Expand description
base64-ng is a no_std-first Base64 encoder and decoder.
The core API provides strict RFC 4648-style behavior, caller-owned output
buffers, and an audited scalar fallback. The 1.2.x line admits selected
SIMD encode acceleration while keeping decode on the scalar foundation.
Any accelerated backend must match the scalar module byte-for-byte and pass
the documented admission evidence before dispatch can select it.
§Examples
Encode and decode with caller-owned buffers:
use base64_ng::{STANDARD, checked_encoded_len};
let input = b"hello";
const ENCODED_CAPACITY: usize = match checked_encoded_len(5, true) {
Some(len) => len,
None => panic!("encoded length overflow"),
};
let mut encoded = [0u8; ENCODED_CAPACITY];
let encoded_len = STANDARD.encode_slice(input, &mut encoded).unwrap();
assert_eq!(&encoded[..encoded_len], b"aGVsbG8=");
let mut decoded = [0u8; 5];
let decoded_len = STANDARD.decode_slice(&encoded, &mut decoded).unwrap();
assert_eq!(&decoded[..decoded_len], input);Use the URL-safe no-padding engine:
use base64_ng::URL_SAFE_NO_PAD;
let mut encoded = [0u8; 3];
let encoded_len = URL_SAFE_NO_PAD.encode_slice(b"\xfb\xff", &mut encoded).unwrap();
assert_eq!(&encoded[..encoded_len], b"-_8");§Sensitive Decode Policy
The default engines such as STANDARD and URL_SAFE_NO_PAD are strict
scalar encoders/decoders with localized diagnostics. They are not
constant-time token validators or key-material decoders: strict decode and
validation may branch or return early based on malformed input, and strict
DecodeError values can include input-derived bytes and indexes. Do not
log strict decode errors verbatim for secret-bearing input; log
DecodeError::kind instead. Use ct::STANDARD,
crate::ct::URL_SAFE_NO_PAD, or Engine::ct_decoder for secret-bearing
payloads where decode timing posture matters more than exact error indexes.
Recommended heap-owning pattern for secret-bearing standard Base64:
use base64_ng::ct;
let expected = b"session-key";
let decoded = ct::STANDARD.decode_secret(b"c2Vzc2lvbi1rZXk=").unwrap();
assert!(decoded.constant_time_eq_public_len(expected));For shared-memory, enclave-adjacent, HSM-style, or multi-principal
deployments where even transient writes into caller-owned output are
unacceptable, use ct::CtEngine::decode_slice_staged_clear_tail with a
private staging buffer.
CT behavior is best-effort and build-profile specific. Link-Time
Optimization can change generated code shape across crate boundaries, so
high-assurance deployments must rerun the dudect and generated-assembly
evidence scripts for their exact compiler, target, feature set, and release
profile before treating CT decode as acceptable.
§Zeroization Caveat
Cleanup APIs and redacted buffers use dependency-free best-effort wiping:
byte-wise volatile zero writes followed by an architecture-gated inline
assembly barrier plus a hardware store-ordering fence where stable Rust
supports it, and a compiler fence on all targets. This resists common
compiler dead-store elimination and orders the issued zero stores on native
supported architectures, but it is not a formal zeroization guarantee and
cannot clear historical copies, registers, cache lines, write buffers, swap,
hibernation images, core dumps, cold-boot remanence, or OS-level memory
snapshots.
High-assurance applications should apply their own approved zeroization
policy to caller-owned buffers at the protocol boundary. Architectures
without a native wipe barrier fail closed by default unless
allow-compiler-fence-only-wipe is enabled after platform review. On
wasm32, the wipe barrier is compiler-fence-only and cannot constrain
downstream wasm runtime JITs. For that reason, wasm32 builds fail closed
by default. Enable allow-wasm32-best-effort-wipe only when the deployment
explicitly accepts compiler-fence-only cleanup and applies its own memory
strategy.
Modules§
- ct
- Constant-time-oriented scalar decoding APIs.
- runtime
- Runtime backend reporting for security-sensitive deployments.
- stream
- Streaming Base64 wrappers for
std::io.
Macros§
- define_
alphabet - Defines a custom
Alphabetfrom a 64-byte string literal.
Structs§
- Bcrypt
- The bcrypt Base64 alphabet.
- Crypt
- The Unix
crypt(3)Base64 alphabet. - Decoded
Buffer - Stack-backed decoded Base64 output.
- Encoded
Buffer - Stack-backed encoded Base64 output.
- Engine
- A zero-sized Base64 engine parameterized by alphabet and padding policy.
- Exposed
Decoded Array - Owned stack array extracted from
DecodedBuffer. - Exposed
Encoded Array - Owned stack array extracted from
EncodedBuffer. - Exposed
Secret String - Owned secret UTF-8 text extracted from
SecretBuffer. - Exposed
Secret Vec - Owned secret bytes extracted from
SecretBuffer. - Line
Wrap - Base64 line wrapping policy.
- Profile
- A named Base64 profile with an engine and optional strict line wrapping.
- Secret
Buffer - Owned sensitive bytes with redacted formatting and drop-time cleanup.
- Standard
- The RFC 4648 standard Base64 alphabet.
- UrlSafe
- The RFC 4648 URL-safe Base64 alphabet.
Enums§
- Alphabet
Error - Alphabet validation error.
- Decode
Error - Decoding error.
- Decode
Error Kind - Redacted decoding error class.
- Encode
Error - Encoding error.
- Line
Ending - Line ending used by wrapped Base64 output.
Constants§
- BCRYPT
- bcrypt-style no-padding Base64 profile.
- BCRYPT_
NO_ PAD - bcrypt-style Base64 engine without padding.
- CRYPT
- Unix
crypt(3)-style no-padding Base64 profile. - CRYPT_
NO_ PAD - Unix
crypt(3)-style Base64 engine without padding. - MIME
- MIME Base64 profile: standard alphabet, padding, 76-column CRLF wrapping.
- PEM
- PEM Base64 profile: standard alphabet, padding, 64-column LF wrapping.
- PEM_
CRLF - PEM Base64 profile with CRLF line endings.
- STANDARD
- Standard Base64 engine with padding.
- STANDARD_
NO_ PAD - Standard Base64 engine without padding.
- URL_
SAFE - URL-safe Base64 engine with padding.
- URL_
SAFE_ NO_ PAD - URL-safe Base64 engine without padding.
Traits§
- Alphabet
- A Base64 alphabet.
Functions§
- checked_
encoded_ len - Returns the encoded length, or
Noneif it would overflowusize. - checked_
wrapped_ encoded_ len - Returns the encoded length after line wrapping, or
Noneon overflow or invalid line wrapping. - clear_
bytes - Clears caller-owned bytes with this crate’s best-effort cleanup primitive.
- constant_
time_ eq - Compares two byte slices with a public length-mismatch branch.
- constant_
time_ eq_ fixed_ width - Compares two fixed-width byte arrays without a length-mismatch branch.
- decode
- Decodes strict standard padded Base64 into an owned byte vector.
- decode_
alphabet_ byte - Decodes one byte by scanning a caller-provided alphabet table.
- decoded_
capacity - Returns the maximum decoded length for an encoded input length.
- decoded_
len - Returns the exact decoded length implied by input length and padding.
- encode
- Encodes
inputas strict standard padded Base64. - encode_
infallible - Encodes
inputas strict standard padded Base64. - encoded_
len - Returns the encoded length for an input length and padding policy.
- secure_
wipe - Best-effort dependency-free wipe for caller-owned byte slices.
- validate_
alphabet - Validates a 64-byte Base64 alphabet table.
- wrapped_
encoded_ len - Returns the encoded length after applying a line wrapping policy.