--- /dev/null
+/*
+ * Copyright (c) 1997,2011-2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "comcryption.h"
+#include "comDebug.h"
+#include "comcryptPriv.h"
+
+#if COM_PROFILE
+
+unsigned comProfEnable;
+comprof_t cmcTotal;
+comprof_t cmcQueSearch;
+comprof_t cmcQueMatchMove;
+comprof_t cmcQueMissMove;
+comprof_t cmcLevel2;
+comprof_t cmcPerWordOhead;
+
+#endif /*COM_PROFILE*/
+
+void comMallocRegister(comMallocExternFcn *mallocExtern,
+ comFreeExternFcn *freeExtern)
+{
+ comMallocExt = mallocExtern;
+ comFreeExt = freeExtern;
+}
+
+/*
+ * Call once at startup. The resulting comcryptObj can be reused multiple
+ * times.
+ */
+comcryptObj comcryptAlloc(void)
+{
+ comcryptPriv *cpriv = (comcryptPriv *) ascMalloc(sizeof(comcryptPriv));
+
+ if(cpriv == NULL) {
+ return NULL;
+ }
+ memset(cpriv, 0, sizeof(comcryptPriv));
+
+#if COMCRYPT_EXPORT_ONLY
+ cpriv->key = (unsigned char *)ascMalloc(EXPORT_KEY_SIZE);
+#else /*COMCRYPT_EXPORT_ONLY*/
+ cpriv->key = (unsigned char *)ascMalloc(COMCRYPT_MAX_KEYLENGTH);
+#endif /*COMCRYPT_EXPORT_ONLY*/
+
+ if(cpriv->key == NULL) {
+ return NULL;
+ }
+ cpriv->map = (unsigned char *)ascMalloc(256);
+ cpriv->invmap = (unsigned char *)ascMalloc(256);
+ if((cpriv->map == NULL) || (cpriv->invmap == NULL)) {
+ return NULL;
+ }
+ mallocCodeBufs(&cpriv->cbuf);
+ if((cpriv->cbuf.codeBuf == NULL) ||
+ (cpriv->cbuf.level2Buf == NULL)) {
+ return NULL;
+ }
+ #if QUEUE_LOOKAHEAD
+ if(cpriv->cbuf.lookAhead == NULL) {
+ return NULL;
+ }
+ #endif
+
+ /*
+ * Hard coded limit of two levels of comcryption
+ */
+ cpriv->cbuf.nextBuf = (comcryptBuf *)ascMalloc(sizeof(comcryptBuf));
+ if(cpriv->cbuf.nextBuf == NULL) {
+ return NULL;
+ }
+ mallocCodeBufs(cpriv->cbuf.nextBuf);
+ if((cpriv->cbuf.nextBuf->codeBuf == NULL) ||
+ (cpriv->cbuf.nextBuf->level2Buf == NULL)) {
+ return NULL;
+ }
+ #if QUEUE_LOOKAHEAD
+ if(cpriv->cbuf.nextBuf->lookAhead == NULL) {
+ return NULL;
+ }
+ #endif
+
+ cpriv->cbuf.nextBuf->nextBuf = NULL;
+ return cpriv;
+}
+
+/*
+ * Call this before starting every stream process
+ */
+comcryptReturn comcryptInit(
+ comcryptObj cobj,
+ const unsigned char *key,
+ unsigned keyLen,
+ comcryptOptimize optimize) // CCO_SIZE, etc.
+{
+ comcryptPriv *cpriv = (comcryptPriv *)cobj;
+ unsigned maxKeySize;
+
+#if COMCRYPT_EXPORT_ONLY
+ /*
+ * FIXME - NSA might not be satisfied with this, may have to enforce
+ * elsewhere
+ */
+ maxKeySize = EXPORT_KEY_SIZE;
+#else /*COMCRYPT_EXPORT_ONLY*/
+ maxKeySize = COMCRYPT_MAX_KEYLENGTH;
+#endif /*COMCRYPT_EXPORT_ONLY*/
+
+ if(keyLen > maxKeySize) {
+ keyLen = maxKeySize;
+ }
+ memmove(cpriv->key, key, keyLen);
+ cpriv->keybytes = keyLen;
+ cpriv->cbuf.codeBufLength = 0;
+ cpriv->cbuf.nextBuf->codeBufLength = 0;
+ cpriv->version = 0;
+ cpriv->versionBytes = 0;
+ cpriv->spareBytes = 0;
+ cpriv->optimize = optimize;
+
+ /*
+ * Derive feature enable bits from optimize arg. This is highly likely
+ * to change....
+ */
+ cpriv->level2enable = 1;
+ cpriv->sigSeqEnable = 1;
+ switch(optimize) {
+ case CCO_TIME:
+ cpriv->level2enable = 0;
+ break;
+ case CCO_TIME_SIZE:
+ cpriv->sigSeqEnable = 0;
+ break;
+ default:
+ break;
+ }
+#if QUEUE_LOOKAHEAD
+ cpriv->laEnable = 1;
+#else /* QUEUE_LOOKAHEAD */
+ cpriv->laEnable = 0;
+#endif /* QUEUE_LOOKAHEAD */
+
+ /*
+ * init queue and maps
+ */
+ initCodeBufs(&cpriv->cbuf, key, keyLen, cpriv->laEnable,
+ cpriv->sigSeqEnable);
+ initCodeBufs(cpriv->cbuf.nextBuf, key, keyLen, cpriv->laEnable,
+ cpriv->sigSeqEnable);
+ key_perm(key, keyLen, cpriv->map, cpriv->invmap);
+ return CCR_SUCCESS;
+}
+
+/*
+ * Free a comcryptObj object obtained via comcryptAlloc()
+ */
+void comcryptObjFree(comcryptObj cobj)
+{
+ comcryptPriv *cpriv = (comcryptPriv *)cobj;
+
+ if(cpriv->key != NULL) {
+ ascFree(cpriv->key);
+ }
+ if(cpriv->map != NULL) {
+ ascFree(cpriv->map);
+ }
+ if(cpriv->invmap != NULL) {
+ ascFree(cpriv->invmap);
+ }
+ freeCodeBufs(&cpriv->cbuf);
+ ascFree(cpriv);
+}
+
+/*
+ * Return the maximum input buffer size allowed for for specified
+ * output buffer size. Note that for both comcrypt and decomcrypt,
+ * to cover the worst case, the output buffer always has to be
+ * larger than the input buffer.
+ */
+unsigned comcryptMaxInBufSize(comcryptObj cobj,
+ unsigned outBufSize,
+ comcryptOp op)
+{
+ unsigned fullBlocks;
+ unsigned minCblockSize;
+ unsigned resid;
+ unsigned rtn;
+ unsigned tokenBytes;
+ comcryptPriv *cpriv = (comcryptPriv *)cobj;
+ unsigned ptextFromCodeBuf;
+
+ switch(op) {
+ case CCOP_COMCRYPT:
+ /*
+ * Worst case: no compression. Also, establish a minimum
+ * ciphertext size to accomodate header and one block.
+ */
+ minCblockSize = MIN_CBLOCK_SIZE;
+ if(cpriv->versionBytes == 0) {
+ minCblockSize += CTEXT_HDR_SIZE;
+ }
+ if(outBufSize < (minCblockSize)) {
+ return 0;
+ }
+ if(cpriv->versionBytes == 0) {
+ outBufSize -= CTEXT_HDR_SIZE;
+ }
+ fullBlocks = outBufSize / MAX_CBLOCK_SIZE;
+ rtn = (fullBlocks * CC_BLOCK_SIZE); // bytes of ptext
+
+ /*
+ * code must be even aligned, then chop off one for odd ptext
+ */
+ rtn &= 0xfffffffe;
+ rtn--;
+ if(rtn <= 0) {
+ return 0;
+ }
+ resid = outBufSize % MAX_CBLOCK_SIZE;
+ if(resid) {
+ rtn += resid;
+
+ /*
+ * Account for resid block overhead
+ */
+ if(rtn < MIN_CBLOCK_SIZE) {
+ return 0;
+ }
+ rtn -= MIN_CBLOCK_SIZE;
+
+ tokenBytes = TOKEN_BYTES_FROM_PTEXT(resid);
+ if(rtn <= tokenBytes) {
+ return 0;
+ }
+ rtn -= tokenBytes;
+ }
+ if(rtn > INBUF_TRUNC_THRESH) {
+ /*
+ * Truncate to even block size to minimize partial cipherblocks
+ */
+ rtn &= ~(CC_BLOCK_SIZE - 1);
+ }
+ return rtn;
+
+ case CCOP_DECOMCRYPT:
+ /*
+ * Worst case - 4:1 compression and an almost full block in
+ * codeBuf. Note 4:1 is a super-conservative, easy arithmetic
+ * version of (9/16) squared...
+ */
+ ptextFromCodeBuf = cpriv->cbuf.codeBufLength * 4;
+ if(outBufSize < ptextFromCodeBuf) {
+ /* decrypting codeBuf might overflow output (plaintext)
+ * buffer - won't be able to move anything */
+ rtn = 0;
+ }
+ else {
+ /* can decrypt (this much plainText - ptextFromCodeBuf) / 4 */
+ rtn = (outBufSize - ptextFromCodeBuf) / 4;
+ }
+
+ /* may be able to handle a bit extra for initial decrypt... */
+ if(cpriv->versionBytes < VERSION_BYTES) {
+ rtn += (VERSION_BYTES - cpriv->versionBytes);
+ }
+ if(cpriv->spareBytes < SPARE_BYTES) {
+ rtn += (SPARE_BYTES - cpriv->spareBytes);
+ }
+ return rtn;
+
+ default:
+ ddprintf(("bogus op (%d) in comcryptMaxInBufSize()\n", op));
+ return 0;
+ }
+}
+
+/*
+ * Return the maximum output buffer size for specified input buffer size.
+ * Output buffer size will always be larger than input buffer size.
+ */
+unsigned comcryptMaxOutBufSize(comcryptObj cobj,
+ unsigned inBufSize,
+ comcryptOp op,
+ char final)
+{
+ unsigned fullBlocks;
+ unsigned resid;
+ unsigned rtn;
+ comcryptPriv *cpriv = (comcryptPriv *)cobj;
+
+ switch(op) {
+ case CCOP_COMCRYPT:
+ fullBlocks = inBufSize / CC_BLOCK_SIZE;
+ rtn = fullBlocks * MAX_CBLOCK_SIZE;
+ resid = inBufSize % CC_BLOCK_SIZE;
+ if(resid != 0) {
+ /*
+ * partial block
+ */
+ unsigned tokenBytes = TOKEN_BYTES_FROM_PTEXT(resid);
+
+ rtn += MIN_CBLOCK_SIZE;
+ rtn += tokenBytes;
+ rtn += resid; // no compression
+ if(resid & 1) {
+ rtn++; // oddByte uses extra
+ }
+ }
+ if((cpriv == NULL) || // i.e., we're being called from mallocCodeBufs
+ (cpriv->versionBytes == 0)) {
+ rtn += CTEXT_HDR_SIZE; // first of a stream
+ }
+ return rtn;
+
+ case CCOP_DECOMCRYPT:
+ /*
+ * Here assume max compression, including resid block in codeBuf
+ */
+ inBufSize += cpriv->cbuf.codeBufLength;
+ if(inBufSize) {
+ /* may be able to handle a bit extra for initial decrypt... */
+ unsigned delta;
+ if(cpriv->versionBytes < VERSION_BYTES) {
+ delta = VERSION_BYTES - cpriv->versionBytes;
+ if(inBufSize > delta) {
+ inBufSize -= delta;
+ }
+ else {
+ inBufSize = 0;
+ }
+ }
+ if(cpriv->spareBytes < SPARE_BYTES) {
+ delta = SPARE_BYTES - cpriv->spareBytes;
+ if(inBufSize > delta) {
+ inBufSize -= delta;
+ }
+ else {
+ inBufSize = 0;
+ }
+ }
+ }
+ rtn = 4 * inBufSize;
+ return rtn;
+
+ default:
+ ddprintf(("bogus op (%d) in comcryptMaxOutBufSize()\n", op));
+ return 0;
+ }
+}
+
+/*
+ * Threshold for using memmove() rather than hard-coded loop for
+ * moving queue segment. This was derived empirically on a Pentium;
+ * we should do similar measurements on PPC.
+ */
+#define QUEUE_MEMMOVE_THRESH 3
+
+/*
+ * peek at queue[0] before search. This appears to only be a win for
+ * constant plaintext, i.e., the codeword is almost always at queue[0].
+ */
+#define QUEUE_PEEK 0
+
+/*
+ * Comcrypt one block.
+ */
+static comcryptReturn comcryptBlock(
+ comcryptPriv *cpriv,
+ comcryptBuf *cbuf, // not necessarily cpriv->cbuf
+ const unsigned char *plainText,
+ unsigned plainTextLen,
+ unsigned char *cipherText,
+ unsigned *cipherTextLen, // IN/OUT
+ unsigned recursLevel)
+{
+ unsigned char *byteCodePtr;
+ unsigned char *destByteCodePtr;
+ unsigned char *longCodePtr;
+ unsigned char *startLongCodePtr;
+ unsigned char *tokenPtr;
+ unsigned char *startTokenPtr;
+ unsigned char *startCtextPtr = cipherText;
+ unsigned numTokenBytes; // in bytes, constant
+ unsigned short codeWord;
+ unsigned oddByte = 0;
+ unsigned match;
+ unsigned jmatch=0;
+ unsigned tokenDex = 0; // index into array of token bits
+ unsigned j;
+ unsigned numLongCodes = 0;
+ unsigned numByteCodes = 0;
+ unsigned totalCipherTextLen;
+ unsigned above;
+ unsigned jmatchTotal = 0;
+ unsigned jmatchAvg;
+ comcryptReturn crtn;
+ unsigned char blockDesc = CBD_MAGIC;
+ unsigned fullBlock = 0;
+ int len;
+ queueElt *src;
+ queueElt *dst;
+ queueElt *cbufq = &cbuf->queue[0];
+
+ /*
+ * 'nibble' is added to 'above' in the call to nextSigWord() for
+ * additional security.
+ *
+ * Normal case : nibble = keynybble()
+ * last word on odd byte : nibble = nibbleDex
+ * hit on queue q : nibble = nibbleDex (optimize to avoid keynybble()
+ * call)
+ */
+ unsigned char nibble;
+
+ COMPROF_LOCALS;
+
+ #if COM_LA_DEBUG
+ if(testLookAhead(cbuf, 0, 0)) {
+ return CCR_INTERNAL;
+ }
+ #endif
+
+ laprintf(("comcryptBlock recurs level %d\n", recursLevel));
+
+ /*
+ * Set up ptrs for the three arrays we'll be writing
+ */
+ tokenPtr = cipherText + CTBO_NUM_TOKENS + 1;
+ if(plainTextLen >= (CC_BLOCK_SIZE - 1)) {
+ /*
+ * Optimized for full block - no token count in block. Note
+ * that plainTextLen == (CC_BLOCK_SIZE - 1) is also a full block
+ * in that it uses up a full block's worth of tokens!
+ */
+ numTokenBytes = CC_BLOCK_SIZE >> 4;
+ tokenPtr--;
+ blockDesc |= CBD_FULL_BLOCK;
+ fullBlock = 1;
+ }
+ else {
+ numTokenBytes = (plainTextLen + 15) >> 4;
+ }
+ longCodePtr = tokenPtr + numTokenBytes;
+ startLongCodePtr = longCodePtr;
+ byteCodePtr = cbuf->codeBuf;
+ startTokenPtr = tokenPtr;
+
+ if((unsigned)(longCodePtr - cipherText) > *cipherTextLen) {
+ ddprintf(("comcryptBlock: short block (1)\n"));
+ return CCR_OUTBUFFER_TOO_SMALL;
+ }
+ memset(tokenPtr, 0, numTokenBytes);
+
+ /*
+ * Entering time-critical region. This loop executes once for every
+ * 2 bytes of plaintext. Make every attempt to streamline the code
+ * here; avoid function calls in favor of macros; etc.
+ */
+ while(plainTextLen != 0) {
+
+ /*
+ * assemble a 16-bit word from two bytes if possible
+ */
+ if(plainTextLen == 1) {
+ /*
+ * Odd byte case
+ */
+ codeWord = ((unsigned short)(cpriv->map[*plainText]) << 8) |
+ cpriv->map[0]; // a bit of obfuscation - mapped zero
+ oddByte = 1;
+ blockDesc |= CBD_ODD;
+ plainTextLen--;
+ }
+ else {
+ codeWord = ((unsigned short)(cpriv->map[*plainText]) << 8) |
+ (unsigned short)(cpriv->map[plainText[1]]);
+ plainText += 2;
+ plainTextLen -= 2;
+ }
+
+ /*
+ * Calibrate how much profiling is costing us.
+ */
+ COMPROF_START;
+ COMPROF_END(cmcPerWordOhead);
+
+ /*
+ * See if this word is in queue[]. Skip if oddByte; we'll force
+ * a 16-bit word in that case. Also skip the search if we know
+ * via lookahead that a search would be fruitless.
+ */
+ COMPROF_START; /* cmcQueSearch */
+ match = 0;
+ do { /* while 0 - for easy breaks w/o goto */
+
+ /*
+ * First handle some optimizations and special cases
+ */
+ if(oddByte) {
+ break; // force longcode
+ }
+
+#if QUEUE_PEEK
+ if(cbufq[0] == codeWord) {
+ match = 1;
+ jmatch = 0;
+ break;
+
+ }
+#endif /*QUEUE_PEEK*/
+
+ if(cpriv->laEnable && !inQueue(cbuf, codeWord)) {
+ break;
+ }
+
+ /*
+ * OK, do the gruntwork search
+ */
+ for(j=0; j < QLEN; j++) {
+ if(cbufq[j] == codeWord) {
+ match = 1;
+ jmatch = j;
+ break;
+ }
+ }
+
+#if COM_LA_DEBUG
+ if(cpriv->laEnable && !match) {
+ printf("inQueue, not found in queue!\n");
+ return CCR_INTERNAL;
+ }
+
+ /*
+ * Search for duplicates.
+ */
+ if(match) {
+ for(j=jmatch+1; j<QLEN; j++) {
+ if(cbufq[j] == codeWord) {
+ printf("***Huh! Dup queue entry codeWord 0x%x jmatch "
+ "0x%x 2nd j 0x%x\n",
+ codeWord, jmatch, j);
+ return CCR_INTERNAL;
+ }
+ }
+ }
+#endif /*COM_LA_DEBUG*/
+ } while(0);
+
+ COMPROF_END(cmcQueSearch);
+
+ /*
+ * Note we measure the overhead on a per-codeword basis. Here,
+ * we ensure that there is exactly one pair of start/end
+ * timestamps per queue move per code word.
+ *
+ * New 17 Dec 1997 - always calculate keynibble for use in signature
+ * sequence update
+ */
+#if !SKIP_NIBBLE_ON_QUEUE_0
+ nibble = keynybble(cpriv->key, cpriv->keybytes,
+ (cbuf->nybbleDex)++);
+#endif /*SKIP_NIBBLE_ON_QUEUE_0*/
+
+ COMPROF_START;
+ if(match) {
+ /*
+ * 16-bit symbol is in queue. 8 bits of ciphertext, token bit is 0.
+ */
+ if(jmatch == 0) {
+ /*
+ * Optimization: jmatch = 0. Keep state machine in sync,
+ * but skip queue update.
+ */
+ above = 0;
+ laprintf(("...queue hit at queue[0]\n"));
+#if SKIP_NIBBLE_ON_QUEUE_0
+ nibble = (cbuf->nybbleDex)++;
+#endif /*SKIP_NIBBLE_ON_QUEUE_0*/
+ }
+ else {
+#if SKIP_NIBBLE_ON_QUEUE_0
+ nibble = keynybble(cpriv->key, cpriv->keybytes,
+ (cbuf->nybbleDex)++);
+#endif /*SKIP_NIBBLE_ON_QUEUE_0*/
+
+ above = (cbuf->f1 * jmatch * (16 + nibble)) >> 9;
+
+ /*
+ * queue[above..(jmatch-1)] move one element towards end
+ * queue[above] = this codeWord
+ */
+ laprintf(("...queue hit, moving 0x%x from 0x%x to 0x%x\n",
+ codeWord, jmatch, above));
+
+ len = (int)jmatch - (int)above;
+ if(len > QUEUE_MEMMOVE_THRESH) {
+ src = &cbufq[above];
+ dst = src + 1;
+ len *= sizeof(queueElt);
+ memmove(dst, src, len);
+ }
+ else {
+ for(j = jmatch; j>above; j--) {
+ cbufq[j] = cbufq[j-1];
+ }
+ }
+
+ cbufq[above] = codeWord;
+#if COM_LA_DEBUG
+ if(testLookAhead(cbuf, above, jmatch)) {
+ return CCR_INTERNAL;
+ }
+#endif /*COM_LA_DEBUG*/
+ }
+ COMPROF_END(cmcQueMatchMove);
+
+ codeWord = jmatch;
+ incr1byteFrags(recursLevel);
+ jmatchTotal += jmatch;
+ }
+ else if(oddByte == 0) {
+ /*
+ * 16-bit symbol is not in queue. 16 bits of ciphertext.
+ * Token bit is 1.
+ *
+ * queue[above...QLEN-1] move one element toward end
+ * queue[QLEN-1] discarded
+ * queue[above] = new codeword
+ *
+ * Note we skip this queue manipulation in the oddbyte case, since
+ * we don't really know (or care) if the current code word is in
+ * the queue or not.
+ */
+#if SKIP_NIBBLE_ON_QUEUE_0
+ nibble = keynybble(cpriv->key, cpriv->keybytes,
+ (cbuf->nybbleDex)++);
+#endif /*SKIP_NIBBLE_ON_QUEUE_0*/
+
+ above = ABOVE(cbuf->f2) + nibble;
+
+#if COM_DEBUG
+ if(above > QLEN) {
+ printf("Hey Doug! above %d QLEN %d\n", above, QLEN);
+ return CCR_INTERNAL;
+ }
+#endif
+
+ laprintf(("...queue miss, adding 0x%x at 0x%x, deleting 0x%x\n",
+ codeWord, above, cbufq[QLEN-1]));
+
+ if(cpriv->laEnable) {
+ markInQueue(cbuf, codeWord, 1); // new entry
+ markInQueue(cbuf, cbufq[QLEN-1], 0); // bumped out
+ }
+
+ len = QLEN - 1 - (int)above;
+ if(len > QUEUE_MEMMOVE_THRESH) {
+ src = &cbufq[above];
+ dst = src + 1;
+ len *= sizeof(queueElt);
+ memmove(dst, src, len);
+ }
+ else {
+ for(j=QLEN-1; j > above; j--) {
+ cbufq[j] = cbufq[j-1];
+ }
+ }
+
+ cbufq[above] = codeWord;
+
+#if COM_LA_DEBUG
+ if(testLookAhead(cbuf, above, 0)) {
+ return CCR_INTERNAL;
+ }
+#endif /*COM_LA_DEBUG*/
+
+ COMPROF_END(cmcQueMissMove);
+ incr2byteFrags(recursLevel);
+ }
+ else {
+ /*
+ * Odd byte case, at least gather stats.
+ */
+ incr2byteFrags(recursLevel);
+
+ /*
+ * ...and keep this in sync for signature sequence
+ */
+ above = 0;
+#if SKIP_NIBBLE_ON_QUEUE_0
+ nibble = (cbuf->nybbleDex)++;
+#endif /*SKIP_NIBBLE_ON_QUEUE_0*/
+ }
+
+ updateToken(tokenPtr, tokenDex, !match);
+ tokenDex++;
+
+ if(match) {
+ *byteCodePtr++ = codeWord & 0xff;
+ numByteCodes++;
+ }
+ else {
+ serializeShort(codeWord, longCodePtr);
+ longCodePtr += 2;
+ numLongCodes++;
+ }
+ if(cpriv->sigSeqEnable) {
+ nextSigWord(cbuf, tokenDex, match, (above + nibble));
+ }
+ }
+
+#if COM_DEBUG
+ if(numTokenBytes != ((tokenDex + 7) >> 3)) {
+ ddprintf(("comcryptBlock: numTokenBytes (%d), tokenDex (%d)\n",
+ numTokenBytes, tokenDex));
+ }
+#endif /*COM_DEBUG*/
+
+ /*
+ * We already wrote tokens and longcode to cipherText; verify we
+ * didn't overrun
+ */
+ totalCipherTextLen = (unsigned)(longCodePtr - startCtextPtr);
+ if(*cipherTextLen < totalCipherTextLen) {
+ ddprintf(("comcryptBlock: short block (2)\n"));
+ return CCR_OUTBUFFER_TOO_SMALL;
+ }
+ if(!fullBlock) {
+ cipherText[CTBO_NUM_TOKENS] = tokenDex;
+ }
+ cipherText[CTBO_NUM_LONG_CODES] = numLongCodes;
+
+#if COM_DEBUG
+ if(tokenDex > MAX_TOKENS) {
+ ddprintf(("comcryptBlock: counter overflow!\n"));
+ return CCR_INTERNAL;
+ }
+ if((numByteCodes + numLongCodes) != tokenDex) {
+ ddprintf(("comcryptBlock: counter mismatch!\n"));
+ return CCR_INTERNAL;
+ }
+#endif /*COM_DEBUG*/
+
+ /*
+ * See if doing a second level comcryption makes sense.
+ */
+ destByteCodePtr = startLongCodePtr + (numLongCodes * 2);
+ if(numByteCodes > 0) {
+ jmatchAvg = jmatchTotal / numByteCodes;
+ }
+ else {
+ jmatchAvg = cbuf->jmatchThresh + 1;
+ }
+ if((recursLevel == 0) && // hard coded recursion limit
+ (cpriv->level2enable) && // enabled by caller
+ (numByteCodes >= cbuf->minByteCode) && // meaningful # of bytecodes
+ (jmatchAvg <= cbuf->jmatchThresh)) { // reasonable compression
+ // already achieved
+
+ unsigned thisCtext = cbuf->level2BufSize;
+
+ COMPROF_START;
+ crtn = comcryptBlock(cpriv,
+ cbuf->nextBuf,
+ cbuf->codeBuf,
+ numByteCodes,
+ cbuf->level2Buf,
+ &thisCtext,
+ recursLevel + 1);
+ if(crtn) {
+ return crtn;
+ }
+
+ /*
+ * Write level2Buf to cipherText (as byteCodeArray).
+ * Size of 2nd level comcrypted byte code follows longcode array,
+ * then the bytecode itself.
+ * First bump totalCipherTextLen by the size of the comcrypted array
+ * plus one (for the size byte itself), and verify no overflow
+ */
+ totalCipherTextLen += (thisCtext + 1);
+ if(*cipherTextLen < totalCipherTextLen) {
+ ddprintf(("comcryptBlock: short block (3)\n"));
+ return CCR_OUTBUFFER_TOO_SMALL;
+ }
+ *destByteCodePtr++ = thisCtext;
+ COMPROF_END(cmcLevel2);
+ memmove(destByteCodePtr, cbuf->level2Buf, thisCtext);
+ blockDesc |= CBD_DOUBLE;
+
+ l2printf(("***2nd-level comcrypt: numByteCodes %d encrypted "
+ "size %d\n", numByteCodes, thisCtext));
+ incrComStat(level2byteCode, numByteCodes);
+ incrComStat(level2cipherText, thisCtext);
+ incrComStat(level2jmatch, jmatchTotal);
+ incrComStat(level2blocks, 1);
+ }
+ else {
+ /*
+ * Normal one-level comcryption. Write byteCodes to ciphertext.
+ * numByteCodes is inferred.
+ */
+ totalCipherTextLen += numByteCodes;
+ if(*cipherTextLen < totalCipherTextLen) {
+ ddprintf(("comcryptBlock: short block (3)\n"));
+ return CCR_OUTBUFFER_TOO_SMALL;
+ }
+ memmove(destByteCodePtr, cbuf->codeBuf, numByteCodes);
+ blockDesc |= CBD_SINGLE;
+ if(recursLevel == 0) {
+ incrComStat(level1blocks, 1);
+ }
+ /* else this is a 2nd-level, our caller will count */
+
+ /*
+ * obfuscate via sigArray (only when we're NOT doing 2nd level
+ * comcrypt)
+ */
+ if(cpriv->sigSeqEnable) {
+ sigMunge(cbuf, startTokenPtr, tokenDex,
+ destByteCodePtr, startLongCodePtr);
+
+ /*
+ * Prime sigArray state machine for next block. Note in the case
+ * of 2nd level, we skip this step, so the next block starts from
+ * the same state as this one did.
+ */
+ cbuf->sigArray[0] = cbuf->sigArray[tokenDex];
+ }
+ }
+ cipherText[CTBO_BLOCK_DESC] = blockDesc;
+ *cipherTextLen = totalCipherTextLen;
+ return CCR_SUCCESS;
+}
+
+/*
+ * Main public encrypt function.
+ */
+comcryptReturn comcryptData(
+ comcryptObj cobj,
+ unsigned char *plainText,
+ unsigned plainTextLen,
+ unsigned char *cipherText, // malloc'd by caller
+ unsigned *cipherTextLen, // IN/OUT
+ comcryptEos endOfStream) // CCE_END_OF_STREAM, etc.
+{
+ comcryptPriv *cpriv = (comcryptPriv *)cobj;
+ unsigned ctextLen = *cipherTextLen;
+ comcryptReturn crtn;
+ unsigned thisPtext;
+ unsigned thisCtext;
+ COMPROF_LOCALS;
+
+ COMPROF_START;
+ incrComStat(plaintextBytes, plainTextLen);
+ if(cpriv->versionBytes == 0) {
+ /*
+ * First, put header (version, spare) into head of ciphertext.
+ */
+ if(ctextLen < CTEXT_HDR_SIZE) {
+ ddprintf(("comcryptData: overflow (0)\n"));
+ return CCR_OUTBUFFER_TOO_SMALL;
+ }
+ serializeInt(VERSION_3_Dec_97, cipherText);
+ cipherText += VERSION_BYTES;
+ cpriv->versionBytes = VERSION_BYTES;
+ serializeInt(0, cipherText); // spares
+ cipherText += SPARE_BYTES;
+ ctextLen -= CTEXT_HDR_SIZE;
+ }
+
+ /*
+ * OK, grind it out, one block at a time.
+ */
+ while (plainTextLen != 0) {
+ thisPtext = CC_BLOCK_SIZE;
+ if(thisPtext > plainTextLen) {
+ thisPtext = plainTextLen;
+ }
+ thisCtext = ctextLen;
+ crtn = comcryptBlock(cpriv,
+ &cpriv->cbuf,
+ plainText,
+ thisPtext,
+ cipherText,
+ &thisCtext,
+ 0); // recurs level
+ if(crtn) {
+ return crtn;
+ }
+ plainText += thisPtext;
+ plainTextLen -= thisPtext;
+ if(thisCtext > ctextLen) {
+ ddprintf(("comcryptData: undetected ciphertext overlow\n"));
+ return CCR_OUTBUFFER_TOO_SMALL;
+ }
+ cipherText += thisCtext;
+ ctextLen -= thisCtext;
+ }
+ *cipherTextLen = *cipherTextLen - ctextLen;
+ incrComStat(ciphertextBytes, *cipherTextLen);
+ COMPROF_END(cmcTotal);
+ return CCR_SUCCESS;
+}
+
+/*
+ * Return values from deComcryptBlock().
+ */
+typedef enum {
+ DCB_SUCCESS, // OK
+ DCB_SHORT, // incomplete block, try again with more ciphertext
+ DCB_PARSE_ERROR, // bad block
+ DCB_OUTBUFFER_TOO_SMALL
+} dcbReturn;
+
+/*
+ * Assumes exactly one block of ciphertext, error otherwise.
+ */
+static dcbReturn deComcryptBlock(
+ comcryptPriv *cpriv,
+ comcryptBuf *cbuf, // not necessarily cpriv->cbuf
+ unsigned char *cipherText,
+ unsigned cipherTextLen,
+ unsigned char *plainText,
+ unsigned *plainTextLen, // IN/OUT
+ comcryptEos endOfStream, // CCE_END_OF_STREAM, etc.
+ unsigned *blockSize) // RETURNED on DCB_SUCCESS
+{
+ unsigned char *tokenPtr;
+ unsigned numTokenBits; // constant, from ciphertext
+ unsigned numTokenBytes;
+ unsigned char *longCodePtr;
+ unsigned numLongCodes;
+ unsigned char *byteCodePtr;
+ unsigned numByteCodes;
+ unsigned tokenDex;
+ unsigned oddByte = 0;
+ unsigned short codeWord;
+ unsigned char codeByte;
+ unsigned ptextLen = *plainTextLen; // bytes REMAINING
+ unsigned above;
+ unsigned j;
+ unsigned char blockDesc;
+ dcbReturn drtn;
+ int len;
+ queueElt *src;
+ queueElt *dst;
+ int lastWord = 0;
+ queueElt *cbufq = &cbuf->queue[0];
+ int level2 = 0; // 2nd level comcrypted block
+ unsigned match;
+ unsigned char sigSeq; // signature sequence enable
+ unsigned char nibble;
+
+ blockDesc = cipherText[CTBO_BLOCK_DESC];
+ if((blockDesc & CBD_MAGIC_MASK) != CBD_MAGIC) {
+ ddprintf(("deComcryptBlock: bad CBD_MAGIC\n"));
+ return DCB_PARSE_ERROR;
+ }
+
+ /*
+ * Min block size - blockDesc, numLongCodes, numTokens, one token byte,
+ * one bytecode
+ */
+ if(cipherTextLen < 5) {
+ return DCB_SHORT;
+ }
+ if((blockDesc & CBD_FULL_BLOCK_MASK) == CBD_FULL_BLOCK) {
+ /*
+ * # of token bits implied for full block
+ */
+ numTokenBits = TOKEN_BITS_FROM_PTEXT(CC_BLOCK_SIZE);
+ numTokenBytes = TOKEN_BYTES_FROM_PTEXT(CC_BLOCK_SIZE);
+ tokenPtr = cipherText + CTBO_NUM_TOKENS;
+ }
+ else {
+ numTokenBits = cipherText[CTBO_NUM_TOKENS];
+ numTokenBytes = TOKEN_BYTES_FROM_TOKEN_BITS(numTokenBits);
+ tokenPtr = cipherText + CTBO_NUM_TOKENS + 1;
+ }
+ longCodePtr = tokenPtr + numTokenBytes;
+ numLongCodes = cipherText[CTBO_NUM_LONG_CODES];
+
+ byteCodePtr = longCodePtr + (numLongCodes * 2); // may increment...
+ if((blockDesc & CBD_BLOCK_TYPE_MASK) == CBD_SINGLE) {
+ /*
+ * # of bytecodes implied from numTokenBits and numLongCodes
+ */
+ numByteCodes = numTokenBits - numLongCodes;
+ }
+ else {
+ /*
+ * size of 2nd level comcrypted bytecode specified after longCode
+ * array (and before the bytecode itself).
+ * Careful, verify that we can read numByteCodes first...
+ */
+ if((unsigned)(byteCodePtr - cipherText) > cipherTextLen) {
+ return DCB_SHORT;
+ }
+ numByteCodes = *byteCodePtr++;
+ level2 = 1;
+ }
+ *blockSize = (unsigned)(byteCodePtr - cipherText) + numByteCodes;
+ if(*blockSize > cipherTextLen) {
+ return DCB_SHORT;
+ }
+
+ /*
+ * We now know that we have a complete cipherblock. Go for it.
+ */
+ if(level2) {
+ /*
+ * this block's bytecode array contains 2nd level comcrypted bytecodes.
+ */
+ unsigned thisPtext = cbuf->level2BufSize;
+ unsigned level1CodeSize;
+
+ if(cbuf->nextBuf == NULL) {
+ ddprintf(("2-level comcypt, no nextBuf available!\n"));
+ return DCB_PARSE_ERROR;
+ }
+ drtn = deComcryptBlock(cpriv,
+ cbuf->nextBuf,
+ byteCodePtr,
+ numByteCodes,
+ cbuf->level2Buf,
+ &thisPtext,
+ CCE_END_OF_STREAM,
+ &level1CodeSize);
+ switch(drtn) {
+ case DCB_SHORT:
+ ddprintf(("CBT_DOUBLE block, incomplete cipherblock in "
+ "2nd level code\n"));
+ return DCB_PARSE_ERROR;
+
+ case DCB_OUTBUFFER_TOO_SMALL: // not our fault!
+ case DCB_PARSE_ERROR:
+ default:
+ ddprintf(("2nd-level decomcrypt error (%d)\n", drtn));
+ return drtn;
+
+ case DCB_SUCCESS:
+ /*
+ * Supposedly we passed in exactly one cipherblock...
+ */
+ if(numByteCodes != level1CodeSize) {
+ ddprintf(("2nd-level decomcrypt: "
+ "numByteCodes != level1CodeSize\n"));
+ return DCB_PARSE_ERROR;
+ }
+ l2printf(("2nd-level decomcrypt: ciphertext %d "
+ "numByteCodes %d\n", numByteCodes, thisPtext));
+ break;
+ }
+ byteCodePtr = cbuf->level2Buf;
+ numByteCodes = thisPtext;
+ }
+
+ if((blockDesc & CBD_ODD_MASK) == CBD_ODD) {
+ oddByte = 1;
+ }
+
+ /*
+ * Skip signature sequence if this was a 2nd level comcrypted block
+ */
+ sigSeq = cpriv->sigSeqEnable && !level2;
+
+ for(tokenDex=0; tokenDex<numTokenBits; tokenDex++) {
+ match = !getToken(tokenPtr, tokenDex);
+
+ /*
+ * 17 Dec 1997 - Always calculate this regardless of match
+ */
+ nibble = keynybble(cpriv->key, cpriv->keybytes,
+ (cbuf->nybbleDex)++);
+
+ if(match) {
+ codeByte = *byteCodePtr++;
+
+ if(sigSeq) {
+ codeByte ^= (unsigned char)(cbuf->sigArray[tokenDex]);
+ }
+
+ /*
+ * dynamically process the queue for match - 8 bits
+ * of ciphercode, 16 bits of plaintext
+ */
+ codeWord = cbufq[codeByte];
+ above = (cbuf->f1 * codeByte * (16 + nibble)) >> 9;
+
+#if SKIP_NIBBLE_ON_QUEUE_0
+ if(codeByte == 0) {
+ /*
+ * Special case for top of queue optimization during
+ * comcrypt
+ */
+ nibble = cbuf->nybbleDex - 1;
+ }
+#endif /*SKIP_NIBBLE_ON_QUEUE_0*/
+
+ /*
+ * queue[above..codeByte] move one element towards end
+ * queue[above] = this codeWord
+ */
+ len = (int)codeByte - (int)above;
+ if(len > QUEUE_MEMMOVE_THRESH) {
+ src = &cbufq[above];
+ dst = src + 1;
+ len *= sizeof(queueElt);
+ memmove(dst, src, len);
+ }
+ else {
+ for(j = codeByte; j > above; j--) {
+ cbufq[j] = cbufq[j-1];
+ }
+ }
+ cbufq[above] = codeWord;
+ }
+ else {
+ /*
+ * !match, 16 bits of code
+ */
+ deserializeShort(codeWord, longCodePtr);
+ if(sigSeq) {
+ codeWord ^= cbuf->sigArray[tokenDex];
+ }
+
+ if(oddByte && (tokenDex == (numTokenBits - 1))) {
+ lastWord = 1;
+ above = 0;
+#if SKIP_NIBBLE_ON_QUEUE_0
+ nibble = cbuf->nybbleDex - 1;
+#endif /*SKIP_NIBBLE_ON_QUEUE_0*/
+ }
+ else {
+ longCodePtr += 2;
+
+ /*
+ * dynamically process the queue for unmatch; skip if this
+ * is an oddByte codeword.
+ * queue[above...QLEN-1] move one element toward end
+ * queue[above] = new codeWord
+ */
+ above = ABOVE(cbuf->f2) + nibble;
+ len = QLEN - 1 - (int)above;
+ if(len > QUEUE_MEMMOVE_THRESH) {
+ src = &cbufq[above];
+ dst = src + 1;
+ len *= sizeof(queueElt);
+ memmove(dst, src, len);
+ }
+ else {
+ for(j=QLEN-1; j > above; j--) {
+ cbufq[j] = cbufq[j-1];
+ }
+ }
+ cbufq[above] = codeWord;
+ }
+ }
+
+ if(sigSeq) {
+ /*
+ * Advance signature sequence state machine.
+ */
+ nextSigWord(cbuf, tokenDex+1, match, (above + nibble));
+ }
+
+ /*
+ * cook up a byte or two of plainText from code word and invmap[]
+ */
+ if(ptextLen < 1) {
+ ddprintf(("decryptBlock: ptext overflow (1)\n"));
+ return DCB_OUTBUFFER_TOO_SMALL;
+ }
+ *plainText++ = cpriv->invmap[(codeWord >> 8) & 0xff];
+ ptextLen--;
+ if(lastWord) {
+ /*
+ * end of oddByte block.
+ */
+ tokenDex++; // for sigArray maintenance
+ break; // out of main loop
+ }
+ else {
+ if(ptextLen < 1) {
+ ddprintf(("decryptBlock: ptext overflow (2)\n"));
+ return DCB_OUTBUFFER_TOO_SMALL;
+ }
+ *plainText++ = cpriv->invmap[(codeWord) & 0xff];
+ ptextLen--;
+ }
+ }
+
+ /*
+ * Prime sigArray state machine for next block.
+ */
+ if(sigSeq) {
+ cbuf->sigArray[0] = cbuf->sigArray[tokenDex];
+ }
+ *plainTextLen = *plainTextLen - ptextLen;
+ return DCB_SUCCESS;
+}
+
+comcryptReturn deComcryptData(
+ comcryptObj cobj,
+ unsigned char *cipherText,
+ unsigned cipherTextLen,
+ unsigned char *plainText,
+ unsigned *plainTextLen, // IN/OUT
+ comcryptEos endOfStream) // CCE_END_OF_STREAM, etc.
+
+{
+ comcryptPriv *cpriv = (comcryptPriv *)cobj;
+ unsigned char *outorigin = plainText;
+ unsigned ptextLen = *plainTextLen;
+ unsigned thisPtext; // per block
+ unsigned blockSize;
+ dcbReturn drtn;
+ unsigned ctextUsed;
+
+ /*
+ * Snag version from ciphertext, or as much as we can get
+ */
+ while((cpriv->versionBytes < VERSION_BYTES) && cipherTextLen) {
+ cpriv->version <<= 8;
+ cpriv->version |= *cipherText;
+ cpriv->versionBytes++;
+ cipherText++;
+ cipherTextLen--;
+ }
+
+ /*
+ * Then skip over the remainder of the header (currently spares)
+ */
+ if((cpriv->spareBytes < SPARE_BYTES) && cipherTextLen) {
+ unsigned toSkip = SPARE_BYTES - cpriv->spareBytes;
+
+ if(toSkip > cipherTextLen) {
+ toSkip = cipherTextLen;
+ }
+ cpriv->spareBytes += toSkip;
+ cipherText += toSkip;
+ cipherTextLen -= toSkip;
+ }
+
+ if(cipherTextLen == 0) {
+ *plainTextLen = 0;
+ return CCR_SUCCESS;
+ }
+
+ if(cpriv->version != VERSION_3_Dec_97) {
+ ddprintf(("Incompatible version.\n"));
+ return CCR_BAD_CIPHERTEXT;
+ }
+
+ while(cipherTextLen != 0) {
+
+ /*
+ * Main loop. First deal with possible existing partial block.
+ */
+ if(cpriv->cbuf.codeBufLength != 0) {
+ unsigned toCopy =
+ cpriv->cbuf.codeBufSize - cpriv->cbuf.codeBufLength;
+ unsigned origBufSize = cpriv->cbuf.codeBufLength;
+
+ if(toCopy > cipherTextLen) {
+ toCopy = cipherTextLen;
+ }
+ memmove(cpriv->cbuf.codeBuf + cpriv->cbuf.codeBufLength,
+ cipherText, toCopy);
+ cpriv->cbuf.codeBufLength += toCopy;
+
+ thisPtext = ptextLen;
+ drtn = deComcryptBlock(cpriv,
+ &cpriv->cbuf,
+ cpriv->cbuf.codeBuf,
+ cpriv->cbuf.codeBufLength,
+ plainText,
+ &thisPtext,
+ endOfStream,
+ &blockSize);
+ switch(drtn) {
+ case DCB_SHORT:
+ /*
+ * Incomplete block in codeBuf
+ */
+ if(endOfStream == CCE_END_OF_STREAM) {
+ /*
+ * Caller thinks this is the end, but we need more
+ */
+ ddprintf(("deComcryptData(): CCE_END_OF_STREAM, "
+ "not end of block\n"));
+ return CCR_BAD_CIPHERTEXT;
+ }
+ cipherTextLen -= toCopy;
+ if(cipherTextLen != 0) {
+ /*
+ * i.e., codeBuf overflow - could be s/w error? Do
+ * we need a bigger buffer?
+ */
+ ddprintf(("deComcryptData: full codeBuf, incomplete "
+ "block\n"));
+ return CCR_BAD_CIPHERTEXT;
+ }
+ else {
+ /*
+ * OK, stash it and try again
+ */
+ scprintf(("====incomplete codeBuf, codeBufLength %d, "
+ "cipherTextLen %d\n",
+ cpriv->cbuf.codeBufLength, toCopy));
+ break; // out of main loop (after this switch)
+ }
+
+ case DCB_OUTBUFFER_TOO_SMALL:
+ ddprintf(("codeBuf decomcrypt error short buf\n"));
+ return CCR_OUTBUFFER_TOO_SMALL;
+
+ case DCB_PARSE_ERROR:
+ default:
+ ddprintf(("codeBuf decomcrypt error (%d)\n", drtn));
+ return CCR_BAD_CIPHERTEXT;
+
+ case DCB_SUCCESS:
+ /*
+ * ctextUsed is how much of caller's ciphertext we used
+ * in this buffered block
+ */
+ ctextUsed = blockSize - origBufSize;
+ scprintf(("====decrypted block in codeBuf, blockSize %d, "
+ "ctextUsed %d, thisPtext %d\n",
+ blockSize, ctextUsed, thisPtext));
+ cipherText += ctextUsed;
+ cipherTextLen -= ctextUsed;
+ plainText += thisPtext;
+ ptextLen -= thisPtext;
+ cpriv->cbuf.codeBufLength = 0;
+ break;
+ }
+
+ /*
+ * We might have used up all of caller's cipherText processing
+ * codeBuf...
+ */
+ if(cipherTextLen == 0) {
+ break; // out of main loop
+ }
+
+ } /* buffered ciphertext in codeBuf */
+
+ /*
+ * Snarf ciphertext, one block at a time.
+ */
+
+ thisPtext = ptextLen;
+ drtn = deComcryptBlock(cpriv,
+ &cpriv->cbuf,
+ cipherText,
+ cipherTextLen,
+ plainText,
+ &thisPtext,
+ endOfStream,
+ &blockSize);
+ switch(drtn) {
+ case DCB_SHORT:
+ /*
+ * Incomplete block
+ */
+ if(endOfStream == CCE_END_OF_STREAM) {
+ ddprintf(("deComcryptData(): CCE_END_OF_STREAM, not end of "
+ "block (2)\n"));
+ return CCR_BAD_CIPHERTEXT;
+ }
+ if(cipherTextLen >
+ (cpriv->cbuf.codeBufSize - cpriv->cbuf.codeBufLength)) {
+ ddprintf(("deComcryptData(): codeBuf overflow!\n"));
+ return CCR_BAD_CIPHERTEXT;
+ }
+ memmove(cpriv->cbuf.codeBuf + cpriv->cbuf.codeBufLength,
+ cipherText, cipherTextLen);
+ cpriv->cbuf.codeBufLength += cipherTextLen;
+ cipherTextLen = 0;
+ scprintf(("====Incomplete block, cipherTextLen %d "
+ "codeBufLength %d\n", cipherTextLen,
+ cpriv->cbuf.codeBufLength));
+ break; // actually out of main loop
+
+ case DCB_PARSE_ERROR:
+ case DCB_OUTBUFFER_TOO_SMALL:
+ default:
+ return CCR_BAD_CIPHERTEXT;
+
+ case DCB_SUCCESS:
+ if(ptextLen < thisPtext) {
+ /*
+ * Software error
+ */
+ ddprintf(("deComcryptData: undetected ptext "
+ "overflow (2)\n"));
+ return CCR_BAD_CIPHERTEXT;
+ }
+ plainText += thisPtext;
+ ptextLen -= thisPtext;
+ cipherText += blockSize;
+ cipherTextLen -= blockSize;
+ scprintf(("====decrypted one block, blockSize %d "
+ "thisPtext %d\n", blockSize, thisPtext));
+ break;
+ }
+ } /* main loop */
+
+ *plainTextLen = (unsigned)(plainText - outorigin);
+ return CCR_SUCCESS;
+}
projects / apple / security.git / blobdiff