1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
<?php
use MediaWiki\Password\EncryptedPassword;
use MediaWiki\Password\PasswordError;
use MediaWiki\Password\Pbkdf2PasswordUsingHashExtension;
/**
* @covers \Mediawiki\Password\EncryptedPassword
* @covers \Mediawiki\Password\ParameterizedPassword
* @covers \Mediawiki\Password\Password
*/
class EncryptedPasswordTest extends PasswordTestCase {
protected function getTypeConfigs() {
return [
'both' => [
'class' => EncryptedPassword::class,
'underlying' => 'pbkdf2',
'secrets' => [
md5( 'secret1' ),
md5( 'secret2' ),
],
'cipher' => 'aes-256-cbc',
],
'secret1' => [
'class' => EncryptedPassword::class,
'underlying' => 'pbkdf2',
'secrets' => [
md5( 'secret1' ),
],
'cipher' => 'aes-256-cbc',
],
'secret2' => [
'class' => EncryptedPassword::class,
'underlying' => 'pbkdf2',
'secrets' => [
md5( 'secret2' ),
],
'cipher' => 'aes-256-cbc',
],
'pbkdf2' => [
'class' => Pbkdf2PasswordUsingHashExtension::class,
'algo' => 'sha256',
'cost' => '10',
'length' => '64',
],
];
}
public static function providePasswordTests() {
return [
// Encrypted with secret1
[ true, ':both:aes-256-cbc:0:izBpxujqC1YbzpCB3qAzgg==:ZqHnitT1pL4YJqKqFES2KEevZYSy2LtlibW5+IMi4XKOGKGy6sE638BXyBbLQQsBtTSrt+JyzwOayKtwIfRbaQsBridx/O1JwBSai1TkGkOsYMBXnlu2Bu/EquCBj5QpjYh7p3Uq4rpiop1KQlin1BJMwnAa1PovhxjpxnYhlhkM4X5ALoGi3XM0bapN48vt', 'password' ],
[ true, ':secret1:aes-256-cbc:0:izBpxujqC1YbzpCB3qAzgg==:ZqHnitT1pL4YJqKqFES2KEevZYSy2LtlibW5+IMi4XKOGKGy6sE638BXyBbLQQsBtTSrt+JyzwOayKtwIfRbaQsBridx/O1JwBSai1TkGkOsYMBXnlu2Bu/EquCBj5QpjYh7p3Uq4rpiop1KQlin1BJMwnAa1PovhxjpxnYhlhkM4X5ALoGi3XM0bapN48vt', 'password' ],
[ false, ':secret1:aes-256-cbc:0:izBpxujqC1YbzpCB3qAzgg==:ZqHnitT1pL4YJqKqFES2KEevZYSy2LtlibW5+IMi4XKOGKGy6sE638BXyBbLQQsBtTSrt+JyzwOayKtwIfRbaQsBridx/O1JwBSai1TkGkOsYMBXnlu2Bu/EquCBj5QpjYh7p3Uq4rpiop1KQlin1BJMwnAa1PovhxjpxnYhlhkM4X5ALoGi3XM0bapN48vt', 'notpassword' ],
// Encrypted with secret2
[ true, ':both:aes-256-cbc:1:m1LCnQVIakfYBNlr9KEgQg==:5yPTctqrzsybdgaMEag18AZYbnL37pAtXVBqmWxkjXbnNmiDH+1bHoL8lsEVTH/sJntC82kNVgE7zeiD8xUVLYF2VUnvB5+sU+aysE45/zwsCu7a22TaischMAOWrsHZ/tIgS/TnZY2d+HNyxgsEeeYf/QoL+FhmqHquK02+4SRbA5lLuj9niYy1r5CoM9cQ', 'password' ],
[ true, ':secret2:aes-256-cbc:0:m1LCnQVIakfYBNlr9KEgQg==:5yPTctqrzsybdgaMEag18AZYbnL37pAtXVBqmWxkjXbnNmiDH+1bHoL8lsEVTH/sJntC82kNVgE7zeiD8xUVLYF2VUnvB5+sU+aysE45/zwsCu7a22TaischMAOWrsHZ/tIgS/TnZY2d+HNyxgsEeeYf/QoL+FhmqHquK02+4SRbA5lLuj9niYy1r5CoM9cQ', 'password' ],
];
// phpcs:enable
}
/**
* Wrong encryption key selected
*/
public function testDecryptionError() {
$hash = ':secret1:aes-256-cbc:0:m1LCnQVIakfYBNlr9KEgQg==:5yPTctqrzsybdgaMEag18AZYbnL37pAtXVBqmWxkjXbnNmiDH+1bHoL8lsEVTH/sJntC82kNVgE7zeiD8xUVLYF2VUnvB5+sU+aysE45/zwsCu7a22TaischMAOWrsHZ/tIgS/TnZY2d+HNyxgsEeeYf/QoL+FhmqHquK02+4SRbA5lLuj9niYy1r5CoM9cQ';
$password = $this->passwordFactory->newFromCiphertext( $hash );
$this->expectException( PasswordError::class );
$password->crypt( 'password' );
}
public function testUpdate() {
$hash = ':both:aes-256-cbc:0:izBpxujqC1YbzpCB3qAzgg==:ZqHnitT1pL4YJqKqFES2KEevZYSy2LtlibW5+IMi4XKOGKGy6sE638BXyBbLQQsBtTSrt+JyzwOayKtwIfRbaQsBridx/O1JwBSai1TkGkOsYMBXnlu2Bu/EquCBj5QpjYh7p3Uq4rpiop1KQlin1BJMwnAa1PovhxjpxnYhlhkM4X5ALoGi3XM0bapN48vt';
$fromHash = $this->passwordFactory->newFromCiphertext( $hash );
$this->assertTrue( $fromHash->needsUpdate() );
$this->assertTrue( $fromHash->update() );
$serialized = $fromHash->toString();
$this->assertMatchesRegularExpression( '/^:both:aes-256-cbc:1:/', $serialized );
$fromNewHash = $this->passwordFactory->newFromCiphertext( $serialized );
$fromPlaintext = $this->passwordFactory->newFromPlaintext( 'password', $fromNewHash );
$this->assertTrue( $fromPlaintext->verify( 'password' ) );
$this->assertTrue( $fromHash->verify( 'password' ) );
$this->assertFalse( $fromPlaintext->needsUpdate() );
}
}
|
