source: openpam/trunk/lib/liboath/oath_base64.c @ 776

Last change on this file since 776 was 776, checked in by Dag-Erling Smørgrav, 7 years ago

Encoder:

  • Return the desired length when the buffer is too small.
  • Annotate the switch so Bullseye doesn't complain about an uncovered default case.

Decoder:

  • The table approach was a good idea, but there was no way to tell the difference between a character that decodes as 0 and an invalid character. Modify the tables so an invalid character is indicated by 0xff instead of 0x00.
  • Check that padding starts in a valid position. Note that we still don't check for left-over bits.
  • The overflow test always failed, because we set *olen = len before comparing them.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 6.0 KB
Line 
1/*-
2 * Copyright (c) 2013-2014 Universitetet i Oslo
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote
14 *    products derived from this software without specific prior written
15 *    permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $Id: oath_base64.c 776 2014-03-09 12:48:48Z des $
30 */
31
32#ifdef HAVE_CONFIG_H
33# include "config.h"
34#endif
35
36#include <sys/types.h>
37
38#include <errno.h>
39#include <stdint.h>
40
41#include <security/oath.h>
42
43#include "oath_impl.h"
44
45static const char b64enc[] =
46    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
47    "abcdefghijklmnopqrstuvwxyz"
48    "0123456789+/";
49
50static const char b64dec[256] = {
51        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
52        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
53        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
54        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
55        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
56        0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, 
57        0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 
58        0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
59        0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 
60        0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 
61        0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 
62        0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, 
63        0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 
64        0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 
65        0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 
66        0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff, 
67        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
68        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
69        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
70        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
71        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
72        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
73        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
74        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
75        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
76        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
77        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
78        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
79        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
80        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
81        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
82        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
83};
84
85/*
86 * Encode data in RFC 4648 base 64 representation.  The target buffer must
87 * have room for base64_enclen(len) characters and a terminating NUL.
88 */
89int
90base64_enc(const char *in, size_t ilen, char *out, size_t *olen)
91{
92        uint32_t bits;
93
94        if (*olen <= base64_enclen(ilen)) {
95                *olen = base64_enclen(ilen) + 1;
96                errno = ENOSPC;
97                return (-1);
98        }
99        *olen = 0;
100        while (ilen >= 3) {
101                bits = 0;
102                bits |= (uint32_t)in[0] << 16;
103                bits |= (uint32_t)in[1] << 8;
104                bits |= (uint32_t)in[2];
105                ilen -= 3;
106                in += 3;
107                out[0] = b64enc[bits >> 18 & 0x3f];
108                out[1] = b64enc[bits >> 12 & 0x3f];
109                out[2] = b64enc[bits >> 6 & 0x3f];
110                out[3] = b64enc[bits & 0x3f];
111                *olen += 4;
112                out += 4;
113        }
114        if (ilen > 0) {
115                bits = 0;
116                switch (ilen) {
117                case 2:
118                        bits |= (uint32_t)in[1] << 8;
119                case 1:
120                        bits |= (uint32_t)in[0] << 16;
121                COVERAGE_NO_DEFAULT_CASE
122                }
123                out[0] = b64enc[bits >> 18 & 0x3f];
124                out[1] = b64enc[bits >> 12 & 0x3f];
125                out[2] = ilen > 1 ? b64enc[bits >> 6 & 0x3f] : '=';
126                out[3] = '=';
127                *olen += 4;
128                out += 4;
129        }
130        out[0] = '\0';
131        ++*olen;
132        return (0);
133}
134
135/*
136 * Decode data in RFC 4648 base 64 representation, stopping at the
137 * terminating NUL, the first invalid (non-base64, non-whitespace)
138 * character or after len characters, whichever comes first.
139 *
140 * Padding is handled sloppily: any padding character following the data
141 * is silently consumed.  This not only simplifies the code but ensures
142 * compatibility with implementations which do not emit or understand
143 * padding.
144 *
145 * The olen argument is used by the caller to pass the size of the buffer
146 * and by base64_dec() to return the amount of data successfully decoded.
147 * If the buffer is too small, base64_dec() discards the excess data, but
148 * returns the total amount.
149 */
150int
151base64_dec(const char *in, size_t ilen, char *out, size_t *olen)
152{
153        size_t len;
154        int bits, shift, padding;
155
156        for (bits = shift = padding = len = 0; ilen && *in; --ilen, ++in) {
157                if (*in == ' ' || *in == '\t' || *in == '\r' || *in == '\n' ||
158                    (padding && *in == '=')) {
159                        /* consume */
160                        continue;
161                } else if (!padding && b64dec[(int)*in] >= 0) {
162                        /* shift into accumulator */
163                        shift += 6;
164                        bits = bits << 6 | b64dec[(int)*in];
165                } else if (!padding && shift > 0 && shift != 6 && *in == '=') {
166                        /* final byte */
167                        shift = 0;
168                        padding = 1;
169                } else {
170                        /* error */
171                        *olen = 0;
172                        errno = EINVAL;
173                        return (-1);
174                }
175                if (shift >= 8) {
176                        /* output accumulated byte */
177                        shift -= 8;
178                        if (len++ < *olen)
179                                *out++ = (bits >> shift) & 0xff;
180                }
181        }
182        /* report decoded length */
183        if (len > *olen) {
184                /* overflow */
185                *olen = len;
186                errno = ENOSPC;
187                return (-1);
188        }
189        *olen = len;
190        return (0);
191}
Note: See TracBrowser for help on using the repository browser.