Whats wrong with this simple NodeJS crypto function?

Question

I'm trying to perform AES CBC encryption with zero padding of a url query string. I'm using NodeJS's core crypto module. It's for use with http://www.blackoutrugby.com/game/help.documentation.php#category=35

I have a key and IV. When testing the following function I'm not getting the string returned in full. I believe this has to do with padding but am unsure how to apply it correct.

If it is the padding, can anyone show me how I should apply it? If not where am I going wrong? Also is cipher.final() of significance in this usercase?

Update: I've now included cipher.final() and things work fine with binary format but base64 gives me the truncated result. https://github.com/denishoctor/BlackoutRugbyNode/blob/master/crypto2.js is my full example code. Below is the crypto function:

function cryptoTest(data, key, iv, format) {
   var cipher = crypto.createCipheriv('aes-128-cbc', key, iv);
   var cipherChunks = [];
   cipherChunks.push(cipher.update(data, 'utf8', format));
   cipherChunks.push(cipher.final());

   var decipher = crypto.createDecipheriv('aes-128-cbc', key, iv);
   var plainChunks = [];
   for (var i = 0;i < cipherChunks.length;i++) {
        plainChunks.push(decipher.update(cipherChunks[i], format, 'utf8'));
   }
   plainChunks.push(decipher.final());

   return {
       "encrypted": cipherChunks.join(''),
       "decrypted": plainChunks.join('')
   };
}

Thanks,
Denis

Answer 1

You are not putting the ciphertext returned by cipher.final into the decipher. Here's a simplified example. You need to collect the return values from every call to cipher.update as well as cipher.final and make sure each of those objects gets put into decipher.update.

UPDATE: here's a version that works fine with binary or hex as the encoding for the cipher text, but fails with base64. I have no idea why this is, but if you are OK with hex that should work fine.

UPDATE 2: Looks like base64 is a bug in node itself. See this answer to a similar question.

    var crypto = require('crypto');

    var data = "I am the clear text data";
    console.log('Original cleartext: ' + data);
    var algorithm = 'aes-128-cbc';
    var key = 'mysecretkey';
    var clearEncoding = 'utf8';
    var cipherEncoding = 'hex';
    //If the next line is uncommented, the final cleartext is wrong.
    //cipherEncoding = 'base64';
    var cipher = crypto.createCipher(algorithm, key);
    var cipherChunks = [];
    cipherChunks.push(cipher.update(data, clearEncoding, cipherEncoding));
    cipherChunks.push(cipher.final(cipherEncoding));
    console.log(cipherEncoding + ' ciphertext: ' + cipherChunks.join(''));
    var decipher = crypto.createDecipher(algorithm, key);
    var plainChunks = [];
    for (var i = 0;i < cipherChunks.length;i++) {
      plainChunks.push(decipher.update(cipherChunks[i], cipherEncoding, clearEncoding));

    }
    plainChunks.push(decipher.final(clearEncoding));
    console.log("UTF8 plaintext deciphered: " + plainChunks.join(''));

Answer 2

Standard crypto package only supports PKCS#7 padding. You have to disable automatic padding of standard crypto package of Node.js then you can write code to pad.

You can use padding algorithm from following package

https://github.com/tugrul/cryptian