Mcrypt RIJNDAEL_128 algorithm in NodeJS creating different results than Java & PHP

Question

Context, We are rewriting our server code base in NodeJS.

We have a code in PHP that worked to creating auth-strings, that i can't replicate in NodeJS.

PHP Code

<?php

namespace App\Medi;

class MCrypt {

    private $iv = '0000000000000000'; #Same as in JAVA
    private $key = 'oshi12wq!@WQ'; #Same as in JAVA

    function __construct() {
        $this->key = hash('sha256', $this->key, true);
    }

    function encrypt($str) {
        $iv = $this->iv;
        $td = @mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');

        @mcrypt_generic_init($td, substr($this->key, 0, 32), $iv);
        $block = @mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
        $pad = $block - (strlen($str) % $block);
        $str .= str_repeat(chr($pad), $pad);
        $encrypted = @mcrypt_generic($td, $str);
        @mcrypt_generic_deinit($td);
        @mcrypt_module_close($td);
        return base64_encode($encrypted);
    }
}

and finally what I am doing in NodeJS

const shajs = require('sha.js');
const mcrypt = require('mcrypt');

class MCrypt {

    static get key() {
        //noinspection JSUnresolvedFunction
        return shajs('sha256')
            .update('oshi12wq!@WQ')
            .digest('base64')
            .substr(0, 32);
    }

    static encrypt(text) {
        var key = Buffer.from(MCrypt.key, 'base64');
        console.log("key: ", MCrypt.key);
        var iv = String.fromCharCode(48).repeat(16);

        var blockSize = 16;
        var pad = blockSize - (text.length % blockSize);
        text = text + String.fromCharCode(pad).repeat(pad);
        let bfEcb = new mcrypt.MCrypt('rijndael-128', 'cbc');
        bfEcb.open(key, iv);
        return bfEcb.encrypt(text).toString('base64');
    }
}

module.exports = MCrypt;

Your padding calculation is incorrect, see the [answer of Maarten](https://stackoverflow.com/a/27590539/1820553) — kelalaka, Feb 29 '20 at 15:00
(text.length % blockSize) and text.length means the same thing, this doesn't soves it — Praveen Kumar, Feb 29 '20 at 15:32
No, they are not. I've edited your question. Also, your keys might not be the same. — kelalaka, Feb 29 '20 at 15:42
maybe there is some mis-understanding between us, i tried with the ```(text.length % blockSize)``` didn't worked out for me. i checked keys are the same. and PHP is working correctly, NodeJS isn't — Praveen Kumar, Feb 29 '20 at 15:44
I'm really wondering if `fromCharCode` is equivalent to the padding method in PHP. Furthermore, the key is cut to 32 bytes after base 64 **en**-coding. That certainly isn't right as the key size now becomes 24 bytes instead. So the key may look the same, but it will be too short for AES-256: `substr(0, 32)` has to go. — Maarten Bodewes, Feb 29 '20 at 15:46
@MaartenBodewes i checked your theory, found out that when i am ```var key = Buffer.from(MCrypt.key, 'base64');``` i am making it back to 32 bytes. also when mcrypt lib loads the key, it its <>32 bytes, it throws error like ```TypeError: Invalid key size. Available key size are [16, 24, 32] at Function.encrypt``` — Praveen Kumar, Feb 29 '20 at 16:10
Listen, I hope you agree that in the JS function `key()` that you cut down the base 64 key to 32 character, and those represent 24 bytes. If you don't use that function at all then remove it. — Maarten Bodewes, Feb 29 '20 at 17:56
@MaartenBodewes i did tried removing it, didn't worked out. Any other thing i might be missing. This is completely new field to me, so i am trying everything. — Praveen Kumar, Mar 01 '20 at 05:03
@PraveenKumar That's both good and bad, as cryptography can be tricky to get correct that way. In the end you may want to print out the hex encoding of the input data that are send into the cryptographic functions. If everything is exactly the same, the output should be correct as well. — Maarten Bodewes, Mar 01 '20 at 12:12
@MaartenBodewes, i tried what you said, and matched the hex strings in process, and found my mistake, thankyou man, i appreciate you taking the time off . — Praveen Kumar, Mar 07 '20 at 16:31
You are welcome. If you want to provide back then you can try and self-answer your question - in case you think it is useful to anybody else (and not an off-by-one or similar coding mistake). — Maarten Bodewes, Mar 07 '20 at 16:39

Mcrypt RIJNDAEL_128 algorithm in NodeJS creating different results than Java & PHP

0 Answers0