Merge pull request #108 from alex/triple-des

[WIP] Add TripleDES

5 files changed, 154 insertions, 2 deletions

diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py
index 7d189d62..3d92c144 100644
--- a/cryptography/bindings/openssl/api.py
+++ b/cryptography/bindings/openssl/api.py
@@ -19,7 +19,7 @@ import sys
 import cffi
 
 from cryptography.primitives import interfaces
-from cryptography.primitives.block.ciphers import AES, Camellia
+from cryptography.primitives.block.ciphers import AES, Camellia, TripleDES
 from cryptography.primitives.block.modes import CBC, CTR, ECB, OFB, CFB
 
 
@@ -135,6 +135,12 @@ class API(object):
                 mode_cls,
                 GetCipherByName("{cipher.name}-{cipher.key_size}-{mode.name}")
             )
+        for mode_cls in [CBC, CFB, OFB]:
+            self.register_cipher_adapter(
+                TripleDES,
+                mode_cls,
+                GetCipherByName("des-ede3-{mode.name}")
+            )
 
     def create_block_cipher_context(self, cipher, mode):
         ctx = self.lib.EVP_CIPHER_CTX_new()
diff --git a/cryptography/primitives/block/ciphers.py b/cryptography/primitives/block/ciphers.py
index 4ac150a4..4143b89d 100644
--- a/cryptography/primitives/block/ciphers.py
+++ b/cryptography/primitives/block/ciphers.py
@@ -52,3 +52,27 @@ class Camellia(object):
     @property
     def key_size(self):
         return len(self.key) * 8
+
+
+class TripleDES(object):
+    name = "3DES"
+    block_size = 64
+    key_sizes = frozenset([64, 128, 192])
+
+    def __init__(self, key):
+        super(TripleDES, self).__init__()
+        if len(key) == 8:
+            key += key + key
+        elif len(key) == 16:
+            key += key[:8]
+        self.key = key
+
+        # Verify that the key size matches the expected key size
+        if self.key_size not in self.key_sizes:
+            raise ValueError("Invalid key size ({0}) for {1}".format(
+                self.key_size, self.name
+            ))
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst
index 7899e67d..96bd68f0 100644
--- a/docs/primitives/symmetric-encryption.rst
+++ b/docs/primitives/symmetric-encryption.rst
@@ -61,6 +61,23 @@ Ciphers
                       This must be kept secret.
 
 
+.. class:: cryptography.primitives.block.ciphers.TripleDES(key)
+
+    Triple DES (Data Encryption Standard), sometimes refered to as 3DES, is a
+    block cipher standardized by NIST. Triple DES has known cryptoanalytic
+    flaws, however none of them currently enable a practical attack.
+    Nonetheless, Triples DES is not reccomended for new applications because it
+    is incredibly slow; old applications should consider moving away from it.
+
+    :param bytes key: The secret key, either ``64``, ``128``, or ``192`` bits
+                      (note that DES functionally uses ``56``, ``112``, or
+                      ``168`` bits of the key, there is a parity byte in each
+                      component of the key), in some materials these are
+                      referred to as being up to three separate keys (each
+                      ``56`` bits long), they can simply be concatenated to
+                      produce the full key. This must be kept secret.
+
+
 Modes
 ~~~~~
 
diff --git a/tests/primitives/test_ciphers.py b/tests/primitives/test_ciphers.py
index 27d35850..17fcdbaf 100644
--- a/tests/primitives/test_ciphers.py
+++ b/tests/primitives/test_ciphers.py
@@ -17,7 +17,7 @@ import binascii
 
 import pytest
 
-from cryptography.primitives.block.ciphers import AES, Camellia
+from cryptography.primitives.block.ciphers import AES, Camellia, TripleDES
 
 
 class TestAES(object):
@@ -48,3 +48,18 @@ class TestCamellia(object):
     def test_invalid_key_size(self):
         with pytest.raises(ValueError):
             Camellia(binascii.unhexlify(b"0" * 12))
+
+
+class TestTripleDES(object):
+    @pytest.mark.parametrize("key", [
+        b"0" * 16,
+        b"0" * 32,
+        b"0" * 48,
+    ])
+    def test_key_size(self, key):
+        cipher = TripleDES(binascii.unhexlify(key))
+        assert cipher.key_size == 192
+
+    def test_invalid_key_size(self):
+        with pytest.raises(ValueError):
+            TripleDES(binascii.unhexlify(b"0" * 12))
diff --git a/tests/primitives/test_nist.py b/tests/primitives/test_nist.py
index d97b207b..2a32d1bc 100644
--- a/tests/primitives/test_nist.py
+++ b/tests/primitives/test_nist.py
@@ -164,3 +164,93 @@ class TestAES_CFB(object):
         lambda key, iv: ciphers.AES(binascii.unhexlify(key)),
         lambda key, iv: modes.CFB(binascii.unhexlify(iv)),
     )
+
+
+class TestTripleDES_CBC(object):
+    test_KAT = generate_encrypt_test(
+        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        os.path.join("3DES", "KAT"),
+        [
+            "TCBCinvperm.rsp",
+            "TCBCpermop.rsp",
+            "TCBCsubtab.rsp",
+            "TCBCvarkey.rsp",
+            "TCBCvartext.rsp",
+        ],
+        lambda keys, iv: ciphers.TripleDES(binascii.unhexlify(keys)),
+        lambda keys, iv: modes.CBC(binascii.unhexlify(iv)),
+    )
+
+    test_MMT = generate_encrypt_test(
+        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        os.path.join("3DES", "MMT"),
+        [
+            "TCBCMMT1.rsp",
+            "TCBCMMT2.rsp",
+            "TCBCMMT3.rsp",
+        ],
+        lambda key1, key2, key3, iv: (
+            ciphers.TripleDES(binascii.unhexlify(key1 + key2 + key3))
+        ),
+        lambda key1, key2, key3, iv: modes.CBC(binascii.unhexlify(iv)),
+    )
+
+
+class TestTripleDES_OFB(object):
+    test_KAT = generate_encrypt_test(
+        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        os.path.join("3DES", "KAT"),
+        [
+            "TOFBpermop.rsp",
+            "TOFBsubtab.rsp",
+            "TOFBvarkey.rsp",
+            "TOFBvartext.rsp",
+            "TOFBinvperm.rsp",
+        ],
+        lambda keys, iv: ciphers.TripleDES(binascii.unhexlify(keys)),
+        lambda keys, iv: modes.OFB(binascii.unhexlify(iv)),
+    )
+
+    test_MMT = generate_encrypt_test(
+        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        os.path.join("3DES", "MMT"),
+        [
+            "TOFBMMT1.rsp",
+            "TOFBMMT2.rsp",
+            "TOFBMMT3.rsp",
+        ],
+        lambda key1, key2, key3, iv: (
+            ciphers.TripleDES(binascii.unhexlify(key1 + key2 + key3))
+        ),
+        lambda key1, key2, key3, iv: modes.OFB(binascii.unhexlify(iv)),
+    )
+
+
+class TestTripleDES_CFB(object):
+    test_KAT = generate_encrypt_test(
+        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        os.path.join("3DES", "KAT"),
+        [
+            "TCFB64invperm.rsp",
+            "TCFB64permop.rsp",
+            "TCFB64subtab.rsp",
+            "TCFB64varkey.rsp",
+            "TCFB64vartext.rsp",
+        ],
+        lambda keys, iv: ciphers.TripleDES(binascii.unhexlify(keys)),
+        lambda keys, iv: modes.CFB(binascii.unhexlify(iv)),
+    )
+
+    test_MMT = generate_encrypt_test(
+        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        os.path.join("3DES", "MMT"),
+        [
+            "TCFB64MMT1.rsp",
+            "TCFB64MMT2.rsp",
+            "TCFB64MMT3.rsp",
+        ],
+        lambda key1, key2, key3, iv: (
+            ciphers.TripleDES(binascii.unhexlify(key1 + key2 + key3))
+        ),
+        lambda key1, key2, key3, iv: modes.CFB(binascii.unhexlify(iv)),
+    )