From 74519f6c4f2b5ed0ce39abea9207a35aa7641d9e Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sat, 29 Jun 2019 11:24:25 +0200 Subject: [PATCH] removing hex2bin to avoid having to add code for this in JS and to not introduce a dependency on paste IDs always having to be hex strings --- js/privatebin.js | 21 +-------------------- lib/Model/Paste.php | 2 +- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- tst/ControllerTest.php | 4 ++-- tst/ModelTest.php | 2 +- 6 files changed, 7 insertions(+), 26 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index e930845f..cb0e7ab9 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -664,23 +664,6 @@ jQuery.PrivateBin = (function($, RawDeflate) { */ let base58 = new baseX('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'); - /** - * convert hexadecimal string to binary representation - * - * @name CryptTool.hex2bin - * @function - * @private - * @param {string} message hex string - * @return {string} binary representation as a DOMString - */ - function hex2bin(message) { - let result = []; - for (let i = 0, l = message.length; i < l; i += 2) { - result.push(parseInt(message.substr(i, 2), 16)); - } - return String.fromCharCode.apply(String, result); - } - /** * convert UTF-8 string stored in a DOMString to a standard UTF-16 DOMString * @@ -1014,9 +997,7 @@ jQuery.PrivateBin = (function($, RawDeflate) { false, // may not export this ['sign'] ), - stringToArraybuffer( - hex2bin(id) - ) + stringToArraybuffer(id) ) ) ); diff --git a/lib/Model/Paste.php b/lib/Model/Paste.php index 88ab41d9..ed98f212 100644 --- a/lib/Model/Paste.php +++ b/lib/Model/Paste.php @@ -117,7 +117,7 @@ class Paste extends AbstractModel // if a challenge was sent, we store the HMAC of paste ID & challenge if (array_key_exists('challenge', $this->_data['meta'])) { $this->_data['meta']['challenge'] = base64_encode(hash_hmac( - 'sha256', hex2bin($this->getId()), base64_decode($this->_data['meta']['challenge']), true + 'sha256', $this->getId(), base64_decode($this->_data['meta']['challenge']), true )); } diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index d336e791..f6011437 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -71,7 +71,7 @@ if ($MARKDOWN): endif; ?> - + diff --git a/tpl/page.php b/tpl/page.php index e70a319c..d70c59b3 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -49,7 +49,7 @@ if ($MARKDOWN): endif; ?> - + diff --git a/tst/ControllerTest.php b/tst/ControllerTest.php index 87d0e893..daba8f1f 100644 --- a/tst/ControllerTest.php +++ b/tst/ControllerTest.php @@ -814,7 +814,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase public function testReadBurnAfterReadingWithToken() { $token = base64_encode(hash_hmac( - 'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true + 'sha256', Helper::getPasteId(), random_bytes(32), true )); $burnPaste = Helper::getPaste(2, array('challenge' => $token)); $burnPaste['adata'][3] = 1; @@ -839,7 +839,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase public function testReadBurnAfterReadingWithIncorrectToken() { $token = base64_encode(hash_hmac( - 'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true + 'sha256', Helper::getPasteId(), random_bytes(32), true )); $burnPaste = Helper::getPaste(2, array('challenge' => base64_encode(random_bytes(32)))); $burnPaste['adata'][3] = 1; diff --git a/tst/ModelTest.php b/tst/ModelTest.php index 8a7a581f..4a40a25a 100644 --- a/tst/ModelTest.php +++ b/tst/ModelTest.php @@ -277,7 +277,7 @@ class ModelTest extends PHPUnit_Framework_TestCase $pasteData = Helper::getPastePost(); $pasteData['meta']['challenge'] = base64_encode(random_bytes(32)); $token = base64_encode(hash_hmac( - 'sha256', hex2bin(Helper::getPasteId()), base64_decode($pasteData['meta']['challenge']), true + 'sha256', Helper::getPasteId(), base64_decode($pasteData['meta']['challenge']), true )); $this->_model->getPaste(Helper::getPasteId())->delete(); $paste = $this->_model->getPaste(Helper::getPasteId());