php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-22 17:48:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Security component adjustments: fixed comment style, hkdf() and pbkdf2() are now protected, compareString() is now public

Browse Source
This commit is contained in:
Alexander Makarov
2014-07-26 14:09:38 +04:00
parent 2c5c2c101b
commit c5a3cd511e
3 changed files with 51 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
framework/base/Security.php
View File

@@ -44,20 +44,30 @@ class Security extends Component
*/ */
public $passwordHashStrategy = 'crypt'; public $passwordHashStrategy = 'crypt';
// AES has 128-bit block size and three key sizes: 128, 192 and 256 bits. /**
// mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256 * AES has 128-bit block size and three key sizes: 128, 192 and 256 bits.
// bits but only the 128-bit Rijndael is standardized in AES. * mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256
// So to use AES in mycrypt, specify `'rijndael-128'` cipher and mcrypt * bits but only the 128-bit Rijndael is standardized in AES.
// chooses the appropriate AES based on the length of the supplied key. * So to use AES in mycrypt, specify `'rijndael-128'` cipher and mcrypt
* chooses the appropriate AES based on the length of the supplied key.
*/
const MCRYPT_CIPHER = 'rijndael-128'; const MCRYPT_CIPHER = 'rijndael-128';
const MCRYPT_MODE = 'cbc'; const MCRYPT_MODE = 'cbc';
// Same size for encryption keys, auth keys and KDF salt /**
* Same size for encryption keys, auth keys and KDF salt
*/
const KEY_SIZE = 16; const KEY_SIZE = 16;
// Hash algorithm for key derivation. /**
* Hash algorithm for key derivation.
*/
const KDF_HASH = 'sha256'; const KDF_HASH = 'sha256';
// Hash algorithm for authentication. /**
* Hash algorithm for authentication.
*/
const MAC_HASH = 'sha256'; const MAC_HASH = 'sha256';
// HKDF info value for auth keys /**
* HKDF info value for auth keys
*/
const AUTH_KEY_INFO = 'AuthorizationKey'; const AUTH_KEY_INFO = 'AuthorizationKey';
private $_cryptModule; private $_cryptModule;
@@ -282,7 +292,7 @@ class Security extends Component
* @throws InvalidParamException * @throws InvalidParamException
* @return string the derived key * @return string the derived key
*/ */
public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0) protected function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
{ {
$test = @hash_hmac($algo, '', '', true); $test = @hash_hmac($algo, '', '', true);
if (!$test) { if (!$test) {
@@ -329,7 +339,7 @@ class Security extends Component
* @throws InvalidParamException * @throws InvalidParamException
* @return string the derived key * @return string the derived key
*/ */
public function pbkdf2($algo, $password, $salt, $iterations, $length = 0) protected function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
{ {
if (function_exists('hash_pbkdf2')) { if (function_exists('hash_pbkdf2')) {
$outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true); $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
@@ -599,7 +609,7 @@ class Security extends Component
* @param string $actual string to compare. * @param string $actual string to compare.
* @return boolean whether strings are equal. * @return boolean whether strings are equal.
*/ */
protected function compareString($expected, $actual) public function compareString($expected, $actual)
{ {
// timing attack resistant approach: // timing attack resistant approach:
$length = StringHelper::byteLength($expected); $length = StringHelper::byteLength($expected);

27
tests/unit/framework/base/ExposedSecurity.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
namespace yiiunit\framework\base;
use yii\base\Security;
/**
* ExposedSecurity exposes protected methods for direct testing
*/
class ExposedSecurity extends Security
{
/**
* @inheritdoc
*/
public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
{
return parent::hkdf($algo, $inputKey, $salt, $info, $length);
}
/**
* @inheritdoc
*/
public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
{
return parent::pbkdf2($algo, $password, $salt, $iterations, $length);
}
}

5
tests/unit/framework/base/SecurityTest.php
View File

@@ -8,7 +8,6 @@
namespace yiiunit\framework\base; namespace yiiunit\framework\base;
use yiiunit\TestCase; use yiiunit\TestCase;
use yii\base\Security;
/** /**
* @group base * @group base
@@ -16,14 +15,14 @@ use yii\base\Security;
class SecurityTest extends TestCase class SecurityTest extends TestCase
{ {
/** /**
* @var Security * @var ExposedSecurity
*/ */
protected $security; protected $security;
protected function setUp() protected function setUp()
{ {
parent::setUp(); parent::setUp();
$this->security = new Security(); $this->security = new ExposedSecurity();
$this->security->derivationIterations = 1000; // speed up test running $this->security->derivationIterations = 1000; // speed up test running
} }