Bug #21491 » 12502_v1.diff
| INSTALL.txt (Arbeitskopie) | ||
|---|---|---|
|
- cURL
|
||
|
- filter
|
||
|
- GD2
|
||
|
- hash
|
||
|
- JSON
|
||
|
- mbstring
|
||
|
- mysql
|
||
| t3lib/class.t3lib_div.php (Arbeitskopie) | ||
|---|---|---|
|
}
|
||
|
/**
|
||
|
* Returns a proper HMAC on a given input string and secret TYPO3 encryption key.
|
||
|
*
|
||
|
* @param string Input string to create HMAC from
|
||
|
* @return string resulting (hexadecimal) HMAC currently with a length of 40 (HMAC-SHA-1)
|
||
|
*/
|
||
|
public static function hmac($input) {
|
||
|
$hashAlgorithm = 'sha1';
|
||
|
$hashBlocksize = 64;
|
||
|
$hmac = '';
|
||
|
if (extension_loaded('hash') && function_exists('hash_hmac') && function_exists('hash_algos') && in_array($hashAlgorithm, hash_algos())) {
|
||
|
$hmac = hash_hmac($hashAlgorithm, $input, $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']);
|
||
|
} else {
|
||
|
// outer padding
|
||
|
$opad = str_repeat(chr(0x5C), $hashBlocksize);
|
||
|
// innner padding
|
||
|
$ipad = str_repeat(chr(0x36), $hashBlocksize);
|
||
|
if (strlen($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']) > $hashBlocksize) {
|
||
|
// keys longer than blocksize are shorten
|
||
|
$key = str_pad(pack('H*', call_user_func($hashAlgorithm, $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'])), $hashBlocksize, chr(0x00));
|
||
|
} else {
|
||
|
// keys shorter than blocksize are zero-padded
|
||
|
$key = str_pad($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'], $hashBlocksize, chr(0x00));
|
||
|
}
|
||
|
$hmac = bin2hex(pack('H*', call_user_func($hashAlgorithm, ($key^$opad) . pack('H*', call_user_func($hashAlgorithm, ($key^$ipad) . $input)))));
|
||
|
}
|
||
|
return $hmac;
|
||
|
}
|
||
|
/**
|
||
|
* Takes comma-separated lists and arrays and removes all duplicates
|
||
|
* If a value in the list is trim(empty), the value is ignored.
|
||
|
* Usage: 16
|
||
| tests/t3lib/t3lib_div_testcase.php (Arbeitskopie) | ||
|---|---|---|
|
//////////////////////////////////
|
||
|
// Tests concerning hmac
|
||
|
//////////////////////////////////
|
||
|
/**
|
||
|
* @test
|
||
|
*/
|
||
|
public function hmacReturnsEqualHashesForEqualInput() {
|
||
|
$msg0 = 'message';
|
||
|
$msg1 = 'message';
|
||
|
$this->assertEquals(t3lib_div::hmac($msg0), t3lib_div::hmac($msg1));
|
||
|
}
|
||
|
/**
|
||
|
* @test
|
||
|
*/
|
||
|
public function hmacReturnsNotEqualHashesForNotEqualInput() {
|
||
|
$msg0 = 'message0';
|
||
|
$msg1 = 'message1';
|
||
|
$this->assertNotEquals(t3lib_div::hmac($msg0), t3lib_div::hmac($msg1));
|
||
|
}
|
||
|
//////////////////////////////////
|
||
|
// Tests concerning quoteJSvalue
|
||
|
//////////////////////////////////
|
||