From 27c0f7172dd704cc946789f6b5319ba77bb6355b Mon Sep 17 00:00:00 2001
From: Greg Bowler <greg.bowler@g105b.com>
Date: Tue, 28 Jan 2020 15:02:04 +0000
Subject: [PATCH] Seed out of bounds check

---
 composer.json                        |  4 ++--
 src/DrngException.php                |  6 ++++++
 src/Random.php                       | 12 +++++++++++-
 src/SeedSizeOutOfBoundsException.php |  4 ++++
 test/phpunit/RandomTest.php          | 28 ++++++++++++++++++++++++++--
 5 files changed, 49 insertions(+), 5 deletions(-)
 create mode 100644 src/DrngException.php
 create mode 100644 src/SeedSizeOutOfBoundsException.php

diff --git a/composer.json b/composer.json
index 4820ce2..99f383d 100644
--- a/composer.json
+++ b/composer.json
@@ -12,12 +12,12 @@
 
 	"autoload": {
 		"psr-4": {
-			"g105b\\DRNG\\": "./src"
+			"g105b\\drng\\": "./src"
 		}
 	},
 	"autoload-dev": {
 		"psr-4": {
-			"g105b\\DRNG\\Test\\": "./test/phpunit"
+			"g105b\\drng\\Test\\": "./test/phpunit"
 		}
 	}
 }
\ No newline at end of file
diff --git a/src/DrngException.php b/src/DrngException.php
new file mode 100644
index 0000000..4d035b3
--- /dev/null
+++ b/src/DrngException.php
@@ -0,0 +1,6 @@
+<?php
+namespace g105b\drng;
+
+use RuntimeException;
+
+class DrngException extends RuntimeException {}
\ No newline at end of file
diff --git a/src/Random.php b/src/Random.php
index 178eac7..9101b7a 100644
--- a/src/Random.php
+++ b/src/Random.php
@@ -1,5 +1,5 @@
 <?php
-namespace g105b\DRNG;
+namespace g105b\drng;
 
 class Random {
 	private string $seedBytes;
@@ -14,6 +14,8 @@ public function __construct(string $seedBytes = null) {
 			$seedBytes = random_bytes(16);
 		}
 
+		$this->checkSeedSize($seedBytes);
+
 		$this->seedBytes = $seedBytes;
 // We are using OpenSSL in AES counter method, so need to retain a counter.
 		$this->aesCounter = 0;
@@ -32,6 +34,14 @@ public function getBytes(int $size):string {
 		);
 	}
 
+	/** @throws SeedSizeOutOfBoundsException */
+	private function checkSeedSize(string $seed):void {
+		$strlen = strlen($seed);
+		if($strlen === 0 || $strlen % 16 !== 0) {
+			throw new SeedSizeOutOfBoundsException();
+		}
+	}
+
 	/**
 	 * OpenSSL is used to generate random values, according to the
 	 * initialisation vector (IV) provided. This function returns an IV
diff --git a/src/SeedSizeOutOfBoundsException.php b/src/SeedSizeOutOfBoundsException.php
new file mode 100644
index 0000000..1b80a0c
--- /dev/null
+++ b/src/SeedSizeOutOfBoundsException.php
@@ -0,0 +1,4 @@
+<?php
+namespace g105b\drng;
+
+class SeedSizeOutOfBoundsException extends DrngException{}
\ No newline at end of file
diff --git a/test/phpunit/RandomTest.php b/test/phpunit/RandomTest.php
index 7b10038..f2c292b 100644
--- a/test/phpunit/RandomTest.php
+++ b/test/phpunit/RandomTest.php
@@ -1,8 +1,10 @@
 <?php
-namespace g105b\DRNG\Test;
+namespace g105b\drng\Test;
 
+use Exception;
+use g105b\drng\SeedSizeOutOfBoundsException;
 use PHPUnit\Framework\TestCase;
-use g105b\DRNG\Random;
+use g105b\drng\Random;
 
 class RandomTest extends TestCase {
 	public function testSequenceIsDeterministic() {
@@ -49,4 +51,26 @@ public function testManyCalls() {
 
 		self::assertEquals($expectedLength, strlen($totalBytes));
 	}
+
+	public function testSeedSizeOutOfBounds() {
+		for($i = 0; $i < 128; $i++) {
+			$exception = null;
+
+			try {
+				$bytes = str_repeat("\0", $i);
+				new Random($bytes);
+			}
+			catch(SeedSizeOutOfBoundsException $exception) {}
+
+			if($i > 0 && $i % 16 === 0) {
+				self::assertNull($exception);
+			}
+			else {
+				self::assertNotNull(
+					$exception,
+					"Exception should be thrown when byte size is not a multiple of 16"
+				);
+			}
+		}
+	}
 }
\ No newline at end of file