key.
      * @param random the source of randomness.
      * @throws InvalidKeyException if the given key is inappropriate for initializing this
@@ -210,15 +208,15 @@ public abstract class AsymmetricBlockCipher
     /**
      * This method initializes the AsymmetricBlockCipher with a certain key for
      * data encryption.
-     * <p/>
+     * <p>
      * If this cipher (including its underlying feedback or padding scheme)
      * requires any random bytes (e.g., for parameter generation), it will get
      * them from random.
-     * <p/>
+     * </p><p>
      * Note that when a Cipher object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
      * equivalent to creating a new instance of that Cipher and initializing it
-     * <p/>
+     * </p>
      *
      * @param key          the key which has to be used to encrypt data.
      * @param secureRandom the source of randomness.
@@ -242,7 +240,7 @@ public abstract class AsymmetricBlockCipher
     /**
      * Initialize the cipher for decryption by forwarding it to
      * {@link #initDecrypt(Key, AlgorithmParameterSpec)}.
-     * <p/>
+     * <p>
      * If this cipher requires any algorithm parameters that cannot be derived
      * from the given key, the underlying cipher implementation is supposed to
      * generate the required parameters itself (using provider-specific default
@@ -250,7 +248,7 @@ public abstract class AsymmetricBlockCipher
      * InvalidKeyException if it is being initialized for decryption. The
      * generated parameters can be retrieved using engineGetParameters or
      * engineGetIV (if the parameter is an IV).
-     *
+     * </p>
      * @param key the encryption or decryption key.
      * @throws InvalidKeyException if the given key is inappropriate for initializing this
      * cipher.
@@ -272,15 +270,15 @@ public abstract class AsymmetricBlockCipher
     /**
      * This method initializes the AsymmetricBlockCipher with a certain key for
      * data decryption.
-     * <p/>
+     * <p>
      * If this cipher (including its underlying feedback or padding scheme)
      * requires any random bytes (e.g., for parameter generation), it will get
      * them from random.
-     * <p/>
+     * </p><p>
      * Note that when a Cipher object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
      * equivalent to creating a new instance of that Cipher and initializing it
-     * <p/>
+     * </p>
      *
      * @param key    the key which has to be used to decrypt data.
      * @param params the algorithm parameters.
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricHybridCipher.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricHybridCipher.java
index 17b8811..84a5537 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricHybridCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricHybridCipher.java
@@ -66,14 +66,14 @@ public abstract class AsymmetricHybridCipher
 
     /**
      * Return the parameters used with this cipher.
-     * <p/>
+     * <p>
      * The returned parameters may be the same that were used to initialize this
      * cipher, or may contain the default set of parameters or a set of randomly
      * generated parameters used by the underlying cipher implementation
      * (provided that the underlying cipher implementation uses a default set of
      * parameters or creates new parameters if it needs parameters but was not
      * initialized with any).
-     *
+     * </p>
      * @return the parameters used with this cipher, or <tt>null</tt> if this
      *         cipher does not use any parameters.
      */
@@ -103,14 +103,14 @@ public abstract class AsymmetricHybridCipher
     /**
      * Initialize the cipher for encryption by forwarding it to
      * {@link #initEncrypt(Key, AlgorithmParameterSpec, SecureRandom)}.
-     * <p/>
+     * <p>
      * If this cipher requires any algorithm parameters that cannot be derived
      * from the given key, the underlying cipher implementation is supposed to
      * generate the required parameters itself (using provider-specific default
      * or random values) if it is being initialized for encryption, and raise an
      * InvalidKeyException if it is being initialized for decryption. The
      * generated parameters can be retrieved using {@link #getParameters()}.
-     *
+     * </p>
      * @param key the encryption key
      * @throws InvalidKeyException if the given key is inappropriate for initializing this
      * cipher.
@@ -134,14 +134,14 @@ public abstract class AsymmetricHybridCipher
     /**
      * Initialize this cipher for encryption by forwarding it to
      * {@link #initEncrypt(Key, AlgorithmParameterSpec, SecureRandom)}.
-     * <p/>
+     * <p>
      * If this cipher requires any algorithm parameters that cannot be derived
      * from the given key, the underlying cipher implementation is supposed to
      * generate the required parameters itself (using provider-specific default
      * or random values) if it is being initialized for encryption, and raise an
      * InvalidKeyException if it is being initialized for decryption. The
      * generated parameters can be retrieved using {@link #getParameters()}.
-     *
+     * </p>
      * @param key    the encryption key
      * @param random the source of randomness
      * @throws InvalidKeyException if the given key is inappropriate for initializing this
@@ -184,14 +184,14 @@ public abstract class AsymmetricHybridCipher
 
     /**
      * Initialize the cipher with a certain key for data encryption.
-     * <p/>
+     * <p>
      * If this cipher requires any random bytes (e.g., for parameter
      * generation), it will get them from <tt>random</tt>.
-     * <p/>
+     * </p><p>
      * Note that when a Cipher object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
      * equivalent to creating a new instance of that Cipher and initializing it.
-     *
+     * </p>
      * @param key    the encryption key
      * @param random the source of randomness
      * @param params the algorithm parameters
@@ -214,14 +214,14 @@ public abstract class AsymmetricHybridCipher
     /**
      * Initialize the cipher for decryption by forwarding it to initDecrypt(Key,
      * FlexiSecureRandom).
-     * <p/>
+     * <p>
      * If this cipher requires any algorithm parameters that cannot be derived
      * from the given key, the underlying cipher implementation is supposed to
      * generate the required parameters itself (using provider-specific default
      * or random values) if it is being initialized for encryption, and raise an
      * InvalidKeyException if it is being initialized for decryption. The
      * generated parameters can be retrieved using {@link #getParameters()}.
-     *
+     * </p>
      * @param key the decryption key
      * @throws InvalidKeyException if the given key is inappropriate for initializing this
      * cipher.
@@ -242,14 +242,14 @@ public abstract class AsymmetricHybridCipher
 
     /**
      * Initialize the cipher with a certain key for data decryption.
-     * <p/>
+     * <p>
      * If this cipher requires any random bytes (e.g., for parameter
      * generation), it will get them from <tt>random</tt>.
-     * <p/>
+     * </p><p>
      * Note that when a Cipher object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
      * equivalent to creating a new instance of that Cipher and initializing it
-     *
+     * </p>
      * @param key    the decryption key
      * @param params the algorithm parameters
      * @throws InvalidKeyException if the given key is inappropriate for initializing this
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/CipherSpiExt.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/CipherSpiExt.java
index 3f4c8fc..748cc55 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/CipherSpiExt.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/CipherSpiExt.java
@@ -47,13 +47,13 @@ public abstract class CipherSpiExt
      * Before a cipher object is ready for data processing, it has to be
      * initialized according to the desired cryptographic operation, which is
      * specified by the <tt>opMode</tt> parameter.
-     * <p/>
+     * <p>
      * If this cipher (including its underlying mode or padding scheme) requires
      * any random bytes, it will obtain them from <tt>random</tt>.
-     * <p/>
+     * </p><p>
      * Note: If the mode needs an initialization vector, a blank array is used
      * in this case.
-     *
+     * </p>
      * @param opMode the operation mode ({@link #ENCRYPT_MODE} or
      *               {@link #DECRYPT_MODE})
      * @param key    the key
@@ -80,16 +80,16 @@ public abstract class CipherSpiExt
      * Initialize this cipher with a key, a set of algorithm parameters, and a
      * source of randomness. The cipher is initialized for encryption or
      * decryption, depending on the value of <tt>opMode</tt>.
-     * <p/>
+     * <p>
      * If this cipher (including its underlying mode or padding scheme) requires
      * any random bytes, it will obtain them from <tt>random</tt>. Note that
      * when a {@link BlockCipher} object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
      * equivalent to creating a new instance of that Cipher and initializing it.
-     * <p/>
+     * </p><p>
      * Note: If the mode needs an initialization vector, a try to retrieve it
      * from the AlgorithmParametersSpec is made.
-     *
+     * </p>
      * @param opMode    the operation mode ({@link #ENCRYPT_MODE} or
      *                  {@link #DECRYPT_MODE})
      * @param key       the key
@@ -276,13 +276,13 @@ public abstract class CipherSpiExt
      * Return the length in bytes that an output buffer would need to be in
      * order to hold the result of the next update or doFinal operation, given
      * the input length inputLen (in bytes).
-     * <p/>
+     * <p>
      * This call takes into account any unprocessed (buffered) data from a
      * previous update call, and padding.
-     * <p/>
+     * </p><p>
      * The actual output length of the next update or doFinal call may be
      * smaller than the length returned by this method.
-     *
+     * </p>
      * @param inLen the input length (in bytes)
      * @return the required output buffer size (in bytes)
      */
@@ -293,14 +293,14 @@ public abstract class CipherSpiExt
 
     /**
      * Returns the parameters used with this cipher.
-     * <p/>
+     * <p>
      * The returned parameters may be the same that were used to initialize this
      * cipher, or may contain the default set of parameters or a set of randomly
      * generated parameters used by the underlying cipher implementation
      * (provided that the underlying cipher implementation uses a default set of
      * parameters or creates new parameters if it needs parameters but was not
      * initialized with any).
-     *
+     * </p>
      * @return the parameters used with this cipher, or null if this cipher does
      *         not use any parameters.
      */
@@ -379,7 +379,7 @@ public abstract class CipherSpiExt
     /**
      * Initialize this cipher with a key, a set of algorithm parameters, and a
      * source of randomness for encryption.
-     * <p/>
+     * </p><p>
      * If this cipher requires any algorithm parameters and paramSpec is null,
      * the underlying cipher implementation is supposed to generate the required
      * parameters itself (using provider-specific default or random values) if
@@ -387,11 +387,11 @@ public abstract class CipherSpiExt
      * InvalidAlgorithmParameterException if it is being initialized for
      * decryption. The generated parameters can be retrieved using
      * engineGetParameters or engineGetIV (if the parameter is an IV).
-     * <p/>
+     * </p><p>
      * If this cipher (including its underlying feedback or padding scheme)
      * requires any random bytes (e.g., for parameter generation), it will get
      * them from random.
-     * <p/>
+     * </p><p>
      * Note that when a {@link BlockCipher} object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
      * equivalent to creating a new instance of that Cipher and initializing it.
@@ -411,7 +411,7 @@ public abstract class CipherSpiExt
     /**
      * Initialize this cipher with a key, a set of algorithm parameters, and a
      * source of randomness for decryption.
-     * <p/>
+     * </p><p>
      * If this cipher requires any algorithm parameters and paramSpec is null,
      * the underlying cipher implementation is supposed to generate the required
      * parameters itself (using provider-specific default or random values) if
@@ -419,11 +419,11 @@ public abstract class CipherSpiExt
      * {@link InvalidAlgorithmParameterException} if it is being initialized for
      * decryption. The generated parameters can be retrieved using
      * engineGetParameters or engineGetIV (if the parameter is an IV).
-     * <p/>
+     * </p><p>
      * If this cipher (including its underlying feedback or padding scheme)
      * requires any random bytes (e.g., for parameter generation), it will get
      * them from random.
-     * <p/>
+     * </p><p>
      * Note that when a {@link BlockCipher} object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
      * equivalent to creating a new instance of that Cipher and initializing it.
@@ -455,10 +455,10 @@ public abstract class CipherSpiExt
      * Returns the length in bytes that an output buffer would need to be in
      * order to hold the result of the next update or doFinal operation, given
      * the input length inputLen (in bytes).
-     * <p/>
+     * </p><p>
      * This call takes into account any unprocessed (buffered) data from a
      * previous update call, and padding.
-     * <p/>
+     * </p><p>
      * The actual output length of the next update or doFinal call may be
      * smaller than the length returned by this method.
      *
@@ -479,7 +479,7 @@ public abstract class CipherSpiExt
 
     /**
      * Returns the parameters used with this cipher.
-     * <p/>
+     * </p><p>
      * The returned parameters may be the same that were used to initialize this
      * cipher, or may contain the default set of parameters or a set of randomly
      * generated parameters used by the underlying cipher implementation
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowParameterSpec.java b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowParameterSpec.java
index 9fcc3f8..9da1e45 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowParameterSpec.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowParameterSpec.java
@@ -7,11 +7,12 @@ import org.bouncycastle.util.Arrays;
 /**
  * This class provides methods for setting and getting the Rainbow-parameters
  * like number of Vinegar-variables in the layers, number of layers and so on.
- * <p/>
+ * <p>
  * More detailed information about the needed parameters for the Rainbow
  * Signature Scheme is to be found in the paper of Jintai Ding, Dieter Schmidt:
  * Rainbow, a New Multivariable Polynomial Signature Scheme. ACNS 2005: 164-175
  * (http://dx.doi.org/10.1007/11496137_12)
+ * </p>
  */
 public class RainbowParameterSpec
     implements AlgorithmParameterSpec
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java
index 64e21e7..445a9ea 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java
@@ -1339,7 +1339,7 @@ public class GF2Polynomial
 
     /**
      * Checks if <i>this</i> is irreducible, according to IEEE P1363, A.5.5,
-     * p103. <br />
+     * p103.<br>
      * Note: The algorithm from IEEE P1363, A5.5 can be used to check a
      * polynomial with coefficients in GF(2^r) for irreducibility. As this class
      * only represents polynomials with coefficients in GF(2), the algorithm is
@@ -1635,7 +1635,7 @@ public class GF2Polynomial
      * Does a vector-multiplication modulo 2 and returns the result as boolean.
      *
      * @param b GF2Polynomial
-     * @return this x <i>b</i> as boolean (1->true, 0->false)
+     * @return this x <i>b</i> as boolean (1-&gt;true, 0-&gt;false)
      * @throws PolynomialsHaveDifferentLengthException if <i>this</i> and <i>b</i> have a different length and
      * thus cannot be vector-multiplied
      */
@@ -1730,7 +1730,7 @@ public class GF2Polynomial
      * Sets the bit at position <i>i</i>.
      *
      * @param i int
-     * @throws BitDoesNotExistException if (<i>i</i> < 0) || (<i>i</i> > (len - 1))
+     * @throws RuntimeException if (<i>i</i> &lt; 0) || (<i>i</i> &gt; (len - 1))
      */
     public void setBit(int i)
         throws RuntimeException
@@ -1739,10 +1739,6 @@ public class GF2Polynomial
         {
             throw new RuntimeException();
         }
-        if (i > (len - 1))
-        {
-            return;
-        }
         value[i >>> 5] |= bitMask[i & 0x1f];
         return;
     }
@@ -1756,7 +1752,11 @@ public class GF2Polynomial
      */
     public int getBit(int i)
     {
-        if (i < 0 || i > (len - 1))
+        if (i < 0)
+        {
+            throw new RuntimeException();
+        }
+        if (i > (len - 1))
         {
             return 0;
         }
@@ -1767,12 +1767,12 @@ public class GF2Polynomial
      * Resets the bit at position <i>i</i>.
      *
      * @param i int
-     * @throws BitDoesNotExistException if (<i>i</i> < 0) || (<i>i</i> > (len - 1))
+     * @throws RuntimeException if (<i>i</i> &lt; 0) || (<i>i</i> &gt; (len - 1))
      */
     public void resetBit(int i)
         throws RuntimeException
     {
-        if (i < 0 || i > (len - 1))
+        if (i < 0)
         {
             throw new RuntimeException();
         }
@@ -1787,7 +1787,7 @@ public class GF2Polynomial
      * Xors the bit at position <i>i</i>.
      *
      * @param i int
-     * @throws BitDoesNotExistException if (<i>i</i> < 0) || (<i>i</i> > (len - 1))
+     * @throws RuntimeException if (<i>i</i> &lt; 0) || (<i>i</i> &gt; (len - 1))
      */
     public void xorBit(int i)
         throws RuntimeException
@@ -1796,10 +1796,6 @@ public class GF2Polynomial
         {
             throw new RuntimeException();
         }
-        if (i > (len - 1))
-        {
-            return;
-        }
         value[i >>> 5] ^= bitMask[i & 0x1f];
     }
 
@@ -1808,11 +1804,15 @@ public class GF2Polynomial
      *
      * @param i the position of the bit to be tested
      * @return true if the bit at position <i>i</i> is set (a(<i>i</i>) ==
-     *         1). False if (<i>i</i> < 0) || (<i>i</i> > (len - 1))
+     *         1). False if (<i>i</i> &lt; 0) || (<i>i</i> &gt; (len - 1))
      */
     public boolean testBit(int i)
     {
-        if (i < 0 || i > (len - 1))
+        if (i < 0)
+        {
+            throw new RuntimeException();
+        }
+        if (i > (len - 1))
         {
             return false;
         }
@@ -1822,7 +1822,7 @@ public class GF2Polynomial
     /**
      * Returns this GF2Polynomial shift-left by 1 in a new GF2Polynomial.
      *
-     * @return a new GF2Polynomial (this << 1)
+     * @return a new GF2Polynomial (this &lt;&lt; 1)
      */
     public GF2Polynomial shiftLeft()
     {
@@ -1878,7 +1878,7 @@ public class GF2Polynomial
      * GF2Polynomial.
      *
      * @param k int
-     * @return a new GF2Polynomial (this << <i>k</i>)
+     * @return a new GF2Polynomial (this &lt;&lt; <i>k</i>)
      */
     public GF2Polynomial shiftLeft(int k)
     {
@@ -1996,7 +1996,7 @@ public class GF2Polynomial
     /**
      * Returns this GF2Polynomial shift-right by 1 in a new GF2Polynomial.
      *
-     * @return a new GF2Polynomial (this << 1)
+     * @return a new GF2Polynomial (this &lt;&lt; 1)
      */
     public GF2Polynomial shiftRight()
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mField.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mField.java
index e74d20b..f5f7b64 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mField.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mField.java
@@ -7,9 +7,9 @@ import java.security.SecureRandom;
  * GF(2^m). ( GF(2^m)= GF(2)[A] where A is a root of irreducible polynomial with
  * degree m, each field element B has a polynomial basis representation, i.e. it
  * is represented by a different binary polynomial of degree less than m, B =
- * poly(A) ) All operations are defined only for field with 1< m <32. For the
- * representation of field elements the map f: F->Z, poly(A)->poly(2) is used,
- * where integers have the binary representation. For example: A^7+A^3+A+1 ->
+ * poly(A) ) All operations are defined only for field with 1&lt; m &lt;32. For the
+ * representation of field elements the map f: F-&gt;Z, poly(A)-&gt;poly(2) is used,
+ * where integers have the binary representation. For example: A^7+A^3+A+1 -&gt;
  * (00...0010001011)=139 Also for elements type Integer is used.
  *
  * @see PolynomialRingGF2
@@ -156,6 +156,10 @@ public class GF2mField
      */
     public int exp(int a, int k)
     {
+        if (k == 0)
+        {
+            return 1;
+        }
         if (a == 0)
         {
             return 0;
@@ -291,7 +295,7 @@ public class GF2mField
 
     /**
      * checks if given object is equal to this field.
-     * <p/>
+     * <p>
      * The method returns false whenever the given object is not GF2m.
      *
      * @param other object
@@ -322,7 +326,6 @@ public class GF2mField
 
     /**
      * Returns a human readable form of this field.
-     * <p/>
      *
      * @return a human readable form of this field.
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.java
index 5c985a1..8dfdb9b 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.java
@@ -2,7 +2,7 @@ package org.bouncycastle.pqc.math.linearalgebra;
 
 /**
  * This class describes some operations with matrices over finite field <i>GF(2<sup>m</sup>)</i>
- * with small <i>m</i> (1< m <32).
+ * with small <i>m</i> (1&lt; m &lt;32).
  *
  * @see Matrix
  */
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mVector.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mVector.java
index 1f2f595..f2527f6 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mVector.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mVector.java
@@ -161,7 +161,7 @@ public class GF2mVector
      * @return <tt>this + addend</tt>
      * @throws ArithmeticException if the other vector is not defined over the same field as
      * this vector.
-     * <p/>
+     * <p>
      * TODO: implement this method
      */
     public Vector add(Vector addend)
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.java
index d8ae6c7..8b4b473 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.java
@@ -1048,7 +1048,7 @@ public class GF2nONBElement
     /**
      * Returns a String representation of this element. <tt>radix</tt>
      * specifies the radix of the String representation.<br>
-     * NOTE: ONLY <tt>radix = 2</tt> or <tt>radix = 16</tt> IS IMPLEMENTED>
+     * NOTE: ONLY <tt>radix = 2</tt> or <tt>radix = 16</tt> IS IMPLEMENTED
      *
      * @param radix specifies the radix of the String representation
      * @return String representation of this element with the specified radix
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntUtils.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntUtils.java
index bfb8fca..90a3c60 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntUtils.java
@@ -70,8 +70,7 @@ public final class IntUtils
      * Sorts this array of integers according to the Quicksort algorithm. After
      * calling this method this array is sorted in ascending order with the
      * smallest integer taking position 0 in the array.
-     * <p/>
-     * <p/>
+     * <p>
      * This implementation is based on the quicksort algorithm as described in
      * <code>Data Structures In Java</code> by Thomas A. Standish, Chapter 10,
      * ISBN 0-201-30564-X.
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.java
index 763b180..779f384 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.java
@@ -38,8 +38,8 @@ public final class IntegerFunctions
      * Computes the value of the Jacobi symbol (A|B). The following properties
      * hold for the Jacobi symbol which makes it a very efficient way to
      * evaluate the Legendre symbol
-     * <p/>
-     * (A|B) = 0 IF gcd(A,B) > 1<br>
+     * <p>
+     * (A|B) = 0 IF gcd(A,B) &gt; 1<br>
      * (-1|B) = 1 IF n = 1 (mod 1)<br>
      * (-1|B) = -1 IF n = 3 (mod 4)<br>
      * (A|B) (C|B) = (AC|B)<br>
@@ -47,7 +47,6 @@ public final class IntegerFunctions
      * (A|B) = (C|B) IF A = C (mod B)<br>
      * (2|B) = 1 IF N = 1 OR 7 (mod 8)<br>
      * (2|B) = 1 IF N = 3 OR 5 (mod 8)
-     * <p/>
      *
      * @param A integer value
      * @param B integer value
@@ -493,10 +492,10 @@ public final class IntegerFunctions
     }
 
     /**
-     * determines the order of g modulo p, p prime and 1 < g < p. This algorithm
+     * determines the order of g modulo p, p prime and 1 &lt; g &lt; p. This algorithm
      * is only efficient for small p (see X9.62-1998, p. 68).
      *
-     * @param g an integer with 1 < g < p
+     * @param g an integer with 1 &lt; g &lt; p
      * @param p a prime
      * @return the order k of g (that is k is the smallest integer with
      *         g<sup>k</sup> = 1 mod p
@@ -743,7 +742,7 @@ public final class IntegerFunctions
      * Find and return the least non-trivial divisor of an integer <tt>a</tt>.
      *
      * @param a - the integer
-     * @return divisor p >1 or 1 if a = -1,0,1
+     * @return divisor p &gt;1 or 1 if a = -1,0,1
      */
     public static int leastDiv(int a)
     {
@@ -1008,11 +1007,11 @@ public final class IntegerFunctions
     }
 
     /**
-     * Computes the binomial coefficient (n|t) ("n over t"). Formula:<br/>
+     * Computes the binomial coefficient (n|t) ("n over t"). Formula:
      * <ul>
      * <li>if n !=0 and t != 0 then (n|t) = Mult(i=1, t): (n-(i-1))/i</li>
      * <li>if t = 0 then (n|t) = 1</li>
-     * <li>if n = 0 and t > 0 then (n|t) = 0</li>
+     * <li>if n = 0 and t &gt; 0 then (n|t) = 0</li>
      * </ul>
      *
      * @param n - the "upper" integer
@@ -1225,7 +1224,7 @@ public final class IntegerFunctions
     /**
      * calculate the logarithm to the base 2.
      *
-     * @param x any long value >=1
+     * @param x any long value &gt;=1
      * @return log_2(x)
      * @deprecated use MathFunctions.log(long) instead
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/Permutation.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/Permutation.java
index 80cd2e5..28b58d3 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/Permutation.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/Permutation.java
@@ -179,7 +179,7 @@ public class Permutation
 
     /**
      * checks if given object is equal to this permutation.
-     * <p/>
+     * <p>
      * The method returns false whenever the given object is not permutation.
      *
      * @param other -
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.java
index 668fbf9..866b6f7 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.java
@@ -4,7 +4,7 @@ import java.security.SecureRandom;
 
 /**
  * This class describes operations with polynomials from the ring R =
- * GF(2^m)[X], where 2 <= m <=31.
+ * GF(2^m)[X], where 2 &lt;= m &lt;=31.
  *
  * @see GF2mField
  * @see PolynomialRingGF2m
@@ -948,10 +948,10 @@ public class PolynomialGF2mSmallM
 
     /**
      * Compute a polynomial pair (a,b) from this polynomial and the given
-     * polynomial g with the property b*this = a mod g and deg(a)<=deg(g)/2.
+     * polynomial g with the property b*this = a mod g and deg(a)&lt;=deg(g)/2.
      *
      * @param g the reduction polynomial
-     * @return PolynomialGF2mSmallM[] {a,b} with b*this = a mod g and deg(a)<=
+     * @return PolynomialGF2mSmallM[] {a,b} with b*this = a mod g and deg(a)&lt;=
      *         deg(g)/2
      */
     public PolynomialGF2mSmallM[] modPolynomialToFracton(PolynomialGF2mSmallM g)
@@ -978,7 +978,7 @@ public class PolynomialGF2mSmallM
 
     /**
      * checks if given object is equal to this polynomial.
-     * <p/>
+     * <p>
      * The method returns false whenever the given object is not polynomial over
      * GF(2^m).
      *
@@ -1045,7 +1045,6 @@ public class PolynomialGF2mSmallM
 
     /**
      * Returns a human readable form of the polynomial.
-     * <p/>
      *
      * @return a human readable form of the polynomial.
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.java
index 0bdbc41..a0e2bac 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.java
@@ -3,9 +3,9 @@ package org.bouncycastle.pqc.math.linearalgebra;
 /**
  * This class describes operations with polynomials over finite field GF(2), i e
  * polynomial ring R = GF(2)[X]. All operations are defined only for polynomials
- * with degree <=32. For the polynomial representation the map f: R->Z,
- * poly(X)->poly(2) is used, where integers have the binary representation. For
- * example: X^7+X^3+X+1 -> (00...0010001011)=139 Also for polynomials type
+ * with degree &lt;=32. For the polynomial representation the map f: R-&gt;Z,
+ * poly(X)-&gt;poly(2) is used, where integers have the binary representation. For
+ * example: X^7+X^3+X+1 -&gt; (00...0010001011)=139 Also for polynomials type
  * Integer is used.
  *
  * @see GF2mField
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.java
index 0711583..9e5d413 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.java
@@ -2,7 +2,7 @@ package org.bouncycastle.pqc.math.linearalgebra;
 
 /**
  * This class represents polynomial rings <tt>GF(2^m)[X]/p(X)</tt> for
- * <tt>m&lt<;32</tt>. If <tt>p(X)</tt> is irreducible, the polynomial ring
+ * <tt>m&lt;32</tt>. If <tt>p(X)</tt> is irreducible, the polynomial ring
  * is in fact an extension field of <tt>GF(2^m)</tt>.
  */
 public class PolynomialRingGF2m
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/BigIntEuclidean.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/BigIntEuclidean.java
index b5af2ec..5fb3058 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/BigIntEuclidean.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/BigIntEuclidean.java
@@ -14,7 +14,7 @@ public class BigIntEuclidean
     }
 
     /**
-     * Runs the EEA on two <code>BigInteger</code>s<br/>
+     * Runs the EEA on two <code>BigInteger</code>s<br>
      * Implemented from pseudocode on <a href="http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm">Wikipedia</a>.
      *
      * @param a
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/IntEuclidean.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/IntEuclidean.java
index 3ada3d4..c959a26 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/IntEuclidean.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/IntEuclidean.java
@@ -12,7 +12,7 @@ public class IntEuclidean
     }
 
     /**
-     * Runs the EEA on two <code>int</code>s<br/>
+     * Runs the EEA on two <code>int</code>s<br>
      * Implemented from pseudocode on <a href="http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm">Wikipedia</a>.
      *
      * @param a
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/test/AllTests.java
new file mode 100644
index 0000000..6302e05
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/test/AllTests.java
@@ -0,0 +1,24 @@
+package org.bouncycastle.pqc.math.ntru.euclid.test;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+public class AllTests
+    extends TestCase
+{
+    public static void main (String[] args)
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+    
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("NTRU Euclid Tests");
+        
+        suite.addTestSuite(BigIntEuclideanTest.class);
+        suite.addTestSuite(IntEuclideanTest.class);
+
+        return suite;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/test/BigIntEuclideanTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/test/BigIntEuclideanTest.java
new file mode 100644
index 0000000..2cb9467
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/test/BigIntEuclideanTest.java
@@ -0,0 +1,23 @@
+package org.bouncycastle.pqc.math.ntru.euclid.test;
+
+import java.math.BigInteger;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.math.ntru.euclid.BigIntEuclidean;
+
+public class BigIntEuclideanTest
+    extends TestCase
+{
+    public void testCalculate()
+    {
+        BigIntEuclidean r = BigIntEuclidean.calculate(BigInteger.valueOf(120), BigInteger.valueOf(23));
+        assertEquals(BigInteger.valueOf(-9), r.x);
+        assertEquals(BigInteger.valueOf(47), r.y);
+        assertEquals(BigInteger.valueOf(1), r.gcd);
+
+        r = BigIntEuclidean.calculate(BigInteger.valueOf(126), BigInteger.valueOf(231));
+        assertEquals(BigInteger.valueOf(2), r.x);
+        assertEquals(BigInteger.valueOf(-1), r.y);
+        assertEquals(BigInteger.valueOf(21), r.gcd);
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/test/IntEuclideanTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/test/IntEuclideanTest.java
new file mode 100644
index 0000000..ab2ba25
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/test/IntEuclideanTest.java
@@ -0,0 +1,43 @@
+/**
+ * Copyright (c) 2011 Tim Buktu (tbuktu@hotmail.com)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+package org.bouncycastle.pqc.math.ntru.euclid.test;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.math.ntru.euclid.IntEuclidean;
+
+public class IntEuclideanTest
+    extends TestCase
+{
+    public void testCalculate()
+    {
+        IntEuclidean r = IntEuclidean.calculate(120, 23);
+        assertEquals(-9, r.x);
+        assertEquals(47, r.y);
+        assertEquals(1, r.gcd);
+
+        r = IntEuclidean.calculate(126, 231);
+        assertEquals(2, r.x);
+        assertEquals(-1, r.y);
+        assertEquals(21, r.gcd);
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/BigIntPolynomial.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/BigIntPolynomial.java
index fadd391..3c79b2e 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/BigIntPolynomial.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/BigIntPolynomial.java
@@ -10,7 +10,7 @@ import java.util.List;
 import org.bouncycastle.util.Arrays;
 
 /**
- * A polynomial with {@link BigInteger} coefficients.<br/>
+ * A polynomial with {@link BigInteger} coefficients.<br>
  * Some methods (like <code>add</code>) change the polynomial, others (like <code>mult</code>) do
  * not but return the result as a new polynomial.
  */
@@ -95,7 +95,7 @@ public class BigIntPolynomial
 
     /**
      * Multiplies the polynomial by another, taking the indices mod N. Does not
-     * change this polynomial but returns the result as a new polynomial.<br/>
+     * change this polynomial but returns the result as a new polynomial.<br>
      * Both polynomials must have the same number of coefficients.
      *
      * @param poly2 the polynomial to multiply by
@@ -257,7 +257,7 @@ public class BigIntPolynomial
     }
 
     /**
-     * Divides each coefficient by a <code>BigInteger</code> and rounds the result to the nearest whole number.<br/>
+     * Divides each coefficient by a <code>BigInteger</code> and rounds the result to the nearest whole number.<br>
      * Does not return a new polynomial but modifies this polynomial.
      *
      * @param divisor the number to divide by
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/IntegerPolynomial.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/IntegerPolynomial.java
index 76ffac6..c6bd7fb 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/IntegerPolynomial.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/IntegerPolynomial.java
@@ -19,7 +19,7 @@ import org.bouncycastle.pqc.math.ntru.util.Util;
 import org.bouncycastle.util.Arrays;
 
 /**
- * A polynomial with <code>int</code> coefficients.<br/>
+ * A polynomial with <code>int</code> coefficients.<br>
  * Some methods (like <code>add</code>) change the polynomial, others (like <code>mult</code>) do
  * not but return the result as a new polynomial.
  */
@@ -143,7 +143,7 @@ public class IntegerPolynomial
     }
 
     /**
-     * Decodes a byte array to a polynomial with <code>N</code> ternary coefficients<br/>
+     * Decodes a byte array to a polynomial with <code>N</code> ternary coefficients<br>
      * Ignores any excess bytes.
      *
      * @param data an encoded ternary polynomial
@@ -181,8 +181,8 @@ public class IntegerPolynomial
     }
 
     /**
-     * Returns a polynomial with N coefficients between <code>0</code> and <code>q-1</code>.<br/>
-     * <code>q</code> must be a power of 2.<br/>
+     * Returns a polynomial with N coefficients between <code>0</code> and <code>q-1</code>.<br>
+     * <code>q</code> must be a power of 2.<br>
      * Ignores any excess bytes.
      *
      * @param data an encoded ternary polynomial
@@ -196,8 +196,8 @@ public class IntegerPolynomial
     }
 
     /**
-     * Returns a polynomial with N coefficients between <code>0</code> and <code>q-1</code>.<br/>
-     * <code>q</code> must be a power of 2.<br/>
+     * Returns a polynomial with N coefficients between <code>0</code> and <code>q-1</code>.<br>
+     * <code>q</code> must be a power of 2.<br>
      * Ignores any excess bytes.
      *
      * @param is an encoded ternary polynomial
@@ -213,7 +213,7 @@ public class IntegerPolynomial
 
     /**
      * Encodes a polynomial with ternary coefficients to binary.
-     * <code>coeffs[2*i]</code> and <code>coeffs[2*i+1]</code> must not both equal -1 for any integer </code>i<code>,
+     * <code>coeffs[2*i]</code> and <code>coeffs[2*i+1]</code> must not both equal -1 for any integer <code>i</code>,
      * so this method is only safe to use with polynomials produced by <code>fromBinary3Sves()</code>.
      *
      * @return the encoded polynomial
@@ -366,7 +366,7 @@ public class IntegerPolynomial
     }
 
     /**
-     * Computes the inverse mod <code>q; q</code> must be a power of 2.<br/>
+     * Computes the inverse mod <code>q; q</code> must be a power of 2.<br>
      * Returns <code>null</code> if the polynomial is not invertible.
      *
      * @param q the modulus
@@ -572,14 +572,14 @@ public class IntegerPolynomial
 
     /**
      * Resultant of this polynomial with <code>x^n-1</code> using a probabilistic algorithm.
-     * <p/>
+     * <p>
      * Unlike EESS, this implementation does not compute all resultants modulo primes
      * such that their product exceeds the maximum possible resultant, but rather stops
-     * when <code>NUM_EQUAL_RESULTANTS</code> consecutive modular resultants are equal.<br/>
+     * when <code>NUM_EQUAL_RESULTANTS</code> consecutive modular resultants are equal.<br>
      * This means the return value may be incorrect. Experiments show this happens in
      * about 1 out of 100 cases when <code>N=439</code> and <code>NUM_EQUAL_RESULTANTS=2</code>,
      * so the likelyhood of leaving the loop too early is <code>(1/100)^(NUM_EQUAL_RESULTANTS-1)</code>.
-     * <p/>
+     * <p>
      * Because of the above, callers must verify the output and try a different polynomial if necessary.
      *
      * @return <code>(rho, res)</code> satisfying <code>res = rho*this + t*(x^n-1)</code> for some integer <code>t</code>.
@@ -766,7 +766,7 @@ public class IntegerPolynomial
     }
 
     /**
-     * Resultant of this polynomial with <code>x^n-1 mod p</code>.<br/>
+     * Resultant of this polynomial with <code>x^n-1 mod p</code>.
      *
      * @return <code>(rho, res)</code> satisfying <code>res = rho*this + t*(x^n-1) mod p</code> for some integer <code>t</code>.
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial2.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial2.java
index c7ae56c..d71615a 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial2.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial2.java
@@ -4,7 +4,7 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * A polynomial class that combines two coefficients into one <code>long</code> value for
- * faster multiplication in 64 bit environments.<br/>
+ * faster multiplication in 64 bit environments.<br>
  * Coefficients can be between 0 and 2047 and are stored in pairs in the bits 0..10 and 24..34 of a <code>long</code> number.
  */
 public class LongPolynomial2
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial5.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial5.java
index 69801e9..c804cc8 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial5.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial5.java
@@ -4,7 +4,7 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * A polynomial class that combines five coefficients into one <code>long</code> value for
- * faster multiplication by a ternary polynomial.<br/>
+ * faster multiplication by a ternary polynomial.<br>
  * Coefficients can be between 0 and 2047 and are stored in bits 0..11, 12..23, ..., 48..59 of a <code>long</code> number.
  */
 public class LongPolynomial5
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/Polynomial.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/Polynomial.java
index 7a7237c..69193e3 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/Polynomial.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/Polynomial.java
@@ -32,7 +32,7 @@ public interface Polynomial
 
     /**
      * Multiplies the polynomial by a <code>BigIntPolynomial</code>, taking the indices mod N. Does not
-     * change this polynomial but returns the result as a new polynomial.<br/>
+     * change this polynomial but returns the result as a new polynomial.<br>
      * Both polynomials must have the same number of coefficients.
      *
      * @param poly2 the polynomial to multiply by
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/AllTests.java
new file mode 100644
index 0000000..296a66e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/AllTests.java
@@ -0,0 +1,29 @@
+package org.bouncycastle.pqc.math.ntru.polynomial.test;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+public class AllTests
+    extends TestCase
+{
+    public static void main (String[] args)
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+    
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("NTRU Polynomial Tests");
+        
+        suite.addTestSuite(BigDecimalPolynomialTest.class);
+        suite.addTestSuite(BigIntPolynomialTest.class);
+        suite.addTestSuite(IntegerPolynomialTest.class);
+        suite.addTestSuite(LongPolynomial2Test.class);
+        suite.addTestSuite(LongPolynomial5Test.class);
+        suite.addTestSuite(ProductFormPolynomialTest.class);
+        suite.addTestSuite(SparseTernaryPolynomialTest.class);
+
+        return suite;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/BigDecimalPolynomialTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/BigDecimalPolynomialTest.java
new file mode 100644
index 0000000..06e9e04
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/BigDecimalPolynomialTest.java
@@ -0,0 +1,47 @@
+package org.bouncycastle.pqc.math.ntru.polynomial.test;
+
+import java.math.BigDecimal;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.math.ntru.polynomial.BigDecimalPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.BigIntPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
+
+public class BigDecimalPolynomialTest
+    extends TestCase
+{
+    public void testMult()
+    {
+        BigDecimalPolynomial a = new BigDecimalPolynomial(new BigIntPolynomial(new IntegerPolynomial(new int[]{4, -1, 9, 2, 1, -5, 12, -7, 0, -9, 5})));
+        BigDecimalPolynomial b = new BigDecimalPolynomial(new BigIntPolynomial(new IntegerPolynomial(new int[]{-6, 0, 0, 13, 3, -2, -4, 10, 11, 2, -1})));
+        BigDecimalPolynomial c = a.mult(b);
+        BigDecimal[] expectedCoeffs = new BigDecimalPolynomial(new BigIntPolynomial(new IntegerPolynomial(new int[]{2, -189, 77, 124, -29, 0, -75, 124, -49, 267, 34}))).getCoeffs();
+
+        BigDecimal[] cCoeffs = c.getCoeffs();
+
+        assertEquals(expectedCoeffs.length, cCoeffs.length);
+        for (int i = 0; i != cCoeffs.length; i++)
+        {
+            assertEquals(expectedCoeffs[i], cCoeffs[i]);
+        }
+
+        // multiply a polynomial by its inverse modulo 2048 and check that the result is 1
+        SecureRandom random = new SecureRandom();
+        IntegerPolynomial d, dInv;
+        do
+        {
+            d = DenseTernaryPolynomial.generateRandom(1001, 333, 334, random);
+            dInv = d.invertFq(2048);
+        }
+        while (dInv == null);
+
+        d.mod(2048);
+        BigDecimalPolynomial e = new BigDecimalPolynomial(new BigIntPolynomial(d));
+        BigIntPolynomial f = new BigIntPolynomial(dInv);
+        IntegerPolynomial g = new IntegerPolynomial(e.mult(f).round());
+        g.modPositive(2048);
+        assertTrue(g.equalsOne());
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/BigIntPolynomialTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/BigIntPolynomialTest.java
new file mode 100644
index 0000000..a6ad36e
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/BigIntPolynomialTest.java
@@ -0,0 +1,26 @@
+package org.bouncycastle.pqc.math.ntru.polynomial.test;
+
+import java.math.BigInteger;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.math.ntru.polynomial.BigIntPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
+
+public class BigIntPolynomialTest
+    extends TestCase
+{
+    public void testMult()
+    {
+        BigIntPolynomial a = new BigIntPolynomial(new IntegerPolynomial(new int[]{4, -1, 9, 2, 1, -5, 12, -7, 0, -9, 5}));
+        BigIntPolynomial b = new BigIntPolynomial(new IntegerPolynomial(new int[]{-6, 0, 0, 13, 3, -2, -4, 10, 11, 2, -1}));
+        BigIntPolynomial c = a.mult(b);
+        BigInteger[] expectedCoeffs = new BigIntPolynomial(new IntegerPolynomial(new int[]{2, -189, 77, 124, -29, 0, -75, 124, -49, 267, 34})).getCoeffs();
+        BigInteger[] cCoeffs = c.getCoeffs();
+
+        assertEquals(expectedCoeffs.length, cCoeffs.length);
+        for (int i = 0; i != cCoeffs.length; i++)
+        {
+            assertEquals(expectedCoeffs[i], cCoeffs[i]);
+        }
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/IntegerPolynomialTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/IntegerPolynomialTest.java
new file mode 100644
index 0000000..8f6e489
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/IntegerPolynomialTest.java
@@ -0,0 +1,230 @@
+package org.bouncycastle.pqc.math.ntru.polynomial.test;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.crypto.ntru.NTRUSigningKeyGenerationParameters;
+import org.bouncycastle.pqc.math.ntru.polynomial.BigIntPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.Resultant;
+import org.bouncycastle.util.Arrays;
+
+
+public class IntegerPolynomialTest
+    extends TestCase
+{
+    public void testMult()
+    {
+        // multiplication modulo q
+        IntegerPolynomial a = new IntegerPolynomial(new int[]{-1, 1, 1, 0, -1, 0, 1, 0, 0, 1, -1});
+        IntegerPolynomial b = new IntegerPolynomial(new int[]{14, 11, 26, 24, 14, 16, 30, 7, 25, 6, 19});
+        IntegerPolynomial c = a.mult(b, 32);
+        assertEqualsMod(new int[]{3, -7, -10, -11, 10, 7, 6, 7, 5, -3, -7}, c.coeffs, 32);
+
+        a = new IntegerPolynomial(new int[]{15, 27, 18, 16, 12, 13, 16, 2, 28, 22, 26});
+        b = new IntegerPolynomial(new int[]{-1, 0, 1, 1, 0, 1, 0, 0, -1, 0, -1});
+        c = a.mult(b, 32);
+        assertEqualsMod(new int[]{8, 25, 22, 20, 12, 24, 15, 19, 12, 19, 16}, c.coeffs, 32);
+
+        // multiplication without a modulus
+        a = new IntegerPolynomial(new int[]{1, 1, 0, 0, -1, -1, 0, 0, -1, 0, 1});
+        b = new IntegerPolynomial(new int[]{704, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0});
+        c = a.mult(b);
+
+        // mult(p, modulus) should give the same result as mult(p) followed by modulus
+        a = new IntegerPolynomial(new int[]{1, 0, -1, 1, 0, 1, 1, 1, -1, 1, -1});
+        b = new IntegerPolynomial(new int[]{0, 1, 1, 0, 0, -1, -1, 1, 1, -1, 1});
+        c = a.mult(b);
+        c.modPositive(20);
+        IntegerPolynomial d = a.mult(b, 20);
+        d.modPositive(20);
+        assertTrue(Arrays.areEqual(c.coeffs, d.coeffs));
+    }
+
+    void assertEqualsMod(int[] arr1, int[] arr2, int m)
+    {
+        assertEquals(arr1.length, arr2.length);
+        for (int i = 0; i < arr1.length; i++)
+        {
+            assertEquals((arr1[i] + m) % m, (arr2[i] + m) % m);
+        }
+    }
+
+    public void testInvertFq()
+    {
+        SecureRandom random = new SecureRandom();
+        // Verify an example from the NTRU tutorial
+        IntegerPolynomial a = new IntegerPolynomial(new int[]{-1, 1, 1, 0, -1, 0, 1, 0, 0, 1, -1});
+        IntegerPolynomial b = a.invertFq(32);
+        assertEqualsMod(new int[]{5, 9, 6, 16, 4, 15, 16, 22, 20, 18, 30}, b.coeffs, 32);
+        verifyInverse(a, b, 32);
+
+        // test 3 random polynomials
+        int numInvertible = 0;
+        while (numInvertible < 3)
+        {
+            a = DenseTernaryPolynomial.generateRandom(853, random);
+            b = a.invertFq(2048);
+            if (b != null)
+            {
+                numInvertible++;
+                verifyInverse(a, b, 2048);
+            }
+        }
+
+        // test a non-invertible polynomial
+        a = new IntegerPolynomial(new int[]{-1, 0, 1, 1, 0, 0, -1, 0, -1, 0, 1});
+        b = a.invertFq(32);
+        assertNull(b);
+    }
+
+    public void testInvertF3()
+    {
+        IntegerPolynomial a = new IntegerPolynomial(new int[]{-1, 1, 1, 0, -1, 0, 1, 0, 0, 1, -1});
+        IntegerPolynomial b = a.invertF3();
+        assertEqualsMod(new int[]{1, 2, 0, 2, 2, 1, 0, 2, 1, 2, 0}, b.coeffs, 3);
+        verifyInverse(a, b, 3);
+
+        // test a non-invertible polynomial
+        a = new IntegerPolynomial(new int[]{0, 1, -1, 1, 0, 0, 0, 0, -1, 0, 0});
+        b = a.invertF3();
+        assertNull(b);
+    }
+
+    // tests if a*b=1 (mod modulus)
+    private void verifyInverse(IntegerPolynomial a, IntegerPolynomial b, int modulus)
+    {
+        IntegerPolynomial c = a.mult(b, modulus);
+        for (int i = 1; i < c.coeffs.length; i++)
+        {
+            c.coeffs[i] %= modulus;
+        }
+        c.ensurePositive(modulus);
+        assertTrue(c.equalsOne());
+    }
+
+    public void testFromToBinary()
+    {
+        byte[] a = new byte[]{-44, -33, 30, -109, 101, -28, -6, -105, -45, 113, -72, 99, 101, 15, 9, 49, -80, -76, 58, 42, -57, -113, -89, -14, -125, 24, 125, -16, 37, -58, 10, -49, -77, -31, 120, 103, -29, 105, -56, -126, -92, 36, 125, 127, -90, 38, 9, 4, 104, 10, -78, -106, -88, -1, -1, -43, -19, 90, 41, 0, -43, 102, 118, -72, -122, 19, -76, 57, -59, -2, 35, 47, 83, 114, 86, -115, -125, 58, 75, 115, -29, -6, 108, 6, -77, -51, 127, -8, -8, -58, -30, -126, 110, -5, -35, -41, -37, 69, 22, -48, 26, 4, -120, -19, -32, -81, -77, 124, -7, -2, -46, -96, 38, -35, 88, 4, -5, 16, 101, 29, 7, 2, 88, 35, -64, 31, -66, -70, 120, -97, 76, -74, -97, -61, 52, -56, 87, -35, 5, 95, -93, -30, 10, 38, 17, -102, -25, 86, 7, -43, 44, -52, -108, 33, -18, -110, -9, -115, 66, -71, 66, 1, -90, -72, 90, -88, -38, 75, 47, -124, -120, -15, -49, -8, 85, 5, 17, -88, 76, 99, -4, 83, 16, -91, 82, 116, 112, -83, 56, -45, -26, 125, 13, -75, -115, 92, -12, -59, 3, -12, 14, -6, 43, -17, 121, 122, 22, 92, -74, 99, -59, -103, 113, 8, -103, 114, 99, -48, 92, -88, 77, 81, 5, 31, -4, -69, -24, 23, 94, 126, 71, 93, 20, 77, 82, -54, -14, 86, 45, -81, 0, 52, -63, -66, 48, 104, -54, 15, -73, -2, -52, 115, 76, 28, -5, -94, -63, 117, -69, 0, 61, 22, -1, 71, -115, 9, -73, -100, -128, -31, 106, -74, -61, -37, 98, -6, 11, -5, 6, -18, -53, -6, 11, -49, 62, 23, 6, -128, 38, -91, 89, -34, 18, -38, -110, -101, 43, 36, 62, 101, 112, 59, -91, 78, -81, 61, 126, -21, -42, -110, -38, -27, 69, 57, 9, 24, -50, -118, 31, -17, 42, 87, -54, 122, -16, 42, -47, -19, -80, 16, 54, -97, -89, 81, -22, -35, 45, 54, -46, 22, -122, -95, -17, 7, -127, 105, -100, -56, -98, -105, 101, -81, 104, 121, -7, 33, 126, 110, -125, -85, 111, -52, 123, -98, 41, -42, 88, -68, -17, 39, -19, -96, -10, -117, 13, -88, -75, -101, -16, -7, 73, 23, -12, 41, -116, -105, -64, -4, 103, 49, -15, -49, 60, 88, -25, -21, 42, 26, 95, -90, -83, -69, 64, -2, 50, -116, -64, 26, -29, -93, -120, -70, 32, -38, 39, -126, -19, 103, 127, 65, 54, 110, 94, 126, -82, -80, -18, 43, 45, 56, -118, 109, 36, -8, 10, 113, 69, 53, -122, -127, 92, -127, -73, 70, -19, -105, -80, -15, -5, 99, -109, -27, 119, -76, -57, -48, 42, -35, 23, 39, -126, 44, -107, -100, -125, 117, -50, 115, -79, -16, 104, 8, -102, 83, -73, 21, -85, 113, -87, -54, 93, 63, -108, -64, 109, -74, 15, 14, -119, -6, -68, 45, 37, -15, -97, -95, -55, 89, 25, -63, -92, -80, -27, -8, 55, 50, 96, -91, 40, -74, 110, -96, 94, 6, 85, 92, 0, 34, -122, 5, -126, 123, 37, -90, -94, 60, 14, 36, 49, -98, -23, 57, 75, 63, 106, -7, -36, -89, 84, 71, 60, -21, 104, -47, 90, -52, -66, 88, -91, -81, -3, 116, 23, 62, -47, -84, -118, 65, 31, 7, -103, 37, -29, 115, -114, 73, 12, -121, 96, -91, -7, 56, 10, -72, 27, -45, 122, -27, -38, 74, 64, 30, -60, 64, -21, 48, 101, 113, 126, -60, -103, 71, 100, -117, 124, -125, 116, 78, 114, -74, 42, -81, -54, 34, 33, -10, 19, 23, 24, 40, 0, -8, 78, 100, 73, -88, -95, -62, -115, -18, 47, 10, -14, -39, 82, 27, -9, -115, -70, 92, -6, 39, 45, -71, -109, -41, 94, -88, -63, 19, -58, -37, -31, 1, 127, -42, 125, -120, -57, 120, -86, -6, 17, -27, -37, 47, 55, -22, -11, -31, 38, -1, 29, 56, -34, -104, -66, -62, 72, -11, -30, -30, 61, -31, 10, -63, 116, -84, 118, -127, 6, 17, -36, 91, 123, 77, 35, 22, 110, 114, 107, -3, 52, 11, 86, 68, -56, 0, 119, -43, -73, 112, 89, -4, -122, -71, -26, 103, -118, -61, -112, -108, -44, -25, -22, 4, 24, 53, -5, -71, 9, -41, 84, -28, 22, 99, 39, -26, -2, -51, 68, 63, -15, 99, 66, -78, 46, -89, 21, -38, -114, -51, 100, -59, 84, -76, -105, 51, 28, 19, 74, 42, 91, -73, 12, -89, -128, 34, 38, -100, 121, -78, 114, -28, 127, -29, 50, 105, -6, 36, 98, -35, 79, -58, 5, -13, -86, -101, -108, -99, -70, 25, 103, 63, 57, 79, -12, -63, 125, -54, 61, 15, 6, -79, 90, 76, 103, -45, 7, 39, 93, 107, 58, 76, 80, 56, -108, 55, -22, 36, 125, -91, -65, 11, 69, 10, -19, -14, -4, -26, -36, 114, 124, 63, -31, 88, 92, 108, 33, -52, -22, 80, -65, 57, 126, 43, -13, 122, -8, 68, 72, 92, -50, 100, -91, 1, -81, 75, 95, -11, -99, 38, 121, -20, -70, 82, -125, -94, -18, 16, 59, 89, 18, -96, 91, -97, 62, -96, 127, 45, 70, 16, 84, -43, -75, -118, 81, 58, 84, -115, -120, -3, 41, -103, -70, 123, 26, 101, 33, 58, 13, -11, -73, -84, -47, -7, 81, -63, 60, -45, 30, 100, -51, -15, 73, 58, -119, -3, 62, -63, -17, -69, -44, 60, -54, -115, -59, 23, -59, 98, -89, -72, 20, -96, 27, 53, -89, 59, -85, -29, 120, 23, 62, 8, -86, 113, 87, -15, 102, 106, -104, 57, -57, 37, 110, 118, 109, 25, 64, 26, -20, -86, -2, 60, -70, -33, 67, 13, -28, -29, -63, -37, 67, 99, 84, 121, -126, -38, 45, 24, 122, 51, 11, -19, -80, 26, -106, -95, 82, 69, -2, -75, 62, 106, -120, 87, -107, 87, 17, 102, -52, -16, 22, 12, -86, -48, -95, -61, 109, 64, -29, 111, 40, -90, -35, 49, 88, -15, 122, 127, 87, 113, 116, 93, 100, 28, -70, -87, -40, -1, -126, -114, 7, 79, 16, 2, -47, -98, -102, 49, 58, 61, -32, 44, 18, -26, 37, 27, -123, -76, 56, 91, 51, -21, -48, -122, -33, 40, -8, -62, -56, -126, 91, -51, 76, -29, 127, -22, -18, -110, 27, 13, -111, 81, 51, -104, 70, 98, 12, 120, -7, 15, 104, -43, -104, 124, 46, 116, 7, -26, 21, 33, 105, 17, -99, -42, -106, 8, -85, 39, 8, 79, -54, -81, 109, 40, 25, 29, -18, -90, 22, 85, -12, -16, 61, 49, -31, 127, 64, 5, 25, 39, -65, -42, 13, -97, -92, 36, -126, -18, -4, -22, -14, 109, -93, -76, -5, 13, 74, 44, 103, 79, 110, 85, 58, 39, -24, 119, 120, 122, 120, 43, 110, 67, 21, 47, 39, -48, 7, 91, -51, 126, 100, -38, -124, 0, -97, 99, -123, 118, -27, 8, 102, -106, -23, -53, -4, -56, -9, -126, -85, 93, -4, -5, 4, 49, 29, 2, 63, 78, -32, -106, 118, 111, 52, 54, 74, 53, 106, 39, -95, -38, -18, 118, -5, 94, -83, -97, -27, 62, -56, -90, -36, 43, 43, -113, 119, -89, 44, -108, -46, 66, 28, 66, -38, 3, -62, -83, -35, -127, -2, 51, 104, 105, 40, 76, -10, -124, -95, 52, 11, 101, -32, -122, -73, -17, 37, -126, 68, -126, 55, 112, -126, 38, 99, -63, 123, -74, -31, 58, 8, 93, -68, 111, -22, -24, -23, 9, -87, -25, -115, 81, -116, -91, 60, 96, -102, -1, -7, 73, 99, 46, -78, 62, 48, -116, -52, -44, -5, 82, -45, 5, -55, -101, 101, 65, -109, -108, 26, 98, -55, 11, -86, 57, 30, 92, -58, 20, 82, 65, 103, 27, -64, 76, 123, -56, -16, -111, -83, 125, 65, 111, 9, 123, 14, 119, 126, -80, 79, 94, -19, 66, -25, 35, 112, -64, 10, -66, -86, 51, 56, -78, 103, 92, -116, 8, 75, 41, -49, -79, -53, 125, -32, -76, -27, 59, -8, -4, -94, -104, -15, 79, -7, -124, 32, -87, -104, 85, -118, -36, 125, 65, 111, -105, 5, -105, 40, -50, 2, 118, 123, -54, 59, -22, 94, 20, 99, -87, -27, 28, -30, -109, 72, -19, 92, 60, 19, 115, 47, 96, -96, 10, -74, 60, 96, -86, 101, 101, 68, -44, -72, 9, -36, 126, 96, -45, -12, 9, 14, -15, 79, -79, -48, 8, -107, -81, 47, 35, -36, -107, -120, -36, -124, 37, 103, -60, -35, -74, 100, -38, -88, -99, -99, -94, -107, 79, 115, 108, 54, 119, 73, 84, 110, -74, 92, 57, 108, 80, 47, -36, -119, -115, 58, -62, -4, -97, 43, -98, 5, 112, 47, 59, -89, 82, -69, -103, 39, -29, 75, -9, -94, -72, 99, -64, 22, -10, 21, 89, 101, 21, 94, -30, -17, 73, -36, -68, -89, -91, -94, 99, -106, 119, -116, 123, -19, 54, -99, 64, -119, 82, 120, -106, -99, 80, 69, 29, -48, 77, 28, 13, 92, -107, -77, 94, -116, 108, 89, -115, 96, -41, 25, 99, -65, 118, -5, -16, 48, -122, 5, 50, -123, -115, 13, 24, 7, 15, -103, -62, -71, 92, -82, -5, -70, 49, -6, -51, -17, -47, 12, 46, -86, 30, 93, 84, -101, 43, -92, -87, -118, -110, -32, 52, 115, -4, 36, -2, -79, -69, -46, -110, 70, -82, 6, 21, -27, -11, 94, 42, -81, -96, 116, -102, -38, 36, 32, 91, 28, 80, -45, 116, -94, -33, -5, -102, 64, -96, 27, -2, 100, -126, 59, -71, 33, -36, -124, 123, 99, -76, 108, 127, -11, -24, -19, 84, -6, 19, 105, -19, -18, 120, -14, 23, 39, 54, 87, 105, 58, -95, -15, 127, -65, 114, 49, 4, -66, 32, -7, 84, 43, -103, 76, 11, 36, -68, -3, -98, -5, -43, 35, -48, 20, -40, -33, -123, 1, -54, -44, 99, -68, 8, -100, 97, -49, -10, 110, 49, 84, 46, -85, 98, -103, -58, -4, 104, -100, -40, -79, 67, -20, -95, 85, 51, 73, 10, -25, 102, 68, -97, -83, -39, 35, 2, -111, 71, 62, -89, 20, 25, -126, 17, -81, -29, 39, -27, -55, 55, -122, 97, 23, -99, 55, 86, 33, -9, 8, 55, -40, -84, 39, 38, 37, -29, 87, 113, -118, -26, 123, -95, 24, -126, 119, -94, 17, 83, -43, 10, 63, -98, 72, 8, 16, -95, -96, 119, -91, 6, 71, -60, 1, -77, 4, 53, -121, 55, 7, 36, -86, -49, -118, -121, 56, 84, -49, -57, -99, 3, -68, 37, -108, -72, 114, -74, 120, 3, 121, -28, -106, 54, -20, 63, -121, -85, -59, -111, 32, 13, -69, 122, 90, 5, 40, 88, 15, -90, 125, -28, 89, 95, 73, 96, 60, -60, -51, 102, 7, 57, 91, 59, 15, 92, -76, -34, -23, -77, 90, 45, 91, 77, -63, 94, -127, 74, -97, -44, 50, -87, -94, -25, -71, 112, 127, -117, 6, 32, -113, 54, 83, -31, 111, -73, 53, 34, -32, -98, 125, -39, 63, 15, 72, -69, 87, -118, 108, 17, 84, 15, 61, -47, 54, -24, -79, 91, 28, -28, 66, 53, 22, 9, -28, -12, 38, 64, 75, -122, 96, -59, -45, 4, -19, 47, -30, 75, -94, 62, -64, 76, -49, 19, -66, -34, 3, 84, -2, -54, 13, -84, 86, -117, 94, -27, 89, 16, 96, 52, -77, -36, -116, 27, -52, -33, -50, 14, -59, 77, 93, -109, 8, -89, 81, -114, -29, -94, 73, -119, -56, -19, 88, -17, -33, 125, -18, -68, 113, 40, -128, -112, -119, -106, -106, -30, 23, -77, 49, 3, 98, -101, 99, -107, -121, -12, -112, 24, -74, -74, 79, -17, 96, 65, -52, 86, -63, 45, 84, 119, -42, 61, -91, 29, -87, 65, -85, 99, -14, 71, 33, -41, -48, -2, -121, 78, -38, 41, -7, -37, 48, 122, 61, -124, 42, -22, 24, 2, -49, 74, -81, -88, -89, -107, 109, 53, -68, 90, -117, 123, -109, -28, 12, 80, 120, 26, -104, 73, 70, -36, 34, -80, -104, 23, 16, 14, -96, -5, 27, 71, 25, -8, -125, 58, 88, -52, -97, -97, -93, 11, -44, 116, 42, -102, -100, -31, -86, 71, 84, 70, 27, 117, -67, 92, -84, -13, 54, -102, 34, 5, 19, -76, 71, 89, 22, -49, -34, -29};
+        IntegerPolynomial poly = IntegerPolynomial.fromBinary(a, 1499, 2048);
+        byte[] b = poly.toBinary(2048);
+        // verify that bytes 0..2047 match, ignore non-relevant bits of byte 2048
+        assertTrue(Arrays.areEqual(copyOf(a, 2047), copyOf(b, 2047)));
+        assertEquals((a[a.length - 1] & 1) >> (7 - (1499 * 11) % 8), (b[b.length - 1] & 1) >> (7 - (1499 * 11) % 8));
+    }
+
+    public void testFromToBinary3Sves()
+    {
+        byte[] a = new byte[]{-112, -78, 19, 15, 99, -65, -56, -90, 44, -93, -109, 104, 40, 90, -84, -21, -124, 51, -33, 4, -51, -106, 33, 86, -76, 42, 41, -17, 47, 79, 81, -29, 15, 116, 101, 120, 116, 32, 116, 111, 32, 101, 110, 99, 114, 121, 112, 116, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+        IntegerPolynomial poly = IntegerPolynomial.fromBinary3Sves(a, 1499);
+        byte[] b = poly.toBinary3Sves();
+        assertTrue(Arrays.areEqual(a, b));
+    }
+
+    public void testFromToBinary3Tight()
+    {
+        int[] c = new int[]{0, 0, 0, 0, 0, 0, 0, 1, 0, 0, -1, -1, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, -1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 1, -1, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, -1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 1, 0, 1, 0, -1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, -1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, -1, -1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, -1, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, -1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, -1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 1, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0};
+        IntegerPolynomial poly1 = new IntegerPolynomial(c);
+        IntegerPolynomial poly2 = IntegerPolynomial.fromBinary3Tight(poly1.toBinary3Tight(), c.length);
+        assertTrue(Arrays.areEqual(poly1.coeffs, poly2.coeffs));
+
+        IntegerPolynomial poly3 = new IntegerPolynomial(new int[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, -1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, -1, -1, 0, 0, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, -1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, -1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, -1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, -1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 1, 0, -1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -1, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, -1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, -1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0});
+        byte[] arr = poly3.toBinary3Tight();
+        IntegerPolynomial poly4 = IntegerPolynomial.fromBinary3Tight(arr, 1499);
+        assertTrue(Arrays.areEqual(poly3.coeffs, poly4.coeffs));
+
+        IntegerPolynomial poly5 = new IntegerPolynomial(new int[]{0, 0, 0, 1, -1, -1, -1});
+        arr = poly5.toBinary3Tight();
+        IntegerPolynomial poly6 = IntegerPolynomial.fromBinary3Tight(arr, 7);
+        assertTrue(Arrays.areEqual(poly5.coeffs, poly6.coeffs));
+
+        SecureRandom random = new SecureRandom();
+
+        for (int i = 0; i < 100; i++)
+        {
+            IntegerPolynomial poly7 = DenseTernaryPolynomial.generateRandom(157, random);
+            arr = poly7.toBinary3Tight();
+            IntegerPolynomial poly8 = IntegerPolynomial.fromBinary3Tight(arr, 157);
+            assertTrue(Arrays.areEqual(poly7.coeffs, poly8.coeffs));
+        }
+    }
+
+    public void testResultant()
+    {
+        SecureRandom random = new SecureRandom();
+        NTRUSigningKeyGenerationParameters params = NTRUSigningKeyGenerationParameters.APR2011_439;
+        IntegerPolynomial a = DenseTernaryPolynomial.generateRandom(params.N, params.d, params.d, random);
+        verifyResultant(a, a.resultant());
+
+        a = new IntegerPolynomial(new int[]{0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, 0, 1, -1, 0, 0, -1, 0, 0, 0, 1, 0, 0, 0, -1, -1, 0, -1, 1, -1, 0, -1, 0, -1, -1, -1, 0, 0, 0, 1, 1, -1, -1, -1, 0, -1, -1, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 1, 0, 0, 1, 1, -1, 0, 1, -1, 0, 1, 0, 1, 0, -1, -1, 0, 1, 0, -1, 1, 1, 1, 1, 0, 0, -1, -1, 1, 0, 0, -1, -1, 0, -1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, -1, 0, 0, 0, 0, -1, 0, 0, 0, 1, 0, 1, 0, 1, -1, 0, 0, 1, 1, 1, 0, 0, 0, -1, 0, 0, 0, 0, 1, 0, 1, 0, -1, -1, 0, -1, -1, -1, 0, -1, -1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, -1, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, -1, -1, 0, -1, -1, 1, 1, 0, 0, -1, 1, 0, 0, 0, -1, 1, -1, 0, -1, 0, 0, 0, -1, 0, 0, 0, 0, 0, -1, 1, 1, 0, 0, -1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, -1, 0, 1, 0, -1, -1, 0, 0, 0, 0, 0, 1, -1, 0, 0, 0, 1, -1, 1, -1, -1, 1, -1, 0, 1, 0, 0, 0, 1, 0, 0, 1, -1, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, -1, 0, 1, -1, 0, 0, 1, 1, 0, 0, 1, 1, 0, -1, 0, -1, 1, -1, -1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, -1, 0, 0, 1, -1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, -1, 1, 0, -1, -1, 0, 0, -1, 0, 1, 1, -1, 1, -1, 0, 0, 0, 1});
+        verifyResultant(a, a.resultant());
+    }
+
+    // verifies that res=rho*a mod x^n-1
+    private void verifyResultant(IntegerPolynomial a, Resultant r)
+    {
+        BigIntPolynomial b = new BigIntPolynomial(a).mult(r.rho);
+        BigInteger[]     bCoeffs = b.getCoeffs();
+
+        for (int j = 1; j < bCoeffs.length - 1; j++)
+        {
+            assertEquals(BigInteger.ZERO, bCoeffs[j]);
+        }
+        if (r.res.equals(BigInteger.ZERO))
+        {
+            assertEquals(BigInteger.ZERO, bCoeffs[0].subtract(bCoeffs[bCoeffs.length - 1]));
+        }
+        else
+        {
+            assertEquals(BigInteger.ZERO, (bCoeffs[0].subtract(bCoeffs[bCoeffs.length - 1]).mod(r.res)));
+        }
+        assertEquals(bCoeffs[0].subtract(r.res), bCoeffs[bCoeffs.length - 1].negate());
+    }
+
+    public void testResultantMod()
+    {
+        int p = 46337;   // prime; must be less than sqrt(2^31) or integer overflows will occur
+
+        IntegerPolynomial a = new IntegerPolynomial(new int[]{0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, 0, 1, -1, 0, 0, -1, 0, 0, 0, 1, 0, 0, 0, -1, -1, 0, -1, 1, -1, 0, -1, 0, -1, -1, -1, 0, 0, 0, 1, 1, -1, -1, -1, 0, -1, -1, 0, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 1, 0, 0, 1, 1, -1, 0, 1, -1, 0, 1, 0, 1, 0, -1, -1, 0, 1, 0, -1, 1, 1, 1, 1, 0, 0, -1, -1, 1, 0, 0, -1, -1, 0, -1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, -1, 0, 0, 0, 0, -1, 0, 0, 0, 1, 0, 1, 0, 1, -1, 0, 0, 1, 1, 1, 0, 0, 0, -1, 0, 0, 0, 0, 1, 0, 1, 0, -1, -1, 0, -1, -1, -1, 0, -1, -1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, -1, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, -1, -1, 0, -1, -1, 1, 1, 0, 0, -1, 1, 0, 0, 0, -1, 1, -1, 0, -1, 0, 0, 0, -1, 0, 0, 0, 0, 0, -1, 1, 1, 0, 0, -1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, -1, 0, 1, 0, -1, -1, 0, 0, 0, 0, 0, 1, -1, 0, 0, 0, 1, -1, 1, -1, -1, 1, -1, 0, 1, 0, 0, 0, 1, 0, 0, 1, -1, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, -1, 0, 1, -1, 0, 0, 1, 1, 0, 0, 1, 1, 0, -1, 0, -1, 1, -1, -1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, -1, 0, 0, 1, -1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, -1, 1, 0, -1, -1, 0, 0, -1, 0, 1, 1, -1, 1, -1, 0, 0, 0, 1});
+        verifyResultant(a, a.resultant(p), p);
+
+        SecureRandom random = new SecureRandom();
+
+        for (int i = 0; i < 10; i++)
+        {
+            a = DenseTernaryPolynomial.generateRandom(853, random);
+            verifyResultant(a, a.resultant(p), p);
+        }
+    }
+
+    // verifies that res=rho*a mod x^n-1 mod p
+    private void verifyResultant(IntegerPolynomial a, Resultant r, int p)
+    {
+        BigIntPolynomial b = new BigIntPolynomial(a).mult(r.rho);
+        b.mod(BigInteger.valueOf(p));
+        BigInteger[]     bCoeffs = b.getCoeffs();
+
+        for (int j = 1; j < bCoeffs.length - 1; j++)
+        {
+            assertEquals(BigInteger.ZERO, bCoeffs[j]);
+        }
+        if (r.res.equals(BigInteger.ZERO))
+        {
+            assertEquals(BigInteger.ZERO, bCoeffs[0].subtract(bCoeffs[bCoeffs.length - 1]));
+        }
+        else
+        {
+            assertEquals(BigInteger.ZERO, (bCoeffs[0].subtract(bCoeffs[bCoeffs.length - 1]).subtract(r.res).mod(BigInteger.valueOf(p))));
+        }
+        assertEquals(BigInteger.ZERO, bCoeffs[0].subtract(r.res).subtract(bCoeffs[bCoeffs.length - 1].negate()).mod(BigInteger.valueOf(p)));
+    }
+
+    private byte[] copyOf(byte[] src, int length)
+    {
+        byte[] tmp = new byte[length];
+        System.arraycopy(src, 0, tmp, 0, tmp.length);
+        return tmp;
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/LongPolynomial2Test.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/LongPolynomial2Test.java
new file mode 100644
index 0000000..c842064
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/LongPolynomial2Test.java
@@ -0,0 +1,60 @@
+package org.bouncycastle.pqc.math.ntru.polynomial.test;
+
+import java.util.Random;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.LongPolynomial2;
+import org.bouncycastle.util.Arrays;
+
+public class LongPolynomial2Test
+    extends TestCase
+{
+    public void testMult()
+    {
+        IntegerPolynomial i1 = new IntegerPolynomial(new int[]{1368, 2047, 672, 871, 1662, 1352, 1099, 1608});
+        IntegerPolynomial i2 = new IntegerPolynomial(new int[]{1729, 1924, 806, 179, 1530, 1381, 1695, 60});
+        LongPolynomial2 a = new LongPolynomial2(i1);
+        LongPolynomial2 b = new LongPolynomial2(i2);
+        IntegerPolynomial c1 = i1.mult(i2, 2048);
+        IntegerPolynomial c2 = a.mult(b).toIntegerPolynomial();
+        assertTrue(Arrays.areEqual(c1.coeffs, c2.coeffs));
+
+        // test 10 random polynomials
+        Random rng = new Random();
+        for (int i = 0; i < 10; i++)
+        {
+            int N = 2 + rng.nextInt(2000);
+            i1 = PolynomialGenerator.generateRandom(N, 2048);
+            i2 = PolynomialGenerator.generateRandom(N, 2048);
+            a = new LongPolynomial2(i1);
+            b = new LongPolynomial2(i2);
+            c1 = i1.mult(i2);
+            c1.modPositive(2048);
+            c2 = a.mult(b).toIntegerPolynomial();
+            assertTrue(Arrays.areEqual(c1.coeffs, c2.coeffs));
+        }
+    }
+
+    public void testSubAnd()
+    {
+        IntegerPolynomial i1 = new IntegerPolynomial(new int[]{1368, 2047, 672, 871, 1662, 1352, 1099, 1608});
+        IntegerPolynomial i2 = new IntegerPolynomial(new int[]{1729, 1924, 806, 179, 1530, 1381, 1695, 60});
+        LongPolynomial2 a = new LongPolynomial2(i1);
+        LongPolynomial2 b = new LongPolynomial2(i2);
+        a.subAnd(b, 2047);
+        i1.sub(i2);
+        i1.modPositive(2048);
+        assertTrue(Arrays.areEqual(a.toIntegerPolynomial().coeffs, i1.coeffs));
+    }
+
+    public void testMult2And()
+    {
+        IntegerPolynomial i1 = new IntegerPolynomial(new int[]{1368, 2047, 672, 871, 1662, 1352, 1099, 1608});
+        LongPolynomial2 i2 = new LongPolynomial2(i1);
+        i2.mult2And(2047);
+        i1.mult(2);
+        i1.modPositive(2048);
+        assertTrue(Arrays.areEqual(i1.coeffs, i2.toIntegerPolynomial().coeffs));
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/LongPolynomial5Test.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/LongPolynomial5Test.java
new file mode 100644
index 0000000..cf91ac2
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/LongPolynomial5Test.java
@@ -0,0 +1,62 @@
+package org.bouncycastle.pqc.math.ntru.polynomial.test;
+
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.LongPolynomial5;
+import org.bouncycastle.util.Arrays;
+
+public class LongPolynomial5Test
+    extends TestCase
+{
+    public void testMult()
+    {
+        testMult(new int[]{2}, new int[]{-1});
+        testMult(new int[]{2, 0}, new int[]{-1, 0});
+        testMult(new int[]{2, 0, 3}, new int[]{-1, 0, 1});
+        testMult(new int[]{2, 0, 3, 1}, new int[]{-1, 0, 1, 1});
+        testMult(new int[]{2, 0, 3, 1, 2}, new int[]{-1, 0, 1, 1, 0});
+        testMult(new int[]{2, 0, 3, 1, 1, 5}, new int[]{1, -1, 1, 1, 0, 1});
+        testMult(new int[]{2, 0, 3, 1, 1, 5, 1, 4}, new int[]{1, 0, 1, 1, -1, 1, 0, -1});
+        testMult(new int[]{1368, 2047, 672, 871, 1662, 1352, 1099, 1608}, new int[]{1, 0, 1, 1, -1, 1, 0, -1});
+
+        // test random polynomials
+        SecureRandom rng = new SecureRandom();
+        for (int i = 0; i < 10; i++)
+        {
+            int[] coeffs1 = new int[rng.nextInt(2000) + 1];
+            int[] coeffs2 = DenseTernaryPolynomial.generateRandom(coeffs1.length, rng).coeffs;
+            testMult(coeffs1, coeffs2);
+        }
+    }
+
+    private void testMult(int[] coeffs1, int[] coeffs2)
+    {
+        IntegerPolynomial i1 = new IntegerPolynomial(coeffs1);
+        IntegerPolynomial i2 = new IntegerPolynomial(coeffs2);
+
+        LongPolynomial5 a = new LongPolynomial5(i1);
+        DenseTernaryPolynomial b = new DenseTernaryPolynomial(i2);
+        IntegerPolynomial c1 = i1.mult(i2, 2048);
+        IntegerPolynomial c2 = a.mult(b).toIntegerPolynomial();
+        assertEqualsMod(c1.coeffs, c2.coeffs, 2048);
+    }
+
+    private void assertEqualsMod(int[] arr1, int[] arr2, int m)
+    {
+        assertEquals(arr1.length, arr2.length);
+        for (int i = 0; i < arr1.length; i++)
+        {
+            assertEquals((arr1[i] + m) % m, (arr2[i] + m) % m);
+        }
+    }
+
+    public void testToIntegerPolynomial()
+    {
+        int[] coeffs = new int[]{2, 0, 3, 1, 1, 5, 1, 4};
+        LongPolynomial5 p = new LongPolynomial5(new IntegerPolynomial(coeffs));
+        assertTrue(Arrays.areEqual(coeffs, p.toIntegerPolynomial().coeffs));
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/PolynomialGenerator.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/PolynomialGenerator.java
new file mode 100644
index 0000000..8f931d7
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/PolynomialGenerator.java
@@ -0,0 +1,27 @@
+package org.bouncycastle.pqc.math.ntru.polynomial.test;
+
+import java.util.Random;
+
+import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
+
+public class PolynomialGenerator
+{
+    /**
+     * Creates a random polynomial with <code>N</code> coefficients
+     * between <code>0</code> and <code>q-1</code>.
+     *
+     * @param N length of the polynomial
+     * @param q coefficients will all be below this number
+     * @return a random polynomial
+     */
+    public static IntegerPolynomial generateRandom(int N, int q)
+    {
+        Random rng = new Random();
+        int[] coeffs = new int[N];
+        for (int i = 0; i < N; i++)
+        {
+            coeffs[i] = rng.nextInt(q);
+        }
+        return new IntegerPolynomial(coeffs);
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/ProductFormPolynomialTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/ProductFormPolynomialTest.java
new file mode 100644
index 0000000..9fbbb98
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/ProductFormPolynomialTest.java
@@ -0,0 +1,47 @@
+package org.bouncycastle.pqc.math.ntru.polynomial.test;
+
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionKeyGenerationParameters;
+import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.ProductFormPolynomial;
+
+public class ProductFormPolynomialTest
+    extends TestCase
+{
+    private NTRUEncryptionKeyGenerationParameters params;
+    private int N;
+    private int df1;
+    private int df2;
+    private int df3;
+    private int q;
+
+    public void setUp()
+    {
+        params = NTRUEncryptionKeyGenerationParameters.APR2011_439_FAST;
+        N = params.N;
+        df1 = params.df1;
+        df2 = params.df2;
+        df3 = params.df3;
+        q = params.q;
+    }
+
+    public void testFromToBinary()
+        throws Exception
+    {
+        ProductFormPolynomial p1 = ProductFormPolynomial.generateRandom(N, df1, df2, df3, df3 - 1, new SecureRandom());
+        byte[] bin1 = p1.toBinary();
+        ProductFormPolynomial p2 = ProductFormPolynomial.fromBinary(bin1, N, df1, df2, df3, df3 - 1);
+        assertEquals(p1, p2);
+    }
+
+    public void testMult()
+    {
+        ProductFormPolynomial p1 = ProductFormPolynomial.generateRandom(N, df1, df2, df3, df3 - 1, new SecureRandom());
+        IntegerPolynomial p2 = PolynomialGenerator.generateRandom(N, q);
+        IntegerPolynomial p3 = p1.mult(p2);
+        IntegerPolynomial p4 = p1.toIntegerPolynomial().mult(p2);
+        assertEquals(p3, p4);
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/SparseTernaryPolynomialTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/SparseTernaryPolynomialTest.java
new file mode 100644
index 0000000..3d434c6
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/test/SparseTernaryPolynomialTest.java
@@ -0,0 +1,45 @@
+package org.bouncycastle.pqc.math.ntru.polynomial.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.math.ntru.polynomial.BigIntPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.SparseTernaryPolynomial;
+
+public class SparseTernaryPolynomialTest
+    extends TestCase
+{
+
+    /**
+     * tests mult(IntegerPolynomial) and mult(BigIntPolynomial)
+     */
+    public void testMult()
+    {
+        SecureRandom random = new SecureRandom();
+        SparseTernaryPolynomial p1 = SparseTernaryPolynomial.generateRandom(1000, 500, 500, random);
+        IntegerPolynomial p2 = DenseTernaryPolynomial.generateRandom(1000, random);
+
+        IntegerPolynomial prod1 = p1.mult(p2);
+        IntegerPolynomial prod2 = p1.mult(p2);
+        assertEquals(prod1, prod2);
+
+        BigIntPolynomial p3 = new BigIntPolynomial(p2);
+        BigIntPolynomial prod3 = p1.mult(p3);
+
+        assertEquals(new BigIntPolynomial(prod1), prod3);
+    }
+
+    public void testFromToBinary()
+        throws IOException
+    {
+        SecureRandom random = new SecureRandom();
+        SparseTernaryPolynomial poly1 = SparseTernaryPolynomial.generateRandom(1000, 100, 101, random);
+        ByteArrayInputStream poly1Stream = new ByteArrayInputStream(poly1.toBinary());
+        SparseTernaryPolynomial poly2 = SparseTernaryPolynomial.fromBinary(poly1Stream, 1000, 100, 101);
+        assertEquals(poly1, poly2);
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/ArrayEncoder.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/ArrayEncoder.java
index 0c8f5ab..017e104 100644
--- a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/ArrayEncoder.java
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/ArrayEncoder.java
@@ -14,10 +14,10 @@ public class ArrayEncoder
     /**
      * Bit string to coefficient conversion table from P1363.1. Also found at
      * {@link http://stackoverflow.com/questions/1562548/how-to-make-a-message-into-a-polynomial}
-     * <p/>
+     * <p>
      * Convert each three-bit quantity to two ternary coefficients as follows, and concatenate the resulting
      * ternary quantities to obtain [the output].
-     * <p/>
+     * </p><p>
      * <code>
      * {0, 0, 0} -> {0, 0}<br/>
      * {0, 0, 1} -> {0, 1}<br/>
@@ -28,16 +28,17 @@ public class ArrayEncoder
      * {1, 1, 0} -> {-1, 0}<br/>
      * {1, 1, 1} -> {-1, 1}<br/>
      * </code>
+     * </p>
      */
     private static final int[] COEFF1_TABLE = {0, 0, 0, 1, 1, 1, -1, -1};
     private static final int[] COEFF2_TABLE = {0, 1, -1, 0, 1, -1, 0, 1};
     /**
      * Coefficient to bit string conversion table from P1363.1. Also found at
      * {@link http://stackoverflow.com/questions/1562548/how-to-make-a-message-into-a-polynomial}
-     * <p/>
+     * <p>
      * Convert each set of two ternary coefficients to three bits as follows, and concatenate the resulting bit
      * quantities to obtain [the output]:
-     * <p/>
+     * </p><p>
      * <code>
      * {-1, -1} -> set "fail" to 1 and set bit string to {1, 1, 1}
      * {-1, 0} -> {1, 1, 0}<br/>
@@ -48,7 +49,8 @@ public class ArrayEncoder
      * {1, -1} -> {1, 0, 1}<br/>
      * {1, 0} -> {0, 1, 1}<br/>
      * {1, 1} -> {1, 0, 0}<br/>
-     * </code>
+     * </code>   \
+     * </p>
      */
     private static final int[] BIT1_TABLE = {1, 1, 1, 0, 0, 0, 1, 0, 1};
     private static final int[] BIT2_TABLE = {1, 1, 1, 1, 0, 0, 0, 1, 0};
@@ -56,7 +58,7 @@ public class ArrayEncoder
 
     /**
      * Encodes an int array whose elements are between 0 and <code>q</code>,
-     * to a byte array leaving no gaps between bits.<br/>
+     * to a byte array leaving no gaps between bits.<br>
      * <code>q</code> must be a power of 2.
      *
      * @param a the input array
@@ -92,8 +94,8 @@ public class ArrayEncoder
     }
 
     /**
-     * Decodes a <code>byte</code> array encoded with {@link #encodeModQ(int[], int)} back to an <code>int</code> array.<br/>
-     * <code>N</code> is the number of coefficients. <code>q</code> must be a power of <code>2</code>.<br/>
+     * Decodes a <code>byte</code> array encoded with {@link #encodeModQ(int[], int)} back to an <code>int</code> array.<br>
+     * <code>N</code> is the number of coefficients. <code>q</code> must be a power of <code>2</code>.<br>
      * Ignores any excess bytes.
      *
      * @param data an encoded ternary polynomial
@@ -120,8 +122,8 @@ public class ArrayEncoder
     }
 
     /**
-     * Decodes data encoded with {@link #encodeModQ(int[], int)} back to an <code>int</code> array.<br/>
-     * <code>N</code> is the number of coefficients. <code>q</code> must be a power of <code>2</code>.<br/>
+     * Decodes data encoded with {@link #encodeModQ(int[], int)} back to an <code>int</code> array.<br>
+     * <code>N</code> is the number of coefficients. <code>q</code> must be a power of <code>2</code>.<br>
      * Ignores any excess bytes.
      *
      * @param is an encoded ternary polynomial
@@ -140,8 +142,8 @@ public class ArrayEncoder
 
     /**
      * Decodes a <code>byte</code> array encoded with {@link #encodeMod3Sves(int[])} back to an <code>int</code> array
-     * with <code>N</code> coefficients between <code>-1</code> and <code>1</code>.<br/>
-     * Ignores any excess bytes.<br/>
+     * with <code>N</code> coefficients between <code>-1</code> and <code>1</code>.<br>
+     * Ignores any excess bytes.<br>
      * See P1363.1 section 9.2.2.
      *
      * @param data an encoded ternary polynomial
@@ -171,8 +173,8 @@ public class ArrayEncoder
 
     /**
      * Encodes an <code>int</code> array whose elements are between <code>-1</code> and <code>1</code>, to a byte array.
-     * <code>coeffs[2*i]</code> and <code>coeffs[2*i+1]</code> must not both equal -1 for any integer </code>i<code>,
-     * so this method is only safe to use with arrays produced by {@link #decodeMod3Sves(byte[], int)}.<br/>
+     * <code>coeffs[2*i]</code> and <code>coeffs[2*i+1]</code> must not both equal -1 for any integer <code>i</code>,
+     * so this method is only safe to use with arrays produced by {@link #decodeMod3Sves(byte[], int)}.<br>
      * See P1363.1 section 9.2.3.
      *
      * @param arr
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/test/AllTests.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/test/AllTests.java
new file mode 100644
index 0000000..55fc973
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/test/AllTests.java
@@ -0,0 +1,23 @@
+package org.bouncycastle.pqc.math.ntru.util.test;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+public class AllTests
+    extends TestCase
+{
+    public static void main (String[] args)
+    {
+        junit.textui.TestRunner.run(suite());
+    }
+    
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("NTRU ArrayEncoder Tests");
+        
+        suite.addTestSuite(ArrayEncoderTest.class);
+        
+        return suite;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/test/ArrayEncoderTest.java b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/test/ArrayEncoderTest.java
new file mode 100644
index 0000000..6dbdea3
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/pqc/math/ntru/util/test/ArrayEncoderTest.java
@@ -0,0 +1,42 @@
+package org.bouncycastle.pqc.math.ntru.util.test;
+
+import java.security.SecureRandom;
+import java.util.Random;
+
+import junit.framework.TestCase;
+import org.bouncycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial;
+import org.bouncycastle.pqc.math.ntru.polynomial.test.PolynomialGenerator;
+import org.bouncycastle.pqc.math.ntru.util.ArrayEncoder;
+import org.bouncycastle.util.Arrays;
+
+public class ArrayEncoderTest
+    extends TestCase
+{
+    public void testEncodeDecodeModQ()
+    {
+        int[] coeffs = PolynomialGenerator.generateRandom(1000, 2048).coeffs;
+        byte[] data = ArrayEncoder.encodeModQ(coeffs, 2048);
+        int[] coeffs2 = ArrayEncoder.decodeModQ(data, 1000, 2048);
+        assertTrue(Arrays.areEqual(coeffs, coeffs2));
+    }
+
+    public void testEncodeDecodeMod3Sves()
+    {
+        Random rng = new Random();
+        byte[] data = new byte[180];
+        rng.nextBytes(data);
+        int[] coeffs = ArrayEncoder.decodeMod3Sves(data, 960);
+        byte[] data2 = ArrayEncoder.encodeMod3Sves(coeffs);
+        assertTrue(Arrays.areEqual(data, data2));
+    }
+
+    public void testEncodeDecodeMod3Tight()
+    {
+        SecureRandom random = new SecureRandom();
+
+        int[] coeffs = DenseTernaryPolynomial.generateRandom(1000, random).coeffs;
+        byte[] data = ArrayEncoder.encodeMod3Tight(coeffs);
+        int[] coeffs2 = ArrayEncoder.decodeMod3Tight(data, 1000);
+        assertTrue(Arrays.areEqual(coeffs, coeffs2));
+    }
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Arrays.java b/bcprov/src/main/java/org/bouncycastle/util/Arrays.java
index 3f7677c..3c0646a 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/Arrays.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/Arrays.java
@@ -1,6 +1,7 @@
 package org.bouncycastle.util;
 
 import java.math.BigInteger;
+import java.util.Iterator;
 
 /**
  * General array utilities.
@@ -323,6 +324,25 @@ public final class Arrays
 
         return hc;
     }
+    
+    public static int hashCode(byte[] data, int off, int len)
+    {
+        if (data == null)
+        {
+            return 0;
+        }
+
+        int i = len;
+        int hc = i + 1;
+
+        while (--i >= 0)
+        {
+            hc *= 257;
+            hc ^= data[off + i];
+        }
+
+        return hc;
+    }
 
     public static int hashCode(char[] data)
     {
@@ -374,6 +394,25 @@ public final class Arrays
         return hc;
     }
 
+    public static int hashCode(int[] data, int off, int len)
+    {
+        if (data == null)
+        {
+            return 0;
+        }
+
+        int i = len;
+        int hc = i + 1;
+
+        while (--i >= 0)
+        {
+            hc *= 257;
+            hc ^= data[off + i];
+        }
+
+        return hc;
+    }
+
     public static int hashCode(short[][][] shorts)
     {
         int hc = 0;
@@ -752,6 +791,20 @@ public final class Arrays
         return result;
     }
 
+    public static short[] append(short[] a, short b)
+    {
+        if (a == null)
+        {
+            return new short[]{ b };
+        }
+
+        int length = a.length;
+        short[] result = new short[length + 1];
+        System.arraycopy(a, 0, result, 0, length);
+        result[length] = b;
+        return result;
+    }
+
     public static int[] append(int[] a, int b)
     {
         if (a == null)
@@ -840,6 +893,23 @@ public final class Arrays
         }
     }
 
+    public static int[] concatenate(int[] a, int[] b)
+    {
+        if (a == null)
+        {
+            return clone(b);
+        }
+        if (b == null)
+        {
+            return clone(a);
+        }
+
+        int[] c = new int[a.length + b.length];
+        System.arraycopy(a, 0, c, 0, a.length);
+        System.arraycopy(b, 0, c, a.length, b.length);
+        return c;
+    }
+
     public static byte[] prepend(byte[] a, byte b)
     {
         if (a == null)
@@ -853,4 +923,89 @@ public final class Arrays
         result[0] = b;
         return result;
     }
+
+    public static short[] prepend(short[] a, short b)
+    {
+        if (a == null)
+        {
+            return new short[]{ b };
+        }
+
+        int length = a.length;
+        short[] result = new short[length + 1];
+        System.arraycopy(a, 0, result, 1, length);
+        result[0] = b;
+        return result;
+    }
+
+    public static int[] prepend(int[] a, int b)
+    {
+        if (a == null)
+        {
+            return new int[]{ b };
+        }
+
+        int length = a.length;
+        int[] result = new int[length + 1];
+        System.arraycopy(a, 0, result, 1, length);
+        result[0] = b;
+        return result;
+    }
+
+    public static byte[] reverse(byte[] a)
+    {
+        if (a == null)
+        {
+            return null;
+        }
+
+        int p1 = 0, p2 = a.length;
+        byte[] result = new byte[p2];
+        
+        while (--p2 >= 0)
+        {
+            result[p2] = a[p1++];
+        }
+
+        return result;
+    }
+
+    /**
+     * Iterator backed by a specific array.
+     */
+    public static class Iterator<T>
+        implements java.util.Iterator<T>
+    {
+        private final T[] dataArray;
+
+        private int position = 0;
+
+        /**
+         * Base constructor.
+         * <p>
+         * Note: the array is not cloned, changes to it will affect the values returned by next().
+         * </p>
+         *
+         * @param dataArray array backing the iterator.
+         */
+        public Iterator(T[] dataArray)
+        {
+            this.dataArray = dataArray;
+        }
+
+        public boolean hasNext()
+        {
+            return position < dataArray.length;
+        }
+
+        public T next()
+        {
+            return dataArray[position++];
+        }
+
+        public void remove()
+        {
+            throw new UnsupportedOperationException("Cannot remove element from an Array.");
+        }
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/util/CollectionStore.java b/bcprov/src/main/java/org/bouncycastle/util/CollectionStore.java
index 91aba14..1cc9641 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/CollectionStore.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/CollectionStore.java
@@ -8,10 +8,10 @@ import java.util.List;
 /**
  * A simple collection backed store.
  */
-public class CollectionStore
-    implements Store
+public class CollectionStore<T>
+    implements Store<T>, Iterable<T>
 {
-    private Collection _local;
+    private Collection<T> _local;
 
     /**
      * Basic constructor.
@@ -19,9 +19,9 @@ public class CollectionStore
      * @param collection - initial contents for the store, this is copied.
      */
     public CollectionStore(
-        Collection collection)
+        Collection<T> collection)
     {
-        _local = new ArrayList(collection);
+        _local = new ArrayList<T>(collection);
     }
 
     /**
@@ -30,20 +30,20 @@ public class CollectionStore
      * @param selector the selector to match against.
      * @return a possibly empty collection of matching objects.
      */
-    public Collection getMatches(Selector selector)
+    public Collection<T> getMatches(Selector<T> selector)
     {
         if (selector == null)
         {
-            return new ArrayList(_local);
+            return new ArrayList<T>(_local);
         }
         else
         {
-            List col = new ArrayList();
-            Iterator iter = _local.iterator();
+            List<T> col = new ArrayList<T>();
+            Iterator<T> iter = _local.iterator();
 
             while (iter.hasNext())
             {
-                Object obj = iter.next();
+                T obj = iter.next();
 
                 if (selector.match(obj))
                 {
@@ -54,4 +54,9 @@ public class CollectionStore
             return col;
         }
     }
+
+    public Iterator<T> iterator()
+    {
+        return getMatches(null).iterator();
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Encodable.java b/bcprov/src/main/java/org/bouncycastle/util/Encodable.java
new file mode 100644
index 0000000..67258fb
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/Encodable.java
@@ -0,0 +1,18 @@
+package org.bouncycastle.util;
+
+import java.io.IOException;
+
+/**
+ * Interface implemented by objects that can be converted into byte arrays.
+ */
+public interface Encodable
+{
+    /**
+     * Return a byte array representing the implementing object.
+     *
+     * @return a byte array representing the encoding.
+     * @throws java.io.IOException if an issue arises generation the encoding.
+     */
+    byte[] getEncoded()
+        throws IOException;
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Integers.java b/bcprov/src/main/java/org/bouncycastle/util/Integers.java
index 599a9e0..f52baf5 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/Integers.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/Integers.java
@@ -2,6 +2,16 @@ package org.bouncycastle.util;
 
 public class Integers
 {
+    public static int rotateLeft(int i, int distance)
+    {
+        return Integer.rotateLeft(i, distance);
+    }
+
+    public static int rotateRight(int i, int distance)
+    {
+        return Integer.rotateRight(i, distance);
+    }
+
     public static Integer valueOf(int value)
     {
         return Integer.valueOf(value);
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Iterable.java b/bcprov/src/main/java/org/bouncycastle/util/Iterable.java
new file mode 100644
index 0000000..a0fa9dc
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/Iterable.java
@@ -0,0 +1,17 @@
+package org.bouncycastle.util;
+
+import java.util.Iterator;
+
+/**
+ * Utility class to allow use of Iterable feature in JDK 1.5+
+ */
+public interface Iterable<T>
+    extends java.lang.Iterable<T>
+{
+    /**
+     * Returns an iterator over a set of elements of type T.
+     *
+     * @return an Iterator.
+     */
+    Iterator<T> iterator();
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Memoable.java b/bcprov/src/main/java/org/bouncycastle/util/Memoable.java
index 0be9171..ee0beda 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/Memoable.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/Memoable.java
@@ -4,7 +4,7 @@ public interface Memoable
 {
     /**
      * Produce a copy of this object with its configuration and in its current state.
-     * <p/>
+     * <p>
      * The returned object may be used simply to store the state, or may be used as a similar object
      * starting from the copied state.
      */
@@ -12,7 +12,7 @@ public interface Memoable
 
     /**
      * Restore a copied object state into this object.
-     * <p/>
+     * <p>
      * Implementations of this method <em>should</em> try to avoid or minimise memory allocation to perform the reset.
      *
      * @param other an object originally {@link #copy() copied} from an object of the same type as this instance.
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Pack.java b/bcprov/src/main/java/org/bouncycastle/util/Pack.java
new file mode 100644
index 0000000..2f96af8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/Pack.java
@@ -0,0 +1,201 @@
+package org.bouncycastle.util;
+
+public abstract class Pack
+{
+    public static int bigEndianToInt(byte[] bs, int off)
+    {
+        int n = bs[  off] << 24;
+        n |= (bs[++off] & 0xff) << 16;
+        n |= (bs[++off] & 0xff) << 8;
+        n |= (bs[++off] & 0xff);
+        return n;
+    }
+
+    public static void bigEndianToInt(byte[] bs, int off, int[] ns)
+    {
+        for (int i = 0; i < ns.length; ++i)
+        {
+            ns[i] = bigEndianToInt(bs, off);
+            off += 4;
+        }
+    }
+
+    public static byte[] intToBigEndian(int n)
+    {
+        byte[] bs = new byte[4];
+        intToBigEndian(n, bs, 0);
+        return bs;
+    }
+
+    public static void intToBigEndian(int n, byte[] bs, int off)
+    {
+        bs[  off] = (byte)(n >>> 24);
+        bs[++off] = (byte)(n >>> 16);
+        bs[++off] = (byte)(n >>>  8);
+        bs[++off] = (byte)(n       );
+    }
+
+    public static byte[] intToBigEndian(int[] ns)
+    {
+        byte[] bs = new byte[4 * ns.length];
+        intToBigEndian(ns, bs, 0);
+        return bs;
+    }
+
+    public static void intToBigEndian(int[] ns, byte[] bs, int off)
+    {
+        for (int i = 0; i < ns.length; ++i)
+        {
+            intToBigEndian(ns[i], bs, off);
+            off += 4;
+        }
+    }
+
+    public static long bigEndianToLong(byte[] bs, int off)
+    {
+        int hi = bigEndianToInt(bs, off);
+        int lo = bigEndianToInt(bs, off + 4);
+        return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL);
+    }
+
+    public static void bigEndianToLong(byte[] bs, int off, long[] ns)
+    {
+        for (int i = 0; i < ns.length; ++i)
+        {
+            ns[i] = bigEndianToLong(bs, off);
+            off += 8;
+        }
+    }
+
+    public static byte[] longToBigEndian(long n)
+    {
+        byte[] bs = new byte[8];
+        longToBigEndian(n, bs, 0);
+        return bs;
+    }
+
+    public static void longToBigEndian(long n, byte[] bs, int off)
+    {
+        intToBigEndian((int)(n >>> 32), bs, off);
+        intToBigEndian((int)(n & 0xffffffffL), bs, off + 4);
+    }
+
+    public static byte[] longToBigEndian(long[] ns)
+    {
+        byte[] bs = new byte[8 * ns.length];
+        longToBigEndian(ns, bs, 0);
+        return bs;
+    }
+
+    public static void longToBigEndian(long[] ns, byte[] bs, int off)
+    {
+        for (int i = 0; i < ns.length; ++i)
+        {
+            longToBigEndian(ns[i], bs, off);
+            off += 8;
+        }
+    }
+
+    public static int littleEndianToInt(byte[] bs, int off)
+    {
+        int n = bs[  off] & 0xff;
+        n |= (bs[++off] & 0xff) << 8;
+        n |= (bs[++off] & 0xff) << 16;
+        n |= bs[++off] << 24;
+        return n;
+    }
+
+    public static void littleEndianToInt(byte[] bs, int off, int[] ns)
+    {
+        for (int i = 0; i < ns.length; ++i)
+        {
+            ns[i] = littleEndianToInt(bs, off);
+            off += 4;
+        }
+    }
+
+    public static void littleEndianToInt(byte[] bs, int bOff, int[] ns, int nOff, int count)
+    {
+        for (int i = 0; i < count; ++i)
+        {
+            ns[nOff + i] = littleEndianToInt(bs, bOff);
+            bOff += 4;
+        }
+    }
+
+    public static byte[] intToLittleEndian(int n)
+    {
+        byte[] bs = new byte[4];
+        intToLittleEndian(n, bs, 0);
+        return bs;
+    }
+
+    public static void intToLittleEndian(int n, byte[] bs, int off)
+    {
+        bs[  off] = (byte)(n       );
+        bs[++off] = (byte)(n >>>  8);
+        bs[++off] = (byte)(n >>> 16);
+        bs[++off] = (byte)(n >>> 24);
+    }
+
+    public static byte[] intToLittleEndian(int[] ns)
+    {
+        byte[] bs = new byte[4 * ns.length];
+        intToLittleEndian(ns, bs, 0);
+        return bs;
+    }
+
+    public static void intToLittleEndian(int[] ns, byte[] bs, int off)
+    {
+        for (int i = 0; i < ns.length; ++i)
+        {
+            intToLittleEndian(ns[i], bs, off);
+            off += 4;
+        }
+    }
+
+    public static long littleEndianToLong(byte[] bs, int off)
+    {
+        int lo = littleEndianToInt(bs, off);
+        int hi = littleEndianToInt(bs, off + 4);
+        return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL);
+    }
+
+    public static void littleEndianToLong(byte[] bs, int off, long[] ns)
+    {
+        for (int i = 0; i < ns.length; ++i)
+        {
+            ns[i] = littleEndianToLong(bs, off);
+            off += 8;
+        }
+    }
+
+    public static byte[] longToLittleEndian(long n)
+    {
+        byte[] bs = new byte[8];
+        longToLittleEndian(n, bs, 0);
+        return bs;
+    }
+
+    public static void longToLittleEndian(long n, byte[] bs, int off)
+    {
+        intToLittleEndian((int)(n & 0xffffffffL), bs, off);
+        intToLittleEndian((int)(n >>> 32), bs, off + 4);
+    }
+
+    public static byte[] longToLittleEndian(long[] ns)
+    {
+        byte[] bs = new byte[8 * ns.length];
+        longToLittleEndian(ns, bs, 0);
+        return bs;
+    }
+
+    public static void longToLittleEndian(long[] ns, byte[] bs, int off)
+    {
+        for (int i = 0; i < ns.length; ++i)
+        {
+            longToLittleEndian(ns[i], bs, off);
+            off += 8;
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Selector.java b/bcprov/src/main/java/org/bouncycastle/util/Selector.java
index 7ad86bf..a3a5ec8 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/Selector.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/Selector.java
@@ -1,9 +1,9 @@
 package org.bouncycastle.util;
 
-public interface Selector
+public interface Selector<T>
     extends Cloneable
 {
-    boolean match(Object obj);
+    boolean match(T obj);
 
     Object clone();
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Store.java b/bcprov/src/main/java/org/bouncycastle/util/Store.java
index b994c92..fd28b83 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/Store.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/Store.java
@@ -2,8 +2,8 @@ package org.bouncycastle.util;
 
 import java.util.Collection;
 
-public interface Store
+public interface Store<T>
 {
-    Collection getMatches(Selector selector)
+    Collection<T> getMatches(Selector<T> selector)
         throws StoreException;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/util/StringList.java b/bcprov/src/main/java/org/bouncycastle/util/StringList.java
new file mode 100644
index 0000000..e733442
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/StringList.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.util;
+
+public interface StringList
+    extends Iterable<String>
+{
+    boolean add(String s);
+
+    String get(int index);
+
+    int size();
+
+    String[] toStringArray();
+
+    /**
+     * Return a section of the contents of the list. If the list is too short the array is filled with nulls.
+     *
+     * @param from the initial index of the range to be copied, inclusive
+     * @param to the final index of the range to be copied, exclusive.
+     * @return an array of length to - from
+     */
+    String[] toStringArray(int from, int to);
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Strings.java b/bcprov/src/main/java/org/bouncycastle/util/Strings.java
index 7f67404..44ff3ae 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/Strings.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/Strings.java
@@ -3,6 +3,7 @@ package org.bouncycastle.util;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.util.ArrayList;
 import java.util.Vector;
 
 public final class Strings
@@ -241,6 +242,17 @@ public final class Strings
         return bytes;
     }
 
+    public static int toByteArray(String s, byte[] buf, int off)
+    {
+        int count = s.length();
+        for (int i = 0; i < count; ++i)
+        {
+            char c = s.charAt(i);
+            buf[off + i] = (byte)c;
+        }
+        return count;
+    }
+
     /**
      * Convert an array of 8 bit characters into a string.
      *
@@ -300,4 +312,53 @@ public final class Strings
         }
         return res;
     }
+
+    public static StringList newList()
+    {
+        return new StringListImpl();
+    }
+
+    private static class StringListImpl
+        extends ArrayList<String>
+        implements StringList
+    {
+        public boolean add(String s)
+        {
+            return super.add(s);
+        }
+
+        public String set(int index, String element)
+        {
+            return super.set(index, element);
+        }
+
+        public void add(int index, String element)
+        {
+            super.add(index, element);
+        }
+
+        public String[] toStringArray()
+        {
+            String[] strs = new String[this.size()];
+
+            for (int i = 0; i != strs.length; i++)
+            {
+                strs[i] = this.get(i);
+            }
+
+            return strs;
+        }
+
+        public String[] toStringArray(int from, int to)
+        {
+            String[] strs = new String[to - from];
+
+            for (int i = from; i != this.size() && i != to; i++)
+            {
+                strs[i - from] = this.get(i);
+            }
+
+            return strs;
+        }
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/util/Times.java b/bcprov/src/main/java/org/bouncycastle/util/Times.java
new file mode 100644
index 0000000..617d00b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/Times.java
@@ -0,0 +1,9 @@
+package org.bouncycastle.util;
+
+public final class Times
+{
+    public static long nanoTime()
+    {
+        return System.nanoTime();
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java
index 8380629..c04a8cc 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java
@@ -6,6 +6,9 @@ import java.io.OutputStream;
 
 import org.bouncycastle.util.Strings;
 
+/**
+ * Utility class for converting Base64 data to bytes and back again.
+ */
 public class Base64
 {
     private static final Encoder encoder = new Base64Encoder();
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java
index 1ef8f51..abad02c 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java
@@ -3,24 +3,27 @@ package org.bouncycastle.util.encoders;
 import java.io.IOException;
 import java.io.OutputStream;
 
+/**
+ * A streaming Base64 encoder.
+ */
 public class Base64Encoder
     implements Encoder
 {
     protected final byte[] encodingTable =
-        {
-            (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
-            (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-            (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
-            (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
-            (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
-            (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-            (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
-            (byte)'v',
-            (byte)'w', (byte)'x', (byte)'y', (byte)'z',
-            (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6',
-            (byte)'7', (byte)'8', (byte)'9',
-            (byte)'+', (byte)'/'
-        };
+    {
+        (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
+        (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
+        (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
+        (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
+        (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
+        (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
+        (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
+        (byte)'v',
+        (byte)'w', (byte)'x', (byte)'y', (byte)'z',
+        (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6',
+        (byte)'7', (byte)'8', (byte)'9',
+        (byte)'+', (byte)'/'
+    };
 
     protected byte    padding = (byte)'=';
     
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java
index 672430a..eea85b9 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java
@@ -2,7 +2,7 @@ package org.bouncycastle.util.encoders;
 
 
 /**
- * a buffering class to allow translation from one format to another to
+ * A buffering class to allow translation from one format to another to
  * be done in discrete chunks.
  */
 public class BufferedDecoder
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java
index 107eee8..60a098d 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java
@@ -2,7 +2,7 @@ package org.bouncycastle.util.encoders;
 
 
 /**
- * a buffering class to allow translation from one format to another to
+ * A buffering class to allow translation from one format to another to
  * be done in discrete chunks.
  */
 public class BufferedEncoder
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/DecoderException.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/DecoderException.java
index d9914a2..1e6782a 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/encoders/DecoderException.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/DecoderException.java
@@ -1,5 +1,8 @@
 package org.bouncycastle.util.encoders;
 
+/**
+ * Exception thrown if an attempt is made to decode invalid data, or some other failure occurs.
+ */
 public class DecoderException
     extends IllegalStateException
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/EncoderException.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/EncoderException.java
index 2d09a63..a1eb411 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/encoders/EncoderException.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/EncoderException.java
@@ -1,5 +1,8 @@
 package org.bouncycastle.util.encoders;
 
+/**
+ * Exception thrown if an attempt is made to encode invalid data, or some other failure occurs.
+ */
 public class EncoderException
     extends IllegalStateException
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java
index d49f1ef..63e9c71 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java
@@ -6,6 +6,9 @@ import java.io.OutputStream;
 
 import org.bouncycastle.util.Strings;
 
+/**
+ * Utility class for converting hex data to bytes and back again.
+ */
 public class Hex
 {
     private static final Encoder encoder = new HexEncoder();
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java
index 3bb594b..52f8fa6 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java
@@ -3,15 +3,18 @@ package org.bouncycastle.util.encoders;
 import java.io.IOException;
 import java.io.OutputStream;
 
+/**
+ * A streaming Hex encoder.
+ */
 public class HexEncoder
     implements Encoder
 {
     protected final byte[] encodingTable =
-        {
-            (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6', (byte)'7',
-            (byte)'8', (byte)'9', (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f'
-        };
-    
+    {
+        (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6', (byte)'7',
+        (byte)'8', (byte)'9', (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f'
+    };
+
     /*
      * set up the decoding table.
      */
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Translator.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Translator.java
index a3a0cb8..96381bc 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Translator.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Translator.java
@@ -1,7 +1,7 @@
 package org.bouncycastle.util.encoders;
 
 /**
- * general interface for an translator.
+ * General interface for an translator.
  */
 public interface Translator
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/package.html b/bcprov/src/main/java/org/bouncycastle/util/encoders/package.html
new file mode 100644
index 0000000..3be222b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Classes for producing and reading Base64 and Hex strings.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/StreamOverflowException.java b/bcprov/src/main/java/org/bouncycastle/util/io/StreamOverflowException.java
index 01af8da..ed5518d 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/StreamOverflowException.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/StreamOverflowException.java
@@ -2,6 +2,9 @@ package org.bouncycastle.util.io;
 
 import java.io.IOException;
 
+/**
+ * Exception thrown when too much data is written to an InputStream
+ */
 public class StreamOverflowException
     extends IOException
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/Streams.java b/bcprov/src/main/java/org/bouncycastle/util/io/Streams.java
index 41560b5..0dea236 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/Streams.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/Streams.java
@@ -5,10 +5,19 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 
+/**
+ * Utility methods to assist with stream processing.
+ */
 public final class Streams
 {
     private static int BUFFER_SIZE = 512;
 
+    /**
+     * Read stream till EOF is encountered.
+     *
+     * @param inStr stream to be emptied.
+     * @throws IOException in case of underlying IOException.
+     */
     public static void drain(InputStream inStr)
         throws IOException
     {
@@ -18,6 +27,13 @@ public final class Streams
         }
     }
 
+    /**
+     * Read stream fully, returning contents in a byte array.
+     *
+     * @param inStr stream to be read.
+     * @return a byte array representing the contents of inStr.
+     * @throws IOException in case of underlying IOException.
+     */
     public static byte[] readAll(InputStream inStr)
         throws IOException
     {
@@ -26,6 +42,15 @@ public final class Streams
         return buf.toByteArray();
     }
 
+    /**
+     * Read from inStr up to a maximum number of bytes, throwing an exception if more the maximum amount
+     * of requested data is available.
+     *
+     * @param inStr stream to be read.
+     * @param limit maximum number of bytes that can be read.
+     * @return a byte array representing the contents of inStr.
+     * @throws IOException in case of underlying IOException, or if limit is reached on inStr still has data in it.
+     */
     public static byte[] readAllLimited(InputStream inStr, int limit)
         throws IOException
     {
@@ -34,12 +59,30 @@ public final class Streams
         return buf.toByteArray();
     }
 
+    /**
+     * Fully read in buf's length in data, or up to EOF, whichever occurs first,
+     *
+     * @param inStr the stream to be read.
+     * @param buf the buffer to be read into.
+     * @return the number of bytes read into the buffer.
+     * @throws IOException in case of underlying IOException.
+     */
     public static int readFully(InputStream inStr, byte[] buf)
         throws IOException
     {
         return readFully(inStr, buf, 0, buf.length);
     }
 
+    /**
+     * Fully read in len's bytes of data into buf, or up to EOF, whichever occurs first,
+     *
+     * @param inStr the stream to be read.
+     * @param buf the buffer to be read into.
+     * @param off offset into buf to start putting bytes into.
+     * @param len  the number of bytes to be read.
+     * @return the number of bytes read into the buffer.
+     * @throws IOException in case of underlying IOException.
+     */
     public static int readFully(InputStream inStr, byte[] buf, int off, int len)
         throws IOException
     {
@@ -56,6 +99,13 @@ public final class Streams
         return totalRead;
     }
 
+    /**
+     * Write the full contents of inStr to the destination stream outStr.
+     *
+     * @param inStr source input stream.
+     * @param outStr destination output stream.
+     * @throws IOException in case of underlying IOException.
+     */
     public static void pipeAll(InputStream inStr, OutputStream outStr)
         throws IOException
     {
@@ -67,6 +117,14 @@ public final class Streams
         }
     }
 
+    /**
+     * Write up to limit bytes of data from inStr to the destination stream outStr.
+     *
+     * @param inStr source input stream.
+     * @param limit the maximum number of bytes allowed to be read.
+     * @param outStr destination output stream.
+     * @throws IOException in case of underlying IOException, or if limit is reached on inStr still has data in it.
+     */
     public static long pipeAllLimited(InputStream inStr, long limit, OutputStream outStr)
         throws IOException
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/TeeInputStream.java b/bcprov/src/main/java/org/bouncycastle/util/io/TeeInputStream.java
index 9154246..96da169 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/TeeInputStream.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/TeeInputStream.java
@@ -4,12 +4,21 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 
+/**
+ * An input stream which copies anything read through it to another stream.
+ */
 public class TeeInputStream
     extends InputStream
 {
     private final InputStream input;
     private final OutputStream output;
 
+    /**
+     * Base constructor.
+     *
+     * @param input input stream to be wrapped.
+     * @param output output stream to copy any input read to.
+     */
     public TeeInputStream(InputStream input, OutputStream output)
     {
         this.input = input;
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java b/bcprov/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java
index a4919cd..05b2b56 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/TeeOutputStream.java
@@ -3,12 +3,22 @@ package org.bouncycastle.util.io;
 import java.io.IOException;
 import java.io.OutputStream;
 
+
+/**
+ * An output stream which copies anything written into it to another stream.
+ */
 public class TeeOutputStream
     extends OutputStream
 {
     private OutputStream output1;
     private OutputStream output2;
 
+    /**
+     * Base constructor.
+     *
+     * @param output1 the output stream that is wrapped.
+     * @param output2 a secondary stream that anything written to output1 is also written to.
+     */
     public TeeOutputStream(OutputStream output1, OutputStream output2)
     {
         this.output1 = output1;
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/package.html b/bcprov/src/main/java/org/bouncycastle/util/io/package.html
new file mode 100644
index 0000000..e987cca
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+General purpose I/O helper classes and wrappers.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java
index 69a773e..63f61f2 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java
@@ -2,6 +2,9 @@ package org.bouncycastle.util.io.pem;
 
 import java.io.IOException;
 
+/**
+ * Exception thrown on failure to generate a PEM object.
+ */
 public class PemGenerationException
     extends IOException
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java
index b201c13..bbc6108 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java
@@ -1,10 +1,19 @@
 package org.bouncycastle.util.io.pem;
 
+/**
+ * Class representing a PEM header (name, value) pair.
+ */
 public class PemHeader
 {
     private String name;
     private String value;
 
+    /**
+     * Base constructor.
+     *
+     * @param name name of the header property.
+     * @param value value of the header property.
+     */
     public PemHeader(String name, String value)
     {
         this.name = name;
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObject.java b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObject.java
index 2199520..606330d 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObject.java
@@ -4,6 +4,9 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
+/**
+ * A generic PEM object - type, header properties, and byte content.
+ */
 public class PemObject
     implements PemObjectGenerator
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java
index 6fffdc5..9664639 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java
@@ -1,7 +1,16 @@
 package org.bouncycastle.util.io.pem;
 
+/**
+ * Base interface for generators of PEM objects.
+ */
 public interface PemObjectGenerator
 {
+    /**
+     * Generate a PEM object.
+     *
+     * @return the generated object.
+     * @throws PemGenerationException on failure.
+     */
     PemObject generate()
         throws PemGenerationException;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java
index b18b550..933da6a 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java
@@ -2,8 +2,18 @@ package org.bouncycastle.util.io.pem;
 
 import java.io.IOException;
 
+/**
+ * Base interface for parsers to convert PEM objects into specific objects.
+ */
 public interface PemObjectParser
 {
+    /**
+     * Parse an object out of the PEM object passed in.
+     *
+     * @param obj the PEM object containing the details for the specific object.
+     * @return a specific object represented by the  PEM object.
+     * @throws IOException on a parsing error.
+     */
     Object parseObject(PemObject obj)
             throws IOException;
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemReader.java b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
index 7664725..3045b4d 100644
--- a/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
@@ -8,6 +8,9 @@ import java.util.List;
 
 import org.bouncycastle.util.encoders.Base64;
 
+/**
+ * A generic PEM reader, based on the format outlined in RFC 1421
+ */
 public class PemReader
     extends BufferedReader
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/util/io/pem/package.html b/bcprov/src/main/java/org/bouncycastle/util/io/pem/package.html
new file mode 100644
index 0000000..c5cc4a5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/io/pem/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Classes for reading and writing raw PEM objects.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/util/package.html b/bcprov/src/main/java/org/bouncycastle/util/package.html
new file mode 100644
index 0000000..c9247ea
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+General purpose utility classes used throughout the APIs.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/util/test/package.html b/bcprov/src/main/java/org/bouncycastle/util/test/package.html
new file mode 100644
index 0000000..e723fd1
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/util/test/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Light weight test API. If you can use Junit!
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/CertPathValidatorUtilities.java b/bcprov/src/main/java/org/bouncycastle/x509/CertPathValidatorUtilities.java
new file mode 100644
index 0000000..ca8769c
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/x509/CertPathValidatorUtilities.java
@@ -0,0 +1,1517 @@
+package org.bouncycastle.x509;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.cert.CRLException;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.PKIXParameters;
+import java.security.cert.PolicyQualifierInfo;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509CRL;
+import java.security.cert.X509CRLEntry;
+import java.security.cert.X509CRLSelector;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.DSAParams;
+import java.security.interfaces.DSAPublicKey;
+import java.security.spec.DSAPublicKeySpec;
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Enumerated;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.CRLDistPoint;
+import org.bouncycastle.asn1.x509.CRLReason;
+import org.bouncycastle.asn1.x509.DistributionPoint;
+import org.bouncycastle.asn1.x509.DistributionPointName;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
+import org.bouncycastle.asn1.x509.PolicyInformation;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.jcajce.PKIXCertStoreSelector;
+import org.bouncycastle.jce.X509LDAPCertStoreParameters;
+import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
+import org.bouncycastle.jce.provider.AnnotatedException;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.provider.PKIXPolicyNode;
+import org.bouncycastle.util.Encodable;
+import org.bouncycastle.util.Integers;
+import org.bouncycastle.util.Selector;
+import org.bouncycastle.util.Store;
+import org.bouncycastle.util.StoreException;
+
+class CertPathValidatorUtilities
+{
+    protected static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil();
+
+    protected static final String CERTIFICATE_POLICIES = Extension.certificatePolicies.getId();
+    protected static final String BASIC_CONSTRAINTS = Extension.basicConstraints.getId();
+    protected static final String POLICY_MAPPINGS = Extension.policyMappings.getId();
+    protected static final String SUBJECT_ALTERNATIVE_NAME = Extension.subjectAlternativeName.getId();
+    protected static final String NAME_CONSTRAINTS = Extension.nameConstraints.getId();
+    protected static final String KEY_USAGE = Extension.keyUsage.getId();
+    protected static final String INHIBIT_ANY_POLICY = Extension.inhibitAnyPolicy.getId();
+    protected static final String ISSUING_DISTRIBUTION_POINT = Extension.issuingDistributionPoint.getId();
+    protected static final String DELTA_CRL_INDICATOR = Extension.deltaCRLIndicator.getId();
+    protected static final String POLICY_CONSTRAINTS = Extension.policyConstraints.getId();
+    protected static final String FRESHEST_CRL = Extension.freshestCRL.getId();
+    protected static final String CRL_DISTRIBUTION_POINTS = Extension.cRLDistributionPoints.getId();
+    protected static final String AUTHORITY_KEY_IDENTIFIER = Extension.authorityKeyIdentifier.getId();
+
+    protected static final String ANY_POLICY = "2.5.29.32.0";
+
+    protected static final String CRL_NUMBER = Extension.cRLNumber.getId();
+
+    /*
+    * key usage bits
+    */
+    protected static final int KEY_CERT_SIGN = 5;
+    protected static final int CRL_SIGN = 6;
+
+    protected static final String[] crlReasons = new String[]{
+        "unspecified",
+        "keyCompromise",
+        "cACompromise",
+        "affiliationChanged",
+        "superseded",
+        "cessationOfOperation",
+        "certificateHold",
+        "unknown",
+        "removeFromCRL",
+        "privilegeWithdrawn",
+        "aACompromise"};
+
+    /**
+     * Search the given Set of TrustAnchor's for one that is the
+     * issuer of the given X509 certificate. Uses the default provider
+     * for signature verification.
+     *
+     * @param cert         the X509 certificate
+     * @param trustAnchors a Set of TrustAnchor's
+     * @return the <code>TrustAnchor</code> object if found or
+     *         <code>null</code> if not.
+     * @throws AnnotatedException if a TrustAnchor was found but the signature verification
+     * on the given certificate has thrown an exception.
+     */
+    protected static TrustAnchor findTrustAnchor(
+        X509Certificate cert,
+        Set trustAnchors)
+        throws AnnotatedException
+    {
+        return findTrustAnchor(cert, trustAnchors, null);
+    }
+
+    /**
+     * Search the given Set of TrustAnchor's for one that is the
+     * issuer of the given X509 certificate. Uses the specified
+     * provider for signature verification, or the default provider
+     * if null.
+     *
+     * @param cert         the X509 certificate
+     * @param trustAnchors a Set of TrustAnchor's
+     * @param sigProvider  the provider to use for signature verification
+     * @return the <code>TrustAnchor</code> object if found or
+     *         <code>null</code> if not.
+     * @throws AnnotatedException if a TrustAnchor was found but the signature verification
+     * on the given certificate has thrown an exception.
+     */
+    protected static TrustAnchor findTrustAnchor(
+        X509Certificate cert,
+        Set trustAnchors,
+        String sigProvider)
+        throws AnnotatedException
+    {
+        TrustAnchor trust = null;
+        PublicKey trustPublicKey = null;
+        Exception invalidKeyEx = null;
+
+        X509CertSelector certSelectX509 = new X509CertSelector();
+        X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
+
+        try
+        {
+            certSelectX509.setSubject(certIssuer.getEncoded());
+        }
+        catch (IOException ex)
+        {
+            throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex);
+        }
+
+        Iterator iter = trustAnchors.iterator();
+        while (iter.hasNext() && trust == null)
+        {
+            trust = (TrustAnchor)iter.next();
+            if (trust.getTrustedCert() != null)
+            {
+                if (certSelectX509.match(trust.getTrustedCert()))
+                {
+                    trustPublicKey = trust.getTrustedCert().getPublicKey();
+                }
+                else
+                {
+                    trust = null;
+                }
+            }
+            else if (trust.getCAName() != null
+                && trust.getCAPublicKey() != null)
+            {
+                try
+                {
+                    X500Principal caName = new X500Principal(trust.getCAName());
+                    if (certIssuer.equals(caName))
+                    {
+                        trustPublicKey = trust.getCAPublicKey();
+                    }
+                    else
+                    {
+                        trust = null;
+                    }
+                }
+                catch (IllegalArgumentException ex)
+                {
+                    trust = null;
+                }
+            }
+            else
+            {
+                trust = null;
+            }
+
+            if (trustPublicKey != null)
+            {
+                try
+                {
+                    verifyX509Certificate(cert, trustPublicKey, sigProvider);
+                }
+                catch (Exception ex)
+                {
+                    invalidKeyEx = ex;
+                    trust = null;
+                    trustPublicKey = null;
+                }
+            }
+        }
+
+        if (trust == null && invalidKeyEx != null)
+        {
+            throw new AnnotatedException("TrustAnchor found but certificate validation failed.", invalidKeyEx);
+        }
+
+        return trust;
+    }
+
+    protected static void addAdditionalStoresFromAltNames(
+        X509Certificate cert,
+        ExtendedPKIXParameters pkixParams)
+        throws CertificateParsingException
+    {
+        // if in the IssuerAltName extension an URI
+        // is given, add an additional X.509 store
+        if (cert.getIssuerAlternativeNames() != null)
+        {
+            Iterator it = cert.getIssuerAlternativeNames().iterator();
+            while (it.hasNext())
+            {
+                // look for URI
+                List list = (List)it.next();
+                if (list.get(0).equals(Integers.valueOf(GeneralName.uniformResourceIdentifier)))
+                {
+                    // found
+                    String temp = (String)list.get(1);
+                    CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams);
+                }
+            }
+        }
+    }
+
+    /**
+     * Returns the issuer of an attribute certificate or certificate.
+     *
+     * @param cert The attribute certificate or certificate.
+     * @return The issuer as <code>X500Principal</code>.
+     */
+    protected static X500Principal getEncodedIssuerPrincipal(
+        Object cert)
+    {
+        if (cert instanceof X509Certificate)
+        {
+            return ((X509Certificate)cert).getIssuerX500Principal();
+        }
+        else
+        {
+            return (X500Principal)((X509AttributeCertificate)cert).getIssuer().getPrincipals()[0];
+        }
+    }
+
+    protected static Date getValidDate(PKIXParameters paramsPKIX)
+    {
+        Date validDate = paramsPKIX.getDate();
+
+        if (validDate == null)
+        {
+            validDate = new Date();
+        }
+
+        return validDate;
+    }
+
+    protected static X500Principal getSubjectPrincipal(X509Certificate cert)
+    {
+        return cert.getSubjectX500Principal();
+    }
+
+    protected static boolean isSelfIssued(X509Certificate cert)
+    {
+        return cert.getSubjectDN().equals(cert.getIssuerDN());
+    }
+
+
+    /**
+     * Extract the value of the given extension, if it exists.
+     *
+     * @param ext The extension object.
+     * @param oid The object identifier to obtain.
+     * @throws AnnotatedException if the extension cannot be read.
+     */
+    protected static ASN1Primitive getExtensionValue(
+        java.security.cert.X509Extension ext,
+        String oid)
+        throws AnnotatedException
+    {
+        byte[] bytes = ext.getExtensionValue(oid);
+        if (bytes == null)
+        {
+            return null;
+        }
+
+        return getObject(oid, bytes);
+    }
+
+    private static ASN1Primitive getObject(
+        String oid,
+        byte[] ext)
+        throws AnnotatedException
+    {
+        try
+        {
+            ASN1InputStream aIn = new ASN1InputStream(ext);
+            ASN1OctetString octs = (ASN1OctetString)aIn.readObject();
+
+            aIn = new ASN1InputStream(octs.getOctets());
+            return aIn.readObject();
+        }
+        catch (Exception e)
+        {
+            throw new AnnotatedException("exception processing extension " + oid, e);
+        }
+    }
+
+    protected static X500Principal getIssuerPrincipal(X509CRL crl)
+    {
+        return crl.getIssuerX500Principal();
+    }
+
+    protected static AlgorithmIdentifier getAlgorithmIdentifier(
+        PublicKey key)
+        throws CertPathValidatorException
+    {
+        try
+        {
+            ASN1InputStream aIn = new ASN1InputStream(key.getEncoded());
+
+            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
+
+            return info.getAlgorithmId();
+        }
+        catch (Exception e)
+        {
+            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e);
+        }
+    }
+
+    // crl checking
+
+
+    //
+    // policy checking
+    //
+
+    protected static final Set getQualifierSet(ASN1Sequence qualifiers)
+        throws CertPathValidatorException
+    {
+        Set pq = new HashSet();
+
+        if (qualifiers == null)
+        {
+            return pq;
+        }
+
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+        ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+        Enumeration e = qualifiers.getObjects();
+
+        while (e.hasMoreElements())
+        {
+            try
+            {
+                aOut.writeObject((ASN1Encodable)e.nextElement());
+
+                pq.add(new PolicyQualifierInfo(bOut.toByteArray()));
+            }
+            catch (IOException ex)
+            {
+                throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", ex);
+            }
+
+            bOut.reset();
+        }
+
+        return pq;
+    }
+
+    protected static PKIXPolicyNode removePolicyNode(
+        PKIXPolicyNode validPolicyTree,
+        List[] policyNodes,
+        PKIXPolicyNode _node)
+    {
+        PKIXPolicyNode _parent = (PKIXPolicyNode)_node.getParent();
+
+        if (validPolicyTree == null)
+        {
+            return null;
+        }
+
+        if (_parent == null)
+        {
+            for (int j = 0; j < policyNodes.length; j++)
+            {
+                policyNodes[j] = new ArrayList();
+            }
+
+            return null;
+        }
+        else
+        {
+            _parent.removeChild(_node);
+            removePolicyNodeRecurse(policyNodes, _node);
+
+            return validPolicyTree;
+        }
+    }
+
+    private static void removePolicyNodeRecurse(
+        List[] policyNodes,
+        PKIXPolicyNode _node)
+    {
+        policyNodes[_node.getDepth()].remove(_node);
+
+        if (_node.hasChildren())
+        {
+            Iterator _iter = _node.getChildren();
+            while (_iter.hasNext())
+            {
+                PKIXPolicyNode _child = (PKIXPolicyNode)_iter.next();
+                removePolicyNodeRecurse(policyNodes, _child);
+            }
+        }
+    }
+
+
+    protected static boolean processCertD1i(
+        int index,
+        List[] policyNodes,
+        ASN1ObjectIdentifier pOid,
+        Set pq)
+    {
+        List policyNodeVec = policyNodes[index - 1];
+
+        for (int j = 0; j < policyNodeVec.size(); j++)
+        {
+            PKIXPolicyNode node = (PKIXPolicyNode)policyNodeVec.get(j);
+            Set expectedPolicies = node.getExpectedPolicies();
+
+            if (expectedPolicies.contains(pOid.getId()))
+            {
+                Set childExpectedPolicies = new HashSet();
+                childExpectedPolicies.add(pOid.getId());
+
+                PKIXPolicyNode child = new PKIXPolicyNode(new ArrayList(),
+                    index,
+                    childExpectedPolicies,
+                    node,
+                    pq,
+                    pOid.getId(),
+                    false);
+                node.addChild(child);
+                policyNodes[index].add(child);
+
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    protected static void processCertD1ii(
+        int index,
+        List[] policyNodes,
+        ASN1ObjectIdentifier _poid,
+        Set _pq)
+    {
+        List policyNodeVec = policyNodes[index - 1];
+
+        for (int j = 0; j < policyNodeVec.size(); j++)
+        {
+            PKIXPolicyNode _node = (PKIXPolicyNode)policyNodeVec.get(j);
+
+            if (ANY_POLICY.equals(_node.getValidPolicy()))
+            {
+                Set _childExpectedPolicies = new HashSet();
+                _childExpectedPolicies.add(_poid.getId());
+
+                PKIXPolicyNode _child = new PKIXPolicyNode(new ArrayList(),
+                    index,
+                    _childExpectedPolicies,
+                    _node,
+                    _pq,
+                    _poid.getId(),
+                    false);
+                _node.addChild(_child);
+                policyNodes[index].add(_child);
+                return;
+            }
+        }
+    }
+
+    protected static void prepareNextCertB1(
+        int i,
+        List[] policyNodes,
+        String id_p,
+        Map m_idp,
+        X509Certificate cert
+    )
+        throws AnnotatedException, CertPathValidatorException
+    {
+        boolean idp_found = false;
+        Iterator nodes_i = policyNodes[i].iterator();
+        while (nodes_i.hasNext())
+        {
+            PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
+            if (node.getValidPolicy().equals(id_p))
+            {
+                idp_found = true;
+                node.setExpectedPolicies((Set)m_idp.get(id_p));
+                break;
+            }
+        }
+
+        if (!idp_found)
+        {
+            nodes_i = policyNodes[i].iterator();
+            while (nodes_i.hasNext())
+            {
+                PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
+                if (ANY_POLICY.equals(node.getValidPolicy()))
+                {
+                    Set pq = null;
+                    ASN1Sequence policies = null;
+                    try
+                    {
+                        policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
+                    }
+                    catch (Exception e)
+                    {
+                        throw new AnnotatedException("Certificate policies cannot be decoded.", e);
+                    }
+                    Enumeration e = policies.getObjects();
+                    while (e.hasMoreElements())
+                    {
+                        PolicyInformation pinfo = null;
+
+                        try
+                        {
+                            pinfo = PolicyInformation.getInstance(e.nextElement());
+                        }
+                        catch (Exception ex)
+                        {
+                            throw new AnnotatedException("Policy information cannot be decoded.", ex);
+                        }
+                        if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId()))
+                        {
+                            try
+                            {
+                                pq = getQualifierSet(pinfo.getPolicyQualifiers());
+                            }
+                            catch (CertPathValidatorException ex)
+                            {
+                                throw new ExtCertPathValidatorException(
+                                    "Policy qualifier info set could not be built.", ex);
+                            }
+                            break;
+                        }
+                    }
+                    boolean ci = false;
+                    if (cert.getCriticalExtensionOIDs() != null)
+                    {
+                        ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
+                    }
+
+                    PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent();
+                    if (ANY_POLICY.equals(p_node.getValidPolicy()))
+                    {
+                        PKIXPolicyNode c_node = new PKIXPolicyNode(
+                            new ArrayList(), i,
+                            (Set)m_idp.get(id_p),
+                            p_node, pq, id_p, ci);
+                        p_node.addChild(c_node);
+                        policyNodes[i].add(c_node);
+                    }
+                    break;
+                }
+            }
+        }
+    }
+
+    protected static PKIXPolicyNode prepareNextCertB2(
+        int i,
+        List[] policyNodes,
+        String id_p,
+        PKIXPolicyNode validPolicyTree)
+    {
+        Iterator nodes_i = policyNodes[i].iterator();
+        while (nodes_i.hasNext())
+        {
+            PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
+            if (node.getValidPolicy().equals(id_p))
+            {
+                PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent();
+                p_node.removeChild(node);
+                nodes_i.remove();
+                for (int k = (i - 1); k >= 0; k--)
+                {
+                    List nodes = policyNodes[k];
+                    for (int l = 0; l < nodes.size(); l++)
+                    {
+                        PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l);
+                        if (!node2.hasChildren())
+                        {
+                            validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node2);
+                            if (validPolicyTree == null)
+                            {
+                                break;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        return validPolicyTree;
+    }
+
+    protected static boolean isAnyPolicy(
+        Set policySet)
+    {
+        return policySet == null || policySet.contains(ANY_POLICY) || policySet.isEmpty();
+    }
+
+    protected static void addAdditionalStoreFromLocation(String location,
+                                                         ExtendedPKIXParameters pkixParams)
+    {
+        if (pkixParams.isAdditionalLocationsEnabled())
+        {
+            try
+            {
+                if (location.startsWith("ldap://"))
+                {
+                    // ldap://directory.d-trust.net/CN=D-TRUST
+                    // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE
+                    // skip "ldap://"
+                    location = location.substring(7);
+                    // after first / baseDN starts
+                    String base = null;
+                    String url = null;
+                    if (location.indexOf("/") != -1)
+                    {
+                        base = location.substring(location.indexOf("/"));
+                        // URL
+                        url = "ldap://"
+                            + location.substring(0, location.indexOf("/"));
+                    }
+                    else
+                    {
+                        url = "ldap://" + location;
+                    }
+                    // use all purpose parameters
+                    X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
+                        url, base).build();
+                    pkixParams.addAdditionalStore(X509Store.getInstance(
+                        "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                    pkixParams.addAdditionalStore(X509Store.getInstance(
+                        "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                    pkixParams.addAdditionalStore(X509Store.getInstance(
+                        "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                    pkixParams.addAdditionalStore(X509Store.getInstance(
+                        "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                }
+            }
+            catch (Exception e)
+            {
+                // cannot happen
+                throw new RuntimeException("Exception adding X.509 stores.");
+            }
+        }
+    }
+
+    /**
+     * Return a Collection of all certificates or attribute certificates found
+     * in the X509Store's that are matching the certSelect criteriums.
+     *
+     * @param certSelect a {@link Selector} object that will be used to select
+     *                   the certificates
+     * @param certStores a List containing only {@link X509Store} objects. These
+     *                   are used to search for certificates.
+     * @return a Collection of all found {@link X509Certificate} or
+     *         {@link org.bouncycastle.x509.X509AttributeCertificate} objects.
+     *         May be empty but never <code>null</code>.
+     */
+    protected static Collection findCertificates(X509CertStoreSelector certSelect,
+                                                 List certStores)
+        throws AnnotatedException
+    {
+        Set certs = new HashSet();
+        Iterator iter = certStores.iterator();
+        org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory certFact = new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory();
+
+        while (iter.hasNext())
+        {
+            Object obj = iter.next();
+
+            if (obj instanceof Store)
+            {
+                Store certStore = (Store)obj;
+                try
+                {
+                    for (Iterator it = certStore.getMatches(certSelect).iterator(); it.hasNext();)
+                    {
+                        Object cert = it.next();
+
+                        if (cert instanceof Encodable)
+                        {
+                            certs.add(certFact.engineGenerateCertificate(new ByteArrayInputStream(((Encodable)cert).getEncoded())));
+                        }
+                        else if (cert instanceof Certificate)
+                        {
+                             certs.add(cert);
+                        }
+                        else
+                        {
+                            throw new AnnotatedException(
+                                    "Unknown object found in certificate store.");
+                        }
+                    }
+                }
+                catch (StoreException e)
+                {
+                    throw new AnnotatedException(
+                            "Problem while picking certificates from X.509 store.", e);
+                }
+                catch (IOException e)
+                {
+                    throw new AnnotatedException(
+                            "Problem while extracting certificates from X.509 store.", e);
+                }
+                catch (CertificateException e)
+                {
+                    throw new AnnotatedException(
+                            "Problem while extracting certificates from X.509 store.", e);
+                }
+            }
+            else
+            {
+                CertStore certStore = (CertStore)obj;
+
+                try
+                {
+                    certs.addAll(certStore.getCertificates(certSelect));
+                }
+                catch (CertStoreException e)
+                {
+                    throw new AnnotatedException(
+                        "Problem while picking certificates from certificate store.",
+                        e);
+                }
+            }
+        }
+        return certs;
+    }
+
+    protected static Collection findCertificates(PKIXCertStoreSelector certSelect,
+                                                 List certStores)
+        throws AnnotatedException
+    {
+        Set certs = new HashSet();
+        Iterator iter = certStores.iterator();
+
+        while (iter.hasNext())
+        {
+            Object obj = iter.next();
+
+            if (obj instanceof Store)
+            {
+                Store certStore = (Store)obj;
+                try
+                {
+                    certs.addAll(certStore.getMatches(certSelect));
+                }
+                catch (StoreException e)
+                {
+                    throw new AnnotatedException(
+                            "Problem while picking certificates from X.509 store.", e);
+                }
+            }
+            else
+            {
+                CertStore certStore = (CertStore)obj;
+
+                try
+                {
+                    certs.addAll(PKIXCertStoreSelector.getCertificates(certSelect, certStore));
+                }
+                catch (CertStoreException e)
+                {
+                    throw new AnnotatedException(
+                        "Problem while picking certificates from certificate store.",
+                        e);
+                }
+            }
+        }
+        return certs;
+    }
+
+    protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
+                                                 List certStores)
+        throws AnnotatedException
+    {
+        Set certs = new HashSet();
+        Iterator iter = certStores.iterator();
+
+        while (iter.hasNext())
+        {
+            Object obj = iter.next();
+
+            if (obj instanceof X509Store)
+            {
+                X509Store certStore = (X509Store)obj;
+                try
+                {
+                    certs.addAll(certStore.getMatches(certSelect));
+                }
+                catch (StoreException e)
+                {
+                    throw new AnnotatedException(
+                            "Problem while picking certificates from X.509 store.", e);
+                }
+            }
+        }
+        return certs;
+    }
+
+    protected static void addAdditionalStoresFromCRLDistributionPoint(
+        CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
+        throws AnnotatedException
+    {
+        if (crldp != null)
+        {
+            DistributionPoint dps[] = null;
+            try
+            {
+                dps = crldp.getDistributionPoints();
+            }
+            catch (Exception e)
+            {
+                throw new AnnotatedException(
+                    "Distribution points could not be read.", e);
+            }
+            for (int i = 0; i < dps.length; i++)
+            {
+                DistributionPointName dpn = dps[i].getDistributionPoint();
+                // look for URIs in fullName
+                if (dpn != null)
+                {
+                    if (dpn.getType() == DistributionPointName.FULL_NAME)
+                    {
+                        GeneralName[] genNames = GeneralNames.getInstance(
+                            dpn.getName()).getNames();
+                        // look for an URI
+                        for (int j = 0; j < genNames.length; j++)
+                        {
+                            if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier)
+                            {
+                                String location = DERIA5String.getInstance(
+                                    genNames[j].getName()).getString();
+                                CertPathValidatorUtilities
+                                    .addAdditionalStoreFromLocation(location,
+                                        pkixParams);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    /**
+     * Add the CRL issuers from the cRLIssuer field of the distribution point or
+     * from the certificate if not given to the issuer criterion of the
+     * <code>selector</code>.
+     * <p>
+     * The <code>issuerPrincipals</code> are a collection with a single
+     * <code>X500Principal</code> for <code>X509Certificate</code>s. For
+     * {@link X509AttributeCertificate}s the issuer may contain more than one
+     * <code>X500Principal</code>.
+     * </p>
+     * @param dp               The distribution point.
+     * @param issuerPrincipals The issuers of the certificate or attribute
+     *                         certificate which contains the distribution point.
+     * @param selector         The CRL selector.
+     * @param pkixParams       The PKIX parameters containing the cert stores.
+     * @throws AnnotatedException if an exception occurs while processing.
+     * @throws ClassCastException if <code>issuerPrincipals</code> does not
+     * contain only <code>X500Principal</code>s.
+     */
+    protected static void getCRLIssuersFromDistributionPoint(
+        DistributionPoint dp,
+        Collection issuerPrincipals,
+        X509CRLSelector selector,
+        ExtendedPKIXParameters pkixParams)
+        throws AnnotatedException
+    {
+        List issuers = new ArrayList();
+        // indirect CRL
+        if (dp.getCRLIssuer() != null)
+        {
+            GeneralName genNames[] = dp.getCRLIssuer().getNames();
+            // look for a DN
+            for (int j = 0; j < genNames.length; j++)
+            {
+                if (genNames[j].getTagNo() == GeneralName.directoryName)
+                {
+                    try
+                    {
+                        issuers.add(new X500Principal(genNames[j].getName()
+                            .toASN1Primitive().getEncoded()));
+                    }
+                    catch (IOException e)
+                    {
+                        throw new AnnotatedException(
+                            "CRL issuer information from distribution point cannot be decoded.",
+                            e);
+                    }
+                }
+            }
+        }
+        else
+        {
+            /*
+             * certificate issuer is CRL issuer, distributionPoint field MUST be
+             * present.
+             */
+            if (dp.getDistributionPoint() == null)
+            {
+                throw new AnnotatedException(
+                    "CRL issuer is omitted from distribution point but no distributionPoint field present.");
+            }
+            // add and check issuer principals
+            for (Iterator it = issuerPrincipals.iterator(); it.hasNext(); )
+            {
+                issuers.add((X500Principal)it.next());
+            }
+        }
+        // TODO: is not found although this should correctly add the rel name. selector of Sun is buggy here or PKI test case is invalid
+        // distributionPoint
+//        if (dp.getDistributionPoint() != null)
+//        {
+//            // look for nameRelativeToCRLIssuer
+//            if (dp.getDistributionPoint().getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
+//            {
+//                // append fragment to issuer, only one
+//                // issuer can be there, if this is given
+//                if (issuers.size() != 1)
+//                {
+//                    throw new AnnotatedException(
+//                        "nameRelativeToCRLIssuer field is given but more than one CRL issuer is given.");
+//                }
+//                ASN1Encodable relName = dp.getDistributionPoint().getName();
+//                Iterator it = issuers.iterator();
+//                List issuersTemp = new ArrayList(issuers.size());
+//                while (it.hasNext())
+//                {
+//                    Enumeration e = null;
+//                    try
+//                    {
+//                        e = ASN1Sequence.getInstance(
+//                            new ASN1InputStream(((X500Principal) it.next())
+//                                .getEncoded()).readObject()).getObjects();
+//                    }
+//                    catch (IOException ex)
+//                    {
+//                        throw new AnnotatedException(
+//                            "Cannot decode CRL issuer information.", ex);
+//                    }
+//                    ASN1EncodableVector v = new ASN1EncodableVector();
+//                    while (e.hasMoreElements())
+//                    {
+//                        v.add((ASN1Encodable) e.nextElement());
+//                    }
+//                    v.add(relName);
+//                    issuersTemp.add(new X500Principal(new DERSequence(v)
+//                        .getDEREncoded()));
+//                }
+//                issuers.clear();
+//                issuers.addAll(issuersTemp);
+//            }
+//        }
+        Iterator it = issuers.iterator();
+        while (it.hasNext())
+        {
+            try
+            {
+                selector.addIssuerName(((X500Principal)it.next()).getEncoded());
+            }
+            catch (IOException ex)
+            {
+                throw new AnnotatedException(
+                    "Cannot decode CRL issuer information.", ex);
+            }
+        }
+    }
+
+    private static BigInteger getSerialNumber(
+        Object cert)
+    {
+        if (cert instanceof X509Certificate)
+        {
+            return ((X509Certificate)cert).getSerialNumber();
+        }
+        else
+        {
+            return ((X509AttributeCertificate)cert).getSerialNumber();
+        }
+    }
+
+    protected static void getCertStatus(
+        Date validDate,
+        X509CRL crl,
+        Object cert,
+        CertStatus certStatus)
+        throws AnnotatedException
+    {
+        X509CRLEntry crl_entry = null;
+
+        boolean isIndirect;
+        try
+        {
+            isIndirect = isIndirectCRL(crl);
+        }
+        catch (CRLException exception)
+        {
+            throw new AnnotatedException("Failed check for indirect CRL.", exception);
+        }
+
+        if (isIndirect)
+        {
+            crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
+
+            if (crl_entry == null)
+            {
+                return;
+            }
+
+            X500Principal certIssuer = crl_entry.getCertificateIssuer();
+
+            if (certIssuer == null)
+            {
+                certIssuer = getIssuerPrincipal(crl);
+            }
+
+            if (!getEncodedIssuerPrincipal(cert).equals(certIssuer))
+            {
+                return;
+            }
+        }
+        else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl)))
+        {
+            return;  // not for our issuer, ignore
+        }
+        else
+        {
+            crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
+
+            if (crl_entry == null)
+            {
+                return;
+            }
+        }
+
+        ASN1Enumerated reasonCode = null;
+        if (crl_entry.hasExtensions())
+        {
+            try
+            {
+                reasonCode = ASN1Enumerated
+                    .getInstance(CertPathValidatorUtilities
+                        .getExtensionValue(crl_entry,
+                            X509Extension.reasonCode.getId()));
+            }
+            catch (Exception e)
+            {
+                throw new AnnotatedException(
+                    "Reason code CRL entry extension could not be decoded.",
+                    e);
+            }
+        }
+
+        // for reason keyCompromise, caCompromise, aACompromise or
+        // unspecified
+        if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime())
+            || reasonCode == null
+            || reasonCode.getValue().intValue() == 0
+            || reasonCode.getValue().intValue() == 1
+            || reasonCode.getValue().intValue() == 2
+            || reasonCode.getValue().intValue() == 8)
+        {
+
+            // (i) or (j) (1)
+            if (reasonCode != null)
+            {
+                certStatus.setCertStatus(reasonCode.getValue().intValue());
+            }
+            // (i) or (j) (2)
+            else
+            {
+                certStatus.setCertStatus(CRLReason.unspecified);
+            }
+            certStatus.setRevocationDate(crl_entry.getRevocationDate());
+        }
+    }
+
+    /**
+     * Fetches delta CRLs according to RFC 3280 section 5.2.4.
+     *
+     * @param currentDate The date for which the delta CRLs must be valid.
+     * @param paramsPKIX  The extended PKIX parameters.
+     * @param completeCRL The complete CRL the delta CRL is for.
+     * @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs.
+     * @throws AnnotatedException if an exception occurs while picking the delta
+     * CRLs.
+     */
+    protected static Set getDeltaCRLs(Date currentDate,
+                                      ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL)
+        throws AnnotatedException
+    {
+
+        X509CRLStoreSelector deltaSelect = new X509CRLStoreSelector();
+
+        // 5.2.4 (a)
+        try
+        {
+            deltaSelect.addIssuerName(CertPathValidatorUtilities
+                .getIssuerPrincipal(completeCRL).getEncoded());
+        }
+        catch (IOException e)
+        {
+            throw new AnnotatedException("Cannot extract issuer from CRL.", e);
+        }
+
+        BigInteger completeCRLNumber = null;
+        try
+        {
+            ASN1Primitive derObject = CertPathValidatorUtilities.getExtensionValue(completeCRL,
+                CRL_NUMBER);
+            if (derObject != null)
+            {
+                completeCRLNumber = ASN1Integer.getInstance(derObject).getPositiveValue();
+            }
+        }
+        catch (Exception e)
+        {
+            throw new AnnotatedException(
+                "CRL number extension could not be extracted from CRL.", e);
+        }
+
+        // 5.2.4 (b)
+        byte[] idp = null;
+        try
+        {
+            idp = completeCRL.getExtensionValue(ISSUING_DISTRIBUTION_POINT);
+        }
+        catch (Exception e)
+        {
+            throw new AnnotatedException(
+                "Issuing distribution point extension value could not be read.",
+                e);
+        }
+
+        // 5.2.4 (d)
+
+        deltaSelect.setMinCRLNumber(completeCRLNumber == null ? null : completeCRLNumber
+            .add(BigInteger.valueOf(1)));
+
+        deltaSelect.setIssuingDistributionPoint(idp);
+        deltaSelect.setIssuingDistributionPointEnabled(true);
+
+        // 5.2.4 (c)
+        deltaSelect.setMaxBaseCRLNumber(completeCRLNumber);
+
+        // find delta CRLs
+        Set temp = CRL_UTIL.findCRLs(deltaSelect, paramsPKIX, currentDate);
+
+        Set result = new HashSet();
+
+        for (Iterator it = temp.iterator(); it.hasNext(); )
+        {
+            X509CRL crl = (X509CRL)it.next();
+
+            if (isDeltaCRL(crl))
+            {
+                result.add(crl);
+            }
+        }
+
+        return result;
+    }
+
+    private static boolean isDeltaCRL(X509CRL crl)
+    {
+        Set critical = crl.getCriticalExtensionOIDs();
+
+        if (critical == null)
+        {
+            return false;
+        }
+
+        return critical.contains(Extension.deltaCRLIndicator.getId());
+    }
+
+    /**
+     * Fetches complete CRLs according to RFC 3280.
+     *
+     * @param dp          The distribution point for which the complete CRL
+     * @param cert        The <code>X509Certificate</code> or
+     *                    {@link org.bouncycastle.x509.X509AttributeCertificate} for
+     *                    which the CRL should be searched.
+     * @param currentDate The date for which the delta CRLs must be valid.
+     * @param paramsPKIX  The extended PKIX parameters.
+     * @return A <code>Set</code> of <code>X509CRL</code>s with complete
+     *         CRLs.
+     * @throws AnnotatedException if an exception occurs while picking the CRLs
+     * or no CRLs are found.
+     */
+    protected static Set getCompleteCRLs(DistributionPoint dp, Object cert,
+                                         Date currentDate, ExtendedPKIXParameters paramsPKIX)
+        throws AnnotatedException
+    {
+        X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
+        try
+        {
+            Set issuers = new HashSet();
+            if (cert instanceof X509AttributeCertificate)
+            {
+                issuers.add(((X509AttributeCertificate)cert)
+                    .getIssuer().getPrincipals()[0]);
+            }
+            else
+            {
+                issuers.add(getEncodedIssuerPrincipal(cert));
+            }
+            CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
+        }
+        catch (AnnotatedException e)
+        {
+            throw new AnnotatedException(
+                "Could not get issuer information from distribution point.", e);
+        }
+        if (cert instanceof X509Certificate)
+        {
+            crlselect.setCertificateChecking((X509Certificate)cert);
+        }
+        else if (cert instanceof X509AttributeCertificate)
+        {
+            crlselect.setAttrCertificateChecking((X509AttributeCertificate)cert);
+        }
+
+
+        crlselect.setCompleteCRLEnabled(true);
+
+        Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
+
+        if (crls.isEmpty())
+        {
+            if (cert instanceof X509AttributeCertificate)
+            {
+                X509AttributeCertificate aCert = (X509AttributeCertificate)cert;
+
+                throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
+            }
+            else
+            {
+                X509Certificate xCert = (X509Certificate)cert;
+
+                throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\"");
+            }
+        }
+        return crls;
+    }
+
+    protected static Date getValidCertDateFromValidityModel(
+        ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index)
+        throws AnnotatedException
+    {
+        if (paramsPKIX.getValidityModel() == ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL)
+        {
+            // if end cert use given signing/encryption/... time
+            if (index <= 0)
+            {
+                return CertPathValidatorUtilities.getValidDate(paramsPKIX);
+                // else use time when previous cert was created
+            }
+            else
+            {
+                if (index - 1 == 0)
+                {
+                    ASN1GeneralizedTime dateOfCertgen = null;
+                    try
+                    {
+                        byte[] extBytes = ((X509Certificate)certPath.getCertificates().get(index - 1)).getExtensionValue(ISISMTTObjectIdentifiers.id_isismtt_at_dateOfCertGen.getId());
+                        if (extBytes != null)
+                        {
+                            dateOfCertgen = ASN1GeneralizedTime.getInstance(ASN1Primitive.fromByteArray(extBytes));
+                        }
+                    }
+                    catch (IOException e)
+                    {
+                        throw new AnnotatedException(
+                            "Date of cert gen extension could not be read.");
+                    }
+                    catch (IllegalArgumentException e)
+                    {
+                        throw new AnnotatedException(
+                            "Date of cert gen extension could not be read.");
+                    }
+                    if (dateOfCertgen != null)
+                    {
+                        try
+                        {
+                            return dateOfCertgen.getDate();
+                        }
+                        catch (ParseException e)
+                        {
+                            throw new AnnotatedException(
+                                "Date from date of cert gen extension could not be parsed.",
+                                e);
+                        }
+                    }
+                    return ((X509Certificate)certPath.getCertificates().get(
+                        index - 1)).getNotBefore();
+                }
+                else
+                {
+                    return ((X509Certificate)certPath.getCertificates().get(
+                        index - 1)).getNotBefore();
+                }
+            }
+        }
+        else
+        {
+            return getValidDate(paramsPKIX);
+        }
+    }
+
+    /**
+     * Return the next working key inheriting DSA parameters if necessary.
+     * <p>
+     * This methods inherits DSA parameters from the indexed certificate or
+     * previous certificates in the certificate chain to the returned
+     * <code>PublicKey</code>. The list is searched upwards, meaning the end
+     * certificate is at position 0 and previous certificates are following.
+     * </p>
+     * <p>
+     * If the indexed certificate does not contain a DSA key this method simply
+     * returns the public key. If the DSA key already contains DSA parameters
+     * the key is also only returned.
+     * </p>
+     *
+     * @param certs The certification path.
+     * @param index The index of the certificate which contains the public key
+     *              which should be extended with DSA parameters.
+     * @return The public key of the certificate in list position
+     *         <code>index</code> extended with DSA parameters if applicable.
+     * @throws AnnotatedException if DSA parameters cannot be inherited.
+     */
+    protected static PublicKey getNextWorkingKey(List certs, int index)
+        throws CertPathValidatorException
+    {
+        Certificate cert = (Certificate)certs.get(index);
+        PublicKey pubKey = cert.getPublicKey();
+        if (!(pubKey instanceof DSAPublicKey))
+        {
+            return pubKey;
+        }
+        DSAPublicKey dsaPubKey = (DSAPublicKey)pubKey;
+        if (dsaPubKey.getParams() != null)
+        {
+            return dsaPubKey;
+        }
+        for (int i = index + 1; i < certs.size(); i++)
+        {
+            X509Certificate parentCert = (X509Certificate)certs.get(i);
+            pubKey = parentCert.getPublicKey();
+            if (!(pubKey instanceof DSAPublicKey))
+            {
+                throw new CertPathValidatorException(
+                    "DSA parameters cannot be inherited from previous certificate.");
+            }
+            DSAPublicKey prevDSAPubKey = (DSAPublicKey)pubKey;
+            if (prevDSAPubKey.getParams() == null)
+            {
+                continue;
+            }
+            DSAParams dsaParams = prevDSAPubKey.getParams();
+            DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(
+                dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
+            try
+            {
+                KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
+                return keyFactory.generatePublic(dsaPubKeySpec);
+            }
+            catch (Exception exception)
+            {
+                throw new RuntimeException(exception.getMessage());
+            }
+        }
+        throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
+    }
+
+    /**
+     * Find the issuer certificates of a given certificate.
+     *
+     * @param cert       The certificate for which an issuer should be found.
+     * @return A <code>Collection</code> object containing the issuer
+     *         <code>X509Certificate</code>s. Never <code>null</code>.
+     * @throws AnnotatedException if an error occurs.
+     */
+    static Collection findIssuerCerts(
+        X509Certificate cert,
+        List            certStores,
+        List            pkixCertStores)
+        throws AnnotatedException
+    {
+        X509CertSelector selector = new X509CertSelector();
+
+        try
+        {
+            selector.setSubject(cert.getIssuerX500Principal().getEncoded());
+        }
+        catch (IOException e)
+        {
+            throw new AnnotatedException(
+                           "Subject criteria for certificate selector to find issuer certificate could not be set.", e);
+        }
+
+        PKIXCertStoreSelector certSelect = new PKIXCertStoreSelector.Builder(selector).build();
+        Set certs = new HashSet();
+
+        Iterator iter;
+
+        try
+        {
+            List matches = new ArrayList();
+
+            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, certStores));
+            matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixCertStores));
+
+            iter = matches.iterator();
+        }
+        catch (AnnotatedException e)
+        {
+            throw new AnnotatedException("Issuer certificate cannot be searched.", e);
+        }
+
+        X509Certificate issuer = null;
+        while (iter.hasNext())
+        {
+            issuer = (X509Certificate)iter.next();
+            // issuer cannot be verified because possible DSA inheritance
+            // parameters are missing
+            certs.add(issuer);
+        }
+        return certs;
+    }
+
+    protected static void verifyX509Certificate(X509Certificate cert, PublicKey publicKey,
+                                                String sigProvider)
+        throws GeneralSecurityException
+    {
+        if (sigProvider == null)
+        {
+            cert.verify(publicKey);
+        }
+        else
+        {
+            cert.verify(publicKey, sigProvider);
+        }
+    }
+
+    static boolean isIndirectCRL(X509CRL crl)
+        throws CRLException
+    {
+        try
+        {
+            byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId());
+            return idp != null
+                && IssuingDistributionPoint.getInstance(ASN1OctetString.getInstance(idp).getOctets()).isIndirectCRL();
+        }
+        catch (Exception e)
+        {
+            throw new CRLException(
+                    "Exception reading IssuingDistributionPoint: " + e);
+        }
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/CertStatus.java b/bcprov/src/main/java/org/bouncycastle/x509/CertStatus.java
new file mode 100644
index 0000000..f12910d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/x509/CertStatus.java
@@ -0,0 +1,46 @@
+package org.bouncycastle.x509;
+
+import java.util.Date;
+
+class CertStatus
+{
+    public static final int UNREVOKED = 11;
+
+    public static final int UNDETERMINED = 12;
+
+    int certStatus = UNREVOKED;
+
+    Date revocationDate = null;
+
+    /**
+     * @return Returns the revocationDate.
+     */
+    public Date getRevocationDate()
+    {
+        return revocationDate;
+    }
+
+    /**
+     * @param revocationDate The revocationDate to set.
+     */
+    public void setRevocationDate(Date revocationDate)
+    {
+        this.revocationDate = revocationDate;
+    }
+
+    /**
+     * @return Returns the certStatus.
+     */
+    public int getCertStatus()
+    {
+        return certStatus;
+    }
+
+    /**
+     * @param certStatus The certStatus to set.
+     */
+    public void setCertStatus(int certStatus)
+    {
+        this.certStatus = certStatus;
+    }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java b/bcprov/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java
index 51831d0..386fc3d 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java
@@ -17,6 +17,7 @@ import java.util.Set;
  * 
  * @see java.security.cert.PKIXBuilderParameters
  * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
+ * @deprecated use PKIXExtendedBuilderParameters
  */
 public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters
 {
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java b/bcprov/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java
index 6386618..952f775 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java
@@ -18,6 +18,8 @@ import java.util.Set;
 
 /**
  * This class extends the PKIXParameters with a validity model parameter.
+ *
+ * @deprecated use PKIXExtendedParameters
  */
 public class ExtendedPKIXParameters
     extends PKIXParameters
@@ -42,8 +44,11 @@ public class ExtendedPKIXParameters
     /**
      * Creates an instance of <code>PKIXParameters</code> with the specified
      * <code>Set</code> of most-trusted CAs. Each element of the set is a
-     * {@link TrustAnchor TrustAnchor}. <p/> Note that the <code>Set</code>
+     * {@link TrustAnchor TrustAnchor}.
+     * <p>
+     *     Note that the <code>Set</code>
      * is copied to protect against subsequent modifications.
+     * </p>
      * 
      * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
      * @throws InvalidAlgorithmParameterException if the specified
@@ -154,8 +159,11 @@ public class ExtendedPKIXParameters
      * when the end certificate was signed. The CA (or Root CA) certificate must
      * have been valid, when the CA certificate was signed and so on. So the
      * {@link PKIXParameters#setDate(java.util.Date)} method sets the time, when
-     * the <em>end certificate</em> must have been valid. <p/> It is used e.g.
+     * the <em>end certificate</em> must have been valid.
+     * <p>
+     * It is used e.g.
      * in the German signature law.
+     * </p>
      */
     public static final int CHAIN_VALIDITY_MODEL = 1;
 
@@ -278,6 +286,7 @@ public class ExtendedPKIXParameters
      * 
      * @param store The store to add.
      * @see #getStores()
+     * @deprectaed use addStore().
      */
     public void addAdditionalStore(Store store)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/PKIXCRLUtil.java b/bcprov/src/main/java/org/bouncycastle/x509/PKIXCRLUtil.java
new file mode 100644
index 0000000..bfa9f2d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/x509/PKIXCRLUtil.java
@@ -0,0 +1,153 @@
+package org.bouncycastle.x509;
+
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreException;
+import java.security.cert.PKIXParameters;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.bouncycastle.jce.provider.AnnotatedException;
+import org.bouncycastle.util.StoreException;
+
+class PKIXCRLUtil
+{
+    public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate)
+        throws AnnotatedException
+    {
+        Set initialSet = new HashSet();
+
+        // get complete CRL(s)
+        try
+        {
+            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
+            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores()));
+            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
+        }
+        catch (AnnotatedException e)
+        {
+            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
+        }
+
+        Set finalSet = new HashSet();
+        Date validityDate = currentDate;
+
+        if (paramsPKIX.getDate() != null)
+        {
+            validityDate = paramsPKIX.getDate();
+        }
+
+        // based on RFC 5280 6.3.3
+        for (Iterator it = initialSet.iterator(); it.hasNext();)
+        {
+            X509CRL crl = (X509CRL)it.next();
+
+            if (crl.getNextUpdate().after(validityDate))
+            {
+                X509Certificate cert = crlselect.getCertificateChecking();
+
+                if (cert != null)
+                {
+                    if (crl.getThisUpdate().before(cert.getNotAfter()))
+                    {
+                        finalSet.add(crl);
+                    }
+                }
+                else
+                {
+                    finalSet.add(crl);
+                }
+            }
+        }
+
+        return finalSet;
+    }
+
+    public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX)
+        throws AnnotatedException
+    {
+        Set completeSet = new HashSet();
+
+        // get complete CRL(s)
+        try
+        {
+            completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
+        }
+        catch (AnnotatedException e)
+        {
+            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
+        }
+
+        return completeSet;
+    }
+
+/**
+     * Return a Collection of all CRLs found in the X509Store's that are
+     * matching the crlSelect criteriums.
+     *
+     * @param crlSelect a {@link X509CRLStoreSelector} object that will be used
+     *            to select the CRLs
+     * @param crlStores a List containing only
+     *            {@link org.bouncycastle.x509.X509Store  X509Store} objects.
+     *            These are used to search for CRLs
+     *
+     * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be
+     *         empty but never <code>null</code>.
+     */
+    private final Collection findCRLs(X509CRLStoreSelector crlSelect,
+        List crlStores) throws AnnotatedException
+    {
+        Set crls = new HashSet();
+        Iterator iter = crlStores.iterator();
+
+        AnnotatedException lastException = null;
+        boolean foundValidStore = false;
+
+        while (iter.hasNext())
+        {
+            Object obj = iter.next();
+
+            if (obj instanceof X509Store)
+            {
+                X509Store store = (X509Store)obj;
+
+                try
+                {
+                    crls.addAll(store.getMatches(crlSelect));
+                    foundValidStore = true;
+                }
+                catch (StoreException e)
+                {
+                    lastException = new AnnotatedException(
+                        "Exception searching in X.509 CRL store.", e);
+                }
+            }
+            else
+            {
+                CertStore store = (CertStore)obj;
+
+                try
+                {
+                    crls.addAll(store.getCRLs(crlSelect));
+                    foundValidStore = true;
+                }
+                catch (CertStoreException e)
+                {
+                    lastException = new AnnotatedException(
+                        "Exception searching in X.509 CRL store.", e);
+                }
+            }
+        }
+        if (!foundValidStore && lastException != null)
+        {
+            throw lastException;
+        }
+        return crls;
+    }
+
+}
+\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java b/bcprov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java
index 14c06a8..3271aa9 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java
@@ -37,15 +37,15 @@ import java.util.Vector;
 import javax.security.auth.x500.X500Principal;
 
 import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Enumerated;
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DEREnumerated;
 import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.x509.AccessDescription;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -71,7 +71,6 @@ import org.bouncycastle.i18n.filter.TrustedInput;
 import org.bouncycastle.i18n.filter.UntrustedInput;
 import org.bouncycastle.i18n.filter.UntrustedUrlInput;
 import org.bouncycastle.jce.provider.AnnotatedException;
-import org.bouncycastle.jce.provider.CertPathValidatorUtilities;
 import org.bouncycastle.jce.provider.PKIXNameConstraintValidator;
 import org.bouncycastle.jce.provider.PKIXNameConstraintValidatorException;
 import org.bouncycastle.jce.provider.PKIXPolicyNode;
@@ -809,7 +808,7 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
         X509Certificate sign = null;
 
         AlgorithmIdentifier workingAlgId = null;
-        DERObjectIdentifier workingPublicKeyAlgorithm = null;
+        ASN1ObjectIdentifier workingPublicKeyAlgorithm = null;
         ASN1Encodable workingPublicKeyParameters = null;
         
         if (trust != null)
@@ -1215,7 +1214,7 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                     while (e.hasMoreElements())
                     {
                         PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
-                        DERObjectIdentifier pOid = pInfo.getPolicyIdentifier();
+                        ASN1ObjectIdentifier pOid = pInfo.getPolicyIdentifier();
 
                         pols.add(pOid.getId());
 
@@ -1301,9 +1300,9 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                                         {
                                             _policy = (String) _tmp;
                                         }
-                                        else if (_tmp instanceof DERObjectIdentifier)
+                                        else if (_tmp instanceof ASN1ObjectIdentifier)
                                         {
-                                            _policy = ((DERObjectIdentifier) _tmp).getId();
+                                            _policy = ((ASN1ObjectIdentifier) _tmp).getId();
                                         }
                                         else
                                         {
@@ -1425,8 +1424,8 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                         for (int j = 0; j < mappings.size(); j++) 
                         {
                             ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
-                            DERObjectIdentifier ip_id = (DERObjectIdentifier) mapping.getObjectAt(0);
-                            DERObjectIdentifier sp_id = (DERObjectIdentifier) mapping.getObjectAt(1);
+                            ASN1ObjectIdentifier ip_id = (ASN1ObjectIdentifier) mapping.getObjectAt(0);
+                            ASN1ObjectIdentifier sp_id = (ASN1ObjectIdentifier) mapping.getObjectAt(1);
                             if (ANY_POLICY.equals(ip_id.getId())) 
                             {
                                 ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicyMapping");
@@ -1451,8 +1450,8 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                         for (int j = 0; j < mappings.size(); j++)
                         {
                             ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j);
-                            String id_p = ((DERObjectIdentifier)mapping.getObjectAt(0)).getId();
-                            String sd_p = ((DERObjectIdentifier)mapping.getObjectAt(1)).getId();
+                            String id_p = ((ASN1ObjectIdentifier)mapping.getObjectAt(0)).getId();
+                            String sd_p = ((ASN1ObjectIdentifier)mapping.getObjectAt(1)).getId();
                             Set tmp;
                             
                             if (!m_idp.containsKey(id_p))
@@ -1554,14 +1553,14 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                                 switch (constraint.getTagNo())
                                 {
                                 case 0:
-                                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
+                                    tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue();
                                     if (tmpInt < explicitPolicy)
                                     {
                                         explicitPolicy = tmpInt;
                                     }
                                     break;
                                 case 1:
-                                    tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
+                                    tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue();
                                     if (tmpInt < policyMapping)
                                     {
                                         policyMapping = tmpInt;
@@ -1583,7 +1582,7 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                     
                     try 
                     {
-                        DERInteger iap = (DERInteger)getExtensionValue(cert, INHIBIT_ANY_POLICY);
+                        ASN1Integer iap = (ASN1Integer)getExtensionValue(cert, INHIBIT_ANY_POLICY);
                         
                         if (iap != null)
                         {
@@ -1634,7 +1633,7 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                         switch (constraint.getTagNo())
                         {
                         case 0:
-                            int tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
+                            int tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue();
                             if (tmpInt == 0)
                             {
                                 explicitPolicy = 0;
@@ -1906,7 +1905,7 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                     while (it.hasNext())
                     {
                         msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.unknownCriticalExt",
-                                new Object[] {new DERObjectIdentifier((String) it.next())});
+                                new Object[] {new ASN1ObjectIdentifier((String) it.next())});
                         addError(msg, index);
                     }
                 }
@@ -2206,10 +2205,10 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                 
                 if (crl_entry.hasExtensions())
                 {
-                    DEREnumerated reasonCode;
+                    ASN1Enumerated reasonCode;
                     try
                     {
-                        reasonCode = DEREnumerated.getInstance(getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId()));
+                        reasonCode = ASN1Enumerated.getInstance(getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId()));
                     }
                     catch (AnnotatedException ae)
                     {
@@ -2297,10 +2296,10 @@ public class PKIXCertPathReviewer extends CertPathValidatorUtilities
                     throw new CertPathReviewerException(msg,e);
                 }
 
-                baseSelect.setMinCRLNumber(((DERInteger)dci).getPositiveValue());
+                baseSelect.setMinCRLNumber(((ASN1Integer)dci).getPositiveValue());
                 try
                 {
-                    baseSelect.setMaxCRLNumber(((DERInteger)getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1)));
+                    baseSelect.setMaxCRLNumber(((ASN1Integer)getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1)));
                 }
                 catch (AnnotatedException ae)
                 {
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java b/bcprov/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java
index 48a825f..d65ec78 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java
@@ -15,6 +15,7 @@ import java.util.Date;
 
 /**
  * Interface for an X.509 Attribute Certificate.
+ * @deprecated use X509CertificateHolder class in the PKIX package.
  */
 public interface X509AttributeCertificate
     extends X509Extension
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java b/bcprov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java
index cc50b8f..2486d20 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java
@@ -1,17 +1,17 @@
 package org.bouncycastle.x509;
 
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CRL;
 import java.security.cert.X509CRL;
 import java.security.cert.X509CRLSelector;
 
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Selector;
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
+
 /**
  * This class is a Selector implementation for X.509 certificate revocation
  * lists.
@@ -96,14 +96,14 @@ public class X509CRLStoreSelector
             return false;
         }
         X509CRL crl = (X509CRL)obj;
-        DERInteger dci = null;
+        ASN1Integer dci = null;
         try
         {
             byte[] bytes = crl
                 .getExtensionValue(X509Extensions.DeltaCRLIndicator.getId());
             if (bytes != null)
             {
-                dci = DERInteger.getInstance(X509ExtensionUtil
+                dci = ASN1Integer.getInstance(X509ExtensionUtil
                     .fromExtensionValue(bytes));
             }
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java b/bcprov/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java
index b272649..6535328 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java
@@ -1,18 +1,19 @@
 package org.bouncycastle.x509;
 
-import org.bouncycastle.util.Selector;
-
 import java.io.IOException;
 import java.security.cert.Certificate;
 import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
 
+import org.bouncycastle.util.Selector;
+
 /**
  * This class is a Selector implementation for X.509 certificates.
  * 
  * @see org.bouncycastle.util.Selector
  * @see org.bouncycastle.x509.X509Store
  * @see org.bouncycastle.jce.provider.X509StoreCertCollection
+ * @deprecated use the classes under org.bouncycastle.cert.selector
  */
 public class X509CertStoreSelector
     extends X509CertSelector
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509Util.java b/bcprov/src/main/java/org/bouncycastle/x509/X509Util.java
index e5c9926..d002111 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509Util.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/X509Util.java
@@ -23,8 +23,8 @@ import javax.security.auth.x500.X500Principal;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -136,21 +136,21 @@ class X509Util
             new ASN1Integer(1));
     }
 
-    static DERObjectIdentifier getAlgorithmOID(
+    static ASN1ObjectIdentifier getAlgorithmOID(
         String algorithmName)
     {
         algorithmName = Strings.toUpperCase(algorithmName);
         
         if (algorithms.containsKey(algorithmName))
         {
-            return (DERObjectIdentifier)algorithms.get(algorithmName);
+            return (ASN1ObjectIdentifier)algorithms.get(algorithmName);
         }
         
-        return new DERObjectIdentifier(algorithmName);
+        return new ASN1ObjectIdentifier(algorithmName);
     }
     
     static AlgorithmIdentifier getSigAlgID(
-        DERObjectIdentifier sigOid,
+        ASN1ObjectIdentifier sigOid,
         String              algorithmName)
     {
         if (noParams.contains(sigOid))
@@ -206,7 +206,7 @@ class X509Util
     }
 
     static byte[] calculateSignature(
-        DERObjectIdentifier sigOid,
+        ASN1ObjectIdentifier sigOid,
         String              sigName,
         PrivateKey          key,
         SecureRandom        random,
@@ -237,7 +237,7 @@ class X509Util
     }
 
     static byte[] calculateSignature(
-        DERObjectIdentifier sigOid,
+        ASN1ObjectIdentifier sigOid,
         String              sigName,
         String              provider,
         PrivateKey          key,
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java b/bcprov/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
index ac44d73..f7ff3e4 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
@@ -22,9 +22,9 @@ import javax.security.auth.x500.X500Principal;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.Certificate;
@@ -43,7 +43,7 @@ import org.bouncycastle.jce.provider.X509CertificateObject;
 public class X509V1CertificateGenerator
 {
     private V1TBSCertificateGenerator   tbsGen;
-    private DERObjectIdentifier         sigOID;
+    private ASN1ObjectIdentifier         sigOID;
     private AlgorithmIdentifier         sigAlgId;
     private String                      signatureAlgorithm;
 
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java b/bcprov/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java
deleted file mode 100644
index 24a0f2b..0000000
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java
+++ /dev/null
@@ -1,269 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.util.Date;
-import java.util.Iterator;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1GeneralizedTime;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AttCertIssuer;
-import org.bouncycastle.asn1.x509.Attribute;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
-import org.bouncycastle.asn1.x509.V2AttributeCertificateInfoGenerator;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-
-/**
- * class to produce an X.509 Version 2 AttributeCertificate.
- * @deprecated use org.bouncycastle.cert.X509v2AttributeCertificateBuilder
- */
-public class X509V2AttributeCertificateGenerator
-{
-    private V2AttributeCertificateInfoGenerator   acInfoGen;
-    private DERObjectIdentifier         sigOID;
-    private AlgorithmIdentifier         sigAlgId;
-    private String                      signatureAlgorithm;
-    private X509ExtensionsGenerator     extGenerator;
-
-    public X509V2AttributeCertificateGenerator()
-    {
-        acInfoGen = new V2AttributeCertificateInfoGenerator();
-        extGenerator = new X509ExtensionsGenerator();
-    }
-
-    /**
-     * reset the generator
-     */
-    public void reset()
-    {
-        acInfoGen = new V2AttributeCertificateInfoGenerator();
-        extGenerator.reset();
-    }
-
-    /**
-     * Set the Holder of this Attribute Certificate
-     */
-    public void setHolder(
-        AttributeCertificateHolder     holder)
-    {
-        acInfoGen.setHolder(holder.holder);
-    }
-
-    /**
-     * Set the issuer
-     */
-    public void setIssuer(
-        AttributeCertificateIssuer  issuer)
-    {
-        acInfoGen.setIssuer(AttCertIssuer.getInstance(issuer.form));
-    }
-
-    /**
-     * set the serial number for the certificate.
-     */
-    public void setSerialNumber(
-        BigInteger      serialNumber)
-    {
-        acInfoGen.setSerialNumber(new ASN1Integer(serialNumber));
-    }
-
-    public void setNotBefore(
-        Date    date)
-    {
-        acInfoGen.setStartDate(new ASN1GeneralizedTime(date));
-    }
-
-    public void setNotAfter(
-        Date    date)
-    {
-        acInfoGen.setEndDate(new ASN1GeneralizedTime(date));
-    }
-
-    /**
-     * Set the signature algorithm. This can be either a name or an OID, names
-     * are treated as case insensitive.
-     * 
-     * @param signatureAlgorithm string representation of the algorithm name.
-     */
-    public void setSignatureAlgorithm(
-        String  signatureAlgorithm)
-    {
-        this.signatureAlgorithm = signatureAlgorithm;
-
-        try
-        {
-            sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
-        }
-        catch (Exception e)
-        {
-            throw new IllegalArgumentException("Unknown signature type requested");
-        }
-
-        sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
-
-        acInfoGen.setSignature(sigAlgId);
-    }
-    
-    /**
-     * add an attribute
-     */
-    public void addAttribute(
-        X509Attribute       attribute)
-    {
-        acInfoGen.addAttribute(Attribute.getInstance(attribute.toASN1Object()));
-    }
-
-    public void setIssuerUniqueId(
-        boolean[] iui)
-    {
-        // [TODO] convert boolean array to bit string
-        //acInfoGen.setIssuerUniqueID(iui);
-        throw new RuntimeException("not implemented (yet)");
-    }
-     
-    /**
-     * add a given extension field for the standard extensions tag
-     * @throws IOException
-     */
-    public void addExtension(
-        String          oid,
-        boolean         critical,
-        ASN1Encodable   value)
-        throws IOException
-    {
-        extGenerator.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
-    }
-
-    /**
-     * add a given extension field for the standard extensions tag
-     * The value parameter becomes the contents of the octet string associated
-     * with the extension.
-     */
-    public void addExtension(
-        String          oid,
-        boolean         critical,
-        byte[]          value)
-    {
-        extGenerator.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing.
-     * @deprecated use generate()
-     */
-    public X509AttributeCertificate generateCertificate(
-        PrivateKey      key,
-        String          provider)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        return generateCertificate(key, provider, null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing and the supplied source
-     * of randomness, if required.
-     * @deprecated use generate()
-     */
-    public X509AttributeCertificate generateCertificate(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
-    {
-        try
-        {
-            return generate(key, provider, random);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw e;
-        }
-        catch (SignatureException e)
-        {
-            throw e;
-        }
-        catch (InvalidKeyException e)
-        {
-            throw e;
-        }
-        catch (GeneralSecurityException e)
-        {
-            throw new SecurityException("exception creating certificate: " + e);
-        }
-    }
-
-   /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing.
-     */
-    public X509AttributeCertificate generate(
-        PrivateKey      key,
-        String          provider)
-       throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, SignatureException, InvalidKeyException, NoSuchAlgorithmException
-   {
-        return generate(key, provider, null);
-    }
-
-    /**
-     * generate an X509 certificate, based on the current issuer and subject,
-     * using the passed in provider for the signing and the supplied source
-     * of randomness, if required.
-     */
-    public X509AttributeCertificate generate(
-        PrivateKey      key,
-        String          provider,
-        SecureRandom    random)
-        throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
-    {
-        if (!extGenerator.isEmpty())
-        {
-            acInfoGen.setExtensions(extGenerator.generate());
-        }
-
-        AttributeCertificateInfo acInfo = acInfoGen.generateAttributeCertificateInfo();
-
-        ASN1EncodableVector  v = new ASN1EncodableVector();
-
-        v.add(acInfo);
-        v.add(sigAlgId);
-
-        try
-        {
-            v.add(new DERBitString(X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, acInfo)));
-
-            return new X509V2AttributeCertificate(new AttributeCertificate(new DERSequence(v)));
-        }
-        catch (IOException e)
-        {
-            throw new ExtCertificateEncodingException("constructed invalid certificate", e);
-        }
-    }
-
-    /**
-     * Return an iterator of the signature names supported by the generator.
-     * 
-     * @return an iterator containing recognised names.
-     */
-    public Iterator getSignatureAlgNames()
-    {
-        return X509Util.getAlgNames();
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java b/bcprov/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java
index 7285d86..8773d0e 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java
@@ -26,7 +26,6 @@ import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.CertificateList;
@@ -47,7 +46,7 @@ import org.bouncycastle.jce.provider.X509CRLObject;
 public class X509V2CRLGenerator
 {
     private V2TBSCertListGenerator      tbsGen;
-    private DERObjectIdentifier         sigOID;
+    private ASN1ObjectIdentifier         sigOID;
     private AlgorithmIdentifier         sigAlgId;
     private String                      signatureAlgorithm;
     private X509ExtensionsGenerator     extGenerator;
@@ -197,14 +196,14 @@ public class X509V2CRLGenerator
         boolean         critical,
         ASN1Encodable    value)
     {
-        this.addExtension(new DERObjectIdentifier(oid), critical, value);
+        this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
     }
 
     /**
      * add a given extension field for the standard extensions tag (tag 0)
      */
     public void addExtension(
-        DERObjectIdentifier oid,
+        ASN1ObjectIdentifier oid,
         boolean             critical,
         ASN1Encodable value)
     {
@@ -219,14 +218,14 @@ public class X509V2CRLGenerator
         boolean         critical,
         byte[]          value)
     {
-        this.addExtension(new DERObjectIdentifier(oid), critical, value);
+        this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
     }
 
     /**
      * add a given extension field for the standard extensions tag (tag 0)
      */
     public void addExtension(
-        DERObjectIdentifier oid,
+        ASN1ObjectIdentifier oid,
         boolean             critical,
         byte[]              value)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java b/bcprov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
index d216295..c422cb2 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
@@ -24,7 +24,6 @@ import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.Certificate;
@@ -45,7 +44,7 @@ import org.bouncycastle.x509.extension.X509ExtensionUtil;
 public class X509V3CertificateGenerator
 {
     private V3TBSCertificateGenerator   tbsGen;
-    private DERObjectIdentifier         sigOID;
+    private ASN1ObjectIdentifier        sigOID;
     private AlgorithmIdentifier         sigAlgId;
     private String                      signatureAlgorithm;
     private X509ExtensionsGenerator     extGenerator;
@@ -228,14 +227,14 @@ public class X509V3CertificateGenerator
         boolean         critical,
         ASN1Encodable    value)
     {
-        this.addExtension(new DERObjectIdentifier(oid), critical, value);
+        this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
     }
 
     /**
      * add a given extension field for the standard extensions tag (tag 3)
      */
     public void addExtension(
-        DERObjectIdentifier oid,
+        ASN1ObjectIdentifier oid,
         boolean             critical,
         ASN1Encodable        value)
     {
@@ -252,14 +251,14 @@ public class X509V3CertificateGenerator
         boolean         critical,
         byte[]          value)
     {
-        this.addExtension(new DERObjectIdentifier(oid), critical, value);
+        this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
     }
 
     /**
      * add a given extension field for the standard extensions tag (tag 3)
      */
     public void addExtension(
-        DERObjectIdentifier oid,
+        ASN1ObjectIdentifier oid,
         boolean             critical,
         byte[]              value)
     {
@@ -302,7 +301,7 @@ public class X509V3CertificateGenerator
      * @throws CertificateParsingException if the extension cannot be extracted.
      */
     public void copyAndAddExtension(
-        DERObjectIdentifier oid,
+        ASN1ObjectIdentifier oid,
         boolean             critical,
         X509Certificate     cert)
         throws CertificateParsingException
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/examples/AttrCertExample.java b/bcprov/src/main/java/org/bouncycastle/x509/examples/AttrCertExample.java
deleted file mode 100644
index 99828aa..0000000
--- a/bcprov/src/main/java/org/bouncycastle/x509/examples/AttrCertExample.java
+++ /dev/null
@@ -1,314 +0,0 @@
-package org.bouncycastle.x509.examples;
-
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.Date;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
-import org.bouncycastle.asn1.misc.NetscapeCertType;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.x509.AttributeCertificateHolder;
-import org.bouncycastle.x509.AttributeCertificateIssuer;
-import org.bouncycastle.x509.X509Attribute;
-import org.bouncycastle.x509.X509V1CertificateGenerator;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
-import org.bouncycastle.x509.X509V2AttributeCertificateGenerator;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-
-/**
- * A simple example that generates an attribute certificate.
- */
-public class AttrCertExample
-{
-    static X509V1CertificateGenerator  v1CertGen = new X509V1CertificateGenerator();
-    static X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();
-    
-    /**
-     * we generate the AC issuer's certificate
-     */
-    public static X509Certificate createAcIssuerCert(
-        PublicKey       pubKey,
-        PrivateKey      privKey)
-        throws Exception
-    {
-        //
-        // signers name 
-        //
-        String  issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // subjects name - the same as we are self signed.
-        //
-        String  subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // create the certificate - version 1
-        //
-
-        v1CertGen.setSerialNumber(BigInteger.valueOf(10));
-        v1CertGen.setIssuerDN(new X509Principal(issuer));
-        v1CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v1CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v1CertGen.setSubjectDN(new X509Principal(subject));
-        v1CertGen.setPublicKey(pubKey);
-        v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        X509Certificate cert = v1CertGen.generate(privKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(pubKey);
-
-        return cert;
-    }
-    
-    /**
-     * we generate a certificate signed by our CA's intermediate certficate
-     */
-    public static X509Certificate createClientCert(
-        PublicKey       pubKey,
-        PrivateKey      caPrivKey,
-        PublicKey       caPubKey)
-        throws Exception
-    {
-        //
-        // issuer
-        //
-        String  issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
-        //
-        // subjects name table.
-        //
-        Hashtable                   attrs = new Hashtable();
-        Vector                      order = new Vector();
-
-        attrs.put(X509Principal.C, "AU");
-        attrs.put(X509Principal.O, "The Legion of the Bouncy Castle");
-        attrs.put(X509Principal.L, "Melbourne");
-        attrs.put(X509Principal.CN, "Eric H. Echidna");
-        attrs.put(X509Principal.EmailAddress, "feedback-crypto@bouncycastle.org");
-
-        order.addElement(X509Principal.C);
-        order.addElement(X509Principal.O);
-        order.addElement(X509Principal.L);
-        order.addElement(X509Principal.CN);
-        order.addElement(X509Principal.EmailAddress);
-
-        //
-        // create the certificate - version 3
-        //
-        v3CertGen.reset();
-
-        v3CertGen.setSerialNumber(BigInteger.valueOf(20));
-        v3CertGen.setIssuerDN(new X509Principal(issuer));
-        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
-        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
-        v3CertGen.setSubjectDN(new X509Principal(order, attrs));
-        v3CertGen.setPublicKey(pubKey);
-        v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        //
-        // add the extensions
-        //
-
-        v3CertGen.addExtension(
-            MiscObjectIdentifiers.netscapeCertType,
-            false,
-            new NetscapeCertType(NetscapeCertType.objectSigning | NetscapeCertType.smime));
-
-        X509Certificate cert = v3CertGen.generate(caPrivKey);
-
-        cert.checkValidity(new Date());
-
-        cert.verify(caPubKey);
-
-        return cert;
-    }
-    
-    public static void main(String args[])
-        throws Exception
-    {
-        Security.addProvider(new BouncyCastleProvider());
-
-        //
-        // personal keys
-        //
-        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
-            new BigInteger("11", 16),
-            new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
-            new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
-            new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
-            new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
-            new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
-            new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
-        //
-        // ca keys
-        //
-        RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec(
-            new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
-            new BigInteger("11", 16));
-
-        RSAPrivateCrtKeySpec   caPrivKeySpec = new RSAPrivateCrtKeySpec(
-            new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
-            new BigInteger("11", 16),
-            new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16),
-            new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16),
-            new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16),
-            new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16),
-            new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16),
-            new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16));
-
-        //
-        // set up the keys
-        //
-        KeyFactory          fact = KeyFactory.getInstance("RSA", "BC");
-        PrivateKey          caPrivKey = fact.generatePrivate(caPrivKeySpec);
-        PublicKey           caPubKey = fact.generatePublic(caPubKeySpec);
-        PrivateKey          privKey = fact.generatePrivate(privKeySpec);
-        PublicKey           pubKey = fact.generatePublic(pubKeySpec);
-
-        //
-        // note in this case we are using the CA certificate for both the client cetificate
-        // and the attribute certificate. This is to make the vcode simpler to read, in practice
-        // the CA for the attribute certificate should be different to that of the client certificate
-        //
-        X509Certificate     caCert = createAcIssuerCert(caPubKey, caPrivKey);
-        X509Certificate     clientCert = createClientCert(pubKey, caPrivKey, caPubKey);
-
-        // Instantiate a new AC generator
-        X509V2AttributeCertificateGenerator acGen = new X509V2AttributeCertificateGenerator();
-
-        acGen.reset();
-
-        //
-        // Holder: here we use the IssuerSerial form
-        //
-        acGen.setHolder(new AttributeCertificateHolder(clientCert));
-
-        // set the Issuer
-        acGen.setIssuer(new AttributeCertificateIssuer(caCert.getSubjectX500Principal()));
-
-        //
-        // serial number (as it's an example we don't have to keep track of the
-        // serials anyway
-        //
-        acGen.setSerialNumber(new BigInteger("1"));
-
-        // not Before
-        acGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
-
-        // not After
-        acGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
-
-        // signature Algorithmus
-        acGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
-
-        // the actual attributes
-        GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
-        ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
-        roleSyntax.add(roleName);
-
-        // roleSyntax OID: 2.5.24.72
-        X509Attribute attributes = new X509Attribute("2.5.24.72",
-                new DERSequence(roleSyntax));
-
-        acGen.addAttribute(attributes);
-
-        //      finally create the AC
-        X509V2AttributeCertificate att = (X509V2AttributeCertificate)acGen
-                .generate(caPrivKey, "BC");
-
-        //
-        // starting here, we parse the newly generated AC
-        //
-
-        // Holder
-
-        AttributeCertificateHolder h = att.getHolder();
-        if (h.match(clientCert))
-        {
-            if (h.getEntityNames() != null)
-            {
-                System.out.println(h.getEntityNames().length + " entity names found");
-            }
-            if (h.getIssuer() != null)
-            {
-                System.out.println(h.getIssuer().length + " issuer names found, serial number " + h.getSerialNumber());
-            }
-            System.out.println("Matches original client x509 cert");
-        }
-
-        // Issuer
-        
-        AttributeCertificateIssuer issuer = att.getIssuer();
-        if (issuer.match(caCert))
-        {
-            if (issuer.getPrincipals() != null)
-            {
-                System.out.println(issuer.getPrincipals().length + " entity names found");
-            }
-            System.out.println("Matches original ca x509 cert");
-        }
-        
-        // Dates
-        System.out.println("valid not before: " + att.getNotBefore());
-        System.out.println("valid not before: " + att.getNotAfter());
-
-        // check the dates, an exception is thrown in checkValidity()...
-
-        try
-        {
-            att.checkValidity();
-            att.checkValidity(new Date());
-        }
-        catch (Exception e)
-        {
-            System.out.println(e);
-        }
-
-        // verify
-
-        try
-        {
-            att.verify(caPubKey, "BC");
-        }
-        catch (Exception e)
-        {
-            System.out.println(e);
-        }
-
-        // Attribute
-        X509Attribute[] attribs = att.getAttributes();
-        System.out.println("cert has " + attribs.length + " attributes:");
-        for (int i = 0; i < attribs.length; i++)
-        {
-            X509Attribute a = attribs[i];
-            System.out.println("OID: " + a.getOID());
-            
-            // currently we only check for the presence of a 'RoleSyntax' attribute
-
-            if (a.getOID().equals("2.5.24.72"))
-            {
-                System.out.println("rolesyntax read from cert!");
-            }
-        }
-    }
-}
-\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/examples/package.html b/bcprov/src/main/java/org/bouncycastle/x509/examples/package.html
new file mode 100644
index 0000000..6262157
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/x509/examples/package.html
@@ -0,0 +1,7 @@
+<html>
+<body bgcolor="#ffffff">
+<p>
+Examples for X.509 attribute certificates.
+<p>
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java b/bcprov/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java
deleted file mode 100644
index 2c7afd3..0000000
--- a/bcprov/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.x509.extension;
-
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.PublicKey;
-
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-
-/**
- * A high level subject key identifier.
- * @deprecated use JcaX509ExtensionUtils andSubjectKeyIdentifier.getInstance()
- */
-public class SubjectKeyIdentifierStructure
-    extends SubjectKeyIdentifier
-{
-    /**
-     * Constructor which will take the byte[] returned from getExtensionValue()
-     * 
-     * @param encodedValue a DER octet encoded string with the extension structure in it.
-     * @throws IOException on parsing errors.
-     */
-    public SubjectKeyIdentifierStructure(
-        byte[]  encodedValue)
-        throws IOException
-    {
-        super((ASN1OctetString)X509ExtensionUtil.fromExtensionValue(encodedValue));
-    }
-    
-    private static ASN1OctetString fromPublicKey(
-        PublicKey pubKey)
-        throws InvalidKeyException
-    {
-        try
-        {
-            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(pubKey.getEncoded());
-
-            return (ASN1OctetString)(new SubjectKeyIdentifier(info).toASN1Object());
-        }
-        catch (Exception e)
-        {
-            throw new InvalidKeyException("Exception extracting key details: " + e.toString());
-        }
-    }
-    
-    public SubjectKeyIdentifierStructure(
-        PublicKey pubKey)
-        throws InvalidKeyException
-    {
-        super(fromPublicKey(pubKey));
-    }
-}
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/extension/package.html b/bcprov/src/main/java/org/bouncycastle/x509/extension/package.html
new file mode 100644
index 0000000..abc2da5
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/x509/extension/package.html
@@ -0,0 +1,5 @@
+<html>
+<body bgcolor="#ffffff">
+Helper classes for dealing with common X.509 extensions.
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/package.html b/bcprov/src/main/java/org/bouncycastle/x509/package.html
new file mode 100644
index 0000000..b6b5298
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/x509/package.html
@@ -0,0 +1,7 @@
+<html>
+<body bgcolor="#ffffff">
+<p>
+Classes for supporting the generation of X.509 certificates and X.509 attribute certificates.
+<p>
+</body>
+</html>
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java b/bcprov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java
index 13b3942..128c1c8 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java
@@ -46,14 +46,14 @@ import org.bouncycastle.x509.X509CertificatePair;
 /**
  * This is a general purpose implementation to get X.509 certificates, CRLs,
  * attribute certificates and cross certificates from a LDAP location.
- * <p/>
+ * <p>
  * At first a search is performed in the ldap*AttributeNames of the
  * {@link org.bouncycastle.jce.X509LDAPCertStoreParameters} with the given
  * information of the subject (for all kind of certificates) or issuer (for
  * CRLs), respectively, if a {@link org.bouncycastle.x509.X509CertStoreSelector} or
  * {@link org.bouncycastle.x509.X509AttributeCertificate} is given with that
  * details.
- * <p/>
+ * </p><p>
  * For the used schemes see:
  * <ul>
  * <li><a href="http://www.ietf.org/rfc/rfc2587.txt">RFC 2587</a>
@@ -61,6 +61,7 @@ import org.bouncycastle.x509.X509CertificatePair;
  * href="http://www3.ietf.org/proceedings/01mar/I-D/pkix-ldap-schema-01.txt">Internet
  * X.509 Public Key Infrastructure Additional LDAP Schema for PKIs and PMIs</a>
  * </ul>
+ * </p>
  */
 public class LDAPStoreHelper
 {
@@ -714,10 +715,10 @@ public class LDAPStoreHelper
 
     /**
      * Returns the revocation list for revoked attribute certificates.
-     * <p/>
+     * <p>
      * The attributeCertificateRevocationList holds a list of attribute
      * certificates that have been revoked.
-     *
+     * </p>
      * @param selector The CRL selector to use to find the CRLs.
      * @return A possible empty collection with CRLs.
      * @throws StoreException
@@ -749,10 +750,10 @@ public class LDAPStoreHelper
     /**
      * Returns the revocation list for revoked attribute certificates for an
      * attribute authority
-     * <p/>
+     * <p>
      * The attributeAuthorityList holds a list of AA certificates that have been
      * revoked.
-     *
+     * </p>
      * @param selector The CRL selector to use to find the CRLs.
      * @return A possible empty collection with CRLs
      * @throws StoreException
@@ -846,9 +847,9 @@ public class LDAPStoreHelper
 
     /**
      * Returns attribute certificates for an attribute authority
-     * <p/>
+     * <p>
      * The aAcertificate holds the privileges of an attribute authority.
-     *
+     * </p>
      * @param selector The selector to find the attribute certificates.
      * @return A possible empty collection with attribute certificates.
      * @throws StoreException
@@ -876,11 +877,11 @@ public class LDAPStoreHelper
 
     /**
      * Returns an attribute certificate for an authority
-     * <p/>
+     * <p>
      * The attributeDescriptorCertificate is self signed by a source of
      * authority and holds a description of the privilege and its delegation
      * rules.
-     *
+     * </p>
      * @param selector The selector to find the attribute certificates.
      * @return A possible empty collection with attribute certificates.
      * @throws StoreException
@@ -910,11 +911,11 @@ public class LDAPStoreHelper
 
     /**
      * Returns CA certificates.
-     * <p/>
+     * <p>
      * The cACertificate attribute of a CA's directory entry shall be used to
      * store self-issued certificates (if any) and certificates issued to this
      * CA by CAs in the same realm as this CA.
-     *
+     * </p>
      * @param selector The selector to find the certificates.
      * @return A possible empty collection with certificates.
      * @throws StoreException
@@ -969,9 +970,9 @@ public class LDAPStoreHelper
 
     /**
      * Returns an attribute certificate for an user.
-     * <p/>
+     * <p>
      * The attributeCertificateAttribute holds the privileges of a user
-     *
+     * </p>
      * @param selector The selector to find the attribute certificates.
      * @return A possible empty collection with attribute certificates.
      * @throws StoreException
author	Sergio Giro <sgiro@google.com>	2016-02-01 10:41:58 +0000
committer	Sergio Giro <sgiro@google.com>	2016-02-01 10:41:58 +0000
commit	53b61f9fe9d58034fcc7021137e92460f91b70ce (patch)
tree	90632062175928181977c1ab3ab59951bc1146c3 /bcprov/src
parent	3eebc2629986481f9fc77ab101c0c9b8ff2f2660 (diff)
download	android_external_bouncycastle-53b61f9fe9d58034fcc7021137e92460f91b70ce.tar.gz android_external_bouncycastle-53b61f9fe9d58034fcc7021137e92460f91b70ce.tar.bz2 android_external_bouncycastle-53b61f9fe9d58034fcc7021137e92460f91b70ce.zip