| 1 |
/* Licensed to the Apache Software Foundation (ASF) under one or more |
| 2 |
* contributor license agreements. See the NOTICE file distributed with |
| 3 |
* this work for additional information regarding copyright ownership. |
| 4 |
* The ASF licenses this file to You under the Apache License, Version 2.0 |
| 5 |
* (the "License"); you may not use this file except in compliance with |
| 6 |
* the License. You may obtain a copy of the License at |
| 7 |
* |
| 8 |
* http://www.apache.org/licenses/LICENSE-2.0 |
| 9 |
* |
| 10 |
* Unless required by applicable law or agreed to in writing, software |
| 11 |
* distributed under the License is distributed on an "AS IS" BASIS, |
| 12 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 |
* See the License for the specific language governing permissions and |
| 14 |
* limitations under the License. |
| 15 |
*/ |
| 16 |
|
| 17 |
#include <stdio.h> |
| 18 |
#include <stdlib.h> |
| 19 |
|
| 20 |
#include "apr_errno.h" |
| 21 |
#include "apr_strings.h" |
| 22 |
#include "apr_file_io.h" |
| 23 |
#include "apr_thread_pool.h" |
| 24 |
#include "apr_md5.h" |
| 25 |
#include "apr_sha1.h" |
| 26 |
|
| 27 |
#include "abts.h" |
| 28 |
#include "testutil.h" |
| 29 |
|
| 30 |
#if defined(WIN32) || defined(BEOS) || defined(NETWARE) |
| 31 |
#define CRYPT_ALGO_SUPPORTED 0 |
| 32 |
#else |
| 33 |
#define CRYPT_ALGO_SUPPORTED 1 |
| 34 |
#endif |
| 35 |
|
| 36 |
#if defined __GLIBC_PREREQ |
| 37 |
#if __GLIBC_PREREQ(2,7) |
| 38 |
#define GLIBCSHA_ALGO_SUPPORTED |
| 39 |
#endif |
| 40 |
#endif |
| 41 |
|
| 42 |
#if CRYPT_ALGO_SUPPORTED |
| 43 |
|
| 44 |
static struct { |
| 45 |
const char *password; |
| 46 |
const char *hash; |
| 47 |
} passwords[] = |
| 48 |
{ |
| 49 |
/* |
| 50 |
passwords and hashes created with Apache's htpasswd utility like this: |
| 51 |
|
| 52 |
htpasswd -c -b passwords pass1 pass1 |
| 53 |
htpasswd -b passwords pass2 pass2 |
| 54 |
htpasswd -b passwords pass3 pass3 |
| 55 |
htpasswd -b passwords pass4 pass4 |
| 56 |
htpasswd -b passwords pass5 pass5 |
| 57 |
htpasswd -b passwords pass6 pass6 |
| 58 |
htpasswd -b passwords pass7 pass7 |
| 59 |
htpasswd -b passwords pass8 pass8 |
| 60 |
(insert Perl one-liner to convert to initializer :) ) |
| 61 |
*/ |
| 62 |
{"pass1", "1fWDc9QWYCWrQ"}, |
| 63 |
{"pass2", "1fiGx3u7QoXaM"}, |
| 64 |
{"pass3", "1fzijMylTiwCs"}, |
| 65 |
{"pass4", "nHUYc8U2UOP7s"}, |
| 66 |
{"pass5", "nHpETGLGPwAmA"}, |
| 67 |
{"pass6", "nHbsbWmJ3uyhc"}, |
| 68 |
{"pass7", "nHQ3BbF0Y9vpI"}, |
| 69 |
{"pass8", "nHZA1rViSldQk"} |
| 70 |
}; |
| 71 |
static int num_passwords = sizeof(passwords) / sizeof(passwords[0]); |
| 72 |
|
| 73 |
static void test_crypt(abts_case *tc, void *data) |
| 74 |
{ |
| 75 |
int i; |
| 76 |
|
| 77 |
for (i = 0; i < num_passwords; i++) { |
| 78 |
apr_assert_success(tc, "check for valid password", |
| 79 |
apr_password_validate(passwords[i].password, |
| 80 |
passwords[i].hash)); |
| 81 |
} |
| 82 |
} |
| 83 |
|
| 84 |
#if APR_HAS_THREADS |
| 85 |
|
| 86 |
static void * APR_THREAD_FUNC testing_thread(apr_thread_t *thd, |
| 87 |
void *data) |
| 88 |
{ |
| 89 |
abts_case *tc = data; |
| 90 |
int i; |
| 91 |
|
| 92 |
for (i = 0; i < 100; i++) { |
| 93 |
test_crypt(tc, NULL); |
| 94 |
} |
| 95 |
|
| 96 |
return APR_SUCCESS; |
| 97 |
} |
| 98 |
|
| 99 |
#define NUM_THR 20 |
| 100 |
|
| 101 |
/* test for threadsafe crypt() */ |
| 102 |
static void test_threadsafe(abts_case *tc, void *data) |
| 103 |
{ |
| 104 |
int i; |
| 105 |
apr_status_t rv; |
| 106 |
apr_thread_pool_t *thrp; |
| 107 |
|
| 108 |
rv = apr_thread_pool_create(&thrp, NUM_THR/2, NUM_THR, p); |
| 109 |
ABTS_INT_EQUAL(tc, APR_SUCCESS, rv); |
| 110 |
|
| 111 |
for (i = 0; i < NUM_THR; i++) { |
| 112 |
rv = apr_thread_pool_push(thrp, testing_thread, tc, 0, NULL); |
| 113 |
ABTS_INT_EQUAL(tc, APR_SUCCESS, rv); |
| 114 |
} |
| 115 |
|
| 116 |
apr_thread_pool_destroy(thrp); |
| 117 |
} |
| 118 |
#endif |
| 119 |
|
| 120 |
#endif /* CRYPT_ALGO_SUPPORTED */ |
| 121 |
|
| 122 |
static void test_shapass(abts_case *tc, void *data) |
| 123 |
{ |
| 124 |
const char *pass = "hellojed"; |
| 125 |
const char *pass2 = "hellojed2"; |
| 126 |
char hash[100]; |
| 127 |
|
| 128 |
apr_sha1_base64(pass, strlen(pass), hash); |
| 129 |
|
| 130 |
apr_assert_success(tc, "SHA1 password validated", |
| 131 |
apr_password_validate(pass, hash)); |
| 132 |
APR_ASSERT_FAILURE(tc, "wrong SHA1 password should not validate", |
| 133 |
apr_password_validate(pass2, hash)); |
| 134 |
} |
| 135 |
|
| 136 |
static void test_md5pass(abts_case *tc, void *data) |
| 137 |
{ |
| 138 |
const char *pass = "hellojed", *salt = "sardine"; |
| 139 |
const char *pass2 = "hellojed2"; |
| 140 |
char hash[100]; |
| 141 |
|
| 142 |
apr_md5_encode(pass, salt, hash, sizeof hash); |
| 143 |
|
| 144 |
apr_assert_success(tc, "MD5 password validated", |
| 145 |
apr_password_validate(pass, hash)); |
| 146 |
APR_ASSERT_FAILURE(tc, "wrong MD5 password should not validate", |
| 147 |
apr_password_validate(pass2, hash)); |
| 148 |
} |
| 149 |
|
| 150 |
#ifdef GLIBCSHA_ALGO_SUPPORTED |
| 151 |
|
| 152 |
static struct { |
| 153 |
const char *password; |
| 154 |
const char *hash; |
| 155 |
} glibc_sha_pws[] = { |
| 156 |
/* SHA256 */ |
| 157 |
{ "secret1", "$5$0123456789abcdef$SFX.CooXBS8oXsbAPgU/UyiCodhrLQ19sBgvcA3Zh1D" }, |
| 158 |
{ "secret2", "$5$rounds=100000$0123456789abcdef$dLXfO5m4d.xv8G66kpz2LyL0.Mi5wjLlH0m7rtgyhyB" }, |
| 159 |
/* SHA512 */ |
| 160 |
{ "secret3", "$6$0123456789abcdef$idOsOfoWwnCQkJm9hd2hxS4NnEs9nBA9poOFXsvtrYSoSHaOToCfyUoZwKe.ZCZnq7D95tGVoi2jxZZMyVwTL1" }, |
| 161 |
{ "secret4", "$6$rounds=100000$0123456789abcdef$ZiAMjbeA.iIGTWxq2oks9Bvz9sfxaoGPgAtpwimPEwFwkSNMTK7lLwABzzldds/n4UgCQ16HqawPrCrePr4YX1" }, |
| 162 |
{ NULL, NULL } |
| 163 |
}; |
| 164 |
|
| 165 |
static void test_glibc_shapass(abts_case *tc, void *data) |
| 166 |
{ |
| 167 |
int i = 0; |
| 168 |
while (glibc_sha_pws[i].password) { |
| 169 |
apr_assert_success(tc, "check for valid glibc crypt-sha password", |
| 170 |
apr_password_validate(glibc_sha_pws[i].password, |
| 171 |
glibc_sha_pws[i].hash)); |
| 172 |
i++; |
| 173 |
} |
| 174 |
} |
| 175 |
#endif |
| 176 |
|
| 177 |
static void test_bcryptpass(abts_case *tc, void *data) |
| 178 |
{ |
| 179 |
const char *pass = "hellojed"; |
| 180 |
const char *pass2 = "hellojed2"; |
| 181 |
unsigned char salt[] = "sardine_sardine"; |
| 182 |
char hash[100]; |
| 183 |
const char *hash2 = "$2a$08$qipUJiI9fySUN38hcbz.lucXvAmtgowKOWYtB9y3CXyl6lTknruou"; |
| 184 |
const char *pass3 = "foobar"; |
| 185 |
|
| 186 |
apr_assert_success(tc, "bcrypt encode password", |
| 187 |
apr_bcrypt_encode(pass, 5, salt, sizeof(salt), hash, |
| 188 |
sizeof(hash))); |
| 189 |
|
| 190 |
apr_assert_success(tc, "bcrypt password validated", |
| 191 |
apr_password_validate(pass, hash)); |
| 192 |
APR_ASSERT_FAILURE(tc, "wrong bcrypt password should not validate", |
| 193 |
apr_password_validate(pass2, hash)); |
| 194 |
apr_assert_success(tc, "bcrypt password validated", |
| 195 |
apr_password_validate(pass3, hash2)); |
| 196 |
} |
| 197 |
|
| 198 |
|
| 199 |
abts_suite *testpass(abts_suite *suite) |
| 200 |
{ |
| 201 |
suite = ADD_SUITE(suite); |
| 202 |
|
| 203 |
#if CRYPT_ALGO_SUPPORTED |
| 204 |
abts_run_test(suite, test_crypt, NULL); |
| 205 |
#if APR_HAS_THREADS |
| 206 |
abts_run_test(suite, test_threadsafe, NULL); |
| 207 |
#endif |
| 208 |
#endif /* CRYPT_ALGO_SUPPORTED */ |
| 209 |
abts_run_test(suite, test_shapass, NULL); |
| 210 |
abts_run_test(suite, test_md5pass, NULL); |
| 211 |
abts_run_test(suite, test_bcryptpass, NULL); |
| 212 |
#ifdef GLIBCSHA_ALGO_SUPPORTED |
| 213 |
abts_run_test(suite, test_glibc_shapass, NULL); |
| 214 |
#endif |
| 215 |
|
| 216 |
return suite; |
| 217 |
} |
