feat: align error messages + strict FF3 tweak (cross-SDK consistency)

Adopt the canonical spec error-message text so the .NET SDK matches
the rust reference byte-for-byte. Exception types remain
ArgumentException; only the message text inside changes. FF3 tweak
enforcement was already strict (8 bytes) and FF3-1 was already strict
(7 bytes); messages are normalized to the spec-mandated 'invalid
tweak length: N (expected M)' form. ToDigits in FF1/FF3 now reports
the offending char + position instead of throwing KeyNotFoundException.

Author: lgutschow

src/Cyphera/Cyphera.cs

@@ -66,7 +66,7 @@ public string Protect(string value, string configurationName)
                 "ff1" or "ff3" or "ff31" => ProtectFpe(value, configuration),
                 "mask" => ProtectMask(value, configuration),
                 "hash" => ProtectHash(value, configuration),
-                _ => throw new ArgumentException($"Unknown engine: {configuration.Engine}")
+                _ => throw new ArgumentException($"unknown engine: {configuration.Engine}")
             };
         }
 
@@ -80,14 +80,15 @@ public string Access(string protectedValue)
             {
                 if (protectedValue.Length > header.Length && protectedValue.StartsWith(header))
                 {
-                    var configuration = GetConfiguration(_headerIndex[header]);
+                    var name = _headerIndex[header];
+                    var configuration = GetConfiguration(name);
                     // Strip the header here so AccessFpe always receives raw headerless ciphertext.
                     var stripped = protectedValue[header.Length..];
-                    return AccessFpe(stripped, configuration);
+                    return AccessWithConfiguration(stripped, configuration, name);
                 }
             }
 
-            throw new ArgumentException("No matching header found");
+            throw new ArgumentException("no matching header found");
         }
 
         // Escape-hatch access for unique situations where the protected value
@@ -102,6 +103,14 @@ public string Access(string protectedValue, string configurationName)
             if (configurationName == null)
                 throw new ArgumentException("Access(value, configurationName) requires a configuration name.");
             var configuration = GetConfiguration(configurationName);
+            return AccessWithConfiguration(protectedValue, configuration, configurationName);
+        }
+
+        private string AccessWithConfiguration(string protectedValue, Configuration configuration, string configurationName)
+        {
+            if (configuration.Engine == "mask" || configuration.Engine == "hash")
+                throw new ArgumentException(
+                    $"cannot reverse '{configurationName}' — {configuration.Engine} is irreversible");
             return AccessFpe(protectedValue, configuration);
         }
 
@@ -131,7 +140,7 @@ private string ProtectFpe(string value, Configuration configuration)
 
             var (encryptable, positions, chars) = ExtractPassthroughs(value, alphabet);
             if (encryptable.Length == 0)
-                throw new ArgumentException("No encryptable characters in input");
+                throw new ArgumentException("no encryptable characters in input");
 
             string encrypted;
             if (configuration.Engine == "ff3")
@@ -164,8 +173,10 @@ private string ProtectFpe(string value, Configuration configuration)
         // a headerless value.
         private string AccessFpe(string protectedValue, Configuration configuration)
         {
+            // Callers (AccessWithConfiguration) have already filtered mask/hash;
+            // anything else here that isn't an FPE engine is an internal misuse.
             if (configuration.Engine != "ff1" && configuration.Engine != "ff3" && configuration.Engine != "ff31")
-                throw new ArgumentException($"Cannot reverse '{configuration.Engine}' — not reversible");
+                throw new ArgumentException($"unknown engine: {configuration.Engine}");
 
             var key = ResolveKey(configuration.KeyRef);
             var alphabet = configuration.Alphabet;
@@ -198,7 +209,7 @@ private string AccessFpe(string protectedValue, Configuration configuration)
         private static string ProtectMask(string value, Configuration configuration)
         {
             if (string.IsNullOrEmpty(configuration.Pattern))
-                throw new ArgumentException("Mask configuration requires 'pattern'");
+                throw new ArgumentException("mask pattern required");
 
             int len = value.Length;
             return configuration.Pattern switch
@@ -248,16 +259,16 @@ private string ProtectHash(string value, Configuration configuration)
         private Configuration GetConfiguration(string name)
         {
             if (!_configurations.TryGetValue(name, out var configuration))
-                throw new ArgumentException($"Unknown configuration: {name}");
+                throw new ArgumentException($"configuration not found: {name}");
             return configuration;
         }
 
         private byte[] ResolveKey(string? keyRef)
         {
             if (string.IsNullOrEmpty(keyRef))
-                throw new ArgumentException("No key_ref in configuration");
+                throw new ArgumentException("key error: no key_ref in configuration");
             if (!_keys.TryGetValue(keyRef, out var key))
-                throw new ArgumentException($"Unknown key: {keyRef}");
+                throw new ArgumentException($"key error: unknown key '{keyRef}'");
             return key;
         }
 
@@ -321,7 +332,7 @@ private void LoadKeys(JsonElement root)
                 }
                 else
                 {
-                    throw new ArgumentException($"Key '{name}' must have either 'material' or 'source'");
+                    throw new ArgumentException($"key error: key '{name}' must have either 'material' or 'source'");
                 }
             }
         }
@@ -372,12 +383,12 @@ private void LoadConfigurations(JsonElement root)
                 string? header = p.TryGetProperty("header", out var hv) ? hv.GetString() : null;
 
                 if (headerEnabled && string.IsNullOrEmpty(header))
-                    throw new ArgumentException($"Configuration '{kv.Name}' has header_enabled=true but no header specified");
+                    throw new ArgumentException("configuration error: header must be specified");
 
                 if (headerEnabled && header != null)
                 {
                     if (_headerIndex.ContainsKey(header))
-                        throw new ArgumentException($"Header collision: '{header}' used by both '{_headerIndex[header]}' and '{kv.Name}'");
+                        throw new ArgumentException("configuration error: header collision");
                     _headerIndex[header] = kv.Name;
                 }
 

src/Cyphera/FF1.cs

@@ -15,7 +15,7 @@ public class FF1
         public FF1(byte[] key, byte[] tweak, string alphabet = "0123456789abcdefghijklmnopqrstuvwxyz")
         {
             if (key.Length != 16 && key.Length != 24 && key.Length != 32)
-                throw new ArgumentException("Key must be 16, 24, or 32 bytes");
+                throw new ArgumentException($"invalid key length: {key.Length} (expected 16, 24, or 32)");
             if (alphabet.Length < 2)
                 throw new ArgumentException("Alphabet must have >= 2 chars");
 
@@ -30,7 +30,17 @@ public FF1(byte[] key, byte[] tweak, string alphabet = "0123456789abcdefghijklmn
         public string Encrypt(string plaintext) => FromDigits(FF1Encrypt(ToDigits(plaintext), _tweak));
         public string Decrypt(string ciphertext) => FromDigits(FF1Decrypt(ToDigits(ciphertext), _tweak));
 
-        private int[] ToDigits(string s) => s.Select(c => _charMap[c]).ToArray();
+        private int[] ToDigits(string s)
+        {
+            var d = new int[s.Length];
+            for (int i = 0; i < s.Length; i++)
+            {
+                if (!_charMap.TryGetValue(s[i], out var idx))
+                    throw new ArgumentException($"invalid char '{s[i]}' at position {i}");
+                d[i] = idx;
+            }
+            return d;
+        }
         private string FromDigits(int[] d) => new string(d.Select(i => _alphabet[i]).ToArray());
 
         // NIST SP 800-38G: length >= 2 and radix^length >= 1,000,000.

src/Cyphera/FF3.cs

@@ -15,9 +15,9 @@ public class FF3
         public FF3(byte[] key, byte[] tweak, string alphabet = "0123456789abcdefghijklmnopqrstuvwxyz")
         {
             if (key.Length != 16 && key.Length != 24 && key.Length != 32)
-                throw new ArgumentException("Key must be 16, 24, or 32 bytes");
+                throw new ArgumentException($"invalid key length: {key.Length} (expected 16, 24, or 32)");
             if (tweak.Length != 8)
-                throw new ArgumentException("Tweak must be exactly 8 bytes");
+                throw new ArgumentException($"invalid tweak length: {tweak.Length} (expected 8)");
             if (alphabet.Length < 2)
                 throw new ArgumentException("Alphabet must have >= 2 chars");
 
@@ -32,7 +32,17 @@ public FF3(byte[] key, byte[] tweak, string alphabet = "0123456789abcdefghijklmn
         public string Encrypt(string plaintext) => FromDigits(FF3Encrypt(ToDigits(plaintext)));
         public string Decrypt(string ciphertext) => FromDigits(FF3Decrypt(ToDigits(ciphertext)));
 
-        private int[] ToDigits(string s) => s.Select(c => _charMap[c]).ToArray();
+        private int[] ToDigits(string s)
+        {
+            var d = new int[s.Length];
+            for (int i = 0; i < s.Length; i++)
+            {
+                if (!_charMap.TryGetValue(s[i], out var idx))
+                    throw new ArgumentException($"invalid char '{s[i]}' at position {i}");
+                d[i] = idx;
+            }
+            return d;
+        }
         private string FromDigits(int[] d) => new string(d.Select(i => _alphabet[i]).ToArray());
 
         // NIST SP 800-38G: length >= 2, radix^length >= 1,000,000, and
@@ -175,7 +185,7 @@ public class FF31
         public FF31(byte[] key, byte[] tweak, string alphabet = "0123456789abcdefghijklmnopqrstuvwxyz")
         {
             if (tweak.Length != 7)
-                throw new ArgumentException("FF3-1 tweak must be exactly 7 bytes (56 bits)");
+                throw new ArgumentException($"invalid tweak length: {tweak.Length} (expected 7)");
             _inner = new FF3(key, ExpandTweak(tweak), alphabet);
         }
 

tests/Cyphera.Tests/CypheraClientTests.cs

@@ -91,7 +91,7 @@ public void AccessNonreversibleRaises()
             // ssn_mask has header_enabled=false, so Access() can't find a header
             // and reports the no-matching-header error.
             var ex = Assert.Throws<ArgumentException>(() => c.Access(masked));
-            Assert.Contains("No matching header", ex.Message);
+            Assert.Equal("no matching header found", ex.Message);
         }
 
         [Fact]
@@ -106,7 +106,7 @@ public void HeaderCollisionRaises()
             }";
             var doc = JsonDocument.Parse(json);
             var ex = Assert.Throws<ArgumentException>(() => Cyphera.FromConfig(doc.RootElement));
-            Assert.Contains("Header collision", ex.Message);
+            Assert.Equal("configuration error: header collision", ex.Message);
         }
 
         [Fact]
@@ -118,7 +118,7 @@ public void HeaderRequiredRaises()
             }";
             var doc = JsonDocument.Parse(json);
             var ex = Assert.Throws<ArgumentException>(() => Cyphera.FromConfig(doc.RootElement));
-            Assert.Contains("no header specified", ex.Message);
+            Assert.Equal("configuration error: header must be specified", ex.Message);
         }
 
         [Fact]
@@ -148,7 +148,8 @@ public void TwoArgAccessOnIrreversibleConfigRaises()
             // The 2-arg escape hatch is permissive about header_enabled but
             // still must refuse mask/hash configurations — those are one-way.
             var masked = c.Protect("123-45-6789", "ssn_mask");
-            Assert.Throws<ArgumentException>(() => c.Access(masked, "ssn_mask"));
+            var ex = Assert.Throws<ArgumentException>(() => c.Access(masked, "ssn_mask"));
+            Assert.Equal("cannot reverse 'ssn_mask' — mask is irreversible", ex.Message);
         }
     }
 }