Fix unsafe code in fx_crypt_aes.cpp or mark unsafe regions
Change-Id: Ie11c65a829aca79053960f590bf521a21de9bd49
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/119752
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Thomas Sepez <tsepez@google.com>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/core/fdrm/fx_crypt_aes.cpp b/core/fdrm/fx_crypt_aes.cpp
index 23f295d..80408d6 100644
--- a/core/fdrm/fx_crypt_aes.cpp
+++ b/core/fdrm/fx_crypt_aes.cpp
@@ -4,11 +4,6 @@
// Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
-#if defined(UNSAFE_BUFFERS_BUILD)
-// TODO(crbug.com/pdfium/2154): resolve buffer safety issues.
-#pragma allow_unsafe_buffers
-#endif
-
#include "core/fdrm/fx_crypt_aes.h"
#include "core/fxcrt/byteorder.h"
@@ -21,53 +16,55 @@
namespace {
-const unsigned char Sbox[256] = {
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b,
- 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
- 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26,
- 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2,
- 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
- 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed,
- 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f,
- 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
- 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec,
- 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14,
- 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
- 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d,
- 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f,
- 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
- 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11,
- 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f,
- 0xb0, 0x54, 0xbb, 0x16};
-const unsigned char Sboxinv[256] = {
- 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e,
- 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
- 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 0x54, 0x7b, 0x94, 0x32,
- 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
- 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49,
- 0x6d, 0x8b, 0xd1, 0x25, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
- 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50,
- 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05,
- 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
- 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 0x3a, 0x91, 0x11, 0x41,
- 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
- 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8,
- 0x1c, 0x75, 0xdf, 0x6e, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
- 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b,
- 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59,
- 0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
- 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 0xa0, 0xe0, 0x3b, 0x4d,
- 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63,
- 0x55, 0x21, 0x0c, 0x7d};
-const unsigned int E0[256] = {
+constexpr std::array<const uint8_t, 256> Sbox = {
+ {0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b,
+ 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+ 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26,
+ 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2,
+ 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+ 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed,
+ 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f,
+ 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+ 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec,
+ 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14,
+ 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+ 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d,
+ 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f,
+ 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+ 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11,
+ 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f,
+ 0xb0, 0x54, 0xbb, 0x16}};
+
+constexpr std::array<const uint8_t, 256> Sboxinv = {
+ {0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e,
+ 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+ 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 0x54, 0x7b, 0x94, 0x32,
+ 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+ 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49,
+ 0x6d, 0x8b, 0xd1, 0x25, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+ 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50,
+ 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+ 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05,
+ 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+ 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 0x3a, 0x91, 0x11, 0x41,
+ 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+ 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8,
+ 0x1c, 0x75, 0xdf, 0x6e, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+ 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b,
+ 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+ 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59,
+ 0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+ 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 0xa0, 0xe0, 0x3b, 0x4d,
+ 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63,
+ 0x55, 0x21, 0x0c, 0x7d}};
+
+constexpr std::array<const uint32_t, 256> E0 = {{
0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd,
0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d,
@@ -111,8 +108,9 @@
0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631,
0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a,
-};
-const unsigned int E1[256] = {
+}};
+
+constexpr std::array<uint32_t, 256> E1 = {{
0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b,
0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, 0x458fcaca, 0x9d1f8282,
@@ -156,8 +154,9 @@
0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, 0xda65bfbf, 0x31d7e6e6,
0xc6844242, 0xb8d06868, 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
-};
-const unsigned int E2[256] = {
+}};
+
+constexpr std::array<uint32_t, 256> E2 = {{
0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 0xf20dfff2, 0x6bbdd66b,
0x6fb1de6f, 0xc55491c5, 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b,
0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, 0xca458fca, 0x829d1f82,
@@ -201,8 +200,9 @@
0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d, 0xbfda65bf, 0xe631d7e6,
0x42c68442, 0x68b8d068, 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f,
0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16,
-};
-const unsigned int E3[256] = {
+}};
+
+constexpr std::array<uint32_t, 256> E3 = {{
0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 0xf2f20dff, 0x6b6bbdd6,
0x6f6fb1de, 0xc5c55491, 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56,
0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, 0xcaca458f, 0x82829d1f,
@@ -246,8 +246,9 @@
0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a, 0xbfbfda65, 0xe6e631d7,
0x4242c684, 0x6868b8d0, 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e,
0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c,
-};
-const unsigned int D0[256] = {
+}};
+
+constexpr std::array<uint32_t, 256> D0 = {{
0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1,
0xacfa58ab, 0x4be30393, 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, 0xdeb15a49, 0x25ba1b67,
@@ -291,8 +292,8 @@
0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 0x161dc372, 0xbce2250c,
0x283c498b, 0xff0d9541, 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742,
-};
-const unsigned int D1[256] = {
+}};
+constexpr std::array<uint32_t, 256> D1 = {{
0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45,
0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, 0x49deb15a, 0x6725ba1b,
@@ -336,8 +337,9 @@
0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, 0x72161dc3, 0x0cbce225,
0x8b283c49, 0x41ff0d95, 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857,
-};
-const unsigned int D2[256] = {
+}};
+
+constexpr std::array<uint32_t, 256> D2 = {{
0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 0x6bcb3bab, 0x45f11f9d,
0x58abacfa, 0x03934be3, 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,
0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, 0x5a49deb1, 0x1b6725ba,
@@ -381,8 +383,9 @@
0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, 0xc372161d, 0x250cbce2,
0x498b283c, 0x9541ff0d, 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8,
-};
-const unsigned int D3[256] = {
+}};
+
+constexpr std::array<uint32_t, 256> D3 = {{
0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 0xab6bcb3b, 0x9d45f11f,
0xfa58abac, 0xe303934b, 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5,
0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, 0xb15a49de, 0xba1b6725,
@@ -426,22 +429,23 @@
0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, 0x1dc37216, 0xe2250cbc,
0x3c498b28, 0x0d9541ff, 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064,
0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0,
-};
+}};
-#define ADD_ROUND_KEY_4() \
- (block[0] ^= *keysched++, block[1] ^= *keysched++, block[2] ^= *keysched++, \
- block[3] ^= *keysched++)
-#define MOVEWORD(i) (block[i] = newstate[i])
-#define FMAKEWORD(i) \
- (newstate[i] = (E0[(block[i] >> 24) & 0xFF] ^ \
- E1[(block[(i + C1) % Nb] >> 16) & 0xFF] ^ \
- E2[(block[(i + C2) % Nb] >> 8) & 0xFF] ^ \
- E3[block[(i + C3) % Nb] & 0xFF]))
-#define LASTWORD(i) \
- (newstate[i] = (Sbox[(block[i] >> 24) & 0xFF] << 24) | \
- (Sbox[(block[(i + C1) % Nb] >> 16) & 0xFF] << 16) | \
- (Sbox[(block[(i + C2) % Nb] >> 8) & 0xFF] << 8) | \
- (Sbox[(block[(i + C3) % Nb]) & 0xFF]))
+#define ADD_ROUND_KEY_4() \
+ UNSAFE_TODO((block[0] ^= *keysched++, block[1] ^= *keysched++, \
+ block[2] ^= *keysched++, block[3] ^= *keysched++))
+#define MOVEWORD(i) UNSAFE_TODO((block[i] = newstate[i]))
+#define FMAKEWORD(i) \
+ UNSAFE_TODO((newstate[i] = (E0[(block[i] >> 24) & 0xFF] ^ \
+ E1[(block[(i + C1) % Nb] >> 16) & 0xFF] ^ \
+ E2[(block[(i + C2) % Nb] >> 8) & 0xFF] ^ \
+ E3[block[(i + C3) % Nb] & 0xFF])))
+#define LASTWORD(i) \
+ UNSAFE_TODO( \
+ (newstate[i] = (Sbox[(block[i] >> 24) & 0xFF] << 24) | \
+ (Sbox[(block[(i + C1) % Nb] >> 16) & 0xFF] << 16) | \
+ (Sbox[(block[(i + C2) % Nb] >> 8) & 0xFF] << 8) | \
+ (Sbox[(block[(i + C3) % Nb]) & 0xFF])))
void aes_encrypt_nb_4(CRYPT_aes_context* ctx, unsigned int* block) {
int i;
@@ -449,7 +453,7 @@
const int C2 = 2;
const int C3 = 3;
const int Nb = 4;
- unsigned int* keysched = ctx->keysched;
+ unsigned int* keysched = ctx->keysched.data();
unsigned int newstate[4];
for (i = 0; i < ctx->Nr - 1; i++) {
ADD_ROUND_KEY_4();
@@ -476,16 +480,17 @@
#undef FMAKEWORD
#undef LASTWORD
-#define FMAKEWORD(i) \
- (newstate[i] = (D0[(block[i] >> 24) & 0xFF] ^ \
- D1[(block[(i + C1) % Nb] >> 16) & 0xFF] ^ \
- D2[(block[(i + C2) % Nb] >> 8) & 0xFF] ^ \
- D3[block[(i + C3) % Nb] & 0xFF]))
-#define LASTWORD(i) \
- (newstate[i] = (Sboxinv[(block[i] >> 24) & 0xFF] << 24) | \
- (Sboxinv[(block[(i + C1) % Nb] >> 16) & 0xFF] << 16) | \
- (Sboxinv[(block[(i + C2) % Nb] >> 8) & 0xFF] << 8) | \
- (Sboxinv[(block[(i + C3) % Nb]) & 0xFF]))
+#define FMAKEWORD(i) \
+ UNSAFE_TODO((newstate[i] = (D0[(block[i] >> 24) & 0xFF] ^ \
+ D1[(block[(i + C1) % Nb] >> 16) & 0xFF] ^ \
+ D2[(block[(i + C2) % Nb] >> 8) & 0xFF] ^ \
+ D3[block[(i + C3) % Nb] & 0xFF])))
+#define LASTWORD(i) \
+ UNSAFE_TODO( \
+ (newstate[i] = (Sboxinv[(block[i] >> 24) & 0xFF] << 24) | \
+ (Sboxinv[(block[(i + C1) % Nb] >> 16) & 0xFF] << 16) | \
+ (Sboxinv[(block[(i + C2) % Nb] >> 8) & 0xFF] << 8) | \
+ (Sboxinv[(block[(i + C3) % Nb]) & 0xFF])))
void aes_decrypt_nb_4(CRYPT_aes_context* ctx, unsigned int* block) {
int i;
@@ -493,7 +498,7 @@
const int C2 = 4 - 2;
const int C3 = 4 - 3;
const int Nb = 4;
- unsigned int* keysched = ctx->invkeysched;
+ unsigned int* keysched = ctx->invkeysched.data();
unsigned int newstate[4];
for (i = 0; i < ctx->Nr - 1; i++) {
ADD_ROUND_KEY_4();
@@ -526,7 +531,7 @@
const uint8_t* key,
uint32_t keylen) {
DCHECK(keylen == 16 || keylen == 24 || keylen == 32);
- auto keyspan = pdfium::make_span(key, keylen);
+ auto keyspan = UNSAFE_TODO(pdfium::make_span(key, keylen));
int Nk = keylen / 4;
ctx->Nb = 4;
ctx->Nr = 6 + (ctx->Nb > Nk ? ctx->Nb : Nk);
@@ -581,7 +586,8 @@
void CRYPT_AESSetIV(CRYPT_aes_context* ctx, const uint8_t* iv) {
for (int i = 0; i < ctx->Nb; i++) {
// TODO(tsepez): Pass actual span.
- ctx->iv[i] = fxcrt::GetUInt32MSBFirst(pdfium::make_span(iv + 4 * i, 4u));
+ ctx->iv[i] = fxcrt::GetUInt32MSBFirst(
+ UNSAFE_TODO(pdfium::make_span(iv + 4 * i, 4u)));
}
}
@@ -594,23 +600,25 @@
unsigned int ct[4];
int i;
CHECK_EQ((size & 15), 0);
- FXSYS_memcpy(iv, ctx->iv, sizeof(iv));
- while (size != 0) {
- for (i = 0; i < 4; i++) {
- x[i] = ct[i] = fxcrt::GetUInt32MSBFirst(
- UNSAFE_TODO(pdfium::make_span(src + 4 * i, 4u)));
+ UNSAFE_TODO({
+ FXSYS_memcpy(iv, ctx->iv.data(), sizeof(iv));
+ while (size != 0) {
+ for (i = 0; i < 4; i++) {
+ x[i] = ct[i] =
+ fxcrt::GetUInt32MSBFirst(pdfium::make_span(src + 4 * i, 4u));
+ }
+ aes_decrypt_nb_4(ctx, x);
+ for (i = 0; i < 4; i++) {
+ fxcrt::PutUInt32MSBFirst(iv[i] ^ x[i],
+ pdfium::make_span(dest + 4 * i, 4u));
+ iv[i] = ct[i];
+ }
+ dest += 16;
+ src += 16;
+ size -= 16;
}
- aes_decrypt_nb_4(ctx, x);
- for (i = 0; i < 4; i++) {
- fxcrt::PutUInt32MSBFirst(
- iv[i] ^ x[i], UNSAFE_TODO(pdfium::make_span(dest + 4 * i, 4u)));
- iv[i] = ct[i];
- }
- dest += 16;
- src += 16;
- size -= 16;
- }
- FXSYS_memcpy(ctx->iv, iv, sizeof(iv));
+ FXSYS_memcpy(ctx->iv.data(), iv, sizeof(iv));
+ });
}
void CRYPT_AESEncrypt(CRYPT_aes_context* ctx,
@@ -620,20 +628,20 @@
unsigned int iv[4];
int i;
CHECK_EQ((size & 15), 0);
- FXSYS_memcpy(iv, ctx->iv, sizeof(iv));
- while (size != 0) {
- for (i = 0; i < 4; i++) {
- iv[i] ^= fxcrt::GetUInt32MSBFirst(
- UNSAFE_TODO(pdfium::make_span(src + 4 * i, 4u)));
+ UNSAFE_TODO({
+ FXSYS_memcpy(iv, ctx->iv.data(), sizeof(iv));
+ while (size != 0) {
+ for (i = 0; i < 4; i++) {
+ iv[i] ^= fxcrt::GetUInt32MSBFirst(pdfium::make_span(src + 4 * i, 4u));
+ }
+ aes_encrypt_nb_4(ctx, iv);
+ for (i = 0; i < 4; i++) {
+ fxcrt::PutUInt32MSBFirst(iv[i], pdfium::make_span(dest + 4 * i, 4u));
+ }
+ dest += 16;
+ src += 16;
+ size -= 16;
}
- aes_encrypt_nb_4(ctx, iv);
- for (i = 0; i < 4; i++) {
- fxcrt::PutUInt32MSBFirst(
- iv[i], UNSAFE_TODO(pdfium::make_span(dest + 4 * i, 4u)));
- }
- dest += 16;
- src += 16;
- size -= 16;
- }
- FXSYS_memcpy(ctx->iv, iv, sizeof(iv));
+ FXSYS_memcpy(ctx->iv.data(), iv, sizeof(iv));
+ });
}
diff --git a/core/fdrm/fx_crypt_aes.h b/core/fdrm/fx_crypt_aes.h
index fd8bbfa..c916310 100644
--- a/core/fdrm/fx_crypt_aes.h
+++ b/core/fdrm/fx_crypt_aes.h
@@ -9,6 +9,8 @@
#include <stdint.h>
+#include <array>
+
struct CRYPT_aes_context {
static constexpr int kMaxNb = 8;
static constexpr int kMaxNr = 14;
@@ -16,9 +18,9 @@
int Nb;
int Nr;
- unsigned int keysched[kSchedSize];
- unsigned int invkeysched[kSchedSize];
- unsigned int iv[kMaxNb];
+ std::array<uint32_t, kSchedSize> keysched;
+ std::array<uint32_t, kSchedSize> invkeysched;
+ std::array<uint32_t, kMaxNb> iv;
};
void CRYPT_AESSetKey(CRYPT_aes_context* ctx,
