1/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24
25/* Base64 encoding/decoding */
26
27#include "curl_setup.h"
28
29#if !defined(CURL_DISABLE_HTTP_AUTH) || defined(USE_SSH) || \
30 !defined(CURL_DISABLE_LDAP) || \
31 !defined(CURL_DISABLE_SMTP) || \
32 !defined(CURL_DISABLE_POP3) || \
33 !defined(CURL_DISABLE_IMAP) || \
34 !defined(CURL_DISABLE_DOH) || defined(USE_SSL)
35
36#include "urldata.h" /* for the Curl_easy definition */
37#include "warnless.h"
38#include "curl_base64.h"
39
40/* The last 3 #include files should be in this order */
41#include "curl_printf.h"
42#include "curl_memory.h"
43#include "memdebug.h"
44
45/* ---- Base64 Encoding/Decoding Table --- */
46/* Padding character string starts at offset 64. */
47static const char base64[]=
48 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
49
50/* The Base 64 encoding with an URL and filename safe alphabet, RFC 4648
51 section 5 */
52static const char base64url[]=
53 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
54
55static size_t decodeQuantum(unsigned char *dest, const char *src)
56{
57 size_t padding = 0;
58 const char *s;
59 unsigned long i, x = 0;
60
61 for(i = 0, s = src; i < 4; i++, s++) {
62 if(*s == '=') {
63 x <<= 6;
64 padding++;
65 }
66 else {
67 const char *p = strchr(base64, *s);
68 if(p)
69 x = (x << 6) + curlx_uztoul(p - base64);
70 else
71 return 0;
72 }
73 }
74
75 if(padding < 1)
76 dest[2] = curlx_ultouc(x & 0xFFUL);
77
78 x >>= 8;
79 if(padding < 2)
80 dest[1] = curlx_ultouc(x & 0xFFUL);
81
82 x >>= 8;
83 dest[0] = curlx_ultouc(x & 0xFFUL);
84
85 return 3 - padding;
86}
87
88/*
89 * Curl_base64_decode()
90 *
91 * Given a base64 NUL-terminated string at src, decode it and return a
92 * pointer in *outptr to a newly allocated memory area holding decoded
93 * data. Size of decoded data is returned in variable pointed by outlen.
94 *
95 * Returns CURLE_OK on success, otherwise specific error code. Function
96 * output shall not be considered valid unless CURLE_OK is returned.
97 *
98 * When decoded data length is 0, returns NULL in *outptr.
99 *
100 * @unittest: 1302
101 */
102CURLcode Curl_base64_decode(const char *src,
103 unsigned char **outptr, size_t *outlen)
104{
105 size_t srclen = 0;
106 size_t padding = 0;
107 size_t i;
108 size_t numQuantums;
109 size_t rawlen = 0;
110 const char *padptr;
111 unsigned char *pos;
112 unsigned char *newstr;
113
114 *outptr = NULL;
115 *outlen = 0;
116 srclen = strlen(src);
117
118 /* Check the length of the input string is valid */
119 if(!srclen || srclen % 4)
120 return CURLE_BAD_CONTENT_ENCODING;
121
122 /* Find the position of any = padding characters */
123 padptr = strchr(src, '=');
124 if(padptr) {
125 padding++;
126 /* A maximum of two = padding characters is allowed */
127 if(padptr[1] == '=')
128 padding++;
129
130 /* Check the = padding characters weren't part way through the input */
131 if(padptr + padding != src + srclen)
132 return CURLE_BAD_CONTENT_ENCODING;
133 }
134
135 /* Calculate the number of quantums */
136 numQuantums = srclen / 4;
137
138 /* Calculate the size of the decoded string */
139 rawlen = (numQuantums * 3) - padding;
140
141 /* Allocate our buffer including room for a zero terminator */
142 newstr = malloc(rawlen + 1);
143 if(!newstr)
144 return CURLE_OUT_OF_MEMORY;
145
146 pos = newstr;
147
148 /* Decode the quantums */
149 for(i = 0; i < numQuantums; i++) {
150 size_t result = decodeQuantum(pos, src);
151 if(!result) {
152 free(newstr);
153
154 return CURLE_BAD_CONTENT_ENCODING;
155 }
156
157 pos += result;
158 src += 4;
159 }
160
161 /* Zero terminate */
162 *pos = '\0';
163
164 /* Return the decoded data */
165 *outptr = newstr;
166 *outlen = rawlen;
167
168 return CURLE_OK;
169}
170
171static CURLcode base64_encode(const char *table64,
172 const char *inputbuff, size_t insize,
173 char **outptr, size_t *outlen)
174{
175 unsigned char ibuf[3];
176 unsigned char obuf[4];
177 int i;
178 int inputparts;
179 char *output;
180 char *base64data;
181 const char *indata = inputbuff;
182 const char *padstr = &table64[64]; /* Point to padding string. */
183
184 *outptr = NULL;
185 *outlen = 0;
186
187 if(!insize)
188 insize = strlen(indata);
189
190#if SIZEOF_SIZE_T == 4
191 if(insize > UINT_MAX/4)
192 return CURLE_OUT_OF_MEMORY;
193#endif
194
195 base64data = output = malloc(insize * 4 / 3 + 4);
196 if(!output)
197 return CURLE_OUT_OF_MEMORY;
198
199 while(insize > 0) {
200 for(i = inputparts = 0; i < 3; i++) {
201 if(insize > 0) {
202 inputparts++;
203 ibuf[i] = (unsigned char) *indata;
204 indata++;
205 insize--;
206 }
207 else
208 ibuf[i] = 0;
209 }
210
211 obuf[0] = (unsigned char) ((ibuf[0] & 0xFC) >> 2);
212 obuf[1] = (unsigned char) (((ibuf[0] & 0x03) << 4) | \
213 ((ibuf[1] & 0xF0) >> 4));
214 obuf[2] = (unsigned char) (((ibuf[1] & 0x0F) << 2) | \
215 ((ibuf[2] & 0xC0) >> 6));
216 obuf[3] = (unsigned char) (ibuf[2] & 0x3F);
217
218 switch(inputparts) {
219 case 1: /* only one byte read */
220 i = msnprintf(output, 5, "%c%c%s%s",
221 table64[obuf[0]],
222 table64[obuf[1]],
223 padstr,
224 padstr);
225 break;
226
227 case 2: /* two bytes read */
228 i = msnprintf(output, 5, "%c%c%c%s",
229 table64[obuf[0]],
230 table64[obuf[1]],
231 table64[obuf[2]],
232 padstr);
233 break;
234
235 default:
236 i = msnprintf(output, 5, "%c%c%c%c",
237 table64[obuf[0]],
238 table64[obuf[1]],
239 table64[obuf[2]],
240 table64[obuf[3]]);
241 break;
242 }
243 output += i;
244 }
245
246 /* Zero terminate */
247 *output = '\0';
248
249 /* Return the pointer to the new data (allocated memory) */
250 *outptr = base64data;
251
252 /* Return the length of the new data */
253 *outlen = output - base64data;
254
255 return CURLE_OK;
256}
257
258/*
259 * Curl_base64_encode()
260 *
261 * Given a pointer to an input buffer and an input size, encode it and
262 * return a pointer in *outptr to a newly allocated memory area holding
263 * encoded data. Size of encoded data is returned in variable pointed by
264 * outlen.
265 *
266 * Input length of 0 indicates input buffer holds a NUL-terminated string.
267 *
268 * Returns CURLE_OK on success, otherwise specific error code. Function
269 * output shall not be considered valid unless CURLE_OK is returned.
270 *
271 * @unittest: 1302
272 */
273CURLcode Curl_base64_encode(const char *inputbuff, size_t insize,
274 char **outptr, size_t *outlen)
275{
276 return base64_encode(base64, inputbuff, insize, outptr, outlen);
277}
278
279/*
280 * Curl_base64url_encode()
281 *
282 * Given a pointer to an input buffer and an input size, encode it and
283 * return a pointer in *outptr to a newly allocated memory area holding
284 * encoded data. Size of encoded data is returned in variable pointed by
285 * outlen.
286 *
287 * Input length of 0 indicates input buffer holds a NUL-terminated string.
288 *
289 * Returns CURLE_OK on success, otherwise specific error code. Function
290 * output shall not be considered valid unless CURLE_OK is returned.
291 *
292 * @unittest: 1302
293 */
294CURLcode Curl_base64url_encode(const char *inputbuff, size_t insize,
295 char **outptr, size_t *outlen)
296{
297 return base64_encode(base64url, inputbuff, insize, outptr, outlen);
298}
299
300#endif /* no users so disabled */
301