9 files changed, 176 insertions, 1 deletions
diff --git a/docs/development/custom-vectors/idea.rst b/docs/development/custom-vectors/idea.rst
new file mode 100644
index 00000000..68c00b85
--- /dev/null
+++ b/docs/development/custom-vectors/idea.rst
@@ -0,0 +1,30 @@
+IDEA Vector Creation
+=====================
+
+This page documents the code that was used to generate the IDEA CBC, CFB, and
+OFB test vectors as well as the code used to verify them against another
+implementation. For IDEA the vectors were generated using OpenSSL and verified
+with Go.
+
+Creation
+--------
+
+``cryptography`` was modified to support IDEA in CBC, CFB, and OFB modes. Then
+the following python script was run to generate the vector files.
+
+.. literalinclude:: /development/custom-vectors/idea/generate_idea.py
+
+Download link: :download:`generate_idea.py </development/custom-vectors/idea/generate_idea.py>`
+
+
+Verification
+------------
+
+The following python code was used to verify the vectors using the `Botan`_
+project's Python bindings.
+
+.. literalinclude:: /development/custom-vectors/idea/verify_idea.py
+
+Download link: :download:`verify_idea.py </development/custom-vectors/idea/verify_idea.py>`
+
+.. _`Botan`: http://botan.randombit.net
diff --git a/docs/development/custom-vectors/idea/generate_idea.py b/docs/development/custom-vectors/idea/generate_idea.py
new file mode 100644
index 00000000..70b9f87f
--- /dev/null
+++ b/docs/development/custom-vectors/idea/generate_idea.py
@@ -0,0 +1,60 @@
+import binascii
+
+from cryptography.hazmat.backends.openssl.backend import backend
+from cryptography.hazmat.primitives.ciphers import base, algorithms, modes
+
+
+def encrypt(mode, key, iv, plaintext):
+    cipher = base.Cipher(
+        algorithms.IDEA(binascii.unhexlify(key)),
+        mode(binascii.unhexlify(iv)),
+        backend
+    )
+    encryptor = cipher.encryptor()
+    ct = encryptor.update(binascii.unhexlify(plaintext))
+    ct += encryptor.finalize()
+    return binascii.hexlify(ct)
+
+
+def build_vectors(mode, filename):
+    with open(filename, "r") as f:
+        vector_file = f.read().splitlines()
+
+    count = 0
+    output = []
+    key = None
+    iv = None
+    plaintext = None
+    for line in vector_file:
+        line = line.strip()
+        if line.startswith("KEY"):
+            if count != 0:
+                output.append("CIPHERTEXT = {0}".format(
+                    encrypt(mode, key, iv, plaintext))
+                )
+            output.append("\nCOUNT = {0}".format(count))
+            count += 1
+            name, key = line.split(" = ")
+            output.append("KEY = {0}".format(key))
+        elif line.startswith("IV"):
+            name, iv = line.split(" = ")
+            iv = iv[0:16]
+            output.append("IV = {0}".format(iv))
+        elif line.startswith("PLAINTEXT"):
+            name, plaintext = line.split(" = ")
+            output.append("PLAINTEXT = {0}".format(plaintext))
+
+    output.append("CIPHERTEXT = {0}".format(encrypt(mode, key, iv, plaintext)))
+    return "\n".join(output)
+
+
+def write_file(data, filename):
+    with open(filename, "w") as f:
+        f.write(data)
+
+CBC_PATH = "tests/hazmat/primitives/vectors/ciphers/AES/CBC/CBCMMT128.rsp"
+write_file(build_vectors(modes.CBC, CBC_PATH), "idea-cbc.txt")
+OFB_PATH = "tests/hazmat/primitives/vectors/ciphers/AES/OFB/OFBMMT128.rsp"
+write_file(build_vectors(modes.OFB, OFB_PATH), "idea-ofb.txt")
+CFB_PATH = "tests/hazmat/primitives/vectors/ciphers/AES/CFB/CFB128MMT128.rsp"
+write_file(build_vectors(modes.CFB, CFB_PATH), "idea-cfb.txt")
diff --git a/docs/development/custom-vectors/idea/verify_idea.py b/docs/development/custom-vectors/idea/verify_idea.py
new file mode 100644
index 00000000..89713c80
--- /dev/null
+++ b/docs/development/custom-vectors/idea/verify_idea.py
@@ -0,0 +1,39 @@
+import binascii
+
+import botan
+
+from tests.utils import load_nist_vectors
+
+BLOCK_SIZE = 64
+
+
+def encrypt(mode, key, iv, plaintext):
+    encryptor = botan.Cipher("IDEA/{0}/NoPadding".format(mode), "encrypt",
+                             binascii.unhexlify(key))
+
+    cipher_text = encryptor.cipher(binascii.unhexlify(plaintext),
+                                   binascii.unhexlify(iv))
+    return binascii.hexlify(cipher_text)
+
+
+def verify_vectors(mode, filename):
+    with open(filename, "r") as f:
+        vector_file = f.read().splitlines()
+
+    vectors = load_nist_vectors(vector_file)
+    for vector in vectors:
+        ct = encrypt(
+            mode,
+            vector["key"],
+            vector["iv"],
+            vector["plaintext"]
+        )
+        assert ct == vector["ciphertext"]
+
+
+cbc_path = "tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cbc.txt"
+verify_vectors("CBC", cbc_path)
+ofb_path = "tests/hazmat/primitives/vectors/ciphers/IDEA/idea-ofb.txt"
+verify_vectors("OFB", ofb_path)
+cfb_path = "tests/hazmat/primitives/vectors/ciphers/IDEA/idea-cfb.txt"
+verify_vectors("CFB", cfb_path)
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index a70b82d3..1d768179 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -69,6 +69,8 @@ Symmetric Ciphers
 * CAST5 (CBC, CFB, OFB) generated by this project.
   See: :doc:`/development/custom-vectors/cast5`
 * IDEA (ECB) from the `NESSIE IDEA vectors`_ created by `NESSIE`_.
+* IDEA (CBC, CFB, OFB) generated by this project.
+  See: :doc:`/development/custom-vectors/idea`
 
 Two Factor Authentication
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -77,7 +79,6 @@ Two Factor Authentication
 * TOTP from :rfc:`6238` (Note that an `errata`_ for the test vectors in RFC
   6238 exists)
 
-
 Creating Test Vectors
 ---------------------
 
@@ -88,6 +89,7 @@ its own using existing vectors as source material. Current custom vectors:
     :maxdepth: 1
 
     custom-vectors/cast5
+    custom-vectors/idea
 
 If official test vectors appear in the future the custom generated vectors
 should be discarded.
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index 48c4bca8..e5010ebe 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -56,3 +56,9 @@ Exceptions
     This is raised when the verify method of a one time password function's
     computed token does not match the expected token.
 
+.. class:: UnsupportedInterface
+
+    .. versionadded:: 0.3
+
+    This is raised when the provided backend does not support the required
+    interface.
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
index 851dbb0b..174b68d2 100644
--- a/docs/hazmat/primitives/key-derivation-functions.rst
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -84,6 +84,10 @@ Different KDFs are suitable for different tasks such as:
         :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
         provider.
 
+    :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+        provided ``backend`` does not implement
+        :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
+
     .. method:: derive(key_material)
 
         :param bytes key_material: The input key material. For PBKDF2 this
@@ -183,6 +187,10 @@ Different KDFs are suitable for different tasks such as:
         :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
         provider.
 
+    :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+        provided ``backend`` does not implement
+        :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
+
     .. method:: derive(key_material)
 
         :param bytes key_material: The input key material.
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 2ee5085b..741091b2 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -165,6 +165,16 @@ Weak Ciphers
         >>> decryptor.update(ct)
         'a secret message'
 
+.. class:: IDEA(key)
+
+    IDEA (`International Data Encryption Algorithm`_) is a block cipher created
+    in 1991. It is an optional component of the `OpenPGP`_ standard. This cipher
+    is susceptible to attacks when using weak keys. It is recommended that you
+    do not use this cipher for new applications.
+
+    :param bytes key: The secret key This must be kept secret. ``128`` bits in
+        length.
+
 
 .. _symmetric-encryption-modes:
 
@@ -468,3 +478,5 @@ Interfaces
 .. _`encrypt`: https://ssd.eff.org/tech/encryption
 .. _`CRYPTREC`: http://www.cryptrec.go.jp/english/
 .. _`significant patterns in the output`: http://en.wikipedia.org/wiki/Cipher_block_chaining#Electronic_codebook_.28ECB.29
+.. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+.. _`OpenPGP`: http://www.openpgp.org
diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst
index 3912d483..124d0ef5 100644
--- a/docs/hazmat/primitives/twofactor.rst
+++ b/docs/hazmat/primitives/twofactor.rst
@@ -52,6 +52,9 @@ codes (HMAC).
         :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or
         :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the
         ``length`` parameter is not an integer.
+    :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+        provided ``backend`` does not implement
+        :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
 
     .. method:: generate(counter)
 
@@ -148,6 +151,9 @@ similar to the following code.
         :class:`~cryptography.hazmat.primitives.hashes.SHA256()` or
         :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the
         ``length`` parameter is not an integer.
+    :raises cryptography.exceptions.UnsupportedInterface: This is raised if the
+        provided ``backend`` does not implement
+        :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
 
     .. method:: generate(time)
 
diff --git a/docs/installation.rst b/docs/installation.rst
index 63555abc..c6a2a5c0 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -7,6 +7,18 @@ You can install ``cryptography`` with ``pip``:
 
     $ pip install cryptography
 
+Supported platforms
+-------------------
+
+Currently we test ``cryptography`` on Python 2.6, 2.7, 3.2, 3.3 and PyPy on
+these operating systems.
+
+* x86-64 CentOS 6.4 and CentOS 5
+* x86-64 FreeBSD 9.2 and FreeBSD 10
+* OS X 10.9 and OS X 10.8
+* x86-64 Ubuntu 12.04 LTS
+* 32-bit Python on 64-bit Windows Server 2008
+
 On Windows
 ----------