1#! /usr/bin/env perl 2# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use OpenSSL::Test; 14use OpenSSL::Test::Utils; 15 16setup("test_passwd"); 17 18# The following tests are an adaptation of those in 19# https://www.akkadia.org/drepper/SHA-crypt.txt 20my @sha_tests = 21 ({ type => '5', 22 salt => 'saltstring', 23 key => 'Hello world!', 24 expected => '$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5' }, 25 { type => '5', 26 salt => 'rounds=10000$saltstringsaltstring', 27 key => 'Hello world!', 28 expected => '$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA' }, 29 { type => '5', 30 salt => 'rounds=5000$toolongsaltstring', 31 key => 'This is just a test', 32 expected => '$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5' }, 33 { type => '5', 34 salt => 'rounds=1400$anotherlongsaltstring', 35 key => 'a very much longer text to encrypt. This one even stretches over morethan one line.', 36 expected => '$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1' }, 37 { type => '5', 38 salt => 'rounds=77777$short', 39 key => 'we have a short salt string but not a short password', 40 expected => '$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/' }, 41 { type => '5', 42 salt => 'rounds=123456$asaltof16chars..', 43 key => 'a short string', 44 expected => '$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD' }, 45 { type => '5', 46 salt => 'rounds=10$roundstoolow', 47 key => 'the minimum number is still observed', 48 expected => '$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC' }, 49 { type => '6', 50 salt => 'saltstring', 51 key => 'Hello world!', 52 expected => '$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1' }, 53 { type => '6', 54 salt => 'rounds=10000$saltstringsaltstring', 55 key => 'Hello world!', 56 expected => '$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.' }, 57 { type => '6', 58 salt => 'rounds=5000$toolongsaltstring', 59 key => 'This is just a test', 60 expected => '$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0' }, 61 { type => '6', 62 salt => 'rounds=1400$anotherlongsaltstring', 63 key => 'a very much longer text to encrypt. This one even stretches over morethan one line.', 64 expected => '$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1' }, 65 { type => '6', 66 salt => 'rounds=77777$short', 67 key => 'we have a short salt string but not a short password', 68 expected => '$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0' }, 69 { type => '6', 70 salt => 'rounds=123456$asaltof16chars..', 71 key => 'a short string', 72 expected => '$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1' }, 73 { type => '6', 74 salt => 'rounds=10$roundstoolow', 75 key => 'the minimum number is still observed', 76 expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' } 77 ); 78 79plan tests => (disabled("des") ? 9 : 11) + scalar @sha_tests; 80 81 82ok(compare1stline_re([qw{openssl passwd password}], '^.{13}\R$'), 83 'crypt password with random salt') if !disabled("des"); 84ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'), 85 'BSD style MD5 password with random salt'); 86ok(compare1stline_re([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'), 87 'Apache style MD5 password with random salt'); 88ok(compare1stline_re([qw{openssl passwd -5 password}], '^\$5\$.{16}\$.{43}\R$'), 89 'SHA256 password with random salt'); 90ok(compare1stline_re([qw{openssl passwd -6 password}], '^\$6\$.{16}\$.{86}\R$'), 91 'Apache SHA512 password with random salt'); 92 93ok(compare1stline([qw{openssl passwd -salt xx password}], 'xxj31ZMTZzkVA'), 94 'crypt password with salt xx') if !disabled("des"); 95ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.'), 96 'BSD style MD5 password with salt xxxxxxxx'); 97ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'), 98 'Apache style MD5 password with salt xxxxxxxx'); 99ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -aixmd5 password}], 'xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/'), 100 'AIX style MD5 password with salt xxxxxxxx'); 101ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -5 password}], '$5$xxxxxxxxxxxxxxxx$fHytsM.wVD..zPN/h3i40WJRggt/1f73XkAC/gkelkB'), 102 'SHA256 password with salt xxxxxxxxxxxxxxxx'); 103ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -6 password}], '$6$xxxxxxxxxxxxxxxx$VjGUrXBG6/8yW0f6ikBJVOb/lK/Tm9LxHJmFfwMvT7cpk64N9BW7ZQhNeMXAYFbOJ6HDG7wb0QpxJyYQn0rh81'), 104 'SHA512 password with salt xxxxxxxxxxxxxxxx'); 105 106foreach (@sha_tests) { 107 ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt}, 108 $_->{key}], $_->{expected}), 109 { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt}); 110} 111 112 113sub compare1stline_re { 114 my ($cmdarray, $regexp) = @_; 115 my @lines = run(app($cmdarray), capture => 1); 116 117 return $lines[0] =~ m|$regexp|; 118} 119 120sub compare1stline { 121 my ($cmdarray, $str) = @_; 122 my @lines = run(app($cmdarray), capture => 1); 123 124 return $lines[0] =~ m|^\Q${str}\E\R$|; 125} 126