From daeef670b489e2e592ab62bdd9caa383c998e3f7 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 21 Jan 2025 19:31:20 -0500
Subject: [PATCH] 3des decryption

---
 src/rust/cryptography-key-parsing/src/pkcs8.rs | 13 ++++++++++---
 src/rust/cryptography-x509/src/common.rs       |  3 +++
 src/rust/cryptography-x509/src/oid.rs          |  2 ++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/rust/cryptography-key-parsing/src/pkcs8.rs b/src/rust/cryptography-key-parsing/src/pkcs8.rs
index ea64c9cd02c69..170eb6caddca9 100644
--- a/src/rust/cryptography-key-parsing/src/pkcs8.rs
+++ b/src/rust/cryptography-key-parsing/src/pkcs8.rs
@@ -156,8 +156,15 @@ pub fn parse_encrypted_private_key(
         }
         AlgorithmParameters::Pbes2(params) => {
             let (cipher, iv) = match params.encryption_scheme.params {
-                AlgorithmParameters::Aes128Cbc(iv) => (openssl::symm::Cipher::aes_128_cbc(), iv),
-                AlgorithmParameters::Aes256Cbc(iv) => (openssl::symm::Cipher::aes_256_cbc(), iv),
+                AlgorithmParameters::DesEde3Cbc(ref iv) => {
+                    (openssl::symm::Cipher::des_ede3_cbc(), &iv[..])
+                }
+                AlgorithmParameters::Aes128Cbc(ref iv) => {
+                    (openssl::symm::Cipher::aes_128_cbc(), &iv[..])
+                }
+                AlgorithmParameters::Aes256Cbc(ref iv) => {
+                    (openssl::symm::Cipher::aes_256_cbc(), &iv[..])
+                }
                 _ => todo!(),
             };
 
@@ -187,7 +194,7 @@ pub fn parse_encrypted_private_key(
                 _ => todo!(),
             };
 
-            openssl::symm::decrypt(cipher, &key, Some(&iv), epki.encrypted_data)
+            openssl::symm::decrypt(cipher, &key, Some(iv), epki.encrypted_data)
                 .map_err(|_| KeyParsingError::IncorrectPassword)?
         }
         _ => {
diff --git a/src/rust/cryptography-x509/src/common.rs b/src/rust/cryptography-x509/src/common.rs
index 77ccd011a85ec..5e73a6bb29e05 100644
--- a/src/rust/cryptography-x509/src/common.rs
+++ b/src/rust/cryptography-x509/src/common.rs
@@ -149,6 +149,9 @@ pub enum AlgorithmParameters<'a> {
     #[defined_by(oid::AES_256_CBC_OID)]
     Aes256Cbc([u8; 16]),
 
+    #[defined_by(oid::DES_EDE3_CBC_OID)]
+    DesEde3Cbc([u8; 8]),
+
     #[defined_by(oid::PBES1_WITH_SHA_AND_3KEY_TRIPLEDES_CBC)]
     Pbes1WithShaAnd3KeyTripleDesCbc(PBES1Params),
 
diff --git a/src/rust/cryptography-x509/src/oid.rs b/src/rust/cryptography-x509/src/oid.rs
index ee148a7896eea..4cdb64ddde093 100644
--- a/src/rust/cryptography-x509/src/oid.rs
+++ b/src/rust/cryptography-x509/src/oid.rs
@@ -159,5 +159,7 @@ pub const AES_256_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 10
 pub const AES_192_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 1, 22);
 pub const AES_128_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(2, 16, 840, 1, 101, 3, 4, 1, 2);
 
+pub const DES_EDE3_CBC_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 3, 7);
+
 pub const HMAC_WITH_SHA1_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 2, 7);
 pub const HMAC_WITH_SHA256_OID: asn1::ObjectIdentifier = asn1::oid!(1, 2, 840, 113549, 2, 9);