ctrlv-privatebin/tst/vizhash16x16.php
Sebastien SAUVAGE 43a439e7d0 Time attack protection on hmac comparison
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.

(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)

Conflicts:
	index.php
2015-08-15 23:44:03 +02:00

46 lines
1.4 KiB
PHP

<?php
class vizhash16x16Test extends PHPUnit_Framework_TestCase
{
private $_dataDirCreated;
private $_file;
private $_path;
public function setUp()
{
/* Setup Routine */
$this->_path = PATH . 'data' . DIRECTORY_SEPARATOR;
$this->_dataDirCreated = !is_dir($this->_path);
if($this->_dataDirCreated) mkdir($this->_path);
$this->_file = $this->_path . 'vizhash.png';
}
public function tearDown()
{
/* Tear Down Routine */
if($this->_dataDirCreated) {
helper::rmdir($this->_path);
} else {
if(!@unlink($this->_file)) {
throw new Exception('Error deleting file "' . $this->_file . '".');
}
}
}
public function testVizhashGeneratesUniquePngsPerIp()
{
$vz = new vizhash16x16();
$pngdata = $vz->generate('127.0.0.1');
file_put_contents($this->_file, $pngdata);
$finfo = new finfo(FILEINFO_MIME_TYPE);
$this->assertEquals('image/png', $finfo->file($this->_file));
$this->assertNotEquals($pngdata, $vz->generate('2001:1620:2057:dead:beef::cafe:babe'));
$this->assertEquals($pngdata, $vz->generate('127.0.0.1'));
// generating new salt
$salt = serversalt::get();
require 'mcrypt_mock.php';
$this->assertNotEquals($salt, serversalt::generate());
}
}