base64 without libcrypto

pfeatherstone · pfeatherstone · commit 208b56f05719 · 2025-05-31T09:06:59.000+01:00
diff --git a/README.md b/README.md
@@ -4,10 +4,7 @@ This is an experimental replacement for Boost::Beast.
 
 ## Installation
 
-Copy the contents of `src` into your project then link to:
-- Boost::asio
-- OpenSSL::SSL
-- OpenSSL::Crypto 
+Copy the contents of `src` into your project then link to Boost::asio. If you're using transport over TLS, then link to OpenSSL::SSL and OpenSSL::Crypto.
 
 ## Examples
 
@@ -24,21 +21,31 @@ $ cmake ./examples -B build -DCMAKE_BUILD_TYPE=Release
 $ cmake --build build --parallel
 ```
 
+## Unit tests
+
+Build using:
+
+```bash
+$ cmake ./test -B build -DCMAKE_BUILD_TYPE=Release
+$ cmake --build build --parallel
+```
+
+Run using:
+
+```bash
+$ ./build/tests
+```
+
 ## Roadmap
 - [ ] Chunked encoding
 - [ ] Documentation
-- [ ] Unit tests
 
 ## Questions
 
 - Q: Why not use Beast?
 
   A: I find Beast bloated and unecessarily complicated. HTTP1 and WS are simple protocols. There is SO MUCH source code in Beast and I'm not convinced it's proportionate. Additionally, you don't need Beast objects like `basic_stream` or `flat_buffer`. All you need are a few structs, enums, Asio composed operations and voila.
 
-- Q: Why do I need to link to openssl when I'm not using TLS?
-
-  A: Because of SHA1 and Base64 encoding/decoding, which are used in the websocket protocol, even without TLS. I couldn't be bothered to implement those functions, particularly as I only ever use HTTP and WS over TLS, in which case I link to openssl anyway.
-
 - Q: Why are you not writing the base library Sans-IO? It's the fashion!
 
   A: Because I'm only going to use this with Asio. I don't mind having state-machine logic inside an Asio composed operation rather than something custom. As far as I can tell, the only motivation for Sans-IO is unit tests. It means you don't have to open a socket.
diff --git a/examples/server.cpp b/examples/server.cpp
@@ -153,9 +153,9 @@ auto handle_authorization (const http::request& req, std::string_view username_e
         return std::make_pair(false, "Missing Authorization field");
     
     std::string_view  login_base64  = lskip(field->value, "Basic ");
-    const std::string login         = http::base64_decode(login_base64);
+    const auto        login         = http::base64_decode(login_base64);
 
-    const auto [user, passwd] = split_once(login, ":");
+    const auto [user, passwd] = split_once(std::string_view((const char*)&login[0], login.size()), ":");
 
     if (user.compare(username_exp) != 0 || passwd.compare(passwd_exp) != 0)
         return std::make_pair(false, "Authentication username-password don't match expected");
diff --git a/src/http.cpp b/src/http.cpp
@@ -1,12 +1,9 @@
 #include <cassert>
 #include <cstring>
+#include <cstdarg>
 #include <algorithm>
 #include <filesystem>
-#include <system_error>
 #include <boost/asio/version.hpp>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
 #include "http.h"
 
 namespace fs = std::filesystem;
@@ -742,39 +739,90 @@ namespace http
 
 //----------------------------------------------------------------------------------------------------------------
 
-    std::string base64_encode(std::string_view data)
+    constexpr std::array<uint8_t, 64> base64_encode_table = {
+        'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
+        'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
+        '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'
+    };
+
+    constexpr std::array<uint8_t, 256> base64_decoded_table = [] {
+        std::array<uint8_t, 256> table{};
+        for (size_t i = 0 ; i < base64_encode_table.size() ; ++i)
+            table[base64_encode_table[i]] = i;
+        return table;
+    }();
+
+    std::string base64_encode(const size_t ndata, const uint8_t* data)
     {
-        BIO* b64 = BIO_new(BIO_f_base64());
-        BIO* bio = BIO_new(BIO_s_mem());
-        BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
-        bio = BIO_push(b64, bio);
-        
-        BIO_write(bio, data.data(), data.size());
-        BIO_flush(bio);
+        std::string ret;
+        ret.reserve((ndata+2) / 3 * 4);
+        uint8_t word{0};
+        uint8_t off{6};
+
+        for (size_t i = 0 ; i < ndata ; ++i)
+        {
+            const uint8_t byte = data[i];
+
+            for (int j = 7 ; j >= 0 ; --j)
+            {
+                const uint8_t bit = (byte >> j) & 0x1;
+
+                word |= (bit << --off);
+
+                if (off == 0)
+                {
+                    assert(word < 64);
+                    ret.push_back(base64_encode_table[word]);
+                    off  = 6;
+                    word = 0;
+                }
+            }
+        }
 
-        BUF_MEM* buffer_ptr{nullptr};
-        BIO_get_mem_ptr(bio, &buffer_ptr);
+        assert(off == 6 || off == 2 || off == 4);
 
-        std::string encoded(buffer_ptr->data, buffer_ptr->length);
-        BIO_free_all(bio);
-        return encoded;
+        if (off < 6)
+        {
+            const size_t npadding = off / 2;
+            ret.push_back(base64_encode_table[word]);
+            for (size_t i = 0 ; i < npadding ; ++i)
+                ret.push_back('=');
+        }
+        
+        return ret;
     }
 
-    std::string base64_decode(std::string_view data)
+    std::vector<uint8_t> base64_decode(std::string_view data)
     {
-        BIO* b64 = BIO_new(BIO_f_base64());
-        BIO* bio = BIO_new_mem_buf(data.data(), data.size());
-        BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
-        bio = BIO_push(b64, bio);
-
-        std::string output(data.size(), '\0'); // Base64 expands by 4/3, so input is always >= output
-        int decoded_len = BIO_read(bio, output.data(), output.size());
-        if (decoded_len < 0)
-            fprintf(stderr, "Failed to base64 decode data\n");
-
-        output.resize(std::max(decoded_len, 0));
-        BIO_free_all(bio);
-        return output;
+        std::vector<uint8_t> ret;
+        ret.reserve(data.size() / 4 * 3);
+        uint8_t word{0};
+        uint8_t off{8};
+
+        for (size_t i = 0 ; i < data.size() ; ++i)
+        {
+            if (data[i] == '=')
+                continue;
+
+            const uint8_t sixtet = base64_decoded_table[data[i]];
+
+            for (int j = 5 ; j >= 0 ; --j)
+            {
+                const uint8_t bit = (sixtet >> j) & 0x1;
+
+                word |= (bit << --off);
+
+                if (off == 0)
+                {
+                    assert(word < 256);
+                    ret.push_back(word);
+                    off  = 8;
+                    word = 0;
+                }
+            }
+        }
+
+        return ret;
     }
 
 //----------------------------------------------------------------------------------------------------------------
diff --git a/src/http.h b/src/http.h
@@ -508,8 +508,8 @@ namespace http
 
 //----------------------------------------------------------------------------------------------------------------
 
-    std::string base64_encode(std::string_view data);
-    std::string base64_decode(std::string_view data);
+    std::string          base64_encode(const size_t ndata, const uint8_t* data);
+    std::vector<uint8_t> base64_decode(std::string_view data);
 
 //----------------------------------------------------------------------------------------------------------------
 
diff --git a/src/http_async.h b/src/http_async.h
@@ -464,7 +464,7 @@ namespace http
             const auto hash = sha1{}.push(sec_ws_key.size(), (const uint8_t*)sec_ws_key.data())
                                     .push(magic.size(),      (const uint8_t*)magic.data())
                                     .finish();
-            return base64_encode(std::string_view{(const char*)&hash[0], hash.size()});
+            return base64_encode(hash.size(), &hash[0]);
         }
 
         template<class AsyncStream>
@@ -473,7 +473,7 @@ namespace http
             AsyncStream&                    sock;
             std::string                     uri;
             std::string                     host;
-            char                            nonce[16]   = {0};
+            uint8_t                         nonce[16]   = {0};
             std::unique_ptr<std::string>    buf         = std::make_unique<std::string>();
             std::unique_ptr<request>        req         = std::make_unique<request>();
             std::unique_ptr<response>       reply       = std::make_unique<response>();
@@ -512,7 +512,7 @@ namespace http
                     req->add_header(field::connection,            "upgrade");
                     req->add_header(field::upgrade,               "websocket");
                     req->add_header(field::sec_websocket_version, "13");
-                    req->add_header(field::sec_websocket_key,     base64_encode(std::string_view(nonce, 16)));
+                    req->add_header(field::sec_websocket_key,     base64_encode(16, nonce));
 
                     async_http_write(sock, *req, *buf, std::move(self));
                 }
@@ -542,7 +542,7 @@ namespace http
 
                         if (sec_ws_accept == end(reply->headers))
                             self.complete(make_error_code(ws_handshake_missing_seq_accept));
-                        else if (sec_ws_accept->value != compute_sec_ws_accept(base64_encode(std::string_view(nonce, 16))))
+                        else if (sec_ws_accept->value != compute_sec_ws_accept(base64_encode(16, nonce)))
                             self.complete(make_error_code(ws_handshake_bad_sec_accept));
                         else
                             self.complete({});
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
@@ -28,6 +28,7 @@ target_link_libraries(http
 # Unit tests
 add_executable(tests
   main.cpp
+  base64.cpp
   sha1.cpp)
 target_link_options(tests PUBLIC $<$<CONFIG:Release>:-s>)
 target_link_libraries(tests PUBLIC http)
diff --git a/test/base64.cpp b/test/base64.cpp
@@ -0,0 +1,78 @@
+#include <random>
+#include <algorithm>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <http.h>
+#include "doctest.h"
+
+static std::string openssl_base64_encode(const size_t ndata, const uint8_t* data)
+{
+    BIO* b64 = BIO_new(BIO_f_base64());
+    BIO* bio = BIO_new(BIO_s_mem());
+    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+    bio = BIO_push(b64, bio);
+    
+    BIO_write(bio, data, ndata);
+    BIO_flush(bio);
+
+    BUF_MEM* buffer_ptr{nullptr};
+    BIO_get_mem_ptr(bio, &buffer_ptr);
+
+    std::string encoded(buffer_ptr->data, buffer_ptr->length);
+    BIO_free_all(bio);
+    return encoded;
+}
+
+static std::vector<uint8_t> openssl_base64_decode(std::string_view data)
+{
+    BIO* b64 = BIO_new(BIO_f_base64());
+    BIO* bio = BIO_new_mem_buf(data.data(), data.size());
+    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+    bio = BIO_push(b64, bio);
+
+    std::vector<uint8_t> output(data.size(), 0); // Base64 expands by 4/3, so input is always >= output
+    int decoded_len = BIO_read(bio, output.data(), output.size());
+    if (decoded_len < 0)
+        fprintf(stderr, "Failed to base64 decode data\n");
+
+    output.resize(std::max(decoded_len, 0));
+    BIO_free_all(bio);
+    return output;
+}
+
+TEST_SUITE("[BASE64]")
+{
+    TEST_CASE("matches openssl")
+    {
+        std::mt19937 eng(std::random_device{}());
+        std::uniform_int_distribution<uint8_t> d{};
+        std::vector<uint8_t> buf;
+        buf.reserve(4096);
+
+        for (size_t i = 0 ; i < 10000 ; ++i)
+        {
+            // Fill with random
+            buf.resize(i);
+            std::generate(begin(buf), end(buf), [&]{return d(eng);});
+
+            // Encode
+            auto encoded_ssl    = openssl_base64_encode(buf.size(), buf.data());
+            auto encoded_custom = http::base64_encode(buf.size(), buf.data());
+            
+            // Check
+            REQUIRE(encoded_ssl == encoded_custom);
+
+            // Decode with padding
+            auto decoded = http::base64_decode(encoded_custom);
+            REQUIRE(buf.size() == decoded.size());
+            REQUIRE(std::equal(begin(buf), end(buf), begin(decoded)));
+
+            // Decode without padding
+            encoded_custom.erase(std::remove(begin(encoded_custom), end(encoded_custom), '='), end(encoded_custom));
+            decoded = http::base64_decode(encoded_custom);
+            REQUIRE(buf.size() == decoded.size());
+            REQUIRE(std::equal(begin(buf), end(buf), begin(decoded)));
+        }
+    }
+}
