source: openpam/trunk/lib/liboath/oath_base32.c @ 776

Last change on this file since 776 was 776, checked in by Dag-Erling Smørgrav, 7 years ago

Encoder:

  • Return the desired length when the buffer is too small.
  • Annotate the switch so Bullseye doesn't complain about an uncovered default case.

Decoder:

  • The table approach was a good idea, but there was no way to tell the difference between a character that decodes as 0 and an invalid character. Modify the tables so an invalid character is indicated by 0xff instead of 0x00.
  • Check that padding starts in a valid position. Note that we still don't check for left-over bits.
  • The overflow test always failed, because we set *olen = len before comparing them.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 6.4 KB
Line 
1/*-
2 * Copyright (c) 2013-2014 Universitetet i Oslo
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote
14 *    products derived from this software without specific prior written
15 *    permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $Id: oath_base32.c 776 2014-03-09 12:48:48Z des $
30 */
31
32#ifdef HAVE_CONFIG_H
33# include "config.h"
34#endif
35
36#include <sys/types.h>
37
38#include <errno.h>
39#include <stdint.h>
40
41#include <security/oath.h>
42
43#include "oath_impl.h"
44
45static const char b32enc[] =
46    "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
47
48static const char b32dec[256] = {
49        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
50        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
51        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
52        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
53        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
54        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
55        0xff, 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
56        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
57        0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
58        0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
59        0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
60        0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
61        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
62        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
63        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
64        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
65        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
66        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
67        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
68        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
69        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
70        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
71        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
72        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
73        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
74        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
75        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
76        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
77        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
78        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
79        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
80        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
81};
82
83/*
84 * Encode data in RFC 4648 base 32 representation.  The target buffer must
85 * have room for base32_enclen(len) characters and a terminating NUL.
86 */
87int
88base32_enc(const char *in, size_t ilen, char *out, size_t *olen)
89{
90        uint64_t bits;
91
92        if (*olen <= base32_enclen(ilen)) {
93                *olen = base32_enclen(ilen) + 1;
94                errno = ENOSPC;
95                return (-1);
96        }
97        *olen = 0;
98        while (ilen >= 5) {
99                bits = 0;
100                bits |= (uint64_t)in[0] << 32;
101                bits |= (uint64_t)in[1] << 24;
102                bits |= (uint64_t)in[2] << 16;
103                bits |= (uint64_t)in[3] << 8;
104                bits |= (uint64_t)in[4];
105                ilen -= 5;
106                in += 5;
107                out[0] = b32enc[bits >> 35 & 0x1f];
108                out[1] = b32enc[bits >> 30 & 0x1f];
109                out[2] = b32enc[bits >> 25 & 0x1f];
110                out[3] = b32enc[bits >> 20 & 0x1f];
111                out[4] = b32enc[bits >> 15 & 0x1f];
112                out[5] = b32enc[bits >> 10 & 0x1f];
113                out[6] = b32enc[bits >> 5 & 0x1f];
114                out[7] = b32enc[bits & 0x1f];
115                *olen += 8;
116                out += 8;
117        }
118        if (ilen > 0) {
119                bits = 0;
120                switch (ilen) {
121                case 4:
122                        bits |= (uint64_t)in[3] << 8;
123                case 3:
124                        bits |= (uint64_t)in[2] << 16;
125                case 2:
126                        bits |= (uint64_t)in[1] << 24;
127                case 1:
128                        bits |= (uint64_t)in[0] << 32;
129                COVERAGE_NO_DEFAULT_CASE
130                }
131                out[0] = b32enc[bits >> 35 & 0x1f];
132                out[1] = b32enc[bits >> 30 & 0x1f];
133                out[2] = ilen > 1 ? b32enc[bits >> 25 & 0x1f] : '=';
134                out[3] = ilen > 1 ? b32enc[bits >> 20 & 0x1f] : '=';
135                out[4] = ilen > 2 ? b32enc[bits >> 15 & 0x1f] : '=';
136                out[5] = ilen > 3 ? b32enc[bits >> 10 & 0x1f] : '=';
137                out[6] = ilen > 3 ? b32enc[bits >> 5 & 0x1f] : '=';
138                out[7] = '=';
139                *olen += 8;
140                out += 8;
141        }
142        out[0] = '\0';
143        ++*olen;
144        return (0);
145}
146
147/*
148 * Decode data in RFC 4648 base 32 representation, stopping at the
149 * terminating NUL, the first invalid (non-base32, non-whitespace)
150 * character or after len characters, whichever comes first.
151 *
152 * Padding is handled sloppily: any padding character following the data
153 * is silently consumed.  This not only simplifies the code but ensures
154 * compatibility with implementations which do not emit or understand
155 * padding.
156 *
157 * The olen argument is used by the caller to pass the size of the buffer
158 * and by base32_dec() to return the amount of data successfully decoded.
159 * If the buffer is too small, base32_dec() discards the excess data, but
160 * returns the total amount.
161 */
162int
163base32_dec(const char *in, size_t ilen, char *out, size_t *olen)
164{
165        size_t len;
166        int bits, shift, padding;
167
168        for (bits = shift = padding = len = 0; ilen && *in; --ilen, ++in) {
169                if (*in == ' ' || *in == '\t' || *in == '\r' || *in == '\n' ||
170                    (padding && *in == '=')) {
171                        /* consume */
172                        continue;
173                } else if (!padding && b32dec[(int)*in] >= 0) {
174                        /* shift into accumulator */
175                        shift += 5;
176                        bits = bits << 5 | b32dec[(int)*in];
177                } else if (!padding && shift > 0 && shift < 5 && *in == '=') {
178                        /* final byte */
179                        shift = 0;
180                        padding = 1;
181                } else {
182                        /* error */
183                        *olen = 0;
184                        errno = EINVAL;
185                        return (-1);
186                }
187                if (shift >= 8) {
188                        /* output accumulated byte */
189                        shift -= 8;
190                        if (len++ < *olen)
191                                *out++ = (bits >> shift) & 0xff;
192                }
193        }
194        /* report decoded length */
195        if (len > *olen) {
196                /* overflow */
197                *olen = len;
198                errno = ENOSPC;
199                return (-1);
200        }
201        *olen = len;
202        return (0);
203}
Note: See TracBrowser for help on using the repository browser.