diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:46 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:46 +0000 |
| commit | 50b37d4a27d3295a29afca2286f1a5a086142cec (patch) | |
| tree | 9212f763934ee090ef72d823f559f52ce387f268 /src/tests/keywords/sha2 | |
| parent | Initial commit. (diff) | |
| download | freeradius-upstream.tar.xz freeradius-upstream.zip | |
Adding upstream version 3.2.1+dfsg.upstream/3.2.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | src/tests/keywords/sha2 | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/src/tests/keywords/sha2 b/src/tests/keywords/sha2 new file mode 100644 index 0000000..89c54f4 --- /dev/null +++ b/src/tests/keywords/sha2 @@ -0,0 +1,81 @@ +# +# PRE: update if +# +if ("$ENV{OPENSSL_LIBS}" != "") { + +update { + control:Cleartext-Password := 'hello' + request:Tmp-String-0 := "This is a string\n" + request:Tmp-Octets-0 := 0x000504030201 +} + +update reply { + Filter-Id := 'filter' +} + +# +# Put "This is a string" into a file and call "sha256sum" on it. +# You should get this string. +# +if ("%{sha256:This is a string\n}" != 'b3716a1ab53042bb392034f29071e13b0c38aa19b4edd75d9a76022f91189124') { + update reply { + Filter-Id += 'fail 1' + } +} + +if ("%{sha256:&Tmp-String-0}" != 'b3716a1ab53042bb392034f29071e13b0c38aa19b4edd75d9a76022f91189124') { + update reply { + Filter-Id += 'fail 2' + } +} + +if ("%{sha256:&request:Tmp-String-0}" != 'b3716a1ab53042bb392034f29071e13b0c38aa19b4edd75d9a76022f91189124') { + update reply { + Filter-Id += 'fail 3' + } +} + +if ("%{sha256:%{Tmp-String-0}}" != 'b3716a1ab53042bb392034f29071e13b0c38aa19b4edd75d9a76022f91189124') { + update reply { + Filter-Id += 'fail 4' + } +} + +# +# SHA256 should also be able to cope with references to octet attributes +# +if ("%{sha256:&request:Tmp-Octets-0}" != 'f307e202b881fded70e58017aa0c4d7b29c76ab25d02bf078301a5f6635187eb') { + update reply { + Filter-Id += 'fail 5' + } +} + +# +# SHA512 and SHA256 share common code paths, so the tests don't need to be +# as exhaustive. +# +if ("%{sha512:This is a string\n}" != '56b57df5cce42d4e35c644649798ea23ec16f4f4626e78faf4d2d8f430ea349bcc28cd5532457c82f0aa66bf68988346039fe75b900a92ff94fd53993d45990f') { + update reply { + Filter-Id += 'fail 6' + } +} + +if ("%{sha512:&Tmp-String-0}" != '56b57df5cce42d4e35c644649798ea23ec16f4f4626e78faf4d2d8f430ea349bcc28cd5532457c82f0aa66bf68988346039fe75b900a92ff94fd53993d45990f') { + update reply { + Filter-Id += 'fail 7' + } +} + +if ("%{sha512:&request:Tmp-Octets-0}" != 'de80271eb5e03a1c24dd0cd823a22305a743ee3a54f1de5bf97adbf56984561154bfb6928b1da4ccc3f5dde9f4032ad461937b60b9ace4ad3898cf45c90596d7') { + update reply { + Filter-Id += 'fail 8' + } +} + +} + +else { # no OPENSSL. Force the test to pass + update reply { + Filter-Id := 'filter' + } +} |