add IDEA support for CBC, CFB, OFB + tests for all IDEA
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 1fa9ab3..391427d 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,7 @@
* Added :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP`.
* Added :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP`.
+* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA` support.
0.2.2 - 2014-03-03
~~~~~~~~~~~~~~~~~~
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 5d73913..bdbbffd 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -159,11 +159,14 @@
mode_cls,
GetCipherByName("bf-{mode.name}")
)
- for mode_cls in [CBC, CFB, OFB, ECB]:
+ for cipher_cls, mode_cls in itertools.product(
+ [CAST5, IDEA],
+ [CBC, OFB, CFB, ECB],
+ ):
self.register_cipher_adapter(
- CAST5,
+ cipher_cls,
mode_cls,
- GetCipherByName("cast5-{mode.name}")
+ GetCipherByName("{cipher.name}-{mode.name}")
)
self.register_cipher_adapter(
ARC4,
@@ -175,12 +178,6 @@
GCM,
GetCipherByName("{cipher.name}-{cipher.key_size}-{mode.name}")
)
- for mode_cls in [ECB]:
- self.register_cipher_adapter(
- IDEA,
- mode_cls,
- GetCipherByName("idea-{mode.name}")
- )
def create_symmetric_encryption_ctx(self, cipher, mode):
return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT)
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index daa4b36..741091b 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -172,8 +172,8 @@
is susceptible to attacks when using weak keys. It is recommended that you
do not use this cipher for new applications.
- :param bytes key: The secret key, 128 bits in length. This must be kept
- secret.
+ :param bytes key: The secret key This must be kept secret. ``128`` bits in
+ length.
.. _symmetric-encryption-modes:
diff --git a/tests/hazmat/primitives/test_idea.py b/tests/hazmat/primitives/test_idea.py
new file mode 100644
index 0000000..de43925
--- /dev/null
+++ b/tests/hazmat/primitives/test_idea.py
@@ -0,0 +1,92 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+import os
+
+import pytest
+
+from cryptography.hazmat.primitives.ciphers import algorithms, modes
+
+from .utils import generate_encrypt_test
+from ...utils import load_nist_vectors
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.IDEA("\x00" * 16), modes.ECB()
+ ),
+ skip_message="Does not support IDEA ECB",
+)
+@pytest.mark.cipher
+class TestIDEAModeECB(object):
+ test_ECB = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "IDEA"),
+ ["idea-ecb.txt"],
+ lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))),
+ lambda **kwargs: modes.ECB(),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.IDEA("\x00" * 16), modes.CBC("\x00" * 8)
+ ),
+ skip_message="Does not support IDEA CBC",
+)
+@pytest.mark.cipher
+class TestIDEAModeCBC(object):
+ test_CBC = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "IDEA"),
+ ["idea-cbc.txt"],
+ lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv))
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.IDEA("\x00" * 16), modes.OFB("\x00" * 8)
+ ),
+ skip_message="Does not support IDEA OFB",
+)
+@pytest.mark.cipher
+class TestIDEAModeOFB(object):
+ test_OFB = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "IDEA"),
+ ["idea-ofb.txt"],
+ lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv))
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.IDEA("\x00" * 16), modes.CFB("\x00" * 8)
+ ),
+ skip_message="Does not support IDEA CFB",
+)
+@pytest.mark.cipher
+class TestIDEAModeCFB(object):
+ test_CFB = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "IDEA"),
+ ["idea-cfb.txt"],
+ lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv))
+ )