Fixes #4462.

b680afc7 · Qiang Xue · 54bfe075 · b680afc7
Commit b680afc7 authored Jul 26, 2014 by Qiang Xue
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 7 deletions

Security.php framework/base/Security.php +10 -7

No files found.
--- a/framework/base/Security.php
+++ b/framework/base/Security.php
@@ -45,6 +45,7 @@ class Security extends Component
    public $passwordHashStrategy = 'crypt';

    /**
+     * Cipher algorithm for mcrypt module.
     * AES has 128-bit block size and three key sizes: 128, 192 and 256 bits.
     * mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256
     * bits but only the 128-bit Rijndael is standardized in AES.
@@ -52,9 +53,12 @@ class Security extends Component
     * chooses the appropriate AES based on the length of the supplied key.
     */
    const MCRYPT_CIPHER = 'rijndael-128';
+    /**
+     * Block cipher operation mode for mcrypt module.
+     */
    const MCRYPT_MODE = 'cbc';
    /**
-     * Same size for encryption keys, auth keys and KDF salt
+     * Size in bytes of encryption key, message authentication key and KDF salt.
     */
    const KEY_SIZE = 16;
    /**
@@ -62,11 +66,11 @@ class Security extends Component
     */
    const KDF_HASH = 'sha256';
    /**
-     * Hash algorithm for authentication.
+     * Hash algorithm for message authentication.
     */
    const MAC_HASH = 'sha256';
    /**
-     * HKDF info value for auth keys
+     * HKDF info value for derivation of message authentication key.
     */
    const AUTH_KEY_INFO = 'AuthorizationKey';

@@ -292,7 +296,7 @@ class Security extends Component
     * @throws InvalidParamException
     * @return string the derived key
     */
-    protected function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
+    public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
    {
        $test = @hash_hmac($algo, '', '', true);
        if (!$test) {
@@ -339,7 +343,7 @@ class Security extends Component
     * @throws InvalidParamException
     * @return string the derived key
     */
-    protected function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
+    public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
    {
        if (function_exists('hash_pbkdf2')) {
            $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
@@ -622,4 +626,4 @@ class Security extends Component
        }
        return $diff === 0;
    }
-}
\ No newline at end of file
+}