From: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue, 28 May 2013 11:39:15 +0000 (+0200)
Subject: Improve base64 encoding/decoding, add URL-safe variant.
X-Git-Tag: release-1.1pre8~41
X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=c3d357af6c73d538f7cbcaca293ebbca666d3a82

Improve base64 encoding/decoding, add URL-safe variant.

b64decode() now returns length 0 when an invalid character was encountered.
---

diff --git a/src/protocol_key.c b/src/protocol_key.c
index af103c62..0eeddb86 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -158,11 +158,12 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
 				logger(DEBUG_ALWAYS, LOG_DEBUG, "Got REQ_KEY from %s while we already started a SPTPS session!", from->name);
 
 			char buf[MAX_STRING_SIZE];
-			if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) {
+			int len;
+
+			if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1 || !(len = b64decode(buf, buf, strlen(buf)))) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS_START", from->name, from->hostname, "invalid SPTPS data");
 				return true;
 			}
-			int len = b64decode(buf, buf, strlen(buf));
 
 			char label[25 + strlen(from->name) + strlen(myself->name)];
 			snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name);
@@ -182,11 +183,11 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
 			}
 
 			char buf[MAX_STRING_SIZE];
-			if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) {
+			int len;
+			if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1 || !(len = b64decode(buf, buf, strlen(buf)))) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS", from->name, from->hostname, "invalid SPTPS data");
 				return true;
 			}
-			int len = b64decode(buf, buf, strlen(buf));
 			sptps_receive_data(&from->sptps, buf, len);
 			return true;
 		}
@@ -375,7 +376,7 @@ bool ans_key_h(connection_t *c, const char *request) {
 		char buf[strlen(key)];
 		int len = b64decode(key, buf, strlen(key));
 
-		if(!sptps_receive_data(&from->sptps, buf, len))
+		if(!len || !sptps_receive_data(&from->sptps, buf, len))
 			logger(DEBUG_ALWAYS, LOG_ERR, "Error processing SPTPS data from %s (%s)", from->name, from->hostname);
 
 		if(from->status.validkey) {
diff --git a/src/utils.c b/src/utils.c
index aefec8c8..dca88d6d 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -24,7 +24,26 @@
 #include "utils.h"
 
 static const char hexadecimals[] = "0123456789ABCDEF";
-static const char base64imals[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const char base64_original[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const char base64_urlsafe[] =  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+static const char base64_decode[256] = {
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, 62, -1, 63,
+	52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1,
+	-1,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14,
+	15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, 63,
+	-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+	41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+};
 
 static int charhex2bin(char c) {
 	if(isdigit(c))
@@ -33,19 +52,6 @@ static int charhex2bin(char c) {
 		return toupper(c) - 'A' + 10;
 }
 
-static int charb64decode(char c) {
-	if(c >= 'a')
-		return c - 'a' + 26;
-	else if(c >= 'A')
-		return c - 'A';
-	else if(c >= '0')
-		return c - '0' + 52;
-	else if(c == '+')
-		return 62;
-	else
-		return 63;
-}
-
 int hex2bin(const char *src, char *dst, int length) {
 	int i;
 	for(i = 0; i < length && isxdigit(src[i * 2]) && isxdigit(src[i * 2 + 1]); i++)
@@ -68,8 +74,10 @@ int b64decode(const char *src, char *dst, int length) {
 	unsigned char *udst = (unsigned char *)dst;
 
 	for(i = 0; i < length / 3 * 4 && src[i]; i++) {
-		triplet |= charb64decode(src[i]) << (6 * (i & 3));
+		triplet |= base64_decode[src[i] & 0xff] << (6 * (i & 3));
 		if((i & 3) == 3) {
+			if(triplet & 0xff000000U)
+				return 0;
 			udst[0] = triplet & 0xff; triplet >>= 8;
 			udst[1] = triplet & 0xff; triplet >>= 8;
 			udst[2] = triplet;
@@ -77,6 +85,8 @@ int b64decode(const char *src, char *dst, int length) {
 			udst += 3;
 		}
 	}
+	if(triplet & 0xff000000U)
+		return 0;
 	if((i & 3) == 3) {
 		udst[0] = triplet & 0xff; triplet >>= 8;
 		udst[1] = triplet & 0xff;
@@ -89,7 +99,7 @@ int b64decode(const char *src, char *dst, int length) {
 	}
 }
 
-int b64encode(const char *src, char *dst, int length) {
+static int b64encode_internal(const char *src, char *dst, int length, const char *alphabet) {
 	uint32_t triplet;
 	const unsigned char *usrc = (unsigned char *)src;
 	int si = length / 3 * 3;
@@ -98,16 +108,16 @@ int b64encode(const char *src, char *dst, int length) {
 	switch(length % 3) {
 		case 2:
 			triplet = usrc[si] | usrc[si + 1] << 8;
-			dst[di] = base64imals[triplet & 63]; triplet >>= 6;
-			dst[di + 1] = base64imals[triplet & 63]; triplet >>= 6;
-			dst[di + 2] = base64imals[triplet];
+			dst[di] = alphabet[triplet & 63]; triplet >>= 6;
+			dst[di + 1] = alphabet[triplet & 63]; triplet >>= 6;
+			dst[di + 2] = alphabet[triplet];
 			dst[di + 3] = 0;
 			length = di + 2;
 			break;
 		case 1:
 			triplet = usrc[si];
-			dst[di] = base64imals[triplet & 63]; triplet >>= 6;
-			dst[di + 1] = base64imals[triplet];
+			dst[di] = alphabet[triplet & 63]; triplet >>= 6;
+			dst[di + 1] = alphabet[triplet];
 			dst[di + 2] = 0;
 			length = di + 1;
 			break;
@@ -121,15 +131,23 @@ int b64encode(const char *src, char *dst, int length) {
 		di -= 4;
 		si -= 3;
 		triplet = usrc[si] | usrc[si + 1] << 8 | usrc[si + 2] << 16;
-		dst[di] = base64imals[triplet & 63]; triplet >>= 6;
-		dst[di + 1] = base64imals[triplet & 63]; triplet >>= 6;
-		dst[di + 2] = base64imals[triplet & 63]; triplet >>= 6;
-		dst[di + 3] = base64imals[triplet];
+		dst[di] = alphabet[triplet & 63]; triplet >>= 6;
+		dst[di + 1] = alphabet[triplet & 63]; triplet >>= 6;
+		dst[di + 2] = alphabet[triplet & 63]; triplet >>= 6;
+		dst[di + 3] = alphabet[triplet];
 	}
 
 	return length;
 }
 
+int b64encode(const char *src, char *dst, int length) {
+	return b64encode_internal(src, dst, length, base64_original);
+}
+
+int b64encode_urlsafe(const char *src, char *dst, int length) {
+	return b64encode_internal(src, dst, length, base64_urlsafe);
+}
+
 #if defined(HAVE_MINGW) || defined(HAVE_CYGWIN)
 #ifdef HAVE_CYGWIN
 #include <w32api/windows.h>
diff --git a/src/utils.h b/src/utils.h
index 04e478af..f3272910 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -25,6 +25,7 @@ extern int hex2bin(const char *src, char *dst, int length);
 extern int bin2hex(const char *src, char *dst, int length);
 
 extern int b64encode(const char *src, char *dst, int length);
+extern int b64encode_urlsafe(const char *src, char *dst, int length);
 extern int b64decode(const char *src, char *dst, int length);
 
 #ifdef HAVE_MINGW