AES256 Encryption/Decryption in both NodeJS and C#

Question

I've taken some liberties with the results of the following questions:

• AES encrypt in .NET and decrypt with Node.js crypto?
• Decrypting AES256 encrypted data in .NET from node.js - how to obtain IV and Key from passphrase
• C# version of OpenSSL EVP_BytesToKey method?

And created the following class file...

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;

namespace T1.CoreUtils.Utilities
{
  public static class CryptoUtility
  {
    public static string Encrypt(string input, string passphrase = null)
    {
      byte[] key, iv;
      DeriveKeyAndIV(Encoding.ASCII.GetBytes(passphrase), null, 1, out key, out iv);

      return Convert.ToBase64String(EncryptStringToBytes(input, key, iv));
    }

    public static string Decrypt(string inputBase64, string passphrase = null)
    {
      byte[] key, iv;
      DeriveKeyAndIV(Encoding.ASCII.GetBytes(passphrase), null, 1, out key, out iv);

      return DecryptStringFromBytes(Convert.FromBase64String(inputBase64), key, iv);
    }

    private static void DeriveKeyAndIV(byte[] data, byte[] salt, int count, out byte[] key, out byte[] iv)
    {
      List<byte> hashList = new List<byte>();
      byte[] currentHash = new byte[0];

      int preHashLength = data.Length + ((salt != null) ? salt.Length : 0);
      byte[] preHash = new byte[preHashLength];

      System.Buffer.BlockCopy(data, 0, preHash, 0, data.Length);
      if (salt != null)
        System.Buffer.BlockCopy(salt, 0, preHash, data.Length, salt.Length);

      MD5 hash = MD5.Create();
      currentHash = hash.ComputeHash(preHash);

      for (int i = 1; i < count; i++)
      {
        currentHash = hash.ComputeHash(currentHash);
      }

      hashList.AddRange(currentHash);

      while (hashList.Count < 48) // for 32-byte key and 16-byte iv
      {
        preHashLength = currentHash.Length + data.Length + ((salt != null) ? salt.Length : 0);
        preHash = new byte[preHashLength];

        System.Buffer.BlockCopy(currentHash, 0, preHash, 0, currentHash.Length);
        System.Buffer.BlockCopy(data, 0, preHash, currentHash.Length, data.Length);
        if (salt != null)
          System.Buffer.BlockCopy(salt, 0, preHash, currentHash.Length + data.Length, salt.Length);

        currentHash = hash.ComputeHash(preHash);

        for (int i = 1; i < count; i++)
        {
          currentHash = hash.ComputeHash(currentHash);
        }

        hashList.AddRange(currentHash);
      }
      hash.Clear();
      key = new byte[32];
      iv = new byte[16];
      hashList.CopyTo(0, key, 0, 32);
      hashList.CopyTo(32, iv, 0, 16);
    }

    static byte[] EncryptStringToBytes(string plainText, byte[] Key, byte[] IV)
    {
      // Check arguments. 
      if (plainText == null || plainText.Length <= 0)
        throw new ArgumentNullException("plainText");
      if (Key == null || Key.Length <= 0)
        throw new ArgumentNullException("Key");
      if (IV == null || IV.Length <= 0)
        throw new ArgumentNullException("Key");
      byte[] encrypted;
      // Create an RijndaelManaged object 
      // with the specified key and IV. 
      using (RijndaelManaged rijAlg = new RijndaelManaged())
      {
        rijAlg.Key = Key;
        rijAlg.IV = IV;

        // Create a decrytor to perform the stream transform.
        ICryptoTransform encryptor = rijAlg.CreateEncryptor(rijAlg.Key, rijAlg.IV);

        // Create the streams used for encryption. 
        using (MemoryStream msEncrypt = new MemoryStream())
        {
          using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
          {
            using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
            {

              //Write all data to the stream.
              swEncrypt.Write(plainText);
            }
            encrypted = msEncrypt.ToArray();
          }
        }
      }


      // Return the encrypted bytes from the memory stream. 
      return encrypted;

    }

    static string DecryptStringFromBytes(byte[] cipherText, byte[] Key, byte[] IV)
    {
      // Check arguments. 
      if (cipherText == null || cipherText.Length <= 0)
        throw new ArgumentNullException("cipherText");
      if (Key == null || Key.Length <= 0)
        throw new ArgumentNullException("Key");
      if (IV == null || IV.Length <= 0)
        throw new ArgumentNullException("Key");

      // Declare the string used to hold 
      // the decrypted text. 
      string plaintext = null;

      // Create an RijndaelManaged object 
      // with the specified key and IV. 
      using (RijndaelManaged rijAlg = new RijndaelManaged())
      {
        rijAlg.Key = Key;
        rijAlg.IV = IV;

        // Create a decrytor to perform the stream transform.
        ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, rijAlg.IV);

        // Create the streams used for decryption. 
        using (MemoryStream msDecrypt = new MemoryStream(cipherText))
        {
          using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
          {
            using (StreamReader srDecrypt = new StreamReader(csDecrypt))
            {

              // Read the decrypted bytes from the decrypting stream 
              // and place them in a string.
              plaintext = srDecrypt.ReadToEnd();
            }
          }
        }

      }

      return plaintext;

    }
  }
}

From here, I generated the following via node:

var crypto = require('crypto');
var input = "This is î╥≤ what it is.";
var passkey= "This is my password.";
var cipher = crypto.createCipher('aes-256-cbc', passkey);
var encrypted = cipher.update(input, 'utf8', 'base64') + cipher.final('base64');
encrypted
// '9rTbNbfJkYVE2m5d8g/8b/qAfeCU9rbk09Na/Pw0bak='

input = "I am the walrus, coo coo cachoo!";
passkey = "I am a ≥ò'ÿ boy baby!";
cipher = crypto.createCipher('aes-256-cbc', passkey);
encrypted = cipher.update(input, 'utf8', 'base64') + cipher.final('base64');
// 'j/e+f5JU5yerSvO7FBJzR1tGro0Ie3L8sWYaupRW1JJhraGqBfQ9z+h85VhSzEjD'

var decipher = crypto.createDecipher('aes-256-cbc', passkey);
var plain = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8');
plain
// 'I am the walrus, coo coo cachoo!'

From this, I create the following test case:

using System;
using Microsoft.VisualStudio.TestTools.UnitTesting;

namespace T1.CoreUtils.Test.Utilities.Tests
{
    [TestClass]
    public class UnitTest1
    {
        [TestMethod]
        public void EncryptReturnsExpectedValue1_unicode_in_plaintext()
        {
            var passkey = "This is my password.";
            var plain = "This is î╥≤ what it is.";
            var encrypted = "9rTbNbfJkYVE2m5d8g/8b/qAfeCU9rbk09Na/Pw0bak=";

            var actual = T1.CoreUtils.Utilities.CryptoUtility.Encrypt(plain, passkey);
            Assert.AreEqual(encrypted, actual);
        }

        [TestMethod]
        public void EncryptReturnsExpectedValue2_unicode_in_passkey()
        {
            var passkey = "I am a ≥ò'ÿ boy baby!";
            var plain = "I am the walrus, coo coo cachoo!";
            var encrypted = "j/e+f5JU5yerSvO7FBJzR1tGro0Ie3L8sWYaupRW1JJhraGqBfQ9z+h85VhSzEjD";

            var actual = T1.CoreUtils.Utilities.CryptoUtility.Encrypt(plain, passkey);
            Assert.AreEqual(encrypted, actual);
        }

        [TestMethod]
        public void DecryptReturnsExpectedValue1()
        {
            var passkey = "This is my password.";
            var plain = "This is î╥≤ what it is.";
            var encrypted = "9rTbNbfJkYVE2m5d8g/8b/qAfeCU9rbk09Na/Pw0bak=";

            var actual = T1.CoreUtils.Utilities.CryptoUtility.Decrypt(encrypted, passkey);
            Assert.AreEqual(plain, actual);
        }

        [TestMethod]
        public void DecryptReturnsExpectedValue2()
        {
            var passkey = "I am a ≥ò'ÿ boy baby!";
            var plain = "I am the walrus, coo coo cachoo!";
            var encrypted = "j/e+f5JU5yerSvO7FBJzR1tGro0Ie3L8sWYaupRW1JJhraGqBfQ9z+h85VhSzEjD";

            var actual = T1.CoreUtils.Utilities.CryptoUtility.Decrypt(encrypted, passkey);
            Assert.AreEqual(plain, actual);
        }
    }
}

Passes:

• EncryptReturnsExpectedValue1_unicode_in_plaintext
• DecryptReturnsExpectedValue1

Fails:

• EncryptReturnsExpectedValue2_unicode_in_passkey
• DecryptReturnsExpectedValue2

I can only guess that the issue is in the DeriveKeyAndIV method. Will try a few different approaches and answer if I find it on my own.

Answer 1

Okay, upon inspecting the node.js source for crypto, I determined, that the encoding was using a new Buffer(passkey, 'binary'), which was only using the original value xand 0xFF for the bytes used, so I created a matching method in C#... here's the method in question...

private static byte[] RawBytesFromString(string input)
{
  var ret = new List<Byte>();

  foreach (char x in input)
  {
    var c = (byte)((ulong)x & 0xFF);
    ret.Add(c);
  }

  return ret.ToArray();
}

---

And the updated/working CryptoUtil.cs

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;

namespace T1.CoreUtils.Utilities
{
  public static class CryptoUtility
  {
    /*  Wanting to stay compatible with NodeJS
     *  http://stackoverflow.com/questions/18502375/aes256-encryption-decryption-in-both-nodejs-and-c-sharp-net/
     *  http://stackoverflow.com/questions/12261540/decrypting-aes256-encrypted-data-in-net-from-node-js-how-to-obtain-iv-and-key
     *  http://stackoverflow.com/questions/8008253/c-sharp-version-of-openssl-evp-bytestokey-method
     *  
     * var cipher = crypto.createCipher('aes-256-cbc', 'passphrase');
     * var encrypted = cipher.update("test", 'utf8', 'base64') + cipher.final('base64');
     * 
     * var decipher = crypto.createDecipher('aes-256-cbc', 'passphrase');
     * var plain = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8');
     */

    public static string Encrypt(string input, string passphrase = null)
    {
      byte[] key, iv;
      DeriveKeyAndIV(RawBytesFromString(passphrase), null, 1, out key, out iv);

      return Convert.ToBase64String(EncryptStringToBytes(input, key, iv));
    }

    public static string Decrypt(string inputBase64, string passphrase = null)
    {
      byte[] key, iv;
      DeriveKeyAndIV(RawBytesFromString(passphrase), null, 1, out key, out iv);

      return DecryptStringFromBytes(Convert.FromBase64String(inputBase64), key, iv);
    }

    private static byte[] RawBytesFromString(string input)
    {
      var ret = new List<Byte>();

      foreach (char x in input)
      {
        var c = (byte)((ulong)x & 0xFF);
        ret.Add(c);
      }

      return ret.ToArray();
    }

    private static void DeriveKeyAndIV(byte[] data, byte[] salt, int count, out byte[] key, out byte[] iv)
    {
      List<byte> hashList = new List<byte>();
      byte[] currentHash = new byte[0];

      int preHashLength = data.Length + ((salt != null) ? salt.Length : 0);
      byte[] preHash = new byte[preHashLength];

      System.Buffer.BlockCopy(data, 0, preHash, 0, data.Length);
      if (salt != null)
        System.Buffer.BlockCopy(salt, 0, preHash, data.Length, salt.Length);

      MD5 hash = MD5.Create();
      currentHash = hash.ComputeHash(preHash);

      for (int i = 1; i < count; i++)
      {
        currentHash = hash.ComputeHash(currentHash);
      }

      hashList.AddRange(currentHash);

      while (hashList.Count < 48) // for 32-byte key and 16-byte iv
      {
        preHashLength = currentHash.Length + data.Length + ((salt != null) ? salt.Length : 0);
        preHash = new byte[preHashLength];

        System.Buffer.BlockCopy(currentHash, 0, preHash, 0, currentHash.Length);
        System.Buffer.BlockCopy(data, 0, preHash, currentHash.Length, data.Length);
        if (salt != null)
          System.Buffer.BlockCopy(salt, 0, preHash, currentHash.Length + data.Length, salt.Length);

        currentHash = hash.ComputeHash(preHash);

        for (int i = 1; i < count; i++)
        {
          currentHash = hash.ComputeHash(currentHash);
        }

        hashList.AddRange(currentHash);
      }
      hash.Clear();
      key = new byte[32];
      iv = new byte[16];
      hashList.CopyTo(0, key, 0, 32);
      hashList.CopyTo(32, iv, 0, 16);
    }

    static byte[] EncryptStringToBytes(string plainText, byte[] Key, byte[] IV)
    {
      // Check arguments. 
      if (plainText == null || plainText.Length <= 0)
        throw new ArgumentNullException("plainText");
      if (Key == null || Key.Length <= 0)
        throw new ArgumentNullException("Key");
      if (IV == null || IV.Length <= 0)
        throw new ArgumentNullException("Key");
      byte[] encrypted;
      // Create an RijndaelManaged object 
      // with the specified key and IV. 
      using (RijndaelManaged cipher = new RijndaelManaged())
      {
        cipher.Key = Key;
        cipher.IV = IV;
        //cipher.Mode = CipherMode.CBC;
        //cipher.Padding = PaddingMode.PKCS7;

        // Create a decrytor to perform the stream transform.
        ICryptoTransform encryptor = cipher.CreateEncryptor(cipher.Key, cipher.IV);

        // Create the streams used for encryption. 
        using (MemoryStream msEncrypt = new MemoryStream())
        {
          using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
          {
            using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
            {

              //Write all data to the stream.
              swEncrypt.Write(plainText);
            }
            encrypted = msEncrypt.ToArray();
          }
        }
      }


      // Return the encrypted bytes from the memory stream. 
      return encrypted;

    }

    static string DecryptStringFromBytes(byte[] cipherText, byte[] Key, byte[] IV)
    {
      // Check arguments. 
      if (cipherText == null || cipherText.Length <= 0)
        throw new ArgumentNullException("cipherText");
      if (Key == null || Key.Length <= 0)
        throw new ArgumentNullException("Key");
      if (IV == null || IV.Length <= 0)
        throw new ArgumentNullException("Key");

      // Declare the string used to hold 
      // the decrypted text. 
      string plaintext = null;

      // Create an RijndaelManaged object 
      // with the specified key and IV. 
      using (var cipher = new RijndaelManaged())
      {
        cipher.Key = Key;
        cipher.IV = IV;
        //cipher.Mode = CipherMode.CBC;
        //cipher.Padding = PaddingMode.PKCS7;

        // Create a decrytor to perform the stream transform.
        ICryptoTransform decryptor = cipher.CreateDecryptor(cipher.Key, cipher.IV);

        // Create the streams used for decryption. 
        using (MemoryStream msDecrypt = new MemoryStream(cipherText))
        {
          using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
          {
            using (StreamReader srDecrypt = new StreamReader(csDecrypt))
            {

              // Read the decrypted bytes from the decrypting stream 
              // and place them in a string.
              plaintext = srDecrypt.ReadToEnd();
            }
          }
        }

      }

      return plaintext;

    }
  }
}

---

NOTE: Some more code related to this...

• https://github.com/tracker1/T1.CoreUtils/blob/master/T1.CoreUtils/Utilities/CryptoUtility.cs
• https://github.com/tracker1/t1-coreutils-node/blob/master/lib/hashutils.js

These are not in nuget or npm respectively as they really don't belong there... it's mainly for ideas and reference. I do need to flush out the node side a bit better so it matches up.