]>
Commit | Line | Data |
---|---|---|
497f3bf9 | 1 | #! /usr/bin/env perl |
33388b44 | 2 | # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. |
497f3bf9 | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
497f3bf9 RL |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | use strict; | |
11 | use warnings; | |
12 | ||
13 | use OpenSSL::Test; | |
c1eba83f | 14 | use OpenSSL::Test::Utils; |
497f3bf9 RL |
15 | |
16 | setup("test_passwd"); | |
17 | ||
49681ae1 RL |
18 | # The following tests are an adaptation of those in |
19 | # https://www.akkadia.org/drepper/SHA-crypt.txt | |
20 | my @sha_tests = | |
21 | ({ type => '5', | |
22 | salt => 'saltstring', | |
23 | key => 'Hello world!', | |
24 | expected => '$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5' }, | |
25 | { type => '5', | |
26 | salt => 'rounds=10000$saltstringsaltstring', | |
27 | key => 'Hello world!', | |
28 | expected => '$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA' }, | |
29 | { type => '5', | |
30 | salt => 'rounds=5000$toolongsaltstring', | |
31 | key => 'This is just a test', | |
32 | expected => '$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5' }, | |
33 | { type => '5', | |
34 | salt => 'rounds=1400$anotherlongsaltstring', | |
35 | key => 'a very much longer text to encrypt. This one even stretches over morethan one line.', | |
36 | expected => '$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1' }, | |
37 | { type => '5', | |
38 | salt => 'rounds=77777$short', | |
39 | key => 'we have a short salt string but not a short password', | |
40 | expected => '$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/' }, | |
41 | { type => '5', | |
42 | salt => 'rounds=123456$asaltof16chars..', | |
43 | key => 'a short string', | |
44 | expected => '$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD' }, | |
45 | { type => '5', | |
46 | salt => 'rounds=10$roundstoolow', | |
47 | key => 'the minimum number is still observed', | |
48 | expected => '$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC' }, | |
49 | { type => '6', | |
50 | salt => 'saltstring', | |
51 | key => 'Hello world!', | |
52 | expected => '$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1' }, | |
53 | { type => '6', | |
54 | salt => 'rounds=10000$saltstringsaltstring', | |
55 | key => 'Hello world!', | |
56 | expected => '$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.' }, | |
57 | { type => '6', | |
58 | salt => 'rounds=5000$toolongsaltstring', | |
59 | key => 'This is just a test', | |
60 | expected => '$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0' }, | |
61 | { type => '6', | |
62 | salt => 'rounds=1400$anotherlongsaltstring', | |
63 | key => 'a very much longer text to encrypt. This one even stretches over morethan one line.', | |
64 | expected => '$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1' }, | |
65 | { type => '6', | |
66 | salt => 'rounds=77777$short', | |
67 | key => 'we have a short salt string but not a short password', | |
68 | expected => '$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0' }, | |
69 | { type => '6', | |
70 | salt => 'rounds=123456$asaltof16chars..', | |
71 | key => 'a short string', | |
72 | expected => '$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1' }, | |
73 | { type => '6', | |
74 | salt => 'rounds=10$roundstoolow', | |
75 | key => 'the minimum number is still observed', | |
76 | expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' } | |
77 | ); | |
497f3bf9 | 78 | |
c87a7f31 | 79 | plan tests => 9 + scalar @sha_tests; |
49681ae1 RL |
80 | |
81 | ||
49681ae1 | 82 | ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'), |
497f3bf9 | 83 | 'BSD style MD5 password with random salt'); |
49681ae1 | 84 | ok(compare1stline_re([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'), |
497f3bf9 | 85 | 'Apache style MD5 password with random salt'); |
49681ae1 RL |
86 | ok(compare1stline_re([qw{openssl passwd -5 password}], '^\$5\$.{16}\$.{43}\R$'), |
87 | 'SHA256 password with random salt'); | |
88 | ok(compare1stline_re([qw{openssl passwd -6 password}], '^\$6\$.{16}\$.{86}\R$'), | |
89 | 'Apache SHA512 password with random salt'); | |
90 | ||
49681ae1 | 91 | ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.'), |
497f3bf9 | 92 | 'BSD style MD5 password with salt xxxxxxxx'); |
49681ae1 | 93 | ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'), |
497f3bf9 | 94 | 'Apache style MD5 password with salt xxxxxxxx'); |
037f2c3f GN |
95 | ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -aixmd5 password}], 'xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/'), |
96 | 'AIX style MD5 password with salt xxxxxxxx'); | |
49681ae1 RL |
97 | ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -5 password}], '$5$xxxxxxxxxxxxxxxx$fHytsM.wVD..zPN/h3i40WJRggt/1f73XkAC/gkelkB'), |
98 | 'SHA256 password with salt xxxxxxxxxxxxxxxx'); | |
99 | ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -6 password}], '$6$xxxxxxxxxxxxxxxx$VjGUrXBG6/8yW0f6ikBJVOb/lK/Tm9LxHJmFfwMvT7cpk64N9BW7ZQhNeMXAYFbOJ6HDG7wb0QpxJyYQn0rh81'), | |
100 | 'SHA512 password with salt xxxxxxxxxxxxxxxx'); | |
497f3bf9 | 101 | |
49681ae1 RL |
102 | foreach (@sha_tests) { |
103 | ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt}, | |
104 | $_->{key}], $_->{expected}), | |
105 | { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt}); | |
106 | } | |
497f3bf9 | 107 | |
49681ae1 RL |
108 | |
109 | sub compare1stline_re { | |
497f3bf9 RL |
110 | my ($cmdarray, $regexp) = @_; |
111 | my @lines = run(app($cmdarray), capture => 1); | |
112 | ||
113 | return $lines[0] =~ m|$regexp|; | |
114 | } | |
49681ae1 RL |
115 | |
116 | sub compare1stline { | |
117 | my ($cmdarray, $str) = @_; | |
118 | my @lines = run(app($cmdarray), capture => 1); | |
119 | ||
120 | return $lines[0] =~ m|^\Q${str}\E\R$|; | |
121 | } |