Spec compliance: NIST min-length, tag validation, simple masking

lgutschow · lgutschow · commit a19c00c0fa3b · 2026-04-07T20:36:02.000-04:00
- FF1/FF3: enforce NIST minimum domain size (radix^len &gt;= 1,000,000)
- Tags: must be specified in policy, no auto-generation, error on missing
- Mask: simple patterns (last4, first1, full), not template-based
- Zero encryptable chars → error
- Tests updated with explicit tags and tag_enabled:false
diff --git a/src/main/java/io/cyphera/Cyphera.java b/src/main/java/io/cyphera/Cyphera.java
@@ -133,7 +133,12 @@ private String protectFpe(String value, Policy policy, boolean ff3) {
                 }
             }
 
-            // 2. Encrypt
+            // 2. Check for zero encryptable chars
+            if (encryptable.length() == 0) {
+                throw new IllegalArgumentException("No encryptable characters in input");
+            }
+
+            // 3. Encrypt
             String encrypted;
             if (ff3) {
                 encrypted = new FF3(key, new byte[8], alphabet).encrypt(encryptable.toString());
@@ -165,25 +170,28 @@ private String protectMask(String value, Policy policy) {
         String pattern = policy.pattern();
         if (pattern == null) throw new IllegalArgumentException("Mask policy requires 'pattern'");
 
-        // Simple pattern: replace * with *, {last4} with last 4 chars, {first3} with first 3 chars
-        String result = pattern;
-        if (result.contains("{last4}")) {
-            String last4 = value.length() >= 4 ? value.substring(value.length() - 4) : value;
-            result = result.replace("{last4}", last4);
-        }
-        if (result.contains("{last2}")) {
-            String last2 = value.length() >= 2 ? value.substring(value.length() - 2) : value;
-            result = result.replace("{last2}", last2);
-        }
-        if (result.contains("{first3}")) {
-            String first3 = value.length() >= 3 ? value.substring(0, 3) : value;
-            result = result.replace("{first3}", first3);
+        int len = value.length();
+        char mask = '*';
+
+        switch (pattern) {
+            case "last4": case "last_4":
+                return repeat(mask, Math.max(0, len - 4)) + value.substring(Math.max(0, len - 4));
+            case "last2": case "last_2":
+                return repeat(mask, Math.max(0, len - 2)) + value.substring(Math.max(0, len - 2));
+            case "first1": case "first_1":
+                return (len >= 1 ? value.substring(0, 1) : "") + repeat(mask, Math.max(0, len - 1));
+            case "first3": case "first_3":
+                return (len >= 3 ? value.substring(0, 3) : value) + repeat(mask, Math.max(0, len - 3));
+            case "full":
+            default:
+                return repeat(mask, len);
         }
-        if (result.contains("{first1}")) {
-            String first1 = value.length() >= 1 ? value.substring(0, 1) : value;
-            result = result.replace("{first1}", first1);
-        }
-        return result;
+    }
+
+    private static String repeat(char c, int count) {
+        StringBuilder sb = new StringBuilder(count);
+        for (int i = 0; i < count; i++) sb.append(c);
+        return sb.toString();
     }
 
     // -- Internal: Hash protect --
diff --git a/src/main/java/io/cyphera/Policy.java b/src/main/java/io/cyphera/Policy.java
@@ -55,32 +55,14 @@ public static Policy fromMap(String name, Map<String, Object> map) {
         String pattern = (String) map.get("pattern");
         String algorithm = (String) map.getOrDefault("algorithm", "sha256");
 
-        // Auto-generate tag if not provided and tag is enabled
-        if (tag == null && tagEnabled) {
-            tag = generateTag(name, tagLength);
+        // Tag must be provided in policy if tag_enabled is true
+        if (tagEnabled && (tag == null || tag.isEmpty())) {
+            throw new IllegalArgumentException("Policy '" + name + "' has tag_enabled=true but no tag specified. The tag must be set in the policy.");
         }
 
         return new Policy(name, engine, alphabet, keyRef, tag, tagEnabled, tagLength, pattern, algorithm);
     }
 
-    // Generate a deterministic tag from the policy name
-    // Use a simple hash of the name to pick chars from ALPHANUMERIC
-    private static String generateTag(String name, int length) {
-        String chars = Alphabets.ALPHANUMERIC;
-        int hash = 0;
-        for (int i = 0; i < name.length(); i++) {
-            hash = 31 * hash + name.charAt(i);
-        }
-        StringBuilder sb = new StringBuilder(length);
-        for (int i = 0; i < length; i++) {
-            // Mix bits for each position
-            int h = hash ^ (hash >>> 16) ^ (i * 0x9e3779b9);
-            if (h < 0) h = -h;
-            sb.append(chars.charAt(h % chars.length()));
-        }
-        return sb.toString();
-    }
-
     public boolean isReversible() {
         return "ff1".equals(engine) || "ff3".equals(engine) || "aes_gcm".equals(engine);
     }
diff --git a/src/main/java/io/cyphera/engine/ff1/FF1.java b/src/main/java/io/cyphera/engine/ff1/FF1.java
@@ -30,12 +30,28 @@ public FF1(byte[] key, byte[] tweak, String alphabet) throws Exception {
     }
 
     public String encrypt(String plaintext) throws Exception {
+        if (plaintext.isEmpty())
+            throw new IllegalArgumentException("Input must not be empty");
+        // NIST SP 800-38G: radix^minlen >= 1,000,000
+        double domainSize = Math.pow(radix, plaintext.length());
+        if (domainSize < 1_000_000)
+            throw new IllegalArgumentException("Input too short: " + plaintext.length()
+                + " chars with radix " + radix + " (domain size " + (long) domainSize
+                + " < 1,000,000 minimum)");
+
         int[] digits = toDigits(plaintext);
         int[] result = ff1Encrypt(digits, tweak);
         return fromDigits(result);
     }
 
     public String decrypt(String ciphertext) throws Exception {
+        if (ciphertext.isEmpty())
+            throw new IllegalArgumentException("Input must not be empty");
+        double domainSize = Math.pow(radix, ciphertext.length());
+        if (domainSize < 1_000_000)
+            throw new IllegalArgumentException("Input too short: " + ciphertext.length()
+                + " chars with radix " + radix + " (domain size " + (long) domainSize
+                + " < 1,000,000 minimum)");
         int[] digits = toDigits(ciphertext);
         int[] result = ff1Decrypt(digits, tweak);
         return fromDigits(result);
diff --git a/src/main/java/io/cyphera/engine/ff3/FF3.java b/src/main/java/io/cyphera/engine/ff3/FF3.java
@@ -32,12 +32,30 @@ public FF3(byte[] key, byte[] tweak, String alphabet) throws Exception {
     }
 
     public String encrypt(String plaintext) throws Exception {
+        if (plaintext.isEmpty())
+            throw new IllegalArgumentException("Input must not be empty");
+        if (plaintext.length() < 2)
+            throw new IllegalArgumentException("FF3 requires at least 2 characters");
+        double domainSize = Math.pow(radix, plaintext.length());
+        if (domainSize < 1_000_000)
+            throw new IllegalArgumentException("Input too short: " + plaintext.length()
+                + " chars with radix " + radix + " (domain size " + (long) domainSize
+                + " < 1,000,000 minimum)");
         int[] digits = toDigits(plaintext);
         int[] result = ff3Encrypt(digits);
         return fromDigits(result);
     }
 
     public String decrypt(String ciphertext) throws Exception {
+        if (ciphertext.isEmpty())
+            throw new IllegalArgumentException("Input must not be empty");
+        if (ciphertext.length() < 2)
+            throw new IllegalArgumentException("FF3 requires at least 2 characters");
+        double domainSize = Math.pow(radix, ciphertext.length());
+        if (domainSize < 1_000_000)
+            throw new IllegalArgumentException("Input too short: " + ciphertext.length()
+                + " chars with radix " + radix + " (domain size " + (long) domainSize
+                + " < 1,000,000 minimum)");
         int[] digits = toDigits(ciphertext);
         int[] result = ff3Decrypt(digits);
         return fromDigits(result);
diff --git a/src/test/java/io/cyphera/CypheraTest.java b/src/test/java/io/cyphera/CypheraTest.java
@@ -17,6 +17,7 @@ private static Map<String, Object> buildConfig() {
         Map<String, Object> ssn = new HashMap<>();
         ssn.put("engine", "ff1");
         ssn.put("key_ref", "demo-key");
+        ssn.put("tag", "T01");
         // defaults: alphabet=alphanumeric, tag_enabled=true, tag_length=3
         policies.put("ssn", ssn);
 
@@ -29,13 +30,15 @@ private static Map<String, Object> buildConfig() {
 
         Map<String, Object> ssnMask = new HashMap<>();
         ssnMask.put("engine", "mask");
-        ssnMask.put("pattern", "***-**-{last4}");
+        ssnMask.put("pattern", "last4");
+        ssnMask.put("tag_enabled", false);
         policies.put("ssn_mask", ssnMask);
 
         Map<String, Object> ssnHash = new HashMap<>();
         ssnHash.put("engine", "hash");
         ssnHash.put("algorithm", "sha256");
         ssnHash.put("key_ref", "demo-key");
+        ssnHash.put("tag_enabled", false);
         policies.put("ssn_hash", ssnHash);
 
         config.put("policies", policies);
@@ -92,7 +95,7 @@ void protectAndAccessUntaggedDigits() {
     void protectMask() {
         Cyphera c = Cyphera.fromMap(buildConfig());
         String result = c.protect("123-45-6789", "ssn_mask");
-        assertEquals("***-**-6789", result);
+        assertEquals("*******6789", result);
     }
 
     @Test
@@ -150,6 +153,7 @@ void protectAndAccessAesGcm() {
         Map<String, Object> aesPolicy = new HashMap<>();
         aesPolicy.put("engine", "aes_gcm");
         aesPolicy.put("key_ref", "demo-key");
+        aesPolicy.put("tag", "T02");
         policies.put("ssn_aes", aesPolicy);
 
         Cyphera c = Cyphera.fromMap(config);
