1<?php 2 3class auth_password_test extends DokuWikiTest { 4 5 /** 6 * precomputed hashes 7 * 8 * for the password foo$method, using abcdefgh12345678912345678912345678 as salt 9 * 10 * @return array 11 */ 12 public function hashes() { 13 14 $passes = array( 15 array('smd5', '$1$abcdefgh$SYbjm2AEvSoHG7Xapi8so.'), 16 array('apr1', '$apr1$abcdefgh$C/GzYTF4kOVByYLEoD5X4.'), 17 array('md5', '8fa22d62408e5351553acdd91c6b7003'), 18 array('sha1', 'b456d3b0efd105d613744ffd549514ecafcfc7e1'), 19 array('ssha', '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk'), 20 array('lsmd5', '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo'), 21 array('crypt', 'ablvoGr1hvZ5k'), 22 array('mysql', '4a1fa3780bd6fd55'), 23 array('my411', '*E5929347E25F82E19E4EBE92F1DC6B6E7C2DBD29'), 24 array('kmd5', 'a579299436d7969791189acadd86fcb716'), 25 array('djangomd5', 'md5$abcde$d0fdddeda8cd92725d2b54148ac09158'), 26 array('djangosha1', 'sha1$abcde$c8e65a7f0acc9158843048a53dcc5a6bc4d17678'), 27 ); 28 29 if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) { 30 // Check SHA512 only if available in this PHP 31 $passes[] = array('sha512', '$6$abcdefgh12345678$J9.zOcgx0lotwZdcz0uulA3IVQMinZvFZVjA5vapRLVAAqtay23XD4xeeUxQ3B4JvDWYFBIxVWW1tOYlHX13k1'); 32 } 33 if(function_exists('hash_pbkdf2')) { 34 if(in_array('sha256', hash_algos())) { 35 $passes[] = array('djangopbkdf2_sha256', 'pbkdf2_sha256$24000$abcdefgh1234$R23OyZJ0nGHLG6MvPNfEkV5AOz3jUY5zthByPXs2gn0='); 36 } 37 if(in_array('sha1', hash_algos())) { 38 $passes[] = array('djangopbkdf2_sha1', 'pbkdf2_sha1$24000$abcdefgh1234$pOliX4vV1hgOv7lFNURIHHx41HI='); 39 } 40 } 41 return $passes; 42 } 43 44 /** 45 * @dataProvider hashes 46 * @param $method 47 * @param $hash 48 */ 49 function test_cryptPassword($method, $hash) { 50 $this->assertEquals( 51 $hash, 52 auth_cryptPassword('foo' . $method, $method, 'abcdefgh12345678912345678912345678') 53 ); 54 } 55 56 /** 57 * @dataProvider hashes 58 * @param $method 59 * @param $hash 60 */ 61 function test_verifyPassword($method, $hash) { 62 $this->assertTrue(auth_verifyPassword('foo' . $method, $hash)); 63 $this->assertFalse(auth_verifyPassword('bar' . $method, $hash)); 64 } 65 66 /** 67 * @dataProvider hashes 68 * @param $method 69 * @param $hash 70 */ 71 function test_verifySelf($method, $hash) { 72 $hash = auth_cryptPassword('foo' . $method, $method); 73 $this->assertTrue(auth_verifyPassword('foo' . $method, $hash)); 74 } 75 76 /** 77 * @dataProvider hashes 78 * @param $method 79 * @param $hash 80 */ 81 function test_verifyUnusable($method, $hash) { 82 $hash = auth_cryptPassword(null, $method); 83 $this->assertFalse(auth_verifyPassword(null, $hash)); 84 } 85 86 function test_bcrypt_self() { 87 $hash = auth_cryptPassword('foobcrypt', 'bcrypt'); 88 $this->assertTrue(auth_verifyPassword('foobcrypt', $hash)); 89 } 90 91 function test_verifyPassword_fixedbcrypt() { 92 $this->assertTrue(auth_verifyPassword('foobcrypt', '$2a$12$uTWercxbq4sjp2xAzv3we.ZOxk51m5V/Bv5bp2H27oVFJl5neFQoC')); 93 $this->assertTrue(auth_verifyPassword('lemmybcrypt12hash', '$2b$12$zMBuY6QAGXuT6elIbadavO1JTI6DfaGe1MpfBthG/nt6mkodwmKAi')); 94 } 95 96 function test_verifyPassword_nohash() { 97 $this->assertTrue(auth_verifyPassword('foo', '$1$$n1rTiFE0nRifwV/43bVon/')); 98 } 99 100 function test_verifyPassword_fixedpmd5() { 101 $this->assertTrue(auth_verifyPassword('test12345', '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); 102 $this->assertTrue(auth_verifyPassword('test12345', '$H$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); 103 } 104 105 function test_verifypassword_drupal_sha512() { 106 $this->assertTrue(auth_verifypassword('drupal_sha512', '$S$D7JxIm0f7QKO3zjwVS1RH4AW8sYvmLjO0.Rn4swH0JVt6OrZ4yzZ')); 107 } 108 109 function test_verifypassword_drupal_migrated_6to7() { 110 $this->assertTrue(auth_verifypassword('pouette1234', 'U$S$9c47LGZuhR6TvhRQXzymkJIQ3mXthUCc6KDEGTt4B7eOL/H9Ykuy')); 111 } 112 113 function test_verifyPassword_seafilepbkdf2() { 114 $hash='PBKDF2SHA256$10000$99227b6df52aa1394b5ca0aceee2733dd6c2670c85bbe26c751a2c65e79d4db7$d61dd1c4df6873c73813fe97f96d0e917792602a33966f3fab0eef154637cc84'; 115 $pw='@STR0NGpassW0RD'; 116 $this->assertTrue(auth_verifyPassword($pw, $hash)); 117 } 118 119 function test_veryPassword_mediawiki() { 120 $this->assertTrue(auth_verifyPassword('password', ':B:838c83e1:e4ab7024509eef084cdabd03d8b2972c')); 121 } 122 123 /** 124 * pmd5 checking should throw an exception when a hash with a too high 125 * iteration count is passed 126 */ 127 function test_verifyPassword_pmd5Exception() { 128 $except = false; 129 try { 130 auth_verifyPassword('foopmd5', '$H$abcdefgh1ZbJodHxmeXVAhEzTG7IAp.'); 131 } catch(Exception $e) { 132 $except = true; 133 } 134 $this->assertTrue($except); 135 } 136 137 function test_verifyPassword_sha256_crypt() { 138 if(defined('CRYPT_SHA256') && CRYPT_SHA256 == 1) { 139 $this->assertTrue(auth_verifyPassword('password', '$5$KvtIFskJlsLHR95A$CABu0dPozYsRq/dGNj4KITBQ21ZK.gC9KVXAkYFNE85')); 140 $this->assertTrue(auth_verifyPassword('password', '$5$rounds=1000$FQM/YjSke3Iqsdma$RYwG1MP21u68qUBQKqHoz7GLpWlnA6tunNKMNH3nRh5')); 141 } else { 142 $this->markTestSkipped('SHA256 not available in this PHP environment'); 143 } 144 } 145 /** 146 * issue #2629, support PHP's crypt() format (with rounds=0 parameter) 147 */ 148 function test_verifyPassword_sha512_crypt() { 149 if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) { 150 $this->assertTrue(auth_verifyPassword('Qwerty123', '$6$rounds=3000$9in6UciYPFG6ydsJ$YBjypQ7XoRqvJoX1a2.spSysSVHcdreVXi1Xh5SyOxo2yNSxDjlUCun2YXrwk9.YP6vmRvCWrhp0fbPgSOT7..')); 151 } else { 152 $this->markTestSkipped('SHA512 not available in this PHP environment'); 153 } 154 } 155 156 function test_verifyPassword_Woltlab() 157 { 158 $this->assertTrue(auth_verifyPassword('zQ9ZwsTvgufN', 'Bcrypt:$2y$12$ygz.4TeGn/NXEcXIE0pyge4lJyuSMqRdDPT5dW469lODb.HswSzjW')); 159 } 160} 161