Permalink
Browse files

code optimizing and simplify _crypt(), see PR #853

  • Loading branch information...
ceeram committed Nov 1, 2012
1 parent 2ab3a46 commit 0196c6f6863e2f9321d39871611794d82b2c1577
Showing with 36 additions and 54 deletions.
  1. +12 −1 lib/Cake/Test/Case/Utility/SecurityTest.php
  2. +24 −53 lib/Cake/Utility/Security.php
@@ -100,7 +100,6 @@ public function testHashYetAnotherInvalidSalt() {
*/
public function testHashInvalidCost() {
Security::setCost(1000);
- $result = Security::hash('somekey', 'blowfish', false);
}
/**
* testHash method
@@ -179,6 +178,18 @@ public function testHashBlowfish() {
$hashedPassword = Security::hash($submittedPassword, null, $storedPassword);
$this->assertNotSame($storedPassword, $hashedPassword);
+ $expected = sha1('customsaltsomevalue');
+ $result = Security::hash('somevalue', 'sha1', 'customsalt');
+ $this->assertSame($expected, $result);
+
+ $oldSalt = Configure::read('Security.salt');
+ Configure::write('Security.salt', 'customsalt');
+
+ $expected = sha1('customsaltsomevalue');
+ $result = Security::hash('somevalue', 'sha1', true);
+ $this->assertSame($expected, $result);
+
+ Configure::write('Security.salt', $oldSalt);
Security::setHash($_hashType);
}
@@ -98,20 +98,18 @@ public static function hash($string, $type = null, $salt = false) {
$type = strtolower($type);
if ($type === 'blowfish') {
- return self::_crypt($string, $type, $salt);
+ return self::_crypt($string, $salt);
}
if ($salt) {
- if (is_string($salt)) {
- $string = $salt . $string;
- } else {
- $string = Configure::read('Security.salt') . $string;
+ if (!is_string($salt)) {
+ $salt = Configure::read('Security.salt');
}
+ $string = $salt . $string;
}
if (!$type || $type == 'sha1') {
if (function_exists('sha1')) {
- $return = sha1($string);
- return $return;
+ return sha1($string);
}
$type = 'sha256';
}
@@ -145,6 +143,14 @@ public static function setHash($hash) {
* @return void
*/
public static function setCost($cost) {
+ if ($cost < 4 || $cost > 31) {
+ trigger_error(__d(
+ 'cake_dev',
+ 'Invalid value, cost must be between %s and %s',
+ array(4, 31)
+ ), E_USER_WARNING);
+ return null;
+ }
self::$hashCost = $cost;
}
@@ -201,13 +207,11 @@ public static function rijndael($text, $key, $operation) {
$mode = 'cbc';
$cryptKey = substr($key, 0, 32);
$iv = substr($key, strlen($key) - 32, 32);
- $out = '';
+
if ($operation === 'encrypt') {
- $out .= mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv);
- } elseif ($operation === 'decrypt') {
- $out .= rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0");
+ return mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv);
}
- return $out;
+ return rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0");
}
/**
@@ -228,55 +232,22 @@ public static function salt($length = 22) {
}
/**
- * One way encryption using php's crypt() function.
+ * One way encryption using php's crypt() function, used with type blowfish in ``Security::hash()``
*
* @param string $password The string to be encrypted.
- * @param string $type The encryption method to use (blowfish)
* @param mixed $salt false to generate a new salt or an existing salt.
*/
- protected static function _crypt($password, $type = null, $salt = false) {
- $options = array(
- 'saltFormat' => array(
- 'blowfish' => '$2a$%02d$%s',
- ),
- 'saltLength' => array(
- 'blowfish' => 22,
- ),
- 'costLimits' => array(
- 'blowfish' => array(4, 31),
- )
- );
- extract($options);
- if ($type === null) {
- $hashType = self::$hashType;
- } else {
- $hashType = $type;
- }
- $cost = self::$hashCost;
+ protected static function _crypt($password, $salt = false) {
if ($salt === false) {
- if (isset($costLimits[$hashType]) && ($cost < $costLimits[$hashType][0] || $cost > $costLimits[$hashType][1])) {
- trigger_error(__d(
- 'cake_dev',
- 'When using %s you must specify a cost between %s and %s',
- array(
- $hashType,
- $costLimits[$hashType][0],
- $costLimits[$hashType][1]
- )
- ), E_USER_WARNING);
- return '';
- }
- $salt = self::salt($saltLength[$hashType]);
- $vspArgs = array(
- $cost,
- $salt,
- );
- $salt = vsprintf($saltFormat[$hashType], $vspArgs);
- } elseif ($salt === true || strpos($salt, '$2a$') !== 0 || strlen($salt) < 29) {
+ $salt = self::salt(22);
+ $salt = vsprintf('$2a$%02d$%s', array(self::$hashCost, $salt));
+ }
+
+ if ($salt === true || strpos($salt, '$2a$') !== 0 || strlen($salt) < 29) {
trigger_error(__d(
'cake_dev',
'Invalid salt: %s for %s Please visit http://www.php.net/crypt and read the appropriate section for building %s salts.',
- array($salt, $hashType, $hashType)
+ array($salt, 'blowfish', 'blowfish')
), E_USER_WARNING);
return '';
}

0 comments on commit 0196c6f

Please sign in to comment.