summaryrefslogtreecommitdiffstats
path: root/tests/password-hash-test
blob: e7773906940afcfbbca23a9572d12e75e291c1ec (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220

#!/bin/bash

# check hash processing in create command

[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
DEV_NAME=dmc_test
KEY_FILE=keyfile

DEV2=$DEV_NAME"_x"

if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then
	CRYPTSETUP_VALGRIND=$CRYPTSETUP
else
	CRYPTSETUP_VALGRIND=../.libs/cryptsetup
	CRYPTSETUP_LIB_VALGRIND=../.libs
fi

dmremove() { # device
	udevadm settle >/dev/null 2>&1
	dmsetup remove --retry $1 >/dev/null 2>&1
}

cleanup() {
	[ -b /dev/mapper/$DEV2 ] && dmremove $DEV2
	[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
	rm -f $KEY_FILE
	exit $1
}

function fail()
{
	echo " $1 [FAILED]"
	echo "FAILED backtrace:"
	while caller $frame; do ((frame++)); done
	cleanup 2
}

skip()
{
	echo "TEST SKIPPED: $1"
	cleanup 77
}

function valgrind_setup()
{
	command -v valgrind >/dev/null || fail "Cannot find valgrind."
	[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
	[ ! -f valg.sh ] && fail "Unable to get location of valg runner script."
	if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then
		export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
	fi
}

function valgrind_run()
{
	INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}

crypt_key() # hash keysize pwd/file name outkey [limit] [offset]
{
	DEV2=$DEV_NAME"_x"
	LIMIT=""
	MODE=aes-cbc-essiv:sha256
	[ $2 -gt 256 ] && MODE=aes-xts-plain
	[ -n "$6" ] && LIMIT="-l $6"
	[ -n "$7" ] && LIMIT="$LIMIT --keyfile-offset $7"

	echo -n "HASH: $1 KSIZE: $2 / $3"
	case "$3" in
	pwd)
		echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
		ret=$?
		;;
	std-)
		echo -e -n "$4" | $CRYPTSETUP create -c $MODE -d "-" -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
		ret=$?
		;;
	stdin)
		echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
		ret=$?
		;;
	cat)
		cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
		ret=$?
		;;
	cat-)
		cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 -d - /dev/mapper/$DEV_NAME 2>/dev/null
		ret=$?
		;;
	file)
		$CRYPTSETUP create -q -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
		ret=$?
		;;
	failpwd)
		echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null && fail "Expecting failure"
		echo " [OK]"
		return
		;;
	*)
		fail ""
		;;
	esac

	# ignore these cases, not all libs/kernel supports it
	if [ "$1" != "sha256" ] || [ $2 -gt 256 ] ; then
		if [ $ret -ne 0 ] ; then
			echo " [N/A] ($ret, SKIPPED)"
			return
		fi
	fi

	VKEY=$(dmsetup table $DEV2 --showkeys 2>/dev/null | sed 's/.*: //' | cut -d' '  -f 5)
	if [ "$VKEY" != "$5" ] ; then
		echo " [FAILED]"
		echo "expected: $5"
		echo "real key: $VKEY"
		cleanup 100
	else
		echo " [OK]"
	fi

	dmremove $DEV2
}

[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
if [ $(id -u) != 0 ]; then
	echo "WARNING: You must be root to run this test, test skipped."
	exit 77
fi

dmsetup create $DEV_NAME --table "0 10240 zero" >/dev/null 2>&1

crypt_key ripemd160   0 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
crypt_key ripemd160 256 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
crypt_key ripemd160 128 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f
crypt_key sha1      256 pwd "xxx" b60d121b438a380c343d5ec3c2037564b82ffef30b1e0a6ad9af7a73aa91c197
crypt_key sha1      128 pwd "xxx" b60d121b438a380c343d5ec3c2037564
crypt_key sha256    256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
crypt_key sha256    128 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7

crypt_key sha256   0 std- "xxx"    cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
crypt_key sha256 256 std- "xxx\n"  042aea10a0f14f2d391373599be69d53a75dde9951fc3d3cd10b6100aa7a9f24
crypt_key sha256 128 std- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" \
				   2a42b97084779dcedf2c66405c5d296c
crypt_key sha256 256 stdin "xxx"   cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
crypt_key sha256   0 stdin "xxx\n" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860

# with keyfile, hash is ignored
crypt_key ripemd160 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
crypt_key sha256    256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
crypt_key unknown*  256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000

# limiting key
crypt_key sha256:20 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b4580588000000000000000000000000
crypt_key sha256:32 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860

crypt_key sha256:   256 failpwd "xxx" x
crypt_key sha256:xx 256 failpwd "xxx" x

# key file, 80 chars
echo -n -e "0123456789abcdef\n\x01\x00\x03\xff\xff\r\xff\xff\n\r" \
	   "2352j3rkjhadcfasc823rqaw7e1 3dq sdq3d 2dkjqw3h2=====" >$KEY_FILE
KEY_FILE_HEX="303132333435363738396162636465660a010003ffff0dffff0a0d20323335326a33726b6a686164636661736338323372716177376531203364712073647133"


# ignore hash if keyfile is specified
crypt_key ripemd160 256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
crypt_key sha256    256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
crypt_key sha256    128 file $KEY_FILE ${KEY_FILE_HEX:0:32}
crypt_key sha256    512 file $KEY_FILE $KEY_FILE_HEX

# stdin can be limited
crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 16
crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 17

# read key only up to \n
crypt_key plain     128 cat $KEY_FILE ${KEY_FILE_HEX:0:28}0000 14

# read full key, ignore keyfile length
crypt_key plain     128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32}
crypt_key plain     128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} 14

# but do not ignore hash if keysgfile is "-"
crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5
crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 0
crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 80
crypt_key sha256    128 cat- $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
crypt_key sha256    128 cat- $KEY_FILE 7df3f4a41a33805596be85c781cac3b4 14 2
crypt_key sha256    128 cat- $KEY_FILE ebbe65a178e886ddbb778e0a5538db72 40 40

# limiting plain (no hash)
crypt_key plain   256     pwd "xxxxxxxx" 7878787878787878000000000000000000000000000000000000000000000000
crypt_key plain:2 256     pwd "xxxxxxxx" 7878000000000000000000000000000000000000000000000000000000000000
crypt_key plain:9 256 failpwd "xxxxxxxx" x

crypt_key sha256    128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
crypt_key sha256:14 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1f0000 14

crypt_key sha256    128 pwd "0123456789abcdef" 9f9f5111f7b27a781f1f1ddde5ebc2dd 16
crypt_key sha256    128 pwd "0123456789abcdef" 1be2e452b46d7a0d9656bbb1f768e824  4
crypt_key sha256    128 pwd "0123"             1be2e452b46d7a0d9656bbb1f768e824  4

# Test list of various hash algorithms
crypt_key sha1        256 pwd "0123456789abcdef" fe5567e8d769550852182cdf69d74bb16dff8e295e4b6077d6d3fc73e7fe33b0
crypt_key sha224      256 pwd "0123456789abcdef" 7330215f6741fd2bacbd3658681a70f65e2e90a02887989018974ce83775a568
crypt_key sha256      256 pwd "0123456789abcdef" 9f9f5111f7b27a781f1f1ddde5ebc2dd2b796bfc7365c9c28b548e564176929f
crypt_key sha384      256 pwd "0123456789abcdef" fc6304023487cb6f85ac80e47817760c6b153c02da46c6429649e963b031e525
crypt_key sha512      256 pwd "0123456789abcdef" 1c043fbe4bca7c7920dae536c680fd44c15d71ec12cd82a2a9491b0043b57f4d
crypt_key ripemd160   256 pwd "0123456789abcdef" edf4e38018cd71dd489b9c1e54b32054eb42dfad9fdcc22d629d756391a24982
crypt_key whirlpool   256 pwd "0123456789abcdef" b21fc274d47d79ba45f94d67077f0846f75a7acc1a4dc560eacca300179cc142
crypt_key sha3-224    256 pwd "0123456789abcdef" bbb7d56cc80a8c80e907f7d9240edc0be264aa173266b30918bc1065d59a9388
crypt_key sha3-256    256 pwd "0123456789abcdef" a5df4caae9fdb5dbacf667075b709a2f30a115c43168af332062b42d4b0da01f
crypt_key sha3-384    256 pwd "0123456789abcdef" 56f351f754c418892eab4009e5f85c8d5436a591014503563e9395b895526413
crypt_key sha3-512    256 pwd "0123456789abcdef" 59d06155d25dffdb982729de8dce9d7855ca094d8bab8124b347c40668477056
crypt_key sm3         256 pwd "0123456789abcdef" a34fdd8e843802b31a262dce5b1f501bed68ef81520de14b39657aecffaf8a86
crypt_key stribog512  256 pwd "0123456789abcdef" ab1284a64c2325c0ad52494e696df9aa9b92e701605a9a1258b58be08e8240ea

cleanup 0
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-07 03:25:16 +0000