test/recipes/20-test_passwd.t

   1 #! /usr/bin/env perl
   2 # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 use strict;
  11 use warnings;
  12
  13 use OpenSSL::Test;
  14 use OpenSSL::Test::Utils;
  15
  16 setup("test_passwd");
  17
  18 # The following tests are an adaptation of those in
  19 # https://www.akkadia.org/drepper/SHA-crypt.txt
  20 my @sha_tests =
  21     ({ type => '5',
  22        salt => 'saltstring',
  23        key => 'Hello world!',
  24        expected => '$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5' },
  25      { type => '5',
  26        salt => 'rounds=10000$saltstringsaltstring',
  27        key => 'Hello world!',
  28        expected => '$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA' },
  29      { type => '5',
  30        salt => 'rounds=5000$toolongsaltstring',
  31        key => 'This is just a test',
  32        expected => '$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5' },
  33      { type => '5',
  34        salt => 'rounds=1400$anotherlongsaltstring',
  35        key => 'a very much longer text to encrypt.  This one even stretches over morethan one line.',
  36        expected => '$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1' },
  37      { type => '5',
  38        salt => 'rounds=10$roundstoolow',
  39        key => 'the minimum number is still observed',
  40        expected => '$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC' },
  41      { type => '6',
  42        salt => 'saltstring',
  43        key => 'Hello world!',
  44        expected => '$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1' },
  45      { type => '6',
  46        salt => 'rounds=10000$saltstringsaltstring',
  47        key => 'Hello world!',
  48        expected => '$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.' },
  49      { type => '6',
  50        salt => 'rounds=5000$toolongsaltstring',
  51        key => 'This is just a test',
  52        expected => '$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0' },
  53      { type => '6',
  54        salt => 'rounds=1400$anotherlongsaltstring',
  55        key => 'a very much longer text to encrypt.  This one even stretches over morethan one line.',
  56        expected => '$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1' },
  57      { type => '6',
  58        salt => 'rounds=10$roundstoolow',
  59        key => 'the minimum number is still observed',
  60        expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' }
  61     );
  62 # From the same source as above, these tests use a number of rounds > 10000.  They are separated because this can
  63 # cause out of memory problems in the address sanitizer in the no-cache-fetch build.
  64 my @sha_high_rounds_tests =
  65     ({ type => '5',
  66        salt => 'rounds=77777$short',
  67        key => 'we have a short salt string but not a short password',
  68        expected => '$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/' },
  69      { type => '5',
  70        salt => 'rounds=123456$asaltof16chars..',
  71        key => 'a short string',
  72        expected => '$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD' },
  73      { type => '6',
  74        salt => 'rounds=77777$short',
  75        key => 'we have a short salt string but not a short password',
  76        expected => '$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0' },
  77      { type => '6',
  78        salt => 'rounds=123456$asaltof16chars..',
  79        key => 'a short string',
  80        expected => '$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1' },
  81     );
  82
  83 plan tests => 9 + scalar @sha_tests + scalar @sha_high_rounds_tests;
  84
  85
  86 ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'),
  87    'BSD style MD5 password with random salt');
  88 ok(compare1stline_re([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'),
  89    'Apache style MD5 password with random salt');
  90 ok(compare1stline_re([qw{openssl passwd -5 password}], '^\$5\$.{16}\$.{43}\R$'),
  91    'SHA256 password with random salt');
  92 ok(compare1stline_re([qw{openssl passwd -6 password}], '^\$6\$.{16}\$.{86}\R$'),
  93    'Apache SHA512 password with random salt');
  94
  95 ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.'),
  96    'BSD style MD5 password with salt xxxxxxxx');
  97 ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'),
  98    'Apache style MD5 password with salt xxxxxxxx');
  99 ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -aixmd5 password}], 'xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/'),
 100    'AIX style MD5 password with salt xxxxxxxx');
 101 ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -5 password}], '$5$xxxxxxxxxxxxxxxx$fHytsM.wVD..zPN/h3i40WJRggt/1f73XkAC/gkelkB'),
 102    'SHA256 password with salt xxxxxxxxxxxxxxxx');
 103 ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -6 password}], '$6$xxxxxxxxxxxxxxxx$VjGUrXBG6/8yW0f6ikBJVOb/lK/Tm9LxHJmFfwMvT7cpk64N9BW7ZQhNeMXAYFbOJ6HDG7wb0QpxJyYQn0rh81'),
 104    'SHA512 password with salt xxxxxxxxxxxxxxxx');
 105
 106 foreach (@sha_tests) {
 107     ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt},
 108                        $_->{key}], $_->{expected}),
 109        { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt});
 110 }
 111
 112 SKIP: {
 113     skip "Skipping high rounds tests in non caching builds", scalar @sha_high_rounds_tests
 114         if disabled("cached-fetch");
 115
 116     foreach (@sha_high_rounds_tests) {
 117         ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt},
 118                            $_->{key}], $_->{expected}),
 119            { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt});
 120     }
 121 }
 122
 123 sub compare1stline_re {
 124     my ($cmdarray, $regexp) = @_;
 125     my @lines = run(app($cmdarray), capture => 1);
 126
 127     return $lines[0] =~ m|$regexp|;
 128 }
 129
 130 sub compare1stline {
 131     my ($cmdarray, $str) = @_;
 132     my @lines = run(app($cmdarray), capture => 1);
 133
 134     return $lines[0] =~ m|^\Q${str}\E\R$|;
 135 }