Use better random number generator #29

This commit is contained in:
rugk 2016-08-10 23:15:06 +02:00
parent 7dbca9fca6
commit bea9a577a6
8 changed files with 117 additions and 51 deletions

View file

@ -18,7 +18,8 @@
} }
], ],
"require": { "require": {
"php": "^5.2.6 || ^7.0" "php": "^5.2.6 || ^7.0",
"paragonie/random_compat": "^2.0"
}, },
"require-dev": { "require-dev": {
"codacy/coverage": "dev-master", "codacy/coverage": "dev-master",

View file

@ -26,6 +26,15 @@ use Exception;
*/ */
class ServerSalt extends AbstractPersistence class ServerSalt extends AbstractPersistence
{ {
/**
* file where salt is saved to
*
* @access private
* @static
* @var string
*/
private static $_file = 'salt.php';
/** /**
* generated salt * generated salt
* *
@ -44,16 +53,7 @@ class ServerSalt extends AbstractPersistence
*/ */
public static function generate() public static function generate()
{ {
$randomSalt = ''; $randomSalt = bin2hex(random_bytes(256));
if (function_exists('mcrypt_create_iv')) {
$randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
} else {
// fallback to mt_rand()
for ($i = 0; $i < 256; ++$i) {
$randomSalt .= base_convert(mt_rand(), 10, 16);
}
}
return $randomSalt; return $randomSalt;
} }
@ -71,19 +71,18 @@ class ServerSalt extends AbstractPersistence
return self::$_salt; return self::$_salt;
} }
$file = 'salt.php'; if (self::_exists(self::$_file)) {
if (self::_exists($file)) { if (is_readable(self::getPath(self::$_file))) {
if (is_readable(self::getPath($file))) { $items = explode('|', file_get_contents(self::getPath(self::$_file)));
$items = explode('|', file_get_contents(self::getPath($file)));
} }
if (!isset($items) || !is_array($items) || count($items) != 3) { if (!isset($items) || !is_array($items) || count($items) != 3) {
throw new Exception('unable to read file ' . self::getPath($file), 20); throw new Exception('unable to read file ' . self::getPath(self::$_file), 20);
} }
self::$_salt = $items[1]; self::$_salt = $items[1];
} else { } else {
self::$_salt = self::generate(); self::$_salt = self::generate();
self::_store( self::_store(
$file, self::$_file,
'<?php /* |' . self::$_salt . '| */ ?>' '<?php /* |' . self::$_salt . '| */ ?>'
); );
} }

View file

@ -43,26 +43,6 @@ class ServerSaltTest extends PHPUnit_Framework_TestCase
ServerSalt::setPath($this->_path); ServerSalt::setPath($this->_path);
$salt = ServerSalt::get(); $salt = ServerSalt::get();
// mcrypt mock
if (!function_exists('mcrypt_create_iv')) {
if (!defined('MCRYPT_DEV_URANDOM')) {
define('MCRYPT_DEV_URANDOM', 1);
}
function mcrypt_create_iv($int, $flag)
{
$randomSalt = '';
for ($i = 0; $i < $int; ++$i) {
$randomSalt .= base_convert(mt_rand(), 10, 16);
}
// hex2bin requires an even length, pad if necessary
if (strlen($randomSalt) % 2) {
$randomSalt = '0' . $randomSalt;
}
return hex2bin($randomSalt);
}
$this->assertNotEquals($salt, ServerSalt::generate());
}
// try setting a different path and resetting it // try setting a different path and resetting it
ServerSalt::setPath($this->_otherPath); ServerSalt::setPath($this->_otherPath);
$this->assertNotEquals($salt, ServerSalt::get()); $this->assertNotEquals($salt, ServerSalt::get());

View file

@ -5,4 +5,24 @@
$vendorDir = dirname(dirname(__FILE__)); $vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir); $baseDir = dirname($vendorDir);
return array(); return array(
'PrivateBin\\Configuration' => $baseDir . '/lib/Configuration.php',
'PrivateBin\\Data\\AbstractData' => $baseDir . '/lib/Data/AbstractData.php',
'PrivateBin\\Data\\Database' => $baseDir . '/lib/Data/Database.php',
'PrivateBin\\Data\\Filesystem' => $baseDir . '/lib/Data/Filesystem.php',
'PrivateBin\\Filter' => $baseDir . '/lib/Filter.php',
'PrivateBin\\I18n' => $baseDir . '/lib/I18n.php',
'PrivateBin\\Model' => $baseDir . '/lib/Model.php',
'PrivateBin\\Model\\AbstractModel' => $baseDir . '/lib/Model/AbstractModel.php',
'PrivateBin\\Model\\Paste' => $baseDir . '/lib/Model/Paste.php',
'PrivateBin\\Persistence\\AbstractPersistence' => $baseDir . '/lib/Persistence/AbstractPersistence.php',
'PrivateBin\\Persistence\\PurgeLimiter' => $baseDir . '/lib/Persistence/PurgeLimiter.php',
'PrivateBin\\Persistence\\ServerSalt' => $baseDir . '/lib/Persistence/ServerSalt.php',
'PrivateBin\\Persistence\\TrafficLimiter' => $baseDir . '/lib/Persistence/TrafficLimiter.php',
'PrivateBin\\PrivateBin' => $baseDir . '/lib/PrivateBin.php',
'PrivateBin\\Request' => $baseDir . '/lib/Request.php',
'PrivateBin\\Sjcl' => $baseDir . '/lib/Sjcl.php',
'PrivateBin\\View' => $baseDir . '/lib/View.php',
'PrivateBin\\Vizhash16x16' => $baseDir . '/lib/Vizhash16x16.php',
'PrivateBin\\model\\Comment' => $baseDir . '/lib/Model/Comment.php',
);

View file

@ -5,4 +5,6 @@
$vendorDir = dirname(dirname(__FILE__)); $vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir); $baseDir = dirname($vendorDir);
return array(); return array(
'5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
);

View file

@ -6,10 +6,4 @@ $vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir); $baseDir = dirname($vendorDir);
return array( return array(
'Psr\\Log\\' => array($vendorDir . '/psr/log'),
'Prophecy\\' => array($vendorDir . '/phpspec/prophecy/src'),
'Guzzle\\Tests' => array($vendorDir . '/guzzle/guzzle/tests'),
'Guzzle' => array($vendorDir . '/guzzle/guzzle/src'),
'CodeClimate\\Component' => array($vendorDir . '/codeclimate/php-test-reporter/src'),
'CodeClimate\\Bundle' => array($vendorDir . '/codeclimate/php-test-reporter/src'),
); );

View file

@ -6,7 +6,9 @@ namespace Composer\Autoload;
class ComposerStaticInitDontChange class ComposerStaticInitDontChange
{ {
public static $files = array (); public static $files = array (
'5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
);
public static $prefixLengthsPsr4 = array ( public static $prefixLengthsPsr4 = array (
'P' => 'P' =>
@ -22,16 +24,33 @@ class ComposerStaticInitDontChange
), ),
); );
public static $prefixesPsr0 = array (); public static $classMap = array (
'PrivateBin\\Configuration' => __DIR__ . '/../..' . '/lib/Configuration.php',
public static $classMap = array (); 'PrivateBin\\Data\\AbstractData' => __DIR__ . '/../..' . '/lib/Data/AbstractData.php',
'PrivateBin\\Data\\Database' => __DIR__ . '/../..' . '/lib/Data/Database.php',
'PrivateBin\\Data\\Filesystem' => __DIR__ . '/../..' . '/lib/Data/Filesystem.php',
'PrivateBin\\Filter' => __DIR__ . '/../..' . '/lib/Filter.php',
'PrivateBin\\I18n' => __DIR__ . '/../..' . '/lib/I18n.php',
'PrivateBin\\Model' => __DIR__ . '/../..' . '/lib/Model.php',
'PrivateBin\\Model\\AbstractModel' => __DIR__ . '/../..' . '/lib/Model/AbstractModel.php',
'PrivateBin\\Model\\Paste' => __DIR__ . '/../..' . '/lib/Model/Paste.php',
'PrivateBin\\Persistence\\AbstractPersistence' => __DIR__ . '/../..' . '/lib/Persistence/AbstractPersistence.php',
'PrivateBin\\Persistence\\PurgeLimiter' => __DIR__ . '/../..' . '/lib/Persistence/PurgeLimiter.php',
'PrivateBin\\Persistence\\ServerSalt' => __DIR__ . '/../..' . '/lib/Persistence/ServerSalt.php',
'PrivateBin\\Persistence\\TrafficLimiter' => __DIR__ . '/../..' . '/lib/Persistence/TrafficLimiter.php',
'PrivateBin\\PrivateBin' => __DIR__ . '/../..' . '/lib/PrivateBin.php',
'PrivateBin\\Request' => __DIR__ . '/../..' . '/lib/Request.php',
'PrivateBin\\Sjcl' => __DIR__ . '/../..' . '/lib/Sjcl.php',
'PrivateBin\\View' => __DIR__ . '/../..' . '/lib/View.php',
'PrivateBin\\Vizhash16x16' => __DIR__ . '/../..' . '/lib/Vizhash16x16.php',
'PrivateBin\\model\\Comment' => __DIR__ . '/../..' . '/lib/Model/Comment.php',
);
public static function getInitializer(ClassLoader $loader) public static function getInitializer(ClassLoader $loader)
{ {
return \Closure::bind(function () use ($loader) { return \Closure::bind(function () use ($loader) {
$loader->prefixLengthsPsr4 = ComposerStaticInitDontChange::$prefixLengthsPsr4; $loader->prefixLengthsPsr4 = ComposerStaticInitDontChange::$prefixLengthsPsr4;
$loader->prefixDirsPsr4 = ComposerStaticInitDontChange::$prefixDirsPsr4; $loader->prefixDirsPsr4 = ComposerStaticInitDontChange::$prefixDirsPsr4;
$loader->prefixesPsr0 = ComposerStaticInitDontChange::$prefixesPsr0;
$loader->classMap = ComposerStaticInitDontChange::$classMap; $loader->classMap = ComposerStaticInitDontChange::$classMap;
}, null, ClassLoader::class); }, null, ClassLoader::class);

View file

@ -1 +1,52 @@
[] [
{
"name": "paragonie/random_compat",
"version": "v2.0.2",
"version_normalized": "2.0.2.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/088c04e2f261c33bed6ca5245491cfca69195ccf",
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"time": "2016-04-03 06:00:07",
"type": "library",
"installation-source": "dist",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"pseudorandom",
"random"
]
}
]