]>
Commit | Line | Data |
---|---|---|
1 | /* base64.c -- Encode binary data using printable characters. | |
2 | Copyright (C) 1999, 2000, 2001, 2004, 2005, 2006 Free Software | |
3 | Foundation, Inc. | |
4 | ||
5 | This program is free software; you can redistribute it and/or modify | |
6 | it under the terms of the GNU General Public License as published by | |
7 | the Free Software Foundation; either version 2, or (at your option) | |
8 | any later version. | |
9 | ||
10 | This program is distributed in the hope that it will be useful, | |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | GNU General Public License for more details. | |
14 | ||
15 | You should have received a copy of the GNU General Public License | |
16 | along with this program; if not, write to the Free Software Foundation, | |
17 | Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ | |
18 | ||
19 | /* Written by Simon Josefsson. Partially adapted from GNU MailUtils | |
20 | * (mailbox/filter_trans.c, as of 2004-11-28). Improved by review | |
21 | * from Paul Eggert, Bruno Haible, and Stepan Kasal. | |
22 | * | |
23 | * See also RFC 3548 <http://www.ietf.org/rfc/rfc3548.txt>. | |
24 | * | |
25 | * Be careful with error checking. Here is how you would typically | |
26 | * use these functions: | |
27 | * | |
28 | * bool ok = base64_decode_alloc (in, inlen, &out, &outlen); | |
29 | * if (!ok) | |
30 | * FAIL: input was not valid base64 | |
31 | * if (out == NULL) | |
32 | * FAIL: memory allocation error | |
33 | * OK: data in OUT/OUTLEN | |
34 | * | |
35 | * size_t outlen = base64_encode_alloc (in, inlen, &out); | |
36 | * if (out == NULL && outlen == 0 && inlen != 0) | |
37 | * FAIL: input too long | |
38 | * if (out == NULL) | |
39 | * FAIL: memory allocation error | |
40 | * OK: data in OUT/OUTLEN. | |
41 | * | |
42 | */ | |
43 | ||
44 | #include "config.h" | |
45 | ||
46 | /* Get prototype. */ | |
47 | #include "base64.h" | |
48 | ||
49 | /* Get malloc. */ | |
50 | #include <stdlib.h> | |
51 | ||
52 | /* Get UCHAR_MAX. */ | |
53 | #include <limits.h> | |
54 | ||
55 | /* C89 compliant way to cast 'char' to 'unsigned char'. */ | |
56 | static inline unsigned char | |
57 | to_uchar (char ch) | |
58 | { | |
59 | return ch; | |
60 | } | |
61 | ||
62 | /* Base64 encode IN array of size INLEN into OUT array of size OUTLEN. | |
63 | If OUTLEN is less than BASE64_LENGTH(INLEN), write as many bytes as | |
64 | possible. If OUTLEN is larger than BASE64_LENGTH(INLEN), also zero | |
65 | terminate the output buffer. */ | |
66 | void | |
67 | base64_encode (const char *in, size_t inlen, | |
68 | char *out, size_t outlen) | |
69 | { | |
70 | static const char b64str[64] = | |
71 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | |
72 | ||
73 | while (inlen && outlen) | |
74 | { | |
75 | *out++ = b64str[(to_uchar (in[0]) >> 2) & 0x3f]; | |
76 | if (!--outlen) | |
77 | break; | |
78 | *out++ = b64str[((to_uchar (in[0]) << 4) | |
79 | + (--inlen ? to_uchar (in[1]) >> 4 : 0)) | |
80 | & 0x3f]; | |
81 | if (!--outlen) | |
82 | break; | |
83 | *out++ = | |
84 | (inlen | |
85 | ? b64str[((to_uchar (in[1]) << 2) | |
86 | + (--inlen ? to_uchar (in[2]) >> 6 : 0)) | |
87 | & 0x3f] | |
88 | : '='); | |
89 | if (!--outlen) | |
90 | break; | |
91 | *out++ = inlen ? b64str[to_uchar (in[2]) & 0x3f] : '='; | |
92 | if (!--outlen) | |
93 | break; | |
94 | if (inlen) | |
95 | inlen--; | |
96 | if (inlen) | |
97 | in += 3; | |
98 | } | |
99 | ||
100 | if (outlen) | |
101 | *out = '\0'; | |
102 | } | |
103 | ||
104 | /* Allocate a buffer and store zero terminated base64 encoded data | |
105 | from array IN of size INLEN, returning BASE64_LENGTH(INLEN), i.e., | |
106 | the length of the encoded data, excluding the terminating zero. On | |
107 | return, the OUT variable will hold a pointer to newly allocated | |
108 | memory that must be deallocated by the caller. If output string | |
109 | length would overflow, 0 is returned and OUT is set to NULL. If | |
110 | memory allocation failed, OUT is set to NULL, and the return value | |
111 | indicates length of the requested memory block, i.e., | |
112 | BASE64_LENGTH(inlen) + 1. */ | |
113 | size_t | |
114 | base64_encode_alloc (const char *in, size_t inlen, char **out) | |
115 | { | |
116 | size_t outlen = 1 + BASE64_LENGTH (inlen); | |
117 | ||
118 | /* Check for overflow in outlen computation. | |
119 | * | |
120 | * If there is no overflow, outlen >= inlen. | |
121 | * | |
122 | * If the operation (inlen + 2) overflows then it yields at most +1, so | |
123 | * outlen is 0. | |
124 | * | |
125 | * If the multiplication overflows, we lose at least half of the | |
126 | * correct value, so the result is < ((inlen + 2) / 3) * 2, which is | |
127 | * less than (inlen + 2) * 0.66667, which is less than inlen as soon as | |
128 | * (inlen > 4). | |
129 | */ | |
130 | if (inlen > outlen) | |
131 | { | |
132 | *out = NULL; | |
133 | return 0; | |
134 | } | |
135 | ||
136 | *out = malloc (outlen); | |
137 | if (!*out) | |
138 | return outlen; | |
139 | ||
140 | base64_encode (in, inlen, *out, outlen); | |
141 | ||
142 | return outlen - 1; | |
143 | } | |
144 | ||
145 | /* With this approach this file works independent of the charset used | |
146 | (think EBCDIC). However, it does assume that the characters in the | |
147 | Base64 alphabet (A-Za-z0-9+/) are encoded in 0..255. POSIX | |
148 | 1003.1-2001 require that char and unsigned char are 8-bit | |
149 | quantities, though, taking care of that problem. But this may be a | |
150 | potential problem on non-POSIX C99 platforms. | |
151 | ||
152 | IBM C V6 for AIX mishandles "#define B64(x) ...'x'...", so use "_" | |
153 | as the formal parameter rather than "x". */ | |
154 | #define B64(_) \ | |
155 | ((_) == 'A' ? 0 \ | |
156 | : (_) == 'B' ? 1 \ | |
157 | : (_) == 'C' ? 2 \ | |
158 | : (_) == 'D' ? 3 \ | |
159 | : (_) == 'E' ? 4 \ | |
160 | : (_) == 'F' ? 5 \ | |
161 | : (_) == 'G' ? 6 \ | |
162 | : (_) == 'H' ? 7 \ | |
163 | : (_) == 'I' ? 8 \ | |
164 | : (_) == 'J' ? 9 \ | |
165 | : (_) == 'K' ? 10 \ | |
166 | : (_) == 'L' ? 11 \ | |
167 | : (_) == 'M' ? 12 \ | |
168 | : (_) == 'N' ? 13 \ | |
169 | : (_) == 'O' ? 14 \ | |
170 | : (_) == 'P' ? 15 \ | |
171 | : (_) == 'Q' ? 16 \ | |
172 | : (_) == 'R' ? 17 \ | |
173 | : (_) == 'S' ? 18 \ | |
174 | : (_) == 'T' ? 19 \ | |
175 | : (_) == 'U' ? 20 \ | |
176 | : (_) == 'V' ? 21 \ | |
177 | : (_) == 'W' ? 22 \ | |
178 | : (_) == 'X' ? 23 \ | |
179 | : (_) == 'Y' ? 24 \ | |
180 | : (_) == 'Z' ? 25 \ | |
181 | : (_) == 'a' ? 26 \ | |
182 | : (_) == 'b' ? 27 \ | |
183 | : (_) == 'c' ? 28 \ | |
184 | : (_) == 'd' ? 29 \ | |
185 | : (_) == 'e' ? 30 \ | |
186 | : (_) == 'f' ? 31 \ | |
187 | : (_) == 'g' ? 32 \ | |
188 | : (_) == 'h' ? 33 \ | |
189 | : (_) == 'i' ? 34 \ | |
190 | : (_) == 'j' ? 35 \ | |
191 | : (_) == 'k' ? 36 \ | |
192 | : (_) == 'l' ? 37 \ | |
193 | : (_) == 'm' ? 38 \ | |
194 | : (_) == 'n' ? 39 \ | |
195 | : (_) == 'o' ? 40 \ | |
196 | : (_) == 'p' ? 41 \ | |
197 | : (_) == 'q' ? 42 \ | |
198 | : (_) == 'r' ? 43 \ | |
199 | : (_) == 's' ? 44 \ | |
200 | : (_) == 't' ? 45 \ | |
201 | : (_) == 'u' ? 46 \ | |
202 | : (_) == 'v' ? 47 \ | |
203 | : (_) == 'w' ? 48 \ | |
204 | : (_) == 'x' ? 49 \ | |
205 | : (_) == 'y' ? 50 \ | |
206 | : (_) == 'z' ? 51 \ | |
207 | : (_) == '0' ? 52 \ | |
208 | : (_) == '1' ? 53 \ | |
209 | : (_) == '2' ? 54 \ | |
210 | : (_) == '3' ? 55 \ | |
211 | : (_) == '4' ? 56 \ | |
212 | : (_) == '5' ? 57 \ | |
213 | : (_) == '6' ? 58 \ | |
214 | : (_) == '7' ? 59 \ | |
215 | : (_) == '8' ? 60 \ | |
216 | : (_) == '9' ? 61 \ | |
217 | : (_) == '+' ? 62 \ | |
218 | : (_) == '/' ? 63 \ | |
219 | : -1) | |
220 | ||
221 | static const signed char b64[0x100] = { | |
222 | B64 (0), B64 (1), B64 (2), B64 (3), | |
223 | B64 (4), B64 (5), B64 (6), B64 (7), | |
224 | B64 (8), B64 (9), B64 (10), B64 (11), | |
225 | B64 (12), B64 (13), B64 (14), B64 (15), | |
226 | B64 (16), B64 (17), B64 (18), B64 (19), | |
227 | B64 (20), B64 (21), B64 (22), B64 (23), | |
228 | B64 (24), B64 (25), B64 (26), B64 (27), | |
229 | B64 (28), B64 (29), B64 (30), B64 (31), | |
230 | B64 (32), B64 (33), B64 (34), B64 (35), | |
231 | B64 (36), B64 (37), B64 (38), B64 (39), | |
232 | B64 (40), B64 (41), B64 (42), B64 (43), | |
233 | B64 (44), B64 (45), B64 (46), B64 (47), | |
234 | B64 (48), B64 (49), B64 (50), B64 (51), | |
235 | B64 (52), B64 (53), B64 (54), B64 (55), | |
236 | B64 (56), B64 (57), B64 (58), B64 (59), | |
237 | B64 (60), B64 (61), B64 (62), B64 (63), | |
238 | B64 (64), B64 (65), B64 (66), B64 (67), | |
239 | B64 (68), B64 (69), B64 (70), B64 (71), | |
240 | B64 (72), B64 (73), B64 (74), B64 (75), | |
241 | B64 (76), B64 (77), B64 (78), B64 (79), | |
242 | B64 (80), B64 (81), B64 (82), B64 (83), | |
243 | B64 (84), B64 (85), B64 (86), B64 (87), | |
244 | B64 (88), B64 (89), B64 (90), B64 (91), | |
245 | B64 (92), B64 (93), B64 (94), B64 (95), | |
246 | B64 (96), B64 (97), B64 (98), B64 (99), | |
247 | B64 (100), B64 (101), B64 (102), B64 (103), | |
248 | B64 (104), B64 (105), B64 (106), B64 (107), | |
249 | B64 (108), B64 (109), B64 (110), B64 (111), | |
250 | B64 (112), B64 (113), B64 (114), B64 (115), | |
251 | B64 (116), B64 (117), B64 (118), B64 (119), | |
252 | B64 (120), B64 (121), B64 (122), B64 (123), | |
253 | B64 (124), B64 (125), B64 (126), B64 (127), | |
254 | B64 (128), B64 (129), B64 (130), B64 (131), | |
255 | B64 (132), B64 (133), B64 (134), B64 (135), | |
256 | B64 (136), B64 (137), B64 (138), B64 (139), | |
257 | B64 (140), B64 (141), B64 (142), B64 (143), | |
258 | B64 (144), B64 (145), B64 (146), B64 (147), | |
259 | B64 (148), B64 (149), B64 (150), B64 (151), | |
260 | B64 (152), B64 (153), B64 (154), B64 (155), | |
261 | B64 (156), B64 (157), B64 (158), B64 (159), | |
262 | B64 (160), B64 (161), B64 (162), B64 (163), | |
263 | B64 (164), B64 (165), B64 (166), B64 (167), | |
264 | B64 (168), B64 (169), B64 (170), B64 (171), | |
265 | B64 (172), B64 (173), B64 (174), B64 (175), | |
266 | B64 (176), B64 (177), B64 (178), B64 (179), | |
267 | B64 (180), B64 (181), B64 (182), B64 (183), | |
268 | B64 (184), B64 (185), B64 (186), B64 (187), | |
269 | B64 (188), B64 (189), B64 (190), B64 (191), | |
270 | B64 (192), B64 (193), B64 (194), B64 (195), | |
271 | B64 (196), B64 (197), B64 (198), B64 (199), | |
272 | B64 (200), B64 (201), B64 (202), B64 (203), | |
273 | B64 (204), B64 (205), B64 (206), B64 (207), | |
274 | B64 (208), B64 (209), B64 (210), B64 (211), | |
275 | B64 (212), B64 (213), B64 (214), B64 (215), | |
276 | B64 (216), B64 (217), B64 (218), B64 (219), | |
277 | B64 (220), B64 (221), B64 (222), B64 (223), | |
278 | B64 (224), B64 (225), B64 (226), B64 (227), | |
279 | B64 (228), B64 (229), B64 (230), B64 (231), | |
280 | B64 (232), B64 (233), B64 (234), B64 (235), | |
281 | B64 (236), B64 (237), B64 (238), B64 (239), | |
282 | B64 (240), B64 (241), B64 (242), B64 (243), | |
283 | B64 (244), B64 (245), B64 (246), B64 (247), | |
284 | B64 (248), B64 (249), B64 (250), B64 (251), | |
285 | B64 (252), B64 (253), B64 (254), B64 (255) | |
286 | }; | |
287 | ||
288 | #if UCHAR_MAX == 255 | |
289 | # define uchar_in_range(c) true | |
290 | #else | |
291 | # define uchar_in_range(c) ((c) <= 255) | |
292 | #endif | |
293 | ||
294 | /* Return true if CH is a character from the Base64 alphabet, and | |
295 | false otherwise. Note that '=' is padding and not considered to be | |
296 | part of the alphabet. */ | |
297 | bool | |
298 | isbase64 (char ch) | |
299 | { | |
300 | return uchar_in_range (to_uchar (ch)) && 0 <= b64[to_uchar (ch)]; | |
301 | } | |
302 | ||
303 | /* Decode base64 encoded input array IN of length INLEN to output | |
304 | array OUT that can hold *OUTLEN bytes. Return true if decoding was | |
305 | successful, i.e. if the input was valid base64 data, false | |
306 | otherwise. If *OUTLEN is too small, as many bytes as possible will | |
307 | be written to OUT. On return, *OUTLEN holds the length of decoded | |
308 | bytes in OUT. Note that as soon as any non-alphabet characters are | |
309 | encountered, decoding is stopped and false is returned. This means | |
310 | that, when applicable, you must remove any line terminators that is | |
311 | part of the data stream before calling this function. */ | |
312 | bool | |
313 | base64_decode (const char *in, size_t inlen, | |
314 | char *out, size_t *outlen) | |
315 | { | |
316 | size_t outleft = *outlen; | |
317 | ||
318 | while (inlen >= 2) | |
319 | { | |
320 | if (!isbase64 (in[0]) || !isbase64 (in[1])) | |
321 | break; | |
322 | ||
323 | if (outleft) | |
324 | { | |
325 | *out++ = ((b64[to_uchar (in[0])] << 2) | |
326 | | (b64[to_uchar (in[1])] >> 4)); | |
327 | outleft--; | |
328 | } | |
329 | ||
330 | if (inlen == 2) | |
331 | break; | |
332 | ||
333 | if (in[2] == '=') | |
334 | { | |
335 | if (inlen != 4) | |
336 | break; | |
337 | ||
338 | if (in[3] != '=') | |
339 | break; | |
340 | ||
341 | } | |
342 | else | |
343 | { | |
344 | if (!isbase64 (in[2])) | |
345 | break; | |
346 | ||
347 | if (outleft) | |
348 | { | |
349 | *out++ = (((b64[to_uchar (in[1])] << 4) & 0xf0) | |
350 | | (b64[to_uchar (in[2])] >> 2)); | |
351 | outleft--; | |
352 | } | |
353 | ||
354 | if (inlen == 3) | |
355 | break; | |
356 | ||
357 | if (in[3] == '=') | |
358 | { | |
359 | if (inlen != 4) | |
360 | break; | |
361 | } | |
362 | else | |
363 | { | |
364 | if (!isbase64 (in[3])) | |
365 | break; | |
366 | ||
367 | if (outleft) | |
368 | { | |
369 | *out++ = (((b64[to_uchar (in[2])] << 6) & 0xc0) | |
370 | | b64[to_uchar (in[3])]); | |
371 | outleft--; | |
372 | } | |
373 | } | |
374 | } | |
375 | ||
376 | in += 4; | |
377 | inlen -= 4; | |
378 | } | |
379 | ||
380 | *outlen -= outleft; | |
381 | ||
382 | if (inlen != 0) | |
383 | return false; | |
384 | ||
385 | return true; | |
386 | } | |
387 | ||
388 | /* Allocate an output buffer in *OUT, and decode the base64 encoded | |
389 | data stored in IN of size INLEN to the *OUT buffer. On return, the | |
390 | size of the decoded data is stored in *OUTLEN. OUTLEN may be NULL, | |
391 | if the caller is not interested in the decoded length. *OUT may be | |
392 | NULL to indicate an out of memory error, in which case *OUTLEN | |
393 | contains the size of the memory block needed. The function returns | |
394 | true on successful decoding and memory allocation errors. (Use the | |
395 | *OUT and *OUTLEN parameters to differentiate between successful | |
396 | decoding and memory error.) The function returns false if the | |
397 | input was invalid, in which case *OUT is NULL and *OUTLEN is | |
398 | undefined. */ | |
399 | bool | |
400 | base64_decode_alloc (const char *in, size_t inlen, char **out, | |
401 | size_t *outlen) | |
402 | { | |
403 | /* This may allocate a few bytes too much, depending on input, | |
404 | but it's not worth the extra CPU time to compute the exact amount. | |
405 | The exact amount is 3 * inlen / 4, minus 1 if the input ends | |
406 | with "=" and minus another 1 if the input ends with "==". | |
407 | Dividing before multiplying avoids the possibility of overflow. */ | |
408 | size_t needlen = 3 * (inlen / 4) + 2; | |
409 | ||
410 | *out = malloc (needlen); | |
411 | if (!*out) | |
412 | return true; | |
413 | ||
414 | if (!base64_decode (in, inlen, *out, &needlen)) | |
415 | { | |
416 | free (*out); | |
417 | *out = NULL; | |
418 | return false; | |
419 | } | |
420 | ||
421 | if (outlen) | |
422 | *outlen = needlen; | |
423 | ||
424 | return true; | |
425 | } |