Encrypt in ucryptolib, decrypt in NodeJS

[brutusmcforce]

Hi guys, I'm having some problems getting a NodeJS server to decrypt things i've encrypted with aes on MicroPython. I've implemented my own pkcs7 padding and when i check the data before encrypting everything seems correct, seeing as PKCS7 is fairly straightforward.

However, when I try to decrypt the buffer on the NodeJS end i get "CryptoStream transform error (encoding=buffer, err.code=ERR_OSSL_EVP_BAD_DECRYPT) Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt"

If I set autopadding to true on the NodeJS end, it decrypts correctly. However, this is not an option because that would affect thousands of devices that are already connected to the server. I've read that this is because Python uses zero byte padding by default, but that shouldn't be a problem since I've implemented PKCS7 padding myself.

I realise this is a mixed MicroPython / NodeJS question, but maybe someone has had this problem and knows how to deal with it. I am truly at a loss.

Python code: https://paste.rs/BFC.py
JS code: https://paste.rs/iQ2.js

I'd be grateful for any help!

[Iyassou]

I'm not familiar with NodeJS, so I've been messing around with AES-256 in CBC mode with the crypto library in an online editor since I read that crypto2 is a wrapper around crypto and I'm assuming from your code that you're using crypto2. I'm using a 128-bit IV, and tried encrypting/decrypting a 32-byte long message.

The one curious thing I noticed was the size of the resulting encrypted message changed depending on what encoding you chose when calling Cipher.update and Cipher.final.

Code: Select all

const crypto = require('crypto');

var enc = 'hex';
const mess = "0123456789abcdef0123456789abcdef";

const key = Buffer.from([229, 130, 231, 193, 207, 80, 57, 171, 158, 52, 45, 40, 92, 125, 171, 170, 243, 226, 83, 5, 52, 100, 223, 34, 130, 208, 216, 39, 158, 101, 198, 27]);
const iv = Buffer.from([254, 89, 68, 145, 242, 205, 241, 198, 201, 208, 156, 35, 241, 173, 39, 154]);

let cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
let encrypted = cipher.update(mess, enc, enc) + cipher.final(enc);

console.log(encrypted.length);

let decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
var decrypted = decipher.update(encrypted, enc, enc) + decipher.final(enc);

console.log('message decrypted successfully?', mess === decrypted);

When enc was set to "utf8" the encrypted message was 47-bytes long and I got the following error:


Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
at Decipheriv.final (internal/crypto/cipher.js:172:29)
at /home/runner/ttte50225th/index.js:16:65
at Script.runInContext (vm.js:130:18)
at Object.<anonymous> (/run_dir/interp.js:209:20)
at Module._compile (internal/modules/cjs/loader.js:999:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
at Module.load (internal/modules/cjs/loader.js:863:32)
at Function.Module._load (internal/modules/cjs/loader.js:708:14)
at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)
at internal/main/run_main_module.js:17:47


This behaviour was identical to when enc was left unspecified.

Setting enc to "binary" and "hex" resulted in a 48-byte long and a 64-byte long encrypted message respectively, both of which were successfully decoded so long as the encoding used was kept the same. I imagine you'd want to use "hex", as 64 bytes is the length I'd expect for the PKCS7-padded version of my 32-byte long plaintext.

Have you tried messing about with the encoding used by the Cipher objects? Do you have the option to do so serverside?