24) { return false; } // - salt if (strlen($cipherParams[1]) > 14) { return false; } // Make sure some fields contain no unsupported values: // - version if (!(is_int($message['v']) || is_float($message['v'])) || (float) $message['v'] < 2) { return false; } // - iterations, refuse less then 10000 iterations (minimum NIST recommendation) if (!is_int($cipherParams[2]) || $cipherParams[2] <= 10000) { return false; } // - key size if (!in_array($cipherParams[3], array(128, 192, 256), true)) { return false; } // - tag size if (!in_array($cipherParams[4], array(64, 96, 128), true)) { return false; } // - algorithm, must be AES if ($cipherParams[5] !== 'aes') { return false; } // - mode if (!in_array($cipherParams[6], array('ctr', 'cbc', 'gcm'), true)) { return false; } // - compression if (!in_array($cipherParams[7], array('zlib', 'none'), true)) { return false; } // Reject data if entropy is too low if (strlen($ct) > strlen(gzdeflate($ct))) { return false; } // require only the key 'expire' in the metadata of pastes if (!$isComment && ( count($message['meta']) === 0 || !array_key_exists('expire', $message['meta']) )) { return false; } return true; } }