#58 des-ede3-cbc encrypted keys broken

Reviewed by: Cody Peter Mello <[email protected]>

Author: Alex Wilson

lib/utils.js

@@ -87,7 +87,7 @@ function assertCompatible(obj, klass, needVer, name) {
 }
 
 var CIPHER_LEN = {
-	'des-ede3-cbc': { key: 7, iv: 8 },
+	'des-ede3-cbc': { key: 24, iv: 8 },
 	'aes-128-cbc': { key: 16, iv: 16 },
 	'aes-256-cbc': { key: 32, iv: 16 }
 };

package.json

@@ -1,6 +1,6 @@
 {
   "name": "sshpk",
-  "version": "1.15.1",
+  "version": "1.15.2",
   "description": "A library for finding and using SSH public keys",
   "main": "lib/index.js",
   "scripts": {

test/assets/3des.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,91DE47E39A642704
+
+T5h5N8sO/mT8zRfqVDc2Kmgy5Az9w63T91Gvl57XhAxd7jD2vZhbAdD3qdnYc9Ue
+h4uve27OcJXQXHTUaAZY2ZR/9e9NFIkSnbEQHVzMa0W5I7v7JvN9Ms8z9WJuxd9k
+9M8t6rYiLQXbdKG3RhEyS+m5O/tU1dxWakwIxlE9fpLcHWgEO2YEPwKjiM/WY0Uj
++eH02oaPIVIC6Eyni7CTCjkhgTn8xI+yHfIow94IUYg4OJNes27dhruH/nybPYPt
+gW6eQfENrXZNTCzp3E71/WB/27JVI8eNkTtluoFTn8KAeiDNIB0b/KFpJoIFTgWX
+ysYqiv6a5q7Q+mxEet+krZ40LBsh2cNLqJGCRh/nGU3Zs8hozyUfkhBMzjvLc36E
+F2cqtjBGeds1kHvBAdbBBNLel11icRkTzIw0cMa1YulYdJARf+cgWugk+NVgEOpK
+g3G6QymJiVm4DudbtTcmBqgfYju9bo8X1hkGB1w+eUZMjLDCv0ZfCZCKovpZorkD
+PJa+y12fwEQ79NZxmfUKCBLVzO4n5Bh2MzWJZQSh3oLSP90fRyWS0Rq8l6N4z90m
+RowD62laYR9zydLZX+gkjGiIEjNxwcEY/iuHi32ufONyFTTDUcidZ/RZJdd0zk5r
+1t6FbrTcM0tIukN0behKri6jbTMd91DYSpO7xB+fKugfka+grYWyLeQc0brqbqNn
+Pwt+FuM+qVoXe2FdY4cy/Jhqb/hYsvXuhPJ5IowN3QNnvsSduq0NwM2wXGNF+l8s
+z40HsTZly5lVChold8EjbNi9xZLWRQL5UtPdacgr+U2NTqiM7Eup0YfU9wn50GNg
+/pjzkTY8fpkio3mjkIRcfEfSnERYRnOP0zDMkd+bJdQcb0sjCpdxS8vXfFvLQ1Af
+zBz5DLa1vq8Cc7C0vsLjBEC2LQygv0q9nU7fvg9TMuSQNXj0TJY3I2i8ZZHvyPVL
+j4u6Pfpg0bjAYsnBoeyMzt7ii1wJk76e23SeZQxOz5+1z1L8J9NyzH4zZeTOSXqq
+MZ1eW8tQRnYSnfyQVyXRyKHvH+aPYrMo3ElLfseRDdU0sikQ/XVneMOGQCI0+pCx
+RIXpcnUgIcT2f3sCAQ+t0jmxWeirhLYpBMmAs3TLrdDyG5n/DReV6utXRSvJMC6/
+yWF5w4IGhvjkERFisugqPsMTXfW4xWHwq+MU6IU1TurRIJRZHPs3WgICPeCOJFBv
+bQHvwtHmHZJ6ijIF+SPkTV0PoHxRXv8O2QsqiFSVp03FjImrShxeU2iIz3SzB3Di
+gpaYyBhXQitMTNvtCAPPdFUHrpB5ZZ+qI3sStvMTMaSb8EpSU1H79L/7Olv6wtLx
+w3PCtCaz56P0X8cZP57MSGt+E7x3+GKYNFC5znNyVthgKz66z/z33epzD2j2Zf4b
+VvRE6W/RzHN2UOhnqdk6IX7SO7ynPO5Sx/bKL+ARVRD51NpOSzTUujBEoeB0ObFN
+B4PWao7GOeh/WUTF83AYOtEk+J/8CYMNB1IClrpZszcCyAAkx26OdoOPAGMBD1V/
+HnE2S4h22855esmjQOggwNCtf0Tg6PG7+jhb8MwerYwaiqfn2hQpAz6ZKff2Qeh5
+-----END RSA PRIVATE KEY-----

test/assets/3des.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLISAQ2h/VFo0tGe3irSmk3KU5x5IYtPke1yk8hSgd/AKbJlDuqPF3BfbEkmV/gA7EpxPhr5QkfcLCkAjWZhUJccn0Dmz6Ypd615IQrEPMS48wFl4yRSDaPyGcOi+lcgrgclcnTG9/vEqRfqw7y8aRZIq880nNoxHe/TQbeQuuGf0Zdts4t5YFbm8MkwCMSlY+DRSy462YZ4h7zBYOA6TDcSJvvHVGe937xqavMK2btj9wIij2qtCP4L23zDl2QCM+c9DxC+FvNY6fyNrePs2pbyZb2z3Bg+SR/J+hSqMUSYKLBYzQnG/c0T8xE59bk1P8jOeJGVgQGS6m9CSwVOgZ test

test/pem.js

@@ -1,6 +1,8 @@
 // Copyright 2011 Joyent, Inc.  All rights reserved.
 
 var test = require('tape').test;
+var path = require('path');
+var fs = require('fs');
 
 var sshpk = require('../lib/index');
 var Buffer = require('safer-buffer').Buffer;
@@ -177,6 +179,8 @@ var ECDSA_PEM = '-----BEGIN PUBLIC KEY-----\n' +
 var RFC_AUTO = Buffer.from('AAAAC3NzaC1lZDI1NTE5AAAAIEi0pkfPe/+kbmnTSH0mfr0J' +
     '4Fq7M7bshFAKB6uCyLDm', 'base64');
 
+var testDir = path.join(__dirname, 'assets');
+
 ///--- Tests
 
 test('1024b pem to rsa ssh key', function(t) {
@@ -341,3 +345,14 @@ test('encrypted ecdsa private key with pw', function(t) {
 	t.equal(k.type, 'ecdsa');
 	t.end();
 });
+
+test('encrypted rsa private key (3des)', function (t) {
+	var keyPem = fs.readFileSync(path.join(testDir, '3des.pem'));
+	var key = sshpk.parsePrivateKey(keyPem, 'pem',
+	    { passphrase: 'testing123' });
+	t.equal(key.type, 'rsa');
+	key.comment = 'test';
+	var keySsh = fs.readFileSync(path.join(testDir, '3des.pub'), 'ascii');
+	t.equal(key.toPublic().toString('ssh'), keySsh.trim());
+	t.end();
+});