2

I am using CryptoJS in my angular app to implement AES encryption but I am keep getting TypeError: Cannot read property '0' of undefined error when I try to send empty 16 byte array in IV

error

Here's my typescript code:

aesEncrypt(keys: string, value: string) { // encrypt api request parameter with aes secretkey

    var key = CryptoJS.enc.Utf8.parse(keys);
    //var iv = CryptoJS.enc.Utf8.parse(keys);
    var iv = new Uint16Array(16);
    var encrypted = CryptoJS.AES.encrypt(JSON.stringify(value), key,
        {
            //keySize: 256,
            keySize: 128,
            iv: iv,
            mode: CryptoJS.mode.CBC,
            padding: CryptoJS.pad.Pkcs7,
        });

    return encrypted.toString();
}

But same thing works fine in .NET, android, ios when I send empty 16 byte array in IV

.NET code:

private static AesCryptoServiceProvider AesCryptoServiceProvider(string key)
{
    AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
    aes.KeySize = 128;
    aes.BlockSize = 128;
    aes.Mode = CipherMode.CBC;
    aes.Padding = PaddingMode.PKCS7;
    aes.Key = Encoding.UTF8.GetBytes(key);
    //aes.IV = Encoding.UTF8.GetBytes(key);
    aes.IV = new byte[16];
    return aes;
}

android code:

public static String encryptURLEncoding(byte[] key, String encryption) throws GeneralSecurityException 
{
    if (key.length != 16) 
    {
        throw new IllegalArgumentException("Invalid key size.");
    }

    // Setup AES tool.

    SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(new byte[16]));
    byte[] dstBuff = cipher.doFinal(encryption.getBytes());
    String encryptedStringData = android.util.Base64.encodeToString(dstBuff, android.util.Base64.DEFAULT);
    return encryptedStringData;
}

I want to implement AES encrypt decrypt by providing empty 16 byte array because this app is interconnected with my other apps which are on android, ios platform with same encryption setup but I am getting error in my angular app, How can I resolve this issue?

Shreyas Pednekar
  • 1,285
  • 5
  • 31
  • 53
  • 1
    In the JavaScript code the IV must be passed as `WordArray`. In C# code, a `0`-IV is used (a `byte[]` with 16 `0`-values). The corresponding `WordArray` would be e.g. `var iv = CryptoJS.enc.Hex.parse("00000000000000000000000000000000");` – Topaco Jun 23 '20 at 06:41
  • @Topaco I need to pass 16 `0` in `WordArray` for 16 byte array? – Shreyas Pednekar Jun 23 '20 at 06:45
  • 1
    Because of the Hex encoder used the IV is encoded as hex string, i.e. 32 zeros denote 16 zero bytes. – Topaco Jun 23 '20 at 06:50
  • 1
    Furthermore CryptoJS does not know the parameter `keySize`. The used AES variant is determined by the key size, e.g. for a 32 bytes key AES-256 is used. – Topaco Jun 23 '20 at 06:51
  • @Topaco Thank you so much for your information. The error is gone, now it's working fine in angular and .net api, now I need to cross verify with other apps on android and ios – Shreyas Pednekar Jun 23 '20 at 07:09
  • @ShreyasPednekar: Please post an answer or ask Topaco to do so and accept it to mark this question as resolved. – H.B. Jun 23 '20 at 15:10
  • @H.B. Okay I'll ask him to post answer – Shreyas Pednekar Jun 24 '20 at 04:51
  • @Topaco Please post your comments in answer so that I can mark the answer – Shreyas Pednekar Jun 24 '20 at 04:52

3 Answers3

2

In the JavaScript code the IV must be passed as WordArray. Since a 0-IV was used in the C# code, this must also be done in the JavaScript code. The corresponding WordArray could be e.g.

var iv = CryptoJS.enc.Hex.parse("00000000000000000000000000000000");

Note that the Hex encoder is used so that the 16 bytes 0-IV correspond to 32 0-values.

Also be aware that generally a 0-IV should only be used for testing purposes. In practice, for security reasons, a random IV has to be generated for each encryption. Additionally, a key / IV pair may only be used once.

Furthermore CryptoJS does not know the parameter keySize and ignores it. The used AES variant is determined by the key size, e.g. for a 32 bytes key AES-256 is applied, here.

Topaco
  • 40,594
  • 4
  • 35
  • 62
2

For those who faced a similar error in typescript for encrypting a string, you just need to import the package this way

import * as Crypto from 'crypto-js';
Abhishek Kaushik
  • 67
  • 2
  • 11
0

I faced the same problem. Including the iv option solved it.

var iv = CryptoJS.enc.Hex.parse("101112131415161718191a1b1c1d1e1f"); var ciphertext = CryptoJS.AES.encrypt("msg", CryptoJS.enc.Hex.parse("000102030405060708090a0b0c0d0e0f"),{ iv: iv, mode: CryptoJS.mode.CTR, padding: CryptoJS.pad.AnsiX923 });

Vaishali R
  • 3
  • 3