2 files changed, 15 insertions, 1 deletions

diff --git a/src/utils/CryptoUtils.scala b/src/utils/CryptoUtils.scala
index 6c2849e..54e5034 100644
--- a/src/utils/CryptoUtils.scala
+++ b/src/utils/CryptoUtils.scala
@@ -11,4 +11,12 @@ object CryptoUtils {
     s ++ Stream.continually(padLength.toByte).take(padLength)
   }
 
+  def stripPkcs7Pad(s: Seq[Byte]): Seq[Byte] =
+    s.dropRight(s.last)
+
+  def cbcEncrypt(builder: CbcBuilder)(data: Seq[Byte]) =
+    builder.encrypt.end(data)
+
+  def cbcDecrypt(builder: CbcBuilder)(data: Seq[Byte]) =
+    stripPkcs7Pad(builder.decrypt.end(data))
 }
diff --git a/src/utils/crypto/CBCCipher.scala b/src/utils/crypto/CBCCipher.scala
index 3bd0784..227b635 100644
--- a/src/utils/crypto/CBCCipher.scala
+++ b/src/utils/crypto/CBCCipher.scala
@@ -30,8 +30,14 @@ class CBCCipher(private[this] val cipher: Cipher, private[this] val iv: Seq[Byte
 
   // wouldn't hurt to invalidate this object afterward, but meh
   // TODO: strip padding!
+  // to do it right really requires writing decryption as its own part
+  //   it's already obvious that's necessary, but to do padding stripping
+  //   properly, the last block must be withheld until an end() call is made
+  //   which is much different stateful behavior from encryption.
+  //
+  //   in cryptoUtils for now.
   def end(): Seq[Byte] =
-    if (mode == Cipher.DECRYPT_MODE)
+    if (mode == Cipher.DECRYPT_MODE) Seq()
     else cipher.update((pkcs7pad(leftover, blockSize) xor state).toArray)
 
   def blockized(data: Seq[Byte]): (Seq[Seq[Byte]], Seq[Byte]) =