jdforsythe/test_laravel_crypt_lengths.php

## test_laravel_crypt_lengths.php
<?php

function random_bytes($bytes) {
  $secure = true;
  $buf = openssl_random_pseudo_bytes($bytes, $secure);
  if ($buf !== false && $secure && strlen($buf) === $bytes) {
    return $buf;
  }
}

function get_hash($iv, $value, $key) {
	return hash_hmac('sha256', $iv.$value, $key);
}

function get_random_input($len) {
	return substr(md5(rand()), 0, $len);
}

function do_laravel_encrypt($value, $key, $cipher) {
	$iv = random_bytes(16);
	$value = openssl_encrypt(serialize($value), $cipher, $key, 0, $iv);
	$mac = get_hash($iv = base64_encode($iv), $value, $key);
	$json = json_encode(compact('iv', 'value', 'mac'));
	return base64_encode($json);
}

function go() {
	$iv = random_bytes(16);
	$cipher = 'AES-256-CBC';
	$num_passes = 1000000;
	$min_input_len = 1;
	$max_input_len = 32;

	echo "Testing Laravel Crypt::encrypt() result length\n" .
		   "Number of passes: $num_passes\n" .
		   "Minimum input length: $min_input_len\n" .
		   "Maximum input length: $max_input_len\n\n";

	for ($i = $min_input_len; $i < ($max_input_len + 1); $i++) {
		$minlen = -1;
		$maxlen = 0;

		for ($j = 0; $j < $num_passes; $j++) {
			$input = get_random_input($i);
			$key = md5(rand());
			$value = do_laravel_encrypt($input, $key, $cipher);

			$len = strlen($value);
			if ($len < $minlen || $minlen === -1) $minlen = $len;
			if ($len > $maxlen) $maxlen = $len;
		}

		echo "Input length: $i - Output length $minlen - $maxlen\n";
	}
}

go();
	<?php

	function random_bytes($bytes) {
	$secure = true;
	$buf = openssl_random_pseudo_bytes($bytes, $secure);
	if ($buf !== false && $secure && strlen($buf) === $bytes) {
	return $buf;
	}
	}

	function get_hash($iv, $value, $key) {
	return hash_hmac('sha256', $iv.$value, $key);
	}

	function get_random_input($len) {
	return substr(md5(rand()), 0, $len);
	}

	function do_laravel_encrypt($value, $key, $cipher) {
	$iv = random_bytes(16);
	$value = openssl_encrypt(serialize($value), $cipher, $key, 0, $iv);
	$mac = get_hash($iv = base64_encode($iv), $value, $key);
	$json = json_encode(compact('iv', 'value', 'mac'));
	return base64_encode($json);
	}

	function go() {
	$iv = random_bytes(16);
	$cipher = 'AES-256-CBC';
	$num_passes = 1000000;
	$min_input_len = 1;
	$max_input_len = 32;

	echo "Testing Laravel Crypt::encrypt() result length\n" .
	"Number of passes: $num_passes\n" .
	"Minimum input length: $min_input_len\n" .
	"Maximum input length: $max_input_len\n\n";

	for ($i = $min_input_len; $i < ($max_input_len + 1); $i++) {
	$minlen = -1;
	$maxlen = 0;

	for ($j = 0; $j < $num_passes; $j++) {
	$input = get_random_input($i);
	$key = md5(rand());
	$value = do_laravel_encrypt($input, $key, $cipher);

	$len = strlen($value);
	if ($len < $minlen \|\| $minlen === -1) $minlen = $len;
	if ($len > $maxlen) $maxlen = $len;
	}

	echo "Input length: $i - Output length $minlen - $maxlen\n";
	}
	}

	go();