Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 6594baf645
Branches Tags
openssl
/
test
/
recipes
/
20-test_passwd.t

20-test_passwd.t 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. #! /usr/bin/env perl
    2. 

  2. # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3. #
    4. 

  4. # Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5. # this file except in compliance with the License.  You can obtain a copy
    6. 

  6. # in the file LICENSE in the source distribution or at
    7. 

  7. # https://www.openssl.org/source/license.html
    8. 

  8. 

  9. 

  10. use strict;
    11. 

  11. use warnings;
    12. 

  12. 

  13. use OpenSSL::Test;
    14. 

  14. use OpenSSL::Test::Utils;
    15. 

  15. 

  16. setup("test_passwd");
    17. 

  17. 

  18. # The following tests are an adaptation of those in
    19. 

  19. # https://www.akkadia.org/drepper/SHA-crypt.txt
    20. 

  20. my @sha_tests =
    21. 

  21.     ({ type => '5',
    22. 

  22.        salt => 'saltstring',
    23. 

  23.        key => 'Hello world!',
    24. 

  24.        expected => '$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5' },
    25. 

  25.      { type => '5',
    26. 

  26.        salt => 'rounds=10000$saltstringsaltstring',
    27. 

  27.        key => 'Hello world!',
    28. 

  28.        expected => '$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA' },
    29. 

  29.      { type => '5',
    30. 

  30.        salt => 'rounds=5000$toolongsaltstring',
    31. 

  31.        key => 'This is just a test',
    32. 

  32.        expected => '$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5' },
    33. 

  33.      { type => '5',
    34. 

  34.        salt => 'rounds=1400$anotherlongsaltstring',
    35. 

  35.        key => 'a very much longer text to encrypt.  This one even stretches over morethan one line.',
    36. 

  36.        expected => '$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1' },
    37. 

  37.      { type => '5',
    38. 

  38.        salt => 'rounds=10$roundstoolow',
    39. 

  39.        key => 'the minimum number is still observed',
    40. 

  40.        expected => '$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC' },
    41. 

  41.      { type => '6',
    42. 

  42.        salt => 'saltstring',
    43. 

  43.        key => 'Hello world!',
    44. 

  44.        expected => '$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1' },
    45. 

  45.      { type => '6',
    46. 

  46.        salt => 'rounds=10000$saltstringsaltstring',
    47. 

  47.        key => 'Hello world!',
    48. 

  48.        expected => '$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.' },
    49. 

  49.      { type => '6',
    50. 

  50.        salt => 'rounds=5000$toolongsaltstring',
    51. 

  51.        key => 'This is just a test',
    52. 

  52.        expected => '$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0' },
    53. 

  53.      { type => '6',
    54. 

  54.        salt => 'rounds=1400$anotherlongsaltstring',
    55. 

  55.        key => 'a very much longer text to encrypt.  This one even stretches over morethan one line.',
    56. 

  56.        expected => '$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1' },
    57. 

  57.      { type => '6',
    58. 

  58.        salt => 'rounds=10$roundstoolow',
    59. 

  59.        key => 'the minimum number is still observed',
    60. 

  60.        expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' }
    61. 

  61.     );
    62. 

  62. # From the same source as above, these tests use a number of rounds > 10000.  They are separated because this can
    63. 

  63. # cause out of memory problems in the address sanitizer in the no-cache-fetch build.
    64. 

  64. my @sha_high_rounds_tests =
    65. 

  65.     ({ type => '5',
    66. 

  66.        salt => 'rounds=77777$short',
    67. 

  67.        key => 'we have a short salt string but not a short password',
    68. 

  68.        expected => '$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/' },
    69. 

  69.      { type => '5',
    70. 

  70.        salt => 'rounds=123456$asaltof16chars..',
    71. 

  71.        key => 'a short string',
    72. 

  72.        expected => '$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD' },
    73. 

  73.      { type => '6',
    74. 

  74.        salt => 'rounds=77777$short',
    75. 

  75.        key => 'we have a short salt string but not a short password',
    76. 

  76.        expected => '$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0' },
    77. 

  77.      { type => '6',
    78. 

  78.        salt => 'rounds=123456$asaltof16chars..',
    79. 

  79.        key => 'a short string',
    80. 

  80.        expected => '$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1' },
    81. 

  81.     );
    82. 

  82. 

  83. plan tests => 9 + scalar @sha_tests + scalar @sha_high_rounds_tests;
    84. 

  84. 

  85. 

  86. ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'),
    87. 

  87.    'BSD style MD5 password with random salt');
    88. 

  88. ok(compare1stline_re([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'),
    89. 

  89.    'Apache style MD5 password with random salt');
    90. 

  90. ok(compare1stline_re([qw{openssl passwd -5 password}], '^\$5\$.{16}\$.{43}\R$'),
    91. 

  91.    'SHA256 password with random salt');
    92. 

  92. ok(compare1stline_re([qw{openssl passwd -6 password}], '^\$6\$.{16}\$.{86}\R$'),
    93. 

  93.    'Apache SHA512 password with random salt');
    94. 

  94. 

  95. ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.'),
    96. 

  96.    'BSD style MD5 password with salt xxxxxxxx');
    97. 

  97. ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'),
    98. 

  98.    'Apache style MD5 password with salt xxxxxxxx');
    99. 

  99. ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -aixmd5 password}], 'xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/'),
    100. 

  100.    'AIX style MD5 password with salt xxxxxxxx');
    101. 

  101. ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -5 password}], '$5$xxxxxxxxxxxxxxxx$fHytsM.wVD..zPN/h3i40WJRggt/1f73XkAC/gkelkB'),
    102. 

  102.    'SHA256 password with salt xxxxxxxxxxxxxxxx');
    103. 

  103. ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -6 password}], '$6$xxxxxxxxxxxxxxxx$VjGUrXBG6/8yW0f6ikBJVOb/lK/Tm9LxHJmFfwMvT7cpk64N9BW7ZQhNeMXAYFbOJ6HDG7wb0QpxJyYQn0rh81'),
    104. 

  104.    'SHA512 password with salt xxxxxxxxxxxxxxxx');
    105. 

  105. 

  106. foreach (@sha_tests) {
    107. 

  107.     ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt},
    108. 

  108.                        $_->{key}], $_->{expected}),
    109. 

  109.        { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt});
    110. 

  110. }
    111. 

  111. 

  112. SKIP: {
    113. 

  113.     skip "Skipping high rounds tests in non caching builds", scalar @sha_high_rounds_tests
    114. 

  114.         if disabled("cached-fetch");
    115. 

  115. 

  116.     foreach (@sha_high_rounds_tests) {
    117. 

  117.         ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt},
    118. 

  118.                            $_->{key}], $_->{expected}),
    119. 

  119.            { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt});
    120. 

  120.     }
    121. 

  121. }
    122. 

  122. 

  123. sub compare1stline_re {
    124. 

  124.     my ($cmdarray, $regexp) = @_;
    125. 

  125.     my @lines = run(app($cmdarray), capture => 1);
    126. 

  126. 

  127.     return $lines[0] =~ m|$regexp|;
    128. 

  128. }
    129. 

  129. 

  130. sub compare1stline {
    131. 

  131.     my ($cmdarray, $str) = @_;
    132. 

  132.     my @lines = run(app($cmdarray), capture => 1);
    133. 

  133. 

  134.     return $lines[0] =~ m|^\Q${str}\E\R$|;
    135. 

  135. }
    136.