1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23 /* Base64 encoding/decoding */
24
25 #include "curl_setup.h"
26 #include "urldata.h" /* for the Curl_easy definition */
27 #include "warnless.h"
28 #include "curl_base64.h"
29 #include "non-ascii.h"
30
31 /* The last 3 #include files should be in this order */
32 #include "curl_printf.h"
33 #include "curl_memory.h"
34 #include "memdebug.h"
35
36 /* ---- Base64 Encoding/Decoding Table --- */
37 static const char base64[]=
38 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
39
40 /* The Base 64 encoding with an URL and filename safe alphabet, RFC 4648
41 section 5 */
42 static const char base64url[]=
43 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
44
decodeQuantum(unsigned char * dest,const char * src)45 static size_t decodeQuantum(unsigned char *dest, const char *src)
46 {
47 size_t padding = 0;
48 const char *s, *p;
49 unsigned long i, x = 0;
50
51 for(i = 0, s = src; i < 4; i++, s++) {
52 unsigned long v = 0;
53
54 if(*s == '=') {
55 x = (x << 6);
56 padding++;
57 }
58 else {
59 p = base64;
60
61 while(*p && (*p != *s)) {
62 v++;
63 p++;
64 }
65
66 if(*p == *s)
67 x = (x << 6) + v;
68 else
69 return 0;
70 }
71 }
72
73 if(padding < 1)
74 dest[2] = curlx_ultouc(x & 0xFFUL);
75
76 x >>= 8;
77 if(padding < 2)
78 dest[1] = curlx_ultouc(x & 0xFFUL);
79
80 x >>= 8;
81 dest[0] = curlx_ultouc(x & 0xFFUL);
82
83 return 3 - padding;
84 }
85
86 /*
87 * Curl_base64_decode()
88 *
89 * Given a base64 NUL-terminated string at src, decode it and return a
90 * pointer in *outptr to a newly allocated memory area holding decoded
91 * data. Size of decoded data is returned in variable pointed by outlen.
92 *
93 * Returns CURLE_OK on success, otherwise specific error code. Function
94 * output shall not be considered valid unless CURLE_OK is returned.
95 *
96 * When decoded data length is 0, returns NULL in *outptr.
97 *
98 * @unittest: 1302
99 */
Curl_base64_decode(const char * src,unsigned char ** outptr,size_t * outlen)100 CURLcode Curl_base64_decode(const char *src,
101 unsigned char **outptr, size_t *outlen)
102 {
103 size_t srclen = 0;
104 size_t length = 0;
105 size_t padding = 0;
106 size_t i;
107 size_t numQuantums;
108 size_t rawlen = 0;
109 unsigned char *pos;
110 unsigned char *newstr;
111
112 *outptr = NULL;
113 *outlen = 0;
114 srclen = strlen(src);
115
116 /* Check the length of the input string is valid */
117 if(!srclen || srclen % 4)
118 return CURLE_BAD_CONTENT_ENCODING;
119
120 /* Find the position of any = padding characters */
121 while((src[length] != '=') && src[length])
122 length++;
123
124 /* A maximum of two = padding characters is allowed */
125 if(src[length] == '=') {
126 padding++;
127 if(src[length + 1] == '=')
128 padding++;
129 }
130
131 /* Check the = padding characters weren't part way through the input */
132 if(length + padding != srclen)
133 return CURLE_BAD_CONTENT_ENCODING;
134
135 /* Calculate the number of quantums */
136 numQuantums = srclen / 4;
137
138 /* Calculate the size of the decoded string */
139 rawlen = (numQuantums * 3) - padding;
140
141 /* Allocate our buffer including room for a zero terminator */
142 newstr = malloc(rawlen + 1);
143 if(!newstr)
144 return CURLE_OUT_OF_MEMORY;
145
146 pos = newstr;
147
148 /* Decode the quantums */
149 for(i = 0; i < numQuantums; i++) {
150 size_t result = decodeQuantum(pos, src);
151 if(!result) {
152 free(newstr);
153
154 return CURLE_BAD_CONTENT_ENCODING;
155 }
156
157 pos += result;
158 src += 4;
159 }
160
161 /* Zero terminate */
162 *pos = '\0';
163
164 /* Return the decoded data */
165 *outptr = newstr;
166 *outlen = rawlen;
167
168 return CURLE_OK;
169 }
170
base64_encode(const char * table64,struct Curl_easy * data,const char * inputbuff,size_t insize,char ** outptr,size_t * outlen)171 static CURLcode base64_encode(const char *table64,
172 struct Curl_easy *data,
173 const char *inputbuff, size_t insize,
174 char **outptr, size_t *outlen)
175 {
176 CURLcode result;
177 unsigned char ibuf[3];
178 unsigned char obuf[4];
179 int i;
180 int inputparts;
181 char *output;
182 char *base64data;
183 char *convbuf = NULL;
184
185 const char *indata = inputbuff;
186
187 *outptr = NULL;
188 *outlen = 0;
189
190 if(!insize)
191 insize = strlen(indata);
192
193 base64data = output = malloc(insize * 4 / 3 + 4);
194 if(!output)
195 return CURLE_OUT_OF_MEMORY;
196
197 /*
198 * The base64 data needs to be created using the network encoding
199 * not the host encoding. And we can't change the actual input
200 * so we copy it to a buffer, translate it, and use that instead.
201 */
202 result = Curl_convert_clone(data, indata, insize, &convbuf);
203 if(result) {
204 free(output);
205 return result;
206 }
207
208 if(convbuf)
209 indata = (char *)convbuf;
210
211 while(insize > 0) {
212 for(i = inputparts = 0; i < 3; i++) {
213 if(insize > 0) {
214 inputparts++;
215 ibuf[i] = (unsigned char) *indata;
216 indata++;
217 insize--;
218 }
219 else
220 ibuf[i] = 0;
221 }
222
223 obuf[0] = (unsigned char) ((ibuf[0] & 0xFC) >> 2);
224 obuf[1] = (unsigned char) (((ibuf[0] & 0x03) << 4) | \
225 ((ibuf[1] & 0xF0) >> 4));
226 obuf[2] = (unsigned char) (((ibuf[1] & 0x0F) << 2) | \
227 ((ibuf[2] & 0xC0) >> 6));
228 obuf[3] = (unsigned char) (ibuf[2] & 0x3F);
229
230 switch(inputparts) {
231 case 1: /* only one byte read */
232 snprintf(output, 5, "%c%c==",
233 table64[obuf[0]],
234 table64[obuf[1]]);
235 break;
236
237 case 2: /* two bytes read */
238 snprintf(output, 5, "%c%c%c=",
239 table64[obuf[0]],
240 table64[obuf[1]],
241 table64[obuf[2]]);
242 break;
243
244 default:
245 snprintf(output, 5, "%c%c%c%c",
246 table64[obuf[0]],
247 table64[obuf[1]],
248 table64[obuf[2]],
249 table64[obuf[3]]);
250 break;
251 }
252 output += 4;
253 }
254
255 /* Zero terminate */
256 *output = '\0';
257
258 /* Return the pointer to the new data (allocated memory) */
259 *outptr = base64data;
260
261 free(convbuf);
262
263 /* Return the length of the new data */
264 *outlen = strlen(base64data);
265
266 return CURLE_OK;
267 }
268
269 /*
270 * Curl_base64_encode()
271 *
272 * Given a pointer to an input buffer and an input size, encode it and
273 * return a pointer in *outptr to a newly allocated memory area holding
274 * encoded data. Size of encoded data is returned in variable pointed by
275 * outlen.
276 *
277 * Input length of 0 indicates input buffer holds a NUL-terminated string.
278 *
279 * Returns CURLE_OK on success, otherwise specific error code. Function
280 * output shall not be considered valid unless CURLE_OK is returned.
281 *
282 * When encoded data length is 0, returns NULL in *outptr.
283 *
284 * @unittest: 1302
285 */
Curl_base64_encode(struct Curl_easy * data,const char * inputbuff,size_t insize,char ** outptr,size_t * outlen)286 CURLcode Curl_base64_encode(struct Curl_easy *data,
287 const char *inputbuff, size_t insize,
288 char **outptr, size_t *outlen)
289 {
290 return base64_encode(base64, data, inputbuff, insize, outptr, outlen);
291 }
292
293 /*
294 * Curl_base64url_encode()
295 *
296 * Given a pointer to an input buffer and an input size, encode it and
297 * return a pointer in *outptr to a newly allocated memory area holding
298 * encoded data. Size of encoded data is returned in variable pointed by
299 * outlen.
300 *
301 * Input length of 0 indicates input buffer holds a NUL-terminated string.
302 *
303 * Returns CURLE_OK on success, otherwise specific error code. Function
304 * output shall not be considered valid unless CURLE_OK is returned.
305 *
306 * When encoded data length is 0, returns NULL in *outptr.
307 *
308 * @unittest: 1302
309 */
Curl_base64url_encode(struct Curl_easy * data,const char * inputbuff,size_t insize,char ** outptr,size_t * outlen)310 CURLcode Curl_base64url_encode(struct Curl_easy *data,
311 const char *inputbuff, size_t insize,
312 char **outptr, size_t *outlen)
313 {
314 return base64_encode(base64url, data, inputbuff, insize, outptr, outlen);
315 }
316