1// Copyright 2011 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5// Package base32 implements base32 encoding as specified by RFC 4648. 6package base32 7 8import ( 9 "io" 10 "slices" 11 "strconv" 12) 13 14/* 15 * Encodings 16 */ 17 18// An Encoding is a radix 32 encoding/decoding scheme, defined by a 19// 32-character alphabet. The most common is the "base32" encoding 20// introduced for SASL GSSAPI and standardized in RFC 4648. 21// The alternate "base32hex" encoding is used in DNSSEC. 22type Encoding struct { 23 encode [32]byte // mapping of symbol index to symbol byte value 24 decodeMap [256]uint8 // mapping of symbol byte value to symbol index 25 padChar rune 26} 27 28const ( 29 StdPadding rune = '=' // Standard padding character 30 NoPadding rune = -1 // No padding 31) 32 33const ( 34 decodeMapInitialize = "" + 35 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 36 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 37 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 38 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 39 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 40 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 41 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 42 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 43 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 44 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 45 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 46 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 47 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 48 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 49 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + 50 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" 51 invalidIndex = '\xff' 52) 53 54// NewEncoding returns a new padded Encoding defined by the given alphabet, 55// which must be a 32-byte string that contains unique byte values and 56// does not contain the padding character or CR / LF ('\r', '\n'). 57// The alphabet is treated as a sequence of byte values 58// without any special treatment for multi-byte UTF-8. 59// The resulting Encoding uses the default padding character ('='), 60// which may be changed or disabled via [Encoding.WithPadding]. 61func NewEncoding(encoder string) *Encoding { 62 if len(encoder) != 32 { 63 panic("encoding alphabet is not 32-bytes long") 64 } 65 66 e := new(Encoding) 67 e.padChar = StdPadding 68 copy(e.encode[:], encoder) 69 copy(e.decodeMap[:], decodeMapInitialize) 70 71 for i := 0; i < len(encoder); i++ { 72 // Note: While we document that the alphabet cannot contain 73 // the padding character, we do not enforce it since we do not know 74 // if the caller intends to switch the padding from StdPadding later. 75 switch { 76 case encoder[i] == '\n' || encoder[i] == '\r': 77 panic("encoding alphabet contains newline character") 78 case e.decodeMap[encoder[i]] != invalidIndex: 79 panic("encoding alphabet includes duplicate symbols") 80 } 81 e.decodeMap[encoder[i]] = uint8(i) 82 } 83 return e 84} 85 86// StdEncoding is the standard base32 encoding, as defined in RFC 4648. 87var StdEncoding = NewEncoding("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567") 88 89// HexEncoding is the “Extended Hex Alphabet” defined in RFC 4648. 90// It is typically used in DNS. 91var HexEncoding = NewEncoding("0123456789ABCDEFGHIJKLMNOPQRSTUV") 92 93// WithPadding creates a new encoding identical to enc except 94// with a specified padding character, or NoPadding to disable padding. 95// The padding character must not be '\r' or '\n', 96// must not be contained in the encoding's alphabet, 97// must not be negative, and must be a rune equal or below '\xff'. 98// Padding characters above '\x7f' are encoded as their exact byte value 99// rather than using the UTF-8 representation of the codepoint. 100func (enc Encoding) WithPadding(padding rune) *Encoding { 101 switch { 102 case padding < NoPadding || padding == '\r' || padding == '\n' || padding > 0xff: 103 panic("invalid padding") 104 case padding != NoPadding && enc.decodeMap[byte(padding)] != invalidIndex: 105 panic("padding contained in alphabet") 106 } 107 enc.padChar = padding 108 return &enc 109} 110 111/* 112 * Encoder 113 */ 114 115// Encode encodes src using the encoding enc, 116// writing [Encoding.EncodedLen](len(src)) bytes to dst. 117// 118// The encoding pads the output to a multiple of 8 bytes, 119// so Encode is not appropriate for use on individual blocks 120// of a large data stream. Use [NewEncoder] instead. 121func (enc *Encoding) Encode(dst, src []byte) { 122 if len(src) == 0 { 123 return 124 } 125 // enc is a pointer receiver, so the use of enc.encode within the hot 126 // loop below means a nil check at every operation. Lift that nil check 127 // outside of the loop to speed up the encoder. 128 _ = enc.encode 129 130 di, si := 0, 0 131 n := (len(src) / 5) * 5 132 for si < n { 133 // Combining two 32 bit loads allows the same code to be used 134 // for 32 and 64 bit platforms. 135 hi := uint32(src[si+0])<<24 | uint32(src[si+1])<<16 | uint32(src[si+2])<<8 | uint32(src[si+3]) 136 lo := hi<<8 | uint32(src[si+4]) 137 138 dst[di+0] = enc.encode[(hi>>27)&0x1F] 139 dst[di+1] = enc.encode[(hi>>22)&0x1F] 140 dst[di+2] = enc.encode[(hi>>17)&0x1F] 141 dst[di+3] = enc.encode[(hi>>12)&0x1F] 142 dst[di+4] = enc.encode[(hi>>7)&0x1F] 143 dst[di+5] = enc.encode[(hi>>2)&0x1F] 144 dst[di+6] = enc.encode[(lo>>5)&0x1F] 145 dst[di+7] = enc.encode[(lo)&0x1F] 146 147 si += 5 148 di += 8 149 } 150 151 // Add the remaining small block 152 remain := len(src) - si 153 if remain == 0 { 154 return 155 } 156 157 // Encode the remaining bytes in reverse order. 158 val := uint32(0) 159 switch remain { 160 case 4: 161 val |= uint32(src[si+3]) 162 dst[di+6] = enc.encode[val<<3&0x1F] 163 dst[di+5] = enc.encode[val>>2&0x1F] 164 fallthrough 165 case 3: 166 val |= uint32(src[si+2]) << 8 167 dst[di+4] = enc.encode[val>>7&0x1F] 168 fallthrough 169 case 2: 170 val |= uint32(src[si+1]) << 16 171 dst[di+3] = enc.encode[val>>12&0x1F] 172 dst[di+2] = enc.encode[val>>17&0x1F] 173 fallthrough 174 case 1: 175 val |= uint32(src[si+0]) << 24 176 dst[di+1] = enc.encode[val>>22&0x1F] 177 dst[di+0] = enc.encode[val>>27&0x1F] 178 } 179 180 // Pad the final quantum 181 if enc.padChar != NoPadding { 182 nPad := (remain * 8 / 5) + 1 183 for i := nPad; i < 8; i++ { 184 dst[di+i] = byte(enc.padChar) 185 } 186 } 187} 188 189// AppendEncode appends the base32 encoded src to dst 190// and returns the extended buffer. 191func (enc *Encoding) AppendEncode(dst, src []byte) []byte { 192 n := enc.EncodedLen(len(src)) 193 dst = slices.Grow(dst, n) 194 enc.Encode(dst[len(dst):][:n], src) 195 return dst[:len(dst)+n] 196} 197 198// EncodeToString returns the base32 encoding of src. 199func (enc *Encoding) EncodeToString(src []byte) string { 200 buf := make([]byte, enc.EncodedLen(len(src))) 201 enc.Encode(buf, src) 202 return string(buf) 203} 204 205type encoder struct { 206 err error 207 enc *Encoding 208 w io.Writer 209 buf [5]byte // buffered data waiting to be encoded 210 nbuf int // number of bytes in buf 211 out [1024]byte // output buffer 212} 213 214func (e *encoder) Write(p []byte) (n int, err error) { 215 if e.err != nil { 216 return 0, e.err 217 } 218 219 // Leading fringe. 220 if e.nbuf > 0 { 221 var i int 222 for i = 0; i < len(p) && e.nbuf < 5; i++ { 223 e.buf[e.nbuf] = p[i] 224 e.nbuf++ 225 } 226 n += i 227 p = p[i:] 228 if e.nbuf < 5 { 229 return 230 } 231 e.enc.Encode(e.out[0:], e.buf[0:]) 232 if _, e.err = e.w.Write(e.out[0:8]); e.err != nil { 233 return n, e.err 234 } 235 e.nbuf = 0 236 } 237 238 // Large interior chunks. 239 for len(p) >= 5 { 240 nn := len(e.out) / 8 * 5 241 if nn > len(p) { 242 nn = len(p) 243 nn -= nn % 5 244 } 245 e.enc.Encode(e.out[0:], p[0:nn]) 246 if _, e.err = e.w.Write(e.out[0 : nn/5*8]); e.err != nil { 247 return n, e.err 248 } 249 n += nn 250 p = p[nn:] 251 } 252 253 // Trailing fringe. 254 copy(e.buf[:], p) 255 e.nbuf = len(p) 256 n += len(p) 257 return 258} 259 260// Close flushes any pending output from the encoder. 261// It is an error to call Write after calling Close. 262func (e *encoder) Close() error { 263 // If there's anything left in the buffer, flush it out 264 if e.err == nil && e.nbuf > 0 { 265 e.enc.Encode(e.out[0:], e.buf[0:e.nbuf]) 266 encodedLen := e.enc.EncodedLen(e.nbuf) 267 e.nbuf = 0 268 _, e.err = e.w.Write(e.out[0:encodedLen]) 269 } 270 return e.err 271} 272 273// NewEncoder returns a new base32 stream encoder. Data written to 274// the returned writer will be encoded using enc and then written to w. 275// Base32 encodings operate in 5-byte blocks; when finished 276// writing, the caller must Close the returned encoder to flush any 277// partially written blocks. 278func NewEncoder(enc *Encoding, w io.Writer) io.WriteCloser { 279 return &encoder{enc: enc, w: w} 280} 281 282// EncodedLen returns the length in bytes of the base32 encoding 283// of an input buffer of length n. 284func (enc *Encoding) EncodedLen(n int) int { 285 if enc.padChar == NoPadding { 286 return n/5*8 + (n%5*8+4)/5 287 } 288 return (n + 4) / 5 * 8 289} 290 291/* 292 * Decoder 293 */ 294 295type CorruptInputError int64 296 297func (e CorruptInputError) Error() string { 298 return "illegal base32 data at input byte " + strconv.FormatInt(int64(e), 10) 299} 300 301// decode is like Decode but returns an additional 'end' value, which 302// indicates if end-of-message padding was encountered and thus any 303// additional data is an error. This method assumes that src has been 304// stripped of all supported whitespace ('\r' and '\n'). 305func (enc *Encoding) decode(dst, src []byte) (n int, end bool, err error) { 306 // Lift the nil check outside of the loop. 307 _ = enc.decodeMap 308 309 dsti := 0 310 olen := len(src) 311 312 for len(src) > 0 && !end { 313 // Decode quantum using the base32 alphabet 314 var dbuf [8]byte 315 dlen := 8 316 317 for j := 0; j < 8; { 318 319 if len(src) == 0 { 320 if enc.padChar != NoPadding { 321 // We have reached the end and are missing padding 322 return n, false, CorruptInputError(olen - len(src) - j) 323 } 324 // We have reached the end and are not expecting any padding 325 dlen, end = j, true 326 break 327 } 328 in := src[0] 329 src = src[1:] 330 if in == byte(enc.padChar) && j >= 2 && len(src) < 8 { 331 // We've reached the end and there's padding 332 if len(src)+j < 8-1 { 333 // not enough padding 334 return n, false, CorruptInputError(olen) 335 } 336 for k := 0; k < 8-1-j; k++ { 337 if len(src) > k && src[k] != byte(enc.padChar) { 338 // incorrect padding 339 return n, false, CorruptInputError(olen - len(src) + k - 1) 340 } 341 } 342 dlen, end = j, true 343 // 7, 5 and 2 are not valid padding lengths, and so 1, 3 and 6 are not 344 // valid dlen values. See RFC 4648 Section 6 "Base 32 Encoding" listing 345 // the five valid padding lengths, and Section 9 "Illustrations and 346 // Examples" for an illustration for how the 1st, 3rd and 6th base32 347 // src bytes do not yield enough information to decode a dst byte. 348 if dlen == 1 || dlen == 3 || dlen == 6 { 349 return n, false, CorruptInputError(olen - len(src) - 1) 350 } 351 break 352 } 353 dbuf[j] = enc.decodeMap[in] 354 if dbuf[j] == 0xFF { 355 return n, false, CorruptInputError(olen - len(src) - 1) 356 } 357 j++ 358 } 359 360 // Pack 8x 5-bit source blocks into 5 byte destination 361 // quantum 362 switch dlen { 363 case 8: 364 dst[dsti+4] = dbuf[6]<<5 | dbuf[7] 365 n++ 366 fallthrough 367 case 7: 368 dst[dsti+3] = dbuf[4]<<7 | dbuf[5]<<2 | dbuf[6]>>3 369 n++ 370 fallthrough 371 case 5: 372 dst[dsti+2] = dbuf[3]<<4 | dbuf[4]>>1 373 n++ 374 fallthrough 375 case 4: 376 dst[dsti+1] = dbuf[1]<<6 | dbuf[2]<<1 | dbuf[3]>>4 377 n++ 378 fallthrough 379 case 2: 380 dst[dsti+0] = dbuf[0]<<3 | dbuf[1]>>2 381 n++ 382 } 383 dsti += 5 384 } 385 return n, end, nil 386} 387 388// Decode decodes src using the encoding enc. It writes at most 389// [Encoding.DecodedLen](len(src)) bytes to dst and returns the number of bytes 390// written. If src contains invalid base32 data, it will return the 391// number of bytes successfully written and [CorruptInputError]. 392// Newline characters (\r and \n) are ignored. 393func (enc *Encoding) Decode(dst, src []byte) (n int, err error) { 394 buf := make([]byte, len(src)) 395 l := stripNewlines(buf, src) 396 n, _, err = enc.decode(dst, buf[:l]) 397 return 398} 399 400// AppendDecode appends the base32 decoded src to dst 401// and returns the extended buffer. 402// If the input is malformed, it returns the partially decoded src and an error. 403func (enc *Encoding) AppendDecode(dst, src []byte) ([]byte, error) { 404 // Compute the output size without padding to avoid over allocating. 405 n := len(src) 406 for n > 0 && rune(src[n-1]) == enc.padChar { 407 n-- 408 } 409 n = decodedLen(n, NoPadding) 410 411 dst = slices.Grow(dst, n) 412 n, err := enc.Decode(dst[len(dst):][:n], src) 413 return dst[:len(dst)+n], err 414} 415 416// DecodeString returns the bytes represented by the base32 string s. 417func (enc *Encoding) DecodeString(s string) ([]byte, error) { 418 buf := []byte(s) 419 l := stripNewlines(buf, buf) 420 n, _, err := enc.decode(buf, buf[:l]) 421 return buf[:n], err 422} 423 424type decoder struct { 425 err error 426 enc *Encoding 427 r io.Reader 428 end bool // saw end of message 429 buf [1024]byte // leftover input 430 nbuf int 431 out []byte // leftover decoded output 432 outbuf [1024 / 8 * 5]byte 433} 434 435func readEncodedData(r io.Reader, buf []byte, min int, expectsPadding bool) (n int, err error) { 436 for n < min && err == nil { 437 var nn int 438 nn, err = r.Read(buf[n:]) 439 n += nn 440 } 441 // data was read, less than min bytes could be read 442 if n < min && n > 0 && err == io.EOF { 443 err = io.ErrUnexpectedEOF 444 } 445 // no data was read, the buffer already contains some data 446 // when padding is disabled this is not an error, as the message can be of 447 // any length 448 if expectsPadding && min < 8 && n == 0 && err == io.EOF { 449 err = io.ErrUnexpectedEOF 450 } 451 return 452} 453 454func (d *decoder) Read(p []byte) (n int, err error) { 455 // Use leftover decoded output from last read. 456 if len(d.out) > 0 { 457 n = copy(p, d.out) 458 d.out = d.out[n:] 459 if len(d.out) == 0 { 460 return n, d.err 461 } 462 return n, nil 463 } 464 465 if d.err != nil { 466 return 0, d.err 467 } 468 469 // Read a chunk. 470 nn := (len(p) + 4) / 5 * 8 471 if nn < 8 { 472 nn = 8 473 } 474 if nn > len(d.buf) { 475 nn = len(d.buf) 476 } 477 478 // Minimum amount of bytes that needs to be read each cycle 479 var min int 480 var expectsPadding bool 481 if d.enc.padChar == NoPadding { 482 min = 1 483 expectsPadding = false 484 } else { 485 min = 8 - d.nbuf 486 expectsPadding = true 487 } 488 489 nn, d.err = readEncodedData(d.r, d.buf[d.nbuf:nn], min, expectsPadding) 490 d.nbuf += nn 491 if d.nbuf < min { 492 return 0, d.err 493 } 494 if nn > 0 && d.end { 495 return 0, CorruptInputError(0) 496 } 497 498 // Decode chunk into p, or d.out and then p if p is too small. 499 var nr int 500 if d.enc.padChar == NoPadding { 501 nr = d.nbuf 502 } else { 503 nr = d.nbuf / 8 * 8 504 } 505 nw := d.enc.DecodedLen(d.nbuf) 506 507 if nw > len(p) { 508 nw, d.end, err = d.enc.decode(d.outbuf[0:], d.buf[0:nr]) 509 d.out = d.outbuf[0:nw] 510 n = copy(p, d.out) 511 d.out = d.out[n:] 512 } else { 513 n, d.end, err = d.enc.decode(p, d.buf[0:nr]) 514 } 515 d.nbuf -= nr 516 for i := 0; i < d.nbuf; i++ { 517 d.buf[i] = d.buf[i+nr] 518 } 519 520 if err != nil && (d.err == nil || d.err == io.EOF) { 521 d.err = err 522 } 523 524 if len(d.out) > 0 { 525 // We cannot return all the decoded bytes to the caller in this 526 // invocation of Read, so we return a nil error to ensure that Read 527 // will be called again. The error stored in d.err, if any, will be 528 // returned with the last set of decoded bytes. 529 return n, nil 530 } 531 532 return n, d.err 533} 534 535type newlineFilteringReader struct { 536 wrapped io.Reader 537} 538 539// stripNewlines removes newline characters and returns the number 540// of non-newline characters copied to dst. 541func stripNewlines(dst, src []byte) int { 542 offset := 0 543 for _, b := range src { 544 if b == '\r' || b == '\n' { 545 continue 546 } 547 dst[offset] = b 548 offset++ 549 } 550 return offset 551} 552 553func (r *newlineFilteringReader) Read(p []byte) (int, error) { 554 n, err := r.wrapped.Read(p) 555 for n > 0 { 556 s := p[0:n] 557 offset := stripNewlines(s, s) 558 if err != nil || offset > 0 { 559 return offset, err 560 } 561 // Previous buffer entirely whitespace, read again 562 n, err = r.wrapped.Read(p) 563 } 564 return n, err 565} 566 567// NewDecoder constructs a new base32 stream decoder. 568func NewDecoder(enc *Encoding, r io.Reader) io.Reader { 569 return &decoder{enc: enc, r: &newlineFilteringReader{r}} 570} 571 572// DecodedLen returns the maximum length in bytes of the decoded data 573// corresponding to n bytes of base32-encoded data. 574func (enc *Encoding) DecodedLen(n int) int { 575 return decodedLen(n, enc.padChar) 576} 577 578func decodedLen(n int, padChar rune) int { 579 if padChar == NoPadding { 580 return n/8*5 + n%8*5/8 581 } 582 return n / 8 * 5 583} 584