3des decryption

pyca · Jan 22, 2025 · daeef67 · daeef67
1 parent c0091ec
commit daeef67
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/src/rust/cryptography-key-parsing/src/pkcs8.rs b/src/rust/cryptography-key-parsing/src/pkcs8.rs
@@ -156,8 +156,15 @@ pub fn parse_encrypted_private_key(
         }
         AlgorithmParameters::Pbes2(params) => {
             let (cipher, iv) = match params.encryption_scheme.params {
-                AlgorithmParameters::Aes128Cbc(iv) => (openssl::symm::Cipher::aes_128_cbc(), iv),
-                AlgorithmParameters::Aes256Cbc(iv) => (openssl::symm::Cipher::aes_256_cbc(), iv),
+                AlgorithmParameters::DesEde3Cbc(ref iv) => {
+                    (openssl::symm::Cipher::des_ede3_cbc(), &iv[..])
+                }
+                AlgorithmParameters::Aes128Cbc(ref iv) => {
+                    (openssl::symm::Cipher::aes_128_cbc(), &iv[..])
+                }
+                AlgorithmParameters::Aes256Cbc(ref iv) => {
+                    (openssl::symm::Cipher::aes_256_cbc(), &iv[..])
+                }
                 _ => todo!(),
             };
 
@@ -187,7 +194,7 @@ pub fn parse_encrypted_private_key(
                 _ => todo!(),
             };
 
-            openssl::symm::decrypt(cipher, &key, Some(&iv), epki.encrypted_data)
+            openssl::symm::decrypt(cipher, &key, Some(iv), epki.encrypted_data)
                 .map_err(|_| KeyParsingError::IncorrectPassword)?
         }
         _ => {

diff --git a/src/rust/cryptography-x509/src/common.rs b/src/rust/cryptography-x509/src/common.rs
@@ -149,6 +149,9 @@ pub enum AlgorithmParameters<'a> {
     #[defined_by(oid::AES_256_CBC_OID)]
     Aes256Cbc([u8; 16]),
 
+    #[defined_by(oid::DES_EDE3_CBC_OID)]
+    DesEde3Cbc([u8; 8]),
+
     #[defined_by(oid::PBES1_WITH_SHA_AND_3KEY_TRIPLEDES_CBC)]
     Pbes1WithShaAnd3KeyTripleDesCbc(PBES1Params),
 

diff --git a/src/rust/cryptography-x509/src/oid.rs b/src/rust/cryptography-x509/src/oid.rs
@@ -159,5 +159,7 @@ pub const AES_256_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 10
 pub const AES_192_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 1, 22);
 pub const AES_128_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 1, 2);
 
+pub const DES_EDE3_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 3, 7);
+
 pub const HMAC_WITH_SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 2, 7);
 pub const HMAC_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 2, 9);