Merge pull request #782 from reaperhulk/enable-idea-cipher

Enable IDEA cipher

5 files changed, 126 insertions, 4 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 1fa9ab3a..391427d7 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,7 @@ Changelog
 
 * Added :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP`.
 * Added :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP`.
+* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA` support.
 
 0.2.2 - 2014-03-03
 ~~~~~~~~~~~~~~~~~~
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index b4625aae..bdbbffd6 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -28,7 +28,7 @@ from cryptography.hazmat.bindings.openssl.binding import Binding
 from cryptography.hazmat.primitives import interfaces, hashes
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives.ciphers.algorithms import (
-    AES, Blowfish, Camellia, TripleDES, ARC4, CAST5
+    AES, Blowfish, Camellia, CAST5, TripleDES, ARC4, IDEA
 )
 from cryptography.hazmat.primitives.ciphers.modes import (
     CBC, CTR, ECB, OFB, CFB, GCM,
@@ -159,11 +159,14 @@ class Backend(object):
                 mode_cls,
                 GetCipherByName("bf-{mode.name}")
             )
-        for mode_cls in [CBC, CFB, OFB, ECB]:
+        for cipher_cls, mode_cls in itertools.product(
+            [CAST5, IDEA],
+            [CBC, OFB, CFB, ECB],
+        ):
             self.register_cipher_adapter(
-                CAST5,
+                cipher_cls,
                 mode_cls,
-                GetCipherByName("cast5-{mode.name}")
+                GetCipherByName("{cipher.name}-{mode.name}")
             )
         self.register_cipher_adapter(
             ARC4,
diff --git a/cryptography/hazmat/primitives/ciphers/algorithms.py b/cryptography/hazmat/primitives/ciphers/algorithms.py
index a5cfce92..2d37e0cf 100644
--- a/cryptography/hazmat/primitives/ciphers/algorithms.py
+++ b/cryptography/hazmat/primitives/ciphers/algorithms.py
@@ -116,3 +116,17 @@ class ARC4(object):
     @property
     def key_size(self):
         return len(self.key) * 8
+
+
+@utils.register_interface(interfaces.CipherAlgorithm)
+class IDEA(object):
+    name = "IDEA"
+    block_size = 64
+    key_sizes = frozenset([128])
+
+    def __init__(self, key):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 2ee5085b..741091b2 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -165,6 +165,16 @@ Weak Ciphers
         >>> decryptor.update(ct)
         'a secret message'
 
+.. class:: IDEA(key)
+
+    IDEA (`International Data Encryption Algorithm`_) is a block cipher created
+    in 1991. It is an optional component of the `OpenPGP`_ standard. This cipher
+    is susceptible to attacks when using weak keys. It is recommended that you
+    do not use this cipher for new applications.
+
+    :param bytes key: The secret key This must be kept secret. ``128`` bits in
+        length.
+
 
 .. _symmetric-encryption-modes:
 
@@ -468,3 +478,5 @@ Interfaces
 .. _`encrypt`: https://ssd.eff.org/tech/encryption
 .. _`CRYPTREC`: http://www.cryptrec.go.jp/english/
 .. _`significant patterns in the output`: http://en.wikipedia.org/wiki/Cipher_block_chaining#Electronic_codebook_.28ECB.29
+.. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+.. _`OpenPGP`: http://www.openpgp.org
diff --git a/tests/hazmat/primitives/test_idea.py b/tests/hazmat/primitives/test_idea.py
new file mode 100644
index 00000000..de439259
--- /dev/null
+++ b/tests/hazmat/primitives/test_idea.py
@@ -0,0 +1,92 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+import os
+
+import pytest
+
+from cryptography.hazmat.primitives.ciphers import algorithms, modes
+
+from .utils import generate_encrypt_test
+from ...utils import load_nist_vectors
+
+
+@pytest.mark.supported(
+    only_if=lambda backend: backend.cipher_supported(
+        algorithms.IDEA("\x00" * 16), modes.ECB()
+    ),
+    skip_message="Does not support IDEA ECB",
+)
+@pytest.mark.cipher
+class TestIDEAModeECB(object):
+    test_ECB = generate_encrypt_test(
+        load_nist_vectors,
+        os.path.join("ciphers", "IDEA"),
+        ["idea-ecb.txt"],
+        lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))),
+        lambda **kwargs: modes.ECB(),
+    )
+
+
+@pytest.mark.supported(
+    only_if=lambda backend: backend.cipher_supported(
+        algorithms.IDEA("\x00" * 16), modes.CBC("\x00" * 8)
+    ),
+    skip_message="Does not support IDEA CBC",
+)
+@pytest.mark.cipher
+class TestIDEAModeCBC(object):
+    test_CBC = generate_encrypt_test(
+        load_nist_vectors,
+        os.path.join("ciphers", "IDEA"),
+        ["idea-cbc.txt"],
+        lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))),
+        lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv))
+    )
+
+
+@pytest.mark.supported(
+    only_if=lambda backend: backend.cipher_supported(
+        algorithms.IDEA("\x00" * 16), modes.OFB("\x00" * 8)
+    ),
+    skip_message="Does not support IDEA OFB",
+)
+@pytest.mark.cipher
+class TestIDEAModeOFB(object):
+    test_OFB = generate_encrypt_test(
+        load_nist_vectors,
+        os.path.join("ciphers", "IDEA"),
+        ["idea-ofb.txt"],
+        lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))),
+        lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv))
+    )
+
+
+@pytest.mark.supported(
+    only_if=lambda backend: backend.cipher_supported(
+        algorithms.IDEA("\x00" * 16), modes.CFB("\x00" * 8)
+    ),
+    skip_message="Does not support IDEA CFB",
+)
+@pytest.mark.cipher
+class TestIDEAModeCFB(object):
+    test_CFB = generate_encrypt_test(
+        load_nist_vectors,
+        os.path.join("ciphers", "IDEA"),
+        ["idea-cfb.txt"],
+        lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))),
+        lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv))
+    )