protected override byte[] engineGenerateKey()
{
byte[] array = new byte[strength];
do
{
random.NextBytes(array);
DesParameters.SetOddParity(array);
}while (DesEdeParameters.IsWeakKey(array, 0, array.Length) || !DesEdeParameters.IsRealEdeKey(array, 0));
return(array);
}
private static void ValidateKeyUse(Algorithm keyAlg, byte[] keyBytes, Algorithm usageAlg, bool forReading)
{
// FSM_STATE:5.11,"TDES KEY VALIDITY TEST", "The module is validating the size and purpose of an TDES key"
// FSM_TRANS:5.TDES.0,"CONDITIONAL TEST", "TDES KEY VALIDITY TEST", "Invoke Validity test on TDES key"
int keyLength = keyBytes.Length * 8;
if (!forReading) // decryption using 2 key TDES okay,
{
if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
{
if (keyLength == 128)
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("key must be of length 192 bits: " + usageAlg.Name);
}
if (!DesEdeParameters.IsReal3Key(keyBytes))
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("key not real 3-Key TripleDES key");
}
}
}
if (!Properties.IsOverrideSet("Org.BouncyCastle.TripleDes.AllowWeak"))
{
if (!forReading)
{
if (!DesEdeParameters.IsRealEdeKey(keyBytes))
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("attempt to use repeated DES key: " + usageAlg.Name);
}
if (DesEdeParameters.IsWeakKey(keyBytes, 0, keyBytes.Length))
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("attempt to use weak key: " + usageAlg.Name);
}
}
}
if (keyAlg != Alg && keyAlg != Alg112 && keyAlg != Alg168)
{
if (keyAlg != usageAlg)
{
// FSM_TRANS:5.TDES.2,"TDES KEY VALIDITY TEST", "USER COMMAND REJECTED", "Validity test on TDES key failed"
throw new IllegalKeyException("FIPS key not for specified algorithm");
}
}
// FSM_TRANS:5.TDES.0,"TDES KEY VALIDITY TEST", "CONDITIONAL TEST", "Validity test on TDES key successful"
}
public byte[] generateKey()
{
byte[] newKey = new byte[strength];
int count = 0;
do
{
random.NextBytes(newKey);
DesParameters.SetOddParity(newKey);
}while (DesEdeParameters.IsWeakKey(newKey, 0, newKey.Length) && !DesEdeParameters.IsRealEdeKey(newKey) && count++ < 10);
if (DesEdeParameters.IsWeakKey(newKey, 0, newKey.Length) || !DesEdeParameters.IsRealEdeKey(newKey))
{
// if this happens there's got to be something terribly wrong.
throw new CryptoOperationError("Failed to generate a valid TripleDES key: " + algorithm.Name);
}
return(newKey);
}
