protected override byte[] engineGenerateKey()
{
byte[] array = new byte[strength];
do
{
random.NextBytes(array);
DesParameters.SetOddParity(array);
}while (DesEdeParameters.IsWeakKey(array, 0, array.Length) || !DesEdeParameters.IsRealEdeKey(array, 0));
return(array);
}
protected override byte[] engineGenerateKey()
{
byte[] array;
do
{
array = this.random.GenerateSeed(this.strength);
DesParameters.SetOddParity(array);
}while (DesEdeParameters.IsWeakKey(array, 0, array.Length));
return(array);
}
protected override byte[] engineGenerateKey()
{
byte[] newKey;
do
{
newKey = random.GenerateSeed(strength);
DesEdeParameters.SetOddParity(newKey);
}while (DesEdeParameters.IsWeakKey(newKey, 0, newKey.Length));
return(newKey);
}
protected override byte[] engineGenerateKey()
{
byte[] newKey = new byte[strength];
do
{
random.NextBytes(newKey);
DesEdeParameters.SetOddParity(newKey);
}while (DesEdeParameters.IsWeakKey(newKey, 0, newKey.Length));
return(newKey);
}
private static void ValidateKeyUse(Algorithm keyAlg, byte[] keyBytes, Algorithm usageAlg, bool forReading)
{
// FSM_STATE:5.11,"TDES KEY VALIDITY TEST", "The module is validating the size and purpose of an TDES key"
// FSM_TRANS:5.TDES.0,"CONDITIONAL TEST", "TDES KEY VALIDITY TEST", "Invoke Validity test on TDES key"
int keyLength = keyBytes.Length * 8;
if (!forReading) // decryption using 2 key TDES okay,
{
if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
{
if (keyLength == 128)
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("key must be of length 192 bits: " + usageAlg.Name);
}
if (!DesEdeParameters.IsReal3Key(keyBytes))
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("key not real 3-Key TripleDES key");
}
}
}
if (!Properties.IsOverrideSet("Org.BouncyCastle.TripleDes.AllowWeak"))
{
if (!forReading)
{
if (!DesEdeParameters.IsRealEdeKey(keyBytes))
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("attempt to use repeated DES key: " + usageAlg.Name);
}
if (DesEdeParameters.IsWeakKey(keyBytes, 0, keyBytes.Length))
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("attempt to use weak key: " + usageAlg.Name);
}
}
}
if (keyAlg != Alg && keyAlg != Alg112 && keyAlg != Alg168)
{
if (keyAlg != usageAlg)
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("FIPS key not for specified algorithm");
}
}
// FSM_TRANS:5.TDES.0,"TDES KEY VALIDITY TEST", "CONDITIONAL TEST", "Validity test on TDES key successful"
}
public byte[] generateKey()
{
byte[] newKey = new byte[strength];
int count = 0;
do
{
random.NextBytes(newKey);
DesParameters.SetOddParity(newKey);
}while (DesEdeParameters.IsWeakKey(newKey, 0, newKey.Length) && !DesEdeParameters.IsRealEdeKey(newKey) && count++ < 10);
if (DesEdeParameters.IsWeakKey(newKey, 0, newKey.Length) || !DesEdeParameters.IsRealEdeKey(newKey))
{
// if this happens there's got to be something terribly wrong.
throw new CryptoOperationError("Failed to generate a valid TripleDES key: " + algorithm.Name);
}
return(newKey);
}
public override void PerformTest()
{
base.PerformTest();
byte[] kek1 = Hex.Decode("255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f");
byte[] iv1 = Hex.Decode("5dd4cbfc96f5453b");
byte[] in1 = Hex.Decode("2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98");
byte[] out1 = Hex.Decode("690107618ef092b3b48ca1796b234ae9fa33ebb4159604037db5d6a84eb3aac2768c632775a467d4");
WrapTest(1, kek1, iv1, in1, out1);
//
// key generation
//
SecureRandom random = new SecureRandom();
DesEdeKeyGenerator keyGen = new DesEdeKeyGenerator();
keyGen.Init(new KeyGenerationParameters(random, 112));
byte[] kB = keyGen.GenerateKey();
if (kB.Length != 16)
{
Fail("112 bit key wrong length.");
}
keyGen.Init(new KeyGenerationParameters(random, 168));
kB = keyGen.GenerateKey();
if (kB.Length != 24)
{
Fail("168 bit key wrong length.");
}
try
{
keyGen.Init(new KeyGenerationParameters(random, 200));
Fail("invalid key length not detected.");
}
catch (ArgumentException)
{
// expected
}
try
{
DesEdeParameters.IsWeakKey(new byte[4], 0);
Fail("no exception on small key");
}
catch (ArgumentException e)
{
if (!e.Message.Equals("key material too short."))
{
Fail("wrong exception");
}
}
try
{
new DesEdeParameters(weakKey);
Fail("no exception on weak key");
}
catch (ArgumentException e)
{
if (!e.Message.Equals("attempt to create weak DESede key"))
{
Fail("wrong exception");
}
}
}
