Replace OpenSSL base64 impl with a simple direct impl.

Unit tests, too.

src/crypto/base64.cc

@@ -31,103 +31,78 @@
 */
 
 #include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
+#include <stdlib.h>
 
 #include "fatal_assert.h"
 #include "base64.h"
 
-bool base64_decode( const char *b64, const size_t b64_len,
-		    char *raw, size_t *raw_len )
-{
-  bool ret = false;
+static const char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 
+/* Reverse maps from an ASCII char to a base64 sixbit value.  Returns > 0x3f on failure. */
+static unsigned char base64_char_to_sixbit(char c)
+{
+  /*
+   * Yes, this is slow.  But it's also very simple, and easy to verify.
+   * We don't need performance here.
+   */
+  const char *match = strchr(table, c);
+  if (!match) {
+    return 0xff;
+  }
+  return match - table;
+}
+
+bool base64_decode( const char *b64, const size_t b64_len,
+		    uint8_t *raw, size_t *raw_len )
+{
   fatal_assert( b64_len == 24 ); /* only useful for Mosh keys */
   fatal_assert( *raw_len == 16 );
 
-  /* initialize input/output */
-  BIO_METHOD *b64_method = BIO_f_base64();
-  fatal_assert( b64_method );
-
-  BIO *b64_bio = BIO_new( b64_method );
-  fatal_assert( b64_bio );
-
-  BIO_set_flags( b64_bio, BIO_FLAGS_BASE64_NO_NL );
-
-  BIO *mem_bio = BIO_new_mem_buf( (void *) b64, b64_len );
-  fatal_assert( mem_bio );
-
-  BIO *combined_bio = BIO_push( b64_bio, mem_bio );
-  fatal_assert( combined_bio );
-
-  fatal_assert( 1 == BIO_flush( combined_bio ) );
-  
-  /* read the string */
-  int bytes_read = BIO_read( combined_bio, raw, *raw_len );
-  if ( bytes_read <= 0 ) {
-    goto end;
+  uint32_t bytes = 0;
+  for (int i = 0; i < 22; i++) {
+    unsigned char sixbit = base64_char_to_sixbit(*(b64++));
+    if (sixbit > 0x3f) {
+      return false;
+    }
+    bytes <<= 6;
+    bytes |= sixbit;
+    /* write groups of 3 */
+    if (i % 4 == 3) {
+      raw[0] = bytes >> 16;
+      raw[1] = bytes >> 8;
+      raw[2] = bytes;
+      raw += 3;
+      bytes = 0;
+    }
+  }
+  /* last byte of output */
+  *raw = bytes >> 4;
+  if (b64[0] != '=' || b64[1] != '=') {
+    return false;
+  }
+  return true;
 }
 
-  if ( bytes_read != (int)*raw_len ) {
-    goto end;
-  }
-
-  fatal_assert( 1 == BIO_flush( combined_bio ) );
-
-  /* check if there is more to read */
-  char extra[ 256 ];
-  bytes_read = BIO_read( combined_bio, extra, 256 );
-  if ( bytes_read > 0 ) {
-    goto end;
-  }
-
-  /* check if mem buf is empty */
-  if ( !BIO_eof( mem_bio ) ) {
-    goto end;
-  }
-
-  ret = true;
- end:
-  BIO_free_all( combined_bio );
-  return ret;
-}
-
-void base64_encode( const char *raw, const size_t raw_len,
+void base64_encode( const uint8_t *raw, const size_t raw_len,
 		    char *b64, const size_t b64_len )
 {
   fatal_assert( b64_len == 24 ); /* only useful for Mosh keys */
   fatal_assert( raw_len == 16 );
 
-  /* initialize input/output */
-  BIO_METHOD *b64_method = BIO_f_base64(), *mem_method = BIO_s_mem();
-  fatal_assert( b64_method );
-  fatal_assert( mem_method );
-
-  BIO *b64_bio = BIO_new( b64_method ), *mem_bio = BIO_new( mem_method );
-  fatal_assert( b64_bio );
-  fatal_assert( mem_bio );
-
-  BIO_set_flags( b64_bio, BIO_FLAGS_BASE64_NO_NL );
-
-  BIO *combined_bio = BIO_push( b64_bio, mem_bio );
-  fatal_assert( combined_bio );
-  
-  /* write the string */
-  int bytes_written = BIO_write( combined_bio, raw, raw_len  );
-  fatal_assert( bytes_written >= 0 );
-
-  fatal_assert( bytes_written == (int)raw_len );
-
-  fatal_assert( 1 == BIO_flush( combined_bio ) );
-
-  /* check if mem buf has desired length */
-  fatal_assert( BIO_pending( mem_bio ) == (int)b64_len );
-
-  char *mem_ptr;
-
-  BIO_get_mem_data( mem_bio, &mem_ptr );
-
-  memcpy( b64, mem_ptr, b64_len );
-
-  BIO_free_all( combined_bio );
+  /* first 15 bytes of input */
+  for (int i = 0; i < 5; i++) {
+    uint32_t bytes = (raw[0] << 16) | (raw[1] << 8) | raw[2];
+    b64[0] = table[(bytes >> 18) & 0x3f];
+    b64[1] = table[(bytes >> 12) & 0x3f];
+    b64[2] = table[(bytes >> 6) & 0x3f];
+    b64[3] = table[(bytes) & 0x3f];
+    raw += 3;
+    b64 += 4;
+  }
+  
+  /* last byte of input, last 4 of output */
+  b64[0] = table[*raw >> 2];
+  b64[1] = table[(*raw << 4) & 0x3f];
+  b64[2] = '=';
+  b64[3] = '=';
 }

src/crypto/base64.h

@@ -30,8 +30,10 @@
     also delete it here.
 */
 
-bool base64_decode( const char *b64, const size_t b64_len,
-		    char *raw, size_t *raw_len );
+#include <stdint.h>
 
-void base64_encode( const char *raw, const size_t raw_len,
+bool base64_decode( const char *b64, const size_t b64_len,
+		    uint8_t *raw, size_t *raw_len );
+
+void base64_encode( const uint8_t *raw, const size_t raw_len,
 		    char *b64, const size_t b64_len );

src/crypto/crypto.cc

@@ -105,7 +105,7 @@ Base64Key::Base64Key( string printable_key )
   string base64 = printable_key + "==";
 
   size_t len = 16;
-  if ( !base64_decode( base64.data(), 24, (char *)&key[ 0 ], &len ) ) {
+  if ( !base64_decode( base64.data(), 24, key, &len ) ) {
     throw CryptoException( "Key must be well-formed base64." );
   }
 
@@ -124,11 +124,16 @@ Base64Key::Base64Key()
   PRNG().fill( key, sizeof( key ) );
 }
 
+Base64Key::Base64Key(PRNG &prng)
+{
+  prng.fill( key, sizeof( key ) );
+}
+
 string Base64Key::printable_key( void ) const
 {
   char base64[ 24 ];
   
-  base64_encode( (char *)key, 16, base64, 24 );
+  base64_encode( key, 16, base64, 24 );
 
   if ( (base64[ 23 ] != '=')
        || (base64[ 22 ] != '=') ) {

src/crypto/crypto.h

@@ -44,7 +44,10 @@ using std::string;
 
 long int myatoi( const char *str );
 
+class PRNG;
+
 namespace Crypto {
+
   class CryptoException : public std::exception {
   public:
     string text;
@@ -84,6 +87,7 @@ namespace Crypto {
 
   public:
     Base64Key(); /* random key */
+    Base64Key(PRNG &prng);
     Base64Key( string printable_key );
     string printable_key( void ) const;
     unsigned char *data( void ) { return key; }

src/tests/Makefile.am

@@ -16,12 +16,16 @@ displaytests = \
 	unicode-combine-fallback-assert.test \
 	unicode-later-combining.test
 
-check_PROGRAMS = ocb-aes encrypt-decrypt
-TESTS = ocb-aes encrypt-decrypt $(displaytests)
+check_PROGRAMS = ocb-aes encrypt-decrypt base64
+TESTS = ocb-aes encrypt-decrypt base64 $(displaytests)
 XFAIL_TESTS = \
 	e2e-failure.test \
 	emulation-back-tab.test
 
+base64_vector.cc: $(srcdir)/genbase64.pl
+	$(AM_V_GEN)echo '#include "base64_vector.h"' > base64_vector.cc || rm base64_vector.cc
+	$(AM_V_GEN)perl $(srcdir)/genbase64.pl >> base64_vector.cc || rm base64_vector.cc
+
 ocb_aes_SOURCES = ocb-aes.cc test_utils.cc test_utils.h
 ocb_aes_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util
 ocb_aes_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS)
@@ -30,7 +34,13 @@ encrypt_decrypt_SOURCES = encrypt-decrypt.cc test_utils.cc test_utils.h
 encrypt_decrypt_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util
 encrypt_decrypt_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS)
 
+base64_SOURCES = base64.cc base64_vector.cc base64_vector.h genbase64.pl
+base64_CPPFLAGS = $(ocb_aes_CPPFLAGS)
+base64_LDADD = $(ocb_aes_LDADD)
+
 clean-local: clean-local-check
 .PHONY: clean-local-check
 clean-local-check:
 	-for i in $(displaytests); do rm -rf $$i.d/; done
+
+CLEANFILES = base64_vector.cc

src/tests/base64.cc

@@ -0,0 +1,141 @@
+/*
+    Mosh: the mobile shell
+    Copyright 2012 Keith Winstein
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of portions of this program with the
+    OpenSSL library under certain conditions as described in each
+    individual source file, and distribute linked combinations including
+    the two.
+
+    You must obey the GNU General Public License in all respects for all
+    of the code used other than OpenSSL. If you modify file(s) with this
+    exception, you may extend this exception to your version of the
+    file(s), but you are not obligated to do so. If you do not wish to do
+    so, delete this exception statement from your version. If you delete
+    this exception statement from all source files in the program, then
+    also delete it here.
+*/
+
+/* Test suite for the OCB-AES reference implementation included with Mosh.
+
+   This tests cryptographic primitives implemented by others.  It uses the
+   same interfaces and indeed the same compiled object code as the Mosh
+   client and server.  It does not particularly test any code written for
+   the Mosh project. */
+
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "base64.h"
+#include "base64_vector.h"
+#include "crypto.h"
+#include "prng.h"
+#include "fatal_assert.h"
+// #include "test_utils.h"
+
+#define KEY_LEN   16
+#define NONCE_LEN 12
+#define TAG_LEN   16
+
+bool verbose = false;
+
+static void test_base64( void ) {
+  /* run through a test vector */
+  char encoded[25];
+  uint8_t decoded[16];
+  size_t b64_len = 24;
+  size_t raw_len = 16;
+  for ( base64_test_row *row = static_base64_vector; *row->native != '\0'; row++ ) {
+    memset(encoded, '\0', sizeof encoded);
+    memset(decoded, '\0', sizeof decoded);
+
+    base64_encode(static_cast<const uint8_t *>(row->native), raw_len, encoded, b64_len);
+    fatal_assert( b64_len == 24 );
+    fatal_assert( !memcmp(row->encoded, encoded, sizeof encoded));
+
+    fatal_assert( base64_decode(row->encoded, b64_len, decoded, &raw_len ));
+    fatal_assert( raw_len == 16 );
+    fatal_assert( !memcmp(row->native, decoded, sizeof decoded));
+  }
+  if ( verbose ) {
+    printf( "validation PASSED\n" );
+  }
+  /* try 0..255 in the last byte; make sure the final two characters are output properly */
+  uint8_t source[16];
+  memset(source, '\0', sizeof source);
+  for ( int i = 0; i < 256; i++ ) {
+    source[15] = i;
+    base64_encode(source, raw_len, encoded, b64_len);
+    fatal_assert( b64_len == 24 );
+
+    fatal_assert( base64_decode(encoded, b64_len, decoded, &raw_len ));
+    fatal_assert( raw_len == 16 );
+    fatal_assert( !memcmp(source, decoded, sizeof decoded));
+  }
+  if ( verbose ) {
+    printf( "last-byte PASSED\n" );
+  }
+
+  /* randomly try keys */
+  PRNG prng;
+  for ( int i = 0; i < ( 1<<17 ); i++ ) {
+    Base64Key key1(prng);
+    Base64Key key2(key1.printable_key());
+    fatal_assert( key1.printable_key() == key2.printable_key() && !memcmp(key1.data(), key2.data(), 16 ));
+  }
+  if ( verbose ) {
+    printf( "random PASSED\n" );
+  }
+
+  /* test bad keys */
+  const char *bad_keys[] = {
+    "",
+    "AAAAAAAAAAAAAAAAAAAAAA",
+    "AAAAAAAAAAAAAAAAAAAAAA=",
+    "AAAAAAAAAAAAAAAAAAAAA==",
+    "AAAAAAAAAAAAAAAAAAAAAAA==",
+    "AAAAAAAAAAAAAAAAAAAAAAAA==",
+    "AAAAAAAAAAAAAAAAAAAAAA~=",
+    "AAAAAAAAAAAAAAAAAAAAAA=~",
+    "~AAAAAAAAAAAAAAAAAAAAA==",
+    "AAAAAAAAAAAAAAAAAAAA~A==",
+    "AAAAAAAAAAAAAAAAAAAAA~==",
+    "AAAAAAAAAA~AAAAAAAAAAA==",
+    "AAAAAAAAAA==",
+    NULL,
+  };
+  for ( const char **key = bad_keys; *key != NULL; key++ ) {
+    b64_len = 24;
+    raw_len = 16;
+    fatal_assert( !base64_decode(*key, b64_len, decoded, &raw_len ));
+  }
+  if ( verbose ) {
+    printf( "bad-keys PASSED\n" );
+  }
+}
+
+int main( int argc, char *argv[] )
+{
+  if ( argc >= 2 && strcmp( argv[ 1 ], "-v" ) == 0 ) {
+    verbose = true;
+  }
+
+  test_base64();
+
+  return 0;
+}

src/tests/base64_vector.h

@@ -0,0 +1,3 @@
+struct base64_test_row { const unsigned char native[17]; const char encoded[25]; };
+typedef base64_test_row *base64_test_vector;
+extern base64_test_row static_base64_vector[];

src/tests/genbase64.pl

@@ -0,0 +1,28 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use MIME::Base64;
+
+my @vectors = (
+    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+    "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff",
+    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff",
+    "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00",
+    "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+    "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x55\x55\x55\x55\x55\x55\x55\x55",
+    "\x55\x55\x55\x55\x55\x55\x55\x55\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+    "\x01\x02\x04\x08\x10\x20\x40\x80\xfe\xfd\xfb\xf7\xef\xdf\xbf\x7f",
+    );
+
+print 'base64_test_row static_base64_vector[] = {' . "\n";
+for my $v (@vectors) {
+    print '    { "';
+    my @chars = split '', $v;
+    for my $c (@chars) {
+	printf "\\x%02x", ord($c);
+    }
+    print '", "' . encode_base64($v, "") . '" },' . "\n";
+}
+print '    { "", "" }' . "\n";
+print "};\n";