1*0Sstevel@tonic-gate /* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */ 2*0Sstevel@tonic-gate 3*0Sstevel@tonic-gate /* 4*0Sstevel@tonic-gate * Copyright (c) 1996 by Internet Software Consortium. 5*0Sstevel@tonic-gate * 6*0Sstevel@tonic-gate * Permission to use, copy, modify, and distribute this software for any 7*0Sstevel@tonic-gate * purpose with or without fee is hereby granted, provided that the above 8*0Sstevel@tonic-gate * copyright notice and this permission notice appear in all copies. 9*0Sstevel@tonic-gate * 10*0Sstevel@tonic-gate * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS 11*0Sstevel@tonic-gate * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES 12*0Sstevel@tonic-gate * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE 13*0Sstevel@tonic-gate * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 14*0Sstevel@tonic-gate * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 15*0Sstevel@tonic-gate * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS 16*0Sstevel@tonic-gate * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS 17*0Sstevel@tonic-gate * SOFTWARE. 18*0Sstevel@tonic-gate */ 19*0Sstevel@tonic-gate 20*0Sstevel@tonic-gate /* 21*0Sstevel@tonic-gate * Portions Copyright (c) 1995 by International Business Machines, Inc. 22*0Sstevel@tonic-gate * 23*0Sstevel@tonic-gate * International Business Machines, Inc. (hereinafter called IBM) grants 24*0Sstevel@tonic-gate * permission under its copyrights to use, copy, modify, and distribute this 25*0Sstevel@tonic-gate * Software with or without fee, provided that the above copyright notice and 26*0Sstevel@tonic-gate * all paragraphs of this notice appear in all copies, and that the name of IBM 27*0Sstevel@tonic-gate * not be used in connection with the marketing of any product incorporating 28*0Sstevel@tonic-gate * the Software or modifications thereof, without specific, written prior 29*0Sstevel@tonic-gate * permission. 30*0Sstevel@tonic-gate * 31*0Sstevel@tonic-gate * To the extent it has a right to do so, IBM grants an immunity from suit 32*0Sstevel@tonic-gate * under its patents, if any, for the use, sale or manufacture of products to 33*0Sstevel@tonic-gate * the extent that such products are used for performing Domain Name System 34*0Sstevel@tonic-gate * dynamic updates in TCP/IP networks by means of the Software. No immunity is 35*0Sstevel@tonic-gate * granted for any product per se or for any other function of any product. 36*0Sstevel@tonic-gate * 37*0Sstevel@tonic-gate * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, 38*0Sstevel@tonic-gate * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 39*0Sstevel@tonic-gate * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, 40*0Sstevel@tonic-gate * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING 41*0Sstevel@tonic-gate * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN 42*0Sstevel@tonic-gate * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. 43*0Sstevel@tonic-gate */ 44*0Sstevel@tonic-gate 45*0Sstevel@tonic-gate #include "includes.h" 46*0Sstevel@tonic-gate 47*0Sstevel@tonic-gate #if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) 48*0Sstevel@tonic-gate 49*0Sstevel@tonic-gate #include <sys/types.h> 50*0Sstevel@tonic-gate #include <sys/param.h> 51*0Sstevel@tonic-gate #include <sys/socket.h> 52*0Sstevel@tonic-gate #include <netinet/in.h> 53*0Sstevel@tonic-gate #include <arpa/inet.h> 54*0Sstevel@tonic-gate 55*0Sstevel@tonic-gate #include <ctype.h> 56*0Sstevel@tonic-gate #include <stdio.h> 57*0Sstevel@tonic-gate 58*0Sstevel@tonic-gate #include <stdlib.h> 59*0Sstevel@tonic-gate #include <string.h> 60*0Sstevel@tonic-gate 61*0Sstevel@tonic-gate #include "base64.h" 62*0Sstevel@tonic-gate 63*0Sstevel@tonic-gate /* XXX abort illegal in library */ 64*0Sstevel@tonic-gate #define Assert(Cond) if (!(Cond)) abort() 65*0Sstevel@tonic-gate 66*0Sstevel@tonic-gate static const char Base64[] = 67*0Sstevel@tonic-gate "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 68*0Sstevel@tonic-gate static const char Pad64 = '='; 69*0Sstevel@tonic-gate 70*0Sstevel@tonic-gate /* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) 71*0Sstevel@tonic-gate The following encoding technique is taken from RFC 1521 by Borenstein 72*0Sstevel@tonic-gate and Freed. It is reproduced here in a slightly edited form for 73*0Sstevel@tonic-gate convenience. 74*0Sstevel@tonic-gate 75*0Sstevel@tonic-gate A 65-character subset of US-ASCII is used, enabling 6 bits to be 76*0Sstevel@tonic-gate represented per printable character. (The extra 65th character, "=", 77*0Sstevel@tonic-gate is used to signify a special processing function.) 78*0Sstevel@tonic-gate 79*0Sstevel@tonic-gate The encoding process represents 24-bit groups of input bits as output 80*0Sstevel@tonic-gate strings of 4 encoded characters. Proceeding from left to right, a 81*0Sstevel@tonic-gate 24-bit input group is formed by concatenating 3 8-bit input groups. 82*0Sstevel@tonic-gate These 24 bits are then treated as 4 concatenated 6-bit groups, each 83*0Sstevel@tonic-gate of which is translated into a single digit in the base64 alphabet. 84*0Sstevel@tonic-gate 85*0Sstevel@tonic-gate Each 6-bit group is used as an index into an array of 64 printable 86*0Sstevel@tonic-gate characters. The character referenced by the index is placed in the 87*0Sstevel@tonic-gate output string. 88*0Sstevel@tonic-gate 89*0Sstevel@tonic-gate Table 1: The Base64 Alphabet 90*0Sstevel@tonic-gate 91*0Sstevel@tonic-gate Value Encoding Value Encoding Value Encoding Value Encoding 92*0Sstevel@tonic-gate 0 A 17 R 34 i 51 z 93*0Sstevel@tonic-gate 1 B 18 S 35 j 52 0 94*0Sstevel@tonic-gate 2 C 19 T 36 k 53 1 95*0Sstevel@tonic-gate 3 D 20 U 37 l 54 2 96*0Sstevel@tonic-gate 4 E 21 V 38 m 55 3 97*0Sstevel@tonic-gate 5 F 22 W 39 n 56 4 98*0Sstevel@tonic-gate 6 G 23 X 40 o 57 5 99*0Sstevel@tonic-gate 7 H 24 Y 41 p 58 6 100*0Sstevel@tonic-gate 8 I 25 Z 42 q 59 7 101*0Sstevel@tonic-gate 9 J 26 a 43 r 60 8 102*0Sstevel@tonic-gate 10 K 27 b 44 s 61 9 103*0Sstevel@tonic-gate 11 L 28 c 45 t 62 + 104*0Sstevel@tonic-gate 12 M 29 d 46 u 63 / 105*0Sstevel@tonic-gate 13 N 30 e 47 v 106*0Sstevel@tonic-gate 14 O 31 f 48 w (pad) = 107*0Sstevel@tonic-gate 15 P 32 g 49 x 108*0Sstevel@tonic-gate 16 Q 33 h 50 y 109*0Sstevel@tonic-gate 110*0Sstevel@tonic-gate Special processing is performed if fewer than 24 bits are available 111*0Sstevel@tonic-gate at the end of the data being encoded. A full encoding quantum is 112*0Sstevel@tonic-gate always completed at the end of a quantity. When fewer than 24 input 113*0Sstevel@tonic-gate bits are available in an input group, zero bits are added (on the 114*0Sstevel@tonic-gate right) to form an integral number of 6-bit groups. Padding at the 115*0Sstevel@tonic-gate end of the data is performed using the '=' character. 116*0Sstevel@tonic-gate 117*0Sstevel@tonic-gate Since all base64 input is an integral number of octets, only the 118*0Sstevel@tonic-gate ------------------------------------------------- 119*0Sstevel@tonic-gate following cases can arise: 120*0Sstevel@tonic-gate 121*0Sstevel@tonic-gate (1) the final quantum of encoding input is an integral 122*0Sstevel@tonic-gate multiple of 24 bits; here, the final unit of encoded 123*0Sstevel@tonic-gate output will be an integral multiple of 4 characters 124*0Sstevel@tonic-gate with no "=" padding, 125*0Sstevel@tonic-gate (2) the final quantum of encoding input is exactly 8 bits; 126*0Sstevel@tonic-gate here, the final unit of encoded output will be two 127*0Sstevel@tonic-gate characters followed by two "=" padding characters, or 128*0Sstevel@tonic-gate (3) the final quantum of encoding input is exactly 16 bits; 129*0Sstevel@tonic-gate here, the final unit of encoded output will be three 130*0Sstevel@tonic-gate characters followed by one "=" padding character. 131*0Sstevel@tonic-gate */ 132*0Sstevel@tonic-gate 133*0Sstevel@tonic-gate int 134*0Sstevel@tonic-gate b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) 135*0Sstevel@tonic-gate { 136*0Sstevel@tonic-gate size_t datalength = 0; 137*0Sstevel@tonic-gate u_char input[3]; 138*0Sstevel@tonic-gate u_char output[4]; 139*0Sstevel@tonic-gate int i; 140*0Sstevel@tonic-gate 141*0Sstevel@tonic-gate while (2 < srclength) { 142*0Sstevel@tonic-gate input[0] = *src++; 143*0Sstevel@tonic-gate input[1] = *src++; 144*0Sstevel@tonic-gate input[2] = *src++; 145*0Sstevel@tonic-gate srclength -= 3; 146*0Sstevel@tonic-gate 147*0Sstevel@tonic-gate output[0] = input[0] >> 2; 148*0Sstevel@tonic-gate output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); 149*0Sstevel@tonic-gate output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); 150*0Sstevel@tonic-gate output[3] = input[2] & 0x3f; 151*0Sstevel@tonic-gate Assert(output[0] < 64); 152*0Sstevel@tonic-gate Assert(output[1] < 64); 153*0Sstevel@tonic-gate Assert(output[2] < 64); 154*0Sstevel@tonic-gate Assert(output[3] < 64); 155*0Sstevel@tonic-gate 156*0Sstevel@tonic-gate if (datalength + 4 > targsize) 157*0Sstevel@tonic-gate return (-1); 158*0Sstevel@tonic-gate target[datalength++] = Base64[output[0]]; 159*0Sstevel@tonic-gate target[datalength++] = Base64[output[1]]; 160*0Sstevel@tonic-gate target[datalength++] = Base64[output[2]]; 161*0Sstevel@tonic-gate target[datalength++] = Base64[output[3]]; 162*0Sstevel@tonic-gate } 163*0Sstevel@tonic-gate 164*0Sstevel@tonic-gate /* Now we worry about padding. */ 165*0Sstevel@tonic-gate if (0 != srclength) { 166*0Sstevel@tonic-gate /* Get what's left. */ 167*0Sstevel@tonic-gate input[0] = input[1] = input[2] = '\0'; 168*0Sstevel@tonic-gate for (i = 0; i < srclength; i++) 169*0Sstevel@tonic-gate input[i] = *src++; 170*0Sstevel@tonic-gate 171*0Sstevel@tonic-gate output[0] = input[0] >> 2; 172*0Sstevel@tonic-gate output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); 173*0Sstevel@tonic-gate output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); 174*0Sstevel@tonic-gate Assert(output[0] < 64); 175*0Sstevel@tonic-gate Assert(output[1] < 64); 176*0Sstevel@tonic-gate Assert(output[2] < 64); 177*0Sstevel@tonic-gate 178*0Sstevel@tonic-gate if (datalength + 4 > targsize) 179*0Sstevel@tonic-gate return (-1); 180*0Sstevel@tonic-gate target[datalength++] = Base64[output[0]]; 181*0Sstevel@tonic-gate target[datalength++] = Base64[output[1]]; 182*0Sstevel@tonic-gate if (srclength == 1) 183*0Sstevel@tonic-gate target[datalength++] = Pad64; 184*0Sstevel@tonic-gate else 185*0Sstevel@tonic-gate target[datalength++] = Base64[output[2]]; 186*0Sstevel@tonic-gate target[datalength++] = Pad64; 187*0Sstevel@tonic-gate } 188*0Sstevel@tonic-gate if (datalength >= targsize) 189*0Sstevel@tonic-gate return (-1); 190*0Sstevel@tonic-gate target[datalength] = '\0'; /* Returned value doesn't count \0. */ 191*0Sstevel@tonic-gate return (datalength); 192*0Sstevel@tonic-gate } 193*0Sstevel@tonic-gate 194*0Sstevel@tonic-gate /* skips all whitespace anywhere. 195*0Sstevel@tonic-gate converts characters, four at a time, starting at (or after) 196*0Sstevel@tonic-gate src from base - 64 numbers into three 8 bit bytes in the target area. 197*0Sstevel@tonic-gate it returns the number of data bytes stored at the target, or -1 on error. 198*0Sstevel@tonic-gate */ 199*0Sstevel@tonic-gate 200*0Sstevel@tonic-gate int 201*0Sstevel@tonic-gate b64_pton(char const *src, u_char *target, size_t targsize) 202*0Sstevel@tonic-gate { 203*0Sstevel@tonic-gate int tarindex, state, ch; 204*0Sstevel@tonic-gate char *pos; 205*0Sstevel@tonic-gate 206*0Sstevel@tonic-gate state = 0; 207*0Sstevel@tonic-gate tarindex = 0; 208*0Sstevel@tonic-gate 209*0Sstevel@tonic-gate while ((ch = *src++) != '\0') { 210*0Sstevel@tonic-gate if (isspace(ch)) /* Skip whitespace anywhere. */ 211*0Sstevel@tonic-gate continue; 212*0Sstevel@tonic-gate 213*0Sstevel@tonic-gate if (ch == Pad64) 214*0Sstevel@tonic-gate break; 215*0Sstevel@tonic-gate 216*0Sstevel@tonic-gate pos = strchr(Base64, ch); 217*0Sstevel@tonic-gate if (pos == 0) /* A non-base64 character. */ 218*0Sstevel@tonic-gate return (-1); 219*0Sstevel@tonic-gate 220*0Sstevel@tonic-gate switch (state) { 221*0Sstevel@tonic-gate case 0: 222*0Sstevel@tonic-gate if (target) { 223*0Sstevel@tonic-gate if (tarindex >= targsize) 224*0Sstevel@tonic-gate return (-1); 225*0Sstevel@tonic-gate target[tarindex] = (pos - Base64) << 2; 226*0Sstevel@tonic-gate } 227*0Sstevel@tonic-gate state = 1; 228*0Sstevel@tonic-gate break; 229*0Sstevel@tonic-gate case 1: 230*0Sstevel@tonic-gate if (target) { 231*0Sstevel@tonic-gate if (tarindex + 1 >= targsize) 232*0Sstevel@tonic-gate return (-1); 233*0Sstevel@tonic-gate target[tarindex] |= (pos - Base64) >> 4; 234*0Sstevel@tonic-gate target[tarindex+1] = ((pos - Base64) & 0x0f) 235*0Sstevel@tonic-gate << 4 ; 236*0Sstevel@tonic-gate } 237*0Sstevel@tonic-gate tarindex++; 238*0Sstevel@tonic-gate state = 2; 239*0Sstevel@tonic-gate break; 240*0Sstevel@tonic-gate case 2: 241*0Sstevel@tonic-gate if (target) { 242*0Sstevel@tonic-gate if (tarindex + 1 >= targsize) 243*0Sstevel@tonic-gate return (-1); 244*0Sstevel@tonic-gate target[tarindex] |= (pos - Base64) >> 2; 245*0Sstevel@tonic-gate target[tarindex+1] = ((pos - Base64) & 0x03) 246*0Sstevel@tonic-gate << 6; 247*0Sstevel@tonic-gate } 248*0Sstevel@tonic-gate tarindex++; 249*0Sstevel@tonic-gate state = 3; 250*0Sstevel@tonic-gate break; 251*0Sstevel@tonic-gate case 3: 252*0Sstevel@tonic-gate if (target) { 253*0Sstevel@tonic-gate if (tarindex >= targsize) 254*0Sstevel@tonic-gate return (-1); 255*0Sstevel@tonic-gate target[tarindex] |= (pos - Base64); 256*0Sstevel@tonic-gate } 257*0Sstevel@tonic-gate tarindex++; 258*0Sstevel@tonic-gate state = 0; 259*0Sstevel@tonic-gate break; 260*0Sstevel@tonic-gate } 261*0Sstevel@tonic-gate } 262*0Sstevel@tonic-gate 263*0Sstevel@tonic-gate /* 264*0Sstevel@tonic-gate * We are done decoding Base-64 chars. Let's see if we ended 265*0Sstevel@tonic-gate * on a byte boundary, and/or with erroneous trailing characters. 266*0Sstevel@tonic-gate */ 267*0Sstevel@tonic-gate 268*0Sstevel@tonic-gate if (ch == Pad64) { /* We got a pad char. */ 269*0Sstevel@tonic-gate ch = *src++; /* Skip it, get next. */ 270*0Sstevel@tonic-gate switch (state) { 271*0Sstevel@tonic-gate case 0: /* Invalid = in first position */ 272*0Sstevel@tonic-gate case 1: /* Invalid = in second position */ 273*0Sstevel@tonic-gate return (-1); 274*0Sstevel@tonic-gate 275*0Sstevel@tonic-gate case 2: /* Valid, means one byte of info */ 276*0Sstevel@tonic-gate /* Skip any number of spaces. */ 277*0Sstevel@tonic-gate for (; ch != '\0'; ch = *src++) 278*0Sstevel@tonic-gate if (!isspace(ch)) 279*0Sstevel@tonic-gate break; 280*0Sstevel@tonic-gate /* Make sure there is another trailing = sign. */ 281*0Sstevel@tonic-gate if (ch != Pad64) 282*0Sstevel@tonic-gate return (-1); 283*0Sstevel@tonic-gate ch = *src++; /* Skip the = */ 284*0Sstevel@tonic-gate /* Fall through to "single trailing =" case. */ 285*0Sstevel@tonic-gate /* FALLTHROUGH */ 286*0Sstevel@tonic-gate 287*0Sstevel@tonic-gate case 3: /* Valid, means two bytes of info */ 288*0Sstevel@tonic-gate /* 289*0Sstevel@tonic-gate * We know this char is an =. Is there anything but 290*0Sstevel@tonic-gate * whitespace after it? 291*0Sstevel@tonic-gate */ 292*0Sstevel@tonic-gate for (; ch != '\0'; ch = *src++) 293*0Sstevel@tonic-gate if (!isspace(ch)) 294*0Sstevel@tonic-gate return (-1); 295*0Sstevel@tonic-gate 296*0Sstevel@tonic-gate /* 297*0Sstevel@tonic-gate * Now make sure for cases 2 and 3 that the "extra" 298*0Sstevel@tonic-gate * bits that slopped past the last full byte were 299*0Sstevel@tonic-gate * zeros. If we don't check them, they become a 300*0Sstevel@tonic-gate * subliminal channel. 301*0Sstevel@tonic-gate */ 302*0Sstevel@tonic-gate if (target && target[tarindex] != 0) 303*0Sstevel@tonic-gate return (-1); 304*0Sstevel@tonic-gate } 305*0Sstevel@tonic-gate } else { 306*0Sstevel@tonic-gate /* 307*0Sstevel@tonic-gate * We ended by seeing the end of the string. Make sure we 308*0Sstevel@tonic-gate * have no partial bytes lying around. 309*0Sstevel@tonic-gate */ 310*0Sstevel@tonic-gate if (state != 0) 311*0Sstevel@tonic-gate return (-1); 312*0Sstevel@tonic-gate } 313*0Sstevel@tonic-gate 314*0Sstevel@tonic-gate return (tarindex); 315*0Sstevel@tonic-gate } 316*0Sstevel@tonic-gate 317*0Sstevel@tonic-gate #endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */ 318*0Sstevel@tonic-gate 319*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 320