protected override byte[] engineGenerateKey()
 {
     byte[] array = new byte[strength];
     do
     {
         random.NextBytes(array);
         DesParameters.SetOddParity(array);
     }while (DesEdeParameters.IsWeakKey(array, 0, array.Length) || !DesEdeParameters.IsRealEdeKey(array, 0));
     return(array);
 }
Esempio n. 2
0
        private static void ValidateKeyUse(Algorithm keyAlg, byte[] keyBytes, Algorithm usageAlg, bool forReading)
        {
            // FSM_STATE:5.11,"TDES KEY VALIDITY TEST", "The module is validating the size and purpose of an TDES key"
            // FSM_TRANS:5.TDES.0,"CONDITIONAL TEST", "TDES KEY VALIDITY TEST", "Invoke Validity test on TDES key"
            int keyLength = keyBytes.Length * 8;

            if (!forReading)      // decryption using 2 key TDES okay,
            {
                if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
                {
                    if (keyLength == 128)
                    {
                        // FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
                        throw new IllegalKeyException("key must be of length 192 bits: " + usageAlg.Name);
                    }

                    if (!DesEdeParameters.IsReal3Key(keyBytes))
                    {
                        // FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
                        throw new IllegalKeyException("key not real 3-Key TripleDES key");
                    }
                }
            }

            if (!Properties.IsOverrideSet("Org.BouncyCastle.TripleDes.AllowWeak"))
            {
                if (!forReading)
                {
                    if (!DesEdeParameters.IsRealEdeKey(keyBytes))
                    {
                        // FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
                        throw new IllegalKeyException("attempt to use repeated DES key: " + usageAlg.Name);
                    }
                    if (DesEdeParameters.IsWeakKey(keyBytes, 0, keyBytes.Length))
                    {
                        // FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
                        throw new IllegalKeyException("attempt to use weak key: " + usageAlg.Name);
                    }
                }
            }

            if (keyAlg != Alg && keyAlg != Alg112 && keyAlg != Alg168)
            {
                if (keyAlg != usageAlg)
                {
                    // FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
                    throw new IllegalKeyException("FIPS key not for specified algorithm");
                }
            }

            // FSM_TRANS:5.TDES.0,"TDES KEY VALIDITY TEST", "CONDITIONAL TEST", "Validity test on TDES key successful"
        }
        public byte[] generateKey()
        {
            byte[] newKey = new byte[strength];
            int    count  = 0;

            do
            {
                random.NextBytes(newKey);

                DesParameters.SetOddParity(newKey);
            }while (DesEdeParameters.IsWeakKey(newKey, 0, newKey.Length) && !DesEdeParameters.IsRealEdeKey(newKey) && count++ < 10);

            if (DesEdeParameters.IsWeakKey(newKey, 0, newKey.Length) || !DesEdeParameters.IsRealEdeKey(newKey))
            {
                // if this happens there's got to be something terribly wrong.
                throw new CryptoOperationError("Failed to generate a valid TripleDES key: " + algorithm.Name);
            }

            return(newKey);
        }