From 1ed5d7d6d8ae213d84c15626f331ce94ab593a4e Mon Sep 17 00:00:00 2001 From: Mr Dromedary Date: Wed, 16 Nov 2022 15:49:06 +0100 Subject: [PATCH] Support for GPG keys with SHA-512 as s2k digest algorithm --- OpenCL/m17020-pure.cl | 550 +++++++++++++++++++++++++++++++++++++ src/modules/module_17020.c | 414 ++++++++++++++++++++++++++++ 2 files changed, 964 insertions(+) create mode 100644 OpenCL/m17020-pure.cl create mode 100644 src/modules/module_17020.c diff --git a/OpenCL/m17020-pure.cl b/OpenCL/m17020-pure.cl new file mode 100644 index 000000000..b0440a986 --- /dev/null +++ b/OpenCL/m17020-pure.cl @@ -0,0 +1,550 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha1.cl) +#include M2S(INCLUDE_PATH/inc_cipher_aes.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha512.cl) +#endif + +typedef struct gpg +{ + u32 cipher_algo; + u32 iv[4]; + u32 modulus_size; + u32 encrypted_data[384]; + u32 encrypted_data_size; + +} gpg_t; + +typedef struct gpg_tmp +{ + // buffer for a maximum of 256 + 8 octets, we extend it to 384 octets so it's always 128 byte aligned (1024 bits) + u32 salted_pw_block[96]; + // actual number of bytes in 'salted_pwd' that are used since salt and password are copied multiple times into the buffer + u32 salted_pw_block_len; + + u64 h[8]; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + u32 w4[4]; + u32 w5[4]; + u32 w6[4]; + u32 w7[4]; + + int len; + +} gpg_tmp_t; + + +DECLSPEC u32 hc_bytealign_le_S (const u32 a, const u32 b, const int c) +{ + const int c_mod_4 = c & 3; + + #if ((defined IS_AMD || defined IS_HIP) && HAS_VPERM == 0) || defined IS_GENERIC + const u32 r = l32_from_64_S ((v64_from_v32ab_S (b, a) >> (c_mod_4 * 8))); + #endif + + #if ((defined IS_AMD || defined IS_HIP) && HAS_VPERM == 1) || defined IS_NV + + #if defined IS_NV + const int selector = (0x76543210 >> (c_mod_4 * 4)) & 0xffff; + #endif + + #if (defined IS_AMD || defined IS_HIP) + const int selector = l32_from_64_S (0x0706050403020100UL >> (c_mod_4 * 8)); + #endif + + const u32 r = hc_byte_perm (b, a, selector); + #endif + + return r; +} + +DECLSPEC void memcat_le_S (PRIVATE_AS u32 *block, const u32 offset, PRIVATE_AS const u32 *append, u32 len) +{ + const u32 start_index = (offset - 1) >> 2; + const u32 count = ((offset + len + 3) >> 2) - start_index; + const int off_mod_4 = offset & 3; + const int off_minus_4 = 4 - off_mod_4; + + block[start_index] |= hc_bytealign_le_S (append[0], 0, off_minus_4); + + for (u32 idx = 1; idx < count; idx++) + { + block[start_index + idx] = hc_bytealign_le_S (append[idx], append[idx - 1], off_minus_4); + } +} + +DECLSPEC void memzero_le_S (PRIVATE_AS u32 *block, const u32 start_offset, const u32 end_offset) +{ + const u32 start_idx = start_offset / 4; + + // zero out bytes in the first u32 starting from 'start_offset' + // math is a bit complex to avoid shifting by 32 bits, which is not possible on some architectures + block[start_idx] &= ~(0xffffffff << ((start_offset & 3) * 8)); + + const u32 end_idx = (end_offset + 3) / 4; + + // zero out bytes in u32 units -- note that the last u32 is completely zeroed! + for (u32 i = start_idx + 1; i < end_idx; i++) + { + block[i] = 0; + } +} + +DECLSPEC void memzero_be_S (PRIVATE_AS u32 *block, const u32 start_offset, const u32 end_offset) +{ + const u32 start_idx = start_offset / 4; + + // zero out bytes in the first u32 starting from 'start_offset' + // math is a bit complex to avoid shifting by 32 bits, which is not possible on some architectures + block[start_idx] &= ~(0xffffffff >> ((start_offset & 3) * 8)); + + const u32 end_idx = (end_offset + 3) / 4; + + // zero out bytes in u32 units -- note that the last u32 is completely zeroed! + for (u32 i = start_idx + 1; i < end_idx; i++) + { + block[i] = 0; + } +} + +DECLSPEC void aes128_decrypt_cfb (GLOBAL_AS const u32 *encrypted_data, int data_len, PRIVATE_AS const u32 *iv, PRIVATE_AS const u32 *key, PRIVATE_AS u32 *decrypted_data, + SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) +{ + u32 ks[44]; + u32 essiv[4]; + + // Copy the IV, since this will be modified + essiv[0] = iv[0]; + essiv[1] = iv[1]; + essiv[2] = iv[2]; + essiv[3] = iv[3]; + + aes128_set_encrypt_key (ks, key, s_te0, s_te1, s_te2, s_te3); + + // Decrypt an AES-128 encrypted block + for (u32 i = 0; i < (data_len + 3) / 4; i += 4) + { + aes128_encrypt (ks, essiv, decrypted_data + i, s_te0, s_te1, s_te2, s_te3, s_te4); + + decrypted_data[i + 0] ^= encrypted_data[i + 0]; + decrypted_data[i + 1] ^= encrypted_data[i + 1]; + decrypted_data[i + 2] ^= encrypted_data[i + 2]; + decrypted_data[i + 3] ^= encrypted_data[i + 3]; + + // Note: Not necessary if you are only decrypting a single block! + essiv[0] = encrypted_data[i + 0]; + essiv[1] = encrypted_data[i + 1]; + essiv[2] = encrypted_data[i + 2]; + essiv[3] = encrypted_data[i + 3]; + } +} + +DECLSPEC void aes256_decrypt_cfb (GLOBAL_AS const u32 *encrypted_data, int data_len, PRIVATE_AS const u32 *iv, PRIVATE_AS const u32 *key, PRIVATE_AS u32 *decrypted_data, + SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4) +{ + u32 ks[60]; + u32 essiv[4]; + + // Copy the IV, since this will be modified + essiv[0] = iv[0]; + essiv[1] = iv[1]; + essiv[2] = iv[2]; + essiv[3] = iv[3]; + + aes256_set_encrypt_key (ks, key, s_te0, s_te1, s_te2, s_te3); + + // Decrypt an AES-256 encrypted block + for (u32 i = 0; i < (data_len + 3) / 4; i += 4) + { + aes256_encrypt (ks, essiv, decrypted_data + i, s_te0, s_te1, s_te2, s_te3, s_te4); + + decrypted_data[i + 0] ^= encrypted_data[i + 0]; + decrypted_data[i + 1] ^= encrypted_data[i + 1]; + decrypted_data[i + 2] ^= encrypted_data[i + 2]; + decrypted_data[i + 3] ^= encrypted_data[i + 3]; + + // Note: Not necessary if you are only decrypting a single block! + essiv[0] = encrypted_data[i + 0]; + essiv[1] = encrypted_data[i + 1]; + essiv[2] = encrypted_data[i + 2]; + essiv[3] = encrypted_data[i + 3]; + } +} + +DECLSPEC int check_decoded_data (PRIVATE_AS u32 *decoded_data, const u32 decoded_data_size) +{ + // Check the SHA-1 of the decrypted data which is stored at the end of the decrypted data + const u32 sha1_byte_off = (decoded_data_size - 20); + const u32 sha1_u32_off = sha1_byte_off / 4; + + u32 expected_sha1[5]; + + expected_sha1[0] = hc_bytealign_le_S (decoded_data[sha1_u32_off + 1], decoded_data[sha1_u32_off + 0], sha1_byte_off); + expected_sha1[1] = hc_bytealign_le_S (decoded_data[sha1_u32_off + 2], decoded_data[sha1_u32_off + 1], sha1_byte_off); + expected_sha1[2] = hc_bytealign_le_S (decoded_data[sha1_u32_off + 3], decoded_data[sha1_u32_off + 2], sha1_byte_off); + expected_sha1[3] = hc_bytealign_le_S (decoded_data[sha1_u32_off + 4], decoded_data[sha1_u32_off + 3], sha1_byte_off); + expected_sha1[4] = hc_bytealign_le_S (decoded_data[sha1_u32_off + 5], decoded_data[sha1_u32_off + 4], sha1_byte_off); + + memzero_le_S (decoded_data, sha1_byte_off, 384 * sizeof(u32)); + + sha1_ctx_t ctx; + + sha1_init (&ctx); + + sha1_update_swap (&ctx, decoded_data, sha1_byte_off); + + sha1_final (&ctx); + + return (expected_sha1[0] == hc_swap32_S (ctx.h[0])) + && (expected_sha1[1] == hc_swap32_S (ctx.h[1])) + && (expected_sha1[2] == hc_swap32_S (ctx.h[2])) + && (expected_sha1[3] == hc_swap32_S (ctx.h[3])) + && (expected_sha1[4] == hc_swap32_S (ctx.h[4])); +} + +KERNEL_FQ void m17020_init (KERN_ATTR_TMPS_ESALT (gpg_tmp_t, gpg_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + const u32 pw_len = pws[gid].pw_len; + const u32 salted_pw_len = (salt_bufs[SALT_POS_HOST].salt_len + pw_len); + + u32 salted_pw_block[96]; + + // concatenate salt and password -- the salt is always 8 bytes (2 * u32) + salted_pw_block[0] = salt_bufs[SALT_POS_HOST].salt_buf[0]; + salted_pw_block[1] = salt_bufs[SALT_POS_HOST].salt_buf[1]; + + for (u32 idx = 0; idx < 64; idx++) salted_pw_block[idx + 2] = pws[gid].i[idx]; + + // zero remainder of buffer, the buffer will now be 96 words (3072 bits) containing: + // 0 - 1: salt + // 2 - 65: zero-padded password (max pwd len: 64 words = 256 bytes) + // 66 - 95: zeros + for (u32 idx = 66; idx < 96; idx++) salted_pw_block[idx] = 0; + + // create a number of copies for efficiency + const u32 copies = 96 * sizeof(u32) / salted_pw_len; + + for (u32 idx = 1; idx < copies; idx++) + { + memcat_le_S (salted_pw_block, idx * salted_pw_len, salted_pw_block, salted_pw_len); + } + + for (u32 idx = 0; idx < 96; idx++) + { + tmps[gid].salted_pw_block[idx] = hc_swap32_S (salted_pw_block[idx]); + } + + tmps[gid].salted_pw_block_len = (copies * salted_pw_len); + + tmps[gid].h[ 0] = SHA512M_A; + tmps[gid].h[ 1] = SHA512M_B; + tmps[gid].h[ 2] = SHA512M_C; + tmps[gid].h[ 3] = SHA512M_D; + tmps[gid].h[ 4] = SHA512M_E; + tmps[gid].h[ 5] = SHA512M_F; + tmps[gid].h[ 6] = SHA512M_G; + tmps[gid].h[ 7] = SHA512M_H; + tmps[gid].h[ 8] = SHA512M_A; + tmps[gid].h[ 9] = SHA512M_B; + tmps[gid].h[10] = SHA512M_C; + tmps[gid].h[11] = SHA512M_D; + tmps[gid].h[12] = SHA512M_E; + tmps[gid].h[13] = SHA512M_F; + tmps[gid].h[14] = SHA512M_G; + tmps[gid].h[15] = SHA512M_H; + + tmps[gid].len = 0; +} + +KERNEL_FQ void m17020_loop_prepare (KERN_ATTR_TMPS_ESALT (gpg_tmp_t, gpg_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + tmps[gid].w0[0] = 0; + tmps[gid].w0[1] = 0; + tmps[gid].w0[2] = 0; + tmps[gid].w0[3] = 0; + tmps[gid].w1[0] = 0; + tmps[gid].w1[1] = 0; + tmps[gid].w1[2] = 0; + tmps[gid].w1[3] = 0; + tmps[gid].w2[0] = 0; + tmps[gid].w2[1] = 0; + tmps[gid].w2[2] = 0; + tmps[gid].w2[3] = 0; + tmps[gid].w3[0] = 0; + tmps[gid].w3[1] = 0; + tmps[gid].w3[2] = 0; + tmps[gid].w3[3] = 0; + tmps[gid].w4[0] = 0; + tmps[gid].w4[1] = 0; + tmps[gid].w4[2] = 0; + tmps[gid].w4[3] = 0; + tmps[gid].w5[0] = 0; + tmps[gid].w5[1] = 0; + tmps[gid].w5[2] = 0; + tmps[gid].w5[3] = 0; + tmps[gid].w6[0] = 0; + tmps[gid].w6[1] = 0; + tmps[gid].w6[2] = 0; + tmps[gid].w6[3] = 0; + tmps[gid].w7[0] = 0; + tmps[gid].w7[1] = 0; + tmps[gid].w7[2] = 0; + tmps[gid].w7[3] = 0; + + tmps[gid].len = 0; +} + +KERNEL_FQ void m17020_loop (KERN_ATTR_TMPS_ESALT (gpg_tmp_t, gpg_t)) +{ + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + // get the prepared buffer from the gpg_tmp_t struct into a local buffer + u32 salted_pw_block[96]; + + for (int i = 0; i < 96; i++) salted_pw_block[i] = tmps[gid].salted_pw_block[i]; + + const u32 salted_pw_block_len = tmps[gid].salted_pw_block_len; + + // do we really need this, since the salt is always length 8? + if (salted_pw_block_len == 0) return; + + /** + * context load + */ + + sha512_ctx_t ctx; + + for (int i = 0; i < 8; i++) ctx.h[i] = tmps[gid].h[i]; + + for (int i = 0; i < 4; i++) ctx.w0[i] = tmps[gid].w0[i]; + for (int i = 0; i < 4; i++) ctx.w1[i] = tmps[gid].w1[i]; + for (int i = 0; i < 4; i++) ctx.w2[i] = tmps[gid].w2[i]; + for (int i = 0; i < 4; i++) ctx.w3[i] = tmps[gid].w3[i]; + for (int i = 0; i < 4; i++) ctx.w4[i] = tmps[gid].w4[i]; + for (int i = 0; i < 4; i++) ctx.w5[i] = tmps[gid].w5[i]; + for (int i = 0; i < 4; i++) ctx.w6[i] = tmps[gid].w6[i]; + for (int i = 0; i < 4; i++) ctx.w7[i] = tmps[gid].w7[i]; + + ctx.len = tmps[gid].len; + + // sha-512 of salt and password, up to 'salt_iter' bytes + const u32 salt_iter = salt_bufs[SALT_POS_HOST].salt_iter; + + const u32 salted_pw_block_pos = LOOP_POS % salted_pw_block_len; + const u32 rounds = (LOOP_CNT + salted_pw_block_pos) / salted_pw_block_len; + + for (u32 i = 0; i < rounds; i++) + { + sha512_update (&ctx, salted_pw_block, salted_pw_block_len); + } + + if ((LOOP_POS + LOOP_CNT) == salt_iter) + { + const u32 remaining_bytes = salt_iter % salted_pw_block_len; + + if (remaining_bytes) + { + memzero_be_S (salted_pw_block, remaining_bytes, salted_pw_block_len); + + sha512_update (&ctx, salted_pw_block, remaining_bytes); + } + + sha512_final (&ctx); + } + + /** + * context save + */ + + for (int i = 0; i < 8; i++) tmps[gid].h[i] = ctx.h[i]; + + for (int i = 0; i < 4; i++) tmps[gid].w0[i] = ctx.w0[i]; + for (int i = 0; i < 4; i++) tmps[gid].w1[i] = ctx.w1[i]; + for (int i = 0; i < 4; i++) tmps[gid].w2[i] = ctx.w2[i]; + for (int i = 0; i < 4; i++) tmps[gid].w3[i] = ctx.w3[i]; + for (int i = 0; i < 4; i++) tmps[gid].w4[i] = ctx.w4[i]; + for (int i = 0; i < 4; i++) tmps[gid].w5[i] = ctx.w5[i]; + for (int i = 0; i < 4; i++) tmps[gid].w6[i] = ctx.w6[i]; + for (int i = 0; i < 4; i++) tmps[gid].w7[i] = ctx.w7[i]; + + tmps[gid].len = ctx.len; +} + +KERNEL_FQ void m17020_comp (KERN_ATTR_TMPS_ESALT (gpg_tmp_t, gpg_t)) +{ + // not in use here, special case... +} + +KERNEL_FQ void m17020_aux1 (KERN_ATTR_TMPS_ESALT (gpg_tmp_t, gpg_t)) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= GID_CNT) return; + + // retrieve and use the SHA-512 as the key for AES + + u32 aes_key[4]; + + aes_key[0] = hc_swap32_S (h32_from_64 (tmps[gid].h[0])); + aes_key[1] = hc_swap32_S (l32_from_64 (tmps[gid].h[0])); + aes_key[2] = hc_swap32_S (h32_from_64 (tmps[gid].h[1])); + aes_key[3] = hc_swap32_S (l32_from_64 (tmps[gid].h[1])); + + u32 iv[4] = {0}; + + for (int idx = 0; idx < 4; idx++) iv[idx] = esalt_bufs[DIGESTS_OFFSET_HOST].iv[idx]; + + u32 decoded_data[384]; + + const u32 enc_data_size = esalt_bufs[DIGESTS_OFFSET_HOST].encrypted_data_size; + + aes128_decrypt_cfb (esalt_bufs[DIGESTS_OFFSET_HOST].encrypted_data, enc_data_size, iv, aes_key, decoded_data, s_te0, s_te1, s_te2, s_te3, s_te4); + + if (check_decoded_data (decoded_data, enc_data_size)) + { + if (hc_atomic_inc (&hashes_shown[DIGESTS_OFFSET_HOST]) == 0) + { + mark_hash (plains_buf, d_return_buf, SALT_POS_HOST, DIGESTS_CNT, 0, DIGESTS_OFFSET_HOST + 0, gid, 0, 0, 0); + } + } +} + +KERNEL_FQ void m17020_aux2 (KERN_ATTR_TMPS_ESALT (gpg_tmp_t, gpg_t)) +{ + /** + * modifier + */ + + const u64 lid = get_local_id (0); + const u64 gid = get_global_id (0); + const u64 lsz = get_local_size (0); + + /** + * aes shared + */ + + #ifdef REAL_SHM + + LOCAL_VK u32 s_te0[256]; + LOCAL_VK u32 s_te1[256]; + LOCAL_VK u32 s_te2[256]; + LOCAL_VK u32 s_te3[256]; + LOCAL_VK u32 s_te4[256]; + + for (u32 i = lid; i < 256; i += lsz) + { + s_te0[i] = te0[i]; + s_te1[i] = te1[i]; + s_te2[i] = te2[i]; + s_te3[i] = te3[i]; + s_te4[i] = te4[i]; + } + + SYNC_THREADS (); + + #else + + CONSTANT_AS u32a *s_te0 = te0; + CONSTANT_AS u32a *s_te1 = te1; + CONSTANT_AS u32a *s_te2 = te2; + CONSTANT_AS u32a *s_te3 = te3; + CONSTANT_AS u32a *s_te4 = te4; + + #endif + + if (gid >= GID_CNT) return; + + // retrieve and use the SHA-512 as the key for AES + + u32 aes_key[8]; + + aes_key[0] = hc_swap32_S (h32_from_64 (tmps[gid].h[0])); + aes_key[1] = hc_swap32_S (l32_from_64 (tmps[gid].h[0])); + aes_key[2] = hc_swap32_S (h32_from_64 (tmps[gid].h[1])); + aes_key[3] = hc_swap32_S (l32_from_64 (tmps[gid].h[1])); + aes_key[4] = hc_swap32_S (h32_from_64 (tmps[gid].h[2])); + aes_key[5] = hc_swap32_S (l32_from_64 (tmps[gid].h[2])); + aes_key[6] = hc_swap32_S (h32_from_64 (tmps[gid].h[3])); + aes_key[7] = hc_swap32_S (l32_from_64 (tmps[gid].h[3])); + + u32 iv[4] = {0}; + + for (int idx = 0; idx < 4; idx++) iv[idx] = esalt_bufs[DIGESTS_OFFSET_HOST].iv[idx]; + + u32 decoded_data[384]; + + const u32 enc_data_size = esalt_bufs[DIGESTS_OFFSET_HOST].encrypted_data_size; + + aes256_decrypt_cfb (esalt_bufs[DIGESTS_OFFSET_HOST].encrypted_data, enc_data_size, iv, aes_key, decoded_data, s_te0, s_te1, s_te2, s_te3, s_te4); + + if (check_decoded_data (decoded_data, enc_data_size)) + { + if (hc_atomic_inc (&hashes_shown[DIGESTS_OFFSET_HOST]) == 0) + { + mark_hash (plains_buf, d_return_buf, SALT_POS_HOST, DIGESTS_CNT, 0, DIGESTS_OFFSET_HOST + 0, gid, 0, 0, 0); + } + } +} diff --git a/src/modules/module_17020.c b/src/modules/module_17020.c new file mode 100644 index 000000000..340cf5183 --- /dev/null +++ b/src/modules/module_17020.c @@ -0,0 +1,414 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_4; +static const u32 HASH_CATEGORY = HASH_CATEGORY_RAW_HASH; +static const char *HASH_NAME = "GPG (AES-128/AES-256 (SHA-512($pass)))"; +static const u64 KERN_TYPE = 17020; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE; +static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_LOOP_PREPARE + | OPTS_TYPE_AUX1 + | OPTS_TYPE_AUX2 + | OPTS_TYPE_DEEP_COMP_KERNEL; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "hashcat"; +static const char *ST_HASH = "$gpg$*1*668*2048*57e1f19c69a86038e23d7e5af5d810f4f86d32e9aaaf04b54281cda2194dcca99ee1f23f4aa3a011d5d2dc9e47689c449f398d315f91a03f4765742d20a7046e986a9696f0e07380a73fdd61e7ab2caa463a049a5869e008e16bb30d22f93f9aa8b0fdd41d2b19e669d58ca462498905e79944bff578c24139a88ef44582aef93f94fe22406a3ae32dcc0f0602e2f4345db2bd9d775eaeb14a8d7aff963e1ca8c29bab2fc3d459941587f4242af6e100e2e668a6c9247c19969ba294f6f2ab60ef84d42aab2e3512153a283d321442840189733dc6024dab0ea5d10d2e07fee914fc2e7177b310e8835bf8a5ffe1bde5ce0a74d3dd570c1b2652672873d3c520364acc0af35f5f7d0e0e95df8c2db3855936e0a4a24cc463bf277b0c5ea37d4ac1ddae6ef9da18852620de15ab648306f3d7acbb918e79f3ab7a3eaf4f59416560c4d31d8a0220c3301c95db4b8fe6b69348657aed52d5e15aefb17fedd15a50630a4edbad362ba9b79a048b4966a70643d8fa31fb397a531db85e8ad5bb169f5188449dbcc1bbaf42440d1794a34296c2407092c76e59544133959309ce42a05899162c55a865018085a4c57068294a5389cf6fbf1c93b5ab7732625fb6a465bd7ec51a128c2f9b0cf3fd0367f92667098b3a8af40f9f434a2a727b09bddbad1762127cc785eda419ac3ff24c8724e04ea2d330b0b441f34623955efd383f20578cdc527f3076ee068b727cd399ce17ff9d5233409b2d16d55c5c80cb8ca01019cd068c6e803217d6f2b7124e354b89de0eb0dfd241384026a1cdca529b6fed37aa0ececb0d6c26de06407d75a6e3108b0d25621db418206291a67216306e1a18c992736e45ef7f87373c0a3f28ddc1b4543604cd154f6b79265a6d8c13550078c3bcf55063263e5bc5cae6b925c1dbb67f972e234006867849e653*3*254*10*9*16*d1547688c9cc944482d16dff17df0858*20971520*1fef4e57e302d34e"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct gpg +{ + u32 cipher_algo; + u32 iv[4]; + u32 modulus_size; + u32 encrypted_data[384]; + u32 encrypted_data_size; + +} gpg_t; + +typedef struct gpg_tmp +{ + u32 salted_pw_block[96]; + + u32 salted_pw_block_len; + + u64 h[8]; + + u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; + u32 w4[4]; + u32 w5[4]; + u32 w6[4]; + u32 w7[4]; + + int len; + +} gpg_tmp_t; + +static const char *SIGNATURE_GPG = "$gpg$"; + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (gpg_t); + + return esalt_size; +} + +u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 tmp_size = (const u64) sizeof (gpg_tmp_t); + + return tmp_size; +} + +bool module_hlfmt_disable (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const bool hlfmt_disable = true; + + return hlfmt_disable; +} + +u32 module_kernel_loops_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_loops_min = 1024; + + return kernel_loops_min; +} + +u32 module_kernel_loops_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u32 kernel_loops_max = 65536; + + return kernel_loops_max; +} + +u32 module_deep_comp_kernel (MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const u32 salt_pos, MAYBE_UNUSED const u32 digest_pos) +{ + const u32 digests_offset = hashes->salts_buf[salt_pos].digests_offset; + + gpg_t *gpgs = (gpg_t *) hashes->esalts_buf; + + gpg_t *gpg = &gpgs[digests_offset + digest_pos]; + + if (gpg->cipher_algo == 7) + { + return KERN_RUN_AUX1; + } + else if (gpg->cipher_algo == 9) + { + return KERN_RUN_AUX2; + } + + return 0; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u32 *digest = (u32 *) digest_buf; + + gpg_t *gpg = (gpg_t *) esalt_buf; + + hc_token_t token; + + token.token_cnt = 13; + + // signature $gpg$ + token.signatures_cnt = 1; + token.signatures_buf[0] = SIGNATURE_GPG; + + // signature $gpg$ + token.len_min[0] = 5; + token.len_max[0] = 5; + token.sep[0] = '*'; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_SIGNATURE; + + // "1" -- unknown option + token.len_min[1] = 1; + token.len_max[1] = 1; + token.sep[1] = '*'; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // size of the encrypted data in bytes + token.len_min[2] = 3; + token.len_max[2] = 4; + token.sep[2] = '*'; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // size of the key: 1024, 2048, 4096, etc. + token.len_min[3] = 3; + token.len_max[3] = 4; + token.sep[3] = '*'; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // encrypted key -- twice the amount of byte because its interpreted as characters + token.len_min[4] = 256; + token.len_max[4] = 3072; + token.sep[4] = '*'; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + // "3" - String2Key parameter + token.len_min[5] = 1; + token.len_max[5] = 1; + token.sep[5] = '*'; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // "254" - String2Key parameters + token.len_min[6] = 3; + token.len_max[6] = 3; + token.sep[6] = '*'; + token.attr[6] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // "10" - String2Key parameters + token.len_min[7] = 2; + token.len_max[7] = 2; + token.sep[7] = '*'; + token.attr[7] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // cipher mode: 7 or 9 + token.len_min[8] = 1; + token.len_max[8] = 1; + token.sep[8] = '*'; + token.attr[8] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // size of initial vector in bytes: 16 + token.len_min[9] = 2; + token.len_max[9] = 2; + token.sep[9] = '*'; + token.attr[9] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // initial vector - twice the amount of bytes because its interpreted as characters + token.len_min[10] = 32; + token.len_max[10] = 32; + token.sep[10] = '*'; + token.attr[10] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + // iteration count + token.len_min[11] = 1; + token.len_max[11] = 8; + token.sep[11] = '*'; + token.attr[11] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; + + // salt - 8 bytes / 16 characters + token.len_min[12] = 16; + token.len_max[12] = 16; + token.attr[12] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_HEX; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + // Modulus size + + const int modulus_size = hc_strtoul ((const char *) token.buf[3], NULL, 10); + + if ((modulus_size < 256) || (modulus_size > 16384)) return (PARSER_SALT_LENGTH); + + gpg->modulus_size = modulus_size; + + // Encrypted data + + const int enc_data_size = hc_strtoul ((const char *) token.buf[2], NULL, 10); + + const int encrypted_data_size = hex_decode ((const u8 *) token.buf[4], token.len[4], (u8 *) gpg->encrypted_data); + + if (enc_data_size != encrypted_data_size) return (PARSER_CT_LENGTH); + + gpg->encrypted_data_size = encrypted_data_size; + + // Check String2Key parameters + + if (hc_strtoul ((const char *) token.buf[5], NULL, 10) != 3) return (PARSER_HASH_VALUE); + if (hc_strtoul ((const char *) token.buf[6], NULL, 10) != 254) return (PARSER_HASH_VALUE); + if (hc_strtoul ((const char *) token.buf[7], NULL, 10) != 10) return (PARSER_HASH_VALUE); + + // Cipher algo + + const int cipher_algo = hc_strtoul ((const char *) token.buf[8], NULL, 10); + + if ((cipher_algo != 7) && (cipher_algo != 9)) return (PARSER_CIPHER); + + gpg->cipher_algo = cipher_algo; + + // IV (size) + + if (hc_strtoul ((const char *) token.buf[9], NULL, 10) != sizeof (gpg->iv)) return (PARSER_IV_LENGTH); + + const int iv_size = hex_decode ((const u8 *) token.buf[10], token.len[10], (u8 *) gpg->iv); + + if (iv_size != sizeof (gpg->iv)) return (PARSER_IV_LENGTH); + + // Salt Iter + + const u32 salt_iter = hc_strtoul ((const char *) token.buf[11], NULL, 10); + + if (salt_iter < 8 || salt_iter > 65011712) return (PARSER_SALT_ITERATION); + + salt->salt_iter = salt_iter; + + // Salt Value + + salt->salt_len = hex_decode ((const u8 *) token.buf[12], token.len[12], (u8 *) salt->salt_buf); + + if (salt->salt_len != 8) return (PARSER_SALT_LENGTH); + + // hash fake + digest[0] = gpg->iv[0]; + digest[1] = gpg->iv[1]; + digest[2] = gpg->iv[2]; + digest[3] = gpg->iv[3]; + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const gpg_t *gpg = (const gpg_t *) esalt_buf; + + u8 encrypted_data[(384 * 8) + 1]; + + hex_encode ((const u8 *) gpg->encrypted_data, gpg->encrypted_data_size, (u8 *) encrypted_data); + + const int line_len = snprintf (line_buf, line_size, "%s*%d*%d*%d*%s*%d*%d*%d*%d*%d*%08x%08x%08x%08x*%d*%08x%08x", + SIGNATURE_GPG, + 1, /* unknown field */ + gpg->encrypted_data_size, + gpg->modulus_size, + encrypted_data, + 3, /* version (major?) */ + 254, /* version (minor?) */ + 10, /* key hash (sha-512) */ + gpg->cipher_algo, + 16, /*iv_size*/ + byte_swap_32 (gpg->iv[0]), + byte_swap_32 (gpg->iv[1]), + byte_swap_32 (gpg->iv[2]), + byte_swap_32 (gpg->iv[3]), + salt->salt_iter, + byte_swap_32 (salt->salt_buf[0]), + byte_swap_32 (salt->salt_buf[1])); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = module_deep_comp_kernel; + module_ctx->module_deprecated_notice = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = module_hlfmt_disable; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = module_kernel_loops_max; + module_ctx->module_kernel_loops_min = module_kernel_loops_min; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = module_tmp_size; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +}