added test for entropy of cypher text

lib/sjcl.php

@@ -36,26 +36,27 @@ class sjcl
         if (is_null($decoded)) return false;
         $decoded = (array) $decoded;
 
+        // Make sure no additionnal keys were added.
+        if (
+            count(array_keys($decoded)) != count($accepted_keys)
+        ) return false;
+
         // Make sure required fields are present and contain base64 data.
         foreach($accepted_keys as $k)
         {
             if (!(
                 array_key_exists($k, $decoded) &&
-                base64_decode($decoded[$k], $strict=true)
+                $ct = base64_decode($decoded[$k], $strict=true)
             )) return false;
         }
 
-        // Make sure no additionnal keys were added.
-        if (
-            count(array_keys($decoded)) != count($accepted_keys)
-        ) return false;
-
-        // FIXME: Reject data if entropy is too low?
-
         // Make sure some fields have a reasonable size.
         if (strlen($decoded['iv']) > 24) return false;
         if (strlen($decoded['salt']) > 14) return false;
 
+        // Reject data if entropy is too low
+        if (strlen($ct) > strlen(gzdeflate($ct))) return false;
+
         return true;
     }
 }