diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-09-09 21:41:03 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2013-09-10 19:47:50 -0500 |
| commit | 13f108f926a84eec9c0598164f25cedaece567e3 (patch) | |
| tree | c4a715ef2166bb590c94dba251b4be7fd250d43f | |
| parent | 180606f3e7fd9083567e9754fca39e44b5b06b15 (diff) | |
| download | cryptography-13f108f926a84eec9c0598164f25cedaece567e3.tar.gz cryptography-13f108f926a84eec9c0598164f25cedaece567e3.tar.bz2 cryptography-13f108f926a84eec9c0598164f25cedaece567e3.zip | |
Add ECB class + docs + tests
* Slightly refactors test_nist to allow fetching of data that has no IV
* Does not modify create_block_cipher_context (next commit)
| -rw-r--r-- | cryptography/primitives/block/modes.py | 7 | ||||
| -rw-r--r-- | docs/primitives/symmetric-encryption.rst | 12 | ||||
| -rw-r--r-- | tests/primitives/test_nist.py | 47 |
3 files changed, 66 insertions, 0 deletions
diff --git a/cryptography/primitives/block/modes.py b/cryptography/primitives/block/modes.py index de31f086..0bf8010b 100644 --- a/cryptography/primitives/block/modes.py +++ b/cryptography/primitives/block/modes.py @@ -20,3 +20,10 @@ class CBC(object): def __init__(self, initialization_vector): super(CBC, self).__init__() self.initialization_vector = initialization_vector + + +class ECB(object): + name = "ECB" + + def __init__(self): + super(ECB, self).__init__() diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst index 1b8d1d73..8a9bbbdf 100644 --- a/docs/primitives/symmetric-encryption.rst +++ b/docs/primitives/symmetric-encryption.rst @@ -67,3 +67,15 @@ Modes ``block_size`` of the cipher. Do not reuse an ``initialization_vector`` with a given ``key``. + + +Insecure Modes +-------------- + +.. class:: cryptography.primitives.block.modes.ECB() + + ECB (Electronic Code Book) is the simplest mode of operation for block + ciphers. The data is separated into blocks and each block is encrypted + separately. This means identical plaintext blocks will always result in + identical encrypted blocks. Due to this property it is not recommended + for use. Really, don't use it. Just. Don't. diff --git a/tests/primitives/test_nist.py b/tests/primitives/test_nist.py index 8bef118e..3dc8277a 100644 --- a/tests/primitives/test_nist.py +++ b/tests/primitives/test_nist.py @@ -86,3 +86,50 @@ class TestAES_CBC(object): actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext)) actual_ciphertext += cipher.finalize() assert binascii.hexlify(actual_ciphertext) == ciphertext + + +class TestAES_ECB(object): + @parameterize_encrypt_test( + "AES", "KAT", + ("key", "plaintext", "ciphertext"), + [ + "ECBGFSbox128.rsp", + "ECBGFSbox192.rsp", + "ECBGFSbox256.rsp", + "ECBKeySbox128.rsp", + "ECBKeySbox192.rsp", + "ECBKeySbox256.rsp", + "ECBVarKey128.rsp", + "ECBVarKey192.rsp", + "ECBVarKey256.rsp", + "ECBVarTxt128.rsp", + "ECBVarTxt192.rsp", + "ECBVarTxt256.rsp", + ] + ) + def test_KAT(self, key, plaintext, ciphertext): + cipher = BlockCipher( + ciphers.AES(binascii.unhexlify(key)), + modes.ECB() + ) + actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext)) + actual_ciphertext += cipher.finalize() + assert binascii.hexlify(actual_ciphertext) == ciphertext + + @parameterize_encrypt_test( + "AES", "MMT", + ("key", "plaintext", "ciphertext"), + [ + "ECBMMT128.rsp", + "ECBMMT192.rsp", + "ECBMMT256.rsp", + ] + ) + def test_MMT(self, key, plaintext, ciphertext): + cipher = BlockCipher( + ciphers.AES(binascii.unhexlify(key)), + modes.ECB() + ) + actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext)) + actual_ciphertext += cipher.finalize() + assert binascii.hexlify(actual_ciphertext) == ciphertext |