fix vulnerability in encrypter mac address.

taylorotwell · taylorotwell · commit 65d9a061d920 · 2013-06-02T13:14:31.000-05:00
diff --git a/src/Illuminate/Encryption/Encrypter.php b/src/Illuminate/Encryption/Encrypter.php
@@ -58,9 +58,7 @@ public function encrypt($value)
 		// Once we have the encrypted value we will go ahead base64_encode the input
 		// vector and create the MAC for the encrypted value so we can verify its
 		// authenticity. Then, we'll JSON encode the data in a "payload" array.
-		$iv = base64_encode($iv);
-
-		$mac = $this->hash($value);
+		$mac = $this->hash($iv = base64_encode($iv), $value);
 
 		return base64_encode(json_encode(compact('iv', 'value', 'mac')));
 	}
@@ -126,12 +124,12 @@ protected function getJsonPayload($payload)
 		// to decrypt the given value. We'll also check the MAC for this encryption.
 		if ( ! $payload or $this->invalidPayload($payload))
 		{
-			throw new DecryptException("Invalid data passed to encrypter.");
+			throw new DecryptException("Invalid data.");
 		}
 
-		if ($payload['mac'] != $this->hash($payload['value']))
+		if ($payload['mac'] !== $this->hash($payload['iv'], $payload['value']))
 		{
-			throw new DecryptException("MAC for payload is invalid.");
+			throw new DecryptException("MAC is invalid.");
 		}
 
 		return $payload;
@@ -140,12 +138,13 @@ protected function getJsonPayload($payload)
 	/**
 	 * Create a MAC for the given value.
 	 *
+	 * @param  stirng  $iv
 	 * @param  string  $value
 	 * @return string  
 	 */
-	protected function hash($value)
+	protected function hash($iv, $value)
 	{
-		return hash_hmac('sha256', $value, $this->key);
+		return hash_hmac('sha256', $iv.$value, $this->key);
 	}
 
 	/**

Original file line number	Diff line number	Diff line change
`@@ -58,9 +58,7 @@ public function encrypt($value)`
`58`	`58`	`// Once we have the encrypted value we will go ahead base64_encode the input`
`59`	`59`	`// vector and create the MAC for the encrypted value so we can verify its`
`60`	`60`	`// authenticity. Then, we'll JSON encode the data in a "payload" array.`
`61`		`- $iv = base64_encode($iv);`
`62`		`-`
`63`		`- $mac = $this->hash($value);`
	`61`	`+ $mac = $this->hash($iv = base64_encode($iv), $value);`
`64`	`62`
`65`	`63`	`return base64_encode(json_encode(compact('iv', 'value', 'mac')));`
`66`	`64`	`}`
`@@ -126,12 +124,12 @@ protected function getJsonPayload($payload)`
`126`	`124`	`// to decrypt the given value. We'll also check the MAC for this encryption.`
`127`	`125`	`if ( ! $payload or $this->invalidPayload($payload))`
`128`	`126`	`{`
`129`		`- throw new DecryptException("Invalid data passed to encrypter.");`
	`127`	`+ throw new DecryptException("Invalid data.");`
`130`	`128`	`}`
`131`	`129`
`132`		`- if ($payload['mac'] != $this->hash($payload['value']))`
	`130`	`+ if ($payload['mac'] !== $this->hash($payload['iv'], $payload['value']))`
`133`	`131`	`{`
`134`		`- throw new DecryptException("MAC for payload is invalid.");`
	`132`	`+ throw new DecryptException("MAC is invalid.");`
`135`	`133`	`}`
`136`	`134`
`137`	`135`	`return $payload;`
`@@ -140,12 +138,13 @@ protected function getJsonPayload($payload)`
`140`	`138`	`/**`
`141`	`139`	`* Create a MAC for the given value.`
`142`	`140`	`*`
	`141`	`+ * @param stirng $iv`
`143`	`142`	`* @param string $value`
`144`	`143`	`* @return string`
`145`	`144`	`*/`
`146`		`- protected function hash($value)`
	`145`	`+ protected function hash($iv, $value)`
`147`	`146`	`{`
`148`		`- return hash_hmac('sha256', $value, $this->key);`
	`147`	`+ return hash_hmac('sha256', $iv.$value, $this->key);`
`149`	`148`	`}`
`150`	`149`
`151`	`150`	`/**`