Browse Source

[core] refactor base64 functions into separate file

Differential Revision: https://review.lighttpd.net/D6

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3053 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.38
Stefan Bühler 6 years ago
parent
commit
b0a4421272
  1. 2
      src/CMakeLists.txt
  2. 16
      src/Makefile.am
  3. 2
      src/SConscript
  4. 233
      src/base64.c
  5. 19
      src/base64.h
  6. 125
      src/http_auth.c

2
src/CMakeLists.txt

@ -474,7 +474,7 @@ add_definitions(-DHAVE_CONFIG_H)
include_directories(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR})
set(COMMON_SRC
buffer.c log.c
base64.c buffer.c log.c
keyvalue.c chunk.c
http_chunk.c stream.c fdevent.c
stat_cache.c plugin.c joblist.c etag.c array.c

16
src/Makefile.am

@ -56,7 +56,7 @@ BUILT_SOURCES = parsers versionstamp
MAINTAINERCLEANFILES = configparser.c configparser.h mod_ssi_exprparser.c mod_ssi_exprparser.h
CLEANFILES = versionstamp.h versionstamp.h.tmp
common_src=buffer.c log.c \
common_src=base64.c buffer.c log.c \
keyvalue.c chunk.c \
http_chunk.c stream.c fdevent.c \
stat_cache.c plugin.c joblist.c etag.c array.c \
@ -294,20 +294,6 @@ proc_open_SOURCES = proc_open.c buffer.c
proc_open_LDADD = $(LIBUNWIND_LIBS)
proc_open_CPPFLAGS= -DDEBUG_PROC_OPEN
#gen_license_SOURCES = license.c md5.c buffer.c gen_license.c
#ssl_SOURCES = ssl.c
#adserver_SOURCES = buffer.c iframe.c
#adserver_LDADD = -lfcgi -lmysqlclient
#error_test_SOURCES = error_test.c
#evalo_SOURCES = buffer.c eval.c
#bench_SOURCES = buffer.c bench.c
#ajp_SOURCES = ajp.c
noinst_HEADERS = $(hdr)
EXTRA_DIST = \
mod_skeleton.c \

2
src/SConscript

@ -8,7 +8,7 @@ Import('env')
def GatherLibs(env, *libs):
return env['LIBS'] + [libs] + [env['APPEND_LIBS']]
common_src = Split("buffer.c log.c \
common_src = Split("base64.c buffer.c log.c \
keyvalue.c chunk.c \
http_chunk.c stream.c fdevent.c \
stat_cache.c plugin.c joblist.c etag.c array.c \

233
src/base64.c

@ -0,0 +1,233 @@
#include "base64.h"
/* reverse mapping:
* >= 0: base64 value
* -1: invalid character
* -2: skip character (whitespace/control)
* -3: padding
*/
/* BASE64_STANDARD: "A-Z a-z 0-9 + /" maps to 0-63, pad with "=" */
static const char base64_standard_table[66] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
static const short base64_standard_reverse_table[128] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
-1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */
-2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F */
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -3, -1, -1, /* 0x30 - 0x3F */
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F */
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F */
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F */
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F */
};
/* BASE64_URL: "A-Z a-z 0-9 - _" maps to 0-63, pad with "." */
static const char base64_url_table[66] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.";
static const short base64_url_reverse_table[128] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
-1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */
-2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -3, -1, /* 0x20 - 0x2F */
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F */
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F */
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, 63, /* 0x50 - 0x5F */
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F */
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F */
};
unsigned char* buffer_append_base64_decode(buffer *out, const char* in, size_t in_length, base64_charset charset) {
unsigned char *result;
size_t out_pos = 0; /* current output character (position) that is decoded. can contain partial result */
unsigned int group = 0; /* how many base64 digits in the current group were decoded already. each group has up to 4 digits */
size_t i;
const short* base64_reverse_table;
switch (charset) {
case BASE64_STANDARD:
base64_reverse_table = base64_standard_reverse_table;
break;
case BASE64_URL:
base64_reverse_table = base64_url_reverse_table;
break;
default:
return NULL;
}
result = (unsigned char *) buffer_string_prepare_append(out, 3*(in_length / 4) + 3);
/* run through the whole string, converting as we go */
for (i = 0; i < in_length; i++) {
unsigned char c = (unsigned char) in[i];
short ch;
if (c == '\0') break;
if (c >= 128) return NULL; /* only 7-bit characters allowed */
ch = base64_reverse_table[c];
if (-3 == ch) {
/* pad character; can only come after 2 base64 digits in a group */
if (group < 2) return NULL;
break;
} else if (-2 == ch) {
continue; /* skip character */
} else if (ch < 0) {
return NULL; /* invalid character, abort */
}
switch(group) {
case 0:
result[out_pos] = ch << 2;
group = 1;
break;
case 1:
result[out_pos++] |= ch >> 4;
result[out_pos] = (ch & 0x0f) << 4;
group = 2;
break;
case 2:
result[out_pos++] |= ch >>2;
result[out_pos] = (ch & 0x03) << 6;
group = 3;
break;
case 3:
result[out_pos++] |= ch;
group = 0;
break;
}
}
switch(group) {
case 0:
/* ended on boundary */
break;
case 1:
/* need at least 2 base64 digits per group */
return NULL;
case 2:
/* have 2 base64 digits in last group => one real octect, two zeroes padded */
case 3:
/* have 3 base64 digits in last group => two real octects, one zero padded */
/* for both cases the current index already is on the first zero padded octet
* - check it really is zero (overlapping bits) */
if (0 != result[out_pos]) return NULL;
break;
}
buffer_commit(out, out_pos);
return result;
}
size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset) {
const size_t full_tuples = in_length / 3;
const size_t in_tuple_remainder = in_length % 3;
const size_t out_tuple_remainder = in_tuple_remainder ? 1 + in_tuple_remainder : 0;
const size_t require_space = 4 * full_tuples + out_tuple_remainder;
const char* base64_table;
size_t i;
size_t out_pos = 0;
switch (charset) {
case BASE64_STANDARD:
base64_table = base64_standard_table;
break;
case BASE64_URL:
base64_table = base64_url_table;
break;
default:
force_assert(0 && "invalid charset");
}
/* check overflows */
force_assert(full_tuples < 2*full_tuples);
force_assert(full_tuples < 4*full_tuples);
force_assert(4*full_tuples < 4*full_tuples + out_tuple_remainder);
force_assert(require_space <= out_length);
for (i = 2; i < in_length; i += 3) {
unsigned int v = (in[i-2] << 16) | (in[i-1] << 8) | in[i];
out[out_pos+3] = base64_table[v & 0x3f]; v >>= 6;
out[out_pos+2] = base64_table[v & 0x3f]; v >>= 6;
out[out_pos+1] = base64_table[v & 0x3f]; v >>= 6;
out[out_pos+0] = base64_table[v & 0x3f];
out_pos += 4;
}
switch (in_tuple_remainder) {
case 0:
break;
case 1:
{
/* pretend in[i-1] = in[i] = 0, don't write last two (out_pos+3, out_pos+2) characters */
unsigned int v = (in[i-2] << 4);
out[out_pos+1] = base64_table[v & 0x3f]; v >>= 6;
out[out_pos+0] = base64_table[v & 0x3f];
out_pos += 2;
}
break;
case 2:
{
/* pretend in[i] = 0, don't write last (out_pos+3) character */
unsigned int v = (in[i-2] << 10) | (in[i-1] << 2);
out[out_pos+2] = base64_table[v & 0x3f]; v >>= 6;
out[out_pos+1] = base64_table[v & 0x3f]; v >>= 6;
out[out_pos+0] = base64_table[v & 0x3f];
out_pos += 3;
}
break;
}
force_assert(out_pos <= out_length);
return out_pos;
}
size_t li_to_base64(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset) {
const size_t in_tuple_remainder = in_length % 3;
size_t padding_length = in_tuple_remainder ? 3 - in_tuple_remainder : 0;
char padding;
size_t out_pos;
switch (charset) {
case BASE64_STANDARD:
padding = base64_standard_table[64];
break;
case BASE64_URL:
padding = base64_url_table[64];
break;
default:
force_assert(0 && "invalid charset");
}
force_assert(out_length >= padding_length);
out_pos = li_to_base64_no_padding(out, out_length - padding_length, in, in_length, charset);
while (padding_length > 0) {
out[out_pos++] = padding;
padding_length--;
}
force_assert(out_pos <= out_length);
return out_pos;
}
char* buffer_append_base64_encode_no_padding(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset) {
size_t reserve = 4*(in_length/3) + 4;
char* result = buffer_string_prepare_append(out, reserve);
size_t out_pos = li_to_base64_no_padding(result, reserve, in, in_length, charset);
buffer_commit(out, out_pos);
return result;
}
char* buffer_append_base64_encode(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset) {
size_t reserve = 4*(in_length/3) + 4;
char* result = buffer_string_prepare_append(out, reserve);
size_t out_pos = li_to_base64(result, reserve, in, in_length, charset);
buffer_commit(out, out_pos);
return result;
}

19
src/base64.h

@ -0,0 +1,19 @@
#ifndef _BASE64_H_
#define _BASE64_H_
#include "buffer.h"
typedef enum {
BASE64_STANDARD,
BASE64_URL,
} base64_charset;
unsigned char* buffer_append_base64_decode(buffer *out, const char* in, size_t in_length, base64_charset charset);
size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset);
size_t li_to_base64(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset);
char* buffer_append_base64_encode_no_padding(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset);
char* buffer_append_base64_encode(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset);
#endif

125
src/http_auth.c

@ -3,6 +3,7 @@
#include "http_auth.h"
#include "inet_ntop_cache.h"
#include "stream.h"
#include "base64.h"
#ifdef HAVE_CRYPT_H
# include <crypt.h>
@ -62,101 +63,6 @@ static void CvtHex(const HASH Bin, char Hex[33]) {
handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s);
static const char base64_pad = '=';
/* "A-Z a-z 0-9 + /" maps to 0-63 */
static const short base64_reverse_table[256] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x00 - 0x0F */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x10 - 0x1F */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F */
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F */
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F */
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F */
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F */
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x80 - 0x8F */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x90 - 0x9F */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xA0 - 0xAF */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xB0 - 0xBF */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xC0 - 0xCF */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xD0 - 0xDF */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xE0 - 0xEF */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xF0 - 0xFF */
};
static unsigned char * base64_decode(buffer *out, const char *in) {
unsigned char *result;
unsigned int j = 0; /* current output character (position) that is decoded. can contain partial result */
unsigned int group = 0; /* how many base64 digits in the current group were decoded already. each group has up to 4 digits */
size_t i;
size_t in_len = strlen(in);
result = (unsigned char *) buffer_string_prepare_copy(out, in_len);
/* run through the whole string, converting as we go */
for (i = 0; i < in_len; i++) {
unsigned char c = (unsigned char) in[i];
short ch;
if (c == '\0') break;
if (c == base64_pad) {
/* pad character can only come after 2 base64 digits in a group */
if (group < 2) return NULL;
break;
}
ch = base64_reverse_table[c];
if (ch < 0) continue; /* skip invalid characters */
switch(group) {
case 0:
result[j] = ch << 2;
group = 1;
break;
case 1:
result[j++] |= ch >> 4;
result[j] = (ch & 0x0f) << 4;
group = 2;
break;
case 2:
result[j++] |= ch >>2;
result[j] = (ch & 0x03) << 6;
group = 3;
break;
case 3:
result[j++] |= ch;
group = 0;
break;
}
}
switch(group) {
case 0:
/* ended on boundary */
break;
case 1:
/* need at least 2 base64 digits per group */
return NULL;
case 2:
/* have 2 base64 digits in last group => one real octect, two zeroes padded */
case 3:
/* have 3 base64 digits in last group => two real octects, one zero padded */
/* for both cases the current index already is on the first zero padded octet
* - check it really is zero (overlapping bits) */
if (0 != result[j]) return NULL;
break;
}
buffer_commit(out, j);
return result;
}
static int http_auth_get_password(server *srv, mod_auth_plugin_data *p, buffer *username, buffer *realm, buffer *password) {
int ret = -1;
@ -596,31 +502,20 @@ static void apr_md5_encode(const char *pw, const char *salt, char *result, size_
#ifdef USE_OPENSSL
static void apr_sha_encode(const char *pw, char *result, size_t nbytes) {
static const unsigned char base64_data[65] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
unsigned char digest[21]; /* multiple of 3 for base64 encoding */
int i;
unsigned char digest[20];
size_t base64_written;
SHA1((const unsigned char*) pw, strlen(pw), digest);
memset(result, 0, nbytes);
/* need 5 bytes for "{SHA}", 28 for base64 (3 bytes -> 4 bytes) of SHA1 (20 bytes), 1 terminating */
if (nbytes < 5 + 28 + 1) return;
SHA1((const unsigned char*) pw, strlen(pw), digest);
digest[20] = 0;
strcpy(result, "{SHA}");
result = result + 5;
for (i = 0; i < 21; i += 3) {
unsigned int v = (digest[i] << 16) | (digest[i+1] << 8) | digest[i+2];
result[3] = base64_data[v & 0x3f]; v >>= 6;
result[2] = base64_data[v & 0x3f]; v >>= 6;
result[1] = base64_data[v & 0x3f]; v >>= 6;
result[0] = base64_data[v & 0x3f];
result += 4;
}
result[-1] = '='; /* last digest character was already end of string, pad it */
*result = '\0';
memcpy(result, "{SHA}", 5);
base64_written = li_to_base64(result + 5, nbytes - 5, digest, 20, BASE64_STANDARD);
force_assert(base64_written == 28);
result[5 + base64_written] = '\0'; /* terminate string */
}
#endif
@ -852,7 +747,7 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p,
username = buffer_init();
if (!base64_decode(username, realm_str)) {
if (!buffer_append_base64_decode(username, realm_str, strlen(realm_str), BASE64_STANDARD)) {
log_error_write(srv, __FILE__, __LINE__, "sb", "decodeing base64-string failed", username);
buffer_free(username);

Loading…
Cancel
Save