|
|
@ -1,7 +1,9 @@
|
|
|
|
<?php
|
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
|
|
class PaCryptTest extends \PHPUnit\Framework\TestCase {
|
|
|
|
class PaCryptTest extends \PHPUnit\Framework\TestCase
|
|
|
|
public function testMd5Crypt() {
|
|
|
|
{
|
|
|
|
|
|
|
|
public function testMd5Crypt()
|
|
|
|
|
|
|
|
{
|
|
|
|
$hash = _pacrypt_md5crypt('test', '');
|
|
|
|
$hash = _pacrypt_md5crypt('test', '');
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertNotEmpty($hash);
|
|
|
|
$this->assertNotEmpty($hash);
|
|
|
@ -10,7 +12,8 @@ class PaCryptTest extends \PHPUnit\Framework\TestCase {
|
|
|
|
$this->assertEquals($hash, _pacrypt_md5crypt('test', $hash));
|
|
|
|
$this->assertEquals($hash, _pacrypt_md5crypt('test', $hash));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testCrypt() {
|
|
|
|
public function testCrypt()
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
// E_NOTICE if we pass in '' for the salt
|
|
|
|
// E_NOTICE if we pass in '' for the salt
|
|
|
|
$hash = _pacrypt_crypt('test', 'sa');
|
|
|
|
$hash = _pacrypt_crypt('test', 'sa');
|
|
|
@ -21,7 +24,8 @@ class PaCryptTest extends \PHPUnit\Framework\TestCase {
|
|
|
|
$this->assertEquals($hash, _pacrypt_crypt('test', $hash));
|
|
|
|
$this->assertEquals($hash, _pacrypt_crypt('test', $hash));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testMySQLEncrypt() {
|
|
|
|
public function testMySQLEncrypt()
|
|
|
|
|
|
|
|
{
|
|
|
|
if (!db_mysql()) {
|
|
|
|
if (!db_mysql()) {
|
|
|
|
$this->markTestSkipped('Not using MySQL');
|
|
|
|
$this->markTestSkipped('Not using MySQL');
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -45,7 +49,8 @@ class PaCryptTest extends \PHPUnit\Framework\TestCase {
|
|
|
|
);
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testAuthlib() {
|
|
|
|
public function testAuthlib()
|
|
|
|
|
|
|
|
{
|
|
|
|
global $CONF;
|
|
|
|
global $CONF;
|
|
|
|
|
|
|
|
|
|
|
|
// too many options!
|
|
|
|
// too many options!
|
|
|
@ -66,7 +71,8 @@ class PaCryptTest extends \PHPUnit\Framework\TestCase {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testPacryptDovecot() {
|
|
|
|
public function testPacryptDovecot()
|
|
|
|
|
|
|
|
{
|
|
|
|
global $CONF;
|
|
|
|
global $CONF;
|
|
|
|
if (!file_exists('/usr/bin/doveadm')) {
|
|
|
|
if (!file_exists('/usr/bin/doveadm')) {
|
|
|
|
$this->markTestSkipped("No /usr/bin/doveadm");
|
|
|
|
$this->markTestSkipped("No /usr/bin/doveadm");
|
|
|
@ -82,9 +88,8 @@ class PaCryptTest extends \PHPUnit\Framework\TestCase {
|
|
|
|
$this->assertEquals($expected_hash, _pacrypt_dovecot('test', $expected_hash));
|
|
|
|
$this->assertEquals($expected_hash, _pacrypt_dovecot('test', $expected_hash));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testPhpCrypt() {
|
|
|
|
public function testPhpCrypt()
|
|
|
|
global $CONF;
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
$config = Config::getInstance();
|
|
|
|
$config = Config::getInstance();
|
|
|
|
Config::write('encrypt', 'php_crypt:MD5');
|
|
|
|
Config::write('encrypt', 'php_crypt:MD5');
|
|
|
|
|
|
|
|
|
|
|
@ -99,11 +104,44 @@ class PaCryptTest extends \PHPUnit\Framework\TestCase {
|
|
|
|
|
|
|
|
|
|
|
|
$fail = _pacrypt_php_crypt('bar', $expected);
|
|
|
|
$fail = _pacrypt_php_crypt('bar', $expected);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function testPhpCryptHandlesPrefixAndOrRounds()
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
// try with 1000 rounds
|
|
|
|
|
|
|
|
Config::write('encrypt', 'php_crypt:SHA256:1000');
|
|
|
|
|
|
|
|
$password = 'hello';
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$randomHash = '$5$VhqhhsXJtPFeBX9e$kz3/CMIEu80bKdtDAcISIrDfdwtc.ilR68Vb3hNhu/7';
|
|
|
|
|
|
|
|
$randomHashWithPrefix = '{SHA256-CRYPT}' . $randomHash;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$new = _pacrypt_php_crypt($password, '');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertNotEquals($randomHash, $new); // salts should be different.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$enc = _pacrypt_php_crypt($password, $randomHash);
|
|
|
|
|
|
|
|
$this->assertEquals($enc, $randomHash);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertEquals($randomHash, _pacrypt_php_crypt("hello", $randomHash));
|
|
|
|
|
|
|
|
$this->assertEquals($randomHash, _pacrypt_crypt("hello", $randomHash));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Config::write('encrypt', 'php_crypt:SHA256::{SHA256-CRYPT}');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$enc = _pacrypt_php_crypt("hello", $randomHash);
|
|
|
|
|
|
|
|
$this->assertEquals($randomHash, $enc); // we passed in something lacking the prefix, so we shouldn't have added it in.
|
|
|
|
|
|
|
|
$this->assertTrue(hash_equals($randomHash, $enc));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// should cope with this :
|
|
|
|
|
|
|
|
$enc = _pacrypt_php_crypt($password, '');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertEquals($enc, _pacrypt_php_crypt($password, $enc));
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertNotEquals($fail, $expected);
|
|
|
|
$this->assertRegExp('/^\{SHA256-CRYPT\}/', $enc);
|
|
|
|
|
|
|
|
$this->assertGreaterThan(20, strlen($enc));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testPhpCryptRandomString() {
|
|
|
|
public function testPhpCryptRandomString()
|
|
|
|
|
|
|
|
{
|
|
|
|
$str1 = _php_crypt_random_string('abcdefg123456789', 2);
|
|
|
|
$str1 = _php_crypt_random_string('abcdefg123456789', 2);
|
|
|
|
$str2 = _php_crypt_random_string('abcdefg123456789', 2);
|
|
|
|
$str2 = _php_crypt_random_string('abcdefg123456789', 2);
|
|
|
|
$str3 = _php_crypt_random_string('abcdefg123456789', 2);
|
|
|
|
$str3 = _php_crypt_random_string('abcdefg123456789', 2);
|
|
|
@ -114,10 +152,11 @@ class PaCryptTest extends \PHPUnit\Framework\TestCase {
|
|
|
|
|
|
|
|
|
|
|
|
// it should be difficult for us to get three salts of the same value back...
|
|
|
|
// it should be difficult for us to get three salts of the same value back...
|
|
|
|
// not impossible though.
|
|
|
|
// not impossible though.
|
|
|
|
$this->assertFalse( strcmp($str1, $str2) == 0 && strcmp($str1, $str3) == 0 );
|
|
|
|
$this->assertFalse(strcmp($str1, $str2) == 0 && strcmp($str1, $str3) == 0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function testSha512B64() {
|
|
|
|
public function testSha512B64()
|
|
|
|
|
|
|
|
{
|
|
|
|
$str1 = _pacrypt_sha512_b64('test', '');
|
|
|
|
$str1 = _pacrypt_sha512_b64('test', '');
|
|
|
|
$str2 = _pacrypt_sha512_b64('test', '');
|
|
|
|
$str2 = _pacrypt_sha512_b64('test', '');
|
|
|
|
|
|
|
|
|
|
|
@ -138,6 +177,6 @@ class PaCryptTest extends \PHPUnit\Framework\TestCase {
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertFalse(hash_equals('test', $str3));
|
|
|
|
$this->assertFalse(hash_equals('test', $str3));
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertTrue(hash_equals(_pacrypt_sha512_b64('foo',$str3), $str3));
|
|
|
|
$this->assertTrue(hash_equals(_pacrypt_sha512_b64('foo', $str3), $str3));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|