Code Coverage for lib/FormatV2.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	97.78% covered (success)	97.78%	44 / 45	0.00% covered (danger)	0.00%	0 / 1	CRAP	0.00% covered (danger)	0.00%	0 / 1
FormatV2	97.78% covered (success)	97.78%	44 / 45	0.00% covered (danger)	0.00%	0 / 1	27	0.00% covered (danger)	0.00%	0 / 1
isValid	97.78% covered (success)	97.78%	44 / 45	0.00% covered (danger)	0.00%	0 / 1	27

1	<?php declare(strict_types=1);
2	/**
3	* PrivateBin
4	*
5	* a zero-knowledge paste bin
6	*
7	* @link https://github.com/PrivateBin/PrivateBin
8	* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
9	* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
10	*/
11
12	namespace PrivateBin;
13
14	/**
15	* FormatV2
16	*
17	* Provides validation function for version 2 format of pastes & comments.
18	*/
19	class FormatV2
20	{
21	/**
22	* version 2 format validator
23	*
24	* Checks if the given array is a proper version 2 formatted, encrypted message.
25	*
26	* @access public
27	* @static
28	* @param array $message
29	* @param bool $isComment
30	* @return bool
31	*/
32	public static function isValid(&$message, $isComment = false)
33	{
34	$required_keys = array('adata', 'v', 'ct');
35	if ($isComment) {
36	$required_keys[] = 'pasteid';
37	$required_keys[] = 'parentid';
38	} else {
39	$required_keys[] = 'meta';
40	}
41
42	// Make sure no additionnal keys were added.
43	if (count(array_keys($message)) != count($required_keys)) {
44	return false;
45	}
46
47	// Make sure required fields are present.
48	foreach ($required_keys as $k) {
49	if (!array_key_exists($k, $message)) {
50	return false;
51	}
52	}
53
54	// Make sure adata is an array.
55	if (!is_array($message['adata'])) {
56	return false;
57	}
58
59	$cipherParams = $isComment ? $message['adata'] : $message['adata'][0];
60
61	// Make sure some fields are base64 data:
62	// - initialization vector
63	if (!base64_decode($cipherParams[0], true)) {
64	return false;
65	}
66	// - salt
67	if (!base64_decode($cipherParams[1], true)) {
68	return false;
69	}
70	// - cipher text
71	if (!($ct = base64_decode($message['ct'], true))) {
72	return false;
73	}
74
75	// Make sure some fields have a reasonable size:
76	// - initialization vector
77	if (strlen($cipherParams[0]) > 24) {
78	return false;
79	}
80	// - salt
81	if (strlen($cipherParams[1]) > 14) {
82	return false;
83	}
84
85	// Make sure some fields contain no unsupported values:
86	// - version
87	if (!(is_int($message['v']) \|\| is_float($message['v'])) \|\| (float) $message['v'] < 2) {
88	return false;
89	}
90	// - iterations, refuse less then 10000 iterations (minimum NIST recommendation)
91	if (!is_int($cipherParams[2]) \|\| $cipherParams[2] <= 10000) {
92	return false;
93	}
94	// - key size
95	if (!in_array($cipherParams[3], array(128, 192, 256), true)) {
96	return false;
97	}
98	// - tag size
99	if (!in_array($cipherParams[4], array(64, 96, 128), true)) {
100	return false;
101	}
102	// - algorithm, must be AES
103	if ($cipherParams[5] !== 'aes') {
104	return false;
105	}
106	// - mode
107	if (!in_array($cipherParams[6], array('ctr', 'cbc', 'gcm'), true)) {
108	return false;
109	}
110	// - compression
111	if (!in_array($cipherParams[7], array('zlib', 'none'), true)) {
112	return false;
113	}
114
115	// Reject data if entropy is too low
116	if (strlen($ct) > strlen(gzdeflate($ct))) {
117	return false;
118	}
119
120	// require only the key 'expire' in the metadata of pastes
121	if (!$isComment && (
122	count($message['meta']) === 0 \|\|
123	!array_key_exists('expire', $message['meta']) \|\|
124	count($message['meta']) > 1
125	)) {
126	return false;
127	}
128
129	return true;
130	}
131	}