1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* PrivateBin |
4
|
|
|
* |
5
|
|
|
* a zero-knowledge paste bin |
6
|
|
|
* |
7
|
|
|
* @link https://github.com/PrivateBin/PrivateBin |
8
|
|
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net) |
9
|
|
|
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License |
10
|
|
|
* @version 1.1.1 |
11
|
|
|
*/ |
12
|
|
|
|
13
|
|
|
namespace PrivateBin; |
14
|
|
|
|
15
|
|
|
/** |
16
|
|
|
* Sjcl |
17
|
|
|
* |
18
|
|
|
* Provides SJCL validation function. |
19
|
|
|
*/ |
20
|
|
|
class Sjcl |
21
|
|
|
{ |
22
|
|
|
/** |
23
|
|
|
* SJCL validator |
24
|
|
|
* |
25
|
|
|
* Checks if a json string is a proper SJCL encrypted message. |
26
|
|
|
* |
27
|
|
|
* @access public |
28
|
|
|
* @static |
29
|
|
|
* @param string $encoded JSON |
30
|
|
|
* @return bool |
31
|
|
|
*/ |
32
|
49 |
|
public static function isValid($encoded) |
33
|
|
|
{ |
34
|
49 |
|
$accepted_keys = array('iv', 'v', 'iter', 'ks', 'ts', 'mode', 'adata', 'cipher', 'salt', 'ct'); |
35
|
|
|
|
36
|
|
|
// Make sure content is valid json |
37
|
49 |
|
$decoded = json_decode($encoded); |
38
|
49 |
|
if (is_null($decoded)) { |
39
|
3 |
|
return false; |
40
|
|
|
} |
41
|
46 |
|
$decoded = (array) $decoded; |
42
|
|
|
|
43
|
|
|
// Make sure no additionnal keys were added. |
44
|
|
|
if ( |
45
|
46 |
|
count(array_keys($decoded)) != count($accepted_keys) |
46
|
|
|
) { |
47
|
1 |
|
return false; |
48
|
|
|
} |
49
|
|
|
|
50
|
|
|
// Make sure required fields are present and contain base64 data. |
51
|
46 |
|
foreach ($accepted_keys as $k) { |
52
|
46 |
|
if (!array_key_exists($k, $decoded)) { |
53
|
46 |
|
return false; |
54
|
|
|
} |
55
|
|
|
} |
56
|
|
|
|
57
|
|
|
// Make sure some fields are base64 data. |
58
|
46 |
|
if (!base64_decode($decoded['iv'], true)) { |
59
|
1 |
|
return false; |
60
|
|
|
} |
61
|
46 |
|
if (!base64_decode($decoded['salt'], true)) { |
62
|
1 |
|
return false; |
63
|
|
|
} |
64
|
46 |
|
if (!($ct = base64_decode($decoded['ct'], true))) { |
65
|
1 |
|
return false; |
66
|
|
|
} |
67
|
|
|
|
68
|
|
|
// Make sure some fields have a reasonable size. |
69
|
46 |
|
if (strlen($decoded['iv']) > 24) { |
70
|
1 |
|
return false; |
71
|
|
|
} |
72
|
46 |
|
if (strlen($decoded['salt']) > 14) { |
73
|
1 |
|
return false; |
74
|
|
|
} |
75
|
|
|
|
76
|
|
|
// Make sure some fields contain no unsupported values. |
77
|
46 |
|
if (!(is_int($decoded['v']) || is_float($decoded['v'])) || (float) $decoded['v'] < 1) { |
78
|
1 |
|
return false; |
79
|
|
|
} |
80
|
46 |
|
if (!is_int($decoded['iter']) || $decoded['iter'] <= 100) { |
81
|
1 |
|
return false; |
82
|
|
|
} |
83
|
46 |
|
if (!in_array($decoded['ks'], array(128, 192, 256), true)) { |
84
|
1 |
|
return false; |
85
|
|
|
} |
86
|
46 |
|
if (!in_array($decoded['ts'], array(64, 96, 128), true)) { |
87
|
1 |
|
return false; |
88
|
|
|
} |
89
|
46 |
|
if (!in_array($decoded['mode'], array('ccm', 'ocb2', 'gcm'), true)) { |
90
|
1 |
|
return false; |
91
|
|
|
} |
92
|
46 |
|
if ($decoded['cipher'] !== 'aes') { |
93
|
1 |
|
return false; |
94
|
|
|
} |
95
|
|
|
|
96
|
|
|
// Reject data if entropy is too low |
97
|
46 |
|
if (strlen($ct) > strlen(gzdeflate($ct))) { |
98
|
1 |
|
return false; |
99
|
|
|
} |
100
|
|
|
|
101
|
46 |
|
return true; |
102
|
|
|
} |
103
|
|
|
} |
104
|
|
|
|