Seed out of bounds check

g105b · Jan 28, 2020 · 27c0f71 · 27c0f71
1 parent b8c8598
commit 27c0f71
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 5 deletions.
diff --git a/composer.json b/composer.json
@@ -12,12 +12,12 @@
 
 	"autoload": {
 		"psr-4": {
-			"g105b\\DRNG\\": "./src"
+			"g105b\\drng\\": "./src"
 		}
 	},
 	"autoload-dev": {
 		"psr-4": {
-			"g105b\\DRNG\\Test\\": "./test/phpunit"
+			"g105b\\drng\\Test\\": "./test/phpunit"
 		}
 	}
 }
diff --git a/src/DrngException.php b/src/DrngException.php
@@ -0,0 +1,6 @@
+<?php
+namespace g105b\drng;
+
+use RuntimeException;
+
+class DrngException extends RuntimeException {}
diff --git a/src/Random.php b/src/Random.php
@@ -1,5 +1,5 @@
 <?php
-namespace g105b\DRNG;
+namespace g105b\drng;
 
 class Random {
 	private string $seedBytes;
@@ -14,6 +14,8 @@ public function __construct(string $seedBytes = null) {
 			$seedBytes = random_bytes(16);
 		}
 
+		$this->checkSeedSize($seedBytes);
+
 		$this->seedBytes = $seedBytes;
 // We are using OpenSSL in AES counter method, so need to retain a counter.
 		$this->aesCounter = 0;
@@ -32,6 +34,14 @@ public function getBytes(int $size):string {
 		);
 	}
 
+	/** @throws SeedSizeOutOfBoundsException */
+	private function checkSeedSize(string $seed):void {
+		$strlen = strlen($seed);
+		if($strlen === 0 || $strlen % 16 !== 0) {
+			throw new SeedSizeOutOfBoundsException();
+		}
+	}
+
 	/**
 	 * OpenSSL is used to generate random values, according to the
 	 * initialisation vector (IV) provided. This function returns an IV

diff --git a/src/SeedSizeOutOfBoundsException.php b/src/SeedSizeOutOfBoundsException.php
@@ -0,0 +1,4 @@
+<?php
+namespace g105b\drng;
+
+class SeedSizeOutOfBoundsException extends DrngException{}
diff --git a/test/phpunit/RandomTest.php b/test/phpunit/RandomTest.php
@@ -1,8 +1,10 @@
 <?php
-namespace g105b\DRNG\Test;
+namespace g105b\drng\Test;
 
+use Exception;
+use g105b\drng\SeedSizeOutOfBoundsException;
 use PHPUnit\Framework\TestCase;
-use g105b\DRNG\Random;
+use g105b\drng\Random;
 
 class RandomTest extends TestCase {
 	public function testSequenceIsDeterministic() {
@@ -49,4 +51,26 @@ public function testManyCalls() {
 
 		self::assertEquals($expectedLength, strlen($totalBytes));
 	}
+
+	public function testSeedSizeOutOfBounds() {
+		for($i = 0; $i < 128; $i++) {
+			$exception = null;
+
+			try {
+				$bytes = str_repeat("\0", $i);
+				new Random($bytes);
+			}
+			catch(SeedSizeOutOfBoundsException $exception) {}
+
+			if($i > 0 && $i % 16 === 0) {
+				self::assertNull($exception);
+			}
+			else {
+				self::assertNotNull(
+					$exception,
+					"Exception should be thrown when byte size is not a multiple of 16"
+				);
+			}
+		}
+	}
 }