Node.js `crypto.final` make the encrypted result is different to PHP `mcrypt_encrypt`

Question

At first, Node.js crypto.

// Both of key and IV are hex-string, but I hide them in Stackoverflow.

var secretKey  = new Buffer('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'hex'), // 48 chars
    iv         = new Buffer('bbbbbbbbbbbbbbbb', 'hex'); // 16 chars
var str        = 'This string will be encrypted.';
var cipher     = crypto.createCipheriv('des-ede3-cbc', secretKey, iv),
    cryptedStr = cipher.update(str, 'utf8', 'base64') + cipher.final('base64');

Then, PHP mcrypt.

$key    = pack('H*', "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); 
$iv     = pack('H*', "bbbbbbbbbbbbbbbb"); 
$string = 'This string will be encrypted.';
$text   = mcrypt_encrypt(MCRYPT_3DES, $key, $string, MCRYPT_MODE_CBC, $iv);
$text_base64 = base64_encode($text);

Problem.

In the same string, same algorithm and same encoding.

Still there is a little part not match that is cipher.final().

Below is the real sample output.

// Node.js output.
UKBI17EIHKNM2EU48ygsjil5r58Eo1csByAIFp9GhUw=
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    Same part

// PHP output.
UKBI17EIHKNM2EU48ygsjil5r58Eo1csAY4C0JZoyco=
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    Same part

Why cipher.final() make results different?

How could make the same results in Node.js on condition that don't modify PHP code.

Answer 1

Since you can't change your PHP code, you will need to modify the node.js code.

The problem is that node.js' crypto module uses only PKCS#7 padding, whereas PHP uses only zero padding. You can however disable padding in node.js (setAutoPadding(false)) to implement your own zero padding:

function zeroPad(buf, blocksize){
    if (typeof buf === "string") {
        buf = new Buffer(buf, "utf8");
    }
    var pad = new Buffer((blocksize - (buf.length % blocksize)) % blocksize);
    pad.fill(0);
    return Buffer.concat([buf, pad]);
}

And use it like this:

var secretKey  = new Buffer('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'hex'), // 48 chars
    iv         = new Buffer('bbbbbbbbbbbbbbbb', 'hex'); // 16 chars
var str        = 'This string will be encrypted.';
var cipher     = crypto.createCipheriv('des-ede3-cbc', secretKey, iv);
cipher.setAutoPadding(false);

var cryptedStr = cipher.update(zeroPad(str, 8), 'utf8', 'base64') + cipher.final('base64');

console.log(cryptedStr);

Output:

UKBI17EIHKNM2EU48ygsjil5r58Eo1csAY4C0JZoyco=

Here is an implementation of a matching unpad function:

function zeroUnpad(buf, blocksize){
    var lastIndex = buf.length;
    while(lastIndex >= 0 && lastIndex > buf.length - blocksize - 1) {
        lastIndex--;
        if (buf[lastIndex] != 0) {
            break;
        }
    }
    return buf.slice(0, lastIndex + 1).toString("utf8");
}