• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "base/base64.h"
6 
7 #include <stddef.h>
8 
9 #include <string_view>
10 
11 #include "base/check.h"
12 #include "base/numerics/checked_math.h"
13 #include "base/strings/string_util.h"
14 #include "third_party/modp_b64/modp_b64.h"
15 
16 namespace base {
17 
18 namespace {
19 
GetModpPolicy(Base64DecodePolicy policy)20 ModpDecodePolicy GetModpPolicy(Base64DecodePolicy policy) {
21   switch (policy) {
22     case Base64DecodePolicy::kStrict:
23       return ModpDecodePolicy::kStrict;
24     case Base64DecodePolicy::kForgiving:
25       return ModpDecodePolicy::kForgiving;
26   }
27 }
28 
29 }  // namespace
30 
Base64Encode(span<const uint8_t> input)31 std::string Base64Encode(span<const uint8_t> input) {
32   std::string output;
33   Base64EncodeAppend(input, &output);
34   return output;
35 }
36 
Base64EncodeAppend(span<const uint8_t> input,std::string * output)37 void Base64EncodeAppend(span<const uint8_t> input, std::string* output) {
38   // Ensure `modp_b64_encode_data_len` will not overflow.
39   CHECK_LE(input.size(), MODP_B64_MAX_INPUT_LEN);
40   size_t encode_data_len = modp_b64_encode_data_len(input.size());
41 
42   const size_t after_size =
43       base::CheckAdd(encode_data_len, output->size()).ValueOrDie();
44   output->resize(after_size);
45 
46   span<const char> read = base::as_chars(input);
47   span<char> write = base::span(*output).last(encode_data_len);
48 
49   const size_t written_size = modp_b64_encode_data(
50       write.data(),  // This must point to `encode_data_len` many chars.
51       read.data(), read.size());
52   // If this failed it would indicate we wrote OOB or left bytes uninitialized.
53   // It's possible for this to be elided by the compiler, since writing OOB is
54   // UB.
55   CHECK_EQ(written_size, write.size());
56 }
57 
Base64Encode(std::string_view input)58 std::string Base64Encode(std::string_view input) {
59   return Base64Encode(base::as_byte_span(input));
60 }
61 
Base64Decode(std::string_view input,std::string * output,Base64DecodePolicy policy)62 bool Base64Decode(std::string_view input,
63                   std::string* output,
64                   Base64DecodePolicy policy) {
65   std::string decode_buf;
66   decode_buf.resize(modp_b64_decode_len(input.size()));
67 
68   // Does not NUL-terminate result since result is binary data!
69   size_t written_size = modp_b64_decode(decode_buf.data(), input.data(),
70                                         input.size(), GetModpPolicy(policy));
71 
72   // Forgiving mode requires whitespace to be stripped prior to decoding.
73   // We don't do that in the above code to ensure that the "happy path" of
74   // input without whitespace is as fast as possible. Since whitespace in input
75   // will always cause `modp_b64_decode` to fail, just handle whitespace
76   // stripping on failure. This is not much slower than just scanning for
77   // whitespace first, even for input with whitespace.
78   if (written_size == MODP_B64_ERROR &&
79       policy == Base64DecodePolicy::kForgiving) {
80     // We could use `output` here to avoid an allocation when decoding is done
81     // in-place, but it violates the API contract that `output` is only modified
82     // on success.
83     std::string input_without_whitespace;
84     RemoveChars(input, kInfraAsciiWhitespace, &input_without_whitespace);
85     // This means that the required size to decode is at most what was needed
86     // above, which means `decode_buf` will fit the decoded bytes at its current
87     // size and we don't need to call `modp_b64_decode_len()` again.
88     CHECK_LE(input_without_whitespace.size(), input.size());
89     written_size =
90         modp_b64_decode(decode_buf.data(), input_without_whitespace.data(),
91                         input_without_whitespace.size(), GetModpPolicy(policy));
92   }
93 
94   if (written_size == MODP_B64_ERROR) {
95     return false;
96   }
97 
98   // If this failed it would indicate we wrote OOB. It's possible for this to be
99   // elided by the compiler, since writing OOB is UB.
100   CHECK_LE(written_size, decode_buf.size());
101 
102   // Shrinks the buffer and makes it NUL-terminated.
103   decode_buf.resize(written_size);
104   *output = std::move(decode_buf);
105   return true;
106 }
107 
Base64Decode(std::string_view input)108 std::optional<std::vector<uint8_t>> Base64Decode(std::string_view input) {
109   std::vector<uint8_t> write_buf(modp_b64_decode_len(input.size()));
110   span<char> write = base::as_writable_chars(base::span(write_buf));
111 
112   size_t written_size =
113       modp_b64_decode(write.data(), input.data(), input.size());
114   if (written_size == MODP_B64_ERROR) {
115     return std::nullopt;
116   }
117 
118   // If this failed it would indicate we wrote OOB. It's possible for this to be
119   // elided by the compiler, since writing OOB is UB.
120   CHECK_LE(written_size, write.size());
121 
122   write_buf.resize(written_size);
123   return write_buf;
124 }
125 
126 }  // namespace base
127