Commit ab5ce2a7 by Taylor Otwell

added pkcs7 compliant padding to encryption class instead of default 0 padding.

parent 49d96669
......@@ -17,6 +17,13 @@ class Crypter {
public static $mode = MCRYPT_MODE_CBC;
/**
* The block size of the cipher.
*
* @var int
*/
public static $block = 32;
/**
* Encrypt a string using Mcrypt.
*
* The string will be encrypted using the AES-256 scheme and will be base64 encoded.
......@@ -28,6 +35,8 @@ class Crypter {
{
$iv = mcrypt_create_iv(static::iv_size(), static::randomizer());
$value = static::pad($value);
$value = mcrypt_encrypt(static::$cipher, static::key(), $value, static::$mode, $iv);
return base64_encode($iv.$value);
......@@ -55,7 +64,9 @@ class Crypter {
// so we will trim all of the padding characters.
$key = static::key();
return rtrim(mcrypt_decrypt(static::$cipher, $key, $value, static::$mode, $iv), "\0");
$value = mcrypt_decrypt(static::$cipher, $key, $value, static::$mode, $iv);
return static::unpad($value);
}
/**
......@@ -98,6 +109,32 @@ class Crypter {
}
/**
* Add PKCS7 compatible padding on the given value.
*
* @param string $value
* @return string
*/
protected static function pad($value)
{
$pad = static::$block - (Str::length($value) % static::$block);
return $value .= str_repeat(chr($pad), $pad);
}
/**
* Remove the PKCS7 compatible padding from the given value.
*
* @param string $value
* @return string
*/
protected static function unpad($value)
{
$pad = ord($value[($length = Str::length($value)) - 1]);
return substr($value, 0, $length - $pad);
}
/**
* Get the encryption key from the application configuration.
*
* @return string
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment