From 0079c73a841ccf60eebc6c121bc9bcc1e0b0cd0e Mon Sep 17 00:00:00 2001 From: Simon Rupf Date: Sat, 8 Sep 2012 19:52:44 +0200 Subject: [PATCH] added test for entropy of cypher text --- lib/sjcl.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/lib/sjcl.php b/lib/sjcl.php index 9bfe1fdb..7c4ef8c6 100644 --- a/lib/sjcl.php +++ b/lib/sjcl.php @@ -36,26 +36,27 @@ class sjcl if (is_null($decoded)) return false; $decoded = (array) $decoded; - // Make sure required fields are present and contain base64 data. - foreach($accepted_keys as $k) - { - if (!( - array_key_exists($k, $decoded) && - base64_decode($decoded[$k], $strict=true) - )) return false; - } - // Make sure no additionnal keys were added. if ( count(array_keys($decoded)) != count($accepted_keys) ) return false; - // FIXME: Reject data if entropy is too low? + // Make sure required fields are present and contain base64 data. + foreach($accepted_keys as $k) + { + if (!( + array_key_exists($k, $decoded) && + $ct = base64_decode($decoded[$k], $strict=true) + )) return false; + } // Make sure some fields have a reasonable size. if (strlen($decoded['iv']) > 24) return false; if (strlen($decoded['salt']) > 14) return false; + // Reject data if entropy is too low + if (strlen($ct) > strlen(gzdeflate($ct))) return false; + return true; } }