AES GCM Auth Tag validation issue about help HOT 13 CLOSED

To decrypt, you need to use createDecipheriv() instead of createCipheriv(). You then need to call decipher.setAuthTag() with the correct authentication tag, which you can obtain from the the original cipher after encryption as cipher.getAuthTag().

from help.

it does absolutely the same if i use createDecipheriv().
So decryption works without AuthTag and the issue is relevant.
i have changed the code for your convenience.

from help.

@tniessen please test it out because it's critical security issue.

from help.

@egorbeliy In Node.js 22, I am seeing this error when running your code:

Uncaught Error: Unsupported state or unable to authenticate data
    at Decipheriv.final (node:internal/crypto/cipher:184:29)
    at decrypt (REPL14:4:70)

from help.

But for me it works well, is node version the same?

tsc aes-issue.ts 
node aes-issue.js

Feel free to check the video PoC https://drive.google.com/file/d/1HRQW7toSjHuPTrF4b6s5XoS1Kb1msSzM/view?usp=sharing

from help.

1. Node.js 21 is not supported anymore, so instead please test with Node.js 20 or Node.js 22.
2. If there is a difference in behavior across versions of Node.js, it is likely due to differences in behavior across versions of OpenSSL. Since much of the node:crypto module is a thin wrapper around OpenSSL, we generally don't provide stronger security guarantees than OpenSSL. In other words, if this issue exists in a supported version of Node.js, it will be necessary to demonstrate that the issue does not also exist in OpenSSL.
3. If you are right and this is a security issue, then this was reported in violation of our security policies.

from help.

so i got the same behaviour on v20 and v22.
Basically i got your point, you won't check it.
thanks.

from help.

@egorbeliy Alright, I'll give it another try. Here's the code I am using (main.mjs):

import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';

const algorithm = 'aes-256-gcm';
const keyHex = '9b25a4b717d0c827c926565758b99b89a24f83c03a6a8319fb0fc809787ae929';
const ivHex = 'ded281917f01b9d5f0a5abce';
const key = Buffer.from(keyHex, 'hex');
const iv = Buffer.from(ivHex, 'hex');

const encrypt = (text) => {
  const cipher = createCipheriv(algorithm, key, iv);
  const start = cipher.update(text, 'utf8');
  const end = cipher.final();
  return Buffer.concat([start, end]).toString('base64');
};
const encrypted = encrypt('testValue');
console.assert(encrypted === 'njvgROnsKdsG');
console.log('encrypted ---- ', encrypted);

const decrypt = (encrypted) => {
  const buffer = Buffer.from(encrypted, 'base64');
  const decipher = createDecipheriv(algorithm, key, iv);
  const decrypted = Buffer.concat([decipher.update(buffer), decipher.final()]);
  return decrypted.toString('utf8');
};

const decrypted = decrypt(encrypted);
console.log('decrypted ---- ', decrypted);

Here's what happens in Node.js 22.3.0 on Linux 6.1.92-1-MANJARO:

$ cat package.json 
{
  "dependencies": {
    "typescript": "^5.5.3"
  }
}
$ node -v
v22.3.0
$ node -p process.versions.openssl
3.3.1
$ node main.mjs 
encrypted ----  njvgROnsKdsG
node:internal/crypto/cipher:184
  const ret = this[kHandle].final();
                            ^

Error: Unsupported state or unable to authenticate data
    at Decipheriv.final (node:internal/crypto/cipher:184:29)
    at decrypt (file:///home/tniessen/testgcm/main.mjs:22:70)
    at file:///home/tniessen/testgcm/main.mjs:26:19
    at ModuleJob.run (node:internal/modules/esm/module_job:262:25)
    at async ModuleLoader.import (node:internal/modules/esm/loader:474:24)
    at async asyncRunEntryPointWithESMLoader (node:internal/modules/run_main:109:5)

Node.js v22.3.0

Here's what happens in Node.js 22.1.0 on Windows 10:

encrypted ----  njvgROnsKdsG
node:internal/crypto/cipher:184
  const ret = this[kHandle].final();
                            ^

Error: Unsupported state or unable to authenticate data
    at Decipheriv.final (node:internal/crypto/cipher:184:29)
    at decrypt (file:///C:/Users/Tobias/main.mjs:22:70)
    at file:///C:/Users/Tobias/main.mjs:26:19
    at ModuleJob.run (node:internal/modules/esm/module_job:262:25)
    at async ModuleLoader.import (node:internal/modules/esm/loader:474:24)
    at async asyncRunEntryPointWithESMLoader (node:internal/modules/run_main:119:5)

Node.js v22.1.0

Here's what happens in Node.js 20.15.0 on Linux 6.5.0-1022-azure:

$ node main.mjs 
encrypted ----  njvgROnsKdsG
node:internal/crypto/cipher:193
  const ret = this[kHandle].final();
                            ^

Error: Unsupported state or unable to authenticate data
    at Decipheriv.final (node:internal/crypto/cipher:193:29)
    at decrypt (file:///home/tniessen/dev/dblp/main.mjs:22:70)
    at file:///home/tniessen/dev/dblp/main.mjs:26:19
    at ModuleJob.run (node:internal/modules/esm/module_job:222:25)
    at async ModuleLoader.import (node:internal/modules/esm/loader:316:24)
    at async asyncRunEntryPointWithESMLoader (node:internal/modules/run_main:123:5)

Node.js v20.15.0

Could you please test the code I provided above to avoid any dependency on third-party tools, such as typescript?

from help.

don't see the reason to test your code, coz i've reported the bug with my own.
thanks for your help.

from help.

@egorbeliy I was trying to help. If you don't want to debug this issue together, there is not much I can do for you.

from help.

don't see the reason to test your code, coz i've reported the bug with my own.

thanks for your help.

Also, please note that @tniessen's code is nearly identical to yours——so any discrepancies between your execution and his will help to debug and address the issue (as @tniessen said).

This information is crucial in the process of this issue, and without it, there's not much that be done to help.

from help.

Hey @egorbeliy, I see you closed the issue. If you've resolved the issue, could you let us know how, so that anyone with this problem in the future can have an easier time resolving?

from help.

hi @RedYetiDev.
We issue was using createCipheriv() to encrypt and decrypt.
Thanks a lot @tniessen.

from help.