Marco Marco - 7 months ago 178
Javascript Question

AES-CTR Encrypt in CryptoJS and decrypt in Go lang

I have a problem decrypting text, which is encrypted in Go lang, with CryptoJS.

Here is Go code:
https://play.golang.org/p/xCbl48T_iN

package main

import (
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"fmt"
)

func main() {
key := []byte("1234567890123456")
plaintext := []byte("text can be a random lenght")

block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}

// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
// BTW (only for test purpose) I don't include it

ciphertext := make([]byte, len(plaintext))

iv := []byte{'\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f'}

stream := cipher.NewCTR(block, iv)
stream.XORKeyStream(ciphertext, plaintext)

// CTR mode is the same for both encryption and decryption, so we can
// also decrypt that ciphertext with NewCTR.
base := base64.StdEncoding.EncodeToString(ciphertext)
fmt.Printf("encodedHEX: %x\n", ciphertext)
fmt.Printf("encodedBASE: %s\n", base)

plaintext2 := make([]byte, len(plaintext))
stream = cipher.NewCTR(block, iv)
stream.XORKeyStream(plaintext2, ciphertext)

fmt.Printf("decoded: %s\n", plaintext2)
}


Here is JS code:
http://jsfiddle.net/Ltkxm64n/

var key = CryptoJS.enc.Hex.parse('31323334353637383930313233343536');
var iv = CryptoJS.enc.Hex.parse('0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f');
var encrypted = CryptoJS.AES.encrypt("text can be a random lenght", key, {
mode: CryptoJS.mode.CTR,
iv: iv
});

console.log(encrypted.ciphertext.toString());
console.log(encrypted.toString());

var decrypted = CryptoJS.AES.decrypt(encrypted, key, {
mode: CryptoJS.mode.CTR,
iv: iv
});
console.log(decrypted.toString(CryptoJS.enc.Utf8));
// text can be a random lenght


Both works well encrypting and decrypting, but when I copy the base64 ciphertext from GO to JS (or viceversa), it doesn't work.
I also noticed that first part of js output is the same of Go output, but in js output there are more bytes than in Go one.

My purpose is to encrypt some text in GO, then ship Base64 ciphertext to JS that can decrypt it.

Thank you

Answer

Ok, here is what you do to fix this:

  1. Add no-padding js to your sources list: http://crypto-js.googlecode.com/svn/tags/3.1/build/components/pad-nopadding.js

  2. When encrypting/decrypting specify parameter: padding: CryptoJS.pad.NoPadding

CTR mode doesn't require padding plain text before encrypting.
Keystream generated from multiple AES blocks is trimmed to match plain text length before XORing.
Looks like CryptoJS generates keystream to xor it with plain text but doesn't trim it, because the length of ciphertext generated by CryptoJS without padding: CryptoJS.pad.NoPadding is always multiple of 16 (exactly as AES block size).

var key = CryptoJS.enc.Hex.parse('31323334353637383930313233343536');
var iv = CryptoJS.enc.Hex.parse('0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f');
var encrypted = CryptoJS.AES.encrypt("text can be a random lenght", key, {
  mode: CryptoJS.mode.CTR,
  iv: iv,
  padding: CryptoJS.pad.NoPadding
});

document.getElementById("id").innerHTML = encrypted.ciphertext.toString();
document.getElementById("id2").innerHTML = encrypted.toString();

var decrypted = CryptoJS.AES.decrypt(encrypted, key, {
  mode: CryptoJS.mode.CTR,
  iv: iv,
  padding: CryptoJS.pad.NoPadding
});
document.getElementById("decrypt").innerHTML = decrypted.toString(CryptoJS.enc.Utf8); // text can be a random lenght
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ctr.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/components/pad-nopadding.js"></script>
<p> Ciphertext in HEX: </p>
<p id="id"> </p>
<p> Ciphertext in BASE64: </p>
<p id="id2"> </p>
<p> PlainText: </p>
<p id="decrypt"></p>

Comments