util: add unit test for pw hashing

Related: https://pagure.io/freeipa/issue/6857
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Peter Keresztes Schmidt 2020-06-04 21:36:31 +02:00 committed by Alexander Bokovoy
parent d79a7a9696
commit f2d854886f
5 changed files with 75 additions and 2 deletions

2
.gitignore vendored
View File

@ -93,6 +93,8 @@ freeipa2-dev-doc
/po/test.po
/po/test_locale/xh_ZA/LC_MESSAGES/ipa.mo
/util/t_pwd
/init/ipa_memcached
/init/systemd/ipa-custodia.service
/init/systemd/ipa.service

View File

@ -14,3 +14,7 @@ libutil_la_SOURCES = ipa_krb5.c \
ipa_pwd_ntlm.c
libutil_la_LIBADD = $(CRYPTO_LIBS) $(KRB5_LIBS) $(LDAP_LIBS) $(NSS_LIBS)
check_PROGRAMS = t_pwd
TESTS = $(check_PROGRAMS)
t_pwd_LDADD = libutil.la

View File

@ -23,7 +23,6 @@
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include <stdbool.h>
#include <stdio.h>
#include <time.h>
#include <ctype.h>
@ -202,7 +201,7 @@ static int ipapwd_hash_type_to_alg(char *hash_type,
*
* @return 0 on success, -1 on error.
*/
static int ipapwd_hash_password(char *password,
int ipapwd_hash_password(char *password,
char *hash_type,
unsigned char *salt,
unsigned char **full_hash,

View File

@ -22,6 +22,7 @@
#pragma once
#include <stdbool.h>
#include <stdint.h>
#include <time.h> /* for time_t */
@ -59,6 +60,12 @@ struct ipapwd_policy {
time_t ipapwd_gentime_to_time_t(char *timestr);
int ipapwd_hash_password(char *password,
char *hash_type,
unsigned char *salt,
unsigned char **full_hash,
unsigned int *full_hash_len);
int ipapwd_check_policy(struct ipapwd_policy *policy,
char *password,
time_t cur_time,

61
util/t_pwd.c Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright (C) 2020 FreeIPA Contributors see COPYING for license
*/
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "ipa_pwd.h"
#define RES(algo, ...) { algo, (uint8_t[]){__VA_ARGS__}, sizeof((uint8_t[]){__VA_ARGS__}) }
static const struct {
char *algo;
uint8_t *res;
size_t res_size;
} hash_tests[] = {
/* {SSHA} */
RES("{SSHA}", 30, 226, 112, 72, 241, 233, 125, 4, 27, 158, 228, 238, 180, 21, 179, 121, 48, 59, 100, 3, 0, 1, 2,
3, 4, 5, 6, 7),
/* {SHA256} */
RES("{SHA256}", 162, 175, 215, 45, 209, 245, 101, 173, 242, 116, 208, 128, 28, 159, 206, 241, 255, 65, 245, 82,
218, 244, 27, 99, 57, 215, 96, 93, 7, 176, 195, 175, 0, 1, 2, 3, 4, 5, 6, 7),
/* {SHA384} */
RES("{SHA384}", 214, 104, 216, 118, 234, 225, 221, 104, 228, 82, 156, 86, 230, 47, 185, 170, 119, 35, 153, 160,
142, 153, 141, 101, 74, 17, 150, 219, 9, 243, 170, 242, 225, 128, 173, 102, 198, 231, 121, 124, 86, 210, 19,
11, 237, 150, 157, 176, 0, 1, 2, 3, 4, 5, 6, 7),
/* {SHA512} */
RES("{SHA512}", 157, 177, 112, 19, 84, 152, 211, 233, 139, 237, 240, 235, 207, 79, 232, 252, 123, 150, 114, 169,
206, 95, 196, 141, 31, 58, 195, 220, 212, 168, 98, 67, 1, 255, 211, 129, 67, 181, 114, 214, 243, 236, 41,
247, 118, 167, 139, 70, 192, 172, 128, 94, 9, 225, 208, 98, 23, 148, 182, 202, 28, 130, 22, 30, 0, 1, 2, 3,
4, 5, 6, 7)
};
int main(int argc, const char *argv[]) {
(void) argc;
(void) argv;
char pw[] = "test";
uint8_t salt[8] = {0, 1, 2, 3, 4, 5, 6, 7};
unsigned char *hash;
unsigned int hash_length;
for (long unsigned int i = 0; i < sizeof(hash_tests) / sizeof(*hash_tests); i++) {
if (ipapwd_hash_password(pw, hash_tests[i].algo, salt, &hash, &hash_length) == 0) {
assert(memcmp(hash, hash_tests[i].res, hash_tests[i].res_size) == 0);
} else {
assert(false);
}
fprintf(stderr, "Algo: %s OK, length: %i\n", hash_tests[i].algo, hash_length);
free(hash);
}
return 0;
}