further work on constraints.

Author: dghgit

core/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java

@@ -1,9 +1,11 @@
 package org.bouncycastle.crypto.engines;
 
 import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.util.Pack;
 
@@ -51,9 +53,10 @@ public void init(
          * irrelevant.
          */
         KeyParameter p = (KeyParameter)params;
-        setKey(p.getKey());
-        
-        return;
+        byte[] key = p.getKey();
+        setKey(key);
+
+        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties(getAlgorithmName(), key.length < 32 ? key.length * 8 : 256, params, Utils.getPurpose(forEncryption)));
     }
 
     public byte returnByte(byte in)

core/src/main/java/org/bouncycastle/crypto/engines/SEEDEngine.java

@@ -2,9 +2,11 @@
 
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.StatelessProcessing;
+import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
 import org.bouncycastle.crypto.params.KeyParameter;
 
 /**
@@ -179,6 +181,8 @@ public void init(boolean forEncryption, CipherParameters params) throws IllegalA
     {
         this.forEncryption = forEncryption;
         wKey = createWorkingKey(((KeyParameter)params).getKey());
+        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties(
+                    this.getAlgorithmName(), 128, params, Utils.getPurpose(forEncryption)));
     }
 
     public String getAlgorithmName()

core/src/main/java/org/bouncycastle/crypto/engines/Shacal2Engine.java

@@ -2,8 +2,10 @@
 
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.OutputLengthException;
+import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
 import org.bouncycastle.crypto.params.KeyParameter;
 
 /**
@@ -65,7 +67,11 @@ public void init(boolean _forEncryption, CipherParameters  params)
         }
         this.forEncryption = _forEncryption;
         workingKey = new int[64];
-        setKey( ((KeyParameter)params).getKey() );
+        byte[] key = ((KeyParameter)params).getKey();
+        setKey(key);
+        int keyBits = key.length * 8;
+        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties(
+                    this.getAlgorithmName(), keyBits < 256 ? keyBits : 256, params, Utils.getPurpose(forEncryption)));
     }
 
     public void setKey(byte[] kb) 

core/src/main/java/org/bouncycastle/crypto/engines/XTEAEngine.java

@@ -2,8 +2,10 @@
 
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.OutputLengthException;
+import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
 import org.bouncycastle.crypto.params.KeyParameter;
 
 /**
@@ -68,6 +70,8 @@ public void init(
         KeyParameter       p = (KeyParameter)params;
 
         setKey(p.getKey());
+        CryptoServicesRegistrar.checkConstraints(new DefaultServiceProperties(
+                    this.getAlgorithmName(), 128, params, Utils.getPurpose(forEncryption)));
     }
 
     public int processBlock(

core/src/test/java/org/bouncycastle/crypto/test/CryptoServiceConstraintsTest.java

@@ -50,6 +50,7 @@
 import org.bouncycastle.crypto.engines.AESLightEngine;
 import org.bouncycastle.crypto.engines.BlowfishEngine;
 import org.bouncycastle.crypto.engines.CAST5Engine;
+import org.bouncycastle.crypto.engines.CAST6Engine;
 import org.bouncycastle.crypto.engines.CamelliaEngine;
 import org.bouncycastle.crypto.engines.CamelliaLightEngine;
 import org.bouncycastle.crypto.engines.ChaCha7539Engine;
@@ -60,15 +61,18 @@
 import org.bouncycastle.crypto.engines.HC128Engine;
 import org.bouncycastle.crypto.engines.HC256Engine;
 import org.bouncycastle.crypto.engines.IDEAEngine;
+import org.bouncycastle.crypto.engines.ISAACEngine;
 import org.bouncycastle.crypto.engines.RC4Engine;
 import org.bouncycastle.crypto.engines.RC532Engine;
 import org.bouncycastle.crypto.engines.RC564Engine;
 import org.bouncycastle.crypto.engines.RSAEngine;
 import org.bouncycastle.crypto.engines.RijndaelEngine;
+import org.bouncycastle.crypto.engines.SEEDEngine;
 import org.bouncycastle.crypto.engines.SM2Engine;
 import org.bouncycastle.crypto.engines.SM4Engine;
 import org.bouncycastle.crypto.engines.Salsa20Engine;
 import org.bouncycastle.crypto.engines.SerpentEngine;
+import org.bouncycastle.crypto.engines.Shacal2Engine;
 import org.bouncycastle.crypto.engines.SkipjackEngine;
 import org.bouncycastle.crypto.engines.TEAEngine;
 import org.bouncycastle.crypto.engines.ThreefishEngine;
@@ -190,6 +194,7 @@ public void performTest()
         testARIA();
         testIDEA();
         testCAST5();
+        testCAST6();
         testCamelliaLight();
         testCamellia();
         testBlowfish();
@@ -205,13 +210,17 @@ public void performTest()
         testSM2Cipher();
         testSM4();
         testTEA();
+        testXTEA();
         testThreefish();
         testSalsa20AndXSalsa20AndChaCha();
         testZuc128AndZuc256();
         testVMPCAndVMPCKSA();
         testRC532AndRC564();
         testRijndael();
         testHC128AndHC256();
+        testSEED();
+        testISAAC();
+        testShacal2();
     }
 
     private void test112bits()
@@ -716,6 +725,24 @@ private void testCAST5()
             isEquals("service does not provide 256 bits of security only 128", e.getMessage());
         }
 
+        engine.init(false, new KeyParameter(new byte[16]));
+
+        CryptoServicesRegistrar.setServicesConstraints(null);
+    }
+
+    private void testSEED()
+    {
+        CryptoServicesRegistrar.setServicesConstraints(new LegacyBitsOfSecurityConstraint(256));
+        SEEDEngine engine = new SEEDEngine();
+        try
+        {
+            engine.init(true, new KeyParameter(new byte[16]));
+            fail("no exception!");
+        }
+        catch (CryptoServiceConstraintsException e)
+        {
+            isEquals("service does not provide 256 bits of security only 128", e.getMessage());
+        }
 
         engine.init(false, new KeyParameter(new byte[16]));
 
@@ -1617,12 +1644,12 @@ private void testECIESKEM()
         ecKp.init(new ECKeyGenerationParameters(new ECDomainParameters(X962NamedCurves.getByName("prime192v1")), random));
         AsymmetricCipherKeyPair kp = ecKp.generateKeyPair();
 
-        byte[]                out = new byte[49];
+        byte[] out = new byte[49];
         ECIESKeyEncapsulation kem = new ECIESKeyEncapsulation(kdf, random);
 
         kem.init(kp.getPublic());
         KeyParameter key1 = (KeyParameter)kem.encrypt(out, 128);
-   
+
         CryptoServicesRegistrar.setServicesConstraints(new LegacyBitsOfSecurityConstraint(128, 80));
 
 
@@ -1686,6 +1713,88 @@ private void testTEA()
         CryptoServicesRegistrar.setServicesConstraints(null);
     }
 
+    private void testXTEA()
+    {
+        CryptoServicesRegistrar.setServicesConstraints(new LegacyBitsOfSecurityConstraint(256, 128));
+        TEAEngine engine = new TEAEngine();
+        try
+        {
+            engine.init(true, new KeyParameter(new byte[16]));
+            fail("no exception!");
+        }
+        catch (CryptoServiceConstraintsException e)
+        {
+            isEquals("service does not provide 256 bits of security only 128", e.getMessage());
+        }
+
+        engine.init(false, new KeyParameter(new byte[16]));
+
+        CryptoServicesRegistrar.setServicesConstraints(null);
+    }
+
+    private void testCAST6()
+    {
+        CryptoServicesRegistrar.setServicesConstraints(new LegacyBitsOfSecurityConstraint(256, 128));
+        CAST6Engine engine = new CAST6Engine();
+        try
+        {
+            engine.init(true, new KeyParameter(new byte[16]));
+            fail("no exception!");
+        }
+        catch (CryptoServiceConstraintsException e)
+        {
+            isEquals("service does not provide 256 bits of security only 128", e.getMessage());
+        }
+
+        engine.init(false, new KeyParameter(new byte[16]));     // should work
+
+        engine.init(true, new KeyParameter(new byte[32]));      // should work
+
+        CryptoServicesRegistrar.setServicesConstraints(null);
+    }
+
+    private void testISAAC()
+    {
+        CryptoServicesRegistrar.setServicesConstraints(new LegacyBitsOfSecurityConstraint(256, 128));
+        ISAACEngine engine = new ISAACEngine();
+        try
+        {
+            engine.init(true, new KeyParameter(new byte[16]));
+            fail("no exception!");
+        }
+        catch (CryptoServiceConstraintsException e)
+        {
+            isEquals("service does not provide 256 bits of security only 128", e.getMessage());
+        }
+
+        engine.init(false, new KeyParameter(new byte[16]));     // should work
+
+        engine.init(true, new KeyParameter(new byte[32]));      // should work
+
+        CryptoServicesRegistrar.setServicesConstraints(null);
+    }
+
+    private void testShacal2()
+    {
+        CryptoServicesRegistrar.setServicesConstraints(new LegacyBitsOfSecurityConstraint(256, 128));
+        Shacal2Engine engine = new Shacal2Engine();
+        try
+        {
+            engine.init(true, new KeyParameter(new byte[16]));
+            fail("no exception!");
+        }
+        catch (CryptoServiceConstraintsException e)
+        {
+            isEquals("service does not provide 256 bits of security only 128", e.getMessage());
+        }
+
+        engine.init(false, new KeyParameter(new byte[16]));     // should work
+
+        engine.init(true, new KeyParameter(new byte[32]));      // should work
+
+        CryptoServicesRegistrar.setServicesConstraints(null);
+    }
+
     private void testThreefish()
     {
         CryptoServicesRegistrar.setServicesConstraints(new LegacyBitsOfSecurityConstraint(384, 256));
@@ -1778,7 +1887,7 @@ private void testZuc128AndZuc256()
         }
         catch (CryptoServiceConstraintsException e)
         {
-            isEquals(e.getMessage(),"service does not provide 256 bits of security only 128", e.getMessage());
+            isEquals(e.getMessage(), "service does not provide 256 bits of security only 128", e.getMessage());
         }
 
         xengine.init(true, new ParametersWithIV(new KeyParameter(new byte[32]), new byte[25]));
@@ -1800,7 +1909,7 @@ private void testVMPCAndVMPCKSA()
         }
         catch (CryptoServiceConstraintsException e)
         {
-            isEquals(e.getMessage(),"service does not provide 256 bits of security only 128", e.getMessage());
+            isEquals(e.getMessage(), "service does not provide 256 bits of security only 128", e.getMessage());
         }
 
         xengine.init(true, new ParametersWithIV(new KeyParameter(new byte[32]), new byte[25]));
@@ -1822,7 +1931,7 @@ private void testRC532AndRC564()
         }
         catch (CryptoServiceConstraintsException e)
         {
-            isEquals(e.getMessage(),"service does not provide 256 bits of security only 128", e.getMessage());
+            isEquals(e.getMessage(), "service does not provide 256 bits of security only 128", e.getMessage());
         }
 
         try
@@ -1832,7 +1941,7 @@ private void testRC532AndRC564()
         }
         catch (CryptoServiceConstraintsException e)
         {
-            isEquals(e.getMessage(),"service does not provide 256 bits of security only 128", e.getMessage());
+            isEquals(e.getMessage(), "service does not provide 256 bits of security only 128", e.getMessage());
         }
 
         xengine.init(true, new RC5Parameters(new byte[32], 12));
@@ -1861,6 +1970,7 @@ private void testRijndael()
 
         CryptoServicesRegistrar.setServicesConstraints(null);
     }
+
     private void testHC128AndHC256()
     {
         CryptoServicesRegistrar.setServicesConstraints(new LegacyBitsOfSecurityConstraint(256, 128));
@@ -1873,7 +1983,7 @@ private void testHC128AndHC256()
         }
         catch (CryptoServiceConstraintsException e)
         {
-            isEquals(e.getMessage(),"service does not provide 256 bits of security only 128", e.getMessage());
+            isEquals(e.getMessage(), "service does not provide 256 bits of security only 128", e.getMessage());
         }
 
         xengine.init(false, new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]));
@@ -1905,12 +2015,12 @@ private void testSM2Cipher()
         }
         catch (CryptoServiceConstraintsException e)
         {
-            isEquals(e.getMessage(),"service does not provide 256 bits of security only 128", e.getMessage());
+            isEquals(e.getMessage(), "service does not provide 256 bits of security only 128", e.getMessage());
         }
 
         // decryption should be okay
         engine.init(false, kp.getPrivate());
-        
+
         CryptoServicesRegistrar.setServicesConstraints(null);
     }