File Coverage

src/pdfmake_aes.c
Criterion Covered Total %
statement 190 194 97.9
branch 69 76 90.7
condition n/a
subroutine n/a
pod n/a
total 259 270 95.9


line stmt bran cond sub pod time code
1             /*
2             * pdfmake_aes.c — AES implementation
3             *
4             * AES-128 and AES-256 in CBC mode per FIPS 197.
5             * Pure C implementation for PDF encryption R4 and R6.
6             */
7              
8             #include "pdfmake_aes.h"
9             #include
10             #include
11             #include
12              
13             /*============================================================================
14             * AES S-box (substitution box)
15             *==========================================================================*/
16              
17             static const uint8_t SBOX[256] = {
18             0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
19             0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
20             0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
21             0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
22             0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
23             0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
24             0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
25             0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
26             0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
27             0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
28             0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
29             0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
30             0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
31             0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
32             0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
33             0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
34             };
35              
36             /*============================================================================
37             * Inverse S-box
38             *==========================================================================*/
39              
40             static const uint8_t INV_SBOX[256] = {
41             0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
42             0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
43             0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
44             0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
45             0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
46             0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
47             0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
48             0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
49             0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
50             0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
51             0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
52             0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
53             0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
54             0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
55             0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
56             0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
57             };
58              
59             /*============================================================================
60             * Round constants
61             *==========================================================================*/
62              
63             static const uint8_t RCON[11] = {
64             0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36
65             };
66              
67             /*============================================================================
68             * GF(2^8) multiplication tables for MixColumns
69             *==========================================================================*/
70              
71             static const uint8_t MUL2[256] = {
72             0x00,0x02,0x04,0x06,0x08,0x0a,0x0c,0x0e,0x10,0x12,0x14,0x16,0x18,0x1a,0x1c,0x1e,
73             0x20,0x22,0x24,0x26,0x28,0x2a,0x2c,0x2e,0x30,0x32,0x34,0x36,0x38,0x3a,0x3c,0x3e,
74             0x40,0x42,0x44,0x46,0x48,0x4a,0x4c,0x4e,0x50,0x52,0x54,0x56,0x58,0x5a,0x5c,0x5e,
75             0x60,0x62,0x64,0x66,0x68,0x6a,0x6c,0x6e,0x70,0x72,0x74,0x76,0x78,0x7a,0x7c,0x7e,
76             0x80,0x82,0x84,0x86,0x88,0x8a,0x8c,0x8e,0x90,0x92,0x94,0x96,0x98,0x9a,0x9c,0x9e,
77             0xa0,0xa2,0xa4,0xa6,0xa8,0xaa,0xac,0xae,0xb0,0xb2,0xb4,0xb6,0xb8,0xba,0xbc,0xbe,
78             0xc0,0xc2,0xc4,0xc6,0xc8,0xca,0xcc,0xce,0xd0,0xd2,0xd4,0xd6,0xd8,0xda,0xdc,0xde,
79             0xe0,0xe2,0xe4,0xe6,0xe8,0xea,0xec,0xee,0xf0,0xf2,0xf4,0xf6,0xf8,0xfa,0xfc,0xfe,
80             0x1b,0x19,0x1f,0x1d,0x13,0x11,0x17,0x15,0x0b,0x09,0x0f,0x0d,0x03,0x01,0x07,0x05,
81             0x3b,0x39,0x3f,0x3d,0x33,0x31,0x37,0x35,0x2b,0x29,0x2f,0x2d,0x23,0x21,0x27,0x25,
82             0x5b,0x59,0x5f,0x5d,0x53,0x51,0x57,0x55,0x4b,0x49,0x4f,0x4d,0x43,0x41,0x47,0x45,
83             0x7b,0x79,0x7f,0x7d,0x73,0x71,0x77,0x75,0x6b,0x69,0x6f,0x6d,0x63,0x61,0x67,0x65,
84             0x9b,0x99,0x9f,0x9d,0x93,0x91,0x97,0x95,0x8b,0x89,0x8f,0x8d,0x83,0x81,0x87,0x85,
85             0xbb,0xb9,0xbf,0xbd,0xb3,0xb1,0xb7,0xb5,0xab,0xa9,0xaf,0xad,0xa3,0xa1,0xa7,0xa5,
86             0xdb,0xd9,0xdf,0xdd,0xd3,0xd1,0xd7,0xd5,0xcb,0xc9,0xcf,0xcd,0xc3,0xc1,0xc7,0xc5,
87             0xfb,0xf9,0xff,0xfd,0xf3,0xf1,0xf7,0xf5,0xeb,0xe9,0xef,0xed,0xe3,0xe1,0xe7,0xe5
88             };
89              
90             static const uint8_t MUL3[256] = {
91             0x00,0x03,0x06,0x05,0x0c,0x0f,0x0a,0x09,0x18,0x1b,0x1e,0x1d,0x14,0x17,0x12,0x11,
92             0x30,0x33,0x36,0x35,0x3c,0x3f,0x3a,0x39,0x28,0x2b,0x2e,0x2d,0x24,0x27,0x22,0x21,
93             0x60,0x63,0x66,0x65,0x6c,0x6f,0x6a,0x69,0x78,0x7b,0x7e,0x7d,0x74,0x77,0x72,0x71,
94             0x50,0x53,0x56,0x55,0x5c,0x5f,0x5a,0x59,0x48,0x4b,0x4e,0x4d,0x44,0x47,0x42,0x41,
95             0xc0,0xc3,0xc6,0xc5,0xcc,0xcf,0xca,0xc9,0xd8,0xdb,0xde,0xdd,0xd4,0xd7,0xd2,0xd1,
96             0xf0,0xf3,0xf6,0xf5,0xfc,0xff,0xfa,0xf9,0xe8,0xeb,0xee,0xed,0xe4,0xe7,0xe2,0xe1,
97             0xa0,0xa3,0xa6,0xa5,0xac,0xaf,0xaa,0xa9,0xb8,0xbb,0xbe,0xbd,0xb4,0xb7,0xb2,0xb1,
98             0x90,0x93,0x96,0x95,0x9c,0x9f,0x9a,0x99,0x88,0x8b,0x8e,0x8d,0x84,0x87,0x82,0x81,
99             0x9b,0x98,0x9d,0x9e,0x97,0x94,0x91,0x92,0x83,0x80,0x85,0x86,0x8f,0x8c,0x89,0x8a,
100             0xab,0xa8,0xad,0xae,0xa7,0xa4,0xa1,0xa2,0xb3,0xb0,0xb5,0xb6,0xbf,0xbc,0xb9,0xba,
101             0xfb,0xf8,0xfd,0xfe,0xf7,0xf4,0xf1,0xf2,0xe3,0xe0,0xe5,0xe6,0xef,0xec,0xe9,0xea,
102             0xcb,0xc8,0xcd,0xce,0xc7,0xc4,0xc1,0xc2,0xd3,0xd0,0xd5,0xd6,0xdf,0xdc,0xd9,0xda,
103             0x5b,0x58,0x5d,0x5e,0x57,0x54,0x51,0x52,0x43,0x40,0x45,0x46,0x4f,0x4c,0x49,0x4a,
104             0x6b,0x68,0x6d,0x6e,0x67,0x64,0x61,0x62,0x73,0x70,0x75,0x76,0x7f,0x7c,0x79,0x7a,
105             0x3b,0x38,0x3d,0x3e,0x37,0x34,0x31,0x32,0x23,0x20,0x25,0x26,0x2f,0x2c,0x29,0x2a,
106             0x0b,0x08,0x0d,0x0e,0x07,0x04,0x01,0x02,0x13,0x10,0x15,0x16,0x1f,0x1c,0x19,0x1a
107             };
108              
109             /* Inverse MixColumns multiplication tables */
110             static const uint8_t MUL9[256] = {
111             0x00,0x09,0x12,0x1b,0x24,0x2d,0x36,0x3f,0x48,0x41,0x5a,0x53,0x6c,0x65,0x7e,0x77,
112             0x90,0x99,0x82,0x8b,0xb4,0xbd,0xa6,0xaf,0xd8,0xd1,0xca,0xc3,0xfc,0xf5,0xee,0xe7,
113             0x3b,0x32,0x29,0x20,0x1f,0x16,0x0d,0x04,0x73,0x7a,0x61,0x68,0x57,0x5e,0x45,0x4c,
114             0xab,0xa2,0xb9,0xb0,0x8f,0x86,0x9d,0x94,0xe3,0xea,0xf1,0xf8,0xc7,0xce,0xd5,0xdc,
115             0x76,0x7f,0x64,0x6d,0x52,0x5b,0x40,0x49,0x3e,0x37,0x2c,0x25,0x1a,0x13,0x08,0x01,
116             0xe6,0xef,0xf4,0xfd,0xc2,0xcb,0xd0,0xd9,0xae,0xa7,0xbc,0xb5,0x8a,0x83,0x98,0x91,
117             0x4d,0x44,0x5f,0x56,0x69,0x60,0x7b,0x72,0x05,0x0c,0x17,0x1e,0x21,0x28,0x33,0x3a,
118             0xdd,0xd4,0xcf,0xc6,0xf9,0xf0,0xeb,0xe2,0x95,0x9c,0x87,0x8e,0xb1,0xb8,0xa3,0xaa,
119             0xec,0xe5,0xfe,0xf7,0xc8,0xc1,0xda,0xd3,0xa4,0xad,0xb6,0xbf,0x80,0x89,0x92,0x9b,
120             0x7c,0x75,0x6e,0x67,0x58,0x51,0x4a,0x43,0x34,0x3d,0x26,0x2f,0x10,0x19,0x02,0x0b,
121             0xd7,0xde,0xc5,0xcc,0xf3,0xfa,0xe1,0xe8,0x9f,0x96,0x8d,0x84,0xbb,0xb2,0xa9,0xa0,
122             0x47,0x4e,0x55,0x5c,0x63,0x6a,0x71,0x78,0x0f,0x06,0x1d,0x14,0x2b,0x22,0x39,0x30,
123             0x9a,0x93,0x88,0x81,0xbe,0xb7,0xac,0xa5,0xd2,0xdb,0xc0,0xc9,0xf6,0xff,0xe4,0xed,
124             0x0a,0x03,0x18,0x11,0x2e,0x27,0x3c,0x35,0x42,0x4b,0x50,0x59,0x66,0x6f,0x74,0x7d,
125             0xa1,0xa8,0xb3,0xba,0x85,0x8c,0x97,0x9e,0xe9,0xe0,0xfb,0xf2,0xcd,0xc4,0xdf,0xd6,
126             0x31,0x38,0x23,0x2a,0x15,0x1c,0x07,0x0e,0x79,0x70,0x6b,0x62,0x5d,0x54,0x4f,0x46
127             };
128              
129             static const uint8_t MUL11[256] = {
130             0x00,0x0b,0x16,0x1d,0x2c,0x27,0x3a,0x31,0x58,0x53,0x4e,0x45,0x74,0x7f,0x62,0x69,
131             0xb0,0xbb,0xa6,0xad,0x9c,0x97,0x8a,0x81,0xe8,0xe3,0xfe,0xf5,0xc4,0xcf,0xd2,0xd9,
132             0x7b,0x70,0x6d,0x66,0x57,0x5c,0x41,0x4a,0x23,0x28,0x35,0x3e,0x0f,0x04,0x19,0x12,
133             0xcb,0xc0,0xdd,0xd6,0xe7,0xec,0xf1,0xfa,0x93,0x98,0x85,0x8e,0xbf,0xb4,0xa9,0xa2,
134             0xf6,0xfd,0xe0,0xeb,0xda,0xd1,0xcc,0xc7,0xae,0xa5,0xb8,0xb3,0x82,0x89,0x94,0x9f,
135             0x46,0x4d,0x50,0x5b,0x6a,0x61,0x7c,0x77,0x1e,0x15,0x08,0x03,0x32,0x39,0x24,0x2f,
136             0x8d,0x86,0x9b,0x90,0xa1,0xaa,0xb7,0xbc,0xd5,0xde,0xc3,0xc8,0xf9,0xf2,0xef,0xe4,
137             0x3d,0x36,0x2b,0x20,0x11,0x1a,0x07,0x0c,0x65,0x6e,0x73,0x78,0x49,0x42,0x5f,0x54,
138             0xf7,0xfc,0xe1,0xea,0xdb,0xd0,0xcd,0xc6,0xaf,0xa4,0xb9,0xb2,0x83,0x88,0x95,0x9e,
139             0x47,0x4c,0x51,0x5a,0x6b,0x60,0x7d,0x76,0x1f,0x14,0x09,0x02,0x33,0x38,0x25,0x2e,
140             0x8c,0x87,0x9a,0x91,0xa0,0xab,0xb6,0xbd,0xd4,0xdf,0xc2,0xc9,0xf8,0xf3,0xee,0xe5,
141             0x3c,0x37,0x2a,0x21,0x10,0x1b,0x06,0x0d,0x64,0x6f,0x72,0x79,0x48,0x43,0x5e,0x55,
142             0x01,0x0a,0x17,0x1c,0x2d,0x26,0x3b,0x30,0x59,0x52,0x4f,0x44,0x75,0x7e,0x63,0x68,
143             0xb1,0xba,0xa7,0xac,0x9d,0x96,0x8b,0x80,0xe9,0xe2,0xff,0xf4,0xc5,0xce,0xd3,0xd8,
144             0x7a,0x71,0x6c,0x67,0x56,0x5d,0x40,0x4b,0x22,0x29,0x34,0x3f,0x0e,0x05,0x18,0x13,
145             0xca,0xc1,0xdc,0xd7,0xe6,0xed,0xf0,0xfb,0x92,0x99,0x84,0x8f,0xbe,0xb5,0xa8,0xa3
146             };
147              
148             static const uint8_t MUL13[256] = {
149             0x00,0x0d,0x1a,0x17,0x34,0x39,0x2e,0x23,0x68,0x65,0x72,0x7f,0x5c,0x51,0x46,0x4b,
150             0xd0,0xdd,0xca,0xc7,0xe4,0xe9,0xfe,0xf3,0xb8,0xb5,0xa2,0xaf,0x8c,0x81,0x96,0x9b,
151             0xbb,0xb6,0xa1,0xac,0x8f,0x82,0x95,0x98,0xd3,0xde,0xc9,0xc4,0xe7,0xea,0xfd,0xf0,
152             0x6b,0x66,0x71,0x7c,0x5f,0x52,0x45,0x48,0x03,0x0e,0x19,0x14,0x37,0x3a,0x2d,0x20,
153             0x6d,0x60,0x77,0x7a,0x59,0x54,0x43,0x4e,0x05,0x08,0x1f,0x12,0x31,0x3c,0x2b,0x26,
154             0xbd,0xb0,0xa7,0xaa,0x89,0x84,0x93,0x9e,0xd5,0xd8,0xcf,0xc2,0xe1,0xec,0xfb,0xf6,
155             0xd6,0xdb,0xcc,0xc1,0xe2,0xef,0xf8,0xf5,0xbe,0xb3,0xa4,0xa9,0x8a,0x87,0x90,0x9d,
156             0x06,0x0b,0x1c,0x11,0x32,0x3f,0x28,0x25,0x6e,0x63,0x74,0x79,0x5a,0x57,0x40,0x4d,
157             0xda,0xd7,0xc0,0xcd,0xee,0xe3,0xf4,0xf9,0xb2,0xbf,0xa8,0xa5,0x86,0x8b,0x9c,0x91,
158             0x0a,0x07,0x10,0x1d,0x3e,0x33,0x24,0x29,0x62,0x6f,0x78,0x75,0x56,0x5b,0x4c,0x41,
159             0x61,0x6c,0x7b,0x76,0x55,0x58,0x4f,0x42,0x09,0x04,0x13,0x1e,0x3d,0x30,0x27,0x2a,
160             0xb1,0xbc,0xab,0xa6,0x85,0x88,0x9f,0x92,0xd9,0xd4,0xc3,0xce,0xed,0xe0,0xf7,0xfa,
161             0xb7,0xba,0xad,0xa0,0x83,0x8e,0x99,0x94,0xdf,0xd2,0xc5,0xc8,0xeb,0xe6,0xf1,0xfc,
162             0x67,0x6a,0x7d,0x70,0x53,0x5e,0x49,0x44,0x0f,0x02,0x15,0x18,0x3b,0x36,0x21,0x2c,
163             0x0c,0x01,0x16,0x1b,0x38,0x35,0x22,0x2f,0x64,0x69,0x7e,0x73,0x50,0x5d,0x4a,0x47,
164             0xdc,0xd1,0xc6,0xcb,0xe8,0xe5,0xf2,0xff,0xb4,0xb9,0xae,0xa3,0x80,0x8d,0x9a,0x97
165             };
166              
167             static const uint8_t MUL14[256] = {
168             0x00,0x0e,0x1c,0x12,0x38,0x36,0x24,0x2a,0x70,0x7e,0x6c,0x62,0x48,0x46,0x54,0x5a,
169             0xe0,0xee,0xfc,0xf2,0xd8,0xd6,0xc4,0xca,0x90,0x9e,0x8c,0x82,0xa8,0xa6,0xb4,0xba,
170             0xdb,0xd5,0xc7,0xc9,0xe3,0xed,0xff,0xf1,0xab,0xa5,0xb7,0xb9,0x93,0x9d,0x8f,0x81,
171             0x3b,0x35,0x27,0x29,0x03,0x0d,0x1f,0x11,0x4b,0x45,0x57,0x59,0x73,0x7d,0x6f,0x61,
172             0xad,0xa3,0xb1,0xbf,0x95,0x9b,0x89,0x87,0xdd,0xd3,0xc1,0xcf,0xe5,0xeb,0xf9,0xf7,
173             0x4d,0x43,0x51,0x5f,0x75,0x7b,0x69,0x67,0x3d,0x33,0x21,0x2f,0x05,0x0b,0x19,0x17,
174             0x76,0x78,0x6a,0x64,0x4e,0x40,0x52,0x5c,0x06,0x08,0x1a,0x14,0x3e,0x30,0x22,0x2c,
175             0x96,0x98,0x8a,0x84,0xae,0xa0,0xb2,0xbc,0xe6,0xe8,0xfa,0xf4,0xde,0xd0,0xc2,0xcc,
176             0x41,0x4f,0x5d,0x53,0x79,0x77,0x65,0x6b,0x31,0x3f,0x2d,0x23,0x09,0x07,0x15,0x1b,
177             0xa1,0xaf,0xbd,0xb3,0x99,0x97,0x85,0x8b,0xd1,0xdf,0xcd,0xc3,0xe9,0xe7,0xf5,0xfb,
178             0x9a,0x94,0x86,0x88,0xa2,0xac,0xbe,0xb0,0xea,0xe4,0xf6,0xf8,0xd2,0xdc,0xce,0xc0,
179             0x7a,0x74,0x66,0x68,0x42,0x4c,0x5e,0x50,0x0a,0x04,0x16,0x18,0x32,0x3c,0x2e,0x20,
180             0xec,0xe2,0xf0,0xfe,0xd4,0xda,0xc8,0xc6,0x9c,0x92,0x80,0x8e,0xa4,0xaa,0xb8,0xb6,
181             0x0c,0x02,0x10,0x1e,0x34,0x3a,0x28,0x26,0x7c,0x72,0x60,0x6e,0x44,0x4a,0x58,0x56,
182             0x37,0x39,0x2b,0x25,0x0f,0x01,0x13,0x1d,0x47,0x49,0x5b,0x55,0x7f,0x71,0x63,0x6d,
183             0xd7,0xd9,0xcb,0xc5,0xef,0xe1,0xf3,0xfd,0xa7,0xa9,0xbb,0xb5,0x9f,0x91,0x83,0x8d
184             };
185              
186             /*============================================================================
187             * Helper functions
188             *==========================================================================*/
189              
190 13876           static PDFMAKE_INLINE uint32_t get_word(const uint8_t *p)
191             {
192 13876           return ((uint32_t)p[0] << 24) | ((uint32_t)p[1] << 16) |
193 13876           ((uint32_t)p[2] << 8) | (uint32_t)p[3];
194             }
195              
196 34361           static PDFMAKE_INLINE uint32_t sub_word(uint32_t w)
197             {
198 34361           return ((uint32_t)SBOX[(w >> 24) & 0xFF] << 24) |
199 34361           ((uint32_t)SBOX[(w >> 16) & 0xFF] << 16) |
200 68722           ((uint32_t)SBOX[(w >> 8) & 0xFF] << 8) |
201 34361           (uint32_t)SBOX[w & 0xFF];
202             }
203              
204 34079           static PDFMAKE_INLINE uint32_t rot_word(uint32_t w)
205             {
206 34079           return (w << 8) | (w >> 24);
207             }
208              
209             /*============================================================================
210             * Key expansion
211             *==========================================================================*/
212              
213 3422           static void aes_key_expansion(pdfmake_aes_ctx_t *ctx, const uint8_t *key)
214             {
215 3422           int nk = ctx->key_size / 4; /* 4 or 8 */
216 3422           int nr = ctx->rounds;
217 3422           int nb = 4;
218             int i;
219             int j;
220             int words;
221             uint32_t temp;
222             uint32_t w;
223             uint8_t b[4];
224            
225             /* Copy key into first Nk words */
226 17298 100         for (i = 0; i < nk; i++) {
227 13876           ctx->enc_key[i] = get_word(key + 4 * i);
228             }
229            
230             /* Expand key */
231 140866 100         for (i = nk; i < nb * (nr + 1); i++) {
232 137444           temp = ctx->enc_key[i - 1];
233 137444 100         if (i % nk == 0) {
234 34079           temp = sub_word(rot_word(temp)) ^ ((uint32_t)RCON[i / nk] << 24);
235 103365 100         } else if (nk > 6 && i % nk == 4) {
    100          
236 282           temp = sub_word(temp);
237             }
238 137444           ctx->enc_key[i] = ctx->enc_key[i - nk] ^ temp;
239             }
240            
241             /* Generate decryption key schedule (reverse order with InvMixColumns) */
242 3422           words = nb * (nr + 1);
243 154742 100         for (i = 0; i < words; i++) {
244 151320           j = words - 1 - i;
245 151320           w = ctx->enc_key[j];
246            
247 151320 100         if (i > 0 && i < words - 4) {
    100          
248             /* Apply InvMixColumns */
249 134210           b[0] = (w >> 24) & 0xFF;
250 134210           b[1] = (w >> 16) & 0xFF;
251 134210           b[2] = (w >> 8) & 0xFF;
252 134210           b[3] = w & 0xFF;
253            
254 134210           w = ((uint32_t)(MUL14[b[0]] ^ MUL11[b[1]] ^ MUL13[b[2]] ^ MUL9[b[3]]) << 24) |
255 134210           ((uint32_t)(MUL9[b[0]] ^ MUL14[b[1]] ^ MUL11[b[2]] ^ MUL13[b[3]]) << 16) |
256 134210           ((uint32_t)(MUL13[b[0]] ^ MUL9[b[1]] ^ MUL14[b[2]] ^ MUL11[b[3]]) << 8) |
257 134210           (uint32_t)(MUL11[b[0]] ^ MUL13[b[1]] ^ MUL9[b[2]] ^ MUL14[b[3]]);
258             }
259 151320           ctx->dec_key[i] = w;
260             }
261 3422           }
262              
263             /*============================================================================
264             * AES core transforms
265             *==========================================================================*/
266              
267 3422           void pdfmake_aes_init(pdfmake_aes_ctx_t *ctx, const uint8_t *key, size_t key_len)
268             {
269 3422           ctx->key_size = (int)key_len;
270 3422 100         ctx->rounds = (key_len == 32) ? 14 : 10;
271 3422           aes_key_expansion(ctx, key);
272 3422           }
273              
274 1024407           void pdfmake_aes_encrypt_block(const pdfmake_aes_ctx_t *ctx,
275             const uint8_t in[16],
276             uint8_t out[16])
277             {
278             uint8_t state[16];
279             uint8_t tmp[16];
280             int i;
281             int round;
282             int c;
283             uint32_t w;
284             uint8_t a, b, d, e;
285              
286 1024407           memcpy(state, in, 16);
287            
288             /* Initial round key addition */
289 5122035 100         for (i = 0; i < 4; i++) {
290 4097628           w = ctx->enc_key[i];
291 4097628           state[i*4] ^= (w >> 24) & 0xFF;
292 4097628           state[i*4+1] ^= (w >> 16) & 0xFF;
293 4097628           state[i*4+2] ^= (w >> 8) & 0xFF;
294 4097628           state[i*4+3] ^= w & 0xFF;
295             }
296            
297             /* Main rounds */
298 10244442 100         for (round = 1; round < ctx->rounds; round++) {
299             /* SubBytes */
300 156740595 100         for (i = 0; i < 16; i++) {
301 147520560           tmp[i] = SBOX[state[i]];
302             }
303            
304             /* ShiftRows (column-major order) */
305 9220035           state[0] = tmp[0]; state[4] = tmp[4]; state[8] = tmp[8]; state[12] = tmp[12];
306 9220035           state[1] = tmp[5]; state[5] = tmp[9]; state[9] = tmp[13]; state[13] = tmp[1];
307 9220035           state[2] = tmp[10]; state[6] = tmp[14]; state[10] = tmp[2]; state[14] = tmp[6];
308 9220035           state[3] = tmp[15]; state[7] = tmp[3]; state[11] = tmp[7]; state[15] = tmp[11];
309            
310             /* MixColumns */
311 46100175 100         for (c = 0; c < 4; c++) {
312 36880140           a = state[c*4];
313 36880140           b = state[c*4+1];
314 36880140           d = state[c*4+2];
315 36880140           e = state[c*4+3];
316            
317 36880140           tmp[c*4] = MUL2[a] ^ MUL3[b] ^ d ^ e;
318 36880140           tmp[c*4+1] = a ^ MUL2[b] ^ MUL3[d] ^ e;
319 36880140           tmp[c*4+2] = a ^ b ^ MUL2[d] ^ MUL3[e];
320 36880140           tmp[c*4+3] = MUL3[a] ^ b ^ d ^ MUL2[e];
321             }
322 9220035           memcpy(state, tmp, 16);
323            
324             /* AddRoundKey */
325 46100175 100         for (i = 0; i < 4; i++) {
326 36880140           w = ctx->enc_key[round * 4 + i];
327 36880140           state[i*4] ^= (w >> 24) & 0xFF;
328 36880140           state[i*4+1] ^= (w >> 16) & 0xFF;
329 36880140           state[i*4+2] ^= (w >> 8) & 0xFF;
330 36880140           state[i*4+3] ^= w & 0xFF;
331             }
332             }
333            
334             /* Final round (no MixColumns) */
335             /* SubBytes */
336 17414919 100         for (i = 0; i < 16; i++) {
337 16390512           tmp[i] = SBOX[state[i]];
338             }
339            
340             /* ShiftRows */
341 1024407           state[0] = tmp[0]; state[4] = tmp[4]; state[8] = tmp[8]; state[12] = tmp[12];
342 1024407           state[1] = tmp[5]; state[5] = tmp[9]; state[9] = tmp[13]; state[13] = tmp[1];
343 1024407           state[2] = tmp[10]; state[6] = tmp[14]; state[10] = tmp[2]; state[14] = tmp[6];
344 1024407           state[3] = tmp[15]; state[7] = tmp[3]; state[11] = tmp[7]; state[15] = tmp[11];
345            
346             /* AddRoundKey */
347 5122035 100         for (i = 0; i < 4; i++) {
348 4097628           w = ctx->enc_key[ctx->rounds * 4 + i];
349 4097628           state[i*4] ^= (w >> 24) & 0xFF;
350 4097628           state[i*4+1] ^= (w >> 16) & 0xFF;
351 4097628           state[i*4+2] ^= (w >> 8) & 0xFF;
352 4097628           state[i*4+3] ^= w & 0xFF;
353             }
354            
355 1024407           memcpy(out, state, 16);
356 1024407           }
357              
358 108           void pdfmake_aes_decrypt_block(const pdfmake_aes_ctx_t *ctx,
359             const uint8_t in[16],
360             uint8_t out[16])
361             {
362             uint8_t state[16];
363             uint8_t tmp[16];
364             int nr;
365             int i;
366             int round;
367             int c;
368             uint32_t w;
369             uint8_t a, b, d, e;
370              
371 108           memcpy(state, in, 16);
372            
373             /* Initial round key addition (use last round key) */
374 108           nr = ctx->rounds;
375 540 100         for (i = 0; i < 4; i++) {
376 432           w = ctx->enc_key[nr * 4 + i];
377 432           state[i*4] ^= (w >> 24) & 0xFF;
378 432           state[i*4+1] ^= (w >> 16) & 0xFF;
379 432           state[i*4+2] ^= (w >> 8) & 0xFF;
380 432           state[i*4+3] ^= w & 0xFF;
381             }
382            
383             /* Main rounds (in reverse) */
384 1384 100         for (round = nr - 1; round > 0; round--) {
385             /* InvShiftRows */
386 1276           tmp[0] = state[0]; tmp[4] = state[4]; tmp[8] = state[8]; tmp[12] = state[12];
387 1276           tmp[1] = state[13]; tmp[5] = state[1]; tmp[9] = state[5]; tmp[13] = state[9];
388 1276           tmp[2] = state[10]; tmp[6] = state[14]; tmp[10] = state[2]; tmp[14] = state[6];
389 1276           tmp[3] = state[7]; tmp[7] = state[11]; tmp[11] = state[15]; tmp[15] = state[3];
390            
391             /* InvSubBytes */
392 21692 100         for (i = 0; i < 16; i++) {
393 20416           state[i] = INV_SBOX[tmp[i]];
394             }
395            
396             /* AddRoundKey */
397 6380 100         for (i = 0; i < 4; i++) {
398 5104           w = ctx->enc_key[round * 4 + i];
399 5104           state[i*4] ^= (w >> 24) & 0xFF;
400 5104           state[i*4+1] ^= (w >> 16) & 0xFF;
401 5104           state[i*4+2] ^= (w >> 8) & 0xFF;
402 5104           state[i*4+3] ^= w & 0xFF;
403             }
404            
405             /* InvMixColumns */
406 6380 100         for (c = 0; c < 4; c++) {
407 5104           a = state[c*4];
408 5104           b = state[c*4+1];
409 5104           d = state[c*4+2];
410 5104           e = state[c*4+3];
411            
412 5104           tmp[c*4] = MUL14[a] ^ MUL11[b] ^ MUL13[d] ^ MUL9[e];
413 5104           tmp[c*4+1] = MUL9[a] ^ MUL14[b] ^ MUL11[d] ^ MUL13[e];
414 5104           tmp[c*4+2] = MUL13[a] ^ MUL9[b] ^ MUL14[d] ^ MUL11[e];
415 5104           tmp[c*4+3] = MUL11[a] ^ MUL13[b] ^ MUL9[d] ^ MUL14[e];
416             }
417 1276           memcpy(state, tmp, 16);
418             }
419            
420             /* Final round (no InvMixColumns) */
421             /* InvShiftRows */
422 108           tmp[0] = state[0]; tmp[4] = state[4]; tmp[8] = state[8]; tmp[12] = state[12];
423 108           tmp[1] = state[13]; tmp[5] = state[1]; tmp[9] = state[5]; tmp[13] = state[9];
424 108           tmp[2] = state[10]; tmp[6] = state[14]; tmp[10] = state[2]; tmp[14] = state[6];
425 108           tmp[3] = state[7]; tmp[7] = state[11]; tmp[11] = state[15]; tmp[15] = state[3];
426            
427             /* InvSubBytes */
428 1836 100         for (i = 0; i < 16; i++) {
429 1728           state[i] = INV_SBOX[tmp[i]];
430             }
431            
432             /* AddRoundKey (round 0 = first key) */
433 540 100         for (i = 0; i < 4; i++) {
434 432           w = ctx->enc_key[i];
435 432           state[i*4] ^= (w >> 24) & 0xFF;
436 432           state[i*4+1] ^= (w >> 16) & 0xFF;
437 432           state[i*4+2] ^= (w >> 8) & 0xFF;
438 432           state[i*4+3] ^= w & 0xFF;
439             }
440            
441 108           memcpy(out, state, 16);
442 108           }
443              
444             /*============================================================================
445             * CBC mode with PKCS#7 padding
446             *==========================================================================*/
447              
448 20           size_t pdfmake_aes_cbc_encrypt(const uint8_t *key, size_t key_len,
449             const uint8_t iv[16],
450             const uint8_t *in, size_t in_len,
451             uint8_t *out)
452             {
453             pdfmake_aes_ctx_t ctx;
454             size_t pad_len;
455             size_t out_len;
456             uint8_t xor_block[16];
457             size_t pos;
458             uint8_t block[16];
459             uint8_t last_block[16];
460             size_t remaining;
461             int i;
462              
463 20           pdfmake_aes_init(&ctx, key, key_len);
464            
465             /* Calculate output length with PKCS#7 padding */
466 20           pad_len = 16 - (in_len % 16);
467 20           out_len = in_len + pad_len;
468            
469 20           memcpy(xor_block, iv, 16);
470            
471 20           pos = 0;
472            
473             /* Full blocks */
474 80 100         while (pos + 16 <= in_len) {
475 1020 100         for (i = 0; i < 16; i++) {
476 960           block[i] = in[pos + i] ^ xor_block[i];
477             }
478 60           pdfmake_aes_encrypt_block(&ctx, block, out + pos);
479 60           memcpy(xor_block, out + pos, 16);
480 60           pos += 16;
481             }
482            
483             /* Last block with padding */
484 20           remaining = in_len - pos;
485 20 50         if (remaining > 0) {
486 20           memcpy(last_block, in + pos, remaining);
487             }
488 20           memset(last_block + remaining, (uint8_t)pad_len, pad_len);
489            
490 340 100         for (i = 0; i < 16; i++) {
491 320           last_block[i] ^= xor_block[i];
492             }
493 20           pdfmake_aes_encrypt_block(&ctx, last_block, out + pos);
494            
495 20           return out_len;
496             }
497              
498 10           int pdfmake_aes_cbc_decrypt(const uint8_t *key, size_t key_len,
499             const uint8_t iv[16],
500             const uint8_t *in, size_t in_len,
501             uint8_t *out)
502             {
503             pdfmake_aes_ctx_t ctx;
504             const uint8_t *xor_block;
505             size_t pos;
506             uint8_t decrypted[16];
507             int i;
508             uint8_t pad_byte;
509              
510 10 50         if (in_len == 0 || in_len % 16 != 0) {
    50          
511 0           return -1;
512             }
513            
514 10           pdfmake_aes_init(&ctx, key, key_len);
515            
516 10           xor_block = iv;
517            
518 110 100         for (pos = 0; pos < in_len; pos += 16) {
519 100           pdfmake_aes_decrypt_block(&ctx, in + pos, decrypted);
520            
521 1700 100         for (i = 0; i < 16; i++) {
522 1600           out[pos + i] = decrypted[i] ^ xor_block[i];
523             }
524 100           xor_block = in + pos;
525             }
526            
527             /* Remove PKCS#7 padding */
528 10           pad_byte = out[in_len - 1];
529 10 50         if (pad_byte == 0 || pad_byte > 16) {
    50          
530 0           return -1;
531             }
532            
533             /* Verify padding */
534 121 100         for (i = 0; i < pad_byte; i++) {
535 111 50         if (out[in_len - 1 - i] != pad_byte) {
536 0           return -1;
537             }
538             }
539            
540 10           return (int)(in_len - pad_byte);
541             }
542              
543             /*============================================================================
544             * PDF-specific helpers (with prepended IV)
545             *==========================================================================*/
546              
547             /* Simple PRNG for IV generation - seeded from time */
548             static uint32_t aes_prng_state = 0;
549              
550 20           static void aes_prng_seed(void)
551             {
552 20 100         if (aes_prng_state == 0) {
553 4           aes_prng_state = (uint32_t)time(NULL) ^ 0xDEADBEEF;
554             }
555 20           }
556              
557 320           static uint8_t aes_prng_byte(void)
558             {
559             /* Simple xorshift */
560 320           aes_prng_state ^= aes_prng_state << 13;
561 320           aes_prng_state ^= aes_prng_state >> 17;
562 320           aes_prng_state ^= aes_prng_state << 5;
563 320           return (uint8_t)(aes_prng_state & 0xFF);
564             }
565              
566 20           size_t pdfmake_aes_pdf_encrypt(const uint8_t *key, size_t key_len,
567             const uint8_t *in, size_t in_len,
568             uint8_t *out)
569             {
570             uint8_t iv[16];
571             int i;
572             size_t encrypted_len;
573              
574             /* Generate random IV */
575 20           aes_prng_seed();
576 340 100         for (i = 0; i < 16; i++) {
577 320           iv[i] = aes_prng_byte();
578             }
579            
580             /* Copy IV to output */
581 20           memcpy(out, iv, 16);
582            
583             /* Encrypt data after IV */
584 20           encrypted_len = pdfmake_aes_cbc_encrypt(key, key_len, iv,
585             in, in_len, out + 16);
586            
587 20           return 16 + encrypted_len;
588             }
589              
590 10           int pdfmake_aes_pdf_decrypt(const uint8_t *key, size_t key_len,
591             const uint8_t *in, size_t in_len,
592             uint8_t *out)
593             {
594             const uint8_t *iv;
595             const uint8_t *ciphertext;
596             size_t ciphertext_len;
597              
598 10 50         if (in_len < 32) { /* At least IV + one block */
599 0           return -1;
600             }
601            
602             /* IV is first 16 bytes */
603 10           iv = in;
604 10           ciphertext = in + 16;
605 10           ciphertext_len = in_len - 16;
606            
607 10           return pdfmake_aes_cbc_decrypt(key, key_len, iv, ciphertext, ciphertext_len, out);
608             }