20-test_passwd.t 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
  1. #! /usr/bin/env perl
  2. # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use OpenSSL::Test;
  11. use OpenSSL::Test::Utils;
  12. setup("test_passwd");
  13. # The following tests are an adaptation of those in
  14. # https://www.akkadia.org/drepper/SHA-crypt.txt
  15. my @sha_tests =
  16. ({ type => '5',
  17. salt => 'saltstring',
  18. key => 'Hello world!',
  19. expected => '$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5' },
  20. { type => '5',
  21. salt => 'rounds=10000$saltstringsaltstring',
  22. key => 'Hello world!',
  23. expected => '$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA' },
  24. { type => '5',
  25. salt => 'rounds=5000$toolongsaltstring',
  26. key => 'This is just a test',
  27. expected => '$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5' },
  28. { type => '5',
  29. salt => 'rounds=1400$anotherlongsaltstring',
  30. key => 'a very much longer text to encrypt. This one even stretches over morethan one line.',
  31. expected => '$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1' },
  32. { type => '5',
  33. salt => 'rounds=10$roundstoolow',
  34. key => 'the minimum number is still observed',
  35. expected => '$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC' },
  36. { type => '6',
  37. salt => 'saltstring',
  38. key => 'Hello world!',
  39. expected => '$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1' },
  40. { type => '6',
  41. salt => 'rounds=10000$saltstringsaltstring',
  42. key => 'Hello world!',
  43. expected => '$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.' },
  44. { type => '6',
  45. salt => 'rounds=5000$toolongsaltstring',
  46. key => 'This is just a test',
  47. expected => '$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0' },
  48. { type => '6',
  49. salt => 'rounds=1400$anotherlongsaltstring',
  50. key => 'a very much longer text to encrypt. This one even stretches over morethan one line.',
  51. expected => '$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1' },
  52. { type => '6',
  53. salt => 'rounds=10$roundstoolow',
  54. key => 'the minimum number is still observed',
  55. expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' }
  56. );
  57. # From the same source as above, these tests use a number of rounds > 10000. They are separated because this can
  58. # cause out of memory problems in the address sanitizer in the no-cache-fetch build.
  59. my @sha_high_rounds_tests =
  60. ({ type => '5',
  61. salt => 'rounds=77777$short',
  62. key => 'we have a short salt string but not a short password',
  63. expected => '$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/' },
  64. { type => '5',
  65. salt => 'rounds=123456$asaltof16chars..',
  66. key => 'a short string',
  67. expected => '$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD' },
  68. { type => '6',
  69. salt => 'rounds=77777$short',
  70. key => 'we have a short salt string but not a short password',
  71. expected => '$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0' },
  72. { type => '6',
  73. salt => 'rounds=123456$asaltof16chars..',
  74. key => 'a short string',
  75. expected => '$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1' },
  76. );
  77. plan tests => 9 + scalar @sha_tests + scalar @sha_high_rounds_tests;
  78. ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'),
  79. 'BSD style MD5 password with random salt');
  80. ok(compare1stline_re([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'),
  81. 'Apache style MD5 password with random salt');
  82. ok(compare1stline_re([qw{openssl passwd -5 password}], '^\$5\$.{16}\$.{43}\R$'),
  83. 'SHA256 password with random salt');
  84. ok(compare1stline_re([qw{openssl passwd -6 password}], '^\$6\$.{16}\$.{86}\R$'),
  85. 'Apache SHA512 password with random salt');
  86. ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.'),
  87. 'BSD style MD5 password with salt xxxxxxxx');
  88. ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'),
  89. 'Apache style MD5 password with salt xxxxxxxx');
  90. ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -aixmd5 password}], 'xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/'),
  91. 'AIX style MD5 password with salt xxxxxxxx');
  92. ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -5 password}], '$5$xxxxxxxxxxxxxxxx$fHytsM.wVD..zPN/h3i40WJRggt/1f73XkAC/gkelkB'),
  93. 'SHA256 password with salt xxxxxxxxxxxxxxxx');
  94. ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -6 password}], '$6$xxxxxxxxxxxxxxxx$VjGUrXBG6/8yW0f6ikBJVOb/lK/Tm9LxHJmFfwMvT7cpk64N9BW7ZQhNeMXAYFbOJ6HDG7wb0QpxJyYQn0rh81'),
  95. 'SHA512 password with salt xxxxxxxxxxxxxxxx');
  96. foreach (@sha_tests) {
  97. ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt},
  98. $_->{key}], $_->{expected}),
  99. { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt});
  100. }
  101. SKIP: {
  102. skip "Skipping high rounds tests in non caching builds", scalar @sha_high_rounds_tests
  103. if disabled("cached-fetch");
  104. foreach (@sha_high_rounds_tests) {
  105. ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt},
  106. $_->{key}], $_->{expected}),
  107. { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt});
  108. }
  109. }
  110. sub compare1stline_re {
  111. my ($cmdarray, $regexp) = @_;
  112. my @lines = run(app($cmdarray), capture => 1);
  113. return $lines[0] =~ m|$regexp|;
  114. }
  115. sub compare1stline {
  116. my ($cmdarray, $str) = @_;
  117. my @lines = run(app($cmdarray), capture => 1);
  118. return $lines[0] =~ m|^\Q${str}\E\R$|;
  119. }