php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-24 18:51:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #4497: changed to use hex digits by default when hashing data.

Browse Source
This commit is contained in:
Qiang Xue
2014-07-29 20:54:01 -04:00
parent 74c99dc959
commit a0d19e922b
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
framework/base/Security.php
View File

@@ -395,6 +395,8 @@ class Security extends Component
* @param string $data the data to be protected * @param string $data the data to be protected
* @param string $key the secret key to be used for generating hash. Should be a secure * @param string $key the secret key to be used for generating hash. Should be a secure
* cryptographic key. * cryptographic key.
* @param boolean $rawHash whether the generated hash value is in raw binary format. If false, lowercase
* hex digits will be generated.
* @throws InvalidConfigException * @throws InvalidConfigException
* @return string the data prefixed with the keyed hash * @return string the data prefixed with the keyed hash
* @see validateData() * @see validateData()
@@ -402,9 +404,9 @@ class Security extends Component
* @see hkdf() * @see hkdf()
* @see pbkdf2() * @see pbkdf2()
*/ */
public function hashData($data, $key) public function hashData($data, $key, $rawHash = false)
{ {
$hash = hash_hmac(self::MAC_HASH, $data, $key, true); $hash = hash_hmac(self::MAC_HASH, $data, $key, $rawHash);
if (!$hash) { if (!$hash) {
throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . self::MAC_HASH); throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . self::MAC_HASH);
} }
@@ -418,13 +420,17 @@ class Security extends Component
* @param string $key the secret key that was previously used to generate the hash for the data in [[hashData()]]. * @param string $key the secret key that was previously used to generate the hash for the data in [[hashData()]].
* function to see the supported hashing algorithms on your system. This must be the same * function to see the supported hashing algorithms on your system. This must be the same
* as the value passed to [[hashData()]] when generating the hash for the data. * as the value passed to [[hashData()]] when generating the hash for the data.
* @param boolean $rawHash this should take the same value as when you generate the data using [[hashData()]].
* It indicates whether the hash value in the data is in binary format. If false, it means the hash value consists
* of lowercase hex digits only.
* hex digits will be generated.
* @throws InvalidConfigException * @throws InvalidConfigException
* @return string the real data with the hash stripped off. False if the data is tampered. * @return string the real data with the hash stripped off. False if the data is tampered.
* @see hashData() * @see hashData()
*/ */
public function validateData($data, $key) public function validateData($data, $key, $rawHash = false)
{ {
$test = @hash_hmac(self::MAC_HASH, '', '', true); $test = @hash_hmac(self::MAC_HASH, '', '', $rawHash);
if (!$test) { if (!$test) {
throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . self::MAC_HASH); throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . self::MAC_HASH);
} }
@@ -433,12 +439,11 @@ class Security extends Component
$hash = StringHelper::byteSubstr($data, 0, $hashLength); $hash = StringHelper::byteSubstr($data, 0, $hashLength);
$pureData = StringHelper::byteSubstr($data, $hashLength, null); $pureData = StringHelper::byteSubstr($data, $hashLength, null);
$calculatedHash = hash_hmac(self::MAC_HASH, $pureData, $key, true); $calculatedHash = hash_hmac(self::MAC_HASH, $pureData, $key, $rawHash);
if ($this->compareString($hash, $calculatedHash)) { if ($this->compareString($hash, $calculatedHash)) {
return $pureData; return $pureData;
} }
return false;
} }
return false; return false;
} }