Merge branch 'HLeithner-base58'

This commit is contained in:
El RIDO 2019-05-08 19:01:02 +02:00
commit fcf9cf63b5
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
6 changed files with 207 additions and 16 deletions

View file

@ -4,9 +4,9 @@ PrivateBin consists of PHP and JS code which was originally written by Sébastie
Sauvage in 2012 and falls unter the Zlib/libpng license. Also included are Sauvage in 2012 and falls unter the Zlib/libpng license. Also included are
libraries that fall under the GPLv2 (SJCL, rawinflate, rawdeflate), BSD libraries that fall under the GPLv2 (SJCL, rawinflate, rawdeflate), BSD
2-clause (SJCL), BSD 3-clause (base64.js version 2.1.9, Showdown), MIT 2-clause (SJCL), BSD 3-clause (base64.js version 2.1.9, Showdown), MIT
(base64.js version 1.7, Bootstrap, Identicon, random_compat), Apache (base64.js version 1.7, Bootstrap, Identicon, random_compat, composer, kjua,
(prettify.js) and CC-BY (favicon, icon, logo) licenses. All of these license base-x), Apache (prettify.js) and CC-BY (favicon, icon, logo) licenses. All of
terms can be found here below: these license terms can be found here below:
## Zlib/libpng license for PrivateBin ## Zlib/libpng license for PrivateBin
@ -30,16 +30,6 @@ the following restrictions:
3. This notice may not be removed or altered from any source distribution. 3. This notice may not be removed or altered from any source distribution.
### MIT license for kjua
Copyright (c) 2016 Lars Jung (https://larsjung.de)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
## GNU General Public License, version 2.0, for SJCL, rawdeflate and rawinflate ## GNU General Public License, version 2.0, for SJCL, rawdeflate and rawinflate
_Version 2, June 1991_ _Version 2, June 1991_
@ -517,6 +507,52 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE. THE SOFTWARE.
### MIT license for kjua
Copyright (c) 2016 Lars Jung (https://larsjung.de)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
### MIT license for base-x
Copyright (c) 2018 base-x contributors
Copyright (c) 2014-2018 The Bitcoin Core developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
## Apache License for prettify.js ## Apache License for prettify.js
_Version 2.0, January 2004_ _Version 2.0, January 2004_

151
js/base-x-3.0.5.1.js Normal file
View file

@ -0,0 +1,151 @@
// base-x encoding / decoding
// based on https://github.com/cryptocoinjs/base-x 3.0.5
// modification: removed Buffer dependency and node.modules entry
// Copyright (c) 2018 base-x contributors
// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
// Distributed under the MIT software license, see the accompanying
// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
(function(){
'use strict';
this.baseX = function base (ALPHABET) {
if (ALPHABET.length >= 255) throw new TypeError('Alphabet too long')
const BASE_MAP = new Uint8Array(256)
BASE_MAP.fill(255)
for (let i = 0; i < ALPHABET.length; i++) {
const x = ALPHABET.charAt(i)
const xc = x.charCodeAt(0)
if (BASE_MAP[xc] !== 255) throw new TypeError(x + ' is ambiguous')
BASE_MAP[xc] = i
}
const BASE = ALPHABET.length
const LEADER = ALPHABET.charAt(0)
const FACTOR = Math.log(BASE) / Math.log(256) // log(BASE) / log(256), rounded up
const iFACTOR = Math.log(256) / Math.log(BASE) // log(256) / log(BASE), rounded up
function encode (source) {
if (source.length === 0) return ''
// Skip & count leading zeroes.
let zeroes = 0
let length = 0
let pbegin = 0
const pend = source.length
while (pbegin !== pend && source[pbegin] === 0) {
pbegin++
zeroes++
}
// Allocate enough space in big-endian base58 representation.
const size = ((pend - pbegin) * iFACTOR + 1) >>> 0
const b58 = new Uint8Array(size)
// Process the bytes.
while (pbegin !== pend) {
let carry = source[pbegin]
// Apply "b58 = b58 * 256 + ch".
let i = 0
for (let it = size - 1; (carry !== 0 || i < length) && (it !== -1); it--, i++) {
carry += (256 * b58[it]) >>> 0
b58[it] = (carry % BASE) >>> 0
carry = (carry / BASE) >>> 0
}
if (carry !== 0) throw new Error('Non-zero carry')
length = i
pbegin++
}
// Skip leading zeroes in base58 result.
let it = size - length
while (it !== size && b58[it] === 0) {
it++
}
// Translate the result into a string.
let str = LEADER.repeat(zeroes)
for (; it < size; ++it) str += ALPHABET.charAt(b58[it])
return str
}
function decodeUnsafe (source) {
if (typeof source !== 'string') throw new TypeError('Expected String')
if (source.length === 0) return ''
let psz = 0
// Skip leading spaces.
if (source[psz] === ' ') return
// Skip and count leading '1's.
let zeroes = 0
let length = 0
while (source[psz] === LEADER) {
zeroes++
psz++
}
// Allocate enough space in big-endian base256 representation.
const size = (((source.length - psz) * FACTOR) + 1) >>> 0 // log(58) / log(256), rounded up.
const b256 = new Uint8Array(size)
// Process the characters.
while (source[psz]) {
// Decode character
let carry = BASE_MAP[source.charCodeAt(psz)]
// Invalid character
if (carry === 255) return
let i = 0
for (let it = size - 1; (carry !== 0 || i < length) && (it !== -1); it--, i++) {
carry += (BASE * b256[it]) >>> 0
b256[it] = (carry % 256) >>> 0
carry = (carry / 256) >>> 0
}
if (carry !== 0) throw new Error('Non-zero carry')
length = i
psz++
}
// Skip trailing spaces.
if (source[psz] === ' ') return
// Skip leading zeroes in b256.
let it = size - length
while (it !== size && b256[it] === 0) {
it++
}
var vch = [];
let j = zeroes
while (it !== size) {
vch[j++] = b256[it++]
}
return vch
}
function decode (string) {
const buffer = decodeUnsafe(string)
if (buffer) return buffer
throw new Error('Non-base' + BASE + ' character')
}
return {
encode: encode,
decodeUnsafe: decodeUnsafe,
decode: decode
}
}
}).call(this);

View file

@ -18,6 +18,7 @@ global.prettyPrint = window.PR.prettyPrint;
global.prettyPrintOne = window.PR.prettyPrintOne; global.prettyPrintOne = window.PR.prettyPrintOne;
global.showdown = require('./showdown-1.8.6'); global.showdown = require('./showdown-1.8.6');
global.DOMPurify = require('./purify-1.0.7'); global.DOMPurify = require('./purify-1.0.7');
global.baseX = require('./base-x-3.0.5.1').baseX;
require('./bootstrap-3.3.7'); require('./bootstrap-3.3.7');
require('./privatebin'); require('./privatebin');

View file

@ -643,7 +643,8 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
*/ */
me.getSymmetricKey = function() me.getSymmetricKey = function()
{ {
return sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 10), 0); var bs58 = new baseX('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
return bs58.encode(sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 10), 0));
}; };
return me; return me;

View file

@ -60,6 +60,7 @@ else:
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.5.1.js" integrity="sha512-/zL3MWKMtl1IBF0URx3laql2jUw+rWfFFabNlILY/Qm+hUsQR/XULjUyNHkW/FkrV7A0sMQ7tsppH7sj5ht8wA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/rawdeflate-0.5.js" integrity="sha512-tTdZ7qMr7tt5VQy4iCHu6/aGB12eRwbUy+AEI5rXntfsjcRfBeeqJloMsBU9FrGk1bIYLiuND/FhU42LO1bi0g==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/rawdeflate-0.5.js" integrity="sha512-tTdZ7qMr7tt5VQy4iCHu6/aGB12eRwbUy+AEI5rXntfsjcRfBeeqJloMsBU9FrGk1bIYLiuND/FhU42LO1bi0g==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/bootstrap-3.3.7.js" integrity="sha512-iztkobsvnjKfAtTNdHkGVjAYTrrtlC7mGp/54c40wowO7LhURYl3gVzzcEqGl/qKXQltJ2HwMrdLcNUdo+N/RQ==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/bootstrap-3.3.7.js" integrity="sha512-iztkobsvnjKfAtTNdHkGVjAYTrrtlC7mGp/54c40wowO7LhURYl3gVzzcEqGl/qKXQltJ2HwMrdLcNUdo+N/RQ==" crossorigin="anonymous"></script>
@ -76,7 +77,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-tRRKkyV2RYlU1b/PdUmLigAV8mAQpklblVO071AcQs5QbeUwBnK2L5zjbscm2+B2eRJ06luEisXuPowvFHN6fA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-IFu+B5qYMnATrGKpfxXw3TdUoxBV31HiaGGP76RknlT62iiugvTHikKX9yW5AxqaRd+12mefuoF80GXgoa35Tg==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

View file

@ -39,6 +39,7 @@ else:
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.5.1.js" integrity="sha512-/zL3MWKMtl1IBF0URx3laql2jUw+rWfFFabNlILY/Qm+hUsQR/XULjUyNHkW/FkrV7A0sMQ7tsppH7sj5ht8wA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/rawdeflate-0.5.js" integrity="sha512-tTdZ7qMr7tt5VQy4iCHu6/aGB12eRwbUy+AEI5rXntfsjcRfBeeqJloMsBU9FrGk1bIYLiuND/FhU42LO1bi0g==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/rawdeflate-0.5.js" integrity="sha512-tTdZ7qMr7tt5VQy4iCHu6/aGB12eRwbUy+AEI5rXntfsjcRfBeeqJloMsBU9FrGk1bIYLiuND/FhU42LO1bi0g==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
<?php <?php
@ -54,7 +55,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-tRRKkyV2RYlU1b/PdUmLigAV8mAQpklblVO071AcQs5QbeUwBnK2L5zjbscm2+B2eRJ06luEisXuPowvFHN6fA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-IFu+B5qYMnATrGKpfxXw3TdUoxBV31HiaGGP76RknlT62iiugvTHikKX9yW5AxqaRd+12mefuoF80GXgoa35Tg==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->