Open Document Format: Added support for small documents with content length < 1024

OpenCL/m18600-pure.cl

@@ -33,6 +33,7 @@ typedef struct odf11
   u32 iv[2];
   u32 checksum[5];
   u32 encrypted_data[256];
+  int encrypted_len;
 
 } odf11_t;
 
@@ -759,116 +760,48 @@ KERNEL_FQ void FIXED_THREAD_COUNT(FIXED_LOCAL_SIZE_COMP) m18600_comp (KERN_ATTR_
 
   GLOBAL_AS const odf11_t *es = &esalt_bufs[DIGESTS_OFFSET_HOST];
 
-  u32 ct[2];
+  u32 iv[2];
 
-  u32 pt0[4];
-  u32 pt1[4];
-  u32 pt2[4];
-  u32 pt3[4];
+  iv[0] = es->iv[0];
+  iv[1] = es->iv[1];
 
-  u32 buf[2];
+  u32 pt[256];
 
-  buf[0] = es->iv[0];
-  buf[1] = es->iv[1];
+  for (int i = 0, j = 0; i < es->encrypted_len; i += 8, j += 2)
+  {
+    u32 ct[2];
+
+    ct[0] = es->encrypted_data[j + 0];
+    ct[1] = es->encrypted_data[j + 1];
+
+    BF_ENCRYPT (iv[0], iv[1]);
+
+    pt[j + 0] = ct[0] ^ iv[0];
+    pt[j + 1] = ct[1] ^ iv[1];
+
+    iv[0] = ct[0];
+    iv[1] = ct[1];
+  }
+
+  const int full64 = es->encrypted_len / 64;
+
+  const int encrypted_len64 = full64 * 64;
 
   sha1_ctx_t sha1_ctx;
 
   sha1_init (&sha1_ctx);
 
-  // decrypt blowfish-cfb and calculate plaintext checksum at the same time
-  for (int i = 0; i < 16; i++)
+  sha1_update (&sha1_ctx, pt, encrypted_len64);
+
+  const int remaining64 = es->encrypted_len - encrypted_len64;
+
+  if (remaining64)
   {
-    const int i16 = i * 16;
+    u32 *pt_remaining = pt + (encrypted_len64 / 4);
 
-    ct[0] = es->encrypted_data[i16 + 0];
-    ct[1] = es->encrypted_data[i16 + 1];
+    truncate_block_16x4_be_S (pt_remaining + 0, pt_remaining + 4, pt_remaining + 8, pt_remaining + 12, remaining64);
 
-    BF_ENCRYPT (buf[0], buf[1]);
-
-    pt0[0] = ct[0] ^ buf[0];
-    pt0[1] = ct[1] ^ buf[1];
-
-    buf[0] = ct[0];
-    buf[1] = ct[1];
-
-    ct[0] = es->encrypted_data[i16 + 2];
-    ct[1] = es->encrypted_data[i16 + 3];
-
-    BF_ENCRYPT (buf[0], buf[1]);
-
-    pt0[2] = ct[0] ^ buf[0];
-    pt0[3] = ct[1] ^ buf[1];
-
-    buf[0] = ct[0];
-    buf[1] = ct[1];
-
-    ct[0] = es->encrypted_data[i16 + 4];
-    ct[1] = es->encrypted_data[i16 + 5];
-
-    BF_ENCRYPT (buf[0], buf[1]);
-
-    pt1[0] = ct[0] ^ buf[0];
-    pt1[1] = ct[1] ^ buf[1];
-
-    buf[0] = ct[0];
-    buf[1] = ct[1];
-
-    ct[0] = es->encrypted_data[i16 + 6];
-    ct[1] = es->encrypted_data[i16 + 7];
-
-    BF_ENCRYPT (buf[0], buf[1]);
-
-    pt1[2] = ct[0] ^ buf[0];
-    pt1[3] = ct[1] ^ buf[1];
-
-    buf[0] = ct[0];
-    buf[1] = ct[1];
-
-    ct[0] = es->encrypted_data[i16 + 8];
-    ct[1] = es->encrypted_data[i16 + 9];
-
-    BF_ENCRYPT (buf[0], buf[1]);
-
-    pt2[0] = ct[0] ^ buf[0];
-    pt2[1] = ct[1] ^ buf[1];
-
-    buf[0] = ct[0];
-    buf[1] = ct[1];
-
-    ct[0] = es->encrypted_data[i16 + 10];
-    ct[1] = es->encrypted_data[i16 + 11];
-
-    BF_ENCRYPT (buf[0], buf[1]);
-
-    pt2[2] = ct[0] ^ buf[0];
-    pt2[3] = ct[1] ^ buf[1];
-
-    buf[0] = ct[0];
-    buf[1] = ct[1];
-
-    ct[0] = es->encrypted_data[i16 + 12];
-    ct[1] = es->encrypted_data[i16 + 13];
-
-    BF_ENCRYPT (buf[0], buf[1]);
-
-    pt3[0] = ct[0] ^ buf[0];
-    pt3[1] = ct[1] ^ buf[1];
-
-    buf[0] = ct[0];
-    buf[1] = ct[1];
-
-    ct[0] = es->encrypted_data[i16 + 14];
-    ct[1] = es->encrypted_data[i16 + 15];
-
-    BF_ENCRYPT (buf[0], buf[1]);
-
-    pt3[2] = ct[0] ^ buf[0];
-    pt3[3] = ct[1] ^ buf[1];
-
-    buf[0] = ct[0];
-    buf[1] = ct[1];
-
-    sha1_update_64 (&sha1_ctx, pt0, pt1, pt2, pt3, 64);
+    sha1_update (&sha1_ctx, pt_remaining, remaining64);
   }
 
   sha1_final (&sha1_ctx);

docs/changes.txt

@@ -56,6 +56,7 @@
 - Backend Checks: Describe workaround in error message when detecting more than 64 backend devices
 - Brain: Added sanity check and corresponding error message for invalid --brain-port values
 - Modules: Added support for non-zero IVs for -m 6800 (Lastpass). Also added `tools/lastpass2hashcat.py`
+- Open Document Format: Added support for small documents with content length < 1024
 - Status Code: Add specific return code for self-test fail (-11)
 - Scrypt: Increase buffer sizes in module for hash mode 8900 to allow longer scrypt digests
 - Unicode: Update UTF-8 to UTF-16 conversion to match RFC 3629

src/modules/module_18600.c

@@ -60,6 +60,7 @@ typedef struct odf11
   u32 iv[2];
   u32 checksum[5];
   u32 encrypted_data[256];
+  int encrypted_len;
 
 } odf11_t;
 
@@ -261,18 +262,19 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   token.attr[10]    = TOKEN_ATTR_VERIFY_LENGTH
                     | TOKEN_ATTR_VERIFY_DIGIT;
 
-  token.len[11]     = 2048;
-  token.attr[11]    = TOKEN_ATTR_FIXED_LENGTH
+  token.len_min[11] = 16;
+  token.len_max[11] = 2048;
+  token.sep[11]     = '*';
+  token.attr[11]    = TOKEN_ATTR_VERIFY_LENGTH
                     | TOKEN_ATTR_VERIFY_HEX;
 
   const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
 
   if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
 
-  const u8 *checksum         = token.buf[5];
-  const u8 *iv               = token.buf[7];
-  const u8 *salt_buf         = token.buf[9];
-  const u8 *encrypted_data   = token.buf[11];
+  const u8 *checksum  = token.buf[5];
+  const u8 *iv        = token.buf[7];
+  const u8 *salt_buf  = token.buf[9];
 
   const u32 cipher_type   = strtol ((const char *) token.buf[1],  NULL, 10);
   const u32 checksum_type = strtol ((const char *) token.buf[2],  NULL, 10);
@@ -299,15 +301,19 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   odf11->checksum[3] = hex_to_u32 (&checksum[24]);
   odf11->checksum[4] = hex_to_u32 (&checksum[32]);
 
+  // iv
+
   odf11->iv[0] = byte_swap_32 (hex_to_u32 (&iv[0]));
   odf11->iv[1] = byte_swap_32 (hex_to_u32 (&iv[8]));
 
-  for (int i = 0, j = 0; i < 256; i += 1, j += 8)
-  {
-    odf11->encrypted_data[i] = hex_to_u32 (&encrypted_data[j]);
+  // ct
 
-    odf11->encrypted_data[i] = byte_swap_32 (odf11->encrypted_data[i]);
-  }
+  const int ct_len = token.len[11];
+  const u8 *ct_pos = token.buf[11];
+
+  odf11->encrypted_len = hex_decode (ct_pos, ct_len, (u8 *) odf11->encrypted_data);
+
+  for (int i = 0, j = 0; i < odf11->encrypted_len; i += 4, j += 1) odf11->encrypted_data[j] = byte_swap_32 (odf11->encrypted_data[j]);
 
   // salt
 
@@ -342,7 +348,19 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
 {
   const odf11_t *odf11 = (const odf11_t *) esalt_buf;
 
-  int out_len = snprintf (line_buf, line_size, "%s*0*0*%u*16*%08x%08x%08x%08x%08x*8*%08x%08x*16*%08x%08x%08x%08x*0*",
+  // ct
+
+  u32 ct_buf[256];
+
+  for (int i = 0; i < 256; i++) ct_buf[i] = byte_swap_32 (odf11->encrypted_data[i]);
+
+  u8 ct_buf8[(256 * 4 * 2) + 1];
+
+  const int ct_len = hex_encode ((const u8 *) ct_buf, odf11->encrypted_len, ct_buf8);
+
+  ct_buf8[ct_len] = 0;
+
+  const int out_len = snprintf (line_buf, line_size, "%s*0*0*%u*16*%08x%08x%08x%08x%08x*8*%08x%08x*16*%08x%08x%08x%08x*0*%s",
     SIGNATURE_ODF,
     odf11->iterations,
     byte_swap_32 (odf11->checksum[0]),
@@ -355,14 +373,8 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
     salt->salt_buf[0],
     salt->salt_buf[1],
     salt->salt_buf[2],
-    salt->salt_buf[3]);
-
-  u8 *out_buf = (u8 *) line_buf;
-
-  for (int i = 0; i < 256; i++)
-  {
-    u32_to_hex (byte_swap_32 (odf11->encrypted_data[i]), out_buf + out_len); out_len += 8;
-  }
+    salt->salt_buf[3],
+    (char *) ct_buf8);
 
   return out_len;
 }