Rev 827 | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
827 | daniel-mar | 1 | <?php |
2 | declare(strict_types=1); |
||
3 | namespace ParagonIE\ConstantTime; |
||
4 | |||
874 | daniel-mar | 5 | use InvalidArgumentException; |
6 | use RangeException; |
||
7 | use TypeError; |
||
8 | |||
827 | daniel-mar | 9 | /** |
874 | daniel-mar | 10 | * Copyright (c) 2016 - 2022 Paragon Initiative Enterprises. |
827 | daniel-mar | 11 | * Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com) |
12 | * |
||
13 | * Permission is hereby granted, free of charge, to any person obtaining a copy |
||
14 | * of this software and associated documentation files (the "Software"), to deal |
||
15 | * in the Software without restriction, including without limitation the rights |
||
16 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
||
17 | * copies of the Software, and to permit persons to whom the Software is |
||
18 | * furnished to do so, subject to the following conditions: |
||
19 | * |
||
20 | * The above copyright notice and this permission notice shall be included in all |
||
21 | * copies or substantial portions of the Software. |
||
22 | * |
||
23 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
||
24 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
||
25 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
||
26 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
||
27 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
||
28 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
||
29 | * SOFTWARE. |
||
30 | */ |
||
31 | |||
32 | /** |
||
33 | * Class Base64 |
||
34 | * [A-Z][a-z][0-9]+/ |
||
35 | * |
||
36 | * @package ParagonIE\ConstantTime |
||
37 | */ |
||
38 | abstract class Base64 implements EncoderInterface |
||
39 | { |
||
40 | /** |
||
41 | * Encode into Base64 |
||
42 | * |
||
43 | * Base64 character set "[A-Z][a-z][0-9]+/" |
||
44 | * |
||
45 | * @param string $binString |
||
46 | * @return string |
||
874 | daniel-mar | 47 | * |
48 | * @throws TypeError |
||
827 | daniel-mar | 49 | */ |
50 | public static function encode(string $binString): string |
||
51 | { |
||
52 | return static::doEncode($binString, true); |
||
53 | } |
||
54 | |||
55 | /** |
||
56 | * Encode into Base64, no = padding |
||
57 | * |
||
58 | * Base64 character set "[A-Z][a-z][0-9]+/" |
||
59 | * |
||
60 | * @param string $src |
||
61 | * @return string |
||
874 | daniel-mar | 62 | * |
63 | * @throws TypeError |
||
827 | daniel-mar | 64 | */ |
65 | public static function encodeUnpadded(string $src): string |
||
66 | { |
||
67 | return static::doEncode($src, false); |
||
68 | } |
||
69 | |||
70 | /** |
||
71 | * @param string $src |
||
72 | * @param bool $pad Include = padding? |
||
73 | * @return string |
||
874 | daniel-mar | 74 | * |
75 | * @throws TypeError |
||
827 | daniel-mar | 76 | */ |
77 | protected static function doEncode(string $src, bool $pad = true): string |
||
78 | { |
||
79 | $dest = ''; |
||
80 | $srcLen = Binary::safeStrlen($src); |
||
81 | // Main loop (no padding): |
||
82 | for ($i = 0; $i + 3 <= $srcLen; $i += 3) { |
||
83 | /** @var array<int, int> $chunk */ |
||
84 | $chunk = \unpack('C*', Binary::safeSubstr($src, $i, 3)); |
||
85 | $b0 = $chunk[1]; |
||
86 | $b1 = $chunk[2]; |
||
87 | $b2 = $chunk[3]; |
||
88 | |||
89 | $dest .= |
||
90 | static::encode6Bits( $b0 >> 2 ) . |
||
91 | static::encode6Bits((($b0 << 4) | ($b1 >> 4)) & 63) . |
||
92 | static::encode6Bits((($b1 << 2) | ($b2 >> 6)) & 63) . |
||
93 | static::encode6Bits( $b2 & 63); |
||
94 | } |
||
95 | // The last chunk, which may have padding: |
||
96 | if ($i < $srcLen) { |
||
97 | /** @var array<int, int> $chunk */ |
||
98 | $chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i)); |
||
99 | $b0 = $chunk[1]; |
||
100 | if ($i + 1 < $srcLen) { |
||
101 | $b1 = $chunk[2]; |
||
102 | $dest .= |
||
103 | static::encode6Bits($b0 >> 2) . |
||
104 | static::encode6Bits((($b0 << 4) | ($b1 >> 4)) & 63) . |
||
105 | static::encode6Bits(($b1 << 2) & 63); |
||
106 | if ($pad) { |
||
107 | $dest .= '='; |
||
108 | } |
||
109 | } else { |
||
110 | $dest .= |
||
111 | static::encode6Bits( $b0 >> 2) . |
||
112 | static::encode6Bits(($b0 << 4) & 63); |
||
113 | if ($pad) { |
||
114 | $dest .= '=='; |
||
115 | } |
||
116 | } |
||
117 | } |
||
118 | return $dest; |
||
119 | } |
||
120 | |||
121 | /** |
||
122 | * decode from base64 into binary |
||
123 | * |
||
124 | * Base64 character set "./[A-Z][a-z][0-9]" |
||
125 | * |
||
126 | * @param string $encodedString |
||
127 | * @param bool $strictPadding |
||
128 | * @return string |
||
874 | daniel-mar | 129 | * |
130 | * @throws RangeException |
||
131 | * @throws TypeError |
||
827 | daniel-mar | 132 | * @psalm-suppress RedundantCondition |
133 | */ |
||
134 | public static function decode(string $encodedString, bool $strictPadding = false): string |
||
135 | { |
||
136 | // Remove padding |
||
137 | $srcLen = Binary::safeStrlen($encodedString); |
||
138 | if ($srcLen === 0) { |
||
139 | return ''; |
||
140 | } |
||
141 | |||
142 | if ($strictPadding) { |
||
143 | if (($srcLen & 3) === 0) { |
||
144 | if ($encodedString[$srcLen - 1] === '=') { |
||
145 | $srcLen--; |
||
146 | if ($encodedString[$srcLen - 1] === '=') { |
||
147 | $srcLen--; |
||
148 | } |
||
149 | } |
||
150 | } |
||
151 | if (($srcLen & 3) === 1) { |
||
874 | daniel-mar | 152 | throw new RangeException( |
827 | daniel-mar | 153 | 'Incorrect padding' |
154 | ); |
||
155 | } |
||
156 | if ($encodedString[$srcLen - 1] === '=') { |
||
874 | daniel-mar | 157 | throw new RangeException( |
827 | daniel-mar | 158 | 'Incorrect padding' |
159 | ); |
||
160 | } |
||
161 | } else { |
||
162 | $encodedString = \rtrim($encodedString, '='); |
||
163 | $srcLen = Binary::safeStrlen($encodedString); |
||
164 | } |
||
165 | |||
166 | $err = 0; |
||
167 | $dest = ''; |
||
168 | // Main loop (no padding): |
||
169 | for ($i = 0; $i + 4 <= $srcLen; $i += 4) { |
||
170 | /** @var array<int, int> $chunk */ |
||
171 | $chunk = \unpack('C*', Binary::safeSubstr($encodedString, $i, 4)); |
||
172 | $c0 = static::decode6Bits($chunk[1]); |
||
173 | $c1 = static::decode6Bits($chunk[2]); |
||
174 | $c2 = static::decode6Bits($chunk[3]); |
||
175 | $c3 = static::decode6Bits($chunk[4]); |
||
176 | |||
177 | $dest .= \pack( |
||
178 | 'CCC', |
||
179 | ((($c0 << 2) | ($c1 >> 4)) & 0xff), |
||
180 | ((($c1 << 4) | ($c2 >> 2)) & 0xff), |
||
181 | ((($c2 << 6) | $c3 ) & 0xff) |
||
182 | ); |
||
183 | $err |= ($c0 | $c1 | $c2 | $c3) >> 8; |
||
184 | } |
||
185 | // The last chunk, which may have padding: |
||
186 | if ($i < $srcLen) { |
||
187 | /** @var array<int, int> $chunk */ |
||
188 | $chunk = \unpack('C*', Binary::safeSubstr($encodedString, $i, $srcLen - $i)); |
||
189 | $c0 = static::decode6Bits($chunk[1]); |
||
190 | |||
191 | if ($i + 2 < $srcLen) { |
||
192 | $c1 = static::decode6Bits($chunk[2]); |
||
193 | $c2 = static::decode6Bits($chunk[3]); |
||
194 | $dest .= \pack( |
||
195 | 'CC', |
||
196 | ((($c0 << 2) | ($c1 >> 4)) & 0xff), |
||
197 | ((($c1 << 4) | ($c2 >> 2)) & 0xff) |
||
198 | ); |
||
199 | $err |= ($c0 | $c1 | $c2) >> 8; |
||
874 | daniel-mar | 200 | if ($strictPadding) { |
201 | $err |= ($c2 << 6) & 0xff; |
||
202 | } |
||
827 | daniel-mar | 203 | } elseif ($i + 1 < $srcLen) { |
204 | $c1 = static::decode6Bits($chunk[2]); |
||
205 | $dest .= \pack( |
||
206 | 'C', |
||
207 | ((($c0 << 2) | ($c1 >> 4)) & 0xff) |
||
208 | ); |
||
209 | $err |= ($c0 | $c1) >> 8; |
||
874 | daniel-mar | 210 | if ($strictPadding) { |
211 | $err |= ($c1 << 4) & 0xff; |
||
212 | } |
||
827 | daniel-mar | 213 | } elseif ($strictPadding) { |
214 | $err |= 1; |
||
215 | } |
||
216 | } |
||
217 | $check = ($err === 0); |
||
218 | if (!$check) { |
||
874 | daniel-mar | 219 | throw new RangeException( |
827 | daniel-mar | 220 | 'Base64::decode() only expects characters in the correct base64 alphabet' |
221 | ); |
||
222 | } |
||
223 | return $dest; |
||
224 | } |
||
225 | |||
226 | /** |
||
874 | daniel-mar | 227 | * @param string $encodedString |
228 | * @return string |
||
229 | */ |
||
230 | public static function decodeNoPadding(string $encodedString): string |
||
231 | { |
||
232 | $srcLen = Binary::safeStrlen($encodedString); |
||
233 | if ($srcLen === 0) { |
||
234 | return ''; |
||
235 | } |
||
236 | if (($srcLen & 3) === 0) { |
||
237 | if ($encodedString[$srcLen - 1] === '=') { |
||
238 | throw new InvalidArgumentException( |
||
239 | "decodeNoPadding() doesn't tolerate padding" |
||
240 | ); |
||
241 | } |
||
242 | if (($srcLen & 3) > 1) { |
||
243 | if ($encodedString[$srcLen - 2] === '=') { |
||
244 | throw new InvalidArgumentException( |
||
245 | "decodeNoPadding() doesn't tolerate padding" |
||
246 | ); |
||
247 | } |
||
248 | } |
||
249 | } |
||
250 | return static::decode( |
||
251 | $encodedString, |
||
252 | true |
||
253 | ); |
||
254 | } |
||
255 | |||
256 | /** |
||
827 | daniel-mar | 257 | * Uses bitwise operators instead of table-lookups to turn 6-bit integers |
258 | * into 8-bit integers. |
||
259 | * |
||
260 | * Base64 character set: |
||
261 | * [A-Z] [a-z] [0-9] + / |
||
262 | * 0x41-0x5a, 0x61-0x7a, 0x30-0x39, 0x2b, 0x2f |
||
263 | * |
||
264 | * @param int $src |
||
265 | * @return int |
||
266 | */ |
||
267 | protected static function decode6Bits(int $src): int |
||
268 | { |
||
269 | $ret = -1; |
||
270 | |||
271 | // if ($src > 0x40 && $src < 0x5b) $ret += $src - 0x41 + 1; // -64 |
||
272 | $ret += (((0x40 - $src) & ($src - 0x5b)) >> 8) & ($src - 64); |
||
273 | |||
274 | // if ($src > 0x60 && $src < 0x7b) $ret += $src - 0x61 + 26 + 1; // -70 |
||
275 | $ret += (((0x60 - $src) & ($src - 0x7b)) >> 8) & ($src - 70); |
||
276 | |||
277 | // if ($src > 0x2f && $src < 0x3a) $ret += $src - 0x30 + 52 + 1; // 5 |
||
278 | $ret += (((0x2f - $src) & ($src - 0x3a)) >> 8) & ($src + 5); |
||
279 | |||
280 | // if ($src == 0x2b) $ret += 62 + 1; |
||
281 | $ret += (((0x2a - $src) & ($src - 0x2c)) >> 8) & 63; |
||
282 | |||
283 | // if ($src == 0x2f) ret += 63 + 1; |
||
284 | $ret += (((0x2e - $src) & ($src - 0x30)) >> 8) & 64; |
||
285 | |||
286 | return $ret; |
||
287 | } |
||
288 | |||
289 | /** |
||
290 | * Uses bitwise operators instead of table-lookups to turn 8-bit integers |
||
291 | * into 6-bit integers. |
||
292 | * |
||
293 | * @param int $src |
||
294 | * @return string |
||
295 | */ |
||
296 | protected static function encode6Bits(int $src): string |
||
297 | { |
||
298 | $diff = 0x41; |
||
299 | |||
300 | // if ($src > 25) $diff += 0x61 - 0x41 - 26; // 6 |
||
301 | $diff += ((25 - $src) >> 8) & 6; |
||
302 | |||
303 | // if ($src > 51) $diff += 0x30 - 0x61 - 26; // -75 |
||
304 | $diff -= ((51 - $src) >> 8) & 75; |
||
305 | |||
306 | // if ($src > 61) $diff += 0x2b - 0x30 - 10; // -15 |
||
307 | $diff -= ((61 - $src) >> 8) & 15; |
||
308 | |||
309 | // if ($src > 62) $diff += 0x2f - 0x2b - 1; // 3 |
||
310 | $diff += ((62 - $src) >> 8) & 3; |
||
311 | |||
312 | return \pack('C', $src + $diff); |
||
313 | } |
||
314 | } |