jdforsythe · April 14, 2016 17:37
diff --git a/test_laravel_crypt_lengths.php b/test_laravel_crypt_lengths.php
 <?php

 function random_bytes($bytes) {
  $secure = true;
  $buf = openssl_random_pseudo_bytes($bytes, $secure);
  if ($buf !== false && $secure && strlen($buf) === $bytes) {
    return $buf;
  }
 }

 function get_hash($iv, $value, $key) {
 	return hash_hmac('sha256', $iv.$value, $key);
 }

 function get_random_input($len) {
 	return substr(md5(rand()), 0, $len);
 }

 function do_laravel_encrypt($value, $key, $cipher) {
 	$iv = random_bytes(16);
 	$value = openssl_encrypt(serialize($value), $cipher, $key, 0, $iv);
 	$mac = get_hash($iv = base64_encode($iv), $value, $key);
 	$json = json_encode(compact('iv', 'value', 'mac'));
 	return base64_encode($json);
 }

 function go() {
 	$iv = random_bytes(16);
 	$cipher = 'AES-256-CBC';
 	$num_passes = 1000000;
 	$min_input_len = 1;
 	$max_input_len = 32;

 	echo "Testing Laravel Crypt::encrypt() result length\n" .
 		   "Number of passes: $num_passes\n" .
 		   "Minimum input length: $min_input_len\n" .
 		   "Maximum input length: $max_input_len\n\n";

 	for ($i = $min_input_len; $i < ($max_input_len + 1); $i++) {
 		$minlen = -1;
 		$maxlen = 0;

 		for ($j = 0; $j < $num_passes; $j++) {
 			$input = get_random_input($i);
 			$key = md5(rand());
 			$value = do_laravel_encrypt($input, $key, $cipher);

 			$len = strlen($value);
 			if ($len < $minlen || $minlen === -1) $minlen = $len;
 			if ($len > $maxlen) $maxlen = $len;
 		}

 		echo "Input length: $i - Output length $minlen - $maxlen\n";
 	}
 }

 go();
	<?php

	function random_bytes($bytes) {
	$secure = true;
	$buf = openssl_random_pseudo_bytes($bytes, $secure);
	if ($buf !== false && $secure && strlen($buf) === $bytes) {
	return $buf;
	}
	}

	function get_hash($iv, $value, $key) {
	return hash_hmac('sha256', $iv.$value, $key);
	}

	function get_random_input($len) {
	return substr(md5(rand()), 0, $len);
	}

	function do_laravel_encrypt($value, $key, $cipher) {
	$iv = random_bytes(16);
	$value = openssl_encrypt(serialize($value), $cipher, $key, 0, $iv);
	$mac = get_hash($iv = base64_encode($iv), $value, $key);
	$json = json_encode(compact('iv', 'value', 'mac'));
	return base64_encode($json);
	}

	function go() {
	$iv = random_bytes(16);
	$cipher = 'AES-256-CBC';
	$num_passes = 1000000;
	$min_input_len = 1;
	$max_input_len = 32;

	echo "Testing Laravel Crypt::encrypt() result length\n" .
	"Number of passes: $num_passes\n" .
	"Minimum input length: $min_input_len\n" .
	"Maximum input length: $max_input_len\n\n";

	for ($i = $min_input_len; $i < ($max_input_len + 1); $i++) {
	$minlen = -1;
	$maxlen = 0;

	for ($j = 0; $j < $num_passes; $j++) {
	$input = get_random_input($i);
	$key = md5(rand());
	$value = do_laravel_encrypt($input, $key, $cipher);

	$len = strlen($value);
	if ($len < $minlen \|\| $minlen === -1) $minlen = $len;
	if ($len > $maxlen) $maxlen = $len;
	}

	echo "Input length: $i - Output length $minlen - $maxlen\n";
	}
	}

	go();