"sodium.from_base64" accepts invalid encodings

[bennycode]

The sodium.from_base64 decoder tolerates invalid Base64 encodings. Here is an example with an invalid input which has characters applied after the suffix code:

var invalidEncoding = "d2lyZQ==*** ??? ***";
var decoded = sodium.from_base64(invalidEncoding);
console.log(sodium.to_string(decoded)); // "wire"

It is generally safer to reject non-Base64 characters than tolerating them.

As section 3.3 of RFC 4648 explains:

Non-alphabet characters may be exploited as a "covert channel", where non-protocol data can be sent for nefarious purposes.

[jedisct1]

The whole base64 code is a complete horror. Which is why it was never documented.

I'll try to rewrite that soon.

[buu700]

Would it make sense to use https://github.com/beatgammit/base64-js? No clue how it compares it terms of strictness/correctness, but I briefly played around with it earlier today after seeing it recommended by MDN and was surprised to see that it was about an order of magnitude faster with my test input (which was only a few ms difference and may not hold true for all inputs).

[jedisct1]

Nope, it wouldn't make sense. If a Base64 codec is added, it has to be constant-time for a given data length, at least to be consistent with the hex codec.

[buu700]

Ahh, got it, that makes sense.

[bennycode]

@jedisct1: Wishing you a happy new year! 🎉 Did you have any chance to look into the Base64 rewrite or has it been already done?

[jedisct1]

It's been done a long time ago :) It just uses the native libsodium functions.

[bennycode]

Greeeeat! So we will update our libsodium.js version. 😃