From 7db76d8d71a2668ecf39239da146dcaab3d369cc Mon Sep 17 00:00:00 2001
From: Sebastien SAUVAGE <sebsauvage@sebsauvage.net>
Date: Sat, 23 Feb 2013 22:44:46 +0100
Subject: [PATCH] Updated json checking.

- adapted to SJCL changed
- added entropy checking (from
https://github.com/vikstrous/ZeroBin/commit/f2ee2e8ba2f9c4cb1f16e81554c104109e202f24)

(cherry picked from commit 57e6274c64e2c99c754b63586af6b34c374fbc2b)

Conflicts:
	index.php
---
 lib/sjcl.php | 20 +++++++++++++++-----
 tst/sjcl.php | 19 +++++++++++++------
 2 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/lib/sjcl.php b/lib/sjcl.php
index 7c4ef8c6..a5130815 100644
--- a/lib/sjcl.php
+++ b/lib/sjcl.php
@@ -29,7 +29,7 @@ class sjcl
      */
     public static function isValid($encoded)
     {
-        $accepted_keys = array('iv','salt','ct');
+        $accepted_keys = array('iv','v','iter','ks','ts','mode','adata','cipher','salt','ct');
 
         // Make sure content is valid json
         $decoded = json_decode($encoded);
@@ -44,16 +44,26 @@ class sjcl
         // Make sure required fields are present and contain base64 data.
         foreach($accepted_keys as $k)
         {
-            if (!(
-                array_key_exists($k, $decoded) &&
-                $ct = base64_decode($decoded[$k], $strict=true)
-            )) return false;
+            if (!array_key_exists($k, $decoded)) return false;
         }
 
+        // Make sure some fields are base64 data.
+        if (!base64_decode($decoded['iv'], true)) return false;
+        if (!base64_decode($decoded['salt'], true)) return false;
+        if (!($ct = base64_decode($decoded['ct'], true))) return false;
+
         // Make sure some fields have a reasonable size.
         if (strlen($decoded['iv']) > 24) return false;
         if (strlen($decoded['salt']) > 14) return false;
 
+        // Make sure some fields contain no unsupported values.
+        if (!(is_int($decoded['v']) || is_float($decoded['v'])) || (float) $decoded['v'] < 1) return false;
+        if (!is_int($decoded['iter']) || $decoded['iter'] <= 100) return false;
+        if (!in_array($decoded['ks'], array(128, 192, 256), true)) return false;
+        if (!in_array($decoded['ts'], array(64, 96, 128), true)) return false;
+        if (!in_array($decoded['mode'], array('ccm', 'ocb2', 'gcm'), true)) return false;
+        if ($decoded['cipher'] !== 'aes') return false;
+
         // Reject data if entropy is too low
         if (strlen($ct) > strlen(gzdeflate($ct))) return false;
 
diff --git a/tst/sjcl.php b/tst/sjcl.php
index b90f054e..eca5f4f2 100644
--- a/tst/sjcl.php
+++ b/tst/sjcl.php
@@ -3,12 +3,19 @@ class sjclTest extends PHPUnit_Framework_TestCase
 {
     public function testSjclValidatorValidatesCorrectly()
     {
-        $this->assertTrue(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'valid sjcl');
-        $this->assertFalse(sjcl::isValid('{"iv":"$","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of iv');
-        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","salt":"$","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of salt');
+        $this->assertTrue(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'valid sjcl');
+        $this->assertFalse(sjcl::isValid('{"iv":"$","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of iv');
+        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"$","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of salt');
         $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","salt":"Gx1vA2/gQ3U","ct":"$"}'), 'invalid base64 encoding of ct');
-        $this->assertFalse(sjcl::isValid('{"iv":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'iv to long');
-        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","salt":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'salt to long');
-        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA","foo":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="}'), 'invalid additional key');
+        $this->assertFalse(sjcl::isValid('{"iv":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'iv to long');
+        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'salt to long');
+        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA","foo":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="}'), 'invalid additional key');
+        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":0.9,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'unsupported version');
+        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":100,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'not enough iterations');
+        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":127,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid key size');
+        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":63,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid tag length');
+        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"!#@","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid mode');
+        $this->assertFalse(sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"!#@","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid cipher');
+        // @note adata is not validated, except as part of the total message length
     }
 }