DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
Loading...
Searching...
No Matches
base64.cpp File Reference

Base64 encoder/decoder implementation. More...

#include "base64.h"
#include <stddef.h>
#include "mbedtls/base64.h"
#include <string.h>

Go to the source code of this file.

Functions

void base64_encode (const uint8_t *src, size_t src_len, char *dst)
 Encode src_len bytes of src as Base64.
 
size_t base64_decode (const char *src, uint8_t *dst, size_t dst_cap)
 Decode a null-terminated Base64 string.
 
size_t base64url_encode (const uint8_t *src, size_t src_len, char *dst)
 Encode src_len bytes as base64url (RFC 4648 section 5): '-' / '_' in place of '+' / '/', and no '=' padding.
 
size_t base64url_decode (const char *src, size_t src_len, uint8_t *dst, size_t dst_cap)
 Decode src_len characters of base64url (RFC 4648 section 5, '-'/'_' alphabet; an '=' ends the input).
 

Detailed Description

Base64 encoder/decoder implementation.

Encode is a single portable software codec (RFC 4648) on every target: it is byte-identical to mbedTLS's but ~20x faster on the ESP32-S3 (docs/FEATURE_PERFORMANCE.md section 2), and it only ever encodes public data here (the SHA-1 in the WebSocket accept), so a data-dependent table lookup is fine.

Decode is split by target. It is the only path that touches a secret (the Basic-auth credentials it decodes, RFC 7617), so on the ESP32 it delegates to mbedTLS's constant-time base64 decoder (mbedtls_ct_base64_dec_value, which evaluates every alphabet range with branchless masks so the timing / cache pattern does not leak the bytes). On the native test target it uses the portable software decoder. mbedTLS decode is ~8x slower but runs once per authenticated request, not in a byte loop. (JWT / OIDC use base64url below, which has always been the software codec.)

Definition in file base64.cpp.

Function Documentation

◆ base64_encode()

void base64_encode ( const uint8_t *  src,
size_t  src_len,
char *  dst 
)

Encode src_len bytes of src as Base64.

Writes a null-terminated string into dst. dst must be at least ((src_len + 2) / 3) * 4 + 1 bytes.

Parameters
srcInput bytes.
src_lenNumber of input bytes.
dstOutput buffer (null-terminated Base64 string).

Definition at line 26 of file base64.cpp.

Referenced by base64url_encode().

◆ base64_decode()

size_t base64_decode ( const char *  src,
uint8_t *  dst,
size_t  dst_cap 
)

Decode a null-terminated Base64 string.

Writes decoded bytes into dst, never writing more than dst_cap bytes. Returns the number of decoded bytes, or 0 on invalid input or if the decoded output would exceed dst_cap (the write is bounded - no overflow). The caller must leave room for any terminator it adds afterward (pass a capacity one less than the buffer size if it will null-terminate at the returned length).

Parameters
srcNull-terminated Base64 input string.
dstOutput byte buffer.
dst_capCapacity of dst in bytes.
Returns
Number of bytes written to dst, or 0 on error / overflow.

Definition at line 65 of file base64.cpp.

◆ base64url_encode()

size_t base64url_encode ( const uint8_t *  src,
size_t  src_len,
char *  dst 
)

Encode src_len bytes as base64url (RFC 4648 section 5): '-' / '_' in place of '+' / '/', and no '=' padding.

Writes a null-terminated string into dst, which must hold at least ((src_len + 2) / 3) * 4 + 1 bytes (the same as base64_encode; the URL form is never longer).

Returns
the number of characters written.

Definition at line 163 of file base64.cpp.

References base64_encode().

◆ base64url_decode()

size_t base64url_decode ( const char *  src,
size_t  src_len,
uint8_t *  dst,
size_t  dst_cap 
)

Decode src_len characters of base64url (RFC 4648 section 5, '-'/'_' alphabet; an '=' ends the input).

Strict: the standard '+'/'/' characters are rejected so a JWS/JWT segment is decoded as base64url only (RFC 7515), never as a mixed alphabet. Streaming decoder - no padding or buffer length restriction. Writes at most dst_cap bytes; returns the number written, or 0 on an invalid character or if the output would exceed dst_cap (the write is bounded - no overflow).

Definition at line 200 of file base64.cpp.