search

stackblitz / webcontainer-core

Dev environments. In your web app.
https://webcontainers.io
MIT License
3.93k stars 172 forks source link

Node.js crypto aes-256-cbc implementation is broken #1571

Open gnekich opened 3 weeks ago

gnekich commented 3 weeks ago

Describe the bug

It seems that aes-256-cbc implementation is broken.

Output (Node.js v18.20.3):

node index.mjs 12345678901234567890123456789012
--------------------------------------------------------------------------------
AES KEY : 3132333435363738393031323334353637383930313233343536373839303132
IV      : 00000000000000000000000000000000
--------------------------------------------------------------------------------
Original Text: Hello, AES encryption!
A) Encrypted Text: yy/Dv/esrpAiMOv/FiwtfA==Dy0He4pyP5dK/gAugv0uvg==
B) Encrypted Text: yy/Dv/esrpAiMOv/FiwtfA8tB3uKcj+XSv4ALoL9Lr4=
Decrypted Text: Hello, AES encryption!
Error: bad decrypt
    at async ModuleLoader.import (https://nodejsaesencryptdecrypt-nvkr.w-credentialless-staticblitz.com/builtins.ddb8d84d.js:154:2688)
    at async loadESM (https://nodejsaesencryptdecrypt-nvkr.w-credentialless-staticblitz.com/builtins.ddb8d84d.js:184:541)
    at async handleMainPromise (https://nodejsaesencryptdecrypt-nvkr.w-credentialless-staticblitz.com/builtins.ddb8d84d.js:165:296)

Node.js v18.20.3

In any other node.js environment, even for the same version Expected output (Node.js v18.20.3):

node index.mjs 12345678901234567890123456789012 
--------------------------------------------------------------------------------
AES KEY : 3132333435363738393031323334353637383930313233343536373839303132
IV      : 00000000000000000000000000000000
--------------------------------------------------------------------------------
Original Text: Hello, AES encryption!
A) Encrypted Text: yy/Dv/esrpAiMOv/FiwtfA8tB3uKcj+XSv4ALoL9Lr4=
B) Encrypted Text: yy/Dv/esrpAiMOv/FiwtfA8tB3uKcj+XSv4ALoL9Lr4=
Decrypted Text: Hello, AES encryption!
Decrypted Text: Hello, AES encryption!

Link to the blitz that caused the error

https://stackblitz.com/edit/bug-stackblitz-nodejs-aes-encrypt-decrypt-8spnpy?file=index.mjs

Steps to reproduce

Open the StackBlitz terminal, and run the following command:

node index.mjs 12345678901234567890123456789012

Verify that the result matches the desired outcome from any third party AES, or run the docker container with node.js of the same version. You can verify the results in CyberChef

Expected behavior

node index.mjs 12345678901234567890123456789012
--------------------------------------------------------------------------------
AES KEY : 3132333435363738393031323334353637383930313233343536373839303132
IV      : 00000000000000000000000000000000
--------------------------------------------------------------------------------
Original Text: Hello, AES encryption!
A) Encrypted Text: yy/Dv/esrpAiMOv/FiwtfA==Dy0He4pyP5dK/gAugv0uvg==
B) Encrypted Text: yy/Dv/esrpAiMOv/FiwtfA8tB3uKcj+XSv4ALoL9Lr4=
Decrypted Text: Hello, AES encryption!

Parity with Local

Screenshots

No response

Platform

Browser name  = Chrome
Full version  = 130.0.0.0
Major version = 130

Additional context

No response