AesCtr::encrypt() - Code Metrics - Inspection of "2e0cc8ee2749ad39b7fe4bdfec7cac59d7a22f6e" - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Passed
Branch — wip_sessions (2e0cc8)

by Nils
created 2024-01-06 07:19 UTC
AesCtr::encrypt() D

↳ Parent: AesCtr
Complexity

Conditions	13
Paths	273
Size

Total Lines	73
Code Lines	38
Duplication

Lines	0
Ratio	0 %
Importance

Changes	1
Bugs	0	Features	0
Metric	Value
cc	13
eloc	38
nc	273
nop	3
dl	0
loc	73
rs	4.8708
c	1
b	0
f	0
How to fix Long Method Complexity

<?php
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
/*  AES counter (CTR) mode implementation in PHP (c) Chris Veness 2005-2010. Right of free use is */
/*    granted for all commercial or non-commercial use under CC-BY licence. No warranty of any    */
/*    form is offered.                                                                            */
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */

class AesCtr extends Aes
{
    /**
     * Encrypt a text using AES encryption in Counter mode of operation
     *  - see http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
     *
     * Unicode multi-byte character safe
     *
     * @param plaintext source text to be encrypted
filter:
    dependency_paths: ["lib/*"]
     * @param password  the password to use to generate a key
     * @param nBits     number of bits to be used in the key (128, 192, or 256)
     * @return          string text
     */
    public static function encrypt($plaintext, $password, $nBits)
    {
    $blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
    if (!($nBits == 128 || $nBits == 192 || $nBits == 256)) {
        return '';
    }
    // standard allows 128/192/256 bit keys
    // note PHP (5) gives us plaintext and password in UTF8 encoding!

    // use AES itself to encrypt password to get cipher key (using plain password as source for
    // key expansion) - gives us well encrypted key
    $nBytes = $nBits / 8; // no bytes in key
    $pwBytes = array();
    for ($i = 0; $i < $nBytes; $i++) {
        $pwBytes[$i] = ord(substr($password, $i, 1)) & 0xff;
    }
    $key = Aes::cipher($pwBytes, Aes::keyExpansion($pwBytes));
    $key = Aes::cipher(/** @scrutinizer ignore-type */ $pwBytes, Aes::keyExpansion($pwBytes));
    $key = array_merge($key, array_slice($key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long
    $key = array_merge($key, array_slice($key, 0, /** @scrutinizer ignore-type */ $nBytes - 16)); // expand key to 16/24/32 bytes long

    // initialise counter block (NIST SP800-38A §B.2): millisecond time-stamp for nonce in
    // 1st 8 bytes, block counter in 2nd 8 bytes
    $counterBlock = array();
    $nonce = floor(microtime(true) * 1000); // timestamp: milliseconds since 1-Jan-1970
    $nonceSec = floor($nonce / 1000);
    $nonceMs = $nonce % 1000;
    // encode nonce with seconds in 1st 4 bytes, and (repeated) ms part filling 2nd 4 bytes
    for ($i = 0; $i < 4; $i++) {
        $counterBlock[$i] = self::urs($nonceSec, $i * 8) & 0xff;
    }
    for ($i = 0; $i < 4; $i++) {
        $counterBlock[$i + 4] = $nonceMs & 0xff;
    }
    // and convert it to a string to go on the front of the ciphertext
    $ctrTxt = '';
    for ($i = 0; $i < 8; $i++) {
        $ctrTxt .= chr($counterBlock[$i]);
    }

    // generate key schedule - an expansion of the key into distinct Key Rounds for each round
    $keySchedule = Aes::keyExpansion($key);
    $keySchedule = Aes::keyExpansion(/** @scrutinizer ignore-type */ $key);
    //print_r($keySchedule);

    $blockCount = ceil(strlen($plaintext) / $blockSize);
    $ciphertxt = array(); // ciphertext as array of strings

    for ($b = 0; $b < $blockCount; $b++) {
        // set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes)
        // done in two stages for 32-bit ops: using two words allows us to go past 2^32 blocks (68GB)
        for ($c = 0; $c < 4; $c++) {
            $counterBlock[15 - $c] = self::urs($b, $c * 8) & 0xff;
        }
        for ($c = 0; $c < 4; $c++) {
            $counterBlock[15 - $c - 4] = self::urs($b / 0x100000000, $c * 8);
        }

        $cipherCntr = Aes::cipher($counterBlock, $keySchedule); // -- encrypt counter block --

        // block size is reduced on final block
        $blockLength = $b < $blockCount - 1 ? $blockSize : (strlen($plaintext) - 1) % $blockSize + 1;
        $cipherByte = array();

        for ($i = 0; $i < $blockLength; $i++) {  // -- xor plaintext with ciphered counter byte-by-byte --
        $cipherByte[$i] = $cipherCntr[$i] ^ ord(substr($plaintext, $b * $blockSize + $i, 1));
        $cipherByte[$i] = chr($cipherByte[$i]);
        }
        $ciphertxt[$b] = implode('', $cipherByte); // escape troublesome characters in ciphertext
    }

    // implode is more efficient than repeated string concatenation
    $ciphertext = $ctrTxt.implode('', $ciphertxt);
    $ciphertext = base64_encode($ciphertext);

    return $ciphertext;
    }

    /**
     * Decrypt a text encrypted by AES in counter mode of operation
     *
     * @param ciphertext source text to be decrypted
     * @param password   the password to use to generate a key
     * @param nBits      number of bits to be used in the key (128, 192, or 256)
     * @return           string text
     */
    public static function decrypt($ciphertext, $password, $nBits)
    {
    $blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
    if (!($nBits == 128 || $nBits == 192 || $nBits == 256)) {
        return '';
    }
    // standard allows 128/192/256 bit keys
    $ciphertext = base64_decode($ciphertext);

    // use AES to encrypt password (mirroring encrypt routine)
    $nBytes = $nBits / 8; // no bytes in key
    $pwBytes = array();
    for ($i = 0; $i < $nBytes; $i++) {
        $pwBytes[$i] = ord(substr($password, $i, 1)) & 0xff;
    }
    $key = Aes::cipher($pwBytes, Aes::keyExpansion($pwBytes));
    $key = Aes::cipher(/** @scrutinizer ignore-type */ $pwBytes, Aes::keyExpansion($pwBytes));
    $key = array_merge($key, array_slice($key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long
    $key = array_merge($key, array_slice(/** @scrutinizer ignore-type */ $key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long

    // recover nonce from 1st element of ciphertext
    $counterBlock = array();
    $ctrTxt = substr($ciphertext, 0, 8);
    for ($i = 0; $i < 8; $i++) {
        $counterBlock[$i] = ord(substr($ctrTxt, $i, 1));
    }

    // generate key schedule
    $keySchedule = Aes::keyExpansion($key);
    $keySchedule = Aes::keyExpansion(/** @scrutinizer ignore-type */ $key);

    // separate ciphertext into blocks (skipping past initial 8 bytes)
    $nBlocks = ceil((strlen($ciphertext) - 8) / $blockSize);
    $ct = array();
    for ($b = 0; $b < $nBlocks; $b++) {
        $ct[$b] = substr($ciphertext, 8 + $b * $blockSize, 16);
    }
    $ciphertext = $ct; // ciphertext is now array of block-length strings

    // plaintext will get generated block-by-block into array of block-length strings
    $plaintxt = array();

    for ($b = 0; $b < $nBlocks; $b++) {
        // set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes)
        for ($c = 0; $c < 4; $c++) {
            $counterBlock[15 - $c] = self::urs($b, $c * 8) & 0xff;
        }
        for ($c = 0; $c < 4; $c++) {
            $counterBlock[15 - $c - 4] = self::urs(($b + 1) / 0x100000000 - 1, $c * 8) & 0xff;
        }

        $cipherCntr = Aes::cipher($counterBlock, $keySchedule); // encrypt counter block

        $plaintxtByte = array();
        for ($i = 0; $i < strlen($ciphertext[$b]); $i++) {
        // -- xor plaintext with ciphered counter byte-by-byte --
        $plaintxtByte[$i] = $cipherCntr[$i] ^ ord(substr($ciphertext[$b], $i, 1));
        $plaintxtByte[$i] = chr($plaintxtByte[$i]);

        }
        $plaintxt[$b] = implode('', $plaintxtByte);
    }

    // join array of blocks into single plaintext string
    $plaintext = implode('', $plaintxt);

    return $plaintext;
    }

    /*
   * Unsigned right shift function, since PHP has neither >>> operator nor unsigned ints
   *
   * @param a  number to be shifted (32-bit integer)
   * @param b  number of bits to shift a to the right (0..31)
   * @return   a right-shifted and zero-filled by b bits
   */
    private static function urs($a, $b)
    {
    $a &= 0xffffffff; $b &= 0x1f; // (bounds check)
    if ($a & 0x80000000 && $b > 0) {   // if left-most bit set
        $a = ($a >> 1) & 0x7fffffff; //   right-shift one bit & clear left-most bit
        $a = $a >> ($b - 1); //   remaining right-shifts
    } else {                       // otherwise
        $a = ($a >> $b); //   use normal right-shift
    }

    return $a;

    }

}
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */

nilsteampassnet / TeamPass

Branch — wip_sessions (2e0cc8)

AesCtr::encrypt() D

Complexity

Size

Duplication

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like
