Merge pull request #3 from mmeyer2k/2.0.0

2.0.0
mmeyer2k · Feb 22, 2016 · 3ae3f3a · 3ae3f3a
2 parents 9455de6 + b0180bb
commit 3ae3f3a
Show file tree

Hide file tree

Showing 7 changed files with 24 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -25,12 +25,12 @@ A petite library of essential encryption functions for PHP (5.3 - 7.0).
 Add the following to the require section of your `composer.json` file, then run `composer install`.
 ```json
 "require": {
-  "mmeyer2k/dcrypt": "~1.0"
+  "mmeyer2k/dcrypt": "~2.0"
 }
 ```
 Or using the command line...
 ```bash
-composer require "mmeyer2k/dcrypt=~1.0"
+composer require "mmeyer2k/dcrypt=~2.0"
 ```
 In environments where composer is not available, Dcrypt can be used by including `load.php`.
 ```php

diff --git a/src/Cryptobase.php b/src/Cryptobase.php
@@ -74,19 +74,7 @@ private static function hashNormalize($hash, $size, $algo)
     }
 
     /**
-     * Determine the length of the output of a given hash algorithm in bytes.
-     * 
-     * @param string $algo Name of algorithm to look up
-     * 
-     * @return int
-     */
-    protected static function hashSize($algo)
-    {
-        return Str::strlen(\hash($algo, 'hash me', true));
-    }
-
-    /**
-     * Transform password into key and perform iterative HMAC
+     * Transform password into key and perform iterative HMAC (if specified)
      * 
      * @param string $password Encryption key
      * @param string $iv       Initialization vector
@@ -108,7 +96,7 @@ protected static function key($password, $iv, $cost, $cipher = 'rijndael-128', $
         }
 
         // Perform key derivation
-        $key = Hash::ihmac($password . $iv, $password, $cost, $algo);
+        $key = Hash::ihmac($iv . $cipher . $mode, $password, $cost, $algo);
 
         // Return hash normalized to key length
         return self::hashNormalize($key, $keysize, $algo);

diff --git a/src/Mcrypt.php b/src/Mcrypt.php
@@ -55,10 +55,10 @@ public static function decrypt($cyphertext, $password, $cost = 0, $cipher = MCRY
         $iv = Str::substr($cyphertext, 0, $ivsize);
 
         // Gather the checksum portion of the cypher text
-        $chksum = Str::substr($cyphertext, $ivsize, self::hashSize($algo));
+        $chksum = Str::substr($cyphertext, $ivsize, Str::hashSize($algo));
 
         // Gather message portion of cyphertext after iv and checksum
-        $message = Str::substr($cyphertext, $ivsize + self::hashSize($algo));
+        $message = Str::substr($cyphertext, $ivsize + Str::hashSize($algo));
 
         // Derive key from password
         $key = self::key($password, $iv, $cost, $cipher, $mode, $algo);

diff --git a/src/Otp.php b/src/Otp.php
@@ -35,7 +35,7 @@
  * @link     http://en.wikipedia.org/wiki/Stream_cipher
  * @link     https://apigen.ci/github/mmeyer2k/dcrypt/namespace-Dcrypt.html
  */
-class Otp extends Cryptobase
+class Otp
 {
 
     /**
@@ -49,7 +49,7 @@ class Otp extends Cryptobase
      */
     public static function crypt($input, $password, $algo = 'sha512')
     {
-        $chunks = \str_split($input, self::hashSize($algo));
+        $chunks = \str_split($input, Str::hashSize($algo));
 
         foreach ($chunks as $i => &$chunk) {
             $chunk = $chunk ^ \hash($algo, $password . $i, true);

diff --git a/src/Str.php b/src/Str.php
@@ -70,7 +70,7 @@ public static function equal($known, $given)
         // vulnerable to timing attacks when the inputs have different sizes.
         // Inputs are also cast to string like in symfony stringutils.
         $nonce = Random::bytes(32);
-        
+
         $known = \hash_hmac('sha256', (string) $known, $nonce, true);
         $given = \hash_hmac('sha256', (string) $given, $nonce, true);
 
@@ -81,6 +81,18 @@ public static function equal($known, $given)
         return self::strcmp($known, $given);
     }
 
+    /**
+     * Determine the length of the output of a given hash algorithm in bytes.
+     * 
+     * @param string $algo Name of algorithm to look up
+     * 
+     * @return int
+     */
+    public static function hashSize($algo)
+    {
+        return Str::strlen(\hash($algo, 'hash me', true));
+    }
+
     /**
      * Returns the number of bytes in a string.
      *

diff --git a/tests/AesCtrTest.php b/tests/AesCtrTest.php
@@ -33,7 +33,7 @@ public function testVector()
     {
         $input = 'hello world';
         $pass = 'password';
-        $vector = \base64_decode('iePz0x+szMMCuo6/+CaFlodKYYjq/jNfv2Ke1PGTQ6tHoXYDPNVJ9ePTAchIrhL1RJAcPi38YwX6v1x06XD+bw==');
+        $vector = \base64_decode('p5M6EWICQt+zR8SnBBDJ1kXMHSXynlRMM39O3ZcqhDS0ZCHL8AkZZ7K4tG/DgGw+4xK/KUFu3HTvHScFzi6LUQ==');
         $this->assertEquals($input, AesCtr::decrypt($vector, $pass));
     }
 

diff --git a/tests/AesTest.php b/tests/AesTest.php
@@ -51,9 +51,9 @@ public function testVector()
     {
         $input = 'hello world';
         $pass = 'password';
-        $vector = \base64_decode('BwjqDdmriMTni8Cqs1N8kbtV7fdC1e9VSWGLa75NoTVdKvGfZ0q2fjPFDllKikOtiUyzNRN4k42XnqI/2U+5LA==');
+        $vector = \base64_decode('eZu2DqB2gYhdA2YkjagLNJJVMVo1BbpJ75tW/PO2bGIY98XHD+Gp+YlO5cv/rHzo45LHMCxL2qOircdST1w5hg==');
 
-        $this->assertEquals($input, Aes::decrypt($vector, $pass, 10));
+        $this->assertEquals($input, Aes::decrypt($vector, $pass));
     }
 
 }