1 files changed, 85 insertions, 13 deletions
diff --git a/testsuite/cryptpw.tests b/testsuite/cryptpw.tests
index 0dd91fe15..83bfde521 100755
--- a/testsuite/cryptpw.tests
+++ b/testsuite/cryptpw.tests
@@ -22,21 +22,93 @@ testing "cryptpw des zz" \
 #SKIP=
 optional USE_BB_CRYPT_SHA
-testing "cryptpw sha256" \
+# Note: mkpasswd-5.6.2 won't accept "-m sha256", wants "-m sha256crypt"
-        "cryptpw -m sha256 QWErty '123456789012345678901234567890'" \
+testing 'cryptpw sha256' \
-        '$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' "" ""
+        'cryptpw -m sha256 QWErty 1234567890123456' \
+        '$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' \
+        '' ''
+# mkpasswd-5.6.2 does not allow overlong salts, we truncate (at 16 chars for sha256)
+testing 'cryptpw sha256 overlong' \
+        'cryptpw -m sha256 QWErty 123456789012345678901234567890' \
+        '$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' \
+        '' ''
+testing 'cryptpw sha256 implicit' \
+        'cryptpw QWErty \$5\$1234567890123456' \
+        '$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' \
+        '' ''
+testing 'cryptpw sha256 rounds=99999' \
+        'cryptpw -m sha256 QWErty rounds=99999\$123456789012345678901234567890' \
+        '$5$rounds=99999$1234567890123456$aYellycJGZM6AKyVzaQsSrDBdTixubtMnM6J.MN0xM8\n' \
+        '' ''
+testing 'cryptpw sha256 rounds=99999 implicit' \
+        'cryptpw QWErty \$5\$rounds=99999\$123456789012345678901234567890' \
+        '$5$rounds=99999$1234567890123456$aYellycJGZM6AKyVzaQsSrDBdTixubtMnM6J.MN0xM8\n' \
+        '' ''
-testing "cryptpw sha256 rounds=99999" \
+testing 'cryptpw sha512' \
-        "cryptpw -m sha256 QWErty 'rounds=99999\$123456789012345678901234567890'" \
+        'cryptpw -m sha512 QWErty 123456789012345678901234567890' \
-        '$5$rounds=99999$1234567890123456$aYellycJGZM6AKyVzaQsSrDBdTixubtMnM6J.MN0xM8\n' "" ""
+        '$6$1234567890123456$KB7QqxFyqmJSWyQYcCuGeFukgz1bPQoipWZf7.9L7z3k8UNTXa6UikbKcUGDc2ANn7DOGmDaroxDgpK16w/RE0\n' \
+        '' ''
-testing "cryptpw sha512" \
+testing 'cryptpw sha512crypt' \
-        "cryptpw -m sha512 QWErty '123456789012345678901234567890'" \
+        'cryptpw -m sha512crypt QWErty 123456789012345678901234567890' \
-        '$6$1234567890123456$KB7QqxFyqmJSWyQYcCuGeFukgz1bPQoipWZf7.9L7z3k8UNTXa6UikbKcUGDc2ANn7DOGmDaroxDgpK16w/RE0\n' "" ""
+        '$6$1234567890123456$KB7QqxFyqmJSWyQYcCuGeFukgz1bPQoipWZf7.9L7z3k8UNTXa6UikbKcUGDc2ANn7DOGmDaroxDgpK16w/RE0\n' \
+        '' ''
+testing 'cryptpw sha512 rounds=99999' \
+        'cryptpw -m sha512 QWErty rounds=99999\$123456789012345678901234567890' \
+        '$6$rounds=99999$1234567890123456$BfF6gD6ZjUmwawH5QaAglYAxtU./yvsz0fcQ464l49aMI2DZW3j5ri28CrxK7riPWNpLuUpfaIdY751SBYKUH.\n' \
+        '' ''
+SKIP=
-testing "cryptpw sha512 rounds=99999" \
+optional USE_BB_CRYPT_YES
-        "cryptpw -m sha512 QWErty 'rounds=99999\$123456789012345678901234567890'" \
+testing 'cryptpw yescrypt' \
-        '$6$rounds=99999$1234567890123456$BfF6gD6ZjUmwawH5QaAglYAxtU./yvsz0fcQ464l49aMI2DZW3j5ri28CrxK7riPWNpLuUpfaIdY751SBYKUH.\n' "" ""
+        'cryptpw -m yescrypt qweRTY123@-+ j9T\$123456789012345678901234' \
+        '$y$j9T$123456789012345678901234$AKxw5OX/T4jD.v./IW.5tE/j7izNjw06fg3OvH1LsN9\n' \
+        '' ''
+testing 'cryptpw yescrypt with non-standard N=2048 instead of 4096 (j8T instead of j9T)' \
+        'cryptpw -m yescrypt qweRTY123@-+ j8T\$123456789012345678901234' \
+        '$y$j8T$123456789012345678901234$JQUUfopCxlfZNE8f.THJwbOkhy.XtB3GIjo9HUVioWB\n' \
+        '' ''
+# mkpasswd-5.6.2 allows short salts for yescrypt
+# ...but there is a catch. Not all of them.
+# The "partial" (not fitting in whole bytes) ascii64-encoded salt
+# is a special case. For example, "$zzz" would not even work in upstream.
+testing 'cryptpw yescrypt with empty salt' \
+        'cryptpw -m yescrypt qweRTY123@-+ j9T\$' \
+        '$y$j9T$$hpeksL94GXNRwnA00L3c8WFy0khFAUbCpBSak.N3Bp.\n' \
+        '' ''
+testing 'cryptpw yescrypt with 3-char salt' \
+        'cryptpw -m yescrypt qweRTY123@-+ j9T\$123' \
+        '$y$j9T$123$A34DMIGUbUIo3bjx66Wtk2IFoREMIw6d49it25KQh2D\n' \
+        '' ''
+# "." is not allowed in mkpasswd-5.6.2
+# ....................................
+# ".." is decoded into one zero byte (not two)
+testing 'cryptpw yescrypt with 2-char salt ".."' \
+        'cryptpw -m yescrypt qweRTY123@-+ j9T\$..' \
+        '$y$j9T$..$yVHeOayxOGg6cHL3.dg10u7T.qSgySfLN3uhSVSLNn/\n' \
+        '' ''
+# "..." is decoded into two zero bytes (not three, not one)
+testing 'cryptpw yescrypt with 3-char salt "..."' \
+        'cryptpw -m yescrypt qweRTY123@-+ j9T\$...' \
+        '$y$j9T$...$xHvJ5USZ7hFyXYbOijtEOMfZRS23cWIxu2eIBXRymA5\n' \
+        '' ''
+# "...." is decoded into three zero bytes (no surprises here)
+testing 'cryptpw yescrypt with 4-char salt "...."' \
+        'cryptpw -m yescrypt qweRTY123@-+ j9T\$....' \
+        '$y$j9T$....$wOnauYL2/NEtr6YQi9pi8AtV7L57sEbVOAnWJIcP9q2\n' \
+        '' ''
+# 84 chars = 21 4-char blocks which decode into 21*3 = 63 bytes.
+# The last byte of the maximum allowed salt size has to come from an incomplete
+# char block. E.g. "z/" encodes byte 0x7f. "z1" is 0xff.
+# Anything larger (e.g. "z2") is an error (it encodes 0x13f).
+testing 'cryptpw yescrypt with 86-char salt (max size)' \
+        'cryptpw -m yescrypt qweRTY123@-+ j9T\$123456789012345678901234567890123456789012345678901234567890123456789012345678901234z/' \
+        '$y$j9T$123456789012345678901234567890123456789012345678901234567890123456789012345678901234z/$Exxe8IoPXiddFsqj7iqCanRf8FyquAoB0/uceLmLjG.\n' \
+        '' ''
+testing 'cryptpw yescrypt implicit' \
+        'cryptpw qweRTY123@-+ \$y\$j9T\$123456789012345678901234' \
+        '$y$j9T$123456789012345678901234$AKxw5OX/T4jD.v./IW.5tE/j7izNjw06fg3OvH1LsN9\n' \
+        '' ''
 SKIP=
 exit $FAILCOUNT

diff --git a/testsuite/cryptpw.tests b/testsuite/cryptpw.tests index 0dd91fe15..83bfde521 100755 --- a/testsuite/cryptpw.tests +++ b/testsuite/cryptpw.tests
@@ -22,21 +22,93 @@ testing "cryptpw des zz" \
22	#SKIP=	22	#SKIP=
23		23
24	optional USE_BB_CRYPT_SHA	24	optional USE_BB_CRYPT_SHA
25	testing "cryptpw sha256" \	25	# Note: mkpasswd-5.6.2 won't accept "-m sha256", wants "-m sha256crypt"
26	"cryptpw -m sha256 QWErty '123456789012345678901234567890'" \	26	testing 'cryptpw sha256' \
27	'$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' "" ""	27	'cryptpw -m sha256 QWErty 1234567890123456' \
		28	'$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' \
		29	'' ''
		30	# mkpasswd-5.6.2 does not allow overlong salts, we truncate (at 16 chars for sha256)
		31	testing 'cryptpw sha256 overlong' \
		32	'cryptpw -m sha256 QWErty 123456789012345678901234567890' \
		33	'$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' \
		34	'' ''
		35	testing 'cryptpw sha256 implicit' \
		36	'cryptpw QWErty \$5\$1234567890123456' \
		37	'$5$1234567890123456$5DxfOCmU4vRhtzfsbdK.6wSGMwwVbac7ZkWwusb8Si7\n' \
		38	'' ''
		39	testing 'cryptpw sha256 rounds=99999' \
		40	'cryptpw -m sha256 QWErty rounds=99999\$123456789012345678901234567890' \
		41	'$5$rounds=99999$1234567890123456$aYellycJGZM6AKyVzaQsSrDBdTixubtMnM6J.MN0xM8\n' \
		42	'' ''
		43	testing 'cryptpw sha256 rounds=99999 implicit' \
		44	'cryptpw QWErty \$5\$rounds=99999\$123456789012345678901234567890' \
		45	'$5$rounds=99999$1234567890123456$aYellycJGZM6AKyVzaQsSrDBdTixubtMnM6J.MN0xM8\n' \
		46	'' ''
28		47
29	testing "cryptpw sha256 rounds=99999" \	48	testing 'cryptpw sha512' \
30	"cryptpw -m sha256 QWErty 'rounds=99999\$123456789012345678901234567890'" \	49	'cryptpw -m sha512 QWErty 123456789012345678901234567890' \
31	'$5$rounds=99999$1234567890123456$aYellycJGZM6AKyVzaQsSrDBdTixubtMnM6J.MN0xM8\n' "" ""	50	'$6$1234567890123456$KB7QqxFyqmJSWyQYcCuGeFukgz1bPQoipWZf7.9L7z3k8UNTXa6UikbKcUGDc2ANn7DOGmDaroxDgpK16w/RE0\n' \
32		51	'' ''
33	testing "cryptpw sha512" \	52	testing 'cryptpw sha512crypt' \
34	"cryptpw -m sha512 QWErty '123456789012345678901234567890'" \	53	'cryptpw -m sha512crypt QWErty 123456789012345678901234567890' \
35	'$6$1234567890123456$KB7QqxFyqmJSWyQYcCuGeFukgz1bPQoipWZf7.9L7z3k8UNTXa6UikbKcUGDc2ANn7DOGmDaroxDgpK16w/RE0\n' "" ""	54	'$6$1234567890123456$KB7QqxFyqmJSWyQYcCuGeFukgz1bPQoipWZf7.9L7z3k8UNTXa6UikbKcUGDc2ANn7DOGmDaroxDgpK16w/RE0\n' \
		55	'' ''
		56	testing 'cryptpw sha512 rounds=99999' \
		57	'cryptpw -m sha512 QWErty rounds=99999\$123456789012345678901234567890' \
		58	'$6$rounds=99999$1234567890123456$BfF6gD6ZjUmwawH5QaAglYAxtU./yvsz0fcQ464l49aMI2DZW3j5ri28CrxK7riPWNpLuUpfaIdY751SBYKUH.\n' \
		59	'' ''
		60	SKIP=
36		61
37	testing "cryptpw sha512 rounds=99999" \	62	optional USE_BB_CRYPT_YES
38	"cryptpw -m sha512 QWErty 'rounds=99999\$123456789012345678901234567890'" \	63	testing 'cryptpw yescrypt' \
39	'$6$rounds=99999$1234567890123456$BfF6gD6ZjUmwawH5QaAglYAxtU./yvsz0fcQ464l49aMI2DZW3j5ri28CrxK7riPWNpLuUpfaIdY751SBYKUH.\n' "" ""	64	'cryptpw -m yescrypt qweRTY123@-+ j9T\$123456789012345678901234' \
		65	'$y$j9T$123456789012345678901234$AKxw5OX/T4jD.v./IW.5tE/j7izNjw06fg3OvH1LsN9\n' \
		66	'' ''
		67	testing 'cryptpw yescrypt with non-standard N=2048 instead of 4096 (j8T instead of j9T)' \
		68	'cryptpw -m yescrypt qweRTY123@-+ j8T\$123456789012345678901234' \
		69	'$y$j8T$123456789012345678901234$JQUUfopCxlfZNE8f.THJwbOkhy.XtB3GIjo9HUVioWB\n' \
		70	'' ''
		71	# mkpasswd-5.6.2 allows short salts for yescrypt
		72	# ...but there is a catch. Not all of them.
		73	# The "partial" (not fitting in whole bytes) ascii64-encoded salt
		74	# is a special case. For example, "$zzz" would not even work in upstream.
		75	testing 'cryptpw yescrypt with empty salt' \
		76	'cryptpw -m yescrypt qweRTY123@-+ j9T\$' \
		77	'$y$j9T$$hpeksL94GXNRwnA00L3c8WFy0khFAUbCpBSak.N3Bp.\n' \
		78	'' ''
		79	testing 'cryptpw yescrypt with 3-char salt' \
		80	'cryptpw -m yescrypt qweRTY123@-+ j9T\$123' \
		81	'$y$j9T$123$A34DMIGUbUIo3bjx66Wtk2IFoREMIw6d49it25KQh2D\n' \
		82	'' ''
		83	# "." is not allowed in mkpasswd-5.6.2
		84	# ....................................
		85	# ".." is decoded into one zero byte (not two)
		86	testing 'cryptpw yescrypt with 2-char salt ".."' \
		87	'cryptpw -m yescrypt qweRTY123@-+ j9T\$..' \
		88	'$y$j9T$..$yVHeOayxOGg6cHL3.dg10u7T.qSgySfLN3uhSVSLNn/\n' \
		89	'' ''
		90	# "..." is decoded into two zero bytes (not three, not one)
		91	testing 'cryptpw yescrypt with 3-char salt "..."' \
		92	'cryptpw -m yescrypt qweRTY123@-+ j9T\$...' \
		93	'$y$j9T$...$xHvJ5USZ7hFyXYbOijtEOMfZRS23cWIxu2eIBXRymA5\n' \
		94	'' ''
		95	# "...." is decoded into three zero bytes (no surprises here)
		96	testing 'cryptpw yescrypt with 4-char salt "...."' \
		97	'cryptpw -m yescrypt qweRTY123@-+ j9T\$....' \
		98	'$y$j9T$....$wOnauYL2/NEtr6YQi9pi8AtV7L57sEbVOAnWJIcP9q2\n' \
		99	'' ''
		100	# 84 chars = 21 4-char blocks which decode into 21*3 = 63 bytes.
		101	# The last byte of the maximum allowed salt size has to come from an incomplete
		102	# char block. E.g. "z/" encodes byte 0x7f. "z1" is 0xff.
		103	# Anything larger (e.g. "z2") is an error (it encodes 0x13f).
		104	testing 'cryptpw yescrypt with 86-char salt (max size)' \
		105	'cryptpw -m yescrypt qweRTY123@-+ j9T\$123456789012345678901234567890123456789012345678901234567890123456789012345678901234z/' \
		106	'$y$j9T$123456789012345678901234567890123456789012345678901234567890123456789012345678901234z/$Exxe8IoPXiddFsqj7iqCanRf8FyquAoB0/uceLmLjG.\n' \
		107	'' ''
		108	testing 'cryptpw yescrypt implicit' \
		109	'cryptpw qweRTY123@-+ \$y\$j9T\$123456789012345678901234' \
		110	'$y$j9T$123456789012345678901234$AKxw5OX/T4jD.v./IW.5tE/j7izNjw06fg3OvH1LsN9\n' \
		111	'' ''
40	SKIP=	112	SKIP=
41		113
42	exit $FAILCOUNT	114	exit $FAILCOUNT