tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-30 16:39:38 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #411 from ajoneil/blowfish

Browse Source 
MINOR: Fix coding conventions
This commit is contained in:
Ingo Schommer 2012-05-07 15:56:03 -07:00
commit 15e8e10f5e
2 changed files with 45 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
security/PasswordEncryptor.php
View File

@ -150,74 +150,74 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
// See: http://nz.php.net/security/crypt_blowfish.php // See: http://nz.php.net/security/crypt_blowfish.php
// There are three version of the algorithm - y, a and x, in order // There are three version of the algorithm - y, a and x, in order
// of decreasing security. Attempt to use the strongest version. // of decreasing security. Attempt to use the strongest version.
$encrypted_password = $this->encrypt_y($password, $salt); $encryptedPassword = $this->encryptY($password, $salt);
if(!$encrypted_password) { if(!$encryptedPassword) {
$encrypted_password = $this->encrypt_a($password, $salt); $encryptedPassword = $this->encryptA($password, $salt);
} }
if(!$encrypted_password) { if(!$encryptedPassword) {
$encrypted_password = $this->encrypt_x($password, $salt); $encryptedPassword = $this->encryptX($password, $salt);
} }
// We *never* want to generate blank passwords. If something // We *never* want to generate blank passwords. If something
// goes wrong, throw an exception. // goes wrong, throw an exception.
if(strpos($encrypted_password, '$2') === false) { if(strpos($encryptedPassword, '$2') === false) {
throw new PasswordEncryptor_EncryptionFailed('Blowfish password encryption failed.'); throw new PasswordEncryptor_EncryptionFailed('Blowfish password encryption failed.');
} }
return $encrypted_password; return $encryptedPassword;
} }
function encrypt_x($password, $salt) { function encryptX($password, $salt) {
$method_and_salt = '$2x$' . $salt; $methodAndSalt = '$2x$' . $salt;
$encrypted_password = crypt($password, $method_and_salt); $encryptedPassword = crypt($password, $methodAndSalt);
if(strpos($encrypted_password, '$2x$') === 0) { if(strpos($encryptedPassword, '$2x$') === 0) {
return $encrypted_password; return $encryptedPassword;
} }
// Check if system a is actually x, and if available, use that. // Check if system a is actually x, and if available, use that.
if($this->what_is_a() == 'x') { if($this->checkAEncryptionLevel() == 'x') {
$method_and_salt = '$2a$' . $salt; $methodAndSalt = '$2a$' . $salt;
$encrypted_password = crypt($password, $method_and_salt); $encryptedPassword = crypt($password, $methodAndSalt);
if(strpos($encrypted_password, '$2a$') === 0) { if(strpos($encryptedPassword, '$2a$') === 0) {
$encrypted_password = '$2x$' . substr($encrypted_password, strlen('$2a$')); $encryptedPassword = '$2x$' . substr($encryptedPassword, strlen('$2a$'));
return $encrypted_password; return $encryptedPassword;
} }
} }
return false; return false;
} }
function encrypt_y($password, $salt) { function encryptY($password, $salt) {
$method_and_salt = '$2y$' . $salt; $methodAndSalt = '$2y$' . $salt;
$encrypted_password = crypt($password, $method_and_salt); $encryptedPassword = crypt($password, $methodAndSalt);
if(strpos($encrypted_password, '$2y$') === 0) { if(strpos($encryptedPassword, '$2y$') === 0) {
return $encrypted_password; return $encryptedPassword;
} }
// Check if system a is actually y, and if available, use that. // Check if system a is actually y, and if available, use that.
if($this->what_is_a() == 'y') { if($this->checkAEncryptionLevel() == 'y') {
$method_and_salt = '$2a$' . $salt; $methodAndSalt = '$2a$' . $salt;
$encrypted_password = crypt($password, $method_and_salt); $encryptedPassword = crypt($password, $methodAndSalt);
if(strpos($encrypted_password, '$2a$') === 0) { if(strpos($encryptedPassword, '$2a$') === 0) {
$encrypted_password = '$2y$' . substr($encrypted_password, strlen('$2a$')); $encryptedPassword = '$2y$' . substr($encryptedPassword, strlen('$2a$'));
return $encrypted_password; return $encryptedPassword;
} }
} }
return false; return false;
} }
function encrypt_a($password, $salt) { function encryptA($password, $salt) {
if($this->what_is_a() == 'a') { if($this->checkAEncryptionLevel() == 'a') {
$method_and_salt = '$2a$' . $salt; $methodAndSalt = '$2a$' . $salt;
$encrypted_password = crypt($password, $method_and_salt); $encryptedPassword = crypt($password, $methodAndSalt);
if(strpos($encrypted_password, '$2a$') === 0) { if(strpos($encryptedPassword, '$2a$') === 0) {
return $encrypted_password; return $encryptedPassword;
} }
} }
@ -230,16 +230,16 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
* version, depending on the version of PHP and the operating system, * version, depending on the version of PHP and the operating system,
* so we need to test it. * so we need to test it.
*/ */
function what_is_a() { function checkAEncryptionLevel() {
// Test hashes taken from http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/glibc/crypt_blowfish/wrapper.c?rev=1.9.2.1;content-type=text%2Fplain // Test hashes taken from http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/glibc/crypt_blowfish/wrapper.c?rev=1.9.2.1;content-type=text%2Fplain
$x_or_y = crypt("\xff\xa334\xff\xff\xff\xa3345", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi') == '$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi'; $xOrY = crypt("\xff\xa334\xff\xff\xff\xa3345", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi') == '$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi';
$y_or_a = crypt("\xa3", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq') == '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq'; $yOrA = crypt("\xa3", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq') == '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq';
if($x_or_y && $y_or_a) { if($xOrY && $yOrA) {
return 'y'; return 'y';
} elseif($x_or_y) { } elseif($xOrY) {
return 'x'; return 'x';
} elseif($y_or_a) { } elseif($yOrA) {
return 'a'; return 'a';
} }
@ -253,11 +253,11 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
function check($hash, $password, $salt = null, $member = null) { function check($hash, $password, $salt = null, $member = null) {
if(strpos($hash, '$2y$') === 0) { if(strpos($hash, '$2y$') === 0) {
return $hash === $this->encrypt_y($password, $salt); return $hash === $this->encryptY($password, $salt);
} elseif(strpos($hash, '$2a$') === 0) { } elseif(strpos($hash, '$2a$') === 0) {
return $hash === $this->encrypt_a($password, $salt); return $hash === $this->encryptA($password, $salt);
} elseif(strpos($hash, '$2x$') === 0) { } elseif(strpos($hash, '$2x$') === 0) {
return $hash === $this->encrypt_x($password, $salt); return $hash === $this->encryptX($password, $salt);
} }
return false; return false;

2
tests/security/PasswordEncryptorTest.php
View File

@ -67,7 +67,7 @@ class PasswordEncryptorTest extends SapphireTest {
$password = 'mypassword'; $password = 'mypassword';
$salt = '10$mysaltmustbetwen2chars'; $salt = '10$mysaltmustbetwen2chars';
$this->assertTrue($e->what_is_a() == 'y' || $e->what_is_a() == 'x' || $e->what_is_a() == 'a'); $this->assertTrue($e->checkAEncryptionLevel() == 'y' || $e->checkAEncryptionLevel() == 'x' || $e->checkAEncryptionLevel() == 'a');
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt)); $this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", '10$anothersaltetwen2chars')); $this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", '10$anothersaltetwen2chars'));