3 files changed, 66 insertions, 0 deletions

diff --git a/cryptography/primitives/block/modes.py b/cryptography/primitives/block/modes.py
index de31f086..0bf8010b 100644
--- a/cryptography/primitives/block/modes.py
+++ b/cryptography/primitives/block/modes.py
@@ -20,3 +20,10 @@ class CBC(object):
     def __init__(self, initialization_vector):
         super(CBC, self).__init__()
         self.initialization_vector = initialization_vector
+
+
+class ECB(object):
+    name = "ECB"
+
+    def __init__(self):
+        super(ECB, self).__init__()
diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst
index 1b8d1d73..8a9bbbdf 100644
--- a/docs/primitives/symmetric-encryption.rst
+++ b/docs/primitives/symmetric-encryption.rst
@@ -67,3 +67,15 @@ Modes
                                         ``block_size`` of the cipher. Do not
                                         reuse an ``initialization_vector`` with
                                         a given ``key``.
+
+
+Insecure Modes
+--------------
+
+.. class:: cryptography.primitives.block.modes.ECB()
+
+    ECB (Electronic Code Book) is the simplest mode of operation for block
+    ciphers. The data is separated into blocks and each block is encrypted
+    separately. This means identical plaintext blocks will always result in
+    identical encrypted blocks. Due to this property it is not recommended
+    for use. Really, don't use it. Just. Don't.
diff --git a/tests/primitives/test_nist.py b/tests/primitives/test_nist.py
index 8bef118e..3dc8277a 100644
--- a/tests/primitives/test_nist.py
+++ b/tests/primitives/test_nist.py
@@ -86,3 +86,50 @@ class TestAES_CBC(object):
         actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
         actual_ciphertext += cipher.finalize()
         assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+
+class TestAES_ECB(object):
+    @parameterize_encrypt_test(
+        "AES", "KAT",
+        ("key", "plaintext", "ciphertext"),
+        [
+            "ECBGFSbox128.rsp",
+            "ECBGFSbox192.rsp",
+            "ECBGFSbox256.rsp",
+            "ECBKeySbox128.rsp",
+            "ECBKeySbox192.rsp",
+            "ECBKeySbox256.rsp",
+            "ECBVarKey128.rsp",
+            "ECBVarKey192.rsp",
+            "ECBVarKey256.rsp",
+            "ECBVarTxt128.rsp",
+            "ECBVarTxt192.rsp",
+            "ECBVarTxt256.rsp",
+        ]
+    )
+    def test_KAT(self, key, plaintext, ciphertext):
+        cipher = BlockCipher(
+            ciphers.AES(binascii.unhexlify(key)),
+            modes.ECB()
+        )
+        actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+        actual_ciphertext += cipher.finalize()
+        assert binascii.hexlify(actual_ciphertext) == ciphertext
+
+    @parameterize_encrypt_test(
+        "AES", "MMT",
+        ("key", "plaintext", "ciphertext"),
+        [
+            "ECBMMT128.rsp",
+            "ECBMMT192.rsp",
+            "ECBMMT256.rsp",
+        ]
+    )
+    def test_MMT(self, key, plaintext, ciphertext):
+        cipher = BlockCipher(
+            ciphers.AES(binascii.unhexlify(key)),
+            modes.ECB()
+        )
+        actual_ciphertext = cipher.encrypt(binascii.unhexlify(plaintext))
+        actual_ciphertext += cipher.finalize()
+        assert binascii.hexlify(actual_ciphertext) == ciphertext