PHP / Javascript AES 128 CFB Encryption / Decryption CryptoJS OpenSSL

Working Decryption in PHP

function decrypt($encryptedText){
    $key = "1234567890123456";
    $decrypted = openssl_decrypt(substr(base64_decode($encryptedText), 16), "AES-128-CFB", $key, OPENSSL_RAW_DATA, substr(base64_decode($encryptedText), 0, 16));
    return $decrypted;
}
$encryptedText = "1EwMDT20BELrEixvrSGswDC4GZIn5BWGor6MP6ERi9Ux";
echo decrypt($encryptedText);

Will output “Decrypted Message”

I’m trying to replicate it in Javascript

var key = '1234567890123456';
var base64data = CryptoJS.enc.Base64.parse("1EwMDT20BELrEixvrSGswDC4GZIn5BWGor6MP6ERi9Ux");
var encrypted = new CryptoJS.lib.WordArray.init(base64data.words.slice(4));
var iv = new CryptoJS.lib.WordArray.init(base64data.words.slice(0, 4));
var cipher = CryptoJS.lib.CipherParams.create({ ciphertext: encrypted });
var decrypted = CryptoJS.AES.decrypt(cipher, CryptoJS.enc.Utf8.parse(key), {iv: iv, mode: CryptoJS.mode.CFB});
console.log("Decrypted: "+decrypted.toString(CryptoJS.enc.Utf8));

I get an empty response, any help would be appreciated as to where I’ve gone wrong. Thanks

Answer

CFB is a stream cipher mode, i.e. does not use padding.

In a mode with padding, the ciphertext always has a length that corresponds to an integer multiple of the block size, i.e. 16 bytes for AES. This means that the ciphertext always consists of complete WordArrays (a WordArray is 4 bytes in size).

In a mode without padding, such as CFB, the ciphertext has the same length as the plaintext, so that the last WordArray is generally not completely part of the ciphertext.
For instance, the message Decrypted Message has a length of 17 bytes, i.e. consists of 5 WordArrays, the last of which has only one significant byte.
Therefore the number of significant bytes: base64data.sigBytes - 16, must be specified for encrypted (the subtraction of 16 is necessary because base64data also contains the IV).

Furthermore, the padding must be explicitly disabled.

With these two changes, the decryption is successful:

var key = '1234567890123456';
var base64data = CryptoJS.enc.Base64.parse("1EwMDT20BELrEixvrSGswDC4GZIn5BWGor6MP6ERi9Ux");
var encrypted = new CryptoJS.lib.WordArray.init(base64data.words.slice(4), base64data.sigBytes - 16); // consider significant bytes
var iv = new CryptoJS.lib.WordArray.init(base64data.words.slice(0, 4));
var cipher = CryptoJS.lib.CipherParams.create({ ciphertext: encrypted });
var decrypted = CryptoJS.AES.decrypt(cipher, CryptoJS.enc.Utf8.parse(key), {iv: iv, mode: CryptoJS.mode.CFB, padding: CryptoJS.pad.NoPadding}); // disable padding
document.getElementById("pt").innerHTML = "Decrypted: " + decrypted.toString(CryptoJS.enc.Utf8);
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>
<p style="font-family:'Courier New', monospace;" id="pt"></p>

By the way, there are different variants of CFB. Here, both codes use full block CFB (CFB128).