Camellia block cipher support
* Tests for CBC, OFB, CFB, and ECB
* Tests will be automatically skipped if camellia support is not present
in your OpenSSL library (e.g. OS X 10.8 with default OpenSSL)
* Test for unsupported cipher in create_block_cipher_context
* Docs for the cipher
diff --git a/cryptography/primitives/block/ciphers.py b/cryptography/primitives/block/ciphers.py
index 01dbd02..1257fc3 100644
--- a/cryptography/primitives/block/ciphers.py
+++ b/cryptography/primitives/block/ciphers.py
@@ -32,3 +32,23 @@
@property
def key_size(self):
return len(self.key) * 8
+
+
+class Camellia(object):
+ name = "camellia"
+ block_size = 128
+ key_sizes = set([128, 192, 256])
+
+ def __init__(self, key):
+ super(Camellia, self).__init__()
+ self.key = key
+
+ # Verify that the key size matches the expected key size
+ if self.key_size not in self.key_sizes:
+ raise ValueError("Invalid key size ({0}) for {1}".format(
+ self.key_size, self.name
+ ))
+
+ @property
+ def key_size(self):
+ return len(self.key) * 8
diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst
index 46d7c07..c4bbf0a 100644
--- a/docs/primitives/symmetric-encryption.rst
+++ b/docs/primitives/symmetric-encryption.rst
@@ -51,6 +51,15 @@
:param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.
This must be kept secret.
+.. class:: cryptography.primitives.block.ciphers.Camellia(key)
+
+ Camellia is a block cipher approved for use by CRYPTREC and ISO/IEC.
+ It is considered to have comparable security and performance to AES, but
+ is not as widely studied or deployed.
+
+ :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.
+ This must be kept secret.
+
Modes
~~~~~
diff --git a/tests/bindings/test_openssl.py b/tests/bindings/test_openssl.py
index b23c4cc..85ecc49 100644
--- a/tests/bindings/test_openssl.py
+++ b/tests/bindings/test_openssl.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+import pytest
+
from cryptography.bindings.openssl.api import api
@@ -28,3 +30,19 @@
for every OpenSSL.
"""
assert api.openssl_version_text().startswith("OpenSSL")
+
+ def test_supports(self):
+ assert api.supports("not-a-real-cipher") is False
+
+ def test_create_block_cipher_context_with_unsupported_cipher(self):
+ class FakeCipher(object):
+ name = "FakeCipher"
+ key_size = 24
+
+ class FakeMode(object):
+ name = "CCC"
+
+ with pytest.raises(AssertionError):
+ cipher = FakeCipher()
+ mode = FakeMode()
+ api.create_block_cipher_context(cipher, mode)
diff --git a/tests/primitives/test_ciphers.py b/tests/primitives/test_ciphers.py
index 5ee9f22..27d3585 100644
--- a/tests/primitives/test_ciphers.py
+++ b/tests/primitives/test_ciphers.py
@@ -17,7 +17,7 @@
import pytest
-from cryptography.primitives.block.ciphers import AES
+from cryptography.primitives.block.ciphers import AES, Camellia
class TestAES(object):
@@ -33,3 +33,18 @@
def test_invalid_key_size(self):
with pytest.raises(ValueError):
AES(binascii.unhexlify(b"0" * 12))
+
+
+class TestCamellia(object):
+ @pytest.mark.parametrize(("key", "keysize"), [
+ (b"0" * 32, 128),
+ (b"0" * 48, 192),
+ (b"0" * 64, 256),
+ ])
+ def test_key_size(self, key, keysize):
+ cipher = Camellia(binascii.unhexlify(key))
+ assert cipher.key_size == keysize
+
+ def test_invalid_key_size(self):
+ with pytest.raises(ValueError):
+ Camellia(binascii.unhexlify(b"0" * 12))
diff --git a/tests/primitives/test_cryptrec.py b/tests/primitives/test_cryptrec.py
new file mode 100644
index 0000000..54ae4d0
--- /dev/null
+++ b/tests/primitives/test_cryptrec.py
@@ -0,0 +1,64 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Test using the CRYPTREC (Camellia) Test Vectors
+"""
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+import itertools
+import os
+
+import pytest
+
+from cryptography.bindings.openssl.api import api
+from cryptography.primitives.block import BlockCipher, ciphers, modes
+
+from ..utils import load_cryptrec_vectors_from_file
+
+CAMELLIA_ECB_SUPPORTED = api.supports('camellia-128-ecb')
+
+
+def parameterize_encrypt_test(cipher, vector_type, params, fnames):
+ return pytest.mark.parametrize(params,
+ list(itertools.chain.from_iterable(
+ load_cryptrec_vectors_from_file(
+ os.path.join(cipher, vector_type, fname),
+ )
+ for fname in fnames
+ ))
+ )
+
+
+@pytest.mark.skipif("not CAMELLIA_ECB_SUPPORTED")
+class TestCamelliaECB(object):
+
+ @parameterize_encrypt_test(
+ "Camellia", "NTT",
+ ("key", "plaintext", "ciphertext"),
+ [
+ "camellia-128-ecb.txt",
+ "camellia-192-ecb.txt",
+ "camellia-256-ecb.txt",
+ ]
+ )
+ def test_NTT(self, key, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.Camellia(binascii.unhexlify(key)),
+ modes.ECB(),
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext).upper() == ciphertext
diff --git a/tests/primitives/test_openssl_vectors.py b/tests/primitives/test_openssl_vectors.py
new file mode 100644
index 0000000..0ecbcd9
--- /dev/null
+++ b/tests/primitives/test_openssl_vectors.py
@@ -0,0 +1,102 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Test using the OpenSSL Test Vectors
+"""
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+import itertools
+import os
+
+import pytest
+
+from cryptography.bindings.openssl.api import api
+from cryptography.primitives.block import BlockCipher, ciphers, modes
+
+from ..utils import load_openssl_vectors_from_file
+
+CAMELLIA_CBC_SUPPORTED = api.supports('camellia-128-cbc')
+CAMELLIA_OFB_SUPPORTED = api.supports('camellia-128-ofb')
+CAMELLIA_CFB_SUPPORTED = api.supports('camellia-128-cfb')
+
+
+def parameterize_encrypt_test(cipher, params, fnames):
+ return pytest.mark.parametrize(params,
+ list(itertools.chain.from_iterable(
+ load_openssl_vectors_from_file(os.path.join(cipher, fname))
+ for fname in fnames
+ ))
+ )
+
+
+@pytest.mark.skipif("not CAMELLIA_CBC_SUPPORTED")
+class TestCamelliaCBC(object):
+
+ @parameterize_encrypt_test(
+ "Camellia",
+ ("key", "iv", "plaintext", "ciphertext"),
+ [
+ "camellia-cbc.txt",
+ ]
+ )
+ def test_OpenSSL(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.Camellia(binascii.unhexlify(key)),
+ modes.CBC(binascii.unhexlify(iv)),
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext).upper() == ciphertext
+
+
+@pytest.mark.skipif("not CAMELLIA_OFB_SUPPORTED")
+class TestCamelliaOFB(object):
+
+ @parameterize_encrypt_test(
+ "Camellia",
+ ("key", "iv", "plaintext", "ciphertext"),
+ [
+ "camellia-ofb.txt",
+ ]
+ )
+ def test_OpenSSL(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.Camellia(binascii.unhexlify(key)),
+ modes.OFB(binascii.unhexlify(iv)),
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext).upper() == ciphertext
+
+
+@pytest.mark.skipif("not CAMELLIA_CFB_SUPPORTED")
+class TestCamelliaCFB(object):
+
+ @parameterize_encrypt_test(
+ "Camellia",
+ ("key", "iv", "plaintext", "ciphertext"),
+ [
+ "camellia-cfb.txt",
+ ]
+ )
+ def test_OpenSSL(self, key, iv, plaintext, ciphertext):
+ cipher = BlockCipher(
+ ciphers.Camellia(binascii.unhexlify(key)),
+ modes.CFB(binascii.unhexlify(iv)),
+ )
+ actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+ actual_ciphertext += cipher.finalize()
+ assert binascii.hexlify(actual_ciphertext).upper() == ciphertext