#!/bin/sh # Copyright 2017 by Denys Vlasenko # Licensed under GPLv2, see file LICENSE in this source tree. . ./testing.sh # testing "description" "command" "result" "infile" "stdin" #optional USE_BB_CRYPT testing "cryptpw des 12" \ "cryptpw -m des QWErty '123456789012345678901234567890'" \ '12MnB3PqfVbMA\n' "" "" testing "cryptpw des 55" \ "cryptpw -m des QWErty 55" \ '55tgFLtkT1Y72\n' "" "" testing "cryptpw des zz" \ "cryptpw -m des QWErty zz" \ 'zzIZaaXWOkxVk\n' "" "" #SKIP= optional USE_BB_CRYPT_SHA # Note: mkpasswd-5.6.2 won't accept "-m sha256", wants "-m sha256crypt" testing 'cryptpw sha256' \ 'cryptpw -m sha256 QWErty 1234567890123456' \ '$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' \ '' '' # mkpasswd-5.6.2 does not allow overlong salts, we truncate (at 16 chars for sha256) testing 'cryptpw sha256 overlong' \ 'cryptpw -m sha256 QWErty 123456789012345678901234567890' \ '$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' \ '' '' testing 'cryptpw sha256 implicit' \ 'cryptpw QWErty \$5\$1234567890123456' \ '$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' \ '' '' testing 'cryptpw sha256 rounds=99999' \ 'cryptpw -m sha256 QWErty rounds=99999\$123456789012345678901234567890' \ '$5$rounds=99999$1234567890123456$aYellycJGZM6AKyVzaQsSrDBdTixubtMnM6J.MN0xM8\n' \ '' '' testing 'cryptpw sha256 rounds=99999 implicit' \ 'cryptpw QWErty \$5\$rounds=99999\$123456789012345678901234567890' \ '$5$rounds=99999$1234567890123456$aYellycJGZM6AKyVzaQsSrDBdTixubtMnM6J.MN0xM8\n' \ '' '' testing 'cryptpw sha512' \ 'cryptpw -m sha512 QWErty 123456789012345678901234567890' \ '$6$1234567890123456$KB7QqxFyqmJSWyQYcCuGeFukgz1bPQoipWZf7.9L7z3k8UNTXa6UikbKcUGDc2ANn7DOGmDaroxDgpK16w/RE0\n' \ '' '' testing 'cryptpw sha512crypt' \ 'cryptpw -m sha512crypt QWErty 123456789012345678901234567890' \ '$6$1234567890123456$KB7QqxFyqmJSWyQYcCuGeFukgz1bPQoipWZf7.9L7z3k8UNTXa6UikbKcUGDc2ANn7DOGmDaroxDgpK16w/RE0\n' \ '' '' testing 'cryptpw sha512 rounds=99999' \ 'cryptpw -m sha512 QWErty rounds=99999\$123456789012345678901234567890' \ '$6$rounds=99999$1234567890123456$BfF6gD6ZjUmwawH5QaAglYAxtU./yvsz0fcQ464l49aMI2DZW3j5ri28CrxK7riPWNpLuUpfaIdY751SBYKUH.\n' \ '' '' SKIP= optional USE_BB_CRYPT_YES testing 'cryptpw yescrypt' \ 'cryptpw -m yescrypt qweRTY123@-+ j9T\$123456789012345678901234' \ '$y$j9T$123456789012345678901234$AKxw5OX/T4jD.v./IW.5tE/j7izNjw06fg3OvH1LsN9\n' \ '' '' testing 'cryptpw yescrypt with non-standard N=2048 instead of 4096 (j8T instead of j9T)' \ 'cryptpw -m yescrypt qweRTY123@-+ j8T\$123456789012345678901234' \ '$y$j8T$123456789012345678901234$JQUUfopCxlfZNE8f.THJwbOkhy.XtB3GIjo9HUVioWB\n' \ '' '' # mkpasswd-5.6.2 allows short salts for yescrypt # ...but there is a catch. Not all of them. # The "partial" (not fitting in whole bytes) ascii64-encoded salt # is a special case. For example, "$zzz" would not even work in upstream. testing 'cryptpw yescrypt with empty salt' \ 'cryptpw -m yescrypt qweRTY123@-+ j9T\$' \ '$y$j9T$$hpeksL94GXNRwnA00L3c8WFy0khFAUbCpBSak.N3Bp.\n' \ '' '' testing 'cryptpw yescrypt with 3-char salt' \ 'cryptpw -m yescrypt qweRTY123@-+ j9T\$123' \ '$y$j9T$123$A34DMIGUbUIo3bjx66Wtk2IFoREMIw6d49it25KQh2D\n' \ '' '' # "." is not allowed in mkpasswd-5.6.2 # .................................... # ".." is decoded into one zero byte (not two) testing 'cryptpw yescrypt with 2-char salt ".."' \ 'cryptpw -m yescrypt qweRTY123@-+ j9T\$..' \ '$y$j9T$..$yVHeOayxOGg6cHL3.dg10u7T.qSgySfLN3uhSVSLNn/\n' \ '' '' # "..." is decoded into two zero bytes (not three, not one) testing 'cryptpw yescrypt with 3-char salt "..."' \ 'cryptpw -m yescrypt qweRTY123@-+ j9T\$...' \ '$y$j9T$...$xHvJ5USZ7hFyXYbOijtEOMfZRS23cWIxu2eIBXRymA5\n' \ '' '' # "...." is decoded into three zero bytes (no surprises here) testing 'cryptpw yescrypt with 4-char salt "...."' \ 'cryptpw -m yescrypt qweRTY123@-+ j9T\$....' \ '$y$j9T$....$wOnauYL2/NEtr6YQi9pi8AtV7L57sEbVOAnWJIcP9q2\n' \ '' '' # 84 chars = 21 4-char blocks which decode into 21*3 = 63 bytes. # The last byte of the maximum allowed salt size has to come from an incomplete # char block. E.g. "z/" encodes byte 0x7f. "z1" is 0xff. # Anything larger (e.g. "z2") is an error (it encodes 0x13f). testing 'cryptpw yescrypt with 86-char salt (max size)' \ 'cryptpw -m yescrypt qweRTY123@-+ j9T\$123456789012345678901234567890123456789012345678901234567890123456789012345678901234z/' \ '$y$j9T$123456789012345678901234567890123456789012345678901234567890123456789012345678901234z/$Exxe8IoPXiddFsqj7iqCanRf8FyquAoB0/uceLmLjG.\n' \ '' '' testing 'cryptpw yescrypt implicit' \ 'cryptpw qweRTY123@-+ \$y\$j9T\$123456789012345678901234' \ '$y$j9T$123456789012345678901234$AKxw5OX/T4jD.v./IW.5tE/j7izNjw06fg3OvH1LsN9\n' \ '' '' SKIP= exit $FAILCOUNT