From ef544c69e7adfb86a6b422285e58cc928565357a Mon Sep 17 00:00:00 2001 From: Andreas Forsblom Date: Tue, 27 Dec 2016 11:40:30 +0200 Subject: [PATCH] Fix XORMixer double XOR issue --- lib/RandomLib/Mixer/XorMixer.php | 23 +++----- test/Unit/RandomLib/Mixer/XorMixerTest.php | 62 ++++++++++++++++++++++ 2 files changed, 70 insertions(+), 15 deletions(-) create mode 100644 test/Unit/RandomLib/Mixer/XorMixerTest.php diff --git a/lib/RandomLib/Mixer/XorMixer.php b/lib/RandomLib/Mixer/XorMixer.php index 326552b..077eacb 100644 --- a/lib/RandomLib/Mixer/XorMixer.php +++ b/lib/RandomLib/Mixer/XorMixer.php @@ -10,15 +10,10 @@ */ /** - * The Hash medium strength mixer class - * - * This class implements a mixer based upon the recommendations in RFC 4086 - * section 5.2 + * XOR mixer * * PHP version 5.3 * - * @see http://tools.ietf.org/html/rfc4086#section-5.2 - * * @category PHPCryptLib * @package Random * @subpackage Mixer @@ -34,12 +29,7 @@ use SecurityLib\Strength; /** - * The Hash medium strength mixer class - * - * This class implements a mixer based upon the recommendations in RFC 4086 - * section 5.2 - * - * @see http://tools.ietf.org/html/rfc4086#section-5.2 + * XOR mixer * * @category PHPCryptLib * @package Random @@ -51,7 +41,7 @@ class XorMixer extends \RandomLib\AbstractMixer { /** - * Return an instance of Strength indicating the strength of the source + * Return an instance of Strength indicating the strength of the mixer * * @return \SecurityLib\Strength An instance of one of the strength classes */ @@ -90,7 +80,10 @@ protected function getPartSize() */ protected function mixParts1($part1, $part2) { - return $part1 ^ $part2; + // The XOR operation is done in AbstractMixer; repeating it here will + // cause the previous source to get XORed with itself, setting it to + // zero + return $part2; } /** @@ -104,6 +97,6 @@ protected function mixParts1($part1, $part2) protected function mixParts2($part1, $part2) { // Both mixers are identical, this is for speed, not security - return $part1 ^ $part2; + return $part2; } } diff --git a/test/Unit/RandomLib/Mixer/XorMixerTest.php b/test/Unit/RandomLib/Mixer/XorMixerTest.php new file mode 100644 index 0000000..1d3d1fc --- /dev/null +++ b/test/Unit/RandomLib/Mixer/XorMixerTest.php @@ -0,0 +1,62 @@ + + * @copyright 2011 The Authors + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @version Build @@version@@ + */ +namespace RandomLib\Mixer; + +use SecurityLib\Strength; + +class XorMixerTest extends \PHPUnit_Framework_TestCase +{ + public static function provideMix() + { + $data = array( + array(array(), ''), + array(array('1', '1'), '00'), + array(array('a'), '61'), + array(array('a', 'b'), '03'), + array(array('aa', 'ba'), '0300'), + array(array('ab', 'bb'), '0300'), + array(array('aa', 'bb'), '0303'), + array(array('aa', 'bb', 'cc'), '6060'), + array(array('aabbcc', 'bbccdd', 'ccddee'), '606065656262'), + ); + + return $data; + } + + public function testConstructWithoutArgument() + { + $xorMixer = new XorMixer(); + $this->assertTrue($xorMixer instanceof \RandomLib\Mixer); + } + + public function testGetStrength() + { + $strength = new Strength(Strength::VERYLOW); + $actual = XorMixer::getStrength(); + $this->assertEquals($actual, $strength); + } + + public function testTest() + { + $actual = XorMixer::test(); + $this->assertTrue($actual); + } + + /** + * @dataProvider provideMix + */ + public function testMix($parts, $result) + { + $mixer = new XorMixer(); + $actual = $mixer->mix($parts); + $this->assertSame($result, bin2hex($actual)); + } +}