diff --git a/testsuite/Makefile.am b/testsuite/Makefile.am
index afee947e35f94b742f131dbe3ad9b26fd2442fff..c3e89900f1828244b194a48ed7a63d9b09418c8a 100644
--- a/testsuite/Makefile.am
+++ b/testsuite/Makefile.am
@@ -1,7 +1,8 @@
CFLAGS = -I$(top_srcdir) @CFLAGS@ -O0
CPPFLAGS = @CPPFLAGS@
-TS_PROGS = aes-test arcfour-test blowfish-test des-test md5-test sha1-test \
+TS_PROGS = aes-test arcfour-test blowfish-test cast128-test des-test \
+ md5-test sha1-test \
serpent-test twofish-test
noinst_PROGRAMS = $(TS_PROGS)
diff --git a/testsuite/cast128-test.m4 b/testsuite/cast128-test.m4
new file mode 100644
index 0000000000000000000000000000000000000000..e640cdd6ee249f32e77ca4b81f1a6977c49e9a86
--- /dev/null
+++ b/testsuite/cast128-test.m4
@@ -0,0 +1,50 @@
+#include "cast128.h"
+
+BEGIN_TEST
+
+struct cast128_ctx ctx;
+
+uint8_t msg[CAST128_BLOCK_SIZE];
+uint8_t cipher[CAST128_BLOCK_SIZE];
+uint8_t clear[CAST128_BLOCK_SIZE];
+
+/* Test vectors from B.1. Single Plaintext-Key-Ciphertext Sets, RFC
+ * 2144 */
+
+/* 128 bit key */
+H(msg, "01 23 45 67 89 AB CD EF");
+
+cast128_set_key(&ctx, 16, H("01 23 45 67 12 34 56 78"
+ "23 45 67 89 34 56 78 9A"));
+cast128_encrypt(&ctx, CAST128_BLOCK_SIZE, cipher, msg);
+if (!MEMEQ(CAST128_BLOCK_SIZE, cipher, H("23 8B 4F E5 84 7E 44 B2")))
+ FAIL;
+
+cast128_decrypt(&ctx, CAST128_BLOCK_SIZE, clear, cipher);
+if (!MEMEQ(CAST128_BLOCK_SIZE, msg, clear))
+ FAIL;
+
+/* 80 bit key */
+H(msg, "01 23 45 67 89 AB CD EF");
+
+cast128_set_key(&ctx, 10, H("01 23 45 67 12 34 56 78 23 45"));
+cast128_encrypt(&ctx, CAST128_BLOCK_SIZE, cipher, msg);
+if (!MEMEQ(CAST128_BLOCK_SIZE, cipher, H("EB 6A 71 1A 2C 02 27 1B")))
+ FAIL;
+
+cast128_decrypt(&ctx, CAST128_BLOCK_SIZE, clear, cipher);
+if (!MEMEQ(CAST128_BLOCK_SIZE, msg, clear))
+ FAIL;
+
+/* 40 bit key */
+H(msg, "01 23 45 67 89 AB CD EF");
+
+cast128_set_key(&ctx, 5, H("01 23 45 67 12"));
+cast128_encrypt(&ctx, CAST128_BLOCK_SIZE, cipher, msg);
+if (!MEMEQ(CAST128_BLOCK_SIZE, cipher, H("7A C8 16 D1 6E 9B 30 2E")))
+ FAIL;
+
+cast128_decrypt(&ctx, CAST128_BLOCK_SIZE, clear, cipher);
+if (!MEMEQ(CAST128_BLOCK_SIZE, msg, clear))
+ FAIL;
+