Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-10-11 04:48:39 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix adata security bug

Browse source
This commit is contained in:
Mike Hamburg 2012-02-27 16:36:20 -08:00
parent 205d7dea6d
commit c0d8675070
2 changed files with 18 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

15
core/convenience.js
View file

@ -23,8 +23,9 @@
rp = rp || {};
var j = sjcl.json, p = j._add({ iv: sjcl.random.randomWords(4,0) },
j.defaults), tmp, prp;
j.defaults), tmp, prp, adata;
j._add(p, params);
adata = p.adata;
if (typeof p.salt === "string") {
p.salt = sjcl.codec.base64.toBits(p.salt);
}
@ -49,6 +50,9 @@
if (typeof plaintext === "string") {
plaintext = sjcl.codec.utf8String.toBits(plaintext);
}
if (typeof adata === "string") {
adata = sjcl.codec.utf8String.toBits(adata);
}
prp = new sjcl.cipher[p.cipher](password);
/* return the json data */
@ -56,7 +60,7 @@
rp.key = password;
/* do the encryption */
p.ct = sjcl.mode[p.mode].encrypt(prp, plaintext, p.iv, p.adata, p.ts);
p.ct = sjcl.mode[p.mode].encrypt(prp, plaintext, p.iv, adata, p.ts);
return j.encode(j._subtract(p, j.defaults));
},
@ -74,7 +78,7 @@
params = params || {};
rp = rp || {};
var j = sjcl.json, p = j._add(j._add(j._add({},j.defaults),j.decode(ciphertext)), params, true), ct, tmp, prp;
var j = sjcl.json, p = j._add(j._add(j._add({},j.defaults),j.decode(ciphertext)), params, true), ct, tmp, prp, adata=p.adata;
if (typeof p.salt === "string") {
p.salt = sjcl.codec.base64.toBits(p.salt);
}
@ -97,10 +101,13 @@
password = tmp.key.slice(0,p.ks/32);
p.salt = tmp.salt;
}
if (typeof adata === "string") {
adata = sjcl.codec.utf8String.toBits(adata);
}
prp = new sjcl.cipher[p.cipher](password);
/* do the decryption */
ct = sjcl.mode[p.mode].decrypt(prp, p.ct, p.iv, p.adata, p.ts);
ct = sjcl.mode[p.mode].decrypt(prp, p.ct, p.iv, adata, p.ts);
/* return the json data */
j._add(rp, p);