Skip to content

Commit 3f3bf06

Browse files
paragonie-securityparagonie-security
committed
Add Base64::decodeNoPadding() and Base32::decodeNoPadding()
This is a strict decoding method that doesn't tolerate '=' padding.
1 parent 1e4988b commit 3f3bf06

17 files changed

+161
-15
lines changed

src/Base32.php

Lines changed: 45 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,11 @@
22
declare(strict_types=1);
33
namespace ParagonIE\ConstantTime;
44

5+
use InvalidArgumentException;
6+
use RangeException;
7+
58
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
9+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
710
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
811
*
912
* Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -182,6 +185,31 @@ protected static function encode5BitsUpper(int $src): string
182185
return \pack('C', $src + $diff);
183186
}
184187

188+
/**
189+
* @param string $encodedString
190+
* @return string
191+
*/
192+
public static function decodeNoPadding(string $encodedString, bool $upper = false): string
193+
{
194+
$srcLen = Binary::safeStrlen($encodedString);
195+
if ($srcLen === 0) {
196+
return '';
197+
}
198+
if (($srcLen & 7) === 0) {
199+
for ($j = 0; $j < 7; ++$j) {
200+
if ($encodedString[$srcLen - 1] === '=') {
201+
throw new InvalidArgumentException(
202+
"decodeNoPadding() doesn't tolerate padding"
203+
);
204+
}
205+
}
206+
}
207+
return static::doDecode(
208+
$encodedString,
209+
$upper,
210+
true
211+
);
212+
}
185213

186214
/**
187215
* Base32 decoding
@@ -287,6 +315,9 @@ protected static function doDecode(string $src, bool $upper = false, bool $stric
287315
(($c4 << 7) | ($c5 << 2) | ($c6 >> 3)) & 0xff
288316
);
289317
$err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5 | $c6) >> 8;
318+
if ($strictPadding) {
319+
$err |= ($c6 << 5) & 0xff;
320+
}
290321
} elseif ($i + 5 < $srcLen) {
291322
/** @var int $c1 */
292323
$c1 = static::$method($chunk[2]);
@@ -324,6 +355,9 @@ protected static function doDecode(string $src, bool $upper = false, bool $stric
324355
(($c3 << 4) | ($c4 >> 1) ) & 0xff
325356
);
326357
$err |= ($c0 | $c1 | $c2 | $c3 | $c4) >> 8;
358+
if ($strictPadding) {
359+
$err |= ($c4 << 7) & 0xff;
360+
}
327361
} elseif ($i + 3 < $srcLen) {
328362
/** @var int $c1 */
329363
$c1 = static::$method($chunk[2]);
@@ -338,6 +372,9 @@ protected static function doDecode(string $src, bool $upper = false, bool $stric
338372
(($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff
339373
);
340374
$err |= ($c0 | $c1 | $c2 | $c3) >> 8;
375+
if ($strictPadding) {
376+
$err |= ($c3 << 4) & 0xff;
377+
}
341378
} elseif ($i + 2 < $srcLen) {
342379
/** @var int $c1 */
343380
$c1 = static::$method($chunk[2]);
@@ -350,6 +387,9 @@ protected static function doDecode(string $src, bool $upper = false, bool $stric
350387
(($c1 << 6) | ($c2 << 1) ) & 0xff
351388
);
352389
$err |= ($c0 | $c1 | $c2) >> 8;
390+
if ($strictPadding) {
391+
$err |= ($c2 << 6) & 0xff;
392+
}
353393
} elseif ($i + 1 < $srcLen) {
354394
/** @var int $c1 */
355395
$c1 = static::$method($chunk[2]);
@@ -359,6 +399,9 @@ protected static function doDecode(string $src, bool $upper = false, bool $stric
359399
(($c0 << 3) | ($c1 >> 2) ) & 0xff
360400
);
361401
$err |= ($c0 | $c1) >> 8;
402+
if ($strictPadding) {
403+
$err |= ($c1 << 6) & 0xff;
404+
}
362405
} else {
363406
$dest .= \pack(
364407
'C',
@@ -369,7 +412,7 @@ protected static function doDecode(string $src, bool $upper = false, bool $stric
369412
}
370413
$check = ($err === 0);
371414
if (!$check) {
372-
throw new \RangeException(
415+
throw new RangeException(
373416
'Base32::doDecode() only expects characters in the correct base32 alphabet'
374417
);
375418
}

src/Base32Hex.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace ParagonIE\ConstantTime;
44

55
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
6+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
77
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
88
*
99
* Permission is hereby granted, free of charge, to any person obtaining a copy

src/Base64.php

Lines changed: 37 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,11 @@
22
declare(strict_types=1);
33
namespace ParagonIE\ConstantTime;
44

5+
use InvalidArgumentException;
6+
use RangeException;
7+
58
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
9+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
710
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
811
*
912
* Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -141,12 +144,12 @@ public static function decode(string $encodedString, bool $strictPadding = false
141144
}
142145
}
143146
if (($srcLen & 3) === 1) {
144-
throw new \RangeException(
147+
throw new RangeException(
145148
'Incorrect padding'
146149
);
147150
}
148151
if ($encodedString[$srcLen - 1] === '=') {
149-
throw new \RangeException(
152+
throw new RangeException(
150153
'Incorrect padding'
151154
);
152155
}
@@ -208,13 +211,43 @@ public static function decode(string $encodedString, bool $strictPadding = false
208211
}
209212
$check = ($err === 0);
210213
if (!$check) {
211-
throw new \RangeException(
214+
throw new RangeException(
212215
'Base64::decode() only expects characters in the correct base64 alphabet'
213216
);
214217
}
215218
return $dest;
216219
}
217220

221+
/**
222+
* @param string $encodedString
223+
* @return string
224+
*/
225+
public static function decodeNoPadding(string $encodedString): string
226+
{
227+
$srcLen = Binary::safeStrlen($encodedString);
228+
if ($srcLen === 0) {
229+
return '';
230+
}
231+
if (($srcLen & 3) === 0) {
232+
if ($encodedString[$srcLen - 1] === '=') {
233+
throw new InvalidArgumentException(
234+
"decodeNoPadding() doesn't tolerate padding"
235+
);
236+
}
237+
if (($srcLen & 3) > 1) {
238+
if ($encodedString[$srcLen - 2] === '=') {
239+
throw new InvalidArgumentException(
240+
"decodeNoPadding() doesn't tolerate padding"
241+
);
242+
}
243+
}
244+
}
245+
return static::decode(
246+
$encodedString,
247+
true
248+
);
249+
}
250+
218251
/**
219252
* Uses bitwise operators instead of table-lookups to turn 6-bit integers
220253
* into 8-bit integers.

src/Base64DotSlash.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace ParagonIE\ConstantTime;
44

55
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
6+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
77
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
88
*
99
* Permission is hereby granted, free of charge, to any person obtaining a copy

src/Base64DotSlashOrdered.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace ParagonIE\ConstantTime;
44

55
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
6+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
77
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
88
*
99
* Permission is hereby granted, free of charge, to any person obtaining a copy

src/Base64UrlSafe.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace ParagonIE\ConstantTime;
44

55
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
6+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
77
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
88
*
99
* Permission is hereby granted, free of charge, to any person obtaining a copy

src/Binary.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace ParagonIE\ConstantTime;
44

55
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
6+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
77
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
88
*
99
* Permission is hereby granted, free of charge, to any person obtaining a copy

src/EncoderInterface.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace ParagonIE\ConstantTime;
44

55
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
6+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
77
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
88
*
99
* Permission is hereby granted, free of charge, to any person obtaining a copy

src/Encoding.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace ParagonIE\ConstantTime;
44

55
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
6+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
77
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
88
*
99
* Permission is hereby granted, free of charge, to any person obtaining a copy

src/Hex.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace ParagonIE\ConstantTime;
44

55
/**
6-
* Copyright (c) 2016 - 2018 Paragon Initiative Enterprises.
6+
* Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
77
* Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
88
*
99
* Permission is hereby granted, free of charge, to any person obtaining a copy

0 commit comments

Comments
 (0)