Passed
Push — master ( 3f508b...939a62 )
by El
05:26
created

Sjcl::isValid()   C

Complexity

Conditions 20
Paths 29

Size

Total Lines 70
Code Lines 36

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 36
CRAP Score 20

Importance

Changes 0
Metric Value
dl 0
loc 70
ccs 36
cts 36
cp 1
rs 5.5473
c 0
b 0
f 0
cc 20
eloc 36
nc 29
nop 1
crap 20

How to fix   Long Method    Complexity   

Long Method

Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.

For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.

Commonly applied refactorings include:

1
<?php
2
/**
3
 * PrivateBin
4
 *
5
 * a zero-knowledge paste bin
6
 *
7
 * @link      https://github.com/PrivateBin/PrivateBin
8
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
9
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
10
 * @version   1.1.1
11
 */
12
13
namespace PrivateBin;
14
15
/**
16
 * Sjcl
17
 *
18
 * Provides SJCL validation function.
19
 */
20
class Sjcl
21
{
22
    /**
23
     * SJCL validator
24
     *
25
     * Checks if a json string is a proper SJCL encrypted message.
26
     *
27
     * @access public
28
     * @static
29
     * @param  string $encoded JSON
30
     * @return bool
31
     */
32 49
    public static function isValid($encoded)
33
    {
34 49
        $accepted_keys = array('iv', 'v', 'iter', 'ks', 'ts', 'mode', 'adata', 'cipher', 'salt', 'ct');
35
36
        // Make sure content is valid json
37 49
        $decoded = json_decode($encoded);
38 49
        if (is_null($decoded)) {
39 3
            return false;
40
        }
41 46
        $decoded = (array) $decoded;
42
43
        // Make sure no additionnal keys were added.
44
        if (
45 46
            count(array_keys($decoded)) != count($accepted_keys)
46
        ) {
47 1
            return false;
48
        }
49
50
        // Make sure required fields are present and contain base64 data.
51 46
        foreach ($accepted_keys as $k) {
52 46
            if (!array_key_exists($k, $decoded)) {
53 46
                return false;
54
            }
55
        }
56
57
        // Make sure some fields are base64 data.
58 46
        if (!base64_decode($decoded['iv'], true)) {
59 1
            return false;
60
        }
61 46
        if (!base64_decode($decoded['salt'], true)) {
62 1
            return false;
63
        }
64 46
        if (!($ct = base64_decode($decoded['ct'], true))) {
65 1
            return false;
66
        }
67
68
        // Make sure some fields have a reasonable size.
69 46
        if (strlen($decoded['iv']) > 24) {
70 1
            return false;
71
        }
72 46
        if (strlen($decoded['salt']) > 14) {
73 1
            return false;
74
        }
75
76
        // Make sure some fields contain no unsupported values.
77 46
        if (!(is_int($decoded['v']) || is_float($decoded['v'])) || (float) $decoded['v'] < 1) {
78 1
            return false;
79
        }
80 46
        if (!is_int($decoded['iter']) || $decoded['iter'] <= 100) {
81 1
            return false;
82
        }
83 46
        if (!in_array($decoded['ks'], array(128, 192, 256), true)) {
84 1
            return false;
85
        }
86 46
        if (!in_array($decoded['ts'], array(64, 96, 128), true)) {
87 1
            return false;
88
        }
89 46
        if (!in_array($decoded['mode'], array('ccm', 'ocb2', 'gcm'), true)) {
90 1
            return false;
91
        }
92 46
        if ($decoded['cipher'] !== 'aes') {
93 1
            return false;
94
        }
95
96
        // Reject data if entropy is too low
97 46
        if (strlen($ct) > strlen(gzdeflate($ct))) {
98 1
            return false;
99
        }
100
101 46
        return true;
102
    }
103
}
104