diff options
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | Core/Util/SecureRandom.php (renamed from Core/Util/Prng.php) | 2 | ||||
| -rw-r--r-- | Http/RememberMe/PersistentTokenBasedRememberMeServices.php | 14 | ||||
| -rwxr-xr-x | Tests/Core/Util/SecureRandomTest.php (renamed from Tests/Core/Util/PrngTest.php) | 61 | ||||
| -rw-r--r-- | Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php | 4 |
5 files changed, 42 insertions, 43 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 251666a..279c614 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,12 +4,12 @@ CHANGELOG 2.2.0 ----- -* Added PBKDF2 Password encoder + * added secure random number generator + * added PBKDF2 Password encoder 2.1.0 ----- - * added secure random number generator * [BC BREAK] The signature of ExceptionListener has changed * changed the HttpUtils constructor signature to take a UrlGenerator and a UrlMatcher instead of a Router * EncoderFactoryInterface::getEncoder() can now also take a class name as an argument diff --git a/Core/Util/Prng.php b/Core/Util/SecureRandom.php index f3a0b24..14a1f3d 100644 --- a/Core/Util/Prng.php +++ b/Core/Util/SecureRandom.php @@ -19,7 +19,7 @@ use Symfony\Component\HttpKernel\Log\LoggerInterface; * @author Fabien Potencier <fabien@symfony.com> * @author Johannes M. Schmitt <schmittjoh@gmail.com> */ -final class Prng +final class SecureRandom { private $logger; private $useOpenSsl; diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php index d36eb01..456d8be 100644 --- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php +++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php @@ -19,7 +19,7 @@ use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\CookieTheftException; use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\Util\Prng; +use Symfony\Component\Security\Core\Util\SecureRandom; /** * Concrete implementation of the RememberMeServicesInterface which needs @@ -31,11 +31,11 @@ use Symfony\Component\Security\Core\Util\Prng; class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices { private $tokenProvider; - private $prng; + private $secureRandom; - public function setPrng(Prng $prng) + public function setSecureRandom(SecureRandom $secureRandom) { - $this->prng = $prng; + $this->secureRandom = $secureRandom; } /** @@ -86,7 +86,7 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices } $series = $persistentToken->getSeries(); - $tokenValue = $this->prng->nextBytes(64); + $tokenValue = $this->secureRandom->nextBytes(64); $this->tokenProvider->updateToken($series, $tokenValue, new \DateTime()); $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie( @@ -108,8 +108,8 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices */ protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token) { - $series = $this->prng->nextBytes(64); - $tokenValue = $this->prng->nextBytes(64); + $series = $this->secureRandom->nextBytes(64); + $tokenValue = $this->secureRandom->nextBytes(64); $this->tokenProvider->createNewToken( new PersistentToken( diff --git a/Tests/Core/Util/PrngTest.php b/Tests/Core/Util/SecureRandomTest.php index 23afd30..f366272 100755 --- a/Tests/Core/Util/PrngTest.php +++ b/Tests/Core/Util/SecureRandomTest.php @@ -3,30 +3,29 @@ namespace Symfony\Component\Security\Tests\Core\Util; use Symfony\Component\Security\Core\Util\NullSeedProvider; -use Symfony\Component\Security\Core\Util\PrngSchema; -use Symfony\Component\Security\Core\Util\Prng; +use Symfony\Component\Security\Core\Util\SecureRandom; -class PrngTest extends \PHPUnit_Framework_TestCase +class SecureRandomTest extends \PHPUnit_Framework_TestCase { /** * T1: Monobit test * - * @dataProvider getPrngs + * @dataProvider getSecureRandoms */ - public function testMonobit($prng) + public function testMonobit($secureRandom) { - $nbOnBits = substr_count($this->getBitSequence($prng, 20000), '1'); + $nbOnBits = substr_count($this->getBitSequence($secureRandom, 20000), '1'); $this->assertTrue($nbOnBits > 9654 && $nbOnBits < 10346, 'Monobit test failed, number of turned on bits: '.$nbOnBits); } /** * T2: Chi-square test with 15 degrees of freedom (chi-Quadrat-Anpassungstest) * - * @dataProvider getPrngs + * @dataProvider getSecureRandoms */ - public function testPoker($prng) + public function testPoker($secureRandom) { - $b = $this->getBitSequence($prng, 20000); + $b = $this->getBitSequence($secureRandom, 20000); $c = array(); for ($i=0;$i<=15;$i++) { $c[$i] = 0; @@ -50,11 +49,11 @@ class PrngTest extends \PHPUnit_Framework_TestCase /** * Run test * - * @dataProvider getPrngs + * @dataProvider getSecureRandoms */ - public function testRun($prng) + public function testRun($secureRandom) { - $b = $this->getBitSequence($prng, 20000); + $b = $this->getBitSequence($secureRandom, 20000); $runs = array(); for ($i=1; $i<=6; $i++) { @@ -98,11 +97,11 @@ class PrngTest extends \PHPUnit_Framework_TestCase /** * Long-run test * - * @dataProvider getPrngs + * @dataProvider getSecureRandoms */ - public function testLongRun($prng) + public function testLongRun($secureRandom) { - $b = $this->getBitSequence($prng, 20000); + $b = $this->getBitSequence($secureRandom, 20000); $longestRun = 0; $currentRun = $lastBit = null; @@ -127,12 +126,12 @@ class PrngTest extends \PHPUnit_Framework_TestCase /** * Serial Correlation (Autokorrelationstest) * - * @dataProvider getPrngs + * @dataProvider getSecureRandoms */ - public function testSerialCorrelation($prng) + public function testSerialCorrelation($secureRandom) { $shift = rand(1, 5000); - $b = $this->getBitSequence($prng, 20000); + $b = $this->getBitSequence($secureRandom, 20000); $Z = 0; for ($i=0; $i<5000; $i++) { @@ -142,34 +141,34 @@ class PrngTest extends \PHPUnit_Framework_TestCase $this->assertTrue($Z > 2326 && $Z < 2674, 'Failed serial correlation test: '.$Z); } - public function getPrngs() + public function getSecureRandoms() { - $prngs = array(); + $secureRandoms = array(); // openssl with fallback - $prng = new Prng(); - $prngs[] = array($prng); + $secureRandom = new SecureRandom(); + $secureRandoms[] = array($secureRandom); // no-openssl with custom seed provider - $prng = new Prng(sys_get_temp_dir().'/_sf2.seed'); - $this->disableOpenSsl($prng); - $prngs[] = array($prng); + $secureRandom = new SecureRandom(sys_get_temp_dir().'/_sf2.seed'); + $this->disableOpenSsl($secureRandom); + $secureRandoms[] = array($secureRandom); - return $prngs; + return $secureRandoms; } - protected function disableOpenSsl($prng) + protected function disableOpenSsl($secureRandom) { - $ref = new \ReflectionProperty($prng, 'useOpenSsl'); + $ref = new \ReflectionProperty($secureRandom, 'useOpenSsl'); $ref->setAccessible(true); - $ref->setValue($prng, false); + $ref->setValue($secureRandom, false); } - private function getBitSequence($prng, $length) + private function getBitSequence($secureRandom, $length) { $bitSequence = ''; for ($i=0;$i<$length; $i+=40) { - $value = unpack('H*', $prng->nextBytes(5)); + $value = unpack('H*', $secureRandom->nextBytes(5)); $value = str_pad(base_convert($value[1], 16, 2), 40, '0', STR_PAD_LEFT); $bitSequence .= $value; } diff --git a/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php b/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php index 846ee9b..24f1570 100644 --- a/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php +++ b/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php @@ -22,7 +22,7 @@ use Symfony\Component\HttpFoundation\ResponseHeaderBag; use Symfony\Component\Security\Http\RememberMe\PersistentTokenBasedRememberMeServices; use Symfony\Component\Security\Core\Exception\TokenNotFoundException; use Symfony\Component\Security\Core\Exception\CookieTheftException; -use Symfony\Component\Security\Core\Util\Prng; +use Symfony\Component\Security\Core\Util\SecureRandom; class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase { @@ -320,7 +320,7 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test } $r = new PersistentTokenBasedRememberMeServices(array($userProvider), 'fookey', 'fookey', $options, $logger); - $r->setPrng(new Prng()); + $r->setSecureRandom(new SecureRandom()); return $r; } |