@@ -67,8 +67,8 @@ public IESEngine(
6767
6868
6969 /**
70- * set up for use in conjunction with a block cipher to handle the
71- * message.
70+ * Set up for use in conjunction with a block cipher to handle the
71+ * message.It is <b>strongly</b> recommended that the cipher is not in ECB mode.
7272 *
7373 * @param agree the key agreement used as the basis for the encryption
7474 * @param kdf the key derivation function used for byte generation
@@ -269,15 +269,16 @@ private byte[] decryptBlock(
269269 int inLen )
270270 throws InvalidCipherTextException
271271 {
272- byte [] M = null , K = null , K1 = null , K2 = null ;
273- int len ;
272+ byte [] M , K , K1 , K2 ;
273+ int len = 0 ;
274274
275275 // Ensure that the length of the input is greater than the MAC in bytes
276276 if (inLen < V .length + mac .getMacSize ())
277277 {
278278 throw new InvalidCipherTextException ("Length of input must be greater than the MAC and V combined" );
279279 }
280280
281+ // note order is important: set up keys, do simple encryptions, check mac, do final encryption.
281282 if (cipher == null )
282283 {
283284 // Streaming mode.
@@ -298,14 +299,13 @@ private byte[] decryptBlock(
298299 System .arraycopy (K , K1 .length , K2 , 0 , K2 .length );
299300 }
300301
302+ // process the message
301303 M = new byte [K1 .length ];
302304
303305 for (int i = 0 ; i != K1 .length ; i ++)
304306 {
305307 M [i ] = (byte )(in_enc [inOff + V .length + i ] ^ K1 [i ]);
306308 }
307-
308- len = K1 .length ;
309309 }
310310 else
311311 {
@@ -325,15 +325,15 @@ private byte[] decryptBlock(
325325 }
326326 else
327327 {
328- cipher .init (false , new KeyParameter (K1 ));
328+ cipher .init (false , new KeyParameter (K1 ));
329329 }
330330
331331 M = new byte [cipher .getOutputSize (inLen - V .length - mac .getMacSize ())];
332+
333+ // do initial processing
332334 len = cipher .processBytes (in_enc , inOff + V .length , inLen - V .length - mac .getMacSize (), M , 0 );
333- len += cipher .doFinal (M , len );
334335 }
335336
336-
337337 // Convert the length of the encoding vector into a byte array.
338338 byte [] P2 = param .getEncodingV ();
339339 byte [] L2 = null ;
@@ -362,11 +362,19 @@ private byte[] decryptBlock(
362362
363363 if (!Arrays .constantTimeAreEqual (T1 , T2 ))
364364 {
365- throw new InvalidCipherTextException ("Invalid MAC. " );
365+ throw new InvalidCipherTextException ("invalid MAC" );
366366 }
367367
368- // Output the message.
369- return Arrays .copyOfRange (M , 0 , len );
368+ if (cipher == null )
369+ {
370+ return M ;
371+ }
372+ else
373+ {
374+ len += cipher .doFinal (M , len );
375+
376+ return Arrays .copyOfRange (M , 0 , len );
377+ }
370378 }
371379
372380
0 commit comments