diff options
| author | Zack Weinberg <zackw@panix.com> | 2019-01-31 11:13:16 -0500 |
|---|---|---|
| committer | Björn Esser <besser82@fedoraproject.org> | 2019-02-03 21:28:46 +0100 |
| commit | 5944393d82fd2d3e5e8b1a45103190b9c054ed9f (patch) | |
| tree | ca13874349f00c65f66162e51afb67efef5a7623 /.gitignore | |
| parent | 34f216caaefbc1af599ec7a7b75cb21718eceaba (diff) | |
| download | libxcrypt-5944393d82fd2d3e5e8b1a45103190b9c054ed9f.tar.gz libxcrypt-5944393d82fd2d3e5e8b1a45103190b9c054ed9f.tar.bz2 libxcrypt-5944393d82fd2d3e5e8b1a45103190b9c054ed9f.zip | |
Consolidate known answer tests for crypt* API.
Most of the hashing methods had their own test-crypt-xxx.c program
that ran a short sequence of “known answer” tests:
crypt(phrase, salt) = expected for fixed values of phrase, salt, and
expected. The code involved was very repetitive, taken as a whole,
and many of the programs were not very thorough.
Consolidate all of these programs into a single program,
test-crypt-kat.c (kat = known answer test); test all the hashing
methods against the union of all the old programs’ input phrases;
test all four supported crypt* APIs for each case; test that for
each hash <- crypt(phrase, salt), hash == crypt(phrase, hash) as well.
The known answers are generated from a table of combinations, using
a Python program that uses an independent implementation of all the
hashing methods (passlib <https://passlib.readthedocs.io>, forced
to use its internal pure-Python reference implementations instead of
C accelerators that may have too much code in common with libxcrypt’s
implementations). This program is very slow, and passlib is not part
of the Python standard library, and we don’t currently depend on
Python during the build at all, so it is not run during a normal
build. You have to run it by hand if you change it, and check in the
output (test-crypt-kat.inc).
passlib currently can’t calculate yescrypt or gost-yescrypt hashes,
so we don’t have known answers to compare against for those, but we
do still crank all of the passphrases through the algorithm and make
sure the hash == crypt(phrase, hash) invariant holds for them.
test-crypt-gost-yescrypt.c performs some extra, GY-specific tests
as well as known-answer black box tests; that part of it is preserved.
It is necessary to increase the timeout for running the test suite
under valgrind on Travis, from 10 minutes to 60 minutes. This can’t
be done in the documented manner because the “command” you’re supposed
to use, travis_wait, is a bash function available in the parent script
but not in our .travis_script.sh; it is necessary to replicate that
logic in our script.
Diffstat (limited to '.gitignore')
| -rw-r--r-- | .gitignore | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -68,6 +68,7 @@ /test-crypt-bcrypt /test-crypt-des /test-crypt-gost-yescrypt +/test-crypt-kat /test-crypt-md5 /test-crypt-nthash /test-crypt-pbkdf1-sha1 |