Skip to content
Permalink
Browse files

code optimizing and simplify _crypt(), see PR #853

  • Loading branch information...
ceeram committed Nov 1, 2012
1 parent 2ab3a46 commit 0196c6f6863e2f9321d39871611794d82b2c1577
Showing with 36 additions and 54 deletions.
  1. +12 −1 lib/Cake/Test/Case/Utility/SecurityTest.php
  2. +24 −53 lib/Cake/Utility/Security.php
@@ -100,7 +100,6 @@ public function testHashYetAnotherInvalidSalt() {
*/
public function testHashInvalidCost() {
Security::setCost(1000);
$result = Security::hash('somekey', 'blowfish', false);
}
/**
* testHash method
@@ -179,6 +178,18 @@ public function testHashBlowfish() {
$hashedPassword = Security::hash($submittedPassword, null, $storedPassword);
$this->assertNotSame($storedPassword, $hashedPassword);
$expected = sha1('customsaltsomevalue');
$result = Security::hash('somevalue', 'sha1', 'customsalt');
$this->assertSame($expected, $result);
$oldSalt = Configure::read('Security.salt');
Configure::write('Security.salt', 'customsalt');
$expected = sha1('customsaltsomevalue');
$result = Security::hash('somevalue', 'sha1', true);
$this->assertSame($expected, $result);
Configure::write('Security.salt', $oldSalt);
Security::setHash($_hashType);
}
@@ -98,20 +98,18 @@ public static function hash($string, $type = null, $salt = false) {
$type = strtolower($type);
if ($type === 'blowfish') {
return self::_crypt($string, $type, $salt);
return self::_crypt($string, $salt);
}
if ($salt) {
if (is_string($salt)) {
$string = $salt . $string;
} else {
$string = Configure::read('Security.salt') . $string;
if (!is_string($salt)) {
$salt = Configure::read('Security.salt');
}
$string = $salt . $string;
}
if (!$type || $type == 'sha1') {
if (function_exists('sha1')) {
$return = sha1($string);
return $return;
return sha1($string);
}
$type = 'sha256';
}
@@ -145,6 +143,14 @@ public static function setHash($hash) {
* @return void
*/
public static function setCost($cost) {
if ($cost < 4 || $cost > 31) {
trigger_error(__d(
'cake_dev',
'Invalid value, cost must be between %s and %s',
array(4, 31)
), E_USER_WARNING);
return null;
}
self::$hashCost = $cost;
}
@@ -201,13 +207,11 @@ public static function rijndael($text, $key, $operation) {
$mode = 'cbc';
$cryptKey = substr($key, 0, 32);
$iv = substr($key, strlen($key) - 32, 32);
$out = '';
if ($operation === 'encrypt') {
$out .= mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv);
} elseif ($operation === 'decrypt') {
$out .= rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0");
return mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv);
}
return $out;
return rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0");
}
/**
@@ -228,55 +232,22 @@ public static function salt($length = 22) {
}
/**
* One way encryption using php's crypt() function.
* One way encryption using php's crypt() function, used with type blowfish in ``Security::hash()``
*
* @param string $password The string to be encrypted.
* @param string $type The encryption method to use (blowfish)
* @param mixed $salt false to generate a new salt or an existing salt.
*/
protected static function _crypt($password, $type = null, $salt = false) {
$options = array(
'saltFormat' => array(
'blowfish' => '$2a$%02d$%s',
),
'saltLength' => array(
'blowfish' => 22,
),
'costLimits' => array(
'blowfish' => array(4, 31),
)
);
extract($options);
if ($type === null) {
$hashType = self::$hashType;
} else {
$hashType = $type;
}
$cost = self::$hashCost;
protected static function _crypt($password, $salt = false) {
if ($salt === false) {
if (isset($costLimits[$hashType]) && ($cost < $costLimits[$hashType][0] || $cost > $costLimits[$hashType][1])) {
trigger_error(__d(
'cake_dev',
'When using %s you must specify a cost between %s and %s',
array(
$hashType,
$costLimits[$hashType][0],
$costLimits[$hashType][1]
)
), E_USER_WARNING);
return '';
}
$salt = self::salt($saltLength[$hashType]);
$vspArgs = array(
$cost,
$salt,
);
$salt = vsprintf($saltFormat[$hashType], $vspArgs);
} elseif ($salt === true || strpos($salt, '$2a$') !== 0 || strlen($salt) < 29) {
$salt = self::salt(22);
$salt = vsprintf('$2a$%02d$%s', array(self::$hashCost, $salt));
}
if ($salt === true || strpos($salt, '$2a$') !== 0 || strlen($salt) < 29) {
trigger_error(__d(
'cake_dev',
'Invalid salt: %s for %s Please visit http://www.php.net/crypt and read the appropriate section for building %s salts.',
array($salt, $hashType, $hashType)
array($salt, 'blowfish', 'blowfish')
), E_USER_WARNING);
return '';
}

0 comments on commit 0196c6f

Please sign in to comment.
You can’t perform that action at this time.