nd1012 · nd1012 · Mar 9, 2024 · Mar 9, 2024
diff --git a/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanAlgorithm.cs b/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanAlgorithm.cs
@@ -74,6 +74,10 @@ protected override ECKeyGenerationParameters CreateKeyGenParameters(SecureRandom
             => new(parameters, random);
 
         /// <inheritdoc/>
-        protected override ECDomainParameters GetEngineParameters(CryptoOptions options) => BcEllipticCurves.GetCurve(options.AsymmetricKeyBits);
+        protected override ECDomainParameters GetEngineParameters(CryptoOptions options)
+        {
+            EnsureAllowedCurve(options.AsymmetricKeyBits);
+            return BcEllipticCurves.GetCurve(options.AsymmetricKeyBits);
+        }
     }
 }
diff --git a/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanPrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanPrivateKey.cs
@@ -47,7 +47,8 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                Algorithm.EnsureAllowed();
+                EnsureAllowedCurve();
                 publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
                 if (publicKey is not AsymmetricBcEcDiffieHellmanPublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
                 return (DeriveKey(publicKey), PublicKey.KeyData.Array.CloneArray());
@@ -67,7 +68,7 @@ public override byte[] DeriveKey(byte[] keyExchangeData)
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                EnsurePqcRequirement();
                 using AsymmetricBcEcDiffieHellmanPublicKey publicKey = new(keyExchangeData);
                 return DeriveKey(publicKey as IAsymmetricPublicKey);
             }
@@ -83,7 +84,7 @@ public override byte[] DeriveKey(IAsymmetricPublicKey publicKey)
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                EnsurePqcRequirement();
                 if (publicKey is not AsymmetricBcEcDiffieHellmanPublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
                 ECDHBasicAgreement agreement = new();
                 agreement.Init(PrivateKey);

diff --git a/src/wan24-Crypto-BC/AsymmetricBcEcDsaAlgorithm.cs b/src/wan24-Crypto-BC/AsymmetricBcEcDsaAlgorithm.cs
@@ -74,6 +74,10 @@ protected override ECKeyGenerationParameters CreateKeyGenParameters(SecureRandom
             => new(parameters, random);
 
         /// <inheritdoc/>
-        protected override ECDomainParameters GetEngineParameters(CryptoOptions options) => BcEllipticCurves.GetCurve(options.AsymmetricKeyBits);
+        protected override ECDomainParameters GetEngineParameters(CryptoOptions options)
+        {
+            EnsureAllowedCurve(options.AsymmetricKeyBits);
+            return BcEllipticCurves.GetCurve(options.AsymmetricKeyBits);
+        }
     }
 }
diff --git a/src/wan24-Crypto-BC/AsymmetricBcEcDsaPrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricBcEcDsaPrivateKey.cs
@@ -66,7 +66,8 @@ public override byte[] SignHashRaw(byte[] hash)
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                Algorithm.EnsureAllowed();
+                EnsureAllowedCurve();
                 DsaDigestSigner signer = new(new ECDsaSigner(), new NullDigest());
                 signer.Init(forSigning: true, PrivateKey);
                 signer.BlockUpdate(hash);

diff --git a/src/wan24-Crypto-BC/AsymmetricEd25519Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricEd25519Algorithm.cs
@@ -74,6 +74,7 @@ public override AsymmetricEd25519PrivateKey CreateKeyPair(CryptoOptions? options
         {
             try
             {
+                EnsureAllowed();
                 options ??= DefaultOptions;
                 if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
                 Ed25519KeyPairGenerator keyGen = new();

diff --git a/src/wan24-Crypto-BC/AsymmetricEd448Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricEd448Algorithm.cs
@@ -75,6 +75,7 @@ public override AsymmetricEd448PrivateKey CreateKeyPair(CryptoOptions? options =
         {
             try
             {
+                EnsureAllowed();
                 options ??= DefaultOptions;
                 if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
                 Ed448KeyPairGenerator keyGen = new();

diff --git a/src/wan24-Crypto-BC/AsymmetricSNtruPrimeAlgorithm.cs b/src/wan24-Crypto-BC/AsymmetricSNtruPrimeAlgorithm.cs
@@ -76,6 +76,7 @@ public override AsymmetricSNtruPrimePrivateKey CreateKeyPair(CryptoOptions? opti
         {
             try
             {
+                EnsureAllowed();
                 options ??= DefaultOptions;
                 if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
                 SNtruPrimeKeyPairGenerator keyGen = new();

diff --git a/src/wan24-Crypto-BC/AsymmetricX25519Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricX25519Algorithm.cs
@@ -74,6 +74,7 @@ public override AsymmetricX25519PrivateKey CreateKeyPair(CryptoOptions? options
         {
             try
             {
+                EnsureAllowed();
                 options ??= DefaultOptions;
                 if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
                 X25519KeyPairGenerator keyGen = new();

diff --git a/src/wan24-Crypto-BC/AsymmetricX25519PrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricX25519PrivateKey.cs
@@ -46,7 +46,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                Algorithm.EnsureAllowed();
                 publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
                 if (publicKey is not AsymmetricX25519PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
                 return (DeriveKey(publicKey), PublicKey.KeyData.Array.CloneArray());
@@ -66,7 +66,7 @@ public override byte[] DeriveKey(byte[] keyExchangeData)
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                EnsurePqcRequirement();
                 using AsymmetricX25519PublicKey publicKey = new(keyExchangeData);
                 return DeriveKey(publicKey as IAsymmetricPublicKey);
             }
@@ -82,7 +82,7 @@ public override byte[] DeriveKey(IAsymmetricPublicKey publicKey)
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                EnsurePqcRequirement();
                 if (publicKey is not AsymmetricX25519PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
                 X25519Agreement agreement = new();
                 agreement.Init(PrivateKey);

diff --git a/src/wan24-Crypto-BC/AsymmetricX448Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricX448Algorithm.cs
@@ -75,6 +75,7 @@ public override AsymmetricX448PrivateKey CreateKeyPair(CryptoOptions? options =
         {
             try
             {
+                EnsureAllowed();
                 options ??= DefaultOptions;
                 if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
                 X448KeyPairGenerator keyGen = new();

diff --git a/src/wan24-Crypto-BC/AsymmetricX448PrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricX448PrivateKey.cs
@@ -67,7 +67,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                Algorithm.EnsureAllowed();
                 publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
                 if (publicKey is not AsymmetricX448PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
                 return (DeriveKey(publicKey), PublicKey.KeyData.Array.CloneArray());
@@ -87,7 +87,7 @@ public override byte[] DeriveKey(byte[] keyExchangeData)
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                EnsurePqcRequirement();
                 using AsymmetricX448PublicKey publicKey = new(keyExchangeData);
                 return DeriveKey(publicKey as IAsymmetricPublicKey);
             }
@@ -103,7 +103,7 @@ public override byte[] DeriveKey(IAsymmetricPublicKey publicKey)
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                EnsurePqcRequirement();
                 if (publicKey is not AsymmetricX448PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
                 X448Agreement agreement = new();
                 agreement.Init(PrivateKey);

diff --git a/src/wan24-Crypto-BC/AsymmetricXEd25519Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricXEd25519Algorithm.cs
@@ -74,6 +74,7 @@ public override AsymmetricXEd25519PrivateKey CreateKeyPair(CryptoOptions? option
         {
             try
             {
+                EnsureAllowed();
                 options ??= DefaultOptions;
                 if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
                 Ed25519KeyPairGenerator keyGen = new();

diff --git a/src/wan24-Crypto-BC/AsymmetricXEd25519PrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricXEd25519PrivateKey.cs
@@ -86,7 +86,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                Algorithm.EnsureAllowed();
                 publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
                 if (publicKey is not AsymmetricXEd25519PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
                 return GetX25519Key().GetKeyExchangeData(key._PublicKey2 ?? throw new InvalidOperationException(), options);

diff --git a/src/wan24-Crypto-BC/AsymmetricXEd448Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricXEd448Algorithm.cs
@@ -3,6 +3,7 @@
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Security;
 using System.Collections.Frozen;
+using System.Security;
 using wan24.Core;
 
 namespace wan24.Crypto.BC
@@ -75,6 +76,7 @@ public override AsymmetricXEd448PrivateKey CreateKeyPair(CryptoOptions? options
         {
             try
             {
+                EnsureAllowed();
                 options ??= DefaultOptions;
                 if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
                 Ed448KeyPairGenerator keyGen = new();

diff --git a/src/wan24-Crypto-BC/AsymmetricXEd448PrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricXEd448PrivateKey.cs
@@ -1,6 +1,7 @@
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Crypto.Signers;
+using System.Security;
 using wan24.Core;
 
 namespace wan24.Crypto.BC
@@ -95,7 +96,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
             try
             {
                 EnsureUndisposed();
-                if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+                Algorithm.EnsureAllowed();
                 publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
                 if (publicKey is not AsymmetricXEd448PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
                 return GetX448Key().GetKeyExchangeData(key._PublicKey2 ?? throw new InvalidOperationException(), options);

diff --git a/src/wan24-Crypto-BC/BcEllipticCurves.cs b/src/wan24-Crypto-BC/BcEllipticCurves.cs
@@ -26,7 +26,7 @@ public static class BcEllipticCurves
         /// </summary>
         /// <param name="curve">Curve name</param>
         /// <returns>Key size in bits</returns>
-        public static int GetKeySize(ECDomainParameters curve)
+        public static int GetKeySize(in ECDomainParameters curve)
         {
             if (curve.Equals(SECP256R1_CURVE)) return EllipticCurves.SECP256R1_KEY_SIZE;
             if (curve.Equals(SECP384R1_CURVE)) return EllipticCurves.SECP384R1_KEY_SIZE;
@@ -39,12 +39,25 @@ public static int GetKeySize(ECDomainParameters curve)
         /// </summary>
         /// <param name="bits">Key size in bits</param>
         /// <returns>Curve name</returns>
-        public static ECDomainParameters GetCurve(int bits) => bits switch
+        public static ECDomainParameters GetCurve(in int bits) => bits switch
         {
             EllipticCurves.SECP256R1_KEY_SIZE => SECP256R1_CURVE,
             EllipticCurves.SECP384R1_KEY_SIZE => SECP384R1_CURVE,
             EllipticCurves.SECP521R1_KEY_SIZE => SECP521R1_CURVE,
             _ => throw new ArgumentException("Unknown key size", nameof(bits))
         };
+
+        /// <summary>
+        /// Determine if an elliptic curve is allowed
+        /// </summary>
+        /// <param name="curve">Curve</param>
+        /// <returns>If the elliptic curve is allowed</returns>
+        public static bool IsCurveAllowed(in ECDomainParameters curve) => EllipticCurves.IsCurveAllowed(GetKeySize(curve));
+
+        /// <summary>
+        /// Deny an elliptic curve
+        /// </summary>
+        /// <param name="curve">Curve</param>
+        public static void DenyCurve(in ECDomainParameters curve) => EllipticCurves.DenyCurve(GetKeySize(curve));
     }
 }
diff --git a/src/wan24-Crypto-BC/BouncyCastle.cs b/src/wan24-Crypto-BC/BouncyCastle.cs
@@ -1,4 +1,8 @@
-namespace wan24.Crypto.BC
+
+//TODO Add v2 SEIPD encryption algorithms as an alternate to AEAD
+//TODO Add Argon2 S2K KDF algorithm
+
+namespace wan24.Crypto.BC
 {
     /// <summary>
     /// Bouncy Castle helper

diff --git a/src/wan24-Crypto-BC/BouncyCastleAeadCipherAlgorithmBase.cs b/src/wan24-Crypto-BC/BouncyCastleAeadCipherAlgorithmBase.cs
@@ -31,6 +31,7 @@ protected sealed override ICryptoTransform GetEncryptor(Stream cipherData, Crypt
         {
             try
             {
+                EnsureAllowed();
                 IBufferedCipher cipher = CreateCipher(forEncryption: true, options);
                 byte[] iv = CreateIvBytes();
                 cipher.Init(forEncryption: true, CreateParameters(iv, options));
@@ -52,6 +53,7 @@ protected sealed override async Task<ICryptoTransform> GetEncryptorAsync(Stream
         {
             try
             {
+                EnsureAllowed();
                 IBufferedCipher cipher = CreateCipher(forEncryption: true, options);
                 byte[] iv = CreateIvBytes();
                 cipher.Init(forEncryption: true, CreateParameters(iv, options));

diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricAlgorithmBase.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricAlgorithmBase.cs
@@ -54,6 +54,7 @@ public override tPrivate CreateKeyPair(CryptoOptions? options = null)
         {
             try
             {
+                EnsureAllowed();
                 options ??= DefaultOptions;
                 if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
                 tKeyGen keyGen = new();

diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase.cs
@@ -53,6 +53,8 @@ public override byte[] SignHashRaw(byte[] hash)
             try
             {
                 EnsureUndisposed();
+                Algorithm.EnsureAllowed();
+                EnsureAllowedCurve();
                 tSigner signer = new();
                 signer.Init(forSigning: true, PrivateKey);
                 signer.BlockUpdate(hash);

diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase2.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase2.cs
@@ -53,6 +53,8 @@ public override byte[] SignHashRaw(byte[] hash)
             try
             {
                 EnsureUndisposed();
+                Algorithm.EnsureAllowed();
+                EnsureAllowedCurve();
                 tSigner signer = Activator.CreateInstance(typeof(tSigner), Array.Empty<byte>()) as tSigner
                     ?? throw CryptographicException.From(new InvalidProgramException($"Failed to instance {typeof(tSigner)}"));
                 signer.Init(forSigning: true, PrivateKey);

diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateKeyExchangeKeyBase.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateKeyExchangeKeyBase.cs
@@ -57,6 +57,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
             try
             {
                 EnsureUndisposed();
+                Algorithm.EnsureAllowed();
                 publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
                 if (publicKey is not tPublic key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
                 tGenerator generator = Activator.CreateInstance(typeof(tGenerator), new SecureRandom(BouncyCastleRandomGenerator.Instance())) as tGenerator

diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateSignatureKeyBase.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateSignatureKeyBase.cs
@@ -54,6 +54,7 @@ public sealed override byte[] SignHashRaw(byte[] hash)
             try
             {
                 EnsureUndisposed();
+                Algorithm.EnsureAllowed();
                 tSigner signer = new();
                 signer.Init(forSigning: true, PrivateKey);
                 return signer.GenerateSignature(hash);

diff --git a/src/wan24-Crypto-BC/BouncyCastleBlockCipherAlgorithmBase.cs b/src/wan24-Crypto-BC/BouncyCastleBlockCipherAlgorithmBase.cs
@@ -45,6 +45,7 @@ protected sealed override ICryptoTransform GetEncryptor(Stream cipherData, Crypt
         {
             try
             {
+                EnsureAllowed();
                 IBlockCipher cipher = CreateCipher(forEncryption: true, options);
                 byte[] iv = CreateIvBytes();
                 cipher.Init(forEncryption: true, CreateParameters(iv, options));
@@ -66,6 +67,7 @@ protected sealed override async Task<ICryptoTransform> GetEncryptorAsync(Stream
         {
             try
             {
+                EnsureAllowed();
                 IBlockCipher cipher = CreateCipher(forEncryption: true, options);
                 byte[] iv = CreateIvBytes();
                 cipher.Init(forEncryption: true, CreateParameters(iv, options));

diff --git a/src/wan24-Crypto-BC/StreamCipherRng.cs b/src/wan24-Crypto-BC/StreamCipherRng.cs
@@ -43,6 +43,7 @@ public StreamCipherRng(
             Algorithm = algorithm;
             try
             {
+                algorithm.EnsureAllowed();
                 if (algorithm.BlockSize != 1) throw new ArgumentException("Stream cipher required", nameof(algorithm));
                 if (bufferSize.HasValue && bufferSize.Value < Algorithm.IvSize)
                     throw new ArgumentOutOfRangeException(nameof(bufferSize), $"Min. buffer size for {algorithm.DisplayName} is {algorithm.IvSize} byte");

diff --git a/src/wan24-Crypto-BC/wan24-Crypto-BC.csproj b/src/wan24-Crypto-BC/wan24-Crypto-BC.csproj
@@ -9,7 +9,7 @@
     <GenerateDocumentationFile>True</GenerateDocumentationFile>
     <PackageId>wan24-Crypto-BC</PackageId>
     <Title>wan24-Crypto-BC</Title>
-    <Version>3.3.0</Version>
+    <Version>3.4.0</Version>
     <Authors>nd1012</Authors>
     <Company>Andreas Zimmermann, wan24.de</Company>
     <Product>wan24-Crypto-BC</Product>
@@ -33,8 +33,8 @@
 
   <ItemGroup>
     <PackageReference Include="BouncyCastle.Cryptography" Version="2.3.0" />
-    <PackageReference Include="wan24-Core" Version="2.9.2" Condition="'$(Configuration)' != 'Trunk'" />
-    <PackageReference Include="wan24-Crypto" Version="2.6.0" Condition="'$(Configuration)' != 'Trunk'" />
+    <PackageReference Include="wan24-Core" Version="2.10.0" Condition="'$(Configuration)' != 'Trunk'" />
+    <PackageReference Include="wan24-Crypto" Version="2.7.0" Condition="'$(Configuration)' != 'Trunk'" />
 	<ProjectReference Include="..\..\..\wan24-Core\src\Wan24-Core\Wan24-Core.csproj" Condition="'$(Configuration)' == 'Trunk'" />
 	<ProjectReference Include="..\..\..\wan24-Crypto\src\wan24-Crypto\wan24-Crypto.csproj" Condition="'$(Configuration)' == 'Trunk'" />
   </ItemGroup>