From 3338bd792e31cd7e914125ab8e6d9f79d5f17ea5 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Fri, 3 May 2019 23:03:57 +0200 Subject: [PATCH] implement version 2 format validation, changing ID checksum algorithm, resolves #49 --- lib/Controller.php | 8 +- lib/FormatV2.php | 114 ++++++++++++++++++++++++++ lib/Model/AbstractModel.php | 9 +- lib/Model/Comment.php | 4 +- lib/Model/Paste.php | 6 +- lib/Sjcl.php | 103 ----------------------- tst/Bootstrap.php | 2 +- tst/FormatV2Test.php | 71 ++++++++++++++++ tst/ModelTest.php | 64 +++++++-------- tst/SjclTest.php | 33 -------- vendor/composer/autoload_classmap.php | 2 +- vendor/composer/autoload_static.php | 2 +- 12 files changed, 233 insertions(+), 185 deletions(-) create mode 100644 lib/FormatV2.php delete mode 100644 lib/Sjcl.php create mode 100644 tst/FormatV2Test.php delete mode 100644 tst/SjclTest.php diff --git a/lib/Controller.php b/lib/Controller.php index d494c4b9..810fd1a7 100644 --- a/lib/Controller.php +++ b/lib/Controller.php @@ -177,16 +177,16 @@ class Controller * Store new paste or comment * * POST contains one or both: - * data = json encoded SJCL encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct) - * attachment = json encoded SJCL encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct) + * data = json encoded FormatV2 encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct) + * attachment = json encoded FormatV2 encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct) * * All optional data will go to meta information: * expire (optional) = expiration delay (never,5min,10min,1hour,1day,1week,1month,1year,burn) (default:never) * formatter (optional) = format to display the paste as (plaintext,syntaxhighlighting,markdown) (default:syntaxhighlighting) * burnafterreading (optional) = if this paste may only viewed once ? (0/1) (default:0) * opendiscusssion (optional) = is the discussion allowed on this paste ? (0/1) (default:0) - * attachmentname = json encoded SJCL encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct) - * nickname (optional) = in discussion, encoded SJCL encrypted text nickname of author of comment (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct) + * attachmentname = json encoded FormatV2 encrypted text (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct) + * nickname (optional) = in discussion, encoded FormatV2 encrypted text nickname of author of comment (containing keys: iv,v,iter,ks,ts,mode,adata,cipher,salt,ct) * parentid (optional) = in discussion, which comment this comment replies to. * pasteid (optional) = in discussion, which paste this comment belongs to. * diff --git a/lib/FormatV2.php b/lib/FormatV2.php new file mode 100644 index 00000000..ea0c78ff --- /dev/null +++ b/lib/FormatV2.php @@ -0,0 +1,114 @@ + 24) { + return false; + } + // - salt + if (strlen($message['adata'][0][1]) > 14) { + return false; + } + + // Make sure some fields contain no unsupported values: + // - version + if (!(is_int($message['v']) || is_float($message['v'])) || (float) $message['v'] < 2) { + return false; + } + // - iterations, refuse less then 10000 iterations (minimum NIST recommendation) + if (!is_int($message['adata'][0][2]) || $message['adata'][0][2] <= 10000) { + return false; + } + // - key size + if (!in_array($message['adata'][0][3], array(128, 192, 256), true)) { + return false; + } + // - tag size + if (!in_array($message['adata'][0][4], array(64, 96, 128), true)) { + return false; + } + // - algorithm, must be AES + if ($message['adata'][0][5] !== 'aes') { + return false; + } + // - mode + if (!in_array($message['adata'][0][6], array('ctr', 'cbc', 'gcm'), true)) { + return false; + } + // - compression + if (!in_array($message['adata'][0][7], array('zlib', 'none'), true)) { + return false; + } + + // Reject data if entropy is too low + if (strlen($ct) > strlen(gzdeflate($ct))) { + return false; + } + + return true; + } +} diff --git a/lib/Model/AbstractModel.php b/lib/Model/AbstractModel.php index 8737a03d..24559b99 100644 --- a/lib/Model/AbstractModel.php +++ b/lib/Model/AbstractModel.php @@ -15,7 +15,7 @@ namespace PrivateBin\Model; use Exception; use PrivateBin\Configuration; use PrivateBin\Data\AbstractData; -use PrivateBin\Sjcl; +use PrivateBin\FormatV2; use stdClass; /** @@ -107,14 +107,13 @@ abstract class AbstractModel */ public function setData($data) { - if (!Sjcl::isValid($data)) { + if (!FormatV2::isValid($data)) { throw new Exception('Invalid data.', 61); } $this->_data->data = $data; - // We just want a small hash to avoid collisions: - // Half-MD5 (64 bits) will do the trick - $this->setId(substr(hash('md5', $data), 0, 16)); + // calculate a 64 bit checksum to avoid collisions + $this->setId(hash('fnv1a64', $data['ct'])); } /** diff --git a/lib/Model/Comment.php b/lib/Model/Comment.php index 101335cb..5fbc502d 100644 --- a/lib/Model/Comment.php +++ b/lib/Model/Comment.php @@ -15,7 +15,7 @@ namespace PrivateBin\Model; use Exception; use Identicon\Identicon; use PrivateBin\Persistence\TrafficLimiter; -use PrivateBin\Sjcl; +use PrivateBin\FormatV2; use PrivateBin\Vizhash16x16; /** @@ -183,7 +183,7 @@ class Comment extends AbstractModel */ public function setNickname($nickname) { - if (!Sjcl::isValid($nickname)) { + if (!FormatV2::isValid($nickname)) { throw new Exception('Invalid data.', 66); } $this->_data->meta->nickname = $nickname; diff --git a/lib/Model/Paste.php b/lib/Model/Paste.php index 3b57b87f..f68e8e61 100644 --- a/lib/Model/Paste.php +++ b/lib/Model/Paste.php @@ -15,7 +15,7 @@ namespace PrivateBin\Model; use Exception; use PrivateBin\Controller; use PrivateBin\Persistence\ServerSalt; -use PrivateBin\Sjcl; +use PrivateBin\FormatV2; /** * Paste @@ -195,7 +195,7 @@ class Paste extends AbstractModel */ public function setAttachment($attachment) { - if (!$this->_conf->getKey('fileupload') || !Sjcl::isValid($attachment)) { + if (!$this->_conf->getKey('fileupload') || !FormatV2::isValid($attachment)) { throw new Exception('Invalid attachment.', 71); } $this->_data->meta->attachment = $attachment; @@ -210,7 +210,7 @@ class Paste extends AbstractModel */ public function setAttachmentName($attachmentname) { - if (!$this->_conf->getKey('fileupload') || !Sjcl::isValid($attachmentname)) { + if (!$this->_conf->getKey('fileupload') || !FormatV2::isValid($attachmentname)) { throw new Exception('Invalid attachment.', 72); } $this->_data->meta->attachmentname = $attachmentname; diff --git a/lib/Sjcl.php b/lib/Sjcl.php deleted file mode 100644 index c3bd7bf0..00000000 --- a/lib/Sjcl.php +++ /dev/null @@ -1,103 +0,0 @@ - 24) { - return false; - } - if (strlen($decoded['salt']) > 14) { - return false; - } - - // Make sure some fields contain no unsupported values. - if (!(is_int($decoded['v']) || is_float($decoded['v'])) || (float) $decoded['v'] < 1) { - return false; - } - if (!is_int($decoded['iter']) || $decoded['iter'] <= 100) { - return false; - } - if (!in_array($decoded['ks'], array(128, 192, 256), true)) { - return false; - } - if (!in_array($decoded['ts'], array(64, 96, 128), true)) { - return false; - } - if (!in_array($decoded['mode'], array('ccm', 'ocb2', 'gcm'), true)) { - return false; - } - if ($decoded['cipher'] !== 'aes') { - return false; - } - - // Reject data if entropy is too low - if (strlen($ct) > strlen(gzdeflate($ct))) { - return false; - } - - return true; - } -} diff --git a/tst/Bootstrap.php b/tst/Bootstrap.php index b0a80f6c..076b04bc 100644 --- a/tst/Bootstrap.php +++ b/tst/Bootstrap.php @@ -28,7 +28,7 @@ class Helper * * @var string */ - private static $pasteid = '5e9bc25c89fb3bf9'; + private static $pasteid = '5b65a01b43987bc2'; /** * example paste version 1 diff --git a/tst/FormatV2Test.php b/tst/FormatV2Test.php new file mode 100644 index 00000000..c42c117d --- /dev/null +++ b/tst/FormatV2Test.php @@ -0,0 +1,71 @@ +assertTrue(FormatV2::isValid(Helper::getPaste()), 'valid format'); + $this->assertTrue(FormatV2::isValid(Helper::getComment(), true), 'valid format'); + + $paste = Helper::getPaste(); + $paste['adata'][0][0] = '$'; + $this->assertFalse(FormatV2::isValid($paste), 'invalid base64 encoding of iv'); + + $paste = Helper::getPaste(); + $paste['adata'][0][1] = '$'; + $this->assertFalse(FormatV2::isValid($paste), 'invalid base64 encoding of salt'); + + $paste = Helper::getPaste(); + $paste['ct'] = '$'; + $this->assertFalse(FormatV2::isValid($paste), 'invalid base64 encoding of ct'); + + $paste = Helper::getPaste(); + $paste['ct'] = 'bm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhCg=='; + $this->assertFalse(FormatV2::isValid($paste), 'low ct entropy'); + + $paste = Helper::getPaste(); + $paste['adata'][0][0] = 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTA='; + $this->assertFalse(FormatV2::isValid($paste), 'iv too long'); + + $paste = Helper::getPaste(); + $paste['adata'][0][1] = 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTA='; + $this->assertFalse(FormatV2::isValid($paste), 'salt too long'); + + $paste = Helper::getPaste(); + $paste['foo'] = 'bar'; + $this->assertFalse(FormatV2::isValid($paste), 'invalid additional key'); + unset($paste['meta']); + $this->assertFalse(FormatV2::isValid($paste), 'invalid missing key'); + + $paste = Helper::getPaste(); + $paste['v'] = 0.9; + $this->assertFalse(FormatV2::isValid($paste), 'unsupported version'); + + $paste = Helper::getPaste(); + $paste['adata'][0][2] = 1000; + $this->assertFalse(FormatV2::isValid($paste), 'not enough iterations'); + + $paste = Helper::getPaste(); + $paste['adata'][0][3] = 127; + $this->assertFalse(FormatV2::isValid($paste), 'invalid key size'); + + $paste = Helper::getPaste(); + $paste['adata'][0][4] = 63; + $this->assertFalse(FormatV2::isValid($paste), 'invalid tag length'); + + $paste = Helper::getPaste(); + $paste['adata'][0][5] = '!#@'; + $this->assertFalse(FormatV2::isValid($paste), 'invalid algorithm'); + + $paste = Helper::getPaste(); + $paste['adata'][0][6] = '!#@'; + $this->assertFalse(FormatV2::isValid($paste), 'invalid mode'); + + $paste = Helper::getPaste(); + $paste['adata'][0][7] = '!#@'; + $this->assertFalse(FormatV2::isValid($paste), 'invalid compression'); + + } +} diff --git a/tst/ModelTest.php b/tst/ModelTest.php index a41ed005..8e258f9f 100644 --- a/tst/ModelTest.php +++ b/tst/ModelTest.php @@ -60,15 +60,15 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->assertFalse($paste->exists(), 'paste does not yet exist'); $paste = $this->_model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setOpendiscussion(); - $paste->setFormatter($pasteData['meta']['formatter']); + $paste->setFormatter($pasteData['adata'][1]); $paste->store(); $paste = $this->_model->getPaste(Helper::getPasteId()); $this->assertTrue($paste->exists(), 'paste exists after storing it'); $paste = $paste->get(); - $this->assertEquals($pasteData['data'], $paste->data); + $this->assertEquals($pasteData, $paste->data); foreach (array('opendiscussion', 'formatter') as $key) { $this->assertEquals($pasteData['meta'][$key], $paste->meta->$key); } @@ -80,7 +80,7 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->assertFalse($comment->exists(), 'comment does not yet exist'); $comment = $paste->getComment(Helper::getPasteId()); - $comment->setData($commentData['data']); + $comment->setData($commentData); $comment->setNickname($commentData['meta']['nickname']); $comment->getParentId(); $comment->store(); @@ -88,7 +88,7 @@ class ModelTest extends PHPUnit_Framework_TestCase $comment = $paste->getComment(Helper::getPasteId(), Helper::getCommentId()); $this->assertTrue($comment->exists(), 'comment exists after storing it'); $comment = $comment->get(); - $this->assertEquals($commentData['data'], $comment->data); + $this->assertEquals($commentData, $comment->data); $this->assertEquals($commentData['meta']['nickname'], $comment->meta->nickname); // deleting pastes @@ -108,15 +108,15 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->_model->getPaste(Helper::getPasteId())->delete(); $paste = $this->_model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setOpendiscussion(); - $paste->setFormatter($pasteData['meta']['formatter']); + $paste->setFormatter($pasteData['adata'][1]); $paste->store(); $paste = $this->_model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setOpendiscussion(); - $paste->setFormatter($pasteData['meta']['formatter']); + $paste->setFormatter($pasteData['adata'][1]); $paste->store(); } @@ -131,18 +131,18 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->_model->getPaste(Helper::getPasteId())->delete(); $paste = $this->_model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setOpendiscussion(); - $paste->setFormatter($pasteData['meta']['formatter']); + $paste->setFormatter($pasteData['adata'][1]); $paste->store(); $comment = $paste->getComment(Helper::getPasteId()); - $comment->setData($commentData['data']); + $comment->setData($commentData); $comment->setNickname($commentData['meta']['nickname']); $comment->store(); $comment = $paste->getComment(Helper::getPasteId()); - $comment->setData($commentData['data']); + $comment->setData($commentData); $comment->setNickname($commentData['meta']['nickname']); $comment->store(); } @@ -154,7 +154,7 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->_model->getPaste(Helper::getPasteId())->delete(); $paste = $this->_model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setBurnafterreading(); $paste->setOpendiscussion(); // not setting a formatter, should use default one @@ -167,13 +167,13 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->_model->getPaste(Helper::getPasteId())->delete(); $paste = $this->_model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setBurnafterreading('0'); $paste->setOpendiscussion(); $paste->store(); $comment = $paste->getComment(Helper::getPasteId()); - $comment->setData($commentData['data']); + $comment->setData($commentData); $comment->setNickname($commentData['meta']['nickname']); $comment->store(); @@ -208,7 +208,7 @@ class ModelTest extends PHPUnit_Framework_TestCase public function testInvalidData() { $paste = $this->_model->getPaste(); - $paste->setData(''); + $paste->setData(array()); } /** @@ -229,7 +229,7 @@ class ModelTest extends PHPUnit_Framework_TestCase { $pasteData = Helper::getPaste(); $paste = $this->_model->getPaste(Helper::getPasteId()); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->store(); $comment = $paste->getComment(Helper::getPasteId()); @@ -245,7 +245,7 @@ class ModelTest extends PHPUnit_Framework_TestCase { $pasteData = Helper::getPaste(); $paste = $this->_model->getPaste(Helper::getPasteId()); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->store(); $comment = $paste->getComment(Helper::getPasteId()); @@ -260,7 +260,7 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->assertFalse($paste->exists(), 'paste does not yet exist'); $paste = $this->_model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setExpiration('5min'); // = 300 seconds $paste->store(); @@ -278,7 +278,7 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->_model->getPaste(Helper::getPasteId())->delete(); $paste = $this->_model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->store(); $paste->getComment(Helper::getPasteId())->delete(); } @@ -336,15 +336,15 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->assertFalse($paste->exists(), 'paste does not yet exist'); $paste = $model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setOpendiscussion(); - $paste->setFormatter($pasteData['meta']['formatter']); + $paste->setFormatter($pasteData['adata'][1]); $paste->store(); $paste = $model->getPaste(Helper::getPasteId()); $this->assertTrue($paste->exists(), 'paste exists after storing it'); $paste = $paste->get(); - $this->assertEquals($pasteData['data'], $paste->data); + $this->assertEquals($pasteData, $paste->data); foreach (array('opendiscussion', 'formatter') as $key) { $this->assertEquals($pasteData['meta'][$key], $paste->meta->$key); } @@ -356,14 +356,14 @@ class ModelTest extends PHPUnit_Framework_TestCase $this->assertFalse($comment->exists(), 'comment does not yet exist'); $comment = $paste->getComment(Helper::getPasteId()); - $comment->setData($commentData['data']); + $comment->setData($commentData); $comment->setNickname($commentData['meta']['nickname']); $comment->store(); $comment = $paste->getComment(Helper::getPasteId(), Helper::getCommentId()); $this->assertTrue($comment->exists(), 'comment exists after storing it'); $comment = $comment->get(); - $this->assertEquals($commentData['data'], $comment->data); + $this->assertEquals($commentData, $comment->data); $this->assertEquals($commentData['meta']['nickname'], $comment->meta->nickname); $this->assertFalse(property_exists($comment->meta, 'vizhash'), 'vizhash was not generated'); } @@ -389,13 +389,13 @@ class ModelTest extends PHPUnit_Framework_TestCase $model->getPaste(Helper::getPasteId())->delete(); $paste = $model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setOpendiscussion(); - $paste->setFormatter($pasteData['meta']['formatter']); + $paste->setFormatter($pasteData['adata'][1]); $paste->store(); $comment = $paste->getComment(Helper::getPasteId()); - $comment->setData($commentData['data']); + $comment->setData($commentData); $comment->setNickname($commentData['meta']['nickname']); $comment->store(); @@ -426,13 +426,13 @@ class ModelTest extends PHPUnit_Framework_TestCase $model->getPaste(Helper::getPasteId())->delete(); $paste = $model->getPaste(); - $paste->setData($pasteData['data']); + $paste->setData($pasteData); $paste->setOpendiscussion(); - $paste->setFormatter($pasteData['meta']['formatter']); + $paste->setFormatter($pasteData['adata'][1]); $paste->store(); $comment = $paste->getComment(Helper::getPasteId()); - $comment->setData($commentData['data']); + $comment->setData($commentData); $comment->setNickname($commentData['meta']['nickname']); $comment->store(); diff --git a/tst/SjclTest.php b/tst/SjclTest.php deleted file mode 100644 index a9d947ec..00000000 --- a/tst/SjclTest.php +++ /dev/null @@ -1,33 +0,0 @@ -assertTrue(Sjcl::isValid($paste['data']), 'valid sjcl'); - $this->assertTrue(Sjcl::isValid($paste['attachment']), 'valid sjcl'); - $this->assertTrue(Sjcl::isValid($paste['attachmentname']), 'valid sjcl'); - $this->assertTrue(Sjcl::isValid(Helper::getComment()['data']), 'valid sjcl'); - - $this->assertTrue(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'valid sjcl'); - $this->assertFalse(Sjcl::isValid('{"iv":"$","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of iv'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"$","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of salt'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"$"}'), 'invalid base64 encoding of ct'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"bm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhCg=="}'), 'low ct entropy'); - $this->assertFalse(Sjcl::isValid('{"iv":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'iv to long'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'salt to long'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA","foo":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="}'), 'invalid additional key'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":0.9,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'unsupported version'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":100,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'not enough iterations'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":127,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid key size'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":63,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid tag length'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"!#@","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid mode'); - $this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"!#@","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid cipher'); - // @note adata is not validated, except as part of the total message length - } -} diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php index 2a560ae6..a6fef519 100644 --- a/vendor/composer/autoload_classmap.php +++ b/vendor/composer/autoload_classmap.php @@ -29,7 +29,7 @@ return array( 'PrivateBin\\Persistence\\ServerSalt' => $baseDir . '/lib/Persistence/ServerSalt.php', 'PrivateBin\\Persistence\\TrafficLimiter' => $baseDir . '/lib/Persistence/TrafficLimiter.php', 'PrivateBin\\Request' => $baseDir . '/lib/Request.php', - 'PrivateBin\\Sjcl' => $baseDir . '/lib/Sjcl.php', + 'PrivateBin\\FormatV2' => $baseDir . '/lib/FormatV2.php', 'PrivateBin\\View' => $baseDir . '/lib/View.php', 'PrivateBin\\Vizhash16x16' => $baseDir . '/lib/Vizhash16x16.php', ); diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php index 1f260993..aaf90cc2 100644 --- a/vendor/composer/autoload_static.php +++ b/vendor/composer/autoload_static.php @@ -58,7 +58,7 @@ class ComposerStaticInitDontChange 'PrivateBin\\Persistence\\ServerSalt' => __DIR__ . '/../..' . '/lib/Persistence/ServerSalt.php', 'PrivateBin\\Persistence\\TrafficLimiter' => __DIR__ . '/../..' . '/lib/Persistence/TrafficLimiter.php', 'PrivateBin\\Request' => __DIR__ . '/../..' . '/lib/Request.php', - 'PrivateBin\\Sjcl' => __DIR__ . '/../..' . '/lib/Sjcl.php', + 'PrivateBin\\FormatV2' => __DIR__ . '/../..' . '/lib/FormatV2.php', 'PrivateBin\\View' => __DIR__ . '/../..' . '/lib/View.php', 'PrivateBin\\Vizhash16x16' => __DIR__ . '/../..' . '/lib/Vizhash16x16.php', );