Handshake::pkbdf2Hmac() - Code Metrics - Inspection of "Abstract socket and handshake from connection obje..." - tbolier/php-rethink-ql - Measure and Improve Code Quality continuously with Scrutinizer

Test Failed

Pull Request — master (#6)

by Timon

created 2018-01-23 16:46 UTC

Handshake::pkbdf2Hmac() A

↳ Parent: Handshake

Complexity

Conditions	2
Paths	2

Size

Total Lines	11
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	11
rs	9.4285
c	0
b	0
f	0
cc	2
eloc	7
nc	2
nop	3

<?php
declare(strict_types=1);

/**
 * @license http://www.apache.org/licenses/ Apache License 2.0
 * @license https://github.com/danielmewes/php-rql Apache License 2.0
 * @Author Daniel Mewes https://github.com/danielmewes
 * @Author Timon Bolier https://github.com/tbolier
 *
 * The Handshake class contains parts of code copied from the original PHP-RQL library under the Apache License 2.0:
 * @see https://github.com/danielmewes/php-rql/blob/master/rdb/Handshake.php
 *
 * Stating the following changes have been done to the parts of the code copied in the Handshake Class:
 * - Amendments to code styles and control structures.
 * - Abstraction of code to new methods to improve readability.
 * - Removed obsolete code.
 */

namespace TBolier\RethinkQL\Connection\Socket;

use Psr\Http\Message\StreamInterface;

class Handshake implements HandshakeInterface
{
    /**
     * @var string
     */
    private $username;

    /**
     * @var string
     */
    private $password;

    /**
     * @var string
     */
    private $protocolVersion = 0;

    /**
     * @var int
     */
    private $state;

    /**
     * @var string
     */
    private $myR;

    /**
     * @var string
     */
    private $clientFirstMessage;

    /**
     * @var string
     */
    private $serverSignature;

    /**
     * @var int
     */
    private $version;

    /**
     * @param string $username
     * @param string $password
     * @param int $version
     */
    public function __construct(string $username, string $password, int $version)
    {
        $this->username = $username;
        $this->password = $password;
        $this->state = 0;
        $this->version = $version;
    }

    /**
     * @inheritdoc
     * @throws \RuntimeException
     * @throws Exception
     */
    public function helo(StreamInterface $stream): void
    {
        try {
            $handshakeResponse = null;
            while (true) {
                if (!$stream->isWritable()) {
                    throw new Exception('Not connected');
                }

                if ($handshakeResponse !== null && preg_match('/^ERROR:\s(.+)$/i', $handshakeResponse,
                        $errorMatch)) {
                    throw new Exception($errorMatch[1]);
                }

                try {
                    $msg = $this->nextMessage($handshakeResponse);
                } catch (Exception $e) {
                    $stream->close();
                    throw $e;
                }

                if ($msg === 'successful') {
                    break;
                }

                if ($msg !== '') {
                    $stream->write($msg);
                }

                // Read null-terminated response
                $handshakeResponse = $stream->getContents();
            }
        } catch (Exception $e) {
            $stream->close();
            throw $e;
        }

    }

    /**
     * @param $response
     * @return string
     * @throws Exception
     */
    private function nextMessage(string $response = null): ?string
    {
        switch ($this->state) {
            case 0:
switch ($expr) {
    case "A": { //wrong
        doSomething();
        break;
    }
    case "B"; //wrong
        doSomething();
        break;
    case "C": //right
        doSomething();
        break;
}
                return $this->createHandshakeMessage($response);
            case 1:
                return $this->verifyProtocol($response);
            case 2:
                return $this->createAuthenticationMessage($response);
            case 3:
                return $this->verifyAuthentication($response);
            default:
                throw new Exception('Illegal handshake state');
        }
    }

    /**
     * @param string $password
     * @param string $salt
     * @param int $iterations
     * @return string
     */
    private function pkbdf2Hmac(string $password, string $salt, int $iterations): string
    {
        $t = hash_hmac('sha256', $salt . "\x00\x00\x00\x01", $password, true);
        $u = $t;
        for ($i = 0; $i < $iterations - 1; ++$i) {
            $t = hash_hmac('sha256', $t, $password, true);
            $u ^= $t;
        }

        return $u;
    }

    /**
     * @param $response
     * @return string
     */
    private function createHandshakeMessage($response): string
    {
        $response === null or die('Illegal handshake state');

        $this->myR = base64_encode(openssl_random_pseudo_bytes(18));
        $this->clientFirstMessage = 'n=' . $this->username . ',r=' . $this->myR;

        $binaryVersion = pack('V', $this->version);

        $this->state = 1;

        return
            $binaryVersion
            . json_encode(
                [
                    'protocol_version' => $this->protocolVersion,
                    'authentication_method' => 'SCRAM-SHA-256',
                    'authentication' => 'n,,' . $this->clientFirstMessage,
                ]
            )
            . \chr(0);
    }

    /**
     * @param $response
     * @return string
     * @throws Exception
     */
    private function verifyProtocol($response): string
    {
        if (strpos($response, 'ERROR') === 0) {
            throw new Exception(
                'Received an unexpected reply. You may be attempting to connect to '
                . 'a RethinkDB server that is too old for this driver. The minimum '
                . 'supported server version is 2.3.0.'
            );
        }

        $json = json_decode($response, true);
        if ($json['success'] === false) {
            throw new Exception('Handshake failed: ' . $json["error"]);
        }
        if ($this->protocolVersion > $json['max_protocol_version']
            || $this->protocolVersion < $json['min_protocol_version']) {
            throw new Exception('Unsupported protocol version.');
        }

        $this->state = 2;

        return '';
    }

    /**
     * @param $response
     * @return string
     * @throws Exception
     */
    private function createAuthenticationMessage($response): string
    {
        $json = json_decode($response, true);
        if ($json['success'] === false) {
            throw new Exception('Handshake failed: ' . $json['error']);
        }
        $serverFirstMessage = $json['authentication'];
        $authentication = [];
        foreach (explode(',', $json['authentication']) as $var) {
            $pair = explode('=', $var);
            $authentication[$pair[0]] = $pair[1];
        }
        $serverR = $authentication['r'];
        if (strpos($serverR, $this->myR) !== 0) {
            throw new Exception('Invalid nonce from server.');
        }
        $salt = base64_decode($authentication['s']);
        $iterations = (int)$authentication['i'];

        $clientFinalMessageWithoutProof = 'c=biws,r=' . $serverR;
        $saltedPassword = $this->pkbdf2Hmac($this->password, $salt, $iterations);
        $clientKey = hash_hmac('sha256', 'Client Key', $saltedPassword, true);
        $storedKey = hash('sha256', $clientKey, true);

        $authMessage =
            $this->clientFirstMessage . ',' . $serverFirstMessage . ',' . $clientFinalMessageWithoutProof;

        $clientSignature = hash_hmac('sha256', $authMessage, $storedKey, true);

        $clientProof = $clientKey ^ $clientSignature;

        $serverKey = hash_hmac('sha256', 'Server Key', $saltedPassword, true);

        $this->serverSignature = hash_hmac('sha256', $authMessage, $serverKey, true);

        $this->state = 3;

        return
            json_encode(
                [
                    'authentication' => $clientFinalMessageWithoutProof . ',p=' . base64_encode($clientProof),
                ]
            )
            . \chr(0);
    }

    /**
     * @param $response
     * @return string
     * @throws Exception
     */
    private function verifyAuthentication($response): string
    {
        $json = json_decode($response, true);
        if ($json['success'] === false) {
            throw new Exception('Handshake failed: ' . $json['error']);
        }
        $authentication = [];
        foreach (explode(',', $json['authentication']) as $var) {
            $pair = explode('=', $var);
            $authentication[$pair[0]] = $pair[1];
        }

        $v = base64_decode($authentication['v']);

        // TODO: Use cryptographic comparison
        if ($v !== $this->serverSignature) {
            throw new Exception('Invalid server signature.');
        }

        $this->state = 4;

        return 'successful';
    }
}


1			<?php
2			declare(strict_types=1);
3
4			/**
5			* @license http://www.apache.org/licenses/ Apache License 2.0
6			* @license https://github.com/danielmewes/php-rql Apache License 2.0
7			* @Author Daniel Mewes https://github.com/danielmewes
8			* @Author Timon Bolier https://github.com/tbolier
9			*
10			* The Handshake class contains parts of code copied from the original PHP-RQL library under the Apache License 2.0:
11			* @see https://github.com/danielmewes/php-rql/blob/master/rdb/Handshake.php
12			*
13			* Stating the following changes have been done to the parts of the code copied in the Handshake Class:
14			* - Amendments to code styles and control structures.
15			* - Abstraction of code to new methods to improve readability.
16			* - Removed obsolete code.
17			*/
18
19			namespace TBolier\RethinkQL\Connection\Socket;
20
21			use Psr\Http\Message\StreamInterface;
22
23			class Handshake implements HandshakeInterface
24			{
25			/**
26			* @var string
27			*/
28			private $username;
29
30			/**
31			* @var string
32			*/
33			private $password;
34
35			/**
36			* @var string
37			*/
38			private $protocolVersion = 0;
39
40			/**
41			* @var int
42			*/
43			private $state;
44
45			/**
46			* @var string
47			*/
48			private $myR;
49
50			/**
51			* @var string
52			*/
53			private $clientFirstMessage;
54
55			/**
56			* @var string
57			*/
58			private $serverSignature;
59
60			/**
61			* @var int
62			*/
63			private $version;
64
65			/**
66			* @param string $username
67			* @param string $password
68			* @param int $version
69			*/
70			public function __construct(string $username, string $password, int $version)
71			{
72			$this->username = $username;
73			$this->password = $password;
74			$this->state = 0;
75			$this->version = $version;
76			}
77
78			/**
79			* @inheritdoc
80			* @throws \RuntimeException
81			* @throws Exception
82			*/
83			public function helo(StreamInterface $stream): void
84			{
85			try {
86			$handshakeResponse = null;
87			while (true) {
88			if (!$stream->isWritable()) {
89			throw new Exception('Not connected');
90			}
91
92			if ($handshakeResponse !== null && preg_match('/^ERROR:\s(.+)$/i', $handshakeResponse,
93			$errorMatch)) {
94			throw new Exception($errorMatch[1]);
95			}
96
97			try {
98			$msg = $this->nextMessage($handshakeResponse);
99			} catch (Exception $e) {
100			$stream->close();
101			throw $e;
102			}
103
104			if ($msg === 'successful') {
105			break;
106			}
107
108			if ($msg !== '') {
109			$stream->write($msg);
110			}
111
112			// Read null-terminated response
113			$handshakeResponse = $stream->getContents();
114			}
115			} catch (Exception $e) {
116			$stream->close();
117			throw $e;
118			}
119
120			}
121
122			/**
123			* @param $response
124			* @return string
125			* @throws Exception
126			*/
127			private function nextMessage(string $response = null): ?string
128			{
129			switch ($this->state) {
130			case 0:
			0 ignored issues – show Coding Style introduced 2018-01-22 13:12 UTC by Report Bug Copy Issue Report `case` statements should be defined using a colon. As per the PSR-2 coding standard, case statements should not be wrapped in curly braces. There is no need for braces, since each case is terminated by the next `break`. There is also the option to use a semicolon instead of a colon, this is discouraged because many programmers do not even know it works and the colon is universal between programming languages. switch ($expr) { case "A": { //wrong doSomething(); break; } case "B"; //wrong doSomething(); break; case "C": //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
131			return $this->createHandshakeMessage($response);
132			case 1:
133			return $this->verifyProtocol($response);
134			case 2:
135			return $this->createAuthenticationMessage($response);
136			case 3:
137			return $this->verifyAuthentication($response);
138			default:
139			throw new Exception('Illegal handshake state');
140			}
141			}
142
143			/**
144			* @param string $password
145			* @param string $salt
146			* @param int $iterations
147			* @return string
148			*/
149			private function pkbdf2Hmac(string $password, string $salt, int $iterations): string
150			{
151			$t = hash_hmac('sha256', $salt . "\x00\x00\x00\x01", $password, true);
152			$u = $t;
153			for ($i = 0; $i < $iterations - 1; ++$i) {
154			$t = hash_hmac('sha256', $t, $password, true);
155			$u ^= $t;
156			}
157
158			return $u;
159			}
160
161			/**
162			* @param $response
163			* @return string
164			*/
165			private function createHandshakeMessage($response): string
166			{
167			$response === null or die('Illegal handshake state');
168
169			$this->myR = base64_encode(openssl_random_pseudo_bytes(18));
170			$this->clientFirstMessage = 'n=' . $this->username . ',r=' . $this->myR;
171
172			$binaryVersion = pack('V', $this->version);
173
174			$this->state = 1;
175
176			return
177			$binaryVersion
178			. json_encode(
179			[
180			'protocol_version' => $this->protocolVersion,
181			'authentication_method' => 'SCRAM-SHA-256',
182			'authentication' => 'n,,' . $this->clientFirstMessage,
183			]
184			)
185			. \chr(0);
186			}
187
188			/**
189			* @param $response
190			* @return string
191			* @throws Exception
192			*/
193			private function verifyProtocol($response): string
194			{
195			if (strpos($response, 'ERROR') === 0) {
196			throw new Exception(
197			'Received an unexpected reply. You may be attempting to connect to '
198			. 'a RethinkDB server that is too old for this driver. The minimum '
199			. 'supported server version is 2.3.0.'
200			);
201			}
202
203			$json = json_decode($response, true);
204			if ($json['success'] === false) {
205			throw new Exception('Handshake failed: ' . $json["error"]);
206			}
207			if ($this->protocolVersion > $json['max_protocol_version']
208			\|\| $this->protocolVersion < $json['min_protocol_version']) {
209			throw new Exception('Unsupported protocol version.');
210			}
211
212			$this->state = 2;
213
214			return '';
215			}
216
217			/**
218			* @param $response
219			* @return string
220			* @throws Exception
221			*/
222			private function createAuthenticationMessage($response): string
223			{
224			$json = json_decode($response, true);
225			if ($json['success'] === false) {
226			throw new Exception('Handshake failed: ' . $json['error']);
227			}
228			$serverFirstMessage = $json['authentication'];
229			$authentication = [];
230			foreach (explode(',', $json['authentication']) as $var) {
231			$pair = explode('=', $var);
232			$authentication[$pair[0]] = $pair[1];
233			}
234			$serverR = $authentication['r'];
235			if (strpos($serverR, $this->myR) !== 0) {
236			throw new Exception('Invalid nonce from server.');
237			}
238			$salt = base64_decode($authentication['s']);
239			$iterations = (int)$authentication['i'];
240
241			$clientFinalMessageWithoutProof = 'c=biws,r=' . $serverR;
242			$saltedPassword = $this->pkbdf2Hmac($this->password, $salt, $iterations);
243			$clientKey = hash_hmac('sha256', 'Client Key', $saltedPassword, true);
244			$storedKey = hash('sha256', $clientKey, true);
245
246			$authMessage =
247			$this->clientFirstMessage . ',' . $serverFirstMessage . ',' . $clientFinalMessageWithoutProof;
248
249			$clientSignature = hash_hmac('sha256', $authMessage, $storedKey, true);
250
251			$clientProof = $clientKey ^ $clientSignature;
252
253			$serverKey = hash_hmac('sha256', 'Server Key', $saltedPassword, true);
254
255			$this->serverSignature = hash_hmac('sha256', $authMessage, $serverKey, true);
256
257			$this->state = 3;
258
259			return
260			json_encode(
261			[
262			'authentication' => $clientFinalMessageWithoutProof . ',p=' . base64_encode($clientProof),
263			]
264			)
265			. \chr(0);
266			}
267
268			/**
269			* @param $response
270			* @return string
271			* @throws Exception
272			*/
273			private function verifyAuthentication($response): string
274			{
275			$json = json_decode($response, true);
276			if ($json['success'] === false) {
277			throw new Exception('Handshake failed: ' . $json['error']);
278			}
279			$authentication = [];
280			foreach (explode(',', $json['authentication']) as $var) {
281			$pair = explode('=', $var);
282			$authentication[$pair[0]] = $pair[1];
283			}
284
285			$v = base64_decode($authentication['v']);
286
287			// TODO: Use cryptographic comparison
288			if ($v !== $this->serverSignature) {
289			throw new Exception('Invalid server signature.');
290			}
291
292			$this->state = 4;
293
294			return 'successful';
295			}
296			}
297

tbolier / php-rethink-ql

Pull Request — master (#6)

Handshake::pkbdf2Hmac() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like