Renamed classes for full PSR-2 compliance, some cleanup

2016-08-09 11:54:42 +02:00
parent 6e558aab0a
commit b45bef8388
52 changed files with 1943 additions and 1505 deletions
--- a/lib/Sjcl.php
+++ b/lib/Sjcl.php
@@ -0,0 +1,103 @@
+<?php
+/**
+ * PrivateBin
+ *
+ * a zero-knowledge paste bin
+ *
+ * @link      https://github.com/PrivateBin/PrivateBin
+ * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
+ * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
+ * @version   0.22
+ */
+
+namespace PrivateBin;
+
+/**
+ * Sjcl
+ *
+ * Provides SJCL validation function.
+ */
+class Sjcl
+{
+    /**
+     * SJCL validator
+     *
+     * Checks if a json string is a proper SJCL encrypted message.
+     *
+     * @access public
+     * @static
+     * @param  string $encoded JSON
+     * @return bool
+     */
+    public static function isValid($encoded)
+    {
+        $accepted_keys = array('iv','v','iter','ks','ts','mode','adata','cipher','salt','ct');
+
+        // Make sure content is valid json
+        $decoded = json_decode($encoded);
+        if (is_null($decoded)) {
+            return false;
+        }
+        $decoded = (array) $decoded;
+
+        // Make sure no additionnal keys were added.
+        if (
+            count(array_keys($decoded)) != count($accepted_keys)
+        ) {
+            return false;
+        }
+
+        // Make sure required fields are present and contain base64 data.
+        foreach ($accepted_keys as $k) {
+            if (!array_key_exists($k, $decoded)) {
+                return false;
+            }
+        }
+
+        // Make sure some fields are base64 data.
+        if (!base64_decode($decoded['iv'], true)) {
+            return false;
+        }
+        if (!base64_decode($decoded['salt'], true)) {
+            return false;
+        }
+        if (!($ct = base64_decode($decoded['ct'], true))) {
+            return false;
+        }
+
+        // Make sure some fields have a reasonable size.
+        if (strlen($decoded['iv']) > 24) {
+            return false;
+        }
+        if (strlen($decoded['salt']) > 14) {
+            return false;
+        }
+
+        // Make sure some fields contain no unsupported values.
+        if (!(is_int($decoded['v']) || is_float($decoded['v'])) || (float) $decoded['v'] < 1) {
+            return false;
+        }
+        if (!is_int($decoded['iter']) || $decoded['iter'] <= 100) {
+            return false;
+        }
+        if (!in_array($decoded['ks'], array(128, 192, 256), true)) {
+            return false;
+        }
+        if (!in_array($decoded['ts'], array(64, 96, 128), true)) {
+            return false;
+        }
+        if (!in_array($decoded['mode'], array('ccm', 'ocb2', 'gcm'), true)) {
+            return false;
+        }
+        if ($decoded['cipher'] !== 'aes') {
+            return false;
+        }
+
+        // Reject data if entropy is too low
+        if (strlen($ct) > strlen(gzdeflate($ct))) {
+            return false;
+        }
+
+        return true;
+    }
+}