Commit b680afc7 by Qiang Xue

Fixes #4462.

parent 54bfe075
...@@ -45,6 +45,7 @@ class Security extends Component ...@@ -45,6 +45,7 @@ class Security extends Component
public $passwordHashStrategy = 'crypt'; public $passwordHashStrategy = 'crypt';
/** /**
* Cipher algorithm for mcrypt module.
* AES has 128-bit block size and three key sizes: 128, 192 and 256 bits. * AES has 128-bit block size and three key sizes: 128, 192 and 256 bits.
* mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256 * mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256
* bits but only the 128-bit Rijndael is standardized in AES. * bits but only the 128-bit Rijndael is standardized in AES.
...@@ -52,9 +53,12 @@ class Security extends Component ...@@ -52,9 +53,12 @@ class Security extends Component
* chooses the appropriate AES based on the length of the supplied key. * chooses the appropriate AES based on the length of the supplied key.
*/ */
const MCRYPT_CIPHER = 'rijndael-128'; const MCRYPT_CIPHER = 'rijndael-128';
/**
* Block cipher operation mode for mcrypt module.
*/
const MCRYPT_MODE = 'cbc'; const MCRYPT_MODE = 'cbc';
/** /**
* Same size for encryption keys, auth keys and KDF salt * Size in bytes of encryption key, message authentication key and KDF salt.
*/ */
const KEY_SIZE = 16; const KEY_SIZE = 16;
/** /**
...@@ -62,11 +66,11 @@ class Security extends Component ...@@ -62,11 +66,11 @@ class Security extends Component
*/ */
const KDF_HASH = 'sha256'; const KDF_HASH = 'sha256';
/** /**
* Hash algorithm for authentication. * Hash algorithm for message authentication.
*/ */
const MAC_HASH = 'sha256'; const MAC_HASH = 'sha256';
/** /**
* HKDF info value for auth keys * HKDF info value for derivation of message authentication key.
*/ */
const AUTH_KEY_INFO = 'AuthorizationKey'; const AUTH_KEY_INFO = 'AuthorizationKey';
...@@ -292,7 +296,7 @@ class Security extends Component ...@@ -292,7 +296,7 @@ class Security extends Component
* @throws InvalidParamException * @throws InvalidParamException
* @return string the derived key * @return string the derived key
*/ */
protected function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0) public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
{ {
$test = @hash_hmac($algo, '', '', true); $test = @hash_hmac($algo, '', '', true);
if (!$test) { if (!$test) {
...@@ -339,7 +343,7 @@ class Security extends Component ...@@ -339,7 +343,7 @@ class Security extends Component
* @throws InvalidParamException * @throws InvalidParamException
* @return string the derived key * @return string the derived key
*/ */
protected function pbkdf2($algo, $password, $salt, $iterations, $length = 0) public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
{ {
if (function_exists('hash_pbkdf2')) { if (function_exists('hash_pbkdf2')) {
$outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true); $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment