paste.libre-service.eu-priv.../lib/sjcl.php

75 lines
2.3 KiB
PHP
Raw Normal View History

<?php
/**
2016-07-11 11:58:15 +02:00
* PrivateBin
*
* a zero-knowledge paste bin
*
2016-07-11 11:58:15 +02:00
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.22
*/
2016-07-21 17:09:48 +02:00
namespace PrivateBin;
/**
* sjcl
*
* Provides SJCL validation function.
*/
class sjcl
{
/**
* SJCL validator
*
* Checks if a json string is a proper SJCL encrypted message.
*
* @access public
* @static
* @param string $encoded JSON
* @return bool
*/
public static function isValid($encoded)
{
$accepted_keys = array('iv','v','iter','ks','ts','mode','adata','cipher','salt','ct');
// Make sure content is valid json
$decoded = json_decode($encoded);
if (is_null($decoded)) return false;
$decoded = (array) $decoded;
// Make sure no additionnal keys were added.
if (
count(array_keys($decoded)) != count($accepted_keys)
) return false;
// Make sure required fields are present and contain base64 data.
foreach($accepted_keys as $k)
{
if (!array_key_exists($k, $decoded)) return false;
}
// Make sure some fields are base64 data.
if (!base64_decode($decoded['iv'], true)) return false;
if (!base64_decode($decoded['salt'], true)) return false;
if (!($ct = base64_decode($decoded['ct'], true))) return false;
// Make sure some fields have a reasonable size.
if (strlen($decoded['iv']) > 24) return false;
if (strlen($decoded['salt']) > 14) return false;
// Make sure some fields contain no unsupported values.
if (!(is_int($decoded['v']) || is_float($decoded['v'])) || (float) $decoded['v'] < 1) return false;
if (!is_int($decoded['iter']) || $decoded['iter'] <= 100) return false;
if (!in_array($decoded['ks'], array(128, 192, 256), true)) return false;
if (!in_array($decoded['ts'], array(64, 96, 128), true)) return false;
if (!in_array($decoded['mode'], array('ccm', 'ocb2', 'gcm'), true)) return false;
if ($decoded['cipher'] !== 'aes') return false;
// Reject data if entropy is too low
if (strlen($ct) > strlen(gzdeflate($ct))) return false;
return true;
}
}