CAST5 support + ECB vectors
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py
index f9bef1a..3702dca 100644
--- a/cryptography/hazmat/bindings/openssl/backend.py
+++ b/cryptography/hazmat/bindings/openssl/backend.py
@@ -20,7 +20,7 @@
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.block.ciphers import (
- AES, Blowfish, Camellia, TripleDES,
+ AES, Blowfish, Camellia, CAST5, TripleDES,
)
from cryptography.hazmat.primitives.block.modes import CBC, CTR, ECB, OFB, CFB
@@ -227,6 +227,12 @@
mode_cls,
GetCipherByName("bf-{mode.name}")
)
+ for mode_cls in [CBC, CFB, OFB, ECB]:
+ self.register_cipher_adapter(
+ CAST5,
+ mode_cls,
+ GetCipherByName("cast5-{mode.name}")
+ )
def create_encrypt_ctx(self, cipher, mode):
return _CipherContext(self._backend, cipher, mode,
diff --git a/cryptography/hazmat/primitives/block/ciphers.py b/cryptography/hazmat/primitives/block/ciphers.py
index 1ab81a6..8046bd2 100644
--- a/cryptography/hazmat/primitives/block/ciphers.py
+++ b/cryptography/hazmat/primitives/block/ciphers.py
@@ -96,3 +96,23 @@
@property
def key_size(self):
return len(self.key) * 8
+
+
+class CAST5(object):
+ name = "CAST5"
+ block_size = 64
+ key_sizes = frozenset([40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128])
+
+ def __init__(self, key):
+ super(CAST5, self).__init__()
+ self.key = key
+
+ # Verify that the key size matches the expected key size
+ if self.key_size not in self.key_sizes:
+ raise ValueError("Invalid key size ({0}) for {1}".format(
+ self.key_size, self.name
+ ))
+
+ @property
+ def key_size(self):
+ return len(self.key) * 8
diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py
new file mode 100644
index 0000000..bd86115
--- /dev/null
+++ b/tests/hazmat/primitives/test_cast5.py
@@ -0,0 +1,38 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+import os
+
+from cryptography.hazmat.primitives.block import ciphers, modes
+
+from .utils import generate_encrypt_test
+from ...utils import load_nist_vectors_from_file
+
+
+class TestCAST5(object):
+ test_ECB = generate_encrypt_test(
+ lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+ os.path.join("ciphers", "CAST5"),
+ [
+ "cast5-ecb.txt",
+ ],
+ lambda key: ciphers.CAST5(binascii.unhexlify((key))),
+ lambda key: modes.ECB(),
+ only_if=lambda backend: backend.ciphers.supported(
+ ciphers.CAST5("\x00" * 16), modes.ECB()
+ ),
+ skip_message="Does not support CAST5 ECB",
+ )
diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
index 2a20eb7..d3870a0 100644
--- a/tests/hazmat/primitives/test_ciphers.py
+++ b/tests/hazmat/primitives/test_ciphers.py
@@ -18,7 +18,7 @@
import pytest
from cryptography.hazmat.primitives.block.ciphers import (
- AES, Camellia, TripleDES, Blowfish
+ AES, Camellia, TripleDES, Blowfish, CAST5
)
@@ -78,3 +78,16 @@
def test_invalid_key_size(self):
with pytest.raises(ValueError):
Blowfish(binascii.unhexlify(b"0" * 6))
+
+
+class TestCAST5(object):
+ @pytest.mark.parametrize(("key", "keysize"), [
+ (b"0" * (keysize // 4), keysize) for keysize in range(40, 129, 8)
+ ])
+ def test_key_size(self, key, keysize):
+ cipher = CAST5(binascii.unhexlify(key))
+ assert cipher.key_size == keysize
+
+ def test_invalid_key_size(self):
+ with pytest.raises(ValueError):
+ CAST5(binascii.unhexlify(b"0" * 34))
diff --git a/tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ecb.txt b/tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ecb.txt
new file mode 100644
index 0000000..04c7861
--- /dev/null
+++ b/tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ecb.txt
@@ -0,0 +1,19 @@
+# CAST5 (CAST128) ECB vectors from RFC 2144
+[ENCRYPT]
+# 128-bit key
+COUNT = 0
+key = 0123456712345678234567893456789A
+plaintext = 0123456789ABCDEF
+ciphertext = 238B4FE5847E44B2
+
+# 80-bit key
+COUNT = 1
+key = 01234567123456782345
+plaintext = 0123456789ABCDEF
+ciphertext = EB6A711A2C02271B
+
+# 40-bit key
+COUNT = 2
+key = 0123456712
+plaintext = 0123456789ABCDEF
+ciphertext = 7AC816D16E9B302E