enhanced base64 related tests

src/misc/base64/base64_decode.c

@@ -115,8 +115,8 @@ static int _base64_decode_internal(const char *in,  unsigned long inlen,
           else
              return CRYPT_INVALID_PACKET;
        }
-       if (g > 0) {
-          /* we only allow '=' to be at the end */
+       if ((g > 0) && (mode != insane)) {
+          /* we only allow '=' to be at the end (strict+relaxed) */
           return CRYPT_INVALID_PACKET;
        }
 

tests/base64_test.c

@@ -9,6 +9,8 @@
 #include  <tomcrypt_test.h>
 
 #if defined(LTC_BASE64) || defined(LTC_BASE64_URL)
+enum { insane = 0, strict = 1, relaxed = 2, invalid = 666 };
+
 int base64_test(void)
 {
    unsigned char in[64], tmp[64];
@@ -47,39 +49,68 @@ int base64_test(void)
 #ifdef LTC_BASE64_URL
    const struct {
       const char* s;
-      int is_strict;
+      int flag;
    } url_cases[] = {
-         {"vuiSPKIl8PiR5O-rC4z9_xTQKZ0", 0},
-         {"vuiSPKIl8PiR5O-rC4z9_xTQKZ0=", 1},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0", 0},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0=", 0},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0==", 0},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0===", 0},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0====", 0},
-         {"vuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0=", 0},
-         {"vuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0= = = ", 0},
-         {"\nvuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0=\n", 0},
+         {"vuiSPKIl8PiR5O-rC4z9_xTQKZ0", strict},                       /* 0 */
+         {"vuiSPKIl8PiR5O-rC4z9_xTQKZ0=", strict},
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0", insane},
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0=", insane},
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0==", insane},
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0===", insane},                 /* 5 */
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0====", insane},
+         {"vuiS*=PKIl8P*iR5O-rC4*z9_xTQKZ0=", insane},
+         {"vuiS*==PKIl8P*iR5O-rC4*z9_xTQKZ0=", insane},
+         {"vuiS*==\xffPKIl8P*iR5O-rC4*z9_xTQKZ0=", insane},
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0", relaxed},                 /* 10 */
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0=", relaxed},
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0==", relaxed},
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0===", relaxed},
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0====", relaxed},
+         {"vuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0=", relaxed},               /* 15 */
+         {"vuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0= = =\x00", relaxed},
+         {"\nvuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0=\n", relaxed},
+         {"vuiSPKIl8PiR5O-rC4z9_xTQK", invalid},
    };
 
    for (x = 0; x < sizeof(url_cases)/sizeof(url_cases[0]); ++x) {
        slen1 = strlen(url_cases[x].s);
        l1 = sizeof(tmp);
-       if(url_cases[x].is_strict)
+       if(url_cases[x].flag == strict) {
           DO(base64url_strict_decode(url_cases[x].s, slen1, tmp, &l1));
-       else
+          DO(do_compare_testvector(tmp, l1, special_case, sizeof(special_case) - 1, "base64url_strict_decode", x));
+          DO(base64url_sane_decode(url_cases[x].s, slen1, tmp, &l1));
+          DO(do_compare_testvector(tmp, l1, special_case, sizeof(special_case) - 1, "base64url_sane_decode/strict", x));
+          DO(base64url_decode(url_cases[x].s, slen1, tmp, &l1));
+          DO(do_compare_testvector(tmp, l1, special_case, sizeof(special_case) - 1, "base64url_decode/strict", x));
+       }
+       else if(url_cases[x].flag == relaxed) {
+          DO(base64url_strict_decode(url_cases[x].s, slen1, tmp, &l1) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR);
+          DO(base64url_sane_decode(url_cases[x].s, slen1, tmp, &l1));
+          DO(do_compare_testvector(tmp, l1, special_case, sizeof(special_case) - 1, "base64url_sane_decode/relaxed", x));
+          DO(base64url_decode(url_cases[x].s, slen1, tmp, &l1));
+          DO(do_compare_testvector(tmp, l1, special_case, sizeof(special_case) - 1, "base64url_decode/relaxed", x));
+       }
+       else if(url_cases[x].flag == insane) {
+          DO(base64url_strict_decode(url_cases[x].s, slen1, tmp, &l1) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR);
+          DO(base64url_sane_decode(url_cases[x].s, slen1, tmp, &l1) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR);
           DO(base64url_decode(url_cases[x].s, slen1, tmp, &l1));
-       DO(do_compare_testvector(tmp, l1, special_case, sizeof(special_case) - 1, "base64url decode", x));
-       if(x < 2) {
-          l2 = sizeof(out);
-          if(x == 0)
-             DO(base64url_encode(tmp, l1, out, &l2));
-          else
-             DO(base64url_strict_encode(tmp, l1, out, &l2));
-          DO(do_compare_testvector(out, l2, url_cases[x].s, strlen(url_cases[x].s), "base64url encode", x));
+          DO(do_compare_testvector(tmp, l1, special_case, sizeof(special_case) - 1, "base64url_decode/insane", x));
+       }
+       else { /* invalid */
+          DO(base64url_strict_decode(url_cases[x].s, slen1, tmp, &l1) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR);
+          DO(base64url_sane_decode(url_cases[x].s, slen1, tmp, &l1) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR);
+          DO(base64url_decode(url_cases[x].s, slen1, tmp, &l1) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR);
+       }
+       l2 = sizeof(out);
+       if(x == 0) {
+          DO(base64url_encode(tmp, l1, out, &l2));
+          DO(do_compare_testvector(out, l2, url_cases[x].s, strlen(url_cases[x].s), "base64url_encode", x));
+       }
+       if(x == 1) {
+          DO(base64url_strict_encode(tmp, l1, out, &l2));
+          DO(do_compare_testvector(out, l2, url_cases[x].s, strlen(url_cases[x].s), "base64url_strict_encode", x));
        }
    }
-
-   DO(base64url_strict_decode(url_cases[4].s, slen1, tmp, &l1) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_INVALID_PACKET);
 #endif
 
 #if defined(LTC_BASE64)
@@ -89,10 +120,14 @@ int base64_test(void)
        slen1 = strlen(cases[x].s);
        l1 = sizeof(out);
        DO(base64_encode((unsigned char*)cases[x].s, slen1, out, &l1));
+       DO(do_compare_testvector(out, l1, cases[x].b64, strlen(cases[x].b64), "base64_encode", x));
        l2 = sizeof(tmp);
        DO(base64_strict_decode(out, l1, tmp, &l2));
-       DO(do_compare_testvector(out, l1, cases[x].b64, strlen(cases[x].b64), "base64 encode", x));
-       DO(do_compare_testvector(tmp, l2, cases[x].s, slen1, "base64 decode", x));
+       DO(do_compare_testvector(tmp, l2, cases[x].s, slen1, "base64_strict_decode", x));
+       DO(base64_sane_decode(out, l1, tmp, &l2));
+       DO(do_compare_testvector(tmp, l2, cases[x].s, slen1, "base64_sane_decode", x));
+       DO(base64_decode(out, l1, tmp, &l2));
+       DO(do_compare_testvector(tmp, l2, cases[x].s, slen1, "base64_decode", x));
    }
 
    for  (x = 0; x < 64; x++) {
@@ -106,15 +141,20 @@ int base64_test(void)
 
    x--;
    memmove(&out[11], &out[10], l1 - 10);
-   out[10] = ' ';
    l1++;
    l2 = sizeof(tmp);
+
+   out[10] = 0;
    DO(base64_decode(out, l1, tmp, &l2));
-   if (compare_testvector(tmp, l2, in, l2, "relaxed base64 decoding", -1)) {
-       print_hex("input ", out, l1);
-       return 1;
-   }
-   l2 = sizeof(tmp);
+   DO(compare_testvector(tmp, l2, in, l2, "insane base64 decoding (NUL)", -1));
+   DO(base64_sane_decode(out, l1, tmp, &l2) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_INVALID_PACKET);
+   DO(base64_strict_decode(out, l1, tmp, &l2) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_INVALID_PACKET);
+
+   out[10] = 9; /* tab */
+   DO(base64_decode(out, l1, tmp, &l2));
+   DO(compare_testvector(tmp, l2, in, l2, "insane base64 decoding (TAB)", -1));
+   DO(base64_sane_decode(out, l1, tmp, &l2));
+   DO(compare_testvector(tmp, l2, in, l2, "relaxed base64 decoding (TAB)", -1));
    DO(base64_strict_decode(out, l1, tmp, &l2) == CRYPT_INVALID_PACKET ? CRYPT_OK : CRYPT_INVALID_PACKET);
 #endif