Security component adjustments: fixed comment style, hkdf() and pbkdf2() are now…

Security component adjustments: fixed comment style, hkdf() and pbkdf2() are now protected, compareString() is now public

Security component adjustments: fixed comment style, hkdf() and pbkdf2() are now…
c5a3cd51 · Alexander Makarov · 2c5c2c10 · c5a3cd51 · c5a3cd51 · c5a3cd51
Commit c5a3cd51 authored Jul 26, 2014 by Alexander Makarov
Showing with 52 additions and 15 deletions

Security.php framework/base/Security.php +22 -12

ExposedSecurity.php tests/unit/framework/base/ExposedSecurity.php +28 -0

SecurityTest.php tests/unit/framework/base/SecurityTest.php +2 -3

No files found.
--- a/framework/base/Security.php
+++ b/framework/base/Security.php
@@ -44,20 +44,30 @@ class Security extends Component
     */
    public $passwordHashStrategy = 'crypt';

-    // AES has 128-bit block size and three key sizes: 128, 192 and 256 bits.
-    // mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256
-    // bits but only the 128-bit Rijndael is standardized in AES.
-    // So to use AES in mycrypt, specify `'rijndael-128'` cipher and mcrypt
-    // chooses the appropriate AES based on the length of the supplied key.
+    /**
+     * AES has 128-bit block size and three key sizes: 128, 192 and 256 bits.
+     * mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256
+     * bits but only the 128-bit Rijndael is standardized in AES.
+     * So to use AES in mycrypt, specify `'rijndael-128'` cipher and mcrypt
+     * chooses the appropriate AES based on the length of the supplied key.
+     */
    const MCRYPT_CIPHER = 'rijndael-128';
    const MCRYPT_MODE = 'cbc';
-    // Same size for encryption keys, auth keys and KDF salt
+    /**
+     * Same size for encryption keys, auth keys and KDF salt
+     */
    const KEY_SIZE = 16;
-    // Hash algorithm for key derivation.
+    /**
+     * Hash algorithm for key derivation.
+     */
    const KDF_HASH = 'sha256';
-    // Hash algorithm for authentication.
+    /**
+     * Hash algorithm for authentication.
+     */
    const MAC_HASH = 'sha256';
-    // HKDF info value for auth keys
+    /**
+     * HKDF info value for auth keys
+     */
    const AUTH_KEY_INFO = 'AuthorizationKey';

    private $_cryptModule;
@@ -282,7 +292,7 @@ class Security extends Component
     * @throws InvalidParamException
     * @return string the derived key
     */
-    public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
+    protected function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
    {
        $test = @hash_hmac($algo, '', '', true);
        if (!$test) {
@@ -329,7 +339,7 @@ class Security extends Component
     * @throws InvalidParamException
     * @return string the derived key
     */
-    public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
+    protected function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
    {
        if (function_exists('hash_pbkdf2')) {
            $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
@@ -599,7 +609,7 @@ class Security extends Component
     * @param string $actual string to compare.
     * @return boolean whether strings are equal.
     */
-    protected function compareString($expected, $actual)
+    public function compareString($expected, $actual)
    {
        // timing attack resistant approach:
        $length = StringHelper::byteLength($expected);

--- a/tests/unit/framework/base/ExposedSecurity.php
+++ b/tests/unit/framework/base/ExposedSecurity.php
+<?php
+namespace yiiunit\framework\base;
+
+
+use yii\base\Security;
+
+/**
+ * ExposedSecurity exposes protected methods for direct testing
+ */
+class ExposedSecurity extends Security
+{
+    /**
+     * @inheritdoc
+     */
+    public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
+    {
+        return parent::hkdf($algo, $inputKey, $salt, $info, $length);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
+    {
+        return parent::pbkdf2($algo, $password, $salt, $iterations, $length);
+    }
+} 
\ No newline at end of file
--- a/tests/unit/framework/base/SecurityTest.php
+++ b/tests/unit/framework/base/SecurityTest.php
@@ -8,7 +8,6 @@
 namespace yiiunit\framework\base;

 use yiiunit\TestCase;
-use yii\base\Security;

 /**
 * @group base
@@ -16,14 +15,14 @@ use yii\base\Security;
 class SecurityTest extends TestCase
 {
    /**
-     * @var Security
+     * @var ExposedSecurity
     */
    protected $security;

    protected function setUp()
    {
        parent::setUp();
-        $this->security = new Security();
+        $this->security = new ExposedSecurity();
        $this->security->derivationIterations = 1000; // speed up test running
    }