Skip to content
This repository has been archived by the owner on Jan 8, 2020. It is now read-only.

Commit

Permalink
CS fixes and dependencies for RNG changes
Browse files Browse the repository at this point in the history 
- CS fixes:
  - imports
  - docblocks
  - braces
- dependencies
  - RandomLib is a "suggested" dependency
  - For the framework, it's a "require-dev" dependency. Also added security-lib,
    as it is required by random-lib
  • Loading branch information
@weierophinney
weierophinney committed Mar 13, 2013
1 parent 8de133b commit ff80be3
Show file tree
Hide file tree
Showing 4 changed files with 84 additions and 75 deletions.
7 changes: 4 additions & 3 deletions composer.json
View file
Expand Up @@ -8,18 +8,19 @@
], ],
"homepage": "http://framework.zend.com/", "homepage": "http://framework.zend.com/",
"license": "BSD-3-Clause", "license": "BSD-3-Clause",
"minimum-stability": "dev",
"require": { "require": {
"php": ">=5.3.3" "php": ">=5.3.3"
}, },
"require-dev": { "require-dev": {
"doctrine/common": ">=2.1", "doctrine/common": ">=2.1",
"phpunit/PHPUnit": "3.7.*", "ircmaxell/random-lib": "dev-master",
"ircmaxell/random-lib": "dev-master" "ircmaxell/security-lib": "dev-master",
"phpunit/PHPUnit": "3.7.*"
}, },
"suggest": { "suggest": {
"doctrine/common": "Doctrine\\Common >=2.1 for annotation features", "doctrine/common": "Doctrine\\Common >=2.1 for annotation features",
"ext-intl": "ext/intl for i18n features", "ext-intl": "ext/intl for i18n features",
"ircmaxell/random-lib": "Fallback random byte generator for Zend\\Math\\Rand if OpenSSL/Mcrypt extensions are unavailable",
"pecl-weakref": "Implementation of weak references for Zend\\Stdlib\\CallbackHandler", "pecl-weakref": "Implementation of weak references for Zend\\Stdlib\\CallbackHandler",
"zendframework/zendpdf": "ZendPdf for creating PDF representations of barcodes", "zendframework/zendpdf": "ZendPdf for creating PDF representations of barcodes",
"zendframework/zendservice-recaptcha": "ZendService\\ReCaptcha for rendering ReCaptchas in Zend\\Captcha and/or Zend\\Form" "zendframework/zendservice-recaptcha": "ZendService\\ReCaptcha for rendering ReCaptchas in Zend\\Captcha and/or Zend\\Form"
Expand Down
28 changes: 19 additions & 9 deletions library/Zend/Math/Rand.php
View file
Expand Up @@ -9,6 +9,8 @@


namespace Zend\Math; namespace Zend\Math;


use RandomLib;

/** /**
* Pseudorandom number generator (PRNG) * Pseudorandom number generator (PRNG)
*/ */
Expand All @@ -18,7 +20,7 @@ abstract class Rand
/** /**
* Alternative random byte generator using RandomLib * Alternative random byte generator using RandomLib
* *
* @var \RandomLib\Generator * @var RandomLib\Generator
*/ */
protected static $generator = null; protected static $generator = null;


Expand All @@ -37,15 +39,18 @@ public static function getBytes($length, $strong = false)
} }
$bytes = ''; $bytes = '';
if (function_exists('openssl_random_pseudo_bytes') if (function_exists('openssl_random_pseudo_bytes')
&& (version_compare(PHP_VERSION, '5.3.4') >= 0 && (version_compare(PHP_VERSION, '5.3.4') >= 0
|| strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')
) {
$bytes = openssl_random_pseudo_bytes($length, $usable); $bytes = openssl_random_pseudo_bytes($length, $usable);
if (true === $usable) { if (true === $usable) {
return $bytes; return $bytes;
} }
} elseif (function_exists('mcrypt_create_iv') }
&& (version_compare(PHP_VERSION, '5.3.7') >= 0 if (function_exists('mcrypt_create_iv')
|| strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { && (version_compare(PHP_VERSION, '5.3.7') >= 0
|| strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')
) {
$bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
if ($bytes !== false && strlen($bytes) === $length) { if ($bytes !== false && strlen($bytes) === $length) {
return $bytes; return $bytes;
Expand All @@ -63,22 +68,27 @@ public static function getBytes($length, $strong = false)
return $generator->generate($length); return $generator->generate($length);
} }


/**
* Retrieve a fallback/alternative RNG generator
*
* @return RandomLib\Generator
*/
public static function getAlternativeGenerator() public static function getAlternativeGenerator()
{ {
if (!is_null(self::$generator)) { if (!is_null(self::$generator)) {
return self::$generator; return self::$generator;
} }
if (!class_exists('\\RandomLib\\Factory')) { if (!class_exists('RandomLib\\Factory')) {
throw new Exception\RuntimeException( throw new Exception\RuntimeException(
'The RandomLib fallback pseudorandom number generator (PRNG) ' 'The RandomLib fallback pseudorandom number generator (PRNG) '
. ' must be installed in the absence of the OpenSSL and ' . ' must be installed in the absence of the OpenSSL and '
. 'Mcrypt extensions' . 'Mcrypt extensions'
); );
} }
$factory = new \RandomLib\Factory; $factory = new RandomLib\Factory;
$factory->registerSource( $factory->registerSource(
'HashTiming', 'HashTiming',
'\Zend\Math\Source\HashTiming' 'Zend\Math\Source\HashTiming'
); );
self::$generator = $factory->getMediumStrengthGenerator(); self::$generator = $factory->getMediumStrengthGenerator();
return self::$generator; return self::$generator;
Expand Down
123 changes: 61 additions & 62 deletions library/Zend/Math/Source/HashTiming.php
View file
Expand Up @@ -11,78 +11,79 @@
use RandomLib; use RandomLib;
use SecurityLib\Strength; use SecurityLib\Strength;


/* /**
* Author: * Author:
* George Argyros <argyros.george@gmail.com> * George Argyros <argyros.george@gmail.com>
* *
* Copyright (c) 2012, George Argyros * Copyright (c) 2012, George Argyros
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met: * modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer. * notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright * * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the * notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution. * documentation and/or other materials provided with the distribution.
* * Neither the name of the <organization> nor the * * Neither the name of the <organization> nor the
* names of its contributors may be used to endorse or promote products * names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission. * derived from this software without specific prior written permission.
* *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY * DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* *
* *
* *
* The function is providing, at least at the systems tested :), * The function is providing, at least at the systems tested :),
* $len bytes of entropy under any PHP installation or operating system. * $len bytes of entropy under any PHP installation or operating system.
* The execution time should be at most 10-20 ms in any system. * The execution time should be at most 10-20 ms in any system.
* *
* Modified by Padraic Brady as part of Zend Framework to use 25% of the * Modified by Padraic Brady as part of Zend Framework to use 25% of the
* original version's iterations. * original version's iterations.
*/ */
class HashTiming implements RandomLib\Source class HashTiming implements RandomLib\Source
{ {


/** /**
* Return an instance of Strength indicating the strength of the source * Return an instance of Strength indicating the strength of the source
* *
* @return Strength An instance of one of the strength classes * @return Strength An instance of one of the strength classes
*/ */
public static function getStrength() public static function getStrength()
{ {
return new Strength(Strength::VERYLOW); return new Strength(Strength::VERYLOW);
} }


/** /**
* Generate a random string of the specified size * Generate a random string of the specified size
* *
* @param int $size The size of the requested random string * @param int $size The size of the requested random string
* *
* @return string A string of the requested size * @return string A string of the requested size
*/ */
public function generate($size) { public function generate($size)
$result = ''; {
$entropy = ''; $result = '';
$entropy = '';
$msec_per_round = 400; $msec_per_round = 400;
$bits_per_round = 2; $bits_per_round = 2;
$total = $size; $total = $size;
$bytes = 0; $bytes = 0;
$hash_length = 20; $hash_length = 20;
$rounds = 0; $rounds = 0;
while (strlen($result) < $size) { while (strlen($result) < $size) {
$bytes = ($total > $hash_length)? $hash_length : $total; $bytes = ($total > $hash_length)? $hash_length : $total;
$total -= $bytes; $total -= $bytes;
for ($i=1; $i < 3; $i++) { for ($i=1; $i < 3; $i++) {
$t1 = microtime(true); $t1 = microtime(true);
$seed = mt_rand(); $seed = mt_rand();
for ($j=1; $j < 50; $j++) { for ($j=1; $j < 50; $j++) {
$seed = sha1($seed); $seed = sha1($seed);
Expand All @@ -96,12 +97,10 @@ public function generate($size) {
} }
$rounds = (int) ($msec_per_round * 50 / $div); $rounds = (int) ($msec_per_round * 50 / $div);
$iter = $bytes * (int) (ceil(8 / $bits_per_round)); $iter = $bytes * (int) (ceil(8 / $bits_per_round));
for ($i = 0; $i < $iter; $i ++) for ($i = 0; $i < $iter; $i ++) {
{
$t1 = microtime(); $t1 = microtime();
$seed = sha1(mt_rand()); $seed = sha1(mt_rand());
for ($j = 0; $j < $rounds; $j++) for ($j = 0; $j < $rounds; $j++) {
{
$seed = sha1($seed); $seed = sha1($seed);
} }
$t2 = microtime(); $t2 = microtime();
Expand All @@ -112,4 +111,4 @@ public function generate($size) {
return substr($result, 0, $size); return substr($result, 0, $size);
} }


} }
1 change: 0 additions & 1 deletion library/Zend/Math/composer.json
View file
Expand Up @@ -2,7 +2,6 @@
"name": "zendframework/zend-math", "name": "zendframework/zend-math",
"description": " ", "description": " ",
"license": "BSD-3-Clause", "license": "BSD-3-Clause",
"minimum-stability": "dev",
"keywords": [ "keywords": [
"zf2", "zf2",
"math" "math"
Expand Down

0 comments on commit ff80be3

Please sign in to comment.