Thanks for the reply, Ed. I'm using the .NET APIs for some crypto, and yes
for those I use LegalKeySizes. But I use the BC Cipher types as well (IIRC
it's for a performance improvement) and I want to correctly report the
supported key sizes. And not just for AES but for all the algorithms
supported by BC and exposed by PCLCrypto. I guess hard-coding is the way
I'll have to go. I'll be guessing I guess since different crypto
implementations seem to support different key size ranges and I'm not
familiar enough with the BC code base (as in: not at all) to quickly find
the key sizes for each one.

In case you or anyone else can quickly do the research for me so I can
hard-code the expected results into PCLCrypto, the algorithms PCLCrypto
supports today are listed below (together with their key min size, max
size, and step size in bits, for .NET and BCrypt implementations):

    [InlineData(SymmetricAlgorithmName.Aes, 128, 256, 64)]
    [InlineData(SymmetricAlgorithmName.Des, 64, 64, 0)]
    [InlineData(SymmetricAlgorithmName.Rc4, 8, 512, 8)]
#if WinRT
    [InlineData(SymmetricAlgorithmName.Rc2, 16, 128, 8)]
    [InlineData(SymmetricAlgorithmName.TripleDes, 192, 192, 0)]
#else
    [InlineData(SymmetricAlgorithmName.Rc2, 40, 128, 8)]
    [InlineData(SymmetricAlgorithmName.TripleDes, 128, 192, 64)]


On Sat, Nov 28, 2015 at 8:33 PM Edward Ned Harvey (bouncycastle) <
bouncycas...@nedharvey.com> wrote:

> > From: Andrew Arnott [mailto:andrewarn...@gmail.com]
> >
> > I want to programmatically enumerate the allowed key sizes for a given
> > Cipher. Is there an API to do this?
>
> If it's a .NET cipher, you can use the LegalKeySizes property
>
> https://msdn.microsoft.com/en-us/library/system.security.cryptography.symmetricalgorithm.legalkeysizes(v=vs.110).aspx
>
> If it's a BouncyCastle derivative of IBlockCipher, there is no such
> analogous property of IBlockCipher. In fact, by looking at AESFastEngine,
> the only time the key size seems to be checked is during
> GenerateWorkingKey(), which is called by Init(). There, it's hard-coded in
> a private method, to check the Key length, must be 128, 192, or 256. Based
> on this, I'd say there is no programmatic way, nor even an enum you could
> use.
>

Reply via email to