removing hex2bin to avoid having to add code for this in JS and to not introduce a dependency on paste IDs always having to be hex strings

This commit is contained in:
El RIDO 2019-06-29 11:24:25 +02:00
parent 5651c0f04e
commit 74519f6c4f
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
6 changed files with 7 additions and 26 deletions

View File

@ -664,23 +664,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/ */
let base58 = new baseX('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'); let base58 = new baseX('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
/**
* convert hexadecimal string to binary representation
*
* @name CryptTool.hex2bin
* @function
* @private
* @param {string} message hex string
* @return {string} binary representation as a DOMString
*/
function hex2bin(message) {
let result = [];
for (let i = 0, l = message.length; i < l; i += 2) {
result.push(parseInt(message.substr(i, 2), 16));
}
return String.fromCharCode.apply(String, result);
}
/** /**
* convert UTF-8 string stored in a DOMString to a standard UTF-16 DOMString * convert UTF-8 string stored in a DOMString to a standard UTF-16 DOMString
* *
@ -1014,9 +997,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
false, // may not export this false, // may not export this
['sign'] ['sign']
), ),
stringToArraybuffer( stringToArraybuffer(id)
hex2bin(id)
)
) )
) )
); );

View File

@ -117,7 +117,7 @@ class Paste extends AbstractModel
// if a challenge was sent, we store the HMAC of paste ID & challenge // if a challenge was sent, we store the HMAC of paste ID & challenge
if (array_key_exists('challenge', $this->_data['meta'])) { if (array_key_exists('challenge', $this->_data['meta'])) {
$this->_data['meta']['challenge'] = base64_encode(hash_hmac( $this->_data['meta']['challenge'] = base64_encode(hash_hmac(
'sha256', hex2bin($this->getId()), base64_decode($this->_data['meta']['challenge']), true 'sha256', $this->getId(), base64_decode($this->_data['meta']['challenge']), true
)); ));
} }

View File

@ -71,7 +71,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-o8Q/t6/gpmx6bQaHw3gru3cjOD5BLE/KdBKja73SllZo0/FuLvAjJ+40KhZ8ig/EpioP04etJtfTnNzF/isXow==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-r9MutKcgP/igbs8aUbENyJEie7LMyJ22f2On0RwGL0Hq0seJnmnPo4avDfhR0E/TZWDoux2arzxYHneH2/Ltmw==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->

View File

@ -49,7 +49,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-o8Q/t6/gpmx6bQaHw3gru3cjOD5BLE/KdBKja73SllZo0/FuLvAjJ+40KhZ8ig/EpioP04etJtfTnNzF/isXow==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-r9MutKcgP/igbs8aUbENyJEie7LMyJ22f2On0RwGL0Hq0seJnmnPo4avDfhR0E/TZWDoux2arzxYHneH2/Ltmw==" crossorigin="anonymous"></script>
<!--[if IE]> <!--[if IE]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
<![endif]--> <![endif]-->

View File

@ -814,7 +814,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadBurnAfterReadingWithToken() public function testReadBurnAfterReadingWithToken()
{ {
$token = base64_encode(hash_hmac( $token = base64_encode(hash_hmac(
'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true 'sha256', Helper::getPasteId(), random_bytes(32), true
)); ));
$burnPaste = Helper::getPaste(2, array('challenge' => $token)); $burnPaste = Helper::getPaste(2, array('challenge' => $token));
$burnPaste['adata'][3] = 1; $burnPaste['adata'][3] = 1;
@ -839,7 +839,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
public function testReadBurnAfterReadingWithIncorrectToken() public function testReadBurnAfterReadingWithIncorrectToken()
{ {
$token = base64_encode(hash_hmac( $token = base64_encode(hash_hmac(
'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true 'sha256', Helper::getPasteId(), random_bytes(32), true
)); ));
$burnPaste = Helper::getPaste(2, array('challenge' => base64_encode(random_bytes(32)))); $burnPaste = Helper::getPaste(2, array('challenge' => base64_encode(random_bytes(32))));
$burnPaste['adata'][3] = 1; $burnPaste['adata'][3] = 1;

View File

@ -277,7 +277,7 @@ class ModelTest extends PHPUnit_Framework_TestCase
$pasteData = Helper::getPastePost(); $pasteData = Helper::getPastePost();
$pasteData['meta']['challenge'] = base64_encode(random_bytes(32)); $pasteData['meta']['challenge'] = base64_encode(random_bytes(32));
$token = base64_encode(hash_hmac( $token = base64_encode(hash_hmac(
'sha256', hex2bin(Helper::getPasteId()), base64_decode($pasteData['meta']['challenge']), true 'sha256', Helper::getPasteId(), base64_decode($pasteData['meta']['challenge']), true
)); ));
$this->_model->getPaste(Helper::getPasteId())->delete(); $this->_model->getPaste(Helper::getPasteId())->delete();
$paste = $this->_model->getPaste(Helper::getPasteId()); $paste = $this->_model->getPaste(Helper::getPasteId());