1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package base64 implements base64 encoding as specified by RFC 4648.
19 // An Encoding is a radix 64 encoding/decoding scheme, defined by a
20 // 64-character alphabet. The most common encoding is the "base64"
21 // encoding defined in RFC 4648 and used in MIME (RFC 2045) and PEM
22 // (RFC 1421). RFC 4648 also defines an alternate encoding, which is
23 // the standard encoding with - and _ substituted for + and /.
24 type Encoding struct {
32 StdPadding rune = '=' // Standard padding character
33 NoPadding rune = -1 // No padding
34 decodeMapInitialize = "" +
35 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
36 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
37 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
38 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
39 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
40 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
41 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
42 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
43 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
44 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
45 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
46 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
47 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
48 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
49 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +
50 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
53 const encodeStd = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
54 const encodeURL = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
56 // NewEncoding returns a new padded Encoding defined by the given alphabet,
57 // which must be a 64-byte string that does not contain the padding character
58 // or CR / LF ('\r', '\n'). The alphabet is treated as sequence of byte values
59 // without any special treatment for multi-byte UTF-8.
60 // The resulting Encoding uses the default padding character ('='),
61 // which may be changed or disabled via WithPadding.
62 func NewEncoding(encoder string) *Encoding {
63 if len(encoder) != 64 {
64 panic("encoding alphabet is not 64-bytes long")
66 for i := 0; i < len(encoder); i++ {
67 if encoder[i] == '\n' || encoder[i] == '\r' {
68 panic("encoding alphabet contains newline character")
73 e.padChar = StdPadding
74 copy(e.encode[:], encoder)
75 copy(e.decodeMap[:], decodeMapInitialize)
77 for i := 0; i < len(encoder); i++ {
78 e.decodeMap[encoder[i]] = byte(i)
83 // WithPadding creates a new encoding identical to enc except
84 // with a specified padding character, or NoPadding to disable padding.
85 // The padding character must not be '\r' or '\n', must not
86 // be contained in the encoding's alphabet and must be a rune equal or
88 // Padding characters above '\x7f' are encoded as their exact byte value
89 // rather than using the UTF-8 representation of the codepoint.
90 func (enc Encoding) WithPadding(padding rune) *Encoding {
91 if padding == '\r' || padding == '\n' || padding > 0xff {
92 panic("invalid padding")
95 for i := 0; i < len(enc.encode); i++ {
96 if rune(enc.encode[i]) == padding {
97 panic("padding contained in alphabet")
101 enc.padChar = padding
105 // Strict creates a new encoding identical to enc except with
106 // strict decoding enabled. In this mode, the decoder requires that
107 // trailing padding bits are zero, as described in RFC 4648 section 3.5.
109 // Note that the input is still malleable, as new line characters
110 // (CR and LF) are still ignored.
111 func (enc Encoding) Strict() *Encoding {
116 // StdEncoding is the standard base64 encoding, as defined in
118 var StdEncoding = NewEncoding(encodeStd)
120 // URLEncoding is the alternate base64 encoding defined in RFC 4648.
121 // It is typically used in URLs and file names.
122 var URLEncoding = NewEncoding(encodeURL)
124 // RawStdEncoding is the standard raw, unpadded base64 encoding,
125 // as defined in RFC 4648 section 3.2.
126 // This is the same as StdEncoding but omits padding characters.
127 var RawStdEncoding = StdEncoding.WithPadding(NoPadding)
129 // RawURLEncoding is the unpadded alternate base64 encoding defined in RFC 4648.
130 // It is typically used in URLs and file names.
131 // This is the same as URLEncoding but omits padding characters.
132 var RawURLEncoding = URLEncoding.WithPadding(NoPadding)
138 // Encode encodes src using the encoding enc, writing
139 // EncodedLen(len(src)) bytes to dst.
141 // The encoding pads the output to a multiple of 4 bytes,
142 // so Encode is not appropriate for use on individual blocks
143 // of a large data stream. Use NewEncoder() instead.
144 func (enc *Encoding) Encode(dst, src []byte) {
148 // enc is a pointer receiver, so the use of enc.encode within the hot
149 // loop below means a nil check at every operation. Lift that nil check
150 // outside of the loop to speed up the encoder.
154 n := (len(src) / 3) * 3
156 // Convert 3x 8bit source bytes into 4 bytes
157 val := uint(src[si+0])<<16 | uint(src[si+1])<<8 | uint(src[si+2])
159 dst[di+0] = enc.encode[val>>18&0x3F]
160 dst[di+1] = enc.encode[val>>12&0x3F]
161 dst[di+2] = enc.encode[val>>6&0x3F]
162 dst[di+3] = enc.encode[val&0x3F]
168 remain := len(src) - si
172 // Add the remaining small block
173 val := uint(src[si+0]) << 16
175 val |= uint(src[si+1]) << 8
178 dst[di+0] = enc.encode[val>>18&0x3F]
179 dst[di+1] = enc.encode[val>>12&0x3F]
183 dst[di+2] = enc.encode[val>>6&0x3F]
184 if enc.padChar != NoPadding {
185 dst[di+3] = byte(enc.padChar)
188 if enc.padChar != NoPadding {
189 dst[di+2] = byte(enc.padChar)
190 dst[di+3] = byte(enc.padChar)
195 // AppendEncode appends the base64 encoded src to dst
196 // and returns the extended buffer.
197 func (enc *Encoding) AppendEncode(dst, src []byte) []byte {
198 n := enc.EncodedLen(len(src))
199 dst = slices.Grow(dst, n)
200 enc.Encode(dst[len(dst):][:n], src)
201 return dst[:len(dst)+n]
204 // EncodeToString returns the base64 encoding of src.
205 func (enc *Encoding) EncodeToString(src []byte) string {
206 buf := make([]byte, enc.EncodedLen(len(src)))
211 type encoder struct {
215 buf [3]byte // buffered data waiting to be encoded
216 nbuf int // number of bytes in buf
217 out [1024]byte // output buffer
220 func (e *encoder) Write(p []byte) (n int, err error) {
228 for i = 0; i < len(p) && e.nbuf < 3; i++ {
237 e.enc.Encode(e.out[:], e.buf[:])
238 if _, e.err = e.w.Write(e.out[:4]); e.err != nil {
244 // Large interior chunks.
246 nn := len(e.out) / 4 * 3
251 e.enc.Encode(e.out[:], p[:nn])
252 if _, e.err = e.w.Write(e.out[0 : nn/3*4]); e.err != nil {
266 // Close flushes any pending output from the encoder.
267 // It is an error to call Write after calling Close.
268 func (e *encoder) Close() error {
269 // If there's anything left in the buffer, flush it out
270 if e.err == nil && e.nbuf > 0 {
271 e.enc.Encode(e.out[:], e.buf[:e.nbuf])
272 _, e.err = e.w.Write(e.out[:e.enc.EncodedLen(e.nbuf)])
278 // NewEncoder returns a new base64 stream encoder. Data written to
279 // the returned writer will be encoded using enc and then written to w.
280 // Base64 encodings operate in 4-byte blocks; when finished
281 // writing, the caller must Close the returned encoder to flush any
282 // partially written blocks.
283 func NewEncoder(enc *Encoding, w io.Writer) io.WriteCloser {
284 return &encoder{enc: enc, w: w}
287 // EncodedLen returns the length in bytes of the base64 encoding
288 // of an input buffer of length n.
289 func (enc *Encoding) EncodedLen(n int) int {
290 if enc.padChar == NoPadding {
291 return n/3*4 + (n%3*8+5)/6 // minimum # chars at 6 bits per char
293 return (n + 2) / 3 * 4 // minimum # 4-char quanta, 3 bytes each
300 type CorruptInputError int64
302 func (e CorruptInputError) Error() string {
303 return "illegal base64 data at input byte " + strconv.FormatInt(int64(e), 10)
306 // decodeQuantum decodes up to 4 base64 bytes. The received parameters are
307 // the destination buffer dst, the source buffer src and an index in the
309 // It returns the number of bytes read from src, the number of bytes written
310 // to dst, and an error, if any.
311 func (enc *Encoding) decodeQuantum(dst, src []byte, si int) (nsi, n int, err error) {
312 // Decode quantum using the base64 alphabet
316 // Lift the nil check outside of the loop.
319 for j := 0; j < len(dbuf); j++ {
324 case j == 1, enc.padChar != NoPadding:
325 return si, 0, CorruptInputError(si - j)
333 out := enc.decodeMap[in]
339 if in == '\n' || in == '\r' {
344 if rune(in) != enc.padChar {
345 return si, 0, CorruptInputError(si - 1)
348 // We've reached the end and there's padding
352 return si, 0, CorruptInputError(si - 1)
354 // "==" is expected, the first "=" is already consumed.
355 // skip over newlines
356 for si < len(src) && (src[si] == '\n' || src[si] == '\r') {
360 // not enough padding
361 return si, 0, CorruptInputError(len(src))
363 if rune(src[si]) != enc.padChar {
365 return si, 0, CorruptInputError(si - 1)
371 // skip over newlines
372 for si < len(src) && (src[si] == '\n' || src[si] == '\r') {
377 err = CorruptInputError(si)
383 // Convert 4x 6bit source bytes into 3 bytes
384 val := uint(dbuf[0])<<18 | uint(dbuf[1])<<12 | uint(dbuf[2])<<6 | uint(dbuf[3])
385 dbuf[2], dbuf[1], dbuf[0] = byte(val>>0), byte(val>>8), byte(val>>16)
393 if enc.strict && dbuf[2] != 0 {
394 return si, 0, CorruptInputError(si - 1)
400 if enc.strict && (dbuf[1] != 0 || dbuf[2] != 0) {
401 return si, 0, CorruptInputError(si - 2)
405 return si, dlen - 1, err
408 // AppendDecode appends the base64 decoded src to dst
409 // and returns the extended buffer.
410 // If the input is malformed, it returns the partially decoded src and an error.
411 func (enc *Encoding) AppendDecode(dst, src []byte) ([]byte, error) {
412 n := enc.DecodedLen(len(src))
413 dst = slices.Grow(dst, n)
414 n, err := enc.Decode(dst[len(dst):][:n], src)
415 return dst[:len(dst)+n], err
418 // DecodeString returns the bytes represented by the base64 string s.
419 func (enc *Encoding) DecodeString(s string) ([]byte, error) {
420 dbuf := make([]byte, enc.DecodedLen(len(s)))
421 n, err := enc.Decode(dbuf, []byte(s))
425 type decoder struct {
427 readErr error // error from r.Read
430 buf [1024]byte // leftover input
432 out []byte // leftover decoded output
433 outbuf [1024 / 4 * 3]byte
436 func (d *decoder) Read(p []byte) (n int, err error) {
437 // Use leftover decoded output from last read.
448 // This code assumes that d.r strips supported whitespace ('\r' and '\n').
451 for d.nbuf < 4 && d.readErr == nil {
459 nn, d.readErr = d.r.Read(d.buf[d.nbuf:nn])
464 if d.enc.padChar == NoPadding && d.nbuf > 0 {
465 // Decode final fragment, without padding.
467 nw, d.err = d.enc.Decode(d.outbuf[:], d.buf[:d.nbuf])
469 d.out = d.outbuf[:nw]
472 if n > 0 || len(p) == 0 && len(d.out) > 0 {
480 if d.err == io.EOF && d.nbuf > 0 {
481 d.err = io.ErrUnexpectedEOF
486 // Decode chunk into p, or d.out and then p if p is too small.
490 nw, d.err = d.enc.Decode(d.outbuf[:], d.buf[:nr])
491 d.out = d.outbuf[:nw]
495 n, d.err = d.enc.Decode(p, d.buf[:nr])
498 copy(d.buf[:d.nbuf], d.buf[nr:])
502 // Decode decodes src using the encoding enc. It writes at most
503 // DecodedLen(len(src)) bytes to dst and returns the number of bytes
504 // written. If src contains invalid base64 data, it will return the
505 // number of bytes successfully written and CorruptInputError.
506 // New line characters (\r and \n) are ignored.
507 func (enc *Encoding) Decode(dst, src []byte) (n int, err error) {
512 // Lift the nil check outside of the loop. enc.decodeMap is directly
513 // used later in this function, to let the compiler know that the
514 // receiver can't be nil.
518 for strconv.IntSize >= 64 && len(src)-si >= 8 && len(dst)-n >= 8 {
519 src2 := src[si : si+8]
520 if dn, ok := assemble64(
521 enc.decodeMap[src2[0]],
522 enc.decodeMap[src2[1]],
523 enc.decodeMap[src2[2]],
524 enc.decodeMap[src2[3]],
525 enc.decodeMap[src2[4]],
526 enc.decodeMap[src2[5]],
527 enc.decodeMap[src2[6]],
528 enc.decodeMap[src2[7]],
530 binary.BigEndian.PutUint64(dst[n:], dn)
535 si, ninc, err = enc.decodeQuantum(dst[n:], src, si)
543 for len(src)-si >= 4 && len(dst)-n >= 4 {
544 src2 := src[si : si+4]
545 if dn, ok := assemble32(
546 enc.decodeMap[src2[0]],
547 enc.decodeMap[src2[1]],
548 enc.decodeMap[src2[2]],
549 enc.decodeMap[src2[3]],
551 binary.BigEndian.PutUint32(dst[n:], dn)
556 si, ninc, err = enc.decodeQuantum(dst[n:], src, si)
566 si, ninc, err = enc.decodeQuantum(dst[n:], src, si)
575 // assemble32 assembles 4 base64 digits into 3 bytes.
576 // Each digit comes from the decode map, and will be 0xff
577 // if it came from an invalid character.
578 func assemble32(n1, n2, n3, n4 byte) (dn uint32, ok bool) {
579 // Check that all the digits are valid. If any of them was 0xff, their
580 // bitwise OR will be 0xff.
581 if n1|n2|n3|n4 == 0xff {
584 return uint32(n1)<<26 |
591 // assemble64 assembles 8 base64 digits into 6 bytes.
592 // Each digit comes from the decode map, and will be 0xff
593 // if it came from an invalid character.
594 func assemble64(n1, n2, n3, n4, n5, n6, n7, n8 byte) (dn uint64, ok bool) {
595 // Check that all the digits are valid. If any of them was 0xff, their
596 // bitwise OR will be 0xff.
597 if n1|n2|n3|n4|n5|n6|n7|n8 == 0xff {
600 return uint64(n1)<<58 |
611 type newlineFilteringReader struct {
615 func (r *newlineFilteringReader) Read(p []byte) (int, error) {
616 n, err := r.wrapped.Read(p)
619 for i, b := range p[:n] {
620 if b != '\r' && b != '\n' {
630 // Previous buffer entirely whitespace, read again
631 n, err = r.wrapped.Read(p)
636 // NewDecoder constructs a new base64 stream decoder.
637 func NewDecoder(enc *Encoding, r io.Reader) io.Reader {
638 return &decoder{enc: enc, r: &newlineFilteringReader{r}}
641 // DecodedLen returns the maximum length in bytes of the decoded data
642 // corresponding to n bytes of base64-encoded data.
643 func (enc *Encoding) DecodedLen(n int) int {
644 if enc.padChar == NoPadding {
645 // Unpadded data may end with partial block of 2-3 characters.
646 return n/4*3 + n%4*6/8
648 // Padded base64 should always be a multiple of 4 characters in length.