wok rev 12953
zerobin: append '=' to forced key
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Thu May 31 13:45:40 2012 +0200 (2012-05-31) |
parents | 6e3357a7a120 |
children | 40e40789b998 |
files | zerobin/stuff/zerobin.js zerobin/stuff/zerobin.u |
line diff
1.1 --- a/zerobin/stuff/zerobin.js Thu May 31 13:01:06 2012 +0200 1.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 1.3 @@ -1,216 +0,0 @@ 1.4 -/* ZeroBin 0.11 - http://sebsauvage.net/wiki/doku.php?id=php:zerobin */ 1.5 - 1.6 -// Compress a message (deflate compression). Returns base64 encoded data. 1.7 -function compress(message) { return Base64.toBase64(RawDeflate.deflate(Base64.utob(message))); } 1.8 - 1.9 -// Decompress a message compressed with compress(). 1.10 -function decompress(data) { return Base64.btou(RawDeflate.inflate(Base64.fromBase64(data))) } 1.11 - 1.12 -/* 1.13 - Encrypt the message with a random key. 1.14 - Output: An array with two items: 1.15 - 'data' (string) : json encoded data to store on server side (containing ciphertext,iv and salt) 1.16 - 'key' (string: the key (encoded in base64) to be kept on client side. 1.17 - 1.18 - Example: 1.19 - c = randomCipher("Hello, world !"); 1.20 - document.write("Data for server side: "); 1.21 - document.write(c.data); 1.22 - document.write('<br>Key at client side: '); 1.23 - document.write(c.key); 1.24 - Output: 1.25 - Data for server side: {"iv":"a6ZEUEtK2jNcGsdIsKKj9g","salt":"/7wDPD4JRik","ct":"qdD97HChan6B9OShjfBDmQKbw8/1ehdO1u/KbC/r85c"} 1.26 - Key at client side: VjxODsAaUwar6LJOcc0yaknnUr5XHeg/m7Sn5UF+TC4= 1.27 -*/ 1.28 -function randomCipher(message) 1.29 -{ 1.30 - var randomkey = (window.location.hash.length > 2) ? 1.31 - // force key 1.32 - window.location.hash.substring(1) : 1.33 - // Generate a random 256 bits key, encoded in base64: 1.34 - sjcl.codec.base64.fromBits(sjcl.random.randomWords(8,0),0); 1.35 - var data = sjcl.encrypt(sjcl.misc.pbkdf2(randomkey,0),compress(message)); 1.36 - return {'data':data,'key':randomkey}; 1.37 -} 1.38 - 1.39 -// Decrypts data encrypted with randomCipher() 1.40 -function randomDecipher(key,data) 1.41 -{ 1.42 - return decompress(sjcl.decrypt(sjcl.misc.pbkdf2(key,0),data)); 1.43 -} 1.44 - 1.45 -// Returns the current script location (without search or hash part of the URL). 1.46 -// eg. http://server.com/zero/?aaaa#bbbb --> http://server.com/zero/ 1.47 -function scriptLocation() 1.48 -{ 1.49 - return window.location.href.substring(0,window.location.href.length 1.50 - -window.location.search.length -window.location.hash.length); 1.51 -} 1.52 - 1.53 -// Show decrypted text in the display area 1.54 -function displayCleartext(text) 1.55 -{ 1.56 - if ($('#oldienotice').is(":visible")) // For IE<10. 1.57 - { 1.58 - // IE<10 do not support white-space:pre-wrap; so we have to do this BIG UGLY STINKING THING. 1.59 - $('#cleartext').text(text.replace(/\n/ig,'{BIG_UGLY_STINKING_THING__OH_GOD_I_HATE_IE}')); 1.60 - $('#cleartext').html($('#cleartext').text().replace(/{BIG_UGLY_STINKING_THING__OH_GOD_I_HATE_IE}/ig,"\r\n<br>")); 1.61 - } 1.62 - else // for other (sane) browsers: 1.63 - { 1.64 - $('#cleartext').text(text); 1.65 - } 1.66 - urls2links($('#cleartext')); // Convert URLs to clickable links. 1.67 -} 1.68 - 1.69 -// Send data to server 1.70 -function send_data() 1.71 -{ 1.72 - if ($('#message').val().length==0) return; // Do not send if no data. 1.73 - showStatus('Sending data...'); 1.74 - var c=randomCipher($('#message').val()); 1.75 - $.post(scriptLocation(), { data:c.data,expire:$('select#pasteExpiration').val() },'json' ) 1.76 - .error( function() { showError('Data could not be sent.'); } ) 1.77 - .success(function(data) 1.78 - { 1.79 - var jdata = jQuery.parseJSON(data); 1.80 - if (data.status==0) 1.81 - { 1.82 - stateExistingPaste(); 1.83 - var url=scriptLocation()+"?"+data.id+'#'+c.key; 1.84 - showStatus(''); 1.85 - $('#pastelink').html('Your paste is <a href="'+url+'">'+url+'</a>'); 1.86 - $('#pastelink').append(' <button id="shortenbutton" onclick="document.location=\''+shortenUrl(url)+'\'"><img src="lib/icon_shorten.png#" width="13" height="15" />Shorten URL</button>'); 1.87 - $('#pastelink').show(); 1.88 - displayCleartext($('#message').val()); 1.89 - } 1.90 - else if (data.status==1) 1.91 - { 1.92 - showError('Could not create paste: '+data.message); 1.93 - } 1.94 - else 1.95 - { 1.96 - showError('Could not create paste.'); 1.97 - } 1.98 - } 1.99 - ); 1.100 -} 1.101 - 1.102 -// Put the screen in "New paste" mode. 1.103 -function stateNewPaste() 1.104 -{ 1.105 - sjcl.random.startCollectors(); 1.106 - $('#sendbutton').show(); 1.107 - $('#clonebutton').hide(); 1.108 - $('#expiration').show(); 1.109 - $('#language').hide(); // $('#language').show(); 1.110 - $('#password').hide(); //$('#password').show(); 1.111 - $('#newbutton').show(); 1.112 - $('#pastelink').hide(); 1.113 - $('#message').text(''); 1.114 - $('#message').show(); 1.115 - $('#cleartext').hide(); 1.116 - $('#hashes').hide(); 1.117 - $('#message').focus(); 1.118 -} 1.119 - 1.120 -// Put the screen in "Existing paste" mode. 1.121 -function stateExistingPaste() 1.122 -{ 1.123 - sjcl.random.startCollectors(); 1.124 - $('#sendbutton').hide(); 1.125 - if (!$('#oldienotice').is(":visible")) $('#clonebutton').show(); // Not "clone" for IE<10. 1.126 - $('#expiration').hide(); 1.127 - $('#language').hide(); 1.128 - $('#password').hide(); 1.129 - $('#newbutton').show(); 1.130 - $('#pastelink').hide(); 1.131 - $('#message').hide(); 1.132 - $('#cleartext').show(); 1.133 - $('#hashes').show(); 1.134 -} 1.135 - 1.136 -// Clone the current paste. 1.137 -function clonePaste() 1.138 -{ 1.139 - stateNewPaste(); 1.140 - showStatus(''); 1.141 - $('#message').text($('#cleartext').text()); 1.142 -} 1.143 - 1.144 -// Create a new paste. 1.145 -function newPaste() 1.146 -{ 1.147 - stateNewPaste(); 1.148 - showStatus(''); 1.149 - $('#message').text(''); 1.150 -} 1.151 - 1.152 -// Display an error message 1.153 -function showError(message) 1.154 -{ 1.155 - $('#status').addClass('errorMessage').text(message); 1.156 -} 1.157 - 1.158 -// Display status 1.159 -function showStatus(message) 1.160 -{ 1.161 - $('#status').removeClass('errorMessage'); 1.162 - if (!message) { $('#status').html(' '); return; } 1.163 - if (message=='') { $('#status').html(' '); return; } 1.164 - $('#status').text(message); 1.165 -} 1.166 - 1.167 -// Generate link to URL shortener. 1.168 -function shortenUrl(url) 1.169 -{ 1.170 - return 'http://snipurl.com/site/snip?link='+encodeURIComponent(url); 1.171 -} 1.172 - 1.173 -// Convert URLs to clickable links. 1.174 -// Input: element : a jQuery DOM element. 1.175 -// Example URLs to handle: 1.176 -// magnet:?xt.1=urn:sha1:YNCKHTQCWBTRNJIV4WNAE52SJUQCZO5C&xt.2=urn:sha1:TXGCZQTH26NL6OUQAJJPFALHG2LTGBC7 1.177 -// http://localhost:8800/zero/?6f09182b8ea51997#WtLEUO5Epj9UHAV9JFs+6pUQZp13TuspAUjnF+iM+dM= 1.178 -// http://user:password@localhost:8800/zero/?6f09182b8ea51997#WtLEUO5Epj9UHAV9JFs+6pUQZp13TuspAUjnF+iM+dM= 1.179 -// FIXME: add ppa & apt links. 1.180 -function urls2links(element) 1.181 -{ 1.182 - var re = /((http|https|ftp):\/\/[\w?=&.\/-;#@~%+-]+(?![\w\s?&.\/;#~%"=-]*>))/ig; 1.183 - element.html(element.html().replace(re,'<a href="$1" rel="nofollow">$1</a>')); 1.184 - var re = /((magnet):[\w?=&.\/-;#@~%+-]+)/ig; 1.185 - element.html(element.html().replace(re,'<a href="$1">$1</a>')); 1.186 -} 1.187 - 1.188 -$(document).ready(function() { 1.189 - if ($('#cipherdata').text().length>1) // Display an existing paste 1.190 - { 1.191 - if (window.location.hash.length==0) // Missing decryption key in URL ? 1.192 - { 1.193 - showError('Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector which strips part of the URL ?)'); 1.194 - return; 1.195 - } 1.196 - var data = $('#cipherdata').text(); 1.197 - try { 1.198 - // Get key and decrypt data 1.199 - var key = window.location.hash.substring(1); 1.200 - // Strip &utm_source=... parameters added after the anchor by some stupid web 2.0 services. 1.201 - // We simply strip everything after & 1.202 - i = key.indexOf('&'); if (i>-1) { key = key.substring(0,i); } 1.203 - if (key.charAt(key.length-1)!=='=') key+='='; // Add trailing = if missing. 1.204 - var cleartext = randomDecipher(key,data); 1.205 - stateExistingPaste(); // Show proper elements on screen. 1.206 - displayCleartext(cleartext); 1.207 - } catch(err) { 1.208 - showError('Could not decrypt data (Wrong key ?)'); 1.209 - } 1.210 - } 1.211 - else if ($('#errormessage').text().length>1) // Display error message from php code. 1.212 - { 1.213 - showError($('#errormessage').text()); 1.214 - } 1.215 - else // Create a new paste. 1.216 - { 1.217 - newPaste(); 1.218 - } 1.219 -});
2.1 --- a/zerobin/stuff/zerobin.u Thu May 31 13:01:06 2012 +0200 2.2 +++ b/zerobin/stuff/zerobin.u Thu May 31 13:45:40 2012 +0200 2.3 @@ -1,6 +1,6 @@ 2.4 --- lib/zerobin.js 2.5 +++ lib/zerobin.js 2.6 -@@ -180,7 +180,11 @@ 2.7 +@@ -180,7 +180,12 @@ 2.8 { 2.9 if ($('textarea#message').val().length==0) return; // Do not send if no data. 2.10 showStatus('Sending paste...',spin=true); 2.11 @@ -10,6 +10,7 @@ 2.12 + window.location.hash.substring(1) : 2.13 + // Generate a random 256 bits key, encoded in base64: 2.14 + sjcl.codec.base64.fromBits(sjcl.random.randomWords(8,0),0); 2.15 ++ if (randomkey.charAt(randomkey.length-1)!=='=') randomkey+='='; // Add trailing = if missing. 2.16 var cipherdata = zeroCipher(randomkey,$('textarea#message').val()); 2.17 var data_to_send = { data:cipherdata, 2.18 expire:$('select#pasteExpiration').val(),