diff options
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/backend.py | 7 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/block/ciphers.py | 20 | ||||
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 10 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_cast5.py | 38 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ciphers.py | 15 | ||||
| -rw-r--r-- | tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ecb.txt | 19 |
6 files changed, 106 insertions, 3 deletions
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index f9bef1a5..fc73dd39 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -20,7 +20,7 @@ import cffi from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.block.ciphers import ( - AES, Blowfish, Camellia, TripleDES, + AES, Blowfish, Camellia, CAST5, TripleDES, ) from cryptography.hazmat.primitives.block.modes import CBC, CTR, ECB, OFB, CFB @@ -227,6 +227,11 @@ class Ciphers(object): mode_cls, GetCipherByName("bf-{mode.name}") ) + self.register_cipher_adapter( + CAST5, + ECB, + GetCipherByName("cast5-ecb") + ) def create_encrypt_ctx(self, cipher, mode): return _CipherContext(self._backend, cipher, mode, diff --git a/cryptography/hazmat/primitives/block/ciphers.py b/cryptography/hazmat/primitives/block/ciphers.py index 1ab81a63..8046bd26 100644 --- a/cryptography/hazmat/primitives/block/ciphers.py +++ b/cryptography/hazmat/primitives/block/ciphers.py @@ -96,3 +96,23 @@ class Blowfish(object): @property def key_size(self): return len(self.key) * 8 + + +class CAST5(object): + name = "CAST5" + block_size = 64 + key_sizes = frozenset([40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128]) + + def __init__(self, key): + super(CAST5, self).__init__() + self.key = key + + # Verify that the key size matches the expected key size + if self.key_size not in self.key_sizes: + raise ValueError("Invalid key size ({0}) for {1}".format( + self.key_size, self.name + )) + + @property + def key_size(self): + return len(self.key) * 8 diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 31ceea8a..5852dc21 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -107,6 +107,15 @@ Ciphers ``56`` bits long), they can simply be concatenated to produce the full key. This must be kept secret. +.. class:: CAST5(key) + + CAST5 (also known as CAST-128) is a block cipher approved for use in the + Canadian government by their Communications Security Establishment. It is a + variable key length cipher and supports keys from 40-128 bits in length. + + :param bytes key: The secret key, 40-128 bits in length (in increments of + 8). This must be kept secret. + Weak Ciphers ------------ @@ -126,7 +135,6 @@ Weak Ciphers :param bytes key: The secret key, 32-448 bits in length (in increments of 8). This must be kept secret. - Modes ~~~~~ diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py new file mode 100644 index 00000000..bd861150 --- /dev/null +++ b/tests/hazmat/primitives/test_cast5.py @@ -0,0 +1,38 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import binascii +import os + +from cryptography.hazmat.primitives.block import ciphers, modes + +from .utils import generate_encrypt_test +from ...utils import load_nist_vectors_from_file + + +class TestCAST5(object): + test_ECB = generate_encrypt_test( + lambda path: load_nist_vectors_from_file(path, "ENCRYPT"), + os.path.join("ciphers", "CAST5"), + [ + "cast5-ecb.txt", + ], + lambda key: ciphers.CAST5(binascii.unhexlify((key))), + lambda key: modes.ECB(), + only_if=lambda backend: backend.ciphers.supported( + ciphers.CAST5("\x00" * 16), modes.ECB() + ), + skip_message="Does not support CAST5 ECB", + ) diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py index 2a20eb7a..d3870a0b 100644 --- a/tests/hazmat/primitives/test_ciphers.py +++ b/tests/hazmat/primitives/test_ciphers.py @@ -18,7 +18,7 @@ import binascii import pytest from cryptography.hazmat.primitives.block.ciphers import ( - AES, Camellia, TripleDES, Blowfish + AES, Camellia, TripleDES, Blowfish, CAST5 ) @@ -78,3 +78,16 @@ class TestBlowfish(object): def test_invalid_key_size(self): with pytest.raises(ValueError): Blowfish(binascii.unhexlify(b"0" * 6)) + + +class TestCAST5(object): + @pytest.mark.parametrize(("key", "keysize"), [ + (b"0" * (keysize // 4), keysize) for keysize in range(40, 129, 8) + ]) + def test_key_size(self, key, keysize): + cipher = CAST5(binascii.unhexlify(key)) + assert cipher.key_size == keysize + + def test_invalid_key_size(self): + with pytest.raises(ValueError): + CAST5(binascii.unhexlify(b"0" * 34)) diff --git a/tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ecb.txt b/tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ecb.txt new file mode 100644 index 00000000..04c78615 --- /dev/null +++ b/tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ecb.txt @@ -0,0 +1,19 @@ +# CAST5 (CAST128) ECB vectors from RFC 2144 +[ENCRYPT] +# 128-bit key +COUNT = 0 +key = 0123456712345678234567893456789A +plaintext = 0123456789ABCDEF +ciphertext = 238B4FE5847E44B2 + +# 80-bit key +COUNT = 1 +key = 01234567123456782345 +plaintext = 0123456789ABCDEF +ciphertext = EB6A711A2C02271B + +# 40-bit key +COUNT = 2 +key = 0123456712 +plaintext = 0123456789ABCDEF +ciphertext = 7AC816D16E9B302E |