Recreating nodejs aes-256-cbc cipher

[milomg]

Thanks for the awesome library!

I'm currently working on replicating the following code

import crypto from 'crypto'

const cipher = crypto.createCipheriv('aes-256-cbc', derivedKey, derivedIv)
const encrypted = Buffer.concat([cipher.update(text), cipher.final()])
return encrypted.toString('base64')

I've converted it into the following, but when I attempt to decode this, I get ERR_OSSL_EVP_WRONG_FINAL_BLOCK_LENGTH. I believe this is because I haven't implemented PKCS7 correctly.

import { cbc } from '@noble/ciphers/aes'
import { encode as tob64 } from 'uint8-to-base64'

const cipher = cbc(derivedKey, derivedIv, { disablePadding: true })

const str = new TextEncoder().encode(text)
const padding = 16 - (str.length % 16)
const paddedArray = new Uint8Array(str.length + padding)
paddedArray.set(str)
paddedArray.fill(padding, str.length)

return tob64(cipher.encrypt(paddedArray))

Looking at the source code, this seems pretty similar to the PKCS5, so I also tried the following, but that didn't work either.

import { cbc } from '@noble/ciphers/aes'
import { encode as tob64 } from 'uint8-to-base64'

const cipher = cbc(derivedKey, derivedIv, { disablePadding: false })

const str = new TextEncoder().encode(text)

return tob64(cipher.encrypt(str))

Do you have any advice?

[milomg]

Turns out the issue was with tob64, I should've written a custom function

function uint8ArrayToBase64(arr, options) {
  const lookup =
    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
  let result = ''

  let i = 0
  for (; i + 2 < arr.length; i += 3) {
    const triplet = (arr[i] << 16) + (arr[i + 1] << 8) + arr[i + 2]
    result +=
      lookup[(triplet >> 18) & 63] +
      lookup[(triplet >> 12) & 63] +
      lookup[(triplet >> 6) & 63] +
      lookup[triplet & 63]
  }
  if (i + 2 === arr.length) {
    const triplet = (arr[i] << 16) + (arr[i + 1] << 8)
    result +=
      lookup[(triplet >> 18) & 63] +
      lookup[(triplet >> 12) & 63] +
      lookup[(triplet >> 6) & 63] +
      '='
  } else if (i + 1 === arr.length) {
    const triplet = arr[i] << 16
    result += lookup[(triplet >> 18) & 63] + lookup[(triplet >> 12) & 63] + '=='
  }
  return result
}

[mahnunchik]

For all those who are looking for a replacement for the following code:

import AES from 'crypto-js/aes.js';
import Utf8 from 'crypto-js/enc-utf8.js';

function encrypt(data, key) {
  return AES.encrypt(data, key).toString();
}

function decrypt(data, key) {
  return AES.decrypt(data, key).toString(Utf8);
}

const data = 'This is a secret message';
const password = '12345';

data === decrypt(encrypt(data, password), password);

Below is an implementation using modern libraries:

import { md5 } from '@noble/hashes/legacy.js';
import { cbc } from '@noble/ciphers/aes.js';
import { base64 } from '@scure/base'
import {
  abytes,
  bytesToUtf8,
  concatBytes,
  randomBytes,
  utf8ToBytes,
} from '@noble/hashes/utils.js';

export function evpBytesToKey(password, salt = new Uint8Array(0), keyLen = 32, ivLen = 16, count = 1) {
  abytes(password);
  abytes(salt, 0, 8);
  let derived = new Uint8Array(0);
  let block = new Uint8Array(0);

  while (derived.length < (keyLen + ivLen)) {
    block = md5(concatBytes(block, password, salt));
    for (let i = 1; i < count; i++) {
      block = md5(block);
    }
    derived = concatBytes(derived, block);
  }

  return {
    key: derived.slice(0, keyLen),
    iv: derived.slice(keyLen, keyLen + ivLen)
  };
}

export function encrypt(data, password) {
  const salt = randomBytes(8);
  const { key, iv } = evpBytesToKey(utf8ToBytes(password), salt, 32, 16);
  const encrypted = concatBytes(
    utf8ToBytes('Salted__'),
    salt,
    cbc(key, iv).encrypt(utf8ToBytes(data))
  );
  return base64.encode(encrypted);
}

export function decrypt(data, password) {
  const encrypted = base64.decode(data);
  const salt = encrypted.slice(8, 16);
  const { key, iv } = evpBytesToKey(utf8ToBytes(password), salt, 32, 16);
  return bytesToUtf8(cbc(key, iv).decrypt(encrypted.slice(16)));
}