[PATCH 3/9] Add crypt_r(), etc.

Sebastian Huber sebastian.huber at embedded-brains.de
Fri Nov 14 13:46:29 UTC 2014


Add crypt_add_format(), crypt_r(), crypt_md5_r(), crypt_sha256_r() and
crypt_sha512_r().
---
 cpukit/Makefile.am                      |   2 +
 cpukit/configure.ac                     |   1 +
 cpukit/include/crypt.h                  |  74 +++++++++
 cpukit/libcrypt/Makefile.am             |  17 ++
 cpukit/libcrypt/crypt-md5.c             | 157 ++++++++++++++++++
 cpukit/libcrypt/crypt-sha256.c          | 272 ++++++++++++++++++++++++++++++
 cpukit/libcrypt/crypt-sha512.c          | 284 ++++++++++++++++++++++++++++++++
 cpukit/libcrypt/crypt.c                 |  71 ++++++++
 cpukit/libcrypt/misc.c                  |  63 +++++++
 cpukit/libcrypt/preinstall.am           |  15 ++
 cpukit/preinstall.am                    |   4 +
 cpukit/wrapup/Makefile.am               |   1 +
 testsuites/libtests/Makefile.am         |   1 +
 testsuites/libtests/configure.ac        |   1 +
 testsuites/libtests/crypt01/Makefile.am |  19 +++
 testsuites/libtests/crypt01/crypt01.doc |  15 ++
 testsuites/libtests/crypt01/crypt01.scn |  78 +++++++++
 testsuites/libtests/crypt01/init.c      | 260 +++++++++++++++++++++++++++++
 18 files changed, 1335 insertions(+)
 create mode 100644 cpukit/include/crypt.h
 create mode 100644 cpukit/libcrypt/Makefile.am
 create mode 100644 cpukit/libcrypt/crypt-md5.c
 create mode 100644 cpukit/libcrypt/crypt-sha256.c
 create mode 100644 cpukit/libcrypt/crypt-sha512.c
 create mode 100644 cpukit/libcrypt/crypt.c
 create mode 100644 cpukit/libcrypt/misc.c
 create mode 100644 cpukit/libcrypt/preinstall.am
 create mode 100644 testsuites/libtests/crypt01/Makefile.am
 create mode 100644 testsuites/libtests/crypt01/crypt01.doc
 create mode 100644 testsuites/libtests/crypt01/crypt01.scn
 create mode 100644 testsuites/libtests/crypt01/init.c

diff --git a/cpukit/Makefile.am b/cpukit/Makefile.am
index 51cec69..38525fe 100644
--- a/cpukit/Makefile.am
+++ b/cpukit/Makefile.am
@@ -6,6 +6,7 @@ include $(top_srcdir)/automake/multilib.am
 # librtemscpu
 SUBDIRS = . score rtems sapi posix
 SUBDIRS += dev
+SUBDIRS += libcrypt
 SUBDIRS += libcsupport libblock libfs
 SUBDIRS += libnetworking librpc
 SUBDIRS += libi2c
@@ -46,6 +47,7 @@ include_utf8proc_HEADERS = libmisc/utf8proc/utf8proc.h
 include_sysdir = $(includedir)/sys
 include_sys_HEADERS =
 
+include_HEADERS += include/crypt.h
 include_HEADERS += include/memory.h
 
 include_sys_HEADERS += libcsupport/include/sys/ioccom.h
diff --git a/cpukit/configure.ac b/cpukit/configure.ac
index 4242062..d3d9325 100644
--- a/cpukit/configure.ac
+++ b/cpukit/configure.ac
@@ -420,6 +420,7 @@ libblock/Makefile
 libfs/Makefile
 libfs/src/nfsclient/Makefile
 libgnat/Makefile
+libcrypt/Makefile
 libcsupport/Makefile
 libnetworking/Makefile
 librpc/Makefile
diff --git a/cpukit/include/crypt.h b/cpukit/include/crypt.h
new file mode 100644
index 0000000..7696aa3
--- /dev/null
+++ b/cpukit/include/crypt.h
@@ -0,0 +1,74 @@
+/* LINTLIBRARY */
+/*
+ * Copyright (c) 1999
+ *      Mark Murray.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL MARK MURRAY OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ *
+ */
+
+#ifndef _CRYPT_H
+#define _CRYPT_H
+
+#include <sys/types.h>
+#include <sys/queue.h>
+
+__BEGIN_DECLS
+
+struct crypt_data {
+	char buffer[256];
+};
+
+struct crypt_format {
+	SLIST_ENTRY(crypt_format) link;
+	char *(*func)(const char *, const char *, struct crypt_data *);
+	const char *magic;
+};
+
+#define CRYPT_FORMAT_INITIALIZER(func, magic) { { NULL }, (func), (magic) }
+
+extern struct crypt_format crypt_md5_format;
+
+extern struct crypt_format crypt_sha256_format;
+
+extern struct crypt_format crypt_sha512_format;
+
+void crypt_add_format(struct crypt_format *);
+
+char *crypt_r(const char *, const char *, struct crypt_data *);
+
+char *crypt_md5_r(const char *, const char *, struct crypt_data *);
+
+char *crypt_sha256_r(const char *, const char *, struct crypt_data *);
+
+char *crypt_sha512_r(const char *, const char *, struct crypt_data *);
+
+void _crypt_to64(char *s, u_long v, int n);
+
+#define b64_from_24bit _crypt_b64_from_24bit
+void _crypt_b64_from_24bit(uint8_t, uint8_t, uint8_t, int, int *, char **);
+
+__END_DECLS
+
+#endif /* _CRYPT_H */
diff --git a/cpukit/libcrypt/Makefile.am b/cpukit/libcrypt/Makefile.am
new file mode 100644
index 0000000..fe174d4
--- /dev/null
+++ b/cpukit/libcrypt/Makefile.am
@@ -0,0 +1,17 @@
+include $(top_srcdir)/automake/compile.am
+
+include_HEADERS =
+
+noinst_LIBRARIES = libcrypt.a
+
+libcrypt_a_CPPFLAGS = $(AM_CPPFLAGS)
+
+libcrypt_a_SOURCES =
+libcrypt_a_SOURCES += crypt.c
+libcrypt_a_SOURCES += crypt-md5.c
+libcrypt_a_SOURCES += crypt-sha256.c
+libcrypt_a_SOURCES += crypt-sha512.c
+libcrypt_a_SOURCES += misc.c
+
+include $(srcdir)/preinstall.am
+include $(top_srcdir)/automake/local.am
diff --git a/cpukit/libcrypt/crypt-md5.c b/cpukit/libcrypt/crypt-md5.c
new file mode 100644
index 0000000..c60dcf8
--- /dev/null
+++ b/cpukit/libcrypt/crypt-md5.c
@@ -0,0 +1,157 @@
+/*-
+ * Copyright (c) 2003 Poul-Henning Kamp
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <md5.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <crypt.h>
+
+#define MD5_SIZE 16
+
+/*
+ * UNIX password
+ */
+
+char *
+crypt_md5_r(const char *pw, const char *salt, struct crypt_data *data)
+{
+	MD5_CTX	ctx,ctx1;
+	unsigned long l;
+	int sl, pl;
+	u_int i;
+	u_char final[MD5_SIZE];
+	const char *sp, *ep;
+	char *passwd = &data->buffer[0], *p;
+	static const char magic[] = "$1$";
+
+	/* Refine the Salt first */
+	sp = salt;
+
+	/* If it starts with the magic string, then skip that */
+	if(!strncmp(sp, magic, strlen(magic)))
+		sp += strlen(magic);
+
+	/* It stops at the first '$', max 8 chars */
+	for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
+		continue;
+
+	/* get the length of the true salt */
+	sl = ep - sp;
+
+	MD5Init(&ctx);
+
+	/* The password first, since that is what is most unknown */
+	MD5Update(&ctx, (const u_char *)pw, strlen(pw));
+
+	/* Then our magic string */
+	MD5Update(&ctx, (const u_char *)magic, strlen(magic));
+
+	/* Then the raw salt */
+	MD5Update(&ctx, (const u_char *)sp, (u_int)sl);
+
+	/* Then just as many characters of the MD5(pw,salt,pw) */
+	MD5Init(&ctx1);
+	MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+	MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
+	MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+	MD5Final(final, &ctx1);
+	for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE)
+		MD5Update(&ctx, (const u_char *)final,
+		    (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl));
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final, 0, sizeof(final));
+
+	/* Then something really weird... */
+	for (i = strlen(pw); i; i >>= 1)
+		if(i & 1)
+		    MD5Update(&ctx, (const u_char *)final, 1);
+		else
+		    MD5Update(&ctx, (const u_char *)pw, 1);
+
+	/* Now make the output string */
+	strcpy(passwd, magic);
+	strncat(passwd, sp, (u_int)sl);
+	strcat(passwd, "$");
+
+	MD5Final(final, &ctx);
+
+	/*
+	 * and now, just to make sure things don't run too fast
+	 * On a 60 Mhz Pentium this takes 34 msec, so you would
+	 * need 30 seconds to build a 1000 entry dictionary...
+	 */
+	for(i = 0; i < 1000; i++) {
+		MD5Init(&ctx1);
+		if(i & 1)
+			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+		else
+			MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
+
+		if(i % 3)
+			MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
+
+		if(i % 7)
+			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+
+		if(i & 1)
+			MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
+		else
+			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+		MD5Final(final, &ctx1);
+	}
+
+	p = passwd + strlen(passwd);
+
+	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
+	_crypt_to64(p, l, 4); p += 4;
+	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
+	_crypt_to64(p, l, 4); p += 4;
+	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
+	_crypt_to64(p, l, 4); p += 4;
+	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
+	_crypt_to64(p, l, 4); p += 4;
+	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
+	_crypt_to64(p, l, 4); p += 4;
+	l = final[11];
+	_crypt_to64(p, l, 2); p += 2;
+	*p = '\0';
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final, 0, sizeof(final));
+
+	return (passwd);
+}
+
+struct crypt_format crypt_md5_format =
+    CRYPT_FORMAT_INITIALIZER(crypt_md5_r, "$1$");
diff --git a/cpukit/libcrypt/crypt-sha256.c b/cpukit/libcrypt/crypt-sha256.c
new file mode 100644
index 0000000..7a67728
--- /dev/null
+++ b/cpukit/libcrypt/crypt-sha256.c
@@ -0,0 +1,272 @@
+/*
+ * Copyright (c) 2011 The FreeBSD Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Based on:
+ * SHA256-based Unix crypt implementation. Released into the Public Domain by
+ * Ulrich Drepper <drepper at redhat.com>. */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/endian.h>
+#include <sys/param.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <sha256.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <crypt.h>
+
+/* Define our magic string to mark salt for SHA256 "encryption" replacement. */
+static const char sha256_salt_prefix[] = "$5$";
+
+/* Prefix for optional rounds specification. */
+static const char sha256_rounds_prefix[] = "rounds=";
+
+/* Maximum salt string length. */
+#define SALT_LEN_MAX 16
+/* Default number of rounds if not explicitly specified. */
+#define ROUNDS_DEFAULT 5000
+/* Minimum number of rounds. */
+#define ROUNDS_MIN 1000
+/* Maximum number of rounds. */
+#define ROUNDS_MAX 999999999
+
+char *
+crypt_sha256_r(const char *key, const char *salt, struct crypt_data *data)
+{
+	u_long srounds;
+	int n;
+	uint8_t alt_result[32], temp_result[32];
+	SHA256_CTX ctx, alt_ctx;
+	size_t salt_len, key_len, cnt, rounds;
+	char *cp, *copied_key, *copied_salt, *p_bytes, *s_bytes, *endp;
+	const char *num;
+	bool rounds_custom;
+	char *buffer = &data->buffer[0];
+	int buflen = (int)sizeof(data->buffer);
+
+	copied_key = NULL;
+	copied_salt = NULL;
+
+	/* Default number of rounds. */
+	rounds = ROUNDS_DEFAULT;
+	rounds_custom = false;
+
+	/* Find beginning of salt string. The prefix should normally always
+	 * be present. Just in case it is not. */
+	if (strncmp(sha256_salt_prefix, salt, sizeof(sha256_salt_prefix) - 1) == 0)
+		/* Skip salt prefix. */
+		salt += sizeof(sha256_salt_prefix) - 1;
+
+	if (strncmp(salt, sha256_rounds_prefix, sizeof(sha256_rounds_prefix) - 1)
+	    == 0) {
+		num = salt + sizeof(sha256_rounds_prefix) - 1;
+		srounds = strtoul(num, &endp, 10);
+
+		if (*endp == '$') {
+			salt = endp + 1;
+			rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX));
+			rounds_custom = true;
+		}
+	}
+
+	salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX);
+	key_len = strlen(key);
+
+	/* Prepare for the real work. */
+	SHA256_Init(&ctx);
+
+	/* Add the key string. */
+	SHA256_Update(&ctx, key, key_len);
+
+	/* The last part is the salt string. This must be at most 8
+	 * characters and it ends at the first `$' character (for
+	 * compatibility with existing implementations). */
+	SHA256_Update(&ctx, salt, salt_len);
+
+	/* Compute alternate SHA256 sum with input KEY, SALT, and KEY. The
+	 * final result will be added to the first context. */
+	SHA256_Init(&alt_ctx);
+
+	/* Add key. */
+	SHA256_Update(&alt_ctx, key, key_len);
+
+	/* Add salt. */
+	SHA256_Update(&alt_ctx, salt, salt_len);
+
+	/* Add key again. */
+	SHA256_Update(&alt_ctx, key, key_len);
+
+	/* Now get result of this (32 bytes) and add it to the other context. */
+	SHA256_Final(alt_result, &alt_ctx);
+
+	/* Add for any character in the key one byte of the alternate sum. */
+	for (cnt = key_len; cnt > 32; cnt -= 32)
+		SHA256_Update(&ctx, alt_result, 32);
+	SHA256_Update(&ctx, alt_result, cnt);
+
+	/* Take the binary representation of the length of the key and for
+	 * every 1 add the alternate sum, for every 0 the key. */
+	for (cnt = key_len; cnt > 0; cnt >>= 1)
+		if ((cnt & 1) != 0)
+			SHA256_Update(&ctx, alt_result, 32);
+		else
+			SHA256_Update(&ctx, key, key_len);
+
+	/* Create intermediate result. */
+	SHA256_Final(alt_result, &ctx);
+
+	/* Start computation of P byte sequence. */
+	SHA256_Init(&alt_ctx);
+
+	/* For every character in the password add the entire password. */
+	for (cnt = 0; cnt < key_len; ++cnt)
+		SHA256_Update(&alt_ctx, key, key_len);
+
+	/* Finish the digest. */
+	SHA256_Final(temp_result, &alt_ctx);
+
+	/* Create byte sequence P. */
+	cp = p_bytes = alloca(key_len);
+	for (cnt = key_len; cnt >= 32; cnt -= 32) {
+		memcpy(cp, temp_result, 32);
+		cp += 32;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Start computation of S byte sequence. */
+	SHA256_Init(&alt_ctx);
+
+	/* For every character in the password add the entire password. */
+	for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+		SHA256_Update(&alt_ctx, salt, salt_len);
+
+	/* Finish the digest. */
+	SHA256_Final(temp_result, &alt_ctx);
+
+	/* Create byte sequence S. */
+	cp = s_bytes = alloca(salt_len);
+	for (cnt = salt_len; cnt >= 32; cnt -= 32) {
+		memcpy(cp, temp_result, 32);
+		cp += 32;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Repeatedly run the collected hash value through SHA256 to burn CPU
+	 * cycles. */
+	for (cnt = 0; cnt < rounds; ++cnt) {
+		/* New context. */
+		SHA256_Init(&ctx);
+
+		/* Add key or last result. */
+		if ((cnt & 1) != 0)
+			SHA256_Update(&ctx, p_bytes, key_len);
+		else
+			SHA256_Update(&ctx, alt_result, 32);
+
+		/* Add salt for numbers not divisible by 3. */
+		if (cnt % 3 != 0)
+			SHA256_Update(&ctx, s_bytes, salt_len);
+
+		/* Add key for numbers not divisible by 7. */
+		if (cnt % 7 != 0)
+			SHA256_Update(&ctx, p_bytes, key_len);
+
+		/* Add key or last result. */
+		if ((cnt & 1) != 0)
+			SHA256_Update(&ctx, alt_result, 32);
+		else
+			SHA256_Update(&ctx, p_bytes, key_len);
+
+		/* Create intermediate result. */
+		SHA256_Final(alt_result, &ctx);
+	}
+
+	/* Now we can construct the result string. It consists of three
+	 * parts. */
+	cp = stpncpy(buffer, sha256_salt_prefix, MAX(0, buflen));
+	buflen -= sizeof(sha256_salt_prefix) - 1;
+
+	if (rounds_custom) {
+		n = snprintf(cp, MAX(0, buflen), "%s%zu$",
+			 sha256_rounds_prefix, rounds);
+
+		cp += n;
+		buflen -= n;
+	}
+
+	cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	buflen -= MIN((size_t)MAX(0, buflen), salt_len);
+
+	if (buflen > 0) {
+		*cp++ = '$';
+		--buflen;
+	}
+
+	b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4, &buflen, &cp);
+	b64_from_24bit(0, alt_result[31], alt_result[30], 3, &buflen, &cp);
+	if (buflen <= 0) {
+		errno = ERANGE;
+		buffer = NULL;
+	}
+	else
+		*cp = '\0';	/* Terminate the string. */
+
+	/* Clear the buffer for the intermediate result so that people
+	 * attaching to processes or reading core dumps cannot get any
+	 * information. We do it in this way to clear correct_words[] inside
+	 * the SHA256 implementation as well. */
+	SHA256_Init(&ctx);
+	SHA256_Final(alt_result, &ctx);
+	memset(temp_result, '\0', sizeof(temp_result));
+	memset(p_bytes, '\0', key_len);
+	memset(s_bytes, '\0', salt_len);
+	memset(&ctx, '\0', sizeof(ctx));
+	memset(&alt_ctx, '\0', sizeof(alt_ctx));
+	if (copied_key != NULL)
+		memset(copied_key, '\0', key_len);
+	if (copied_salt != NULL)
+		memset(copied_salt, '\0', salt_len);
+
+	return buffer;
+}
+
+struct crypt_format crypt_sha256_format =
+    CRYPT_FORMAT_INITIALIZER(crypt_sha256_r, "$5$");
diff --git a/cpukit/libcrypt/crypt-sha512.c b/cpukit/libcrypt/crypt-sha512.c
new file mode 100644
index 0000000..d418b89
--- /dev/null
+++ b/cpukit/libcrypt/crypt-sha512.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright (c) 2011 The FreeBSD Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Based on:
+ * SHA512-based Unix crypt implementation. Released into the Public Domain by
+ * Ulrich Drepper <drepper at redhat.com>. */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/endian.h>
+#include <sys/param.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <sha512.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <crypt.h>
+
+/* Define our magic string to mark salt for SHA512 "encryption" replacement. */
+static const char sha512_salt_prefix[] = "$6$";
+
+/* Prefix for optional rounds specification. */
+static const char sha512_rounds_prefix[] = "rounds=";
+
+/* Maximum salt string length. */
+#define SALT_LEN_MAX 16
+/* Default number of rounds if not explicitly specified. */
+#define ROUNDS_DEFAULT 5000
+/* Minimum number of rounds. */
+#define ROUNDS_MIN 1000
+/* Maximum number of rounds. */
+#define ROUNDS_MAX 999999999
+
+char *
+crypt_sha512_r(const char *key, const char *salt, struct crypt_data *data)
+{
+	u_long srounds;
+	int n;
+	uint8_t alt_result[64], temp_result[64];
+	SHA512_CTX ctx, alt_ctx;
+	size_t salt_len, key_len, cnt, rounds;
+	char *cp, *copied_key, *copied_salt, *p_bytes, *s_bytes, *endp;
+	const char *num;
+	bool rounds_custom;
+	char *buffer = &data->buffer[0];
+	int buflen = (int)sizeof(data->buffer);
+
+	copied_key = NULL;
+	copied_salt = NULL;
+
+	/* Default number of rounds. */
+	rounds = ROUNDS_DEFAULT;
+	rounds_custom = false;
+
+	/* Find beginning of salt string. The prefix should normally always
+	 * be present. Just in case it is not. */
+	if (strncmp(sha512_salt_prefix, salt, sizeof(sha512_salt_prefix) - 1) == 0)
+		/* Skip salt prefix. */
+		salt += sizeof(sha512_salt_prefix) - 1;
+
+	if (strncmp(salt, sha512_rounds_prefix, sizeof(sha512_rounds_prefix) - 1)
+	    == 0) {
+		num = salt + sizeof(sha512_rounds_prefix) - 1;
+		srounds = strtoul(num, &endp, 10);
+
+		if (*endp == '$') {
+			salt = endp + 1;
+			rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX));
+			rounds_custom = true;
+		}
+	}
+
+	salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX);
+	key_len = strlen(key);
+
+	/* Prepare for the real work. */
+	SHA512_Init(&ctx);
+
+	/* Add the key string. */
+	SHA512_Update(&ctx, key, key_len);
+
+	/* The last part is the salt string. This must be at most 8
+	 * characters and it ends at the first `$' character (for
+	 * compatibility with existing implementations). */
+	SHA512_Update(&ctx, salt, salt_len);
+
+	/* Compute alternate SHA512 sum with input KEY, SALT, and KEY. The
+	 * final result will be added to the first context. */
+	SHA512_Init(&alt_ctx);
+
+	/* Add key. */
+	SHA512_Update(&alt_ctx, key, key_len);
+
+	/* Add salt. */
+	SHA512_Update(&alt_ctx, salt, salt_len);
+
+	/* Add key again. */
+	SHA512_Update(&alt_ctx, key, key_len);
+
+	/* Now get result of this (64 bytes) and add it to the other context. */
+	SHA512_Final(alt_result, &alt_ctx);
+
+	/* Add for any character in the key one byte of the alternate sum. */
+	for (cnt = key_len; cnt > 64; cnt -= 64)
+		SHA512_Update(&ctx, alt_result, 64);
+	SHA512_Update(&ctx, alt_result, cnt);
+
+	/* Take the binary representation of the length of the key and for
+	 * every 1 add the alternate sum, for every 0 the key. */
+	for (cnt = key_len; cnt > 0; cnt >>= 1)
+		if ((cnt & 1) != 0)
+			SHA512_Update(&ctx, alt_result, 64);
+		else
+			SHA512_Update(&ctx, key, key_len);
+
+	/* Create intermediate result. */
+	SHA512_Final(alt_result, &ctx);
+
+	/* Start computation of P byte sequence. */
+	SHA512_Init(&alt_ctx);
+
+	/* For every character in the password add the entire password. */
+	for (cnt = 0; cnt < key_len; ++cnt)
+		SHA512_Update(&alt_ctx, key, key_len);
+
+	/* Finish the digest. */
+	SHA512_Final(temp_result, &alt_ctx);
+
+	/* Create byte sequence P. */
+	cp = p_bytes = alloca(key_len);
+	for (cnt = key_len; cnt >= 64; cnt -= 64) {
+		memcpy(cp, temp_result, 64);
+		cp += 64;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Start computation of S byte sequence. */
+	SHA512_Init(&alt_ctx);
+
+	/* For every character in the password add the entire password. */
+	for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+		SHA512_Update(&alt_ctx, salt, salt_len);
+
+	/* Finish the digest. */
+	SHA512_Final(temp_result, &alt_ctx);
+
+	/* Create byte sequence S. */
+	cp = s_bytes = alloca(salt_len);
+	for (cnt = salt_len; cnt >= 64; cnt -= 64) {
+		memcpy(cp, temp_result, 64);
+		cp += 64;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Repeatedly run the collected hash value through SHA512 to burn CPU
+	 * cycles. */
+	for (cnt = 0; cnt < rounds; ++cnt) {
+		/* New context. */
+		SHA512_Init(&ctx);
+
+		/* Add key or last result. */
+		if ((cnt & 1) != 0)
+			SHA512_Update(&ctx, p_bytes, key_len);
+		else
+			SHA512_Update(&ctx, alt_result, 64);
+
+		/* Add salt for numbers not divisible by 3. */
+		if (cnt % 3 != 0)
+			SHA512_Update(&ctx, s_bytes, salt_len);
+
+		/* Add key for numbers not divisible by 7. */
+		if (cnt % 7 != 0)
+			SHA512_Update(&ctx, p_bytes, key_len);
+
+		/* Add key or last result. */
+		if ((cnt & 1) != 0)
+			SHA512_Update(&ctx, alt_result, 64);
+		else
+			SHA512_Update(&ctx, p_bytes, key_len);
+
+		/* Create intermediate result. */
+		SHA512_Final(alt_result, &ctx);
+	}
+
+	/* Now we can construct the result string. It consists of three
+	 * parts. */
+	cp = stpncpy(buffer, sha512_salt_prefix, MAX(0, buflen));
+	buflen -= sizeof(sha512_salt_prefix) - 1;
+
+	if (rounds_custom) {
+		n = snprintf(cp, MAX(0, buflen), "%s%zu$",
+			 sha512_rounds_prefix, rounds);
+
+		cp += n;
+		buflen -= n;
+	}
+
+	cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	buflen -= MIN((size_t)MAX(0, buflen), salt_len);
+
+	if (buflen > 0) {
+		*cp++ = '$';
+		--buflen;
+	}
+
+	b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4, &buflen, &cp);
+	b64_from_24bit(0, 0, alt_result[63], 2, &buflen, &cp);
+
+	if (buflen <= 0) {
+		errno = ERANGE;
+		buffer = NULL;
+	}
+	else
+		*cp = '\0';	/* Terminate the string. */
+
+	/* Clear the buffer for the intermediate result so that people
+	 * attaching to processes or reading core dumps cannot get any
+	 * information. We do it in this way to clear correct_words[] inside
+	 * the SHA512 implementation as well. */
+	SHA512_Init(&ctx);
+	SHA512_Final(alt_result, &ctx);
+	memset(temp_result, '\0', sizeof(temp_result));
+	memset(p_bytes, '\0', key_len);
+	memset(s_bytes, '\0', salt_len);
+	memset(&ctx, '\0', sizeof(ctx));
+	memset(&alt_ctx, '\0', sizeof(alt_ctx));
+	if (copied_key != NULL)
+		memset(copied_key, '\0', key_len);
+	if (copied_salt != NULL)
+		memset(copied_salt, '\0', salt_len);
+
+	return buffer;
+}
+
+struct crypt_format crypt_sha512_format =
+    CRYPT_FORMAT_INITIALIZER(crypt_sha512_r, "$6$");
diff --git a/cpukit/libcrypt/crypt.c b/cpukit/libcrypt/crypt.c
new file mode 100644
index 0000000..b6acb97
--- /dev/null
+++ b/cpukit/libcrypt/crypt.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2014 embedded brains GmbH.  All rights reserved.
+ *
+ *  embedded brains GmbH
+ *  Dornierstr. 4
+ *  82178 Puchheim
+ *  Germany
+ *  <info at embedded-brains.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <crypt.h>
+#include <string.h>
+
+static char *
+cf_default_func(const char *pw, const char *salt, struct crypt_data *data)
+{
+	(void)salt;
+
+	strncpy(&data->buffer[0], pw, sizeof(data->buffer) - 1);
+	data->buffer[sizeof(data->buffer) - 1] = '\0';
+
+	return (&data->buffer[0]);
+}
+
+static struct crypt_format cf_default =
+  CRYPT_FORMAT_INITIALIZER(cf_default_func, NULL);
+
+static SLIST_HEAD(, crypt_format) cf_head = {
+	&cf_default
+};
+
+void crypt_add_format(struct crypt_format *cf)
+{
+	if (cf->link.sle_next == NULL)
+		SLIST_INSERT_HEAD(&cf_head, cf, link);
+}
+
+char *
+crypt_r(const char *passwd, const char *salt, struct crypt_data *data)
+{
+	const struct crypt_format *cf;
+
+	SLIST_FOREACH(cf, &cf_head, link)
+		if (cf->magic != NULL && strstr(salt, cf->magic) == salt)
+			return (cf->func(passwd, salt, data));
+
+	cf = SLIST_FIRST(&cf_head);
+
+	return (cf->func(passwd, salt, data));
+}
diff --git a/cpukit/libcrypt/misc.c b/cpukit/libcrypt/misc.c
new file mode 100644
index 0000000..9f2c13e
--- /dev/null
+++ b/cpukit/libcrypt/misc.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 1999
+ *      University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the names of any co-contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <crypt.h>
+
+static const char itoa64[] =		/* 0 ... 63 => ascii - 64 */
+	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+void
+_crypt_to64(char *s, u_long v, int n)
+{
+	while (--n >= 0) {
+		*s++ = itoa64[v&0x3f];
+		v >>= 6;
+	}
+}
+
+void
+b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp)
+{
+	uint32_t w;
+	int i;
+
+	w = (B2 << 16) | (B1 << 8) | B0;
+	for (i = 0; i < n; i++) {
+		**cp = itoa64[w&0x3f];
+		(*cp)++;
+		if ((*buflen)-- < 0)
+			break;
+		w >>= 6;
+	}
+}
diff --git a/cpukit/libcrypt/preinstall.am b/cpukit/libcrypt/preinstall.am
new file mode 100644
index 0000000..feb5d1d
--- /dev/null
+++ b/cpukit/libcrypt/preinstall.am
@@ -0,0 +1,15 @@
+## Automatically generated by ampolish3 - Do not edit
+
+if AMPOLISH3
+$(srcdir)/preinstall.am: Makefile.am
+	$(AMPOLISH3) $(srcdir)/Makefile.am > $(srcdir)/preinstall.am
+endif
+
+PREINSTALL_DIRS =
+DISTCLEANFILES = $(PREINSTALL_DIRS)
+
+$(PROJECT_INCLUDE)/$(dirstamp):
+	@$(MKDIR_P) $(PROJECT_INCLUDE)
+	@: > $(PROJECT_INCLUDE)/$(dirstamp)
+PREINSTALL_DIRS += $(PROJECT_INCLUDE)/$(dirstamp)
+
diff --git a/cpukit/preinstall.am b/cpukit/preinstall.am
index 6d7e3ae..67add27 100644
--- a/cpukit/preinstall.am
+++ b/cpukit/preinstall.am
@@ -51,6 +51,10 @@ $(PROJECT_INCLUDE)/sys/$(dirstamp):
 	@: > $(PROJECT_INCLUDE)/sys/$(dirstamp)
 PREINSTALL_DIRS += $(PROJECT_INCLUDE)/sys/$(dirstamp)
 
+$(PROJECT_INCLUDE)/crypt.h: include/crypt.h $(PROJECT_INCLUDE)/$(dirstamp)
+	$(INSTALL_DATA) $< $(PROJECT_INCLUDE)/crypt.h
+PREINSTALL_FILES += $(PROJECT_INCLUDE)/crypt.h
+
 $(PROJECT_INCLUDE)/memory.h: include/memory.h $(PROJECT_INCLUDE)/$(dirstamp)
 	$(INSTALL_DATA) $< $(PROJECT_INCLUDE)/memory.h
 PREINSTALL_FILES += $(PROJECT_INCLUDE)/memory.h
diff --git a/cpukit/wrapup/Makefile.am b/cpukit/wrapup/Makefile.am
index 5dfe34b..a5c3549 100644
--- a/cpukit/wrapup/Makefile.am
+++ b/cpukit/wrapup/Makefile.am
@@ -19,6 +19,7 @@ if LIBGNAT
 TMP_LIBS += ../libgnat/libgnat.a
 endif
 
+TMP_LIBS += ../libcrypt/libcrypt.a
 TMP_LIBS += ../libcsupport/libcsupport.a
 TMP_LIBS += ../libblock/libblock.a
 if LIBDOSFS
diff --git a/testsuites/libtests/Makefile.am b/testsuites/libtests/Makefile.am
index 4a8024c..8475227 100644
--- a/testsuites/libtests/Makefile.am
+++ b/testsuites/libtests/Makefile.am
@@ -1,6 +1,7 @@
 ACLOCAL_AMFLAGS = -I ../aclocal
 
 _SUBDIRS = POSIX
+_SUBDIRS += crypt01
 _SUBDIRS += sha01
 _SUBDIRS += i2c01
 _SUBDIRS += newlib01
diff --git a/testsuites/libtests/configure.ac b/testsuites/libtests/configure.ac
index 0f81804..3882dcd 100644
--- a/testsuites/libtests/configure.ac
+++ b/testsuites/libtests/configure.ac
@@ -66,6 +66,7 @@ AS_IF([test x"$HAVE_LIBDL" = x"yes"],[
 
 # Explicitly list all Makefiles here
 AC_CONFIG_FILES([Makefile
+crypt01/Makefile
 sha01/Makefile
 i2c01/Makefile
 newlib01/Makefile
diff --git a/testsuites/libtests/crypt01/Makefile.am b/testsuites/libtests/crypt01/Makefile.am
new file mode 100644
index 0000000..973f274
--- /dev/null
+++ b/testsuites/libtests/crypt01/Makefile.am
@@ -0,0 +1,19 @@
+rtems_tests_PROGRAMS = crypt01
+crypt01_SOURCES = init.c
+
+dist_rtems_tests_DATA = crypt01.scn crypt01.doc
+
+include $(RTEMS_ROOT)/make/custom/@RTEMS_BSP at .cfg
+include $(top_srcdir)/../automake/compile.am
+include $(top_srcdir)/../automake/leaf.am
+
+AM_CPPFLAGS += -I$(top_srcdir)/../support/include
+
+LINK_OBJS = $(crypt01_OBJECTS)
+LINK_LIBS = $(crypt01_LDLIBS)
+
+crypt01$(EXEEXT): $(crypt01_OBJECTS) $(crypt01_DEPENDENCIES)
+	@rm -f crypt01$(EXEEXT)
+	$(make-exe)
+
+include $(top_srcdir)/../automake/local.am
diff --git a/testsuites/libtests/crypt01/crypt01.doc b/testsuites/libtests/crypt01/crypt01.doc
new file mode 100644
index 0000000..8b63d3c
--- /dev/null
+++ b/testsuites/libtests/crypt01/crypt01.doc
@@ -0,0 +1,15 @@
+This file describes the directives and concepts tested by this test set.
+
+test set name: crypt01
+
+directives:
+
+  - crypt_set_format
+  - crypt_get_format
+  - crypt_md5_r
+  - crypt_sha256_r
+  - crypt_sha512_r
+
+concepts:
+
+  - Ensure that the crypt family functions work for some test cases.
diff --git a/testsuites/libtests/crypt01/crypt01.scn b/testsuites/libtests/crypt01/crypt01.scn
new file mode 100644
index 0000000..a6e071c
--- /dev/null
+++ b/testsuites/libtests/crypt01/crypt01.scn
@@ -0,0 +1,78 @@
+*** BEGIN OF TEST CRYPT 1 ***
+test crypt_md5_r()
+test crypt_sha256_r()
+input:    Hello world!
+salt:     $5$saltstring
+expected: $5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5
+actual:   $5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5
+input:    Hello world!
+salt:     $5$rounds=10000$saltstringsaltstring
+expected: $5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA
+actual:   $5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA
+input:    This is just a test
+salt:     $5$rounds=5000$toolongsaltstring
+expected: $5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5
+actual:   $5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5
+input:    a very much longer text to encrypt.  This one even stretches over morethan one line.
+salt:     $5$rounds=1400$anotherlongsaltstring
+expected: $5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1
+actual:   $5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1
+input:    we have a short salt string but not a short password
+salt:     $5$rounds=77777$short
+expected: $5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/
+actual:   $5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/
+input:    a short string
+salt:     $5$rounds=123456$asaltof16chars..
+expected: $5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD
+actual:   $5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD
+input:    the minimum number is still observed
+salt:     $5$rounds=10$roundstoolow
+expected: $5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC
+actual:   $5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC
+test crypt_sha512_r()
+input:    Hello world!
+salt:     $6$saltstring
+expected: $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1
+actual:   $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1
+input:    Hello world!
+salt:     $6$rounds=10000$saltstringsaltstring
+expected: $6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.
+actual:   $6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.
+input:    This is just a test
+salt:     $6$rounds=5000$toolongsaltstring
+expected: $6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0
+actual:   $6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0
+input:    a very much longer text to encrypt.  This one even stretches over morethan one line.
+salt:     $6$rounds=1400$anotherlongsaltstring
+expected: $6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1
+actual:   $6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1
+input:    we have a short salt string but not a short password
+salt:     $6$rounds=77777$short
+expected: $6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0
+actual:   $6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0
+input:    a short string
+salt:     $6$rounds=123456$asaltof16chars..
+expected: $6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1
+actual:   $6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1
+input:    the minimum number is still observed
+salt:     $6$rounds=10$roundstoolow
+expected: $6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.
+actual:   $6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.
+test crypt_r()
+input:    Hello world!
+salt:     saltstring
+expected: $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1
+actual:   $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1
+input:    0.s0.l33t
+salt:     $1$deadbeef
+expected: $1$deadbeef$0Huu6KHrKLVWfqa4WljDE0
+actual:   $1$deadbeef$0Huu6KHrKLVWfqa4WljDE0
+input:    Hello world!
+salt:     $5$saltstring
+expected: $5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5
+actual:   $5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5
+input:    Hello world!
+salt:     $6$saltstring
+expected: $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1
+actual:   $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1
+*** END OF TEST CRYPT 1 ***
diff --git a/testsuites/libtests/crypt01/init.c b/testsuites/libtests/crypt01/init.c
new file mode 100644
index 0000000..487aa2c
--- /dev/null
+++ b/testsuites/libtests/crypt01/init.c
@@ -0,0 +1,260 @@
+/*
+ * Copyright (c) 2011 The FreeBSD Project. All rights reserved.
+ *
+ * Copyright (c) 2014 embedded brains GmbH.  All rights reserved.
+ *
+ *  embedded brains GmbH
+ *  Dornierstr. 4
+ *  82178 Puchheim
+ *  Germany
+ *  <rtems at embedded-brains.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Based on:
+ * SHA256-based Unix crypt implementation. Released into the Public Domain by
+ * Ulrich Drepper <drepper at redhat.com>. */
+
+#ifdef HAVE_CONFIG_H
+  #include "config.h"
+#endif
+
+#include <crypt.h>
+#include <string.h>
+
+#include "tmacros.h"
+
+const char rtems_test_name[] = "CRYPT 1";
+
+typedef struct {
+  const char *salt;
+  const char *input;
+  const char *expected;
+} test_case;
+
+static void test_formats(void)
+{
+  struct crypt_data data;
+  char *s;
+
+  s = crypt_r("abc", "def", &data);
+  rtems_test_assert(strcmp(s, "abc") == 0);
+
+  crypt_add_format(&crypt_md5_format);
+  crypt_add_format(&crypt_sha256_format);
+  crypt_add_format(&crypt_sha512_format);
+}
+
+static void test_md5(void)
+{
+  const char key[] = "0.s0.l33t";
+  const char salt_0[] = "$1$deadbeef$0Huu6KHrKLVWfqa4WljDE0";
+  const char salt_1[] = "$1$cafebabe$0Huu6KHrKLVWfqa4WljDE0";
+  struct crypt_data data;
+  char *s;
+
+  printf("test crypt_md5_r()\n");
+
+  s = crypt_md5_r(&key[0], &salt_0[0], &data);
+  rtems_test_assert(strcmp(s, &salt_0[0]) == 0);
+
+  s = crypt_md5_r(&key[0], &salt_1[0], &data);
+  rtems_test_assert(strcmp(s, &salt_1[0]) != 0);
+}
+
+static const test_case test_cases_sha256[] = {
+  {
+    "$5$saltstring", "Hello world!",
+    "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"
+  }, {
+    "$5$rounds=10000$saltstringsaltstring", "Hello world!",
+    "$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2."
+    "opqey6IcA"
+  }, {
+    "$5$rounds=5000$toolongsaltstring", "This is just a test",
+    "$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8"
+    "mGRcvxa5"
+  }, {
+    "$5$rounds=1400$anotherlongsaltstring",
+    "a very much longer text to encrypt.  This one even stretches over more"
+    "than one line.",
+    "$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12"
+    "oP84Bnq1"
+  }, {
+    "$5$rounds=77777$short",
+    "we have a short salt string but not a short password",
+    "$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/"
+  }, {
+    "$5$rounds=123456$asaltof16chars..", "a short string",
+    "$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/"
+    "cZKmF/wJvD"
+  }, {
+    "$5$rounds=10$roundstoolow", "the minimum number is still observed",
+    "$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL97"
+    "2bIC"
+  }
+};
+
+static void print_test_case(const test_case *c, const char *s)
+{
+  printf(
+    "input:    %s\nsalt:     %s\nexpected: %s\nactual:   %s\n",
+    c->input,
+    c->salt,
+    c->expected,
+    s
+  );
+}
+
+static void test_sha256(void)
+{
+  size_t i;
+
+  printf("test crypt_sha256_r()\n");
+
+  for (i = 0; i < RTEMS_ARRAY_SIZE(test_cases_sha256); ++i) {
+    const test_case *c = &test_cases_sha256[i];
+    struct crypt_data data;
+    char *s;
+
+    s = crypt_sha256_r(c->input, c->salt, &data);
+    print_test_case(c, s);
+    rtems_test_assert(strcmp(s, c->expected) == 0);
+  }
+}
+
+static const test_case test_cases_sha512[] = {
+  {
+    "$6$saltstring", "Hello world!",
+    "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu"
+    "esI68u4OTLiBFdcbYEdFCoEOfaS35inz1"
+  }, {
+    "$6$rounds=10000$saltstringsaltstring", "Hello world!",
+    "$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sb"
+    "HbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v."
+  }, {
+    "$6$rounds=5000$toolongsaltstring", "This is just a test",
+    "$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQ"
+    "zQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0"
+  }, {
+    "$6$rounds=1400$anotherlongsaltstring",
+    "a very much longer text to encrypt.  This one even stretches over more"
+    "than one line.",
+    "$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wP"
+    "vMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1"
+  }, {
+    "$6$rounds=77777$short",
+    "we have a short salt string but not a short password",
+    "$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0g"
+    "ge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0"
+  }, {
+    "$6$rounds=123456$asaltof16chars..", "a short string",
+    "$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwc"
+    "elCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1"
+  }, {
+    "$6$rounds=10$roundstoolow", "the minimum number is still observed",
+    "$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1x"
+    "hLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX."
+  }
+};
+
+static void test_sha512(void)
+{
+  size_t i;
+
+  printf("test crypt_sha512_r()\n");
+
+  for (i = 0; i < RTEMS_ARRAY_SIZE(test_cases_sha512); ++i) {
+    const test_case *c = &test_cases_sha512[i];
+    struct crypt_data data;
+    char *s;
+
+    s = crypt_sha512_r(c->input, c->salt, &data);
+    print_test_case(c, s);
+    rtems_test_assert(strcmp(s, c->expected) == 0);
+  }
+}
+
+static const test_case test_cases_generic[] = {
+  {
+    "saltstring", "Hello world!",
+    "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu"
+    "esI68u4OTLiBFdcbYEdFCoEOfaS35inz1"
+  }, {
+    "$1$deadbeef", "0.s0.l33t",
+    "$1$deadbeef$0Huu6KHrKLVWfqa4WljDE0"
+  }, {
+    "$5$saltstring", "Hello world!",
+    "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"
+  }, {
+    "$6$saltstring", "Hello world!",
+    "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu"
+    "esI68u4OTLiBFdcbYEdFCoEOfaS35inz1"
+  }
+};
+
+static void test_generic(void)
+{
+  size_t i;
+
+  printf("test crypt_r()\n");
+
+  for (i = 0; i < RTEMS_ARRAY_SIZE(test_cases_generic); ++i) {
+    const test_case *c = &test_cases_generic[i];
+    struct crypt_data data;
+    char *s;
+
+    s = crypt_r(c->input, c->salt, &data);
+    print_test_case(c, s);
+    rtems_test_assert(strcmp(s, c->expected) == 0);
+  }
+}
+
+static void Init(rtems_task_argument arg)
+{
+  TEST_BEGIN();
+
+  test_formats();
+  test_md5();
+  test_sha256();
+  test_sha512();
+  test_generic();
+
+  TEST_END();
+  rtems_test_exit(0);
+}
+
+#define CONFIGURE_APPLICATION_DOES_NOT_NEED_CLOCK_DRIVER
+#define CONFIGURE_APPLICATION_NEEDS_CONSOLE_DRIVER
+
+#define CONFIGURE_USE_IMFS_AS_BASE_FILESYSTEM
+
+#define CONFIGURE_MAXIMUM_TASKS 1
+
+#define CONFIGURE_INITIAL_EXTENSIONS RTEMS_TEST_INITIAL_EXTENSION
+
+#define CONFIGURE_RTEMS_INIT_TASKS_TABLE
+
+#define CONFIGURE_INIT
+
+#include <rtems/confdefs.h>
-- 
1.8.4.5




More information about the devel mailing list