added test for entropy of cypher text
This commit is contained in:
parent
2b69a862ec
commit
0079c73a84
21
lib/sjcl.php
21
lib/sjcl.php
|
@ -36,26 +36,27 @@ class sjcl
|
||||||
if (is_null($decoded)) return false;
|
if (is_null($decoded)) return false;
|
||||||
$decoded = (array) $decoded;
|
$decoded = (array) $decoded;
|
||||||
|
|
||||||
// Make sure required fields are present and contain base64 data.
|
|
||||||
foreach($accepted_keys as $k)
|
|
||||||
{
|
|
||||||
if (!(
|
|
||||||
array_key_exists($k, $decoded) &&
|
|
||||||
base64_decode($decoded[$k], $strict=true)
|
|
||||||
)) return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Make sure no additionnal keys were added.
|
// Make sure no additionnal keys were added.
|
||||||
if (
|
if (
|
||||||
count(array_keys($decoded)) != count($accepted_keys)
|
count(array_keys($decoded)) != count($accepted_keys)
|
||||||
) return false;
|
) return false;
|
||||||
|
|
||||||
// FIXME: Reject data if entropy is too low?
|
// Make sure required fields are present and contain base64 data.
|
||||||
|
foreach($accepted_keys as $k)
|
||||||
|
{
|
||||||
|
if (!(
|
||||||
|
array_key_exists($k, $decoded) &&
|
||||||
|
$ct = base64_decode($decoded[$k], $strict=true)
|
||||||
|
)) return false;
|
||||||
|
}
|
||||||
|
|
||||||
// Make sure some fields have a reasonable size.
|
// Make sure some fields have a reasonable size.
|
||||||
if (strlen($decoded['iv']) > 24) return false;
|
if (strlen($decoded['iv']) > 24) return false;
|
||||||
if (strlen($decoded['salt']) > 14) return false;
|
if (strlen($decoded['salt']) > 14) return false;
|
||||||
|
|
||||||
|
// Reject data if entropy is too low
|
||||||
|
if (strlen($ct) > strlen(gzdeflate($ct))) return false;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue