diff --git a/framework/base/Security.php b/framework/base/Security.php
index 0b594fa..0c955f4 100644
--- a/framework/base/Security.php
+++ b/framework/base/Security.php
@@ -44,20 +44,30 @@ class Security extends Component
*/
public $passwordHashStrategy = 'crypt';
- // AES has 128-bit block size and three key sizes: 128, 192 and 256 bits.
- // mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256
- // bits but only the 128-bit Rijndael is standardized in AES.
- // So to use AES in mycrypt, specify `'rijndael-128'` cipher and mcrypt
- // chooses the appropriate AES based on the length of the supplied key.
+ /**
+ * AES has 128-bit block size and three key sizes: 128, 192 and 256 bits.
+ * mcrypt offers the Rijndael cipher with block sizes of 128, 192 and 256
+ * bits but only the 128-bit Rijndael is standardized in AES.
+ * So to use AES in mycrypt, specify `'rijndael-128'` cipher and mcrypt
+ * chooses the appropriate AES based on the length of the supplied key.
+ */
const MCRYPT_CIPHER = 'rijndael-128';
const MCRYPT_MODE = 'cbc';
- // Same size for encryption keys, auth keys and KDF salt
+ /**
+ * Same size for encryption keys, auth keys and KDF salt
+ */
const KEY_SIZE = 16;
- // Hash algorithm for key derivation.
+ /**
+ * Hash algorithm for key derivation.
+ */
const KDF_HASH = 'sha256';
- // Hash algorithm for authentication.
+ /**
+ * Hash algorithm for authentication.
+ */
const MAC_HASH = 'sha256';
- // HKDF info value for auth keys
+ /**
+ * HKDF info value for auth keys
+ */
const AUTH_KEY_INFO = 'AuthorizationKey';
private $_cryptModule;
@@ -282,7 +292,7 @@ class Security extends Component
* @throws InvalidParamException
* @return string the derived key
*/
- public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
+ protected function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
{
$test = @hash_hmac($algo, '', '', true);
if (!$test) {
@@ -329,7 +339,7 @@ class Security extends Component
* @throws InvalidParamException
* @return string the derived key
*/
- public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
+ protected function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
{
if (function_exists('hash_pbkdf2')) {
$outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
@@ -599,7 +609,7 @@ class Security extends Component
* @param string $actual string to compare.
* @return boolean whether strings are equal.
*/
- protected function compareString($expected, $actual)
+ public function compareString($expected, $actual)
{
// timing attack resistant approach:
$length = StringHelper::byteLength($expected);
diff --git a/tests/unit/framework/base/ExposedSecurity.php b/tests/unit/framework/base/ExposedSecurity.php
new file mode 100644
index 0000000..7909057
--- /dev/null
+++ b/tests/unit/framework/base/ExposedSecurity.php
@@ -0,0 +1,27 @@
+<?php
+namespace yiiunit\framework\base;
+
+
+use yii\base\Security;
+
+/**
+ * ExposedSecurity exposes protected methods for direct testing
+ */
+class ExposedSecurity extends Security
+{
+ /**
+ * @inheritdoc
+ */
+ public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
+ {
+ return parent::hkdf($algo, $inputKey, $salt, $info, $length);
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
+ {
+ return parent::pbkdf2($algo, $password, $salt, $iterations, $length);
+ }
+}
\ No newline at end of file
diff --git a/tests/unit/framework/base/SecurityTest.php b/tests/unit/framework/base/SecurityTest.php
index c9f7b6f..eb4e1e7 100644
--- a/tests/unit/framework/base/SecurityTest.php
+++ b/tests/unit/framework/base/SecurityTest.php
@@ -8,7 +8,6 @@
namespace yiiunit\framework\base;
use yiiunit\TestCase;
-use yii\base\Security;
/**
* @group base
@@ -16,14 +15,14 @@ use yii\base\Security;
class SecurityTest extends TestCase
{
/**
- * @var Security
+ * @var ExposedSecurity
*/
protected $security;
protected function setUp()
{
parent::setUp();
- $this->security = new Security();
+ $this->security = new ExposedSecurity();
$this->security->derivationIterations = 1000; // speed up test running
}