From 4512833fac17511a4b78dfa30cfe2f1ce82da878 Mon Sep 17 00:00:00 2001 From: tom-- Date: Tue, 24 Feb 2015 13:41:18 +0300 Subject: [PATCH] Fixes #7215: Uses OpenSSL crypto lib instead of Mcrypt. Added testing of encrypted data compatibility, both backward and forward --- apps/advanced/init | 6 +- extensions/composer/Installer.php | 6 +- framework/CHANGELOG.md | 3 +- framework/base/Security.php | 274 ++++---- framework/composer.json | 1 - framework/requirements/requirements.php | 4 +- tests/unit/framework/base/SecurityTest.php | 712 ++++++++++++++++++++- 7 files changed, 867 insertions(+), 139 deletions(-) diff --git a/apps/advanced/init b/apps/advanced/init index e6278dbae4..1eb37fb02c 100755 --- a/apps/advanced/init +++ b/apps/advanced/init @@ -14,8 +14,8 @@ * @license http://www.yiiframework.com/license/ */ -if (!extension_loaded('mcrypt')) { - die('The mcrypt PHP extension is required by Yii2.'); +if (!extension_loaded('openssl')) { + die('The OpenSSL PHP extension is required by Yii2.'); } $params = getParams(); @@ -187,7 +187,7 @@ function setCookieValidationKey($root, $paths) echo " generate cookie validation key in $file\n"; $file = $root . '/' . $file; $length = 32; - $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); + $bytes = openssl_random_pseudo_bytes($length); $key = strtr(substr(base64_encode($bytes), 0, $length), '+/=', '_-.'); $content = preg_replace('/(("|\')cookieValidationKey("|\')\s*=>\s*)(""|\'\')/', "\\1'$key'", file_get_contents($file)); file_put_contents($file, $content); diff --git a/extensions/composer/Installer.php b/extensions/composer/Installer.php index fa924ba92f..63466667d7 100644 --- a/extensions/composer/Installer.php +++ b/extensions/composer/Installer.php @@ -269,11 +269,11 @@ EOF protected static function generateRandomString() { - if (!extension_loaded('mcrypt')) { - throw new \Exception('The mcrypt PHP extension is required by Yii2.'); + if (!extension_loaded('openssl')) { + throw new \Exception('The OpenSSL PHP extension is required by Yii2.'); } $length = 32; - $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); + $bytes = openssl_random_pseudo_bytes($length); return strtr(substr(base64_encode($bytes), 0, $length), '+/=', '_-.'); } } diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index ea19d430a1..3396acb361 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -37,11 +37,12 @@ Yii Framework 2 Change Log - Enh #7350: Added `yii\helpers\Html::$dataAttributes` to support customizing data attributes (Faryshta, qiangxue) - Enh #7357: Refactored `yii\db\ColumnSchema` by adding `typecast()` method to decouple `phpTypecast()` from `dbTypecast()` (mcd-php, qiangxue) - Enh #7361: The `trim` validator now works on the client side too (qiangxue) -- Enh: Added support to `yii\di\Container` to instantiate and configure an object that implements `yii\base\Configurable` (qiangxue) +- Enh: Added support to `yii\di\Container` to instantiate and configure an object that implements `yii\base\Configurable` (qiangxue) - Chg #5690: adjusted paths in message config generated by `yii message/config` to reflect directory structure better (mikehaertl, samdark) - Chg #6661: Hyperlinks that are enclosed within an exist form will use the same form for submission if they specify both of the `href` and `data-method` attributes (qiangxue) - Chg #7094: Console confirmation must be answered correctly. To return `true`: `y` or `yes`. To return `false`: `n` or `no`. Any other input the question will be asked again (thiagotalma) - Chg #7130: Changed the signature of `ActiveRecord::findByCondition()` to simplify the implementation and usage (Faryshta) +- Chg #7215: Uses OpenSSL crypto lib instead of Mcrypt. Added testing of encrypted data compatibility, both backward and forward (tom--) 2.0.2 January 11, 2015 ---------------------- diff --git a/framework/base/Security.php b/framework/base/Security.php index 55bfe2c995..bff66be62d 100644 --- a/framework/base/Security.php +++ b/framework/base/Security.php @@ -20,7 +20,8 @@ use Yii; * - Data tampering prevention: [[hashData()]] and [[validateData()]] * - Password validation: [[generatePasswordHash()]] and [[validatePassword()]] * - * > Note: this class requires 'mcrypt' PHP extension. For the highest security level PHP version >= 5.5.0 is recommended. + * > Note: this class requires 'OpenSSL' PHP extension for random key/string generation on Windows and + * for encryption/decryption on all platforms. For the highest security level PHP version >= 5.5.0 is recommended. * * @author Qiang Xue * @author Tom Worster @@ -30,35 +31,41 @@ use Yii; class Security extends Component { /** - * Cipher algorithm for mcrypt module. - * AES has 128-bit block size and three key sizes: 128, 192 and 256 bits. - * mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256 - * bits but only the 128-bit Rijndael is standardized in AES. - * So to use AES in mycrypt, specify `'rijndael-128'` cipher and mcrypt - * chooses the appropriate AES based on the length of the supplied key. + * @var string The cipher to use for encryption and decryption. */ - const MCRYPT_CIPHER = 'rijndael-128'; + public $cipher = 'AES-128-CBC'; /** - * Block cipher operation mode for mcrypt module. + * @var array[] Look-up table of block sizes and key sizes for each supported OpenSSL cipher. + * + * In each element, the key is one of the ciphers supported by OpenSSL (@see openssl_get_cipher_methods()). + * The value is an array of two integers, the first is the cipher's block size in bytes and the second is + * the key size in bytes. + * + * > Warning: All OpenSSL ciphers that we recommend are in the default value, i.e. AES in CBC mode. + * + * > Note: Yii's encryption protocol uses the same size for cipher key, HMAC signature key and key + * derivation salt. */ - const MCRYPT_MODE = 'cbc'; + public $allowedCiphers = [ + 'AES-128-CBC' => [16, 16], + 'AES-192-CBC' => [16, 24], + 'AES-256-CBC' => [16, 32], + ]; /** - * Size in bytes of encryption key, message authentication key and KDF salt. + * @var string Hash algorithm for key derivation. Recommend sha256, sha384 or sha512. + * @see hash_algos() */ - const KEY_SIZE = 16; + public $kdfHash = 'sha256'; /** - * Hash algorithm for key derivation. + * @var string Hash algorithm for message authentication. Recommend sha256, sha384 or sha512. + * @see hash_algos() */ - const KDF_HASH = 'sha256'; + public $macHash = 'sha256'; /** - * Hash algorithm for message authentication. + * @var string HKDF info value for derivation of message authentication key. + * @see hkdf() */ - const MAC_HASH = 'sha256'; - /** - * HKDF info value for derivation of message authentication key. - */ - const AUTH_KEY_INFO = 'AuthorizationKey'; - + public $authKeyInfo = 'AuthorizationKey'; /** * @var integer derivation iterations count. * Set as high as possible to hinder dictionary password attacks. @@ -73,8 +80,6 @@ class Security extends Component */ public $passwordHashStrategy = 'crypt'; - private $_cryptModule; - /** * Encrypts data using a password. @@ -141,143 +146,103 @@ class Security extends Component return $this->decrypt($data, false, $inputKey, $info); } - /** - * Initializes the mcrypt module. - * @return resource the mcrypt module handle. - * @throws InvalidConfigException if mcrypt extension is not installed - * @throws Exception if mcrypt initialization fails - */ - protected function getCryptModule() - { - if ($this->_cryptModule === null) { - if (!extension_loaded('mcrypt')) { - throw new InvalidConfigException('The mcrypt PHP extension is not installed.'); - } - - $this->_cryptModule = @mcrypt_module_open(self::MCRYPT_CIPHER, '', self::MCRYPT_MODE, ''); - if ($this->_cryptModule === false) { - $this->_cryptModule = null; - throw new Exception('Failed to initialize the mcrypt module.'); - } - } - - return $this->_cryptModule; - } - - public function __destruct() - { - if ($this->_cryptModule !== null) { - mcrypt_module_close($this->_cryptModule); - $this->_cryptModule = null; - } - } - - /** * Encrypts data. + * * @param string $data data to be encrypted * @param boolean $passwordBased set true to use password-based key derivation * @param string $secret the encryption password or key * @param string $info context/application specific information, e.g. a user ID * See [RFC 5869 Section 3.2](https://tools.ietf.org/html/rfc5869#section-3.2) for more details. + * * @return string the encrypted data - * @throws Exception if PHP Mcrypt extension is not loaded or failed to be initialized + * @throws InvalidConfigException on OpenSSL not loaded + * @throws Exception on OpenSSL error * @see decrypt() */ protected function encrypt($data, $passwordBased, $secret, $info) { - $module = $this->getCryptModule(); - - $keySalt = $this->generateRandomKey(self::KEY_SIZE); - if ($passwordBased) { - $key = $this->pbkdf2(self::KDF_HASH, $secret, $keySalt, $this->derivationIterations, self::KEY_SIZE); - } else { - $key = $this->hkdf(self::KDF_HASH, $secret, $keySalt, $info, self::KEY_SIZE); + if (!extension_loaded('openssl')) { + throw new InvalidConfigException('Encryption requires the OpenSSL PHP extension'); + } + if (!isset($this->allowedCiphers[$this->cipher][0], $this->allowedCiphers[$this->cipher][1])) { + throw new InvalidConfigException($this->cipher . ' is not an allowed cipher'); } - $data = $this->addPadding($data); - $ivSize = mcrypt_enc_get_iv_size($module); - $iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM); - mcrypt_generic_init($module, $key, $iv); - $encrypted = mcrypt_generic($module, $data); - mcrypt_generic_deinit($module); + list($blockSize, $keySize) = $this->allowedCiphers[$this->cipher]; - $authKey = $this->hkdf(self::KDF_HASH, $key, null, self::AUTH_KEY_INFO, self::KEY_SIZE); + $keySalt = $this->generateRandomKey($keySize); + if ($passwordBased) { + $key = $this->pbkdf2($this->kdfHash, $secret, $keySalt, $this->derivationIterations, $keySize); + } else { + $key = $this->hkdf($this->kdfHash, $secret, $keySalt, $info, $keySize); + } + + $iv = $this->generateRandomKey($blockSize); + + $encrypted = openssl_encrypt($data, $this->cipher, $key, OPENSSL_RAW_DATA, $iv); + if ($encrypted === false) { + throw new \yii\base\Exception('OpenSSL failure on encryption: ' . openssl_error_string()); + } + + $authKey = $this->hkdf($this->kdfHash, $key, null, $this->authKeyInfo, $keySize); $hashed = $this->hashData($iv . $encrypted, $authKey); /* * Output: [keySalt][MAC][IV][ciphertext] * - keySalt is KEY_SIZE bytes long * - MAC: message authentication code, length same as the output of MAC_HASH - * - IV: initialization vector, length set by CRYPT_CIPHER and CRYPT_MODE, mcrypt_enc_get_iv_size() + * - IV: initialization vector, length $blockSize */ return $keySalt . $hashed; } /** * Decrypts data. + * * @param string $data encrypted data to be decrypted. * @param boolean $passwordBased set true to use password-based key derivation * @param string $secret the decryption password or key * @param string $info context/application specific information, @see encrypt() + * * @return bool|string the decrypted data or false on authentication failure + * @throws InvalidConfigException on OpenSSL not loaded + * @throws Exception on OpenSSL error * @see encrypt() */ protected function decrypt($data, $passwordBased, $secret, $info) { - $keySalt = StringHelper::byteSubstr($data, 0, self::KEY_SIZE); - if ($passwordBased) { - $key = $this->pbkdf2(self::KDF_HASH, $secret, $keySalt, $this->derivationIterations, self::KEY_SIZE); - } else { - $key = $this->hkdf(self::KDF_HASH, $secret, $keySalt, $info, self::KEY_SIZE); + if (!extension_loaded('openssl')) { + throw new InvalidConfigException('Encryption requires the OpenSSL PHP extension'); + } + if (!isset($this->allowedCiphers[$this->cipher][0], $this->allowedCiphers[$this->cipher][1])) { + throw new InvalidConfigException($this->cipher . ' is not an allowed cipher'); } - $authKey = $this->hkdf(self::KDF_HASH, $key, null, self::AUTH_KEY_INFO, self::KEY_SIZE); - $data = $this->validateData(StringHelper::byteSubstr($data, self::KEY_SIZE, null), $authKey); + list($blockSize, $keySize) = $this->allowedCiphers[$this->cipher]; + + $keySalt = StringHelper::byteSubstr($data, 0, $keySize); + if ($passwordBased) { + $key = $this->pbkdf2($this->kdfHash, $secret, $keySalt, $this->derivationIterations, $keySize); + } else { + $key = $this->hkdf($this->kdfHash, $secret, $keySalt, $info, $keySize); + } + + $authKey = $this->hkdf($this->kdfHash, $key, null, $this->authKeyInfo, $keySize); + $data = $this->validateData(StringHelper::byteSubstr($data, $keySize, null), $authKey); if ($data === false) { return false; } - $module = $this->getCryptModule(); - $ivSize = mcrypt_enc_get_iv_size($module); - $iv = StringHelper::byteSubstr($data, 0, $ivSize); - $encrypted = StringHelper::byteSubstr($data, $ivSize, null); - mcrypt_generic_init($module, $key, $iv); - $decrypted = mdecrypt_generic($module, $encrypted); - mcrypt_generic_deinit($module); + $iv = StringHelper::byteSubstr($data, 0, $blockSize); + $encrypted = StringHelper::byteSubstr($data, $blockSize, null); - return $this->stripPadding($decrypted); - } - - /** - * Adds a padding to the given data (PKCS #7). - * @param string $data the data to pad - * @return string the padded data - */ - protected function addPadding($data) - { - $module = $this->getCryptModule(); - $blockSize = mcrypt_enc_get_block_size($module); - $pad = $blockSize - (StringHelper::byteLength($data) % $blockSize); - - return $data . str_repeat(chr($pad), $pad); - } - - /** - * Strips the padding from the given data. - * @param string $data the data to trim - * @return string the trimmed data - */ - protected function stripPadding($data) - { - $end = StringHelper::byteSubstr($data, -1, null); - $last = ord($end); - $n = StringHelper::byteLength($data) - $last; - if (StringHelper::byteSubstr($data, $n, null) === str_repeat($end, $last)) { - return StringHelper::byteSubstr($data, 0, $n); + $decrypted = openssl_decrypt($encrypted, $this->cipher, $key, OPENSSL_RAW_DATA, $iv); + if ($decrypted === false) { + throw new \yii\base\Exception('OpenSSL failure on decryption: ' . openssl_error_string()); } - return false; + return $decrypted; } /** @@ -407,9 +372,9 @@ class Security extends Component */ public function hashData($data, $key, $rawHash = false) { - $hash = hash_hmac(self::MAC_HASH, $data, $key, $rawHash); + $hash = hash_hmac($this->macHash, $data, $key, $rawHash); if (!$hash) { - throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . self::MAC_HASH); + throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . $this->macHash); } return $hash . $data; } @@ -431,16 +396,16 @@ class Security extends Component */ public function validateData($data, $key, $rawHash = false) { - $test = @hash_hmac(self::MAC_HASH, '', '', $rawHash); + $test = @hash_hmac($this->macHash, '', '', $rawHash); if (!$test) { - throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . self::MAC_HASH); + throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . $this->macHash); } $hashLength = StringHelper::byteLength($test); if (StringHelper::byteLength($data) >= $hashLength) { $hash = StringHelper::byteSubstr($data, 0, $hashLength); $pureData = StringHelper::byteSubstr($data, $hashLength, null); - $calculatedHash = hash_hmac(self::MAC_HASH, $pureData, $key, $rawHash); + $calculatedHash = hash_hmac($this->macHash, $pureData, $key, $rawHash); if ($this->compareString($hash, $calculatedHash)) { return $pureData; @@ -456,19 +421,72 @@ class Security extends Component * * @param integer $length the number of bytes to generate * @return string the generated random bytes - * @throws InvalidConfigException if mcrypt extension is not installed. + * @throws InvalidConfigException if OpenSSL extension is required (e.g. on Windows) but not installed. * @throws Exception on failure. */ public function generateRandomKey($length = 32) { - if (!extension_loaded('mcrypt')) { - throw new InvalidConfigException('The mcrypt PHP extension is not installed.'); + /* + * Strategy + * + * The most common platform is Linux, on which /dev/urandom is the best choice. Many other OSs + * implement a device called /dev/urandom for Linux compat and it is good too. So if there is + * a /dev/urandom then it is our first choice regardless of OS. + * + * Nearly all other modern Unix-like systems (the BSDs, Unixes and OS X) have a /dev/random + * that is a good choice. If we didn't get bytes from /dev/urandom then we try this next but + * only if the system is not Linux. Do not try to read /dev/random on Linux. + * + * Finally, OpenSSL can supply CSPR bytes. It is our last resort. On Windows this reads from + * CryptGenRandom, which is the right thing to do. On other systems that don't have a Unix-like + * /dev/urandom, it will deliver bytes from its own CSPRNG that is seeded from kernel sources + * of randomness. Even though it is fast, we don't generally prefer OpenSSL over /dev/urandom + * because an RNG in user space memory is undesirable. + * + * For background, see http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ + */ + + $bytes = ''; + + // If we are on Linux or any OS that mimics the Linux /dev/urandom device, e.g. FreeBSD or OS X, + // then read from /dev/urandom. + if (file_exists('/dev/urandom')) { + $handle = fopen('/dev/urandom', 'r'); + if ($handle !== false) { + $bytes .= fread($handle, $length); + fclose($handle); + } } - $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); - if ($bytes === false) { + + if (mb_strlen($bytes, '8bit') >= $length) { + return mb_substr($bytes, 0, $length, '8bit'); + } + + // If we are not on Linux and there is a /dev/random device then we have a BSD or Unix device + // that won't block. It's not safe to read from /dev/random on Linux. + if (php_uname('s') !== 'Linux' && file_exists('/dev/random')) { + $handle = fopen('/dev/random', 'r'); + if ($handle !== false) { + $bytes .= fread($handle, $length); + fclose($handle); + } + } + + if (mb_strlen($bytes, '8bit') >= $length) { + return mb_substr($bytes, 0, $length, '8bit'); + } + + if (!extension_loaded('openssl')) { + throw new InvalidConfigException('The OpenSSL PHP extension is not installed.'); + } + + $bytes .= openssl_random_pseudo_bytes($length, $cryptoStrong); + + if (mb_strlen($bytes, '8bit') < $length || !$cryptoStrong) { throw new Exception('Unable to generate random bytes.'); } - return $bytes; + + return mb_substr($bytes, 0, $length, '8bit'); } /** @@ -477,7 +495,7 @@ class Security extends Component * * @param integer $length the length of the key in characters * @return string the generated random key - * @throws InvalidConfigException if mcrypt extension is not installed. + * @throws InvalidConfigException if OpenSSL extension is needed but not installed. * @throws Exception on failure. */ public function generateRandomString($length = 32) @@ -549,7 +567,7 @@ class Security extends Component * @param string $password The password to verify. * @param string $hash The hash to verify the password against. * @return boolean whether the password is correct. - * @throws InvalidParamException on bad password or hash parameters or if crypt() with Blowfish hash is not available. + * @throws InvalidParamException on bad password/hash parameters or if crypt() with Blowfish hash is not available. * @throws InvalidConfigException when an unsupported password hash strategy is configured. * @see generatePasswordHash() */ diff --git a/framework/composer.json b/framework/composer.json index 8d029a1ba9..4dd84bb331 100644 --- a/framework/composer.json +++ b/framework/composer.json @@ -54,7 +54,6 @@ "require": { "php": ">=5.4.0", "ext-mbstring": "*", - "ext-mcrypt": "*", "lib-pcre": "*", "yiisoft/yii2-composer": "*", "ezyang/htmlpurifier": "4.6.*", diff --git a/framework/requirements/requirements.php b/framework/requirements/requirements.php index 0be98bf743..4b37b1b8f0 100644 --- a/framework/requirements/requirements.php +++ b/framework/requirements/requirements.php @@ -39,9 +39,9 @@ return array( 'memo' => 'Required for multibyte encoding string processing.' ), array( - 'name' => 'Mcrypt extension', + 'name' => 'OpenSSL extension', 'mandatory' => false, - 'condition' => extension_loaded('mcrypt'), + 'condition' => extension_loaded('openssl'), 'by' => 'Security Component', 'memo' => 'Required by encrypt and decrypt methods.' ), diff --git a/tests/unit/framework/base/SecurityTest.php b/tests/unit/framework/base/SecurityTest.php index 2596277714..5af2830901 100644 --- a/tests/unit/framework/base/SecurityTest.php +++ b/tests/unit/framework/base/SecurityTest.php @@ -14,6 +14,8 @@ use yiiunit\TestCase; */ class SecurityTest extends TestCase { + const CRYPT_VECTORS = 'old'; + /** * @var ExposedSecurity */ @@ -116,6 +118,714 @@ class SecurityTest extends TestCase $this->assertTrue(false === $decryptedData); } + /** + * Generates test vectors like this: + * [key/password, plaintext, ciphertext] + * The output can then be used for testing compatibility of data encrypted in one + * version of Yii and decrypted in another + */ + public function notestGenerateVectors() + { + $bin1024 = + 'badec0c7d9ca734e161a1df6ca4daa8cdbf6b3bbb60ec404b47a23226ec266b1 + 3837ffc969e9c23e2bbba72facb491a6a3271193a35026a9ebc93698d689bf7b + 84fc384f544cc5d71c2945c8c48ae6348c753322fcaf75171b7d8f1e178e8545 + 3d5c79f03bae6d9705cabbe7004ec81e188812a66313297fcf5d4c61a48614d2 + 1b5379fae60736f88bc737257bc1cfbef7016108dd1f3a537aaa681544f5bb20 + c2d352212d6a2e460311ab7b93b611218b30c7402709bff89ecf814310c2db97 + 81f4142a54d6d41f82c33208c188a023c70befd697b496efb7c7b8569474a9d5 + 025a8ea8311c831b3de2b81800f28589b6aef537f6ada2e3d92a1ddd39cfd6b4 + 8113c8b36be890b099ca4e08655db0e9b5c211e706af052b776924233321412c + b1b540f08d88acd664c55854b05e31a15d4b0dc93b4514f62a88c3d4a451fe34 + 74d2fbaee742f232959b5f6c2b71a8b6ad95a0d5362f39309aca710f37a4dae2 + 228e27d35f4d3fc87ee6ece4538587fad7835f9803f5ca64dfd856ae767a3482 + c2f315c69f20ec7ae391fc6c2de85281d54c97f74981b4efec0f5e4606765c04 + 0f1f45386bed4fdb9f998b0e7027c7414bea667b1205027c55eed9273644463b + 1832bc5338e3a7e10bf24d8e69f167b94551b6240f65b416feebd28599334aa4 + d998a599053cd477f54fc0af62a8ef75eb91096b153751b201b8374c4956508c + 6c82ea2ceb0265e74c96032787fe01139b578c3a14fd4e32a85195375b25da60 + 4f21187ee01df6042971d7c2b9dd8b611527377f28f933559f6b2edfe7bd8896 + 00627830bcdffcb884989013585cc6da726c7cc57c69e8664a244d234465f2a5 + e736512a65e563a2a726915b50247aff165190c75d151139f2b31211a3acf94e + 236d27b441fe64e88a443778359d57ba0fed8edbb01cc60a116f9599da4e47bf + e96850ac12d1199a080f1b591c60eae613fba444f9fe31fd42ee333678532556 + 07fbfeef02cdbb2d0a8d2329adc7fba22aa4cd124c6e66e0b0aca796ba6aeb69 + f8e76a9d1aaabe351bc42fefa6054977859b51158ba7143980d76db5b2cc6aec + 9f83eac5edf79357632fb60cb4811e71892436e582375860faf8d8c518ee33ca + e08b18af7faa227d97196d7b041bcb366118751fbeaa92d80f86324ce8711cfd + 65005cad0ce30878f508eb1ea2735e212ef3e42a78467d4f31b483087c3c63a3 + 2fa62f2ae92e2acdfc3cf21b3419acc347ff51ccb17161e829cc4a24965fd930 + b983d63153b9c13dd85340d7184bf01734d4357c1aabfbdc9711193ffa974832 + 4f88cf801f35708db0901ffaa55415ca4334678633dda763b5fbfba7cfd51dc5 + 79149ec9284a4db2349dbc5264d5fca7a72034261716d90a996cb57ba09f7d07 + 29a2f10cc58eec98d86e9306a3fbf2e711046e86b5a86cc0eed7625be1a01ebf'; + $bin1024 = hex2bin(preg_replace('{\s+}', '', $bin1024)); + + $inputs = [ + '0', + '0123456789', + '0123456789abcde', + '0123456789abcdef', + '0123456789abcdef0', + mb_substr($bin1024, 7, 5, '8bit'), + base64_encode(mb_substr($bin1024, 269, 11, '8bit')), + mb_substr($bin1024, 383, 97, '8bit'), + $bin1024, + ]; + + foreach (['Key', 'Password'] as $method) { + $keygen = 'generateRandom' . ($method === 'Key' ? 'Key' : 'String'); + $encrypt = 'encryptBy' . $method; + $decrypt = 'decryptBy' . $method; + + foreach ($inputs as $data) { + $key = $this->security->$keygen(16); + $encrypted = $this->security->$encrypt($data, $key); + + $keyHex = $method === 'Key' ? bin2hex($key) : $key; + $dataHex = trim(chunk_split(bin2hex($data), 64, "\n\t")); + $encryptedHex = trim(chunk_split(bin2hex($encrypted), 64, "\n\t")); + + echo <<assertEquals($data, $this->security->$decrypt($encrypted2, $key2)); + $this->assertEquals($data2, $this->security->$decrypt($encrypted2, $key)); + } + } + } + + public function dataProviderEncryptByKeyCompat() + { + // these ciphertexts generated using Yii 2.0.2 which is based on mcrypt. + $mcrypt = [ + [ + 'b86b7529a525d148cc73798da528d8a0', + '30', + '4fb4765bea6beb208ba9395bf6d7497f37626463323730396362366338376536 + 3236656535613035373835323061343031613764393062353439623834353135 + 376435383635393065393636656663378807b00020ea10101bbfc2ef0dfee082 + fcbc1927daee7e6d061bc7a7c8d8e877', + ], + [ + '7e214bb6b27108918c007c0f9e1bdd8a', + '30313233343536373839', + '98981d39f0c985aca577e2eb9472059339623332343335646634613630616335 + 6133323639663336633533313032353164393562303434623533326331653561 + 6566346561643066643331393437623366e93fe0ef0a220ef1228be9f9195475 + eb303b841b6371841126c13ed419d931', + ], + [ + 'c139f67915206b7296bc6ab383a2786c', + '303132333435363738396162636465', + '5773028f2be0df720cb3be2cb989e9e161616430393538363437623862326264 + 6436336133643738333866353339393932326432356433306630663062613331 + 386666313033626661333065313031623d5e980deacb6369592c90e7afca6e6b + 06736654378cc93b2d238e6360969956', + ], + [ + '910c052157953194d552e3a3f0061ab7', + '30313233343536373839616263646566', + '3141c48cc0b73ee43d5cd9ae5c8a153f66343039333638396632653239623434 + 3162616664636331316238336265626536336231653764663732396638336138 + 34636438616265376138613539656164b004dd4ebddba049ae068936643dd475 + c07696b0cc173c2eb4c2d7bc3364845e6e3656b463b04e2271cb10824f1365ec', + ], + [ + '28d0ad09ce367ca8e0772bbeeea6c40d', + '3031323334353637383961626364656630', + '1f19013959a0985cf0235c4ff46a20c135626235633437383532343736613963 + 3765646334666263323832643438663361323266303264383337613736363133 + 666432373632343236313331656362354de2203149f8b4f348c06ea4e2eb94e5 + de4deaf1d198e14e7c448421002bdfa9ed979502d86750d70aebaa1c727ae79e', + ], + [ + 'b658ac4b9fa13c3c1d40699aba886b7b', + '4e161a1df6', + '154015ebb822a55869721a0b1c22497762653266663264333631373938653539 + 3465316466396535343966373738666663646232656163383733633739323334 + 316363623562353462363133623134643d118216985ac7e3f6888a95552b6a67 + 6ff70daf8dfb65b4d5f62a936b7f64d7', + ], + [ + 'baeb43072f20af0f85c6252aa9f0d472', + '5862447074634952357761764253733d', + 'beb6dcd0fb444cbf759a241bd0ea26e537336135333532656136653262303736 + 3061656635326136376230333132663839626431366265363565643064616362 + 39633830313066356330653466613232dd9cfe4f4495f34a971a25d881dd48a3 + 12093a6307a87e4544e217cf9d39dd536a5882d2b9867abefef5c1dad127447e', + ], + [ + 'd527f854e8f37c49c71b82c48d8b4775', + '82c2f315c69f20ec7ae391fc6c2de85281d54c97f74981b4efec0f5e4606765c + 040f1f45386bed4fdb9f998b0e7027c7414bea667b1205027c55eed927364446 + 3b1832bc5338e3a7e10bf24d8e69f167b94551b6240f65b416feebd28599334a + a4', + 'baa84c2c05b2ac8efd9fc8f9824efb5d63306366393939626532323532646433 + 6539346265383936336262303339336635333164383339326436376631353366 + 6433616639653638393063376137626574bd7aa8c5f313e2d8b7a4ca4af35090 + 9695845c9d62cd91c486307d3ae0701e4abd1fa69a255aab1e6ac2874fa1bc0a + 065340418a6669427bcdec751300ce7666a38d17d850f7dae4ea9567045356e8 + f347941226bf7b2d4dd3a21c8aa0b381f8ad06c3a55a7d2cb967ad148142c287 + f12a563f9cd2c6224e7efb8fdd130bb9', + ], + [ + '01025bfec21dda4342809cf20382de29', + 'badec0c7d9ca734e161a1df6ca4daa8cdbf6b3bbb60ec404b47a23226ec266b1 + 3837ffc969e9c23e2bbba72facb491a6a3271193a35026a9ebc93698d689bf7b + 84fc384f544cc5d71c2945c8c48ae6348c753322fcaf75171b7d8f1e178e8545 + 3d5c79f03bae6d9705cabbe7004ec81e188812a66313297fcf5d4c61a48614d2 + 1b5379fae60736f88bc737257bc1cfbef7016108dd1f3a537aaa681544f5bb20 + c2d352212d6a2e460311ab7b93b611218b30c7402709bff89ecf814310c2db97 + 81f4142a54d6d41f82c33208c188a023c70befd697b496efb7c7b8569474a9d5 + 025a8ea8311c831b3de2b81800f28589b6aef537f6ada2e3d92a1ddd39cfd6b4 + 8113c8b36be890b099ca4e08655db0e9b5c211e706af052b776924233321412c + b1b540f08d88acd664c55854b05e31a15d4b0dc93b4514f62a88c3d4a451fe34 + 74d2fbaee742f232959b5f6c2b71a8b6ad95a0d5362f39309aca710f37a4dae2 + 228e27d35f4d3fc87ee6ece4538587fad7835f9803f5ca64dfd856ae767a3482 + c2f315c69f20ec7ae391fc6c2de85281d54c97f74981b4efec0f5e4606765c04 + 0f1f45386bed4fdb9f998b0e7027c7414bea667b1205027c55eed9273644463b + 1832bc5338e3a7e10bf24d8e69f167b94551b6240f65b416feebd28599334aa4 + d998a599053cd477f54fc0af62a8ef75eb91096b153751b201b8374c4956508c + 6c82ea2ceb0265e74c96032787fe01139b578c3a14fd4e32a85195375b25da60 + 4f21187ee01df6042971d7c2b9dd8b611527377f28f933559f6b2edfe7bd8896 + 00627830bcdffcb884989013585cc6da726c7cc57c69e8664a244d234465f2a5 + e736512a65e563a2a726915b50247aff165190c75d151139f2b31211a3acf94e + 236d27b441fe64e88a443778359d57ba0fed8edbb01cc60a116f9599da4e47bf + e96850ac12d1199a080f1b591c60eae613fba444f9fe31fd42ee333678532556 + 07fbfeef02cdbb2d0a8d2329adc7fba22aa4cd124c6e66e0b0aca796ba6aeb69 + f8e76a9d1aaabe351bc42fefa6054977859b51158ba7143980d76db5b2cc6aec + 9f83eac5edf79357632fb60cb4811e71892436e582375860faf8d8c518ee33ca + e08b18af7faa227d97196d7b041bcb366118751fbeaa92d80f86324ce8711cfd + 65005cad0ce30878f508eb1ea2735e212ef3e42a78467d4f31b483087c3c63a3 + 2fa62f2ae92e2acdfc3cf21b3419acc347ff51ccb17161e829cc4a24965fd930 + b983d63153b9c13dd85340d7184bf01734d4357c1aabfbdc9711193ffa974832 + 4f88cf801f35708db0901ffaa55415ca4334678633dda763b5fbfba7cfd51dc5 + 79149ec9284a4db2349dbc5264d5fca7a72034261716d90a996cb57ba09f7d07 + 29a2f10cc58eec98d86e9306a3fbf2e711046e86b5a86cc0eed7625be1a01ebf', + '08ad33a166a9b39ba7522ccf5414123062643565356136373131666663323763 + 3636343466313761356339656234343064626331343366346432343062626634 + 3264393630336535353431613338653717747da97dd4d63e215dc8bb9ce231d5 + b3cc9c287dfadb1b5acce0d4da2816de16114665271204188d91b642cdfdb494 + 66a89caa29a9139354f69c4c188d76d88d36d14004268f327c98f4736ba31728 + a46d8f50d1665bcf157e3164d756286eceac4ce81ba3ffd1b79ff0862f5f529b + d44f0e2fbcb88c388095cb894fd4ce059ba8f5436f0a15b2fa9a40acd6645ad1 + c6f16365250715cb0552dcfc220e844ba67e2a1206b1725a6bbb8f0e87b7067f + b51fc0226cd963bddf549227d5eaf5f996061d9c3b7e3306bd9be1114aed6199 + 6e44ee1144bebfca9a1064d40419837e54006f54161dd028b2702faa5cde214c + bc11ed1c77d4042b333e772473f4764fcdfcabdd0319f33d96ad0ab904cd2620 + 31683afc4c96dc27fde0570aaedc922a552d46687a606bb579b6ab8050f418f8 + f6a3fc33ef5eeba8dbf54b5a90a1034ff8a68d9ea691d9a1d6b8f41376735bec + 6c0f541f927cf107f2184f96235a6fca6d1db013966d8527389f8a79f4afd7bb + 297c85d56f74faaa069679edc78b16b17ab8d72de3788f2ac2fe8a2e15ddfb3f + 14ffd9ef18c95acf340f702a974b580cac93928417650b8f9e7409619774e483 + af66b18ec7547f744099e2bb4125905e5dd553beca90d03fa7d7bba201ab97ac + 92506c305ff79afe9c99a73cb20b9048464beeb100df0ecfb40161f95dd8708a + 6fd09e1b166f1e27429b1ca50f990a45425dec25b2a29dcde4fd1c23b0d660ba + 10241bc20cdc59c3609a7d6b094538d56b878c62dca3a54fbc53d815ae0549f6 + 978ea37a644add2bd2720b37a3502d683b0a8b9ce269bb3db8a44f3e8c3ba507 + 7759de171e1d040dfe5c9a610e21e3b41d95403654122ed7b75111622f14bb50 + fd7a3e637bba73fc8c4e22702b52329c224860a9e04b38b8c23527c732a281dc + f92103d71decf673b3fa83feab2c1937811e0b41163019e1b45e664d4acc570c + 2d4b24dc138285478c3898b0567c026a1651bbada0fb62ab5ce0d96e3601aec1 + c6f04ecb1b53f1d852893edb971703dcd919c2dd883d0851e2fc491cf9abf1b7 + c1652bac73a5a9e9bdbf164db948cc5b8299fd7f5535fa927130dc4e183ef35e + bb08723625e4cf62f253111e6f016e6cfba2e9cec30e273e4b2dcefa80d1c528 + 82c91609acf5989eec18afbefc25c898763c50d2a5cc54250d2672a39758f948 + 1866c26d260bf774db05280697d2b1a95b0481afa2b80bb205186ac290bc3770 + b19a652dc2f5d6611363cd851d921edad36851d64f4cac6ff67299455e120cee + 65a0d9471d1c952d7e81ba5e67e0a8a41a9a68f50d88a2b62151b564ffc2e435 + 8373e55df6cad337589a89054c050f93b4b252aa65466029313bf7311ae735a5 + 26cd2bac41af846c069ed614485cf62bd66c939dfeb27ecaaa197aa344a5488b + b3a2dca884c7fdc4ac08816b2b5ba3b7414f7ff7a06a3a6fe75e20c9eb97a881 + ac130616f176d1f26ae24bf4392e0a0e', + ], + ]; + + // these ciphertexts generated using my branch 7215-replace-mcrypt which is based on openssl. + $openssl = [ + [ + '67ae7370e4a144523543f1e3edf35b26', + '30', + '706e1670ec6beb91c565299710e4f43231336530323838313435653933623539 + 3238313639623066323530646630653236313832333361346664623132393436 + 34326131663964636634366665306439e6142bf3d0e6a5952231d8bfabbacd83 + ff04c61400529385d63a4b8f8696982d', + ], + [ + '5d4bae62bea3c8f4c49dd1a38a4e1b2a', + '30313233343536373839', + '4c9a34e1977dd656fd3e18d4bc2b00c762353830326262373135396530643235 + 3332643937653632353331626532373336653761643866646233336365323233 + 30633138663034313665653038306161eb77ac98344a0bf946f98e892e6e15db + b9e221a7c25135a36562c3ecb2981fcd', + ], + [ + '6832851af3c63a1e303bdf1bca38dd9c', + '303132333435363738396162636465', + 'd09d2faa163e774abd020bf8cd623f8962646233313330626133613964353834 + 3436663631383139653438326563623537373830663962303531366130383130 + 3333303531613337386534626136636415db7a6885b67f69d9974f5879ae7497 + 08811fc036508f23f55f3f9d16b9ff9d', + ], + [ + 'e8a9799f4254b26484ea447918dcaad4', + '30313233343536373839616263646566', + '1a76a05af572abe9b4e7a67d7f64baff39666636363332323133373034386531 + 3761353236333263643965313139303666636535343862363737333032323331 + 313136366562336535663033316231303811542783f13798b17d40aa7ec9b489 + 34404ab50784ad1722f5f4d4462f702d3a625ef712635b274a970a47b516b137', + ], + [ + '27cbf5a7c4327582393b2ec277cfe957', + '3031323334353637383961626364656630', + '60e2e14b404c5bd55b192ef2f1c7131c32356261636361313131336265323534 + 3439623033346337346133346239363337633736663831343632626638303038 + 64653361396366356165633061666538d2137b2defca383668827b6983f86254 + bd849c3e8c9a44b6e1ed203491d73b4cb0cb83658240a89baa9261755d707879', + ], + [ + '7b157beb08e8a8ac7d74f789ccbacae5', + '4e161a1df6', + 'a17ca346c4a88404b8a345b1d075173a66356137326335343137393136353762 + 3930636535636466336534316438376437376639366535666636313235653262 + 38393464663134313430333633343232b319ce688676fde03d092d73df75705f + bde594d9b2bfe41580a458555982dc70', + ], + [ + '88704df5b4881d2246388dc7c68066cc', + '5862447074634952357761764253733d', + '9069fbdd47ee81faf34eff40f8fee94333393037333936333439653537636132 + 6561613863336165333336323562353161636330366438633264376461626563 + 3836363462646536323261333034643070e4b0a3d196f36a4afb92a7ae4ef7b8 + eb44e9db29638fa32140e379ae7aa6b7e68f454635ade137165383fd3a5c049b', + ], + [ + '1d203fba1cd2a7b92abb8f40eb985538', + '82c2f315c69f20ec7ae391fc6c2de85281d54c97f74981b4efec0f5e4606765c + 040f1f45386bed4fdb9f998b0e7027c7414bea667b1205027c55eed927364446 + 3b1832bc5338e3a7e10bf24d8e69f167b94551b6240f65b416feebd28599334a + a4', + 'fade5d841aa10a29a2ef5236371ffc2964343165383664636264393666383364 + 6165646139316438666531633230306537343364336166666463656466306564 + 63326239653938303332656464346463136bd6dd0b7530490b91024ed944bc3e + 3fc4050d20ce05a9ed992ede75f62bdd2523d0cbc93493baf07ef98c895a353b + 5baaf26200572aa2e5bd22508db227556c5ee9eb7425418e9852c595e6ac0e61 + 37c186e04a3f19d855d8c4b8a8e6ad1be179ea5c816fe461a4cec212297873c8 + 5f96ee5c024cd88d1c32975fd95acd73', + ], + [ + '1f93719d7a66a724c3841835fbcb33fd', + 'badec0c7d9ca734e161a1df6ca4daa8cdbf6b3bbb60ec404b47a23226ec266b1 + 3837ffc969e9c23e2bbba72facb491a6a3271193a35026a9ebc93698d689bf7b + 84fc384f544cc5d71c2945c8c48ae6348c753322fcaf75171b7d8f1e178e8545 + 3d5c79f03bae6d9705cabbe7004ec81e188812a66313297fcf5d4c61a48614d2 + 1b5379fae60736f88bc737257bc1cfbef7016108dd1f3a537aaa681544f5bb20 + c2d352212d6a2e460311ab7b93b611218b30c7402709bff89ecf814310c2db97 + 81f4142a54d6d41f82c33208c188a023c70befd697b496efb7c7b8569474a9d5 + 025a8ea8311c831b3de2b81800f28589b6aef537f6ada2e3d92a1ddd39cfd6b4 + 8113c8b36be890b099ca4e08655db0e9b5c211e706af052b776924233321412c + b1b540f08d88acd664c55854b05e31a15d4b0dc93b4514f62a88c3d4a451fe34 + 74d2fbaee742f232959b5f6c2b71a8b6ad95a0d5362f39309aca710f37a4dae2 + 228e27d35f4d3fc87ee6ece4538587fad7835f9803f5ca64dfd856ae767a3482 + c2f315c69f20ec7ae391fc6c2de85281d54c97f74981b4efec0f5e4606765c04 + 0f1f45386bed4fdb9f998b0e7027c7414bea667b1205027c55eed9273644463b + 1832bc5338e3a7e10bf24d8e69f167b94551b6240f65b416feebd28599334aa4 + d998a599053cd477f54fc0af62a8ef75eb91096b153751b201b8374c4956508c + 6c82ea2ceb0265e74c96032787fe01139b578c3a14fd4e32a85195375b25da60 + 4f21187ee01df6042971d7c2b9dd8b611527377f28f933559f6b2edfe7bd8896 + 00627830bcdffcb884989013585cc6da726c7cc57c69e8664a244d234465f2a5 + e736512a65e563a2a726915b50247aff165190c75d151139f2b31211a3acf94e + 236d27b441fe64e88a443778359d57ba0fed8edbb01cc60a116f9599da4e47bf + e96850ac12d1199a080f1b591c60eae613fba444f9fe31fd42ee333678532556 + 07fbfeef02cdbb2d0a8d2329adc7fba22aa4cd124c6e66e0b0aca796ba6aeb69 + f8e76a9d1aaabe351bc42fefa6054977859b51158ba7143980d76db5b2cc6aec + 9f83eac5edf79357632fb60cb4811e71892436e582375860faf8d8c518ee33ca + e08b18af7faa227d97196d7b041bcb366118751fbeaa92d80f86324ce8711cfd + 65005cad0ce30878f508eb1ea2735e212ef3e42a78467d4f31b483087c3c63a3 + 2fa62f2ae92e2acdfc3cf21b3419acc347ff51ccb17161e829cc4a24965fd930 + b983d63153b9c13dd85340d7184bf01734d4357c1aabfbdc9711193ffa974832 + 4f88cf801f35708db0901ffaa55415ca4334678633dda763b5fbfba7cfd51dc5 + 79149ec9284a4db2349dbc5264d5fca7a72034261716d90a996cb57ba09f7d07 + 29a2f10cc58eec98d86e9306a3fbf2e711046e86b5a86cc0eed7625be1a01ebf', + '712929635f5be013159aec81296b96ec36333734373565366166383031313734 + 3331623863663837343237633863376539643865643339383531363139396566 + 34313731633765393462663264316130de90698e64fa4abc91639e72baee83bc + 2caf85f91318e0cbd0db5fa08c4ffb582ec55ca43de53a43f2844af35d5f87b9 + 8faa623107aee2e083f1c7aeedcb0472c93bb9eacbd39d839d5bf94c44658d7f + d70817f5d6b120f91ef86880f93e99151bc1ed13ed263a3ccc7243e5ea97f39f + 1ce2ce6b05a2b78f05c5d72041e35466068f52fb3d2ba3afa7594d7bc0981c54 + 8b31ae7e5b7e7e0e6f2fac9a336e6516d7e4b5cc658e1fe634daf9ad097715be + 14d54ef19adc381db31db78714a09e997dc7732853d39885566e41a2c0ecb08d + ef8ab56359a0e312446d9f1555539ad29e13080d438d6817280d4dbfe6cd4ab9 + 4a357dbddcea1bc90e0d0fa6d556b1ba75c23a1d3818ea91e0fa5b8005b8020e + f7a80ed2ee60aa8ee588e101dbf3b64bf6a3dca5b1d5bcb96eed5c594bab1dcf + c1f61d74ad3ff0f5fdf176a327e8de33d123cdd61c6c4dc946429c566ac0f77f + 48215d5889365fa664a879babd4758fb4d824cfb9e4bf6500ffec0e4ebefe4f6 + 2e521a7cd563fc954a9161047461e4054f324c5cf4f9e949566c9ac17c45aac1 + abf98caed42242c51aa0d81d732c538e437c4024e8f04eeeab6619aed46599e7 + f66c2041e0c346affab1f79cd7352a66686fac2b38615f8fc172ab0967fd4435 + 9dea9f41b57ba5a752e20456f2254e8eef576867ebda0f48fe47a2e91fc8d8af + dc1bf98a8d3530b4b02996fe4b05ec3dab200f9e79a4261c233caa9a33762f1f + 4b3482ab6f16f5dbd7bd87ed17e21c30140ce61fc2468c054ce51dded2683d7c + 375d69d662729d6fb8629b8dc25dcc5596f87f627a2138a3ef368a2a1591902f + 84ffc457bd556a346815986f153fd3a99ef169444436ac81853b318c0908cb33 + cf332edadfb870cab419365312c18aeda418b8b571783a6b2d8c397c33a22b31 + 55958cef153f4d9cfc3a1c6288ff17bfdd92132e1f1e5fe8041e30a383084811 + fe892d7fc33abff10dd20db07277677b16e7f90137adfc3cb36dd85de3618769 + bf8f3ce13642f9ea430f455d388281208190b335915e256320274a904ecd0938 + d3c34d99c88e3186a132777fc7b74b43efab1a08376035061de56a4fb6de611c + 41d2139c77a516c4f8144b123696356b4b9a752a9cd857630af4ef02339172e6 + 361a2fd6a18e3baaf8a3f7e9811ad5fb61abba7ae893b1e7748df2c5b7704eb9 + 65606b0253cba6a0561b0e70593c724f99e07d3e9a857aef894a64a35969b354 + 4726d35504d7b8c0c06cbf9106c5d504674daa879b39328d2c83e0f4e5622ea1 + 4fb742458214b410e2736d8cefabfb125c4769701711c15ab870b5ff192d4c71 + e805ac5100352e33227b162ebae123e20c477719c52c59e192c2e3731806404d + d4359f840b11ad495357210e259e6b9e8fe5e8f600e8746fe1a483d45b694324 + 0809649ed7320b0022a5ef7b414635933d6d18ec7218f829121d12dcb573ed77 + 79ab0519d2df17dbd8988b32ac0711ef', + ], + ]; + + return static::CRYPT_VECTORS === 'new' ? $openssl : $mcrypt; + } + + /** + * @dataProvider dataProviderEncryptByKeyCompat + * + * @param string $key encryption key hex string + * @param string $data plaintext hex string + * @param string $encrypted ciphertext hex string + */ + public function testEncryptByKeyCompat($key, $data, $encrypted) + { + $key = hex2bin(preg_replace('{\s+}', '', $key)); + $data = hex2bin(preg_replace('{\s+}', '', $data)); + $encrypted = hex2bin(preg_replace('{\s+}', '', $encrypted)); + + $this->assertEquals($data, $this->security->decryptByKey($encrypted, $key)); + } + + public function dataProviderEncryptByPasswordCompat() + { + // these ciphertexts generated using Yii 2.0.2 which is based on mcrypt. + $mcrypt = [ + [ + 'LtogIEhy59ve0Huy', + '30', + '83325c8abe8dc0afd801acb7785dc29c32393439653930663266396466653862 + 3965303964653935326238343065363734346264633932376364376430653933 + 37303963376232336634306339396136e6f4e7dc3e2fd23be186f037e4caa6d0 + 4ae8cb894d80c08bb790417af9cc176f', + ], + [ + '1_VTumNNc7VV463t', + '30313233343536373839', + 'a247ac24f3aa60e894904f58954ce8bf39386530366165343538336132616231 + 6532353066663430646432383531333465373336646333386437323733633763 + 646665346232623635393962626162323a44a150a556addd97addfb43a32f600 + aa2c479664682a308e6cdd523967cb4a', + ], + [ + 'DBpoIPndKRm2Rfem', + '303132333435363738396162636465', + '9ed20f30824312032e5e34e2c5ab61e333313930616634396137623261363863 + 3334323832333664626265663435643633323033383862613865633961356261 + 30353634393536636465643833633531b62ce156f34b92790b2d26312f3fd7d0 + 0a646da4d636f6998f1b0d859f255dc6', + ], + [ + 's1e1oRE1iM_oortb', + '30313233343536373839616263646566', + '5b03427dba481b5af8760edc3788fa0e66666663623539353163346466663761 + 6434663337383566366265663931303662366530653633663235303532373763 + 37346330393537646630616535373230c98134da00d77753741c1f0bb483f109 + 622a889f950310cd51d7d48d63202b20d378eac85f7d0c851fc9905d322aef96', + ], + [ + 'i1E7JvOQaESAKoeH', + '3031323334353637383961626364656630', + '7cf2ed4612d07de3ecfd54ac0e576e8539613861656439333965623533626238 + 3361653764663438643330383130313462613961636462383836383862313962 + 346439313666343336313766366538637bd566b1eecb0b1e0896eb1fd0fd11d9 + dcb9eee5cc3d90c4046a6849e8ad152caf85e8f96de3b24b4d523a2d60533e0b', + ], + [ + 'QUN24gpNGodXurMM', + '4e161a1df6', + '49fc2d51b3e6325d86334ea8872699ef31613661333031373065373834643033 + 3863343734366435343035316562643438636133306233373431323066333330 + 32613330623364326162326434306637042f9b4a005ed3b9532181d020378800 + deefcfa36d77ed4abdf35546c0bb4aec', + ], + [ + '1COt9D8ZsfclCic2', + '5862447074634952357761764253733d', + 'c4d5f90054faf3699d983795f44bdb1430643734643832343265323064323434 + 6535346565323733323764376266646539366431353266666639386231626438 + 653237646165393461626435656332332b4244fccb47ad8cdea56109c7d5a417 + 13b3844d9857507db59d0000037b169f7b67cf0ea793c0254bffc55342d8e4c7', + ], + [ + 'eUqmv4chMnO1H5cq', + '82c2f315c69f20ec7ae391fc6c2de85281d54c97f74981b4efec0f5e4606765c + 040f1f45386bed4fdb9f998b0e7027c7414bea667b1205027c55eed927364446 + 3b1832bc5338e3a7e10bf24d8e69f167b94551b6240f65b416feebd28599334a + a4', + '31435e0bf8c0be9a395791288f6d058839336130623938343839626436636433 + 6664373131666361383739633163373130323936653730306331663836373263 + 656135303466323439326564626162378298df437dab821e8b2f7086962ffeb1 + 7a674022ee498470e5e8fdff8905aed39e424588ecee69965bb6856f0356860e + aa978ffa42ccfef6d4fb00026014e107736f3ee9b2206a2cd52b18e3068cf6aa + 077c7304128a3cd92d4fc29dfa7c180eaf85feec791618db1ed01695536cf8ec + 7923c0b3fb974fd0ff92faa62723e94f', + ], + [ + '3Cl5v2Lmn61PiQ3H', + 'badec0c7d9ca734e161a1df6ca4daa8cdbf6b3bbb60ec404b47a23226ec266b1 + 3837ffc969e9c23e2bbba72facb491a6a3271193a35026a9ebc93698d689bf7b + 84fc384f544cc5d71c2945c8c48ae6348c753322fcaf75171b7d8f1e178e8545 + 3d5c79f03bae6d9705cabbe7004ec81e188812a66313297fcf5d4c61a48614d2 + 1b5379fae60736f88bc737257bc1cfbef7016108dd1f3a537aaa681544f5bb20 + c2d352212d6a2e460311ab7b93b611218b30c7402709bff89ecf814310c2db97 + 81f4142a54d6d41f82c33208c188a023c70befd697b496efb7c7b8569474a9d5 + 025a8ea8311c831b3de2b81800f28589b6aef537f6ada2e3d92a1ddd39cfd6b4 + 8113c8b36be890b099ca4e08655db0e9b5c211e706af052b776924233321412c + b1b540f08d88acd664c55854b05e31a15d4b0dc93b4514f62a88c3d4a451fe34 + 74d2fbaee742f232959b5f6c2b71a8b6ad95a0d5362f39309aca710f37a4dae2 + 228e27d35f4d3fc87ee6ece4538587fad7835f9803f5ca64dfd856ae767a3482 + c2f315c69f20ec7ae391fc6c2de85281d54c97f74981b4efec0f5e4606765c04 + 0f1f45386bed4fdb9f998b0e7027c7414bea667b1205027c55eed9273644463b + 1832bc5338e3a7e10bf24d8e69f167b94551b6240f65b416feebd28599334aa4 + d998a599053cd477f54fc0af62a8ef75eb91096b153751b201b8374c4956508c + 6c82ea2ceb0265e74c96032787fe01139b578c3a14fd4e32a85195375b25da60 + 4f21187ee01df6042971d7c2b9dd8b611527377f28f933559f6b2edfe7bd8896 + 00627830bcdffcb884989013585cc6da726c7cc57c69e8664a244d234465f2a5 + e736512a65e563a2a726915b50247aff165190c75d151139f2b31211a3acf94e + 236d27b441fe64e88a443778359d57ba0fed8edbb01cc60a116f9599da4e47bf + e96850ac12d1199a080f1b591c60eae613fba444f9fe31fd42ee333678532556 + 07fbfeef02cdbb2d0a8d2329adc7fba22aa4cd124c6e66e0b0aca796ba6aeb69 + f8e76a9d1aaabe351bc42fefa6054977859b51158ba7143980d76db5b2cc6aec + 9f83eac5edf79357632fb60cb4811e71892436e582375860faf8d8c518ee33ca + e08b18af7faa227d97196d7b041bcb366118751fbeaa92d80f86324ce8711cfd + 65005cad0ce30878f508eb1ea2735e212ef3e42a78467d4f31b483087c3c63a3 + 2fa62f2ae92e2acdfc3cf21b3419acc347ff51ccb17161e829cc4a24965fd930 + b983d63153b9c13dd85340d7184bf01734d4357c1aabfbdc9711193ffa974832 + 4f88cf801f35708db0901ffaa55415ca4334678633dda763b5fbfba7cfd51dc5 + 79149ec9284a4db2349dbc5264d5fca7a72034261716d90a996cb57ba09f7d07 + 29a2f10cc58eec98d86e9306a3fbf2e711046e86b5a86cc0eed7625be1a01ebf', + '0c5164ead7f48c5d95f5907399c146a261353462323734323738656231323164 + 3962333166373062373734636630623932616638626236393339363861646366 + 35643933393537303331343436303330a927c7a879272f81e1032d57530b5e69 + 60f70e14b7607e8e17583aa8197f547e375e07b7a9d6c11be406f5e01aac59e2 + 7e54bb3c33662ea294cfbd0e7bb8e5eb886edee341509a752fc3b9706807a948 + 00edd0bff8e624275420bff50995de70d2692a052e1710a0b9135f9f44abcb02 + 24a189f1bb414e4d73fb539728d40b47ebc34fdb5ec2fa61848bb828de5179a1 + e799eb09367bda9b59b3bdc51d3f92c1bd7dacf751b9324059869bf6adc3d88d + 226a153a75cae1a2426ea187ef62c97bbd35e97450da87d4da9aed08ebf30a3c + a3369cc65a17acebb8a6ff8ff698743a3782990bc5e8cd03a6882c0f7c50868c + 6b3ce967c9ea317555eb972e9bb7beb7b3215160a0bcca8c7f92a085beca256e + 4484b1cdcaee495917d8aa4dbf7675806f7f57e77a770ea7db6e080150b43f56 + 15709b371a303e89b032eac7fec3ee954ea52940a2e59343fd0fd59ac2d4f095 + 74d2863eed13774c63a94e87f7ccdbf0741a56074a7210e2f022809ca48637d8 + 057d80fb190f339ddee2b6f7aaef3f2c1848026bd33e377ac554e2b29dede4fc + 11e040b3837c24e6cd93430c2f9c19138cd1b505681958a09f223f65e6d7b123 + 43e426e204ee32411b1590133d58fbc4806ff784db93cd0205a7b4a1f4b96ee4 + 02b06ac00520118c89a7c4f1dfb4ac941a3d6f839e9312ee8cd9c3c02ef5cf2a + 29d266fcfd29c24b994bcd3c67000999486bad6b060f87d5c843f3f132be5a7c + 6ab2aab2091a83f0673efc4bf658e6c181c800a2eab5272c9cc8e9bdcf4ee061 + de613989f107f1755385697ad64cd1c613f1f742a980c48e27638b8423b82eba + 555c59020ee5794099377e816e8983a7579fc97178e5ac0f98bdda6dbf3f38f1 + 3f8b2d12cc792e729468a8408482985ac73e831a6ca5f67176f68bf216b77147 + fe4743ae60f628defa590b0b0b7d8c39d24ef6980ffc0c47882fa0e3f04ed3e5 + 6d8654e11a0f25a2b3dd03e900e3d59922fa7ccd544f98a04828a34826fd9bfe + e8c841ca6146cc96443ab2cbed3f846f5241d27b15f81df80e2b35219044e933 + 4967334529fe949604a19f7cad76842a16928066a01fb9ec750e78ae68ddcb4f + 833b5e89377ea31c7c87666c300f36f7583383f783f979cedbd05585c50caade + 73f9f38dfcc5f915106573694ce497a0787ce3fecf9678a75b62f258aea300e8 + 2176e5c51009ea1fbdf266606cfb93cc62f9abd6c056625df053da8d9e175d63 + ca716f148365a41796889e6d24e6c9a6ee6ac57bf7c35b45d4000ec638d191e5 + 54fe6b031f87b82f6076e9672f7162de1dafedb9fed9d38adeb999c7fc46f801 + cd546342404315b06faff51d549b2eb94390d40a9ad826c1595add3f11afb909 + 16dc20173f13010008bc12a6355d582205897e7eb885f526a08bee072dabbb15 + 3b1777d8e7d96b31db8b64d64404ae82b3506f10ef198fad6321aa8cf04b5f54 + d5236014d4b5ce20fbfba77f090d3573', + ], + ]; + + // these ciphertexts generated using my branch 7215-replace-mcrypt which is based on openssl. + $openssl = [ + [ + '3DZsVH4gt5xBueho', + '30', + 'e19edc37d284b77a5a4600334b67317662393266323434393038666330653031 + 3730313664646137663830626366383363336239313664336637653133313933 + 306133613836363563643538396163642b6c12f20e7e1ae97422ee659914cc57 + e99c7c97c7a4957e78ab957b18be4551', + ], + [ + 'CVALyUpDdMOSaxJN', + '30313233343536373839', + 'a2535797ac0c83932fd9a2b8d6b2602662663439623337616631623434333233 + 3033343439313063656162373231666330333261383561356632393932386462 + 3631666364313236303962373636316296930828e0e154a0e8d262846835f242 + e42de861cba81df69fe6fe5a5970fdf7', + ], + [ + 'wBZcBIhNSFiaCWE8', + '303132333435363738396162636465', + 'd77b5d334d2820b5b5a54c5f71fce21130373832656561636661623564383766 + 6338343636626662346566623035333461653566353366656438303063376561 + 32643033343166376162376333373166c6cf828b68ff940e8de977e3471d1d51 + 2e51bab7ee0f976dd6d87727b508f7cf', + ], + [ + 'PYeAhK5nWPIxGD2F', + '30313233343536373839616263646566', + '0c2b35c26794c55b94228af98ba7378133326361353835323130363730333039 + 3531343463653763663366386462363733666537646466326339303439373730 + 64343038313234393232313362653639dbec4d9abb2dcffbf186366476df34d2 + 500744fd27eda1e0ea0e54280b091d32ebd1e786402507cb3c591503e27f195b', + ], + [ + 'B9u8Tl9tRBgmnSHk', + '3031323334353637383961626364656630', + '8401d45dbce698cf9342152c75cd8f5164356231643534643561646636316462 + 6331373265623831373165363336616165343432383161633962646333373932 + 3139323034393665303863356331363743e5873d38758489b9d5800aabf31f3e + cf36e1e47955f5c96acdf8dc6cc7280c825949d46546796ec5a114985f5fe598', + ], + [ + 'cLHX5BvVQcdlozS6', + '4e161a1df6', + 'e04aed1dc385788c3c777bc7b3cfa20c32656633363730393363366138643831 + 3866303330613461666664623039326437623739613236333566353762333461 + 34653132366163653031303134353161eefebead8d190e854c05f598adfb8d7b + ef30c86c7cc7003f261b8ce26c62da55', + ], + [ + 'r8EZMeBVex-LC3c5', + '5862447074634952357761764253733d', + 'ae03ee587e7df6407a17d43e3381b76563616366633165613463383063353930 + 6163613736656635663234613263323833393131363661333737333133356366 + 3963313236356663373035323264623224b4aa1536a8deba1dfa026efa614fb9 + 4915763a2629a00fe5ff8f1afc894f1b644f9b08ebc7baefc06229f177b5e446', + ], + [ + 'TRS5GvlQ2WCoEzHY', + '82c2f315c69f20ec7ae391fc6c2de85281d54c97f74981b4efec0f5e4606765c + 040f1f45386bed4fdb9f998b0e7027c7414bea667b1205027c55eed927364446 + 3b1832bc5338e3a7e10bf24d8e69f167b94551b6240f65b416feebd28599334a + a4', + 'f05611e02a2cccbfea4679e8110087a061396332303030396562663732626138 + 3530363534313362373731316330363964393564653831636566646261363265 + 38323536366666633438396566323939bce309f535fca3d1fb23e8503f8cf3b8 + bca4c4bcfb4021592268f88070b5203f5023a6a39034e34048bc944c22e037fd + e6ca8ca17e2bdc8169d1e714830de6932cfe0dcdd1728e8bf848a6f4f7154d1c + 0f8c650e0ef650ba3b90372eb6d13e93e3c79610291a523a3967a3049b04f1d4 + c899e1554b04f906c2e6408a16702d19', + ], + [ + 'x_a2LHnyqH8WAwkZ', + 'badec0c7d9ca734e161a1df6ca4daa8cdbf6b3bbb60ec404b47a23226ec266b1 + 3837ffc969e9c23e2bbba72facb491a6a3271193a35026a9ebc93698d689bf7b + 84fc384f544cc5d71c2945c8c48ae6348c753322fcaf75171b7d8f1e178e8545 + 3d5c79f03bae6d9705cabbe7004ec81e188812a66313297fcf5d4c61a48614d2 + 1b5379fae60736f88bc737257bc1cfbef7016108dd1f3a537aaa681544f5bb20 + c2d352212d6a2e460311ab7b93b611218b30c7402709bff89ecf814310c2db97 + 81f4142a54d6d41f82c33208c188a023c70befd697b496efb7c7b8569474a9d5 + 025a8ea8311c831b3de2b81800f28589b6aef537f6ada2e3d92a1ddd39cfd6b4 + 8113c8b36be890b099ca4e08655db0e9b5c211e706af052b776924233321412c + b1b540f08d88acd664c55854b05e31a15d4b0dc93b4514f62a88c3d4a451fe34 + 74d2fbaee742f232959b5f6c2b71a8b6ad95a0d5362f39309aca710f37a4dae2 + 228e27d35f4d3fc87ee6ece4538587fad7835f9803f5ca64dfd856ae767a3482 + c2f315c69f20ec7ae391fc6c2de85281d54c97f74981b4efec0f5e4606765c04 + 0f1f45386bed4fdb9f998b0e7027c7414bea667b1205027c55eed9273644463b + 1832bc5338e3a7e10bf24d8e69f167b94551b6240f65b416feebd28599334aa4 + d998a599053cd477f54fc0af62a8ef75eb91096b153751b201b8374c4956508c + 6c82ea2ceb0265e74c96032787fe01139b578c3a14fd4e32a85195375b25da60 + 4f21187ee01df6042971d7c2b9dd8b611527377f28f933559f6b2edfe7bd8896 + 00627830bcdffcb884989013585cc6da726c7cc57c69e8664a244d234465f2a5 + e736512a65e563a2a726915b50247aff165190c75d151139f2b31211a3acf94e + 236d27b441fe64e88a443778359d57ba0fed8edbb01cc60a116f9599da4e47bf + e96850ac12d1199a080f1b591c60eae613fba444f9fe31fd42ee333678532556 + 07fbfeef02cdbb2d0a8d2329adc7fba22aa4cd124c6e66e0b0aca796ba6aeb69 + f8e76a9d1aaabe351bc42fefa6054977859b51158ba7143980d76db5b2cc6aec + 9f83eac5edf79357632fb60cb4811e71892436e582375860faf8d8c518ee33ca + e08b18af7faa227d97196d7b041bcb366118751fbeaa92d80f86324ce8711cfd + 65005cad0ce30878f508eb1ea2735e212ef3e42a78467d4f31b483087c3c63a3 + 2fa62f2ae92e2acdfc3cf21b3419acc347ff51ccb17161e829cc4a24965fd930 + b983d63153b9c13dd85340d7184bf01734d4357c1aabfbdc9711193ffa974832 + 4f88cf801f35708db0901ffaa55415ca4334678633dda763b5fbfba7cfd51dc5 + 79149ec9284a4db2349dbc5264d5fca7a72034261716d90a996cb57ba09f7d07 + 29a2f10cc58eec98d86e9306a3fbf2e711046e86b5a86cc0eed7625be1a01ebf', + '5d841d0cb575fdb8c7e2cc48be47021d38646237366663323933346163643933 + 3861336335396666356139383066663033336333303731336263663262626136 + 643635333333393362306631333266320d73812258a45d90f8240d59c4e39e87 + 8d4d999f36403a6f0b1d69ab9416792c5e8f2cf427af8423c8213a885fde488c + db95217c64c542f5e2be6b4375ff82e5c72a9f165049546b38295006f50665b1 + 354350de4a68b5f16a18f7df53e0999f4f7ba5ba0676e416a0444d5b7accda8b + 093ae31a23e3cb63b6f404c437071435b8143f282c4cb4403a2b538af5a0d94f + 1e582c3bb9d5379ba5d576643854c232d74f303dcac91a711bf440fb24e7ab2a + 70ef69008ffb59ad2455d4f1482e77114489a3b5a250384b24062f546f86073a + 91fdd85d34bd7814b4ce70ec8d6ea34f98067d7101050f3800f9f1fd92003856 + 223f8ca142749c2ef4c8d1991a62b0ff86623bf9afce65d55fb5efe80089cee4 + e4f12e94e1748c5740f075a94a2290ba2dc892fdfde516ebc190a4db63e77f93 + 54a3bec5ef695572dddcc9d7c43609724c73bc5bfe79d5f322890e4f39a31e6b + 3fb9388c78e133c58e395ca03eca2e8ab9520e4d2e5421e0d9a1f781a564dda7 + 720d56f413312762da078e0226053672983ecf5bdf18086a6f617071814d61e4 + 27e6f02167b8d38e381607e4238f21c0b6e6d9222f1cc6348b9f7d6fb084cc3b + 306b7acbb94f4b3ab6b66fe539865fb804899d3f64c8bca6bd02ee5509022a50 + 03d63e259bb414391fc10ae9b2e42c68a2be743488b69ca77c70741820aaeeb0 + da2ff00c07787a39ec613e665d78c30b5f57a14fcbe24f00cf55eeb174e23dac + a9eb3587bc8dc8fdf5ef062b7f1659b45c48246055fda699b6ae8b9fcc46a380 + ebc6b648662ef5fed1a4fe16c9aa310cc16f5ad642b80549262f5c77335f5435 + a43d30459297b754350a9dd635b0ca5342fc798d369225f6d692eea0c901eb72 + fd10af1199b7847ffc1a0c5915902fe339772183727c31497c752e3beb1cf010 + 2c97ab270def6628bdae630172d73a9fc0afed1d893870003828f64518512886 + 57d62ba52c8d325aa8409b0a40754dc3f84d1c8898e01e20c03464b83d2dae5d + 3d9f279778fb1161ac5d8f9c466fd0c6bdd6a21553ea9252ff018ae99b0d4425 + 0e55d177fb1e0275da97474ea052d85d96b7432c1be840e5994b127b147d1a0c + 64f1cea9115a37225c8b49960e0693680ee5593c81784c850811e1f10ce4f9a3 + 365e3d2d240e0eef8da6404d5a93ebd000a98d5d33dd5a238327e88dfdad2744 + ed0c4321a543c1a3231e53550e816c531b73bafec21e32daeecd199c7a2be75f + 450ce4d39e10ad81a7ca74877e1661376d7cce557a1d4dde53b503e1512efef6 + d607d5074ca8ba29db067454e529aec867907c6eded03ce90835d72974cddcc5 + 83628bd2948a78a2d666ed89889f59b1dd5b05704b7e68a801ad9f93809e0d8a + ae72a72923883d4de81d867bf639eb5dc581429041ca78763235fe11251254c8 + cca8bfe10e8810035e4cce023b6527744d0ea839bb035db99adc3ce742a5491d + c446220a6cb416a0bd3362b424dcdf3e', + ], + ]; + + return static::CRYPT_VECTORS === 'new' ? $openssl : $mcrypt; + } + + /** + * @dataProvider dataProviderEncryptByPasswordCompat + * + * @param string $password encryption password + * @param string $data plaintext hex string + * @param string $encrypted ciphertext hex string + */ + public function testEncryptByPasswordCompat($password, $data, $encrypted) + { + $data = hex2bin(preg_replace('{\s+}', '', $data)); + $encrypted = hex2bin(preg_replace('{\s+}', '', $encrypted)); + + $this->assertEquals($data, $this->security->decryptByPassword($encrypted, $password)); + } + public function testGenerateRandomKey() { $length = 21; @@ -349,4 +1059,4 @@ class SecurityTest extends TestCase { $this->assertEquals(strcmp($expected, $actual) === 0, $this->security->compareString($expected, $actual)); } -} \ No newline at end of file +}