arno
/
hashcat
mirror of https://github.com/hashcat/hashcat.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added hash-mode 14600 = LUKS

Browse Source
pull/981/head
jsteube 7 years ago
parent 99e2a4e12d
commit 8257883ec1
49 changed files with 24615 additions and 616 deletions
Show Stats Download Patch File Download Diff File

678
OpenCL/inc_cipher_aes256.cl → OpenCL/inc_cipher_aes.cl
Unescape View File

@ -690,7 +690,277 @@ __constant u32 rcon[] =
0x1b000000, 0x36000000,
};
static void aes256_ExpandKey (u32 *ks, const u32 *ukey)
#ifdef REAL_SHM
#define SHM_TYPE __local
#else
#define SHM_TYPE __constant
#endif
// 128 bit key
static void aes128_ExpandKey (u32 *ks, const u32 *ukey, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4)
{
ks[0] = ukey[0];
ks[1] = ukey[1];
ks[2] = ukey[2];
ks[3] = ukey[3];
for (u32 i = 0, j = 0; i < 10; i += 1, j += 4)
{
u32 temp = ks[j + 3];
temp = (s_te2[(temp >> 16) & 0xff] & 0xff000000)
^ (s_te3[(temp >> 8) & 0xff] & 0x00ff0000)
^ (s_te0[(temp >> 0) & 0xff] & 0x0000ff00)
^ (s_te1[(temp >> 24) & 0xff] & 0x000000ff);
ks[j + 4] = ks[j + 0]
^ temp
^ rcon[i];
ks[j + 5] = ks[j + 1] ^ ks[j + 4];
ks[j + 6] = ks[j + 2] ^ ks[j + 5];
ks[j + 7] = ks[j + 3] ^ ks[j + 6];
}
}
static void aes128_InvertKey (u32 *ks, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
for (u32 i = 0, j = 40; i < 20; i += 4, j -= 4)
{
u32 temp;
temp = ks[i + 0]; ks[i + 0] = ks[j + 0]; ks[j + 0] = temp;
temp = ks[i + 1]; ks[i + 1] = ks[j + 1]; ks[j + 1] = temp;
temp = ks[i + 2]; ks[i + 2] = ks[j + 2]; ks[j + 2] = temp;
temp = ks[i + 3]; ks[i + 3] = ks[j + 3]; ks[j + 3] = temp;
}
for (u32 i = 1, j = 4; i < 10; i += 1, j += 4)
{
ks[j + 0] =
s_td0[s_te1[(ks[j + 0] >> 24) & 0xff] & 0xff] ^
s_td1[s_te1[(ks[j + 0] >> 16) & 0xff] & 0xff] ^
s_td2[s_te1[(ks[j + 0] >> 8) & 0xff] & 0xff] ^
s_td3[s_te1[(ks[j + 0] >> 0) & 0xff] & 0xff];
ks[j + 1] =
s_td0[s_te1[(ks[j + 1] >> 24) & 0xff] & 0xff] ^
s_td1[s_te1[(ks[j + 1] >> 16) & 0xff] & 0xff] ^
s_td2[s_te1[(ks[j + 1] >> 8) & 0xff] & 0xff] ^
s_td3[s_te1[(ks[j + 1] >> 0) & 0xff] & 0xff];
ks[j + 2] =
s_td0[s_te1[(ks[j + 2] >> 24) & 0xff] & 0xff] ^
s_td1[s_te1[(ks[j + 2] >> 16) & 0xff] & 0xff] ^
s_td2[s_te1[(ks[j + 2] >> 8) & 0xff] & 0xff] ^
s_td3[s_te1[(ks[j + 2] >> 0) & 0xff] & 0xff];
ks[j + 3] =
s_td0[s_te1[(ks[j + 3] >> 24) & 0xff] & 0xff] ^
s_td1[s_te1[(ks[j + 3] >> 16) & 0xff] & 0xff] ^
s_td2[s_te1[(ks[j + 3] >> 8) & 0xff] & 0xff] ^
s_td3[s_te1[(ks[j + 3] >> 0) & 0xff] & 0xff];
}
}
static void aes128_set_encrypt_key (u32 *ks, const u32 *ukey, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4)
{
u32 ukey_s[4];
ukey_s[0] = swap32_S (ukey[0]);
ukey_s[1] = swap32_S (ukey[1]);
ukey_s[2] = swap32_S (ukey[2]);
ukey_s[3] = swap32_S (ukey[3]);
aes128_ExpandKey (ks, ukey_s, s_te0, s_te1, s_te2, s_te3, s_te4);
}
static void aes128_set_decrypt_key (u32 *ks, const u32 *ukey, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
u32 ukey_s[4];
ukey_s[0] = swap32_S (ukey[0]);
ukey_s[1] = swap32_S (ukey[1]);
ukey_s[2] = swap32_S (ukey[2]);
ukey_s[3] = swap32_S (ukey[3]);
aes128_ExpandKey (ks, ukey_s, s_te0, s_te1, s_te2, s_te3, s_te4);
aes128_InvertKey (ks, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
}
static void aes128_encrypt (const u32 *ks, const u32 *in, u32 *out, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4)
{
u32 s0 = swap32_S (in[0]);
u32 s1 = swap32_S (in[1]);
u32 s2 = swap32_S (in[2]);
u32 s3 = swap32_S (in[3]);
s0 ^= ks[0];
s1 ^= ks[1];
s2 ^= ks[2];
s3 ^= ks[3];
u32 t0;
u32 t1;
u32 t2;
u32 t3;
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[ 4];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[ 5];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[ 6];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[ 7];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[ 8];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[ 9];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[10];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[11];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[12];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[13];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[14];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[15];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[16];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[17];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[18];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[19];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[20];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[21];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[22];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[23];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[24];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[25];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[26];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[27];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[28];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[29];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[30];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[31];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[32];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[33];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[34];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[35];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[36];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[37];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[38];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[39];
out[0] = (s_te4[(t0 >> 24) & 0xff] & 0xff000000)
^ (s_te4[(t1 >> 16) & 0xff] & 0x00ff0000)
^ (s_te4[(t2 >> 8) & 0xff] & 0x0000ff00)
^ (s_te4[(t3 >> 0) & 0xff] & 0x000000ff)
^ ks[40];
out[1] = (s_te4[(t1 >> 24) & 0xff] & 0xff000000)
^ (s_te4[(t2 >> 16) & 0xff] & 0x00ff0000)
^ (s_te4[(t3 >> 8) & 0xff] & 0x0000ff00)
^ (s_te4[(t0 >> 0) & 0xff] & 0x000000ff)
^ ks[41];
out[2] = (s_te4[(t2 >> 24) & 0xff] & 0xff000000)
^ (s_te4[(t3 >> 16) & 0xff] & 0x00ff0000)
^ (s_te4[(t0 >> 8) & 0xff] & 0x0000ff00)
^ (s_te4[(t1 >> 0) & 0xff] & 0x000000ff)
^ ks[42];
out[3] = (s_te4[(t3 >> 24) & 0xff] & 0xff000000)
^ (s_te4[(t0 >> 16) & 0xff] & 0x00ff0000)
^ (s_te4[(t1 >> 8) & 0xff] & 0x0000ff00)
^ (s_te4[(t2 >> 0) & 0xff] & 0x000000ff)
^ ks[43];
out[0] = swap32_S (out[0]);
out[1] = swap32_S (out[1]);
out[2] = swap32_S (out[2]);
out[3] = swap32_S (out[3]);
}
static void aes128_decrypt (const u32 *ks, const u32 *in, u32 *out, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
u32 s0 = swap32_S (in[0]);
u32 s1 = swap32_S (in[1]);
u32 s2 = swap32_S (in[2]);
u32 s3 = swap32_S (in[3]);
s0 ^= ks[0];
s1 ^= ks[1];
s2 ^= ks[2];
s3 ^= ks[3];
u32 t0;
u32 t1;
u32 t2;
u32 t3;
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[ 4];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[ 5];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[ 6];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[ 7];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[ 8];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[ 9];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[10];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[11];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[12];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[13];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[14];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[15];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[16];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[17];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[18];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[19];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[20];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[21];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[22];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[23];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[24];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[25];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[26];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[27];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[28];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[29];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[30];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[31];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[32];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[33];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[34];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[35];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[36];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[37];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[38];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[39];
out[0] = (s_td4[(t0 >> 24) & 0xff] & 0xff000000)
^ (s_td4[(t3 >> 16) & 0xff] & 0x00ff0000)
^ (s_td4[(t2 >> 8) & 0xff] & 0x0000ff00)
^ (s_td4[(t1 >> 0) & 0xff] & 0x000000ff)
^ ks[40];
out[1] = (s_td4[(t1 >> 24) & 0xff] & 0xff000000)
^ (s_td4[(t0 >> 16) & 0xff] & 0x00ff0000)
^ (s_td4[(t3 >> 8) & 0xff] & 0x0000ff00)
^ (s_td4[(t2 >> 0) & 0xff] & 0x000000ff)
^ ks[41];
out[2] = (s_td4[(t2 >> 24) & 0xff] & 0xff000000)
^ (s_td4[(t1 >> 16) & 0xff] & 0x00ff0000)
^ (s_td4[(t0 >> 8) & 0xff] & 0x0000ff00)
^ (s_td4[(t3 >> 0) & 0xff] & 0x000000ff)
^ ks[42];
out[3] = (s_td4[(t3 >> 24) & 0xff] & 0xff000000)
^ (s_td4[(t2 >> 16) & 0xff] & 0x00ff0000)
^ (s_td4[(t1 >> 8) & 0xff] & 0x0000ff00)
^ (s_td4[(t0 >> 0) & 0xff] & 0x000000ff)
^ ks[43];
out[0] = swap32_S (out[0]);
out[1] = swap32_S (out[1]);
out[2] = swap32_S (out[2]);
out[3] = swap32_S (out[3]);
}
// 256 bit key
static void aes256_ExpandKey (u32 *ks, const u32 *ukey, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4)
{
ks[0] = ukey[0];
ks[1] = ukey[1];
@ -709,10 +979,10 @@ static void aes256_ExpandKey (u32 *ks, const u32 *ukey)
const u32 temp1 = ks[j + 7];
ks[j + 8] = ks[j + 0]
^ (te2[(temp1 >> 16) & 0xff] & 0xff000000)
^ (te3[(temp1 >> 8) & 0xff] & 0x00ff0000)
^ (te0[(temp1 >> 0) & 0xff] & 0x0000ff00)
^ (te1[(temp1 >> 24) & 0xff] & 0x000000ff)
^ (s_te2[(temp1 >> 16) & 0xff] & 0xff000000)
^ (s_te3[(temp1 >> 8) & 0xff] & 0x00ff0000)
^ (s_te0[(temp1 >> 0) & 0xff] & 0x0000ff00)
^ (s_te1[(temp1 >> 24) & 0xff] & 0x000000ff)
^ rcon[i];
ks[j + 9] = ks[j + 1] ^ ks[j + 8];
@ -724,10 +994,10 @@ static void aes256_ExpandKey (u32 *ks, const u32 *ukey)
const u32 temp2 = ks[j + 11];
ks[j + 12] = ks[j + 4]
^ (te2[(temp2 >> 24) & 0xff] & 0xff000000)
^ (te3[(temp2 >> 16) & 0xff] & 0x00ff0000)
^ (te0[(temp2 >> 8) & 0xff] & 0x0000ff00)
^ (te1[(temp2 >> 0) & 0xff] & 0x000000ff);
^ (s_te2[(temp2 >> 24) & 0xff] & 0xff000000)
^ (s_te3[(temp2 >> 16) & 0xff] & 0x00ff0000)
^ (s_te0[(temp2 >> 8) & 0xff] & 0x0000ff00)
^ (s_te1[(temp2 >> 0) & 0xff] & 0x000000ff);
ks[j + 13] = ks[j + 5] ^ ks[j + 12];
ks[j + 14] = ks[j + 6] ^ ks[j + 13];
@ -735,9 +1005,9 @@ static void aes256_ExpandKey (u32 *ks, const u32 *ukey)
}
}
static void aes256_InvertKey (u32 *ks)
static void aes256_InvertKey (u32 *ks, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
for (u32 i = 0, j = 56; i < j; i += 4, j -= 4)
for (u32 i = 0, j = 56; i < 28; i += 4, j -= 4)
{
u32 temp;
@ -750,71 +1020,71 @@ static void aes256_InvertKey (u32 *ks)
for (u32 i = 1, j = 4; i < 14; i += 1, j += 4)
{
ks[j + 0] =
td0[te1[(ks[j + 0] >> 24) & 0xff] & 0xff] ^
td1[te1[(ks[j + 0] >> 16) & 0xff] & 0xff] ^
td2[te1[(ks[j + 0] >> 8) & 0xff] & 0xff] ^
td3[te1[(ks[j + 0] >> 0) & 0xff] & 0xff];
s_td0[s_te1[(ks[j + 0] >> 24) & 0xff] & 0xff] ^
s_td1[s_te1[(ks[j + 0] >> 16) & 0xff] & 0xff] ^
s_td2[s_te1[(ks[j + 0] >> 8) & 0xff] & 0xff] ^
s_td3[s_te1[(ks[j + 0] >> 0) & 0xff] & 0xff];
ks[j + 1] =
td0[te1[(ks[j + 1] >> 24) & 0xff] & 0xff] ^
td1[te1[(ks[j + 1] >> 16) & 0xff] & 0xff] ^
td2[te1[(ks[j + 1] >> 8) & 0xff] & 0xff] ^
td3[te1[(ks[j + 1] >> 0) & 0xff] & 0xff];
s_td0[s_te1[(ks[j + 1] >> 24) & 0xff] & 0xff] ^
s_td1[s_te1[(ks[j + 1] >> 16) & 0xff] & 0xff] ^
s_td2[s_te1[(ks[j + 1] >> 8) & 0xff] & 0xff] ^
s_td3[s_te1[(ks[j + 1] >> 0) & 0xff] & 0xff];
ks[j + 2] =
td0[te1[(ks[j + 2] >> 24) & 0xff] & 0xff] ^
td1[te1[(ks[j + 2] >> 16) & 0xff] & 0xff] ^
td2[te1[(ks[j + 2] >> 8) & 0xff] & 0xff] ^
td3[te1[(ks[j + 2] >> 0) & 0xff] & 0xff];
s_td0[s_te1[(ks[j + 2] >> 24) & 0xff] & 0xff] ^
s_td1[s_te1[(ks[j + 2] >> 16) & 0xff] & 0xff] ^
s_td2[s_te1[(ks[j + 2] >> 8) & 0xff] & 0xff] ^
s_td3[s_te1[(ks[j + 2] >> 0) & 0xff] & 0xff];
ks[j + 3] =
td0[te1[(ks[j + 3] >> 24) & 0xff] & 0xff] ^
td1[te1[(ks[j + 3] >> 16) & 0xff] & 0xff] ^
td2[te1[(ks[j + 3] >> 8) & 0xff] & 0xff] ^
td3[te1[(ks[j + 3] >> 0) & 0xff] & 0xff];
s_td0[s_te1[(ks[j + 3] >> 24) & 0xff] & 0xff] ^
s_td1[s_te1[(ks[j + 3] >> 16) & 0xff] & 0xff] ^
s_td2[s_te1[(ks[j + 3] >> 8) & 0xff] & 0xff] ^
s_td3[s_te1[(ks[j + 3] >> 0) & 0xff] & 0xff];
}
}
static void aes256_set_encrypt_key (u32 *ks, const u32 *ukey)
static void aes256_set_encrypt_key (u32 *ks, const u32 *ukey, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4)
{
u32 ukey_s[8];
ukey_s[0] = swap32 (ukey[0]);
ukey_s[1] = swap32 (ukey[1]);
ukey_s[2] = swap32 (ukey[2]);
ukey_s[3] = swap32 (ukey[3]);
ukey_s[4] = swap32 (ukey[4]);
ukey_s[5] = swap32 (ukey[5]);
ukey_s[6] = swap32 (ukey[6]);
ukey_s[7] = swap32 (ukey[7]);
ukey_s[0] = swap32_S (ukey[0]);
ukey_s[1] = swap32_S (ukey[1]);
ukey_s[2] = swap32_S (ukey[2]);
ukey_s[3] = swap32_S (ukey[3]);
ukey_s[4] = swap32_S (ukey[4]);
ukey_s[5] = swap32_S (ukey[5]);
ukey_s[6] = swap32_S (ukey[6]);
ukey_s[7] = swap32_S (ukey[7]);
aes256_ExpandKey (ks, ukey_s);
aes256_ExpandKey (ks, ukey_s, s_te0, s_te1, s_te2, s_te3, s_te4);
}
static void aes256_set_decrypt_key (u32 *ks, const u32 *ukey)
static void aes256_set_decrypt_key (u32 *ks, const u32 *ukey, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
u32 ukey_s[8];
ukey_s[0] = swap32 (ukey[0]);
ukey_s[1] = swap32 (ukey[1]);
ukey_s[2] = swap32 (ukey[2]);
ukey_s[3] = swap32 (ukey[3]);
ukey_s[4] = swap32 (ukey[4]);
ukey_s[5] = swap32 (ukey[5]);
ukey_s[6] = swap32 (ukey[6]);
ukey_s[7] = swap32 (ukey[7]);
ukey_s[0] = swap32_S (ukey[0]);
ukey_s[1] = swap32_S (ukey[1]);
ukey_s[2] = swap32_S (ukey[2]);
ukey_s[3] = swap32_S (ukey[3]);
ukey_s[4] = swap32_S (ukey[4]);
ukey_s[5] = swap32_S (ukey[5]);
ukey_s[6] = swap32_S (ukey[6]);
ukey_s[7] = swap32_S (ukey[7]);
aes256_ExpandKey (ks, ukey_s);
aes256_ExpandKey (ks, ukey_s, s_te0, s_te1, s_te2, s_te3, s_te4);
aes256_InvertKey (ks);
aes256_InvertKey (ks, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
}
static void aes256_decrypt (const u32 *ks, const u32 *in, u32 *out)
static void aes256_encrypt (const u32 *ks, const u32 *in, u32 *out, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4)
{
u32 s0 = swap32 (in[0]);
u32 s1 = swap32 (in[1]);
u32 s2 = swap32 (in[2]);
u32 s3 = swap32 (in[3]);
u32 s0 = swap32_S (in[0]);
u32 s1 = swap32_S (in[1]);
u32 s2 = swap32_S (in[2]);
u32 s3 = swap32_S (in[3]);
s0 ^= ks[0];
s1 ^= ks[1];
@ -826,95 +1096,95 @@ static void aes256_decrypt (const u32 *ks, const u32 *in, u32 *out)
u32 t2;
u32 t3;
t0 = td0[s0 >> 24] ^ td1[(s3 >> 16) & 0xff] ^ td2[(s2 >> 8) & 0xff] ^ td3[s1 & 0xff] ^ ks[ 4];
t1 = td0[s1 >> 24] ^ td1[(s0 >> 16) & 0xff] ^ td2[(s3 >> 8) & 0xff] ^ td3[s2 & 0xff] ^ ks[ 5];
t2 = td0[s2 >> 24] ^ td1[(s1 >> 16) & 0xff] ^ td2[(s0 >> 8) & 0xff] ^ td3[s3 & 0xff] ^ ks[ 6];
t3 = td0[s3 >> 24] ^ td1[(s2 >> 16) & 0xff] ^ td2[(s1 >> 8) & 0xff] ^ td3[s0 & 0xff] ^ ks[ 7];
s0 = td0[t0 >> 24] ^ td1[(t3 >> 16) & 0xff] ^ td2[(t2 >> 8) & 0xff] ^ td3[t1 & 0xff] ^ ks[ 8];
s1 = td0[t1 >> 24] ^ td1[(t0 >> 16) & 0xff] ^ td2[(t3 >> 8) & 0xff] ^ td3[t2 & 0xff] ^ ks[ 9];
s2 = td0[t2 >> 24] ^ td1[(t1 >> 16) & 0xff] ^ td2[(t0 >> 8) & 0xff] ^ td3[t3 & 0xff] ^ ks[10];
s3 = td0[t3 >> 24] ^ td1[(t2 >> 16) & 0xff] ^ td2[(t1 >> 8) & 0xff] ^ td3[t0 & 0xff] ^ ks[11];
t0 = td0[s0 >> 24] ^ td1[(s3 >> 16) & 0xff] ^ td2[(s2 >> 8) & 0xff] ^ td3[s1 & 0xff] ^ ks[12];
t1 = td0[s1 >> 24] ^ td1[(s0 >> 16) & 0xff] ^ td2[(s3 >> 8) & 0xff] ^ td3[s2 & 0xff] ^ ks[13];
t2 = td0[s2 >> 24] ^ td1[(s1 >> 16) & 0xff] ^ td2[(s0 >> 8) & 0xff] ^ td3[s3 & 0xff] ^ ks[14];
t3 = td0[s3 >> 24] ^ td1[(s2 >> 16) & 0xff] ^ td2[(s1 >> 8) & 0xff] ^ td3[s0 & 0xff] ^ ks[15];
s0 = td0[t0 >> 24] ^ td1[(t3 >> 16) & 0xff] ^ td2[(t2 >> 8) & 0xff] ^ td3[t1 & 0xff] ^ ks[16];
s1 = td0[t1 >> 24] ^ td1[(t0 >> 16) & 0xff] ^ td2[(t3 >> 8) & 0xff] ^ td3[t2 & 0xff] ^ ks[17];
s2 = td0[t2 >> 24] ^ td1[(t1 >> 16) & 0xff] ^ td2[(t0 >> 8) & 0xff] ^ td3[t3 & 0xff] ^ ks[18];
s3 = td0[t3 >> 24] ^ td1[(t2 >> 16) & 0xff] ^ td2[(t1 >> 8) & 0xff] ^ td3[t0 & 0xff] ^ ks[19];
t0 = td0[s0 >> 24] ^ td1[(s3 >> 16) & 0xff] ^ td2[(s2 >> 8) & 0xff] ^ td3[s1 & 0xff] ^ ks[20];
t1 = td0[s1 >> 24] ^ td1[(s0 >> 16) & 0xff] ^ td2[(s3 >> 8) & 0xff] ^ td3[s2 & 0xff] ^ ks[21];
t2 = td0[s2 >> 24] ^ td1[(s1 >> 16) & 0xff] ^ td2[(s0 >> 8) & 0xff] ^ td3[s3 & 0xff] ^ ks[22];
t3 = td0[s3 >> 24] ^ td1[(s2 >> 16) & 0xff] ^ td2[(s1 >> 8) & 0xff] ^ td3[s0 & 0xff] ^ ks[23];
s0 = td0[t0 >> 24] ^ td1[(t3 >> 16) & 0xff] ^ td2[(t2 >> 8) & 0xff] ^ td3[t1 & 0xff] ^ ks[24];
s1 = td0[t1 >> 24] ^ td1[(t0 >> 16) & 0xff] ^ td2[(t3 >> 8) & 0xff] ^ td3[t2 & 0xff] ^ ks[25];
s2 = td0[t2 >> 24] ^ td1[(t1 >> 16) & 0xff] ^ td2[(t0 >> 8) & 0xff] ^ td3[t3 & 0xff] ^ ks[26];
s3 = td0[t3 >> 24] ^ td1[(t2 >> 16) & 0xff] ^ td2[(t1 >> 8) & 0xff] ^ td3[t0 & 0xff] ^ ks[27];
t0 = td0[s0 >> 24] ^ td1[(s3 >> 16) & 0xff] ^ td2[(s2 >> 8) & 0xff] ^ td3[s1 & 0xff] ^ ks[28];
t1 = td0[s1 >> 24] ^ td1[(s0 >> 16) & 0xff] ^ td2[(s3 >> 8) & 0xff] ^ td3[s2 & 0xff] ^ ks[29];
t2 = td0[s2 >> 24] ^ td1[(s1 >> 16) & 0xff] ^ td2[(s0 >> 8) & 0xff] ^ td3[s3 & 0xff] ^ ks[30];
t3 = td0[s3 >> 24] ^ td1[(s2 >> 16) & 0xff] ^ td2[(s1 >> 8) & 0xff] ^ td3[s0 & 0xff] ^ ks[31];
s0 = td0[t0 >> 24] ^ td1[(t3 >> 16) & 0xff] ^ td2[(t2 >> 8) & 0xff] ^ td3[t1 & 0xff] ^ ks[32];
s1 = td0[t1 >> 24] ^ td1[(t0 >> 16) & 0xff] ^ td2[(t3 >> 8) & 0xff] ^ td3[t2 & 0xff] ^ ks[33];
s2 = td0[t2 >> 24] ^ td1[(t1 >> 16) & 0xff] ^ td2[(t0 >> 8) & 0xff] ^ td3[t3 & 0xff] ^ ks[34];
s3 = td0[t3 >> 24] ^ td1[(t2 >> 16) & 0xff] ^ td2[(t1 >> 8) & 0xff] ^ td3[t0 & 0xff] ^ ks[35];
t0 = td0[s0 >> 24] ^ td1[(s3 >> 16) & 0xff] ^ td2[(s2 >> 8) & 0xff] ^ td3[s1 & 0xff] ^ ks[36];
t1 = td0[s1 >> 24] ^ td1[(s0 >> 16) & 0xff] ^ td2[(s3 >> 8) & 0xff] ^ td3[s2 & 0xff] ^ ks[37];
t2 = td0[s2 >> 24] ^ td1[(s1 >> 16) & 0xff] ^ td2[(s0 >> 8) & 0xff] ^ td3[s3 & 0xff] ^ ks[38];
t3 = td0[s3 >> 24] ^ td1[(s2 >> 16) & 0xff] ^ td2[(s1 >> 8) & 0xff] ^ td3[s0 & 0xff] ^ ks[39];
s0 = td0[t0 >> 24] ^ td1[(t3 >> 16) & 0xff] ^ td2[(t2 >> 8) & 0xff] ^ td3[t1 & 0xff] ^ ks[40];
s1 = td0[t1 >> 24] ^ td1[(t0 >> 16) & 0xff] ^ td2[(t3 >> 8) & 0xff] ^ td3[t2 & 0xff] ^ ks[41];
s2 = td0[t2 >> 24] ^ td1[(t1 >> 16) & 0xff] ^ td2[(t0 >> 8) & 0xff] ^ td3[t3 & 0xff] ^ ks[42];
s3 = td0[t3 >> 24] ^ td1[(t2 >> 16) & 0xff] ^ td2[(t1 >> 8) & 0xff] ^ td3[t0 & 0xff] ^ ks[43];
t0 = td0[s0 >> 24] ^ td1[(s3 >> 16) & 0xff] ^ td2[(s2 >> 8) & 0xff] ^ td3[s1 & 0xff] ^ ks[44];
t1 = td0[s1 >> 24] ^ td1[(s0 >> 16) & 0xff] ^ td2[(s3 >> 8) & 0xff] ^ td3[s2 & 0xff] ^ ks[45];
t2 = td0[s2 >> 24] ^ td1[(s1 >> 16) & 0xff] ^ td2[(s0 >> 8) & 0xff] ^ td3[s3 & 0xff] ^ ks[46];
t3 = td0[s3 >> 24] ^ td1[(s2 >> 16) & 0xff] ^ td2[(s1 >> 8) & 0xff] ^ td3[s0 & 0xff] ^ ks[47];
s0 = td0[t0 >> 24] ^ td1[(t3 >> 16) & 0xff] ^ td2[(t2 >> 8) & 0xff] ^ td3[t1 & 0xff] ^ ks[48];
s1 = td0[t1 >> 24] ^ td1[(t0 >> 16) & 0xff] ^ td2[(t3 >> 8) & 0xff] ^ td3[t2 & 0xff] ^ ks[49];
s2 = td0[t2 >> 24] ^ td1[(t1 >> 16) & 0xff] ^ td2[(t0 >> 8) & 0xff] ^ td3[t3 & 0xff] ^ ks[50];
s3 = td0[t3 >> 24] ^ td1[(t2 >> 16) & 0xff] ^ td2[(t1 >> 8) & 0xff] ^ td3[t0 & 0xff] ^ ks[51];
t0 = td0[s0 >> 24] ^ td1[(s3 >> 16) & 0xff] ^ td2[(s2 >> 8) & 0xff] ^ td3[s1 & 0xff] ^ ks[52];
t1 = td0[s1 >> 24] ^ td1[(s0 >> 16) & 0xff] ^ td2[(s3 >> 8) & 0xff] ^ td3[s2 & 0xff] ^ ks[53];
t2 = td0[s2 >> 24] ^ td1[(s1 >> 16) & 0xff] ^ td2[(s0 >> 8) & 0xff] ^ td3[s3 & 0xff] ^ ks[54];
t3 = td0[s3 >> 24] ^ td1[(s2 >> 16) & 0xff] ^ td2[(s1 >> 8) & 0xff] ^ td3[s0 & 0xff] ^ ks[55];
out[0] = (td4[(t0 >> 24) & 0xff] & 0xff000000)
^ (td4[(t3 >> 16) & 0xff] & 0x00ff0000)
^ (td4[(t2 >> 8) & 0xff] & 0x0000ff00)
^ (td4[(t1 >> 0) & 0xff] & 0x000000ff)
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[ 4];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[ 5];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[ 6];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[ 7];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[ 8];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[ 9];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[10];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[11];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[12];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[13];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[14];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[15];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[16];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[17];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[18];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[19];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[20];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[21];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[22];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[23];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[24];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[25];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[26];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[27];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[28];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[29];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[30];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[31];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[32];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[33];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[34];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[35];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[36];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[37];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[38];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[39];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[40];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[41];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[42];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[43];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[44];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[45];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[46];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[47];
s0 = s_te0[t0 >> 24] ^ s_te1[(t1 >> 16) & 0xff] ^ s_te2[(t2 >> 8) & 0xff] ^ s_te3[t3 & 0xff] ^ ks[48];
s1 = s_te0[t1 >> 24] ^ s_te1[(t2 >> 16) & 0xff] ^ s_te2[(t3 >> 8) & 0xff] ^ s_te3[t0 & 0xff] ^ ks[49];
s2 = s_te0[t2 >> 24] ^ s_te1[(t3 >> 16) & 0xff] ^ s_te2[(t0 >> 8) & 0xff] ^ s_te3[t1 & 0xff] ^ ks[50];
s3 = s_te0[t3 >> 24] ^ s_te1[(t0 >> 16) & 0xff] ^ s_te2[(t1 >> 8) & 0xff] ^ s_te3[t2 & 0xff] ^ ks[51];
t0 = s_te0[s0 >> 24] ^ s_te1[(s1 >> 16) & 0xff] ^ s_te2[(s2 >> 8) & 0xff] ^ s_te3[s3 & 0xff] ^ ks[52];
t1 = s_te0[s1 >> 24] ^ s_te1[(s2 >> 16) & 0xff] ^ s_te2[(s3 >> 8) & 0xff] ^ s_te3[s0 & 0xff] ^ ks[53];
t2 = s_te0[s2 >> 24] ^ s_te1[(s3 >> 16) & 0xff] ^ s_te2[(s0 >> 8) & 0xff] ^ s_te3[s1 & 0xff] ^ ks[54];
t3 = s_te0[s3 >> 24] ^ s_te1[(s0 >> 16) & 0xff] ^ s_te2[(s1 >> 8) & 0xff] ^ s_te3[s2 & 0xff] ^ ks[55];
out[0] = (s_te4[(t0 >> 24) & 0xff] & 0xff000000)
^ (s_te4[(t1 >> 16) & 0xff] & 0x00ff0000)
^ (s_te4[(t2 >> 8) & 0xff] & 0x0000ff00)
^ (s_te4[(t3 >> 0) & 0xff] & 0x000000ff)
^ ks[56];
out[1] = (td4[(t1 >> 24) & 0xff] & 0xff000000)
^ (td4[(t0 >> 16) & 0xff] & 0x00ff0000)
^ (td4[(t3 >> 8) & 0xff] & 0x0000ff00)
^ (td4[(t2 >> 0) & 0xff] & 0x000000ff)
out[1] = (s_te4[(t1 >> 24) & 0xff] & 0xff000000)
^ (s_te4[(t2 >> 16) & 0xff] & 0x00ff0000)
^ (s_te4[(t3 >> 8) & 0xff] & 0x0000ff00)
^ (s_te4[(t0 >> 0) & 0xff] & 0x000000ff)
^ ks[57];
out[2] = (td4[(t2 >> 24) & 0xff] & 0xff000000)
^ (td4[(t1 >> 16) & 0xff] & 0x00ff0000)
^ (td4[(t0 >> 8) & 0xff] & 0x0000ff00)
^ (td4[(t3 >> 0) & 0xff] & 0x000000ff)
out[2] = (s_te4[(t2 >> 24) & 0xff] & 0xff000000)
^ (s_te4[(t3 >> 16) & 0xff] & 0x00ff0000)
^ (s_te4[(t0 >> 8) & 0xff] & 0x0000ff00)
^ (s_te4[(t1 >> 0) & 0xff] & 0x000000ff)
^ ks[58];
out[3] = (td4[(t3 >> 24) & 0xff] & 0xff000000)
^ (td4[(t2 >> 16) & 0xff] & 0x00ff0000)
^ (td4[(t1 >> 8) & 0xff] & 0x0000ff00)
^ (td4[(t0 >> 0) & 0xff] & 0x000000ff)
out[3] = (s_te4[(t3 >> 24) & 0xff] & 0xff000000)
^ (s_te4[(t0 >> 16) & 0xff] & 0x00ff0000)
^ (s_te4[(t1 >> 8) & 0xff] & 0x0000ff00)
^ (s_te4[(t2 >> 0) & 0xff] & 0x000000ff)
^ ks[59];
out[0] = swap32 (out[0]);
out[1] = swap32 (out[1]);
out[2] = swap32 (out[2]);
out[3] = swap32 (out[3]);
out[0] = swap32_S (out[0]);
out[1] = swap32_S (out[1]);
out[2] = swap32_S (out[2]);
out[3] = swap32_S (out[3]);
}
static void aes256_encrypt (const u32 *ks, const u32 *in, u32 *out)
static void aes256_decrypt (const u32 *ks, const u32 *in, u32 *out, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
u32 s0 = swap32 (in[0]);
u32 s1 = swap32 (in[1]);
u32 s2 = swap32 (in[2]);
u32 s3 = swap32 (in[3]);
u32 s0 = swap32_S (in[0]);
u32 s1 = swap32_S (in[1]);
u32 s2 = swap32_S (in[2]);
u32 s3 = swap32_S (in[3]);
s0 ^= ks[0];
s1 ^= ks[1];
@ -926,85 +1196,85 @@ static void aes256_encrypt (const u32 *ks, const u32 *in, u32 *out)
u32 t2;
u32 t3;
t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ ks[ 4];
t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ ks[ 5];
t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ ks[ 6];
t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ ks[ 7];
s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ ks[ 8];
s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ ks[ 9];
s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ ks[10];
s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ ks[11];
t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ ks[12];
t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ ks[13];
t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ ks[14];
t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ ks[15];
s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ ks[16];
s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ ks[17];
s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ ks[18];
s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ ks[19];
t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ ks[20];
t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ ks[21];
t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ ks[22];
t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ ks[23];
s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ ks[24];
s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ ks[25];
s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ ks[26];
s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ ks[27];
t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ ks[28];
t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ ks[29];
t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ ks[30];
t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ ks[31];
s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ ks[32];
s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ ks[33];
s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ ks[34];
s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ ks[35];
t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ ks[36];
t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ ks[37];
t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ ks[38];
t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ ks[39];
s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ ks[40];
s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ ks[41];
s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ ks[42];
s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ ks[43];
t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ ks[44];
t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ ks[45];
t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ ks[46];
t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ ks[47];
s0 = te0[t0 >> 24] ^ te1[(t1 >> 16) & 0xff] ^ te2[(t2 >> 8) & 0xff] ^ te3[t3 & 0xff] ^ ks[48];
s1 = te0[t1 >> 24] ^ te1[(t2 >> 16) & 0xff] ^ te2[(t3 >> 8) & 0xff] ^ te3[t0 & 0xff] ^ ks[49];
s2 = te0[t2 >> 24] ^ te1[(t3 >> 16) & 0xff] ^ te2[(t0 >> 8) & 0xff] ^ te3[t1 & 0xff] ^ ks[50];
s3 = te0[t3 >> 24] ^ te1[(t0 >> 16) & 0xff] ^ te2[(t1 >> 8) & 0xff] ^ te3[t2 & 0xff] ^ ks[51];
t0 = te0[s0 >> 24] ^ te1[(s1 >> 16) & 0xff] ^ te2[(s2 >> 8) & 0xff] ^ te3[s3 & 0xff] ^ ks[52];
t1 = te0[s1 >> 24] ^ te1[(s2 >> 16) & 0xff] ^ te2[(s3 >> 8) & 0xff] ^ te3[s0 & 0xff] ^ ks[53];
t2 = te0[s2 >> 24] ^ te1[(s3 >> 16) & 0xff] ^ te2[(s0 >> 8) & 0xff] ^ te3[s1 & 0xff] ^ ks[54];
t3 = te0[s3 >> 24] ^ te1[(s0 >> 16) & 0xff] ^ te2[(s1 >> 8) & 0xff] ^ te3[s2 & 0xff] ^ ks[55];
out[0] = (te4[(t0 >> 24) & 0xff] & 0xff000000)
^ (te4[(t1 >> 16) & 0xff] & 0x00ff0000)
^ (te4[(t2 >> 8) & 0xff] & 0x0000ff00)
^ (te4[(t3 >> 0) & 0xff] & 0x000000ff)
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[ 4];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[ 5];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[ 6];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[ 7];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[ 8];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[ 9];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[10];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[11];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[12];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[13];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[14];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[15];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[16];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[17];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[18];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[19];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[20];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[21];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[22];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[23];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[24];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[25];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[26];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[27];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[28];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[29];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[30];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[31];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[32];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[33];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[34];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[35];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[36];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[37];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[38];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[39];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[40];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[41];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[42];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[43];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[44];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[45];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[46];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[47];
s0 = s_td0[t0 >> 24] ^ s_td1[(t3 >> 16) & 0xff] ^ s_td2[(t2 >> 8) & 0xff] ^ s_td3[t1 & 0xff] ^ ks[48];
s1 = s_td0[t1 >> 24] ^ s_td1[(t0 >> 16) & 0xff] ^ s_td2[(t3 >> 8) & 0xff] ^ s_td3[t2 & 0xff] ^ ks[49];
s2 = s_td0[t2 >> 24] ^ s_td1[(t1 >> 16) & 0xff] ^ s_td2[(t0 >> 8) & 0xff] ^ s_td3[t3 & 0xff] ^ ks[50];
s3 = s_td0[t3 >> 24] ^ s_td1[(t2 >> 16) & 0xff] ^ s_td2[(t1 >> 8) & 0xff] ^ s_td3[t0 & 0xff] ^ ks[51];
t0 = s_td0[s0 >> 24] ^ s_td1[(s3 >> 16) & 0xff] ^ s_td2[(s2 >> 8) & 0xff] ^ s_td3[s1 & 0xff] ^ ks[52];
t1 = s_td0[s1 >> 24] ^ s_td1[(s0 >> 16) & 0xff] ^ s_td2[(s3 >> 8) & 0xff] ^ s_td3[s2 & 0xff] ^ ks[53];
t2 = s_td0[s2 >> 24] ^ s_td1[(s1 >> 16) & 0xff] ^ s_td2[(s0 >> 8) & 0xff] ^ s_td3[s3 & 0xff] ^ ks[54];
t3 = s_td0[s3 >> 24] ^ s_td1[(s2 >> 16) & 0xff] ^ s_td2[(s1 >> 8) & 0xff] ^ s_td3[s0 & 0xff] ^ ks[55];
out[0] = (s_td4[(t0 >> 24) & 0xff] & 0xff000000)
^ (s_td4[(t3 >> 16) & 0xff] & 0x00ff0000)
^ (s_td4[(t2 >> 8) & 0xff] & 0x0000ff00)
^ (s_td4[(t1 >> 0) & 0xff] & 0x000000ff)
^ ks[56];
out[1] = (te4[(t1 >> 24) & 0xff] & 0xff000000)
^ (te4[(t2 >> 16) & 0xff] & 0x00ff0000)
^ (te4[(t3 >> 8) & 0xff] & 0x0000ff00)
^ (te4[(t0 >> 0) & 0xff] & 0x000000ff)
out[1] = (s_td4[(t1 >> 24) & 0xff] & 0xff000000)
^ (s_td4[(t0 >> 16) & 0xff] & 0x00ff0000)
^ (s_td4[(t3 >> 8) & 0xff] & 0x0000ff00)
^ (s_td4[(t2 >> 0) & 0xff] & 0x000000ff)
^ ks[57];
out[2] = (te4[(t2 >> 24) & 0xff] & 0xff000000)
^ (te4[(t3 >> 16) & 0xff] & 0x00ff0000)
^ (te4[(t0 >> 8) & 0xff] & 0x0000ff00)
^ (te4[(t1 >> 0) & 0xff] & 0x000000ff)
out[2] = (s_td4[(t2 >> 24) & 0xff] & 0xff000000)
^ (s_td4[(t1 >> 16) & 0xff] & 0x00ff0000)
^ (s_td4[(t0 >> 8) & 0xff] & 0x0000ff00)
^ (s_td4[(t3 >> 0) & 0xff] & 0x000000ff)
^ ks[58];
out[3] = (te4[(t3 >> 24) & 0xff] & 0xff000000)
^ (te4[(t0 >> 16) & 0xff] & 0x00ff0000)
^ (te4[(t1 >> 8) & 0xff] & 0x0000ff00)
^ (te4[(t2 >> 0) & 0xff] & 0x000000ff)
out[3] = (s_td4[(t3 >> 24) & 0xff] & 0xff000000)
^ (s_td4[(t2 >> 16) & 0xff] & 0x00ff0000)
^ (s_td4[(t1 >> 8) & 0xff] & 0x0000ff00)
^ (s_td4[(t0 >> 0) & 0xff] & 0x000000ff)
^ ks[59];
out[0] = swap32 (out[0]);
out[1] = swap32 (out[1]);
out[2] = swap32 (out[2]);
out[3] = swap32 (out[3]);
out[0] = swap32_S (out[0]);
out[1] = swap32_S (out[1]);
out[2] = swap32_S (out[2]);
out[3] = swap32_S (out[3]);
}

224
OpenCL/inc_cipher_serpent256.cl → OpenCL/inc_cipher_serpent.cl
Unescape View File

@ -357,19 +357,19 @@
t16 = e ^ t14; \
g = t15 ^ t16
#define k_xor(r,a,b,c,d) \
#define k_xor(r,a,b,c,d) \
a ^= ks[4 * r + 8]; \
b ^= ks[4 * r + 9]; \
c ^= ks[4 * r + 10]; \
d ^= ks[4 * r + 11]
#define k_set(r,a,b,c,d) \
#define k_set(r,a,b,c,d) \
a = ks[4 * r + 8]; \
b = ks[4 * r + 9]; \
c = ks[4 * r + 10]; \
d = ks[4 * r + 11]
#define k_get(r,a,b,c,d) \
#define k_get(r,a,b,c,d) \
ks[4 * r + 8] = a; \
ks[4 * r + 9] = b; \
ks[4 * r + 10] = c; \
@ -377,29 +377,199 @@
/* the linear transformation and its inverse */
#define rot(a,b,c,d) \
a = rotl32(a, 13); \
c = rotl32(c, 3); \
d ^= c ^ (a << 3); \
b ^= a ^ c; \
d = rotl32(d, 7); \
b = rotl32(b, 1); \
a ^= b ^ d; \
c ^= d ^ (b << 7); \
a = rotl32(a, 5); \
c = rotl32(c, 22)
#define irot(a,b,c,d) \
c = rotr32(c, 22); \
a = rotr32(a, 5); \
c ^= d ^ (b << 7); \
a ^= b ^ d; \
d = rotr32(d, 7); \
b = rotr32(b, 1); \
d ^= c ^ (a << 3); \
b ^= a ^ c; \
c = rotr32(c, 3); \
a = rotr32(a, 13)
#define rot(a,b,c,d) \
a = rotl32_S(a, 13); \
c = rotl32_S(c, 3); \
d ^= c ^ (a << 3); \
b ^= a ^ c; \
d = rotl32_S(d, 7); \
b = rotl32_S(b, 1); \
a ^= b ^ d; \
c ^= d ^ (b << 7); \
a = rotl32_S(a, 5); \
c = rotl32_S(c, 22)
#define irot(a,b,c,d) \
c = rotr32_S(c, 22); \
a = rotr32_S(a, 5); \
c ^= d ^ (b << 7); \
a ^= b ^ d; \
d = rotr32_S(d, 7); \
b = rotr32_S(b, 1); \
d ^= c ^ (a << 3); \
b ^= a ^ c; \
c = rotr32_S(c, 3); \
a = rotr32_S(a, 13)
// 128 bit key
static void serpent128_set_key (u32 *ks, const u32 *ukey)
{
#ifdef _unroll
#pragma unroll
#endif
for (int i = 0; i < 4; i++)
{
ks[i] = ukey[i];
}
#ifdef _unroll
#pragma unroll
#endif
for (int i = 4; i < 8; i++)
{
ks[i] = 0;
}
ks[4] = 1;
#ifdef _unroll
#pragma unroll
#endif
for (int i = 0; i < 132; i++)
{
ks[i + 8] = rotl32_S (ks[i + 7] ^ ks[i + 5] ^ ks[i + 3] ^ ks[i + 0] ^ 0x9e3779b9 ^ i, 11);
}
u32 a,b,c,d,e,f,g,h;
u32 t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15,t16;
k_set( 0,a,b,c,d); sb3(a,b,c,d,e,f,g,h); k_get( 0,e,f,g,h);
k_set( 1,a,b,c,d); sb2(a,b,c,d,e,f,g,h); k_get( 1,e,f,g,h);
k_set( 2,a,b,c,d); sb1(a,b,c,d,e,f,g,h); k_get( 2,e,f,g,h);
k_set( 3,a,b,c,d); sb0(a,b,c,d,e,f,g,h); k_get( 3,e,f,g,h);
k_set( 4,a,b,c,d); sb7(a,b,c,d,e,f,g,h); k_get( 4,e,f,g,h);
k_set( 5,a,b,c,d); sb6(a,b,c,d,e,f,g,h); k_get( 5,e,f,g,h);
k_set( 6,a,b,c,d); sb5(a,b,c,d,e,f,g,h); k_get( 6,e,f,g,h);
k_set( 7,a,b,c,d); sb4(a,b,c,d,e,f,g,h); k_get( 7,e,f,g,h);
k_set( 8,a,b,c,d); sb3(a,b,c,d,e,f,g,h); k_get( 8,e,f,g,h);
k_set( 9,a,b,c,d); sb2(a,b,c,d,e,f,g,h); k_get( 9,e,f,g,h);
k_set(10,a,b,c,d); sb1(a,b,c,d,e,f,g,h); k_get(10,e,f,g,h);
k_set(11,a,b,c,d); sb0(a,b,c,d,e,f,g,h); k_get(11,e,f,g,h);
k_set(12,a,b,c,d); sb7(a,b,c,d,e,f,g,h); k_get(12,e,f,g,h);
k_set(13,a,b,c,d); sb6(a,b,c,d,e,f,g,h); k_get(13,e,f,g,h);
k_set(14,a,b,c,d); sb5(a,b,c,d,e,f,g,h); k_get(14,e,f,g,h);
k_set(15,a,b,c,d); sb4(a,b,c,d,e,f,g,h); k_get(15,e,f,g,h);
k_set(16,a,b,c,d); sb3(a,b,c,d,e,f,g,h); k_get(16,e,f,g,h);
k_set(17,a,b,c,d); sb2(a,b,c,d,e,f,g,h); k_get(17,e,f,g,h);
k_set(18,a,b,c,d); sb1(a,b,c,d,e,f,g,h); k_get(18,e,f,g,h);
k_set(19,a,b,c,d); sb0(a,b,c,d,e,f,g,h); k_get(19,e,f,g,h);
k_set(20,a,b,c,d); sb7(a,b,c,d,e,f,g,h); k_get(20,e,f,g,h);
k_set(21,a,b,c,d); sb6(a,b,c,d,e,f,g,h); k_get(21,e,f,g,h);
k_set(22,a,b,c,d); sb5(a,b,c,d,e,f,g,h); k_get(22,e,f,g,h);
k_set(23,a,b,c,d); sb4(a,b,c,d,e,f,g,h); k_get(23,e,f,g,h);
k_set(24,a,b,c,d); sb3(a,b,c,d,e,f,g,h); k_get(24,e,f,g,h);
k_set(25,a,b,c,d); sb2(a,b,c,d,e,f,g,h); k_get(25,e,f,g,h);
k_set(26,a,b,c,d); sb1(a,b,c,d,e,f,g,h); k_get(26,e,f,g,h);
k_set(27,a,b,c,d); sb0(a,b,c,d,e,f,g,h); k_get(27,e,f,g,h);
k_set(28,a,b,c,d); sb7(a,b,c,d,e,f,g,h); k_get(28,e,f,g,h);
k_set(29,a,b,c,d); sb6(a,b,c,d,e,f,g,h); k_get(29,e,f,g,h);
k_set(30,a,b,c,d); sb5(a,b,c,d,e,f,g,h); k_get(30,e,f,g,h);
k_set(31,a,b,c,d); sb4(a,b,c,d,e,f,g,h); k_get(31,e,f,g,h);
k_set(32,a,b,c,d); sb3(a,b,c,d,e,f,g,h); k_get(32,e,f,g,h);
}
static void serpent128_encrypt (const u32 *ks, const u32 *in, u32 *out)
{
u32 a,b,c,d,e,f,g,h;
u32 t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15,t16;
a = in[0];
b = in[1];
c = in[2];
d = in[3];
k_xor( 0,a,b,c,d); sb0(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor( 1,e,f,g,h); sb1(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor( 2,a,b,c,d); sb2(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor( 3,e,f,g,h); sb3(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor( 4,a,b,c,d); sb4(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor( 5,e,f,g,h); sb5(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor( 6,a,b,c,d); sb6(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor( 7,e,f,g,h); sb7(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor( 8,a,b,c,d); sb0(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor( 9,e,f,g,h); sb1(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(10,a,b,c,d); sb2(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(11,e,f,g,h); sb3(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(12,a,b,c,d); sb4(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(13,e,f,g,h); sb5(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(14,a,b,c,d); sb6(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(15,e,f,g,h); sb7(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(16,a,b,c,d); sb0(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(17,e,f,g,h); sb1(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(18,a,b,c,d); sb2(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(19,e,f,g,h); sb3(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(20,a,b,c,d); sb4(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(21,e,f,g,h); sb5(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(22,a,b,c,d); sb6(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(23,e,f,g,h); sb7(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(24,a,b,c,d); sb0(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(25,e,f,g,h); sb1(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(26,a,b,c,d); sb2(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(27,e,f,g,h); sb3(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(28,a,b,c,d); sb4(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(29,e,f,g,h); sb5(e,f,g,h,a,b,c,d); rot(a,b,c,d);
k_xor(30,a,b,c,d); sb6(a,b,c,d,e,f,g,h); rot(e,f,g,h);
k_xor(31,e,f,g,h); sb7(e,f,g,h,a,b,c,d);
k_xor(32,a,b,c,d);
out[0] = a;
out[1] = b;
out[2] = c;
out[3] = d;
}
static void serpent128_decrypt (const u32 *ks, const u32 *in, u32 *out)
{
u32 a,b,c,d,e,f,g,h;
u32 t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15,t16;
a = in[0];
b = in[1];
c = in[2];
d = in[3];
k_xor(32,a,b,c,d);
ib7(a,b,c,d,e,f,g,h); k_xor(31,e,f,g,h);
irot(e,f,g,h); ib6(e,f,g,h,a,b,c,d); k_xor(30,a,b,c,d);
irot(a,b,c,d); ib5(a,b,c,d,e,f,g,h); k_xor(29,e,f,g,h);
irot(e,f,g,h); ib4(e,f,g,h,a,b,c,d); k_xor(28,a,b,c,d);
irot(a,b,c,d); ib3(a,b,c,d,e,f,g,h); k_xor(27,e,f,g,h);
irot(e,f,g,h); ib2(e,f,g,h,a,b,c,d); k_xor(26,a,b,c,d);
irot(a,b,c,d); ib1(a,b,c,d,e,f,g,h); k_xor(25,e,f,g,h);
irot(e,f,g,h); ib0(e,f,g,h,a,b,c,d); k_xor(24,a,b,c,d);
irot(a,b,c,d); ib7(a,b,c,d,e,f,g,h); k_xor(23,e,f,g,h);
irot(e,f,g,h); ib6(e,f,g,h,a,b,c,d); k_xor(22,a,b,c,d);
irot(a,b,c,d); ib5(a,b,c,d,e,f,g,h); k_xor(21,e,f,g,h);
irot(e,f,g,h); ib4(e,f,g,h,a,b,c,d); k_xor(20,a,b,c,d);
irot(a,b,c,d); ib3(a,b,c,d,e,f,g,h); k_xor(19,e,f,g,h);
irot(e,f,g,h); ib2(e,f,g,h,a,b,c,d); k_xor(18,a,b,c,d);
irot(a,b,c,d); ib1(a,b,c,d,e,f,g,h); k_xor(17,e,f,g,h);
irot(e,f,g,h); ib0(e,f,g,h,a,b,c,d); k_xor(16,a,b,c,d);
irot(a,b,c,d); ib7(a,b,c,d,e,f,g,h); k_xor(15,e,f,g,h);
irot(e,f,g,h); ib6(e,f,g,h,a,b,c,d); k_xor(14,a,b,c,d);
irot(a,b,c,d); ib5(a,b,c,d,e,f,g,h); k_xor(13,e,f,g,h);
irot(e,f,g,h); ib4(e,f,g,h,a,b,c,d); k_xor(12,a,b,c,d);
irot(a,b,c,d); ib3(a,b,c,d,e,f,g,h); k_xor(11,e,f,g,h);
irot(e,f,g,h); ib2(e,f,g,h,a,b,c,d); k_xor(10,a,b,c,d);
irot(a,b,c,d); ib1(a,b,c,d,e,f,g,h); k_xor( 9,e,f,g,h);
irot(e,f,g,h); ib0(e,f,g,h,a,b,c,d); k_xor( 8,a,b,c,d);
irot(a,b,c,d); ib7(a,b,c,d,e,f,g,h); k_xor( 7,e,f,g,h);
irot(e,f,g,h); ib6(e,f,g,h,a,b,c,d); k_xor( 6,a,b,c,d);
irot(a,b,c,d); ib5(a,b,c,d,e,f,g,h); k_xor( 5,e,f,g,h);
irot(e,f,g,h); ib4(e,f,g,h,a,b,c,d); k_xor( 4,a,b,c,d);
irot(a,b,c,d); ib3(a,b,c,d,e,f,g,h); k_xor( 3,e,f,g,h);
irot(e,f,g,h); ib2(e,f,g,h,a,b,c,d); k_xor( 2,a,b,c,d);
irot(a,b,c,d); ib1(a,b,c,d,e,f,g,h); k_xor( 1,e,f,g,h);
irot(e,f,g,h); ib0(e,f,g,h,a,b,c,d); k_xor( 0,a,b,c,d);
out[0] = a;
out[1] = b;
out[2] = c;
out[3] = d;
}
// 256 bit key
static void serpent256_set_key (u32 *ks, const u32 *ukey)
{
@ -416,7 +586,7 @@ static void serpent256_set_key (u32 *ks, const u32 *ukey)
#endif
for (int i = 0; i < 132; i++)
{
ks[i + 8] = rotl32 (ks[i + 7] ^ ks[i + 5] ^ ks[i + 3] ^ ks[i + 0] ^ 0x9e3779b9 ^ i, 11);
ks[i + 8] = rotl32_S (ks[i + 7] ^ ks[i + 5] ^ ks[i + 3] ^ ks[i + 0] ^ 0x9e3779b9 ^ i, 11);
}
u32 a,b,c,d,e,f,g,h;

300
OpenCL/inc_cipher_twofish256.cl → OpenCL/inc_cipher_twofish.cl
Unescape View File

@ -256,7 +256,83 @@ __constant u32 m_tab[4][256] =
#define mds(n,x) m_tab[n][x]
static u32 h_fun (u32 *sk, u32 *lk, const u32 x, const u32 *key)
#define q20(x,k) q (0, q (0, x) ^ extract_byte (k[1], 0)) ^ extract_byte (k[0], 0)
#define q21(x,k) q (0, q (1, x) ^ extract_byte (k[1], 1)) ^ extract_byte (k[0], 1)
#define q22(x,k) q (1, q (0, x) ^ extract_byte (k[1], 2)) ^ extract_byte (k[0], 2)
#define q23(x,k) q (1, q (1, x) ^ extract_byte (k[1], 3)) ^ extract_byte (k[0], 3)
#define q40(x,k) q (0, q (0, q (1, q (1, x) ^ extract_byte (k[3], 0)) ^ extract_byte (k[2], 0)) ^ extract_byte (k[1], 0)) ^ extract_byte (k[0], 0)
#define q41(x,k) q (0, q (1, q (1, q (0, x) ^ extract_byte (k[3], 1)) ^ extract_byte (k[2], 1)) ^ extract_byte (k[1], 1)) ^ extract_byte (k[0], 1)
#define q42(x,k) q (1, q (0, q (0, q (0, x) ^ extract_byte (k[3], 2)) ^ extract_byte (k[2], 2)) ^ extract_byte (k[1], 2)) ^ extract_byte (k[0], 2)
#define q43(x,k) q (1, q (1, q (0, q (1, x) ^ extract_byte (k[3], 3)) ^ extract_byte (k[2], 3)) ^ extract_byte (k[1], 3)) ^ extract_byte (k[0], 3)
static u32 mds_rem (u32 p0, u32 p1)
{
#define G_MOD 0x14d
for (int i = 0; i < 8; i++)
{
u32 t = p1 >> 24;
p1 = (p1 << 8) | (p0 >> 24);
p0 <<= 8;
u32 u = (t << 1);
if (t & 0x80) u ^= G_MOD;
p1 ^= t ^ (u << 16);
u ^= (t >> 1);
if (t & 0x01) u ^= G_MOD >> 1;
p1 ^= (u << 24) | (u << 8);
}
return p1;
}
// 128 bit key
#define g1_fun128(x) \
(mds (0, q20 (extract_byte (x, 3), sk)) ^ \
mds (1, q21 (extract_byte (x, 0), sk)) ^ \
mds (2, q22 (extract_byte (x, 1), sk)) ^ \
mds (3, q23 (extract_byte (x, 2), sk)))
#define g0_fun128(x) \
(mds (0, q20 (extract_byte (x, 0), sk)) ^ \
mds (1, q21 (extract_byte (x, 1), sk)) ^ \
mds (2, q22 (extract_byte (x, 2), sk)) ^ \
mds (3, q23 (extract_byte (x, 3), sk)))
#define f_rnd128(i) \
{ \
u32 t0 = g0_fun128 (data[0]); \
u32 t1 = g1_fun128 (data[1]); \
data[2] = rotr32_S (data[2] ^ (t0 + t1 + lk[4 * (i) + 8]), 1); \
data[3] = rotl32_S (data[3], 1) ^ (t0 + 2 * t1 + lk[4 * (i) + 9]); \
u32 t2 = g0_fun128 (data[2]); \
u32 t3 = g1_fun128 (data[3]); \
data[0] = rotr32_S (data[0] ^ (t2 + t3 + lk[4 * (i) + 10]), 1); \
data[1] = rotl32_S (data[1], 1) ^ (t2 + 2 * t3 + lk[4 * (i) + 11]); \
}
#define i_rnd128(i) \
{ \
u32 t0 = g0_fun128 (data[0]); \
u32 t1 = g1_fun128 (data[1]); \
data[2] = rotl32_S (data[2], 1) ^ (t0 + t1 + lk[4 * (i) + 10]); \
data[3] = rotr32_S (data[3] ^ (t0 + 2 * t1 + lk[4 * (i) + 11]), 1); \
u32 t2 = g0_fun128 (data[2]); \
u32 t3 = g1_fun128 (data[3]); \
data[0] = rotl32_S (data[0], 1) ^ (t2 + t3 + lk[4 * (i) + 8]); \
data[1] = rotr32_S (data[1] ^ (t2 + 2 * t3 + lk[4 * (i) + 9]), 1); \
}
static u32 h_fun128 (u32 *sk, u32 *lk, const u32 x, const u32 *key)
{
u32 b0, b1, b2, b3;
@ -265,16 +341,6 @@ static u32 h_fun (u32 *sk, u32 *lk, const u32 x, const u32 *key)
b2 = extract_byte (x, 2);
b3 = extract_byte (x, 3);
b0 = q (1, b0) ^ extract_byte (key[3], 0);
b1 = q (0, b1) ^ extract_byte (key[3], 1);
b2 = q (0, b2) ^ extract_byte (key[3], 2);
b3 = q (1, b3) ^ extract_byte (key[3], 3);
b0 = q (1, b0) ^ extract_byte (key[2], 0);
b1 = q (1, b1) ^ extract_byte (key[2], 1);
b2 = q (0, b2) ^ extract_byte (key[2], 2);
b3 = q (0, b3) ^ extract_byte (key[2], 3);
b0 = q (0, (q (0, b0) ^ extract_byte (key[1], 0))) ^ extract_byte (key[0], 0);
b1 = q (0, (q (1, b1) ^ extract_byte (key[1], 1))) ^ extract_byte (key[0], 1);
b2 = q (1, (q (0, b2) ^ extract_byte (key[1], 2))) ^ extract_byte (key[0], 2);
@ -283,49 +349,147 @@ static u32 h_fun (u32 *sk, u32 *lk, const u32 x, const u32 *key)
return mds (0, b0) ^ mds (1, b1) ^ mds (2, b2) ^ mds (3, b3);
}
#define q40(x,k) q (0, q (0, q (1, q (1, x) ^ extract_byte (k[3], 0)) ^ extract_byte (k[2], 0)) ^ extract_byte (k[1], 0)) ^ extract_byte (k[0], 0)
#define q41(x,k) q (0, q (1, q (1, q (0, x) ^ extract_byte (k[3], 1)) ^ extract_byte (k[2], 1)) ^ extract_byte (k[1], 1)) ^ extract_byte (k[0], 1)
#define q42(x,k) q (1, q (0, q (0, q (0, x) ^ extract_byte (k[3], 2)) ^ extract_byte (k[2], 2)) ^ extract_byte (k[1], 2)) ^ extract_byte (k[0], 2)
#define q43(x,k) q (1, q (1, q (0, q (1, x) ^ extract_byte (k[3], 3)) ^ extract_byte (k[2], 3)) ^ extract_byte (k[1], 3)) ^ extract_byte (k[0], 3)
static void twofish128_set_key (u32 *sk, u32 *lk, const u32 *ukey)
{
u32 me_key[2];
me_key[0] = ukey[0];
me_key[1] = ukey[2];
#define g1_fun(x) \
u32 mo_key[2];
mo_key[0] = ukey[1];
mo_key[1] = ukey[3];
sk[1] = mds_rem (me_key[0], mo_key[0]);
sk[0] = mds_rem (me_key[1], mo_key[1]);
for (int i = 0; i < 40; i += 2)
{
u32 a = 0x01010101 * i;
u32 b = 0x01010101 + a;
a = h_fun128 (sk, lk, a, me_key);
b = h_fun128 (sk, lk, b, mo_key);
b = rotl32_S (b, 8);
lk[i + 0] = a + b;
lk[i + 1] = rotl32_S (a + 2 * b, 9);
}
}
static void twofish128_encrypt (const u32 *sk, const u32 *lk, const u32 *in, u32 *out)
{
u32 data[4];
data[0] = in[0] ^ lk[0];
data[1] = in[1] ^ lk[1];
data[2] = in[2] ^ lk[2];
data[3] = in[3] ^ lk[3];
f_rnd128 (0);
f_rnd128 (1);
f_rnd128 (2);
f_rnd128 (3);
f_rnd128 (4);
f_rnd128 (5);
f_rnd128 (6);
f_rnd128 (7);
out[0] = data[2] ^ lk[4];
out[1] = data[3] ^ lk[5];
out[2] = data[0] ^ lk[6];
out[3] = data[1] ^ lk[7];
}
static void twofish128_decrypt (const u32 *sk, const u32 *lk, const u32 *in, u32 *out)
{
u32 data[4];
data[0] = in[0] ^ lk[4];
data[1] = in[1] ^ lk[5];
data[2] = in[2] ^ lk[6];
data[3] = in[3] ^ lk[7];
i_rnd128 (7);
i_rnd128 (6);
i_rnd128 (5);
i_rnd128 (4);
i_rnd128 (3);
i_rnd128 (2);
i_rnd128 (1);
i_rnd128 (0);
out[0] = data[2] ^ lk[0];
out[1] = data[3] ^ lk[1];
out[2] = data[0] ^ lk[2];
out[3] = data[1] ^ lk[3];
}
// 256 bit key
#define g1_fun256(x) \
(mds (0, q40 (extract_byte (x, 3), sk)) ^ \
mds (1, q41 (extract_byte (x, 0), sk)) ^ \
mds (2, q42 (extract_byte (x, 1), sk)) ^ \
mds (3, q43 (extract_byte (x, 2), sk)))
#define g0_fun(x) \
#define g0_fun256(x) \
(mds (0, q40 (extract_byte (x, 0), sk)) ^ \
mds (1, q41 (extract_byte (x, 1), sk)) ^ \
mds (2, q42 (extract_byte (x, 2), sk)) ^ \
mds (3, q43 (extract_byte (x, 3), sk)))
static u32 mds_rem (u32 p0, u32 p1)
{
#define G_MOD 0x14d
for (int i = 0; i < 8; i++)
{
u32 t = p1 >> 24;
p1 = (p1 << 8) | (p0 >> 24);
p0 <<= 8;
#define f_rnd256(i) \
{ \
u32 t0 = g0_fun256 (data[0]); \
u32 t1 = g1_fun256 (data[1]); \
data[2] = rotr32_S (data[2] ^ (t0 + t1 + lk[4 * (i) + 8]), 1); \
data[3] = rotl32_S (data[3], 1) ^ (t0 + 2 * t1 + lk[4 * (i) + 9]); \
u32 t2 = g0_fun256 (data[2]); \
u32 t3 = g1_fun256 (data[3]); \
data[0] = rotr32_S (data[0] ^ (t2 + t3 + lk[4 * (i) + 10]), 1); \
data[1] = rotl32_S (data[1], 1) ^ (t2 + 2 * t3 + lk[4 * (i) + 11]); \
}
u32 u = (t << 1);
#define i_rnd256(i) \
{ \
u32 t0 = g0_fun256 (data[0]); \
u32 t1 = g1_fun256 (data[1]); \
data[2] = rotl32_S (data[2], 1) ^ (t0 + t1 + lk[4 * (i) + 10]); \
data[3] = rotr32_S (data[3] ^ (t0 + 2 * t1 + lk[4 * (i) + 11]), 1); \
u32 t2 = g0_fun256 (data[2]); \
u32 t3 = g1_fun256 (data[3]); \
data[0] = rotl32_S (data[0], 1) ^ (t2 + t3 + lk[4 * (i) + 8]); \
data[1] = rotr32_S (data[1] ^ (t2 + 2 * t3 + lk[4 * (i) + 9]), 1); \
}
if (t & 0x80) u ^= G_MOD;
static u32 h_fun256 (u32 *sk, u32 *lk, const u32 x, const u32 *key)
{
u32 b0, b1, b2, b3;
p1 ^= t ^ (u << 16);
b0 = extract_byte (x, 0);
b1 = extract_byte (x, 1);
b2 = extract_byte (x, 2);
b3 = extract_byte (x, 3);
u ^= (t >> 1);
b0 = q (1, b0) ^ extract_byte (key[3], 0);
b1 = q (0, b1) ^ extract_byte (key[3], 1);
b2 = q (0, b2) ^ extract_byte (key[3], 2);
b3 = q (1, b3) ^ extract_byte (key[3], 3);
if (t & 0x01) u ^= G_MOD >> 1;
b0 = q (1, b0) ^ extract_byte (key[2], 0);
b1 = q (1, b1) ^ extract_byte (key[2], 1);
b2 = q (0, b2) ^ extract_byte (key[2], 2);
b3 = q (0, b3) ^ extract_byte (key[2], 3);
p1 ^= (u << 24) | (u << 8);
}
b0 = q (0, (q (0, b0) ^ extract_byte (key[1], 0))) ^ extract_byte (key[0], 0);
b1 = q (0, (q (1, b1) ^ extract_byte (key[1], 1))) ^ extract_byte (key[0], 1);
b2 = q (1, (q (0, b2) ^ extract_byte (key[1], 2))) ^ extract_byte (key[0], 2);
b3 = q (1, (q (1, b3) ^ extract_byte (key[1], 3))) ^ extract_byte (key[0], 3);
return p1;
return mds (0, b0) ^ mds (1, b1) ^ mds (2, b2) ^ mds (3, b3);
}
static void twofish256_set_key (u32 *sk, u32 *lk, const u32 *ukey)
@ -354,28 +518,16 @@ static void twofish256_set_key (u32 *sk, u32 *lk, const u32 *ukey)
u32 a = 0x01010101 * i;
u32 b = 0x01010101 + a;
a = h_fun (sk, lk, a, me_key);
b = h_fun (sk, lk, b, mo_key);
a = h_fun256 (sk, lk, a, me_key);
b = h_fun256 (sk, lk, b, mo_key);
b = rotl32 (b, 8);
b = rotl32_S (b, 8);
lk[i + 0] = a + b;
lk[i + 1] = rotl32 (a + 2 * b, 9);
lk[i + 1] = rotl32_S (a + 2 * b, 9);
}
}
#define f_rnd(i) \
{ \
u32 t0 = g0_fun (data[0]); \
u32 t1 = g1_fun (data[1]); \
data[2] = rotr32 (data[2] ^ (t0 + t1 + lk[4 * (i) + 8]), 1); \
data[3] = rotl32 (data[3], 1) ^ (t0 + 2 * t1 + lk[4 * (i) + 9]); \
u32 t2 = g0_fun (data[2]); \
u32 t3 = g1_fun (data[3]); \
data[0] = rotr32 (data[0] ^ (t2 + t3 + lk[4 * (i) + 10]), 1); \
data[1] = rotl32 (data[1], 1) ^ (t2 + 2 * t3 + lk[4 * (i) + 11]); \
}
static void twofish256_encrypt (const u32 *sk, const u32 *lk, const u32 *in, u32 *out)
{
u32 data[4];
@ -385,14 +537,14 @@ static void twofish256_encrypt (const u32 *sk, const u32 *lk, const u32 *in, u32
data[2] = in[2] ^ lk[2];
data[3] = in[3] ^ lk[3];
f_rnd (0);
f_rnd (1);
f_rnd (2);
f_rnd (3);
f_rnd (4);
f_rnd (5);
f_rnd (6);
f_rnd (7);
f_rnd256 (0);
f_rnd256 (1);
f_rnd256 (2);
f_rnd256 (3);
f_rnd256 (4);
f_rnd256 (5);
f_rnd256 (6);
f_rnd256 (7);
out[0] = data[2] ^ lk[4];
out[1] = data[3] ^ lk[5];
@ -400,18 +552,6 @@ static void twofish256_encrypt (const u32 *sk, const u32 *lk, const u32 *in, u32
out[3] = data[1] ^ lk[7];
}
#define i_rnd(i) \
{ \
u32 t0 = g0_fun (data[0]); \
u32 t1 = g1_fun (data[1]); \
data[2] = rotl32 (data[2], 1) ^ (t0 + t1 + lk[4 * (i) + 10]); \
data[3] = rotr32 (data[3] ^ (t0 + 2 * t1 + lk[4 * (i) + 11]), 1); \
u32 t2 = g0_fun (data[2]); \
u32 t3 = g1_fun (data[3]); \
data[0] = rotl32 (data[0], 1) ^ (t2 + t3 + lk[4 * (i) + 8]); \
data[1] = rotr32 (data[1] ^ (t2 + 2 * t3 + lk[4 * (i) + 9]), 1); \
}
static void twofish256_decrypt (const u32 *sk, const u32 *lk, const u32 *in, u32 *out)
{
u32 data[4];
@ -421,14 +561,14 @@ static void twofish256_decrypt (const u32 *sk, const u32 *lk, const u32 *in, u32
data[2] = in[2] ^ lk[6];
data[3] = in[3] ^ lk[7];
i_rnd (7);
i_rnd (6);
i_rnd (5);
i_rnd (4);
i_rnd (3);
i_rnd (2);
i_rnd (1);
i_rnd (0);
i_rnd256 (7);
i_rnd256 (6);
i_rnd256 (5);
i_rnd256 (4);
i_rnd256 (3);
i_rnd256 (2);
i_rnd256 (1);
i_rnd256 (0);
out[0] = data[2] ^ lk[0];
out[1] = data[3] ^ lk[1];

37
OpenCL/inc_common.cl
Unescape View File

@ -87,6 +87,43 @@ inline void mark_hash (__global plain_t *plains_buf, __global u32 *d_result, con
plains_buf[idx].il_pos = il_pos;
}
inline int count_char (const u32 *buf, const int elems, const u32 c)
{
int r = 0;
for (int i = 0; i < elems; i++)
{
const u32 v = buf[i];
if (((v >> 0) & 0xff) == c) r++;
if (((v >> 8) & 0xff) == c) r++;
if (((v >> 16) & 0xff) == c) r++;
if (((v >> 24) & 0xff) == c) r++;
}
return r;
}
inline float get_entropy (const u32 *buf, const int elems)
{
const int length = elems * 4;
float entropy = 0.0;
for (u32 c = 0; c < 256; c++)
{
const int r = count_char (buf, elems, c);
if (r == 0) continue;
float w = (float) r / length;
entropy += -w * log2 (w);
}
return entropy;
}
/**
* vector functions
*/

20
OpenCL/inc_hash_functions.cl
Unescape View File

@ -366,6 +366,16 @@
#define RIPEMD160_Io(x,y,z) (RIPEMD160_I ((x), (y), (z)))
#endif
#define RIPEMD160_STEP_S(f,a,b,c,d,e,x,K,s) \
{ \
a += K; \
a += x; \
a += f (b, c, d); \
a = rotl32_S (a, s); \
a += e; \
c = rotl32_S (c, 10u); \
}
#define RIPEMD160_STEP(f,a,b,c,d,e,x,K,s) \
{ \
a += K; \
@ -378,6 +388,16 @@
#define ROTATE_LEFT_WORKAROUND_BUG(a,n) ((a << n) | (a >> (32 - n)))
#define RIPEMD160_STEP_S_WORKAROUND_BUG(f,a,b,c,d,e,x,K,s) \
{ \
a += K; \
a += x; \
a += f (b, c, d); \
a = ROTATE_LEFT_WORKAROUND_BUG (a, s); \
a += e; \
c = rotl32_S (c, 10u); \
}
#define RIPEMD160_STEP_WORKAROUND_BUG(f,a,b,c,d,e,x,K,s) \
{ \
a += K; \

3978
OpenCL/inc_luks_aes.cl
View File

File diff suppressed because it is too large Load Diff

1407
OpenCL/inc_luks_af.cl
View File

File diff suppressed because it is too large Load Diff

198
OpenCL/inc_luks_essiv.cl
Unescape View File

@ -0,0 +1,198 @@
__constant u32 ESSIV_k_sha256[64] =
{
SHA256C00, SHA256C01, SHA256C02, SHA256C03,
SHA256C04, SHA256C05, SHA256C06, SHA256C07,
SHA256C08, SHA256C09, SHA256C0a, SHA256C0b,
SHA256C0c, SHA256C0d, SHA256C0e, SHA256C0f,
SHA256C10, SHA256C11, SHA256C12, SHA256C13,
SHA256C14, SHA256C15, SHA256C16, SHA256C17,
SHA256C18, SHA256C19, SHA256C1a, SHA256C1b,
SHA256C1c, SHA256C1d, SHA256C1e, SHA256C1f,
SHA256C20, SHA256C21, SHA256C22, SHA256C23,
SHA256C24, SHA256C25, SHA256C26, SHA256C27,
SHA256C28, SHA256C29, SHA256C2a, SHA256C2b,
SHA256C2c, SHA256C2d, SHA256C2e, SHA256C2f,
SHA256C30, SHA256C31, SHA256C32, SHA256C33,
SHA256C34, SHA256C35, SHA256C36, SHA256C37,
SHA256C38, SHA256C39, SHA256C3a, SHA256C3b,
SHA256C3c, SHA256C3d, SHA256C3e, SHA256C3f,
};
// basically a normal sha256_transform() but with a different name to avoid collisions with function nameing
static void ESSIV_sha256_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[8])
{
u32 a = digest[0];
u32 b = digest[1];
u32 c = digest[2];
u32 d = digest[3];
u32 e = digest[4];
u32 f = digest[5];
u32 g = digest[6];
u32 h = digest[7];
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
#define ESSIV_ROUND_EXPAND_S() \
{ \
w0_t = SHA256_EXPAND_S (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA256_EXPAND_S (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA256_EXPAND_S (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA256_EXPAND_S (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA256_EXPAND_S (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA256_EXPAND_S (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA256_EXPAND_S (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA256_EXPAND_S (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA256_EXPAND_S (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA256_EXPAND_S (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA256_EXPAND_S (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA256_EXPAND_S (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA256_EXPAND_S (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA256_EXPAND_S (wb_t, w6_t, we_t, wd_t); \
we_t = SHA256_EXPAND_S (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA256_EXPAND_S (wd_t, w8_t, w0_t, wf_t); \
}
#define ESSIV_ROUND_STEP_S(i) \
{ \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, ESSIV_k_sha256[i + 0]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, ESSIV_k_sha256[i + 1]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, ESSIV_k_sha256[i + 2]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, ESSIV_k_sha256[i + 3]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, ESSIV_k_sha256[i + 4]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, ESSIV_k_sha256[i + 5]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, ESSIV_k_sha256[i + 6]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, ESSIV_k_sha256[i + 7]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, ESSIV_k_sha256[i + 8]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, ESSIV_k_sha256[i + 9]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, ESSIV_k_sha256[i + 10]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, ESSIV_k_sha256[i + 11]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, ESSIV_k_sha256[i + 12]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, ESSIV_k_sha256[i + 13]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, ESSIV_k_sha256[i + 14]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, ESSIV_k_sha256[i + 15]); \
}
ESSIV_ROUND_STEP_S (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 64; i += 16)
{
ESSIV_ROUND_EXPAND_S (); ESSIV_ROUND_STEP_S (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void ESSIV_sha256_init128 (u32 *key, u32 *essivhash)
{
essivhash[0] = SHA256M_A;
essivhash[1] = SHA256M_B;
essivhash[2] = SHA256M_C;
essivhash[3] = SHA256M_D;
essivhash[4] = SHA256M_E;
essivhash[5] = SHA256M_F;
essivhash[6] = SHA256M_G;
essivhash[7] = SHA256M_H;
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = swap32_S (key[0]);
w0[1] = swap32_S (key[1]);
w0[2] = swap32_S (key[2]);
w0[3] = swap32_S (key[3]);
w1[0] = 0x80000000;
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 16 * 8;
ESSIV_sha256_transform_S (w0, w1, w2, w3, essivhash);
essivhash[0] = swap32_S (essivhash[0]);
essivhash[1] = swap32_S (essivhash[1]);
essivhash[2] = swap32_S (essivhash[2]);
essivhash[3] = swap32_S (essivhash[3]);
essivhash[4] = swap32_S (essivhash[4]);
essivhash[5] = swap32_S (essivhash[5]);
essivhash[6] = swap32_S (essivhash[6]);
essivhash[7] = swap32_S (essivhash[7]);
}
static void ESSIV_sha256_init256 (u32 *key, u32 *essivhash)
{
essivhash[0] = SHA256M_A;
essivhash[1] = SHA256M_B;
essivhash[2] = SHA256M_C;
essivhash[3] = SHA256M_D;
essivhash[4] = SHA256M_E;
essivhash[5] = SHA256M_F;
essivhash[6] = SHA256M_G;
essivhash[7] = SHA256M_H;
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = swap32_S (key[0]);
w0[1] = swap32_S (key[1]);
w0[2] = swap32_S (key[2]);
w0[3] = swap32_S (key[3]);
w1[0] = swap32_S (key[4]);
w1[1] = swap32_S (key[5]);
w1[2] = swap32_S (key[6]);
w1[3] = swap32_S (key[7]);
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 32 * 8;
ESSIV_sha256_transform_S (w0, w1, w2, w3, essivhash);
essivhash[0] = swap32_S (essivhash[0]);
essivhash[1] = swap32_S (essivhash[1]);
essivhash[2] = swap32_S (essivhash[2]);
essivhash[3] = swap32_S (essivhash[3]);
essivhash[4] = swap32_S (essivhash[4]);
essivhash[5] = swap32_S (essivhash[5]);
essivhash[6] = swap32_S (essivhash[6]);
essivhash[7] = swap32_S (essivhash[7]);
}

3978
OpenCL/inc_luks_serpent.cl
View File

File diff suppressed because it is too large Load Diff

3978
OpenCL/inc_luks_twofish.cl
View File

File diff suppressed because it is too large Load Diff

11
OpenCL/inc_luks_xts.cl
Unescape View File

@ -0,0 +1,11 @@
static void xts_mul2 (u32 *in, u32 *out)
{
const u32 c = in[3] >> 31;
out[3] = (in[3] << 1) | (in[2] >> 31);
out[2] = (in[2] << 1) | (in[1] >> 31);
out[1] = (in[1] << 1) | (in[0] >> 31);
out[0] = (in[0] << 1);
out[0] ^= c * 0x87;
}

44
OpenCL/inc_truecrypt_xts.cl
Unescape View File

@ -10,23 +10,23 @@ static void xts_mul2 (u32 *in, u32 *out)
out[0] ^= c * 0x87;
}
static void aes256_decrypt_xts_first (const u32 *ukey1, const u32 *ukey2, const u32 *in, u32 *out, u32 *S, u32 *T, u32 *ks)
static void aes256_decrypt_xts_first (const u32 *ukey1, const u32 *ukey2, const u32 *in, u32 *out, u32 *S, u32 *T, u32 *ks, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
out[0] = in[0];
out[1] = in[1];
out[2] = in[2];
out[3] = in[3];
aes256_set_encrypt_key (ks, ukey2);
aes256_encrypt (ks, S, T);
aes256_set_encrypt_key (ks, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4);
aes256_encrypt (ks, S, T, s_te0, s_te1, s_te2, s_te3, s_te4);
out[0] ^= T[0];
out[1] ^= T[1];
out[2] ^= T[2];
out[3] ^= T[3];
aes256_set_decrypt_key (ks, ukey1);
aes256_decrypt (ks, out, out);
aes256_set_decrypt_key (ks, ukey1, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
aes256_decrypt (ks, out, out, s_td0, s_td1, s_td2, s_td3, s_td4);
out[0] ^= T[0];
out[1] ^= T[1];
@ -34,7 +34,7 @@ static void aes256_decrypt_xts_first (const u32 *ukey1, const u32 *ukey2, const
out[3] ^= T[3];
}
static void aes256_decrypt_xts_next (const u32 *in, u32 *out, u32 *T, u32 *ks)
static void aes256_decrypt_xts_next (const u32 *in, u32 *out, u32 *T, u32 *ks, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
out[0] = in[0];
out[1] = in[1];
@ -48,7 +48,7 @@ static void aes256_decrypt_xts_next (const u32 *in, u32 *out, u32 *T, u32 *ks)
out[2] ^= T[2];
out[3] ^= T[3];
aes256_decrypt (ks, out, out);
aes256_decrypt (ks, out, out, s_td0, s_td1, s_td2, s_td3, s_td4);
out[0] ^= T[0];
out[1] ^= T[1];
@ -150,7 +150,7 @@ static void twofish256_decrypt_xts_next (const u32 *in, u32 *out, u32 *T, u32 *s
// 512 bit
static int verify_header_aes (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2)
static int verify_header_aes (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
u32 ks_aes[60];
@ -167,7 +167,7 @@ static int verify_header_aes (__global tc_t *esalt_bufs, const u32 *ukey1, const
u32 tmp[4];
aes256_decrypt_xts_first (ukey1, ukey2, data, tmp, S, T_aes, ks_aes);
aes256_decrypt_xts_first (ukey1, ukey2, data, tmp, S, T_aes, ks_aes, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
const u32 signature = esalt_bufs[0].signature;
@ -193,7 +193,7 @@ static int verify_header_aes (__global tc_t *esalt_bufs, const u32 *ukey1, const
data[2] = esalt_bufs[0].data_buf[i + 2];
data[3] = esalt_bufs[0].data_buf[i + 3];
aes256_decrypt_xts_next (data, tmp, T_aes, ks_aes);
aes256_decrypt_xts_next (data, tmp, T_aes, ks_aes, s_td0, s_td1, s_td2, s_td3, s_td4);
crc32 = round_crc32_4 (tmp[0], crc32);
crc32 = round_crc32_4 (tmp[1], crc32);
@ -321,7 +321,7 @@ static int verify_header_twofish (__global tc_t *esalt_bufs, const u32 *ukey1, c
// 1024 bit
static int verify_header_aes_twofish (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2, const u32 *ukey3, const u32 *ukey4)
static int verify_header_aes_twofish (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2, const u32 *ukey3, const u32 *ukey4, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
u32 ks_aes[60];
@ -342,7 +342,7 @@ static int verify_header_aes_twofish (__global tc_t *esalt_bufs, const u32 *ukey
u32 tmp[4];
aes256_decrypt_xts_first (ukey2, ukey4, data, tmp, S, T_aes, ks_aes);
aes256_decrypt_xts_first (ukey2, ukey4, data, tmp, S, T_aes, ks_aes, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
twofish256_decrypt_xts_first (ukey1, ukey3, tmp, tmp, S, T_twofish, sk_twofish, lk_twofish);
const u32 signature = esalt_bufs[0].signature;
@ -370,7 +370,7 @@ static int verify_header_aes_twofish (__global tc_t *esalt_bufs, const u32 *ukey
data[2] = esalt_bufs[0].data_buf[i + 2];
data[3] = esalt_bufs[0].data_buf[i + 3];
aes256_decrypt_xts_next (data, tmp, T_aes, ks_aes);
aes256_decrypt_xts_next (data, tmp, T_aes, ks_aes, s_td0, s_td1, s_td2, s_td3, s_td4);
twofish256_decrypt_xts_next (tmp, tmp, T_twofish, sk_twofish, lk_twofish);
crc32 = round_crc32_4 (tmp[0], crc32);
@ -384,7 +384,7 @@ static int verify_header_aes_twofish (__global tc_t *esalt_bufs, const u32 *ukey
return 1;
}
static int verify_header_serpent_aes (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2, const u32 *ukey3, const u32 *ukey4)
static int verify_header_serpent_aes (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2, const u32 *ukey3, const u32 *ukey4, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
u32 ks_serpent[140];
u32 ks_aes[60];
@ -404,7 +404,7 @@ static int verify_header_serpent_aes (__global tc_t *esalt_bufs, const u32 *ukey
u32 tmp[4];
serpent256_decrypt_xts_first (ukey2, ukey4, data, tmp, S, T_serpent, ks_serpent);
aes256_decrypt_xts_first (ukey1, ukey3, tmp, tmp, S, T_aes, ks_aes);
aes256_decrypt_xts_first (ukey1, ukey3, tmp, tmp, S, T_aes, ks_aes, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
const u32 signature = esalt_bufs[0].signature;
@ -432,7 +432,7 @@ static int verify_header_serpent_aes (__global tc_t *esalt_bufs, const u32 *ukey
data[3] = esalt_bufs[0].data_buf[i + 3];
serpent256_decrypt_xts_next (data, tmp, T_serpent, ks_serpent);
aes256_decrypt_xts_next (tmp, tmp, T_aes, ks_aes);
aes256_decrypt_xts_next (tmp, tmp, T_aes, ks_aes, s_td0, s_td1, s_td2, s_td3, s_td4);
crc32 = round_crc32_4 (tmp[0], crc32);
crc32 = round_crc32_4 (tmp[1], crc32);
@ -510,7 +510,7 @@ static int verify_header_twofish_serpent (__global tc_t *esalt_bufs, const u32 *
// 1536 bit
static int verify_header_aes_twofish_serpent (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2, const u32 *ukey3, const u32 *ukey4, const u32 *ukey5, const u32 *ukey6)
static int verify_header_aes_twofish_serpent (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2, const u32 *ukey3, const u32 *ukey4, const u32 *ukey5, const u32 *ukey6, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
u32 ks_aes[60];
@ -534,7 +534,7 @@ static int verify_header_aes_twofish_serpent (__global tc_t *esalt_bufs, const u
u32 tmp[4];
aes256_decrypt_xts_first (ukey3, ukey6, data, tmp, S, T_aes, ks_aes);
aes256_decrypt_xts_first (ukey3, ukey6, data, tmp, S, T_aes, ks_aes, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
twofish256_decrypt_xts_first (ukey2, ukey5, tmp, tmp, S, T_twofish, sk_twofish, lk_twofish);
serpent256_decrypt_xts_first (ukey1, ukey4, tmp, tmp, S, T_serpent, ks_serpent);
@ -564,7 +564,7 @@ static int verify_header_aes_twofish_serpent (__global tc_t *esalt_bufs, const u
data[2] = esalt_bufs[0].data_buf[i + 2];
data[3] = esalt_bufs[0].data_buf[i + 3];
aes256_decrypt_xts_next (data, tmp, T_aes, ks_aes);
aes256_decrypt_xts_next (data, tmp, T_aes, ks_aes, s_td0, s_td1, s_td2, s_td3, s_td4);
twofish256_decrypt_xts_next (tmp, tmp, T_twofish, sk_twofish, lk_twofish);
serpent256_decrypt_xts_next (tmp, tmp, T_serpent, ks_serpent);
@ -579,7 +579,7 @@ static int verify_header_aes_twofish_serpent (__global tc_t *esalt_bufs, const u
return 1;
}
static int verify_header_serpent_twofish_aes (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2, const u32 *ukey3, const u32 *ukey4, const u32 *ukey5, const u32 *ukey6)
static int verify_header_serpent_twofish_aes (__global tc_t *esalt_bufs, const u32 *ukey1, const u32 *ukey2, const u32 *ukey3, const u32 *ukey4, const u32 *ukey5, const u32 *ukey6, SHM_TYPE u32 *s_te0, SHM_TYPE u32 *s_te1, SHM_TYPE u32 *s_te2, SHM_TYPE u32 *s_te3, SHM_TYPE u32 *s_te4, SHM_TYPE u32 *s_td0, SHM_TYPE u32 *s_td1, SHM_TYPE u32 *s_td2, SHM_TYPE u32 *s_td3, SHM_TYPE u32 *s_td4)
{
u32 ks_serpent[140];
@ -605,7 +605,7 @@ static int verify_header_serpent_twofish_aes (__global tc_t *esalt_bufs, const u
serpent256_decrypt_xts_first (ukey3, ukey6, data, tmp, S, T_serpent, ks_serpent);
twofish256_decrypt_xts_first (ukey2, ukey5, tmp, tmp, S, T_twofish, sk_twofish, lk_twofish);
aes256_decrypt_xts_first (ukey1, ukey4, tmp, tmp, S, T_aes, ks_aes);
aes256_decrypt_xts_first (ukey1, ukey4, tmp, tmp, S, T_aes, ks_aes, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
const u32 signature = esalt_bufs[0].signature;
@ -635,7 +635,7 @@ static int verify_header_serpent_twofish_aes (__global tc_t *esalt_bufs, const u
serpent256_decrypt_xts_next (data, tmp, T_serpent, ks_serpent);
twofish256_decrypt_xts_next (tmp, tmp, T_twofish, sk_twofish, lk_twofish);
aes256_decrypt_xts_next (tmp, tmp, T_aes, ks_aes);
aes256_decrypt_xts_next (tmp, tmp, T_aes, ks_aes, s_td0, s_td1, s_td2, s_td3, s_td4);
crc32 = round_crc32_4 (tmp[0], crc32);
crc32 = round_crc32_4 (tmp[1], crc32);

78
OpenCL/inc_types.cl
Unescape View File

@ -689,6 +689,84 @@ typedef struct
} salt_t;
#define LUKS_STRIPES 4000
typedef enum hc_luks_hash_type
{
HC_LUKS_HASH_TYPE_SHA1 = 1,
HC_LUKS_HASH_TYPE_SHA256 = 2,
HC_LUKS_HASH_TYPE_SHA512 = 3,
HC_LUKS_HASH_TYPE_RIPEMD160 = 4,
HC_LUKS_HASH_TYPE_WHIRLPOOL = 5,
} hc_luks_hash_type_t;
typedef enum hc_luks_key_size
{
HC_LUKS_KEY_SIZE_128 = 128,
HC_LUKS_KEY_SIZE_256 = 256,
HC_LUKS_KEY_SIZE_512 = 512,
} hc_luks_key_size_t;
typedef enum hc_luks_cipher_type
{
HC_LUKS_CIPHER_TYPE_AES = 1,
HC_LUKS_CIPHER_TYPE_SERPENT = 2,
HC_LUKS_CIPHER_TYPE_TWOFISH = 3,
} hc_luks_cipher_type_t;
typedef enum hc_luks_cipher_mode
{
HC_LUKS_CIPHER_MODE_CBC_ESSIV = 1,
HC_LUKS_CIPHER_MODE_CBC_PLAIN = 2,
HC_LUKS_CIPHER_MODE_XTS_PLAIN = 3,
} hc_luks_cipher_mode_t;
typedef struct luks
{
int hash_type; // hc_luks_hash_type_t
int key_size; // hc_luks_key_size_t
int cipher_type; // hc_luks_cipher_type_t
int cipher_mode; // hc_luks_cipher_mode_t
u32 ct_buf[128];
u32 af_src_buf[((HC_LUKS_KEY_SIZE_512 / 8) * LUKS_STRIPES) / 4];
} luks_t;
typedef struct luks_tmp
{
union
{
u32 ipad32[32];
u64 ipad64[16];
};
union
{
u32 opad32[32];
u64 opad64[16];
};
union
{
u32 dgst32[32];
u64 dgst64[16];
};
union
{
u32 out32[32];
u64 out64[16];
};
} luks_tmp_t;
typedef struct
{
int V;

6
OpenCL/inc_vendor.cl
Unescape View File

@ -19,6 +19,12 @@
#define IS_ACCEL
#endif
#if DEVICE_TYPE == DEVICE_TYPE_CPU
#elif DEVICE_TYPE == DEVICE_TYPE_GPU
#define REAL_SHM
#elif DEVICE_TYPE == DEVICE_TYPE_ACCEL
#endif
/**
* vendor specific
*/

62
OpenCL/m06211.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -611,12 +611,60 @@ __kernel void m06211_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m06211_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -642,7 +690,7 @@ __kernel void m06211_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = tmps[gid].out[14];
ukey2[7] = tmps[gid].out[15];
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

66
OpenCL/m06212.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -611,12 +611,60 @@ __kernel void m06212_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m06212_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -642,7 +690,7 @@ __kernel void m06212_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = tmps[gid].out[14];
ukey2[7] = tmps[gid].out[15];
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -679,12 +727,12 @@ __kernel void m06212_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey4[6] = tmps[gid].out[30];
ukey4[7] = tmps[gid].out[31];
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

70
OpenCL/m06213.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -611,12 +611,60 @@ __kernel void m06213_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m06213_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -642,7 +690,7 @@ __kernel void m06213_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = tmps[gid].out[14];
ukey2[7] = tmps[gid].out[15];
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -683,12 +731,12 @@ __kernel void m06213_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey4[6] = tmps[gid].out[30];
ukey4[7] = tmps[gid].out[31];
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -728,12 +776,12 @@ __kernel void m06213_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey6[6] = tmps[gid].out[46];
ukey6[7] = tmps[gid].out[47];
if (verify_header_aes_twofish_serpent (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6) == 1)
if (verify_header_aes_twofish_serpent (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_twofish_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6) == 1)
if (verify_header_serpent_twofish_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

62
OpenCL/m06221.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -519,12 +519,60 @@ __kernel void m06221_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m06221_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc64_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -550,7 +598,7 @@ __kernel void m06221_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = swap32 (h32_from_64 (tmps[gid].out[ 7]));
ukey2[7] = swap32 (l32_from_64 (tmps[gid].out[ 7]));
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

66
OpenCL/m06222.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -519,12 +519,60 @@ __kernel void m06222_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m06222_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc64_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -550,7 +598,7 @@ __kernel void m06222_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = swap32 (h32_from_64 (tmps[gid].out[ 7]));
ukey2[7] = swap32 (l32_from_64 (tmps[gid].out[ 7]));
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -587,12 +635,12 @@ __kernel void m06222_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey4[6] = swap32 (h32_from_64 (tmps[gid].out[15]));
ukey4[7] = swap32 (l32_from_64 (tmps[gid].out[15]));
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

123
OpenCL/m06223.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -260,11 +260,60 @@ static u32 u8add (const u32 a, const u32 b)
__kernel void m06223_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc64_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -519,12 +568,60 @@ __kernel void m06223_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m06223_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc64_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -550,7 +647,7 @@ __kernel void m06223_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = swap32 (h32_from_64 (tmps[gid].out[ 7]));
ukey2[7] = swap32 (l32_from_64 (tmps[gid].out[ 7]));
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -591,12 +688,12 @@ __kernel void m06223_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey4[6] = swap32 (h32_from_64 (tmps[gid].out[15]));
ukey4[7] = swap32 (l32_from_64 (tmps[gid].out[15]));
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -628,12 +725,12 @@ __kernel void m06223_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey6[6] = swap32 (h32_from_64 (tmps[gid].out[23]));
ukey6[7] = swap32 (l32_from_64 (tmps[gid].out[23]));
if (verify_header_aes_twofish_serpent (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6) == 1)
if (verify_header_aes_twofish_serpent (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_twofish_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6) == 1)
if (verify_header_serpent_twofish_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

62
OpenCL/m06231.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -2154,12 +2154,60 @@ __kernel void m06231_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m06231_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -2185,7 +2233,7 @@ __kernel void m06231_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = swap32 (tmps[gid].out[14]);
ukey2[7] = swap32 (tmps[gid].out[15]);
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

66
OpenCL/m06232.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -1923,12 +1923,60 @@ __kernel void m06232_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m06232_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -1954,7 +2002,7 @@ __kernel void m06232_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = swap32 (tmps[gid].out[14]);
ukey2[7] = swap32 (tmps[gid].out[15]);
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -1991,12 +2039,12 @@ __kernel void m06232_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey4[6] = swap32 (tmps[gid].out[30]);
ukey4[7] = swap32 (tmps[gid].out[31]);
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

70
OpenCL/m06233.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -1923,12 +1923,60 @@ __kernel void m06233_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m06233_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -1954,7 +2002,7 @@ __kernel void m06233_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = swap32 (tmps[gid].out[14]);
ukey2[7] = swap32 (tmps[gid].out[15]);
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -1995,12 +2043,12 @@ __kernel void m06233_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey4[6] = swap32 (tmps[gid].out[30]);
ukey4[7] = swap32 (tmps[gid].out[31]);
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -2040,12 +2088,12 @@ __kernel void m06233_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey6[6] = swap32 (tmps[gid].out[46]);
ukey6[7] = swap32 (tmps[gid].out[47]);
if (verify_header_aes_twofish_serpent (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6) == 1)
if (verify_header_aes_twofish_serpent (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_twofish_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6) == 1)
if (verify_header_serpent_twofish_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

62
OpenCL/m13751.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -582,12 +582,60 @@ __kernel void m13751_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m13751_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -613,7 +661,7 @@ __kernel void m13751_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = swap32 (tmps[gid].out[14]);
ukey2[7] = swap32 (tmps[gid].out[15]);
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

66
OpenCL/m13752.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -582,12 +582,60 @@ __kernel void m13752_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m13752_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -613,7 +661,7 @@ __kernel void m13752_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = swap32 (tmps[gid].out[14]);
ukey2[7] = swap32 (tmps[gid].out[15]);
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -650,12 +698,12 @@ __kernel void m13752_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey4[6] = swap32 (tmps[gid].out[30]);
ukey4[7] = swap32 (tmps[gid].out[31]);
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

70
OpenCL/m13753.cl
Unescape View File

@ -11,9 +11,9 @@
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_cipher_aes256.cl"
#include "inc_cipher_twofish256.cl"
#include "inc_cipher_serpent256.cl"
#include "inc_cipher_aes.cl"
#include "inc_cipher_twofish.cl"
#include "inc_cipher_serpent.cl"
#include "inc_truecrypt_crc32.cl"
#include "inc_truecrypt_xts.cl"
@ -582,12 +582,60 @@ __kernel void m13753_loop (__global pw_t *pws, __global const kernel_rule_t *rul
__kernel void m13753_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global tc_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global tc_t *esalt_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* base
* aes shared
*/
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
@ -613,7 +661,7 @@ __kernel void m13753_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey2[6] = swap32 (tmps[gid].out[14]);
ukey2[7] = swap32 (tmps[gid].out[15]);
if (verify_header_aes (esalt_bufs, ukey1, ukey2) == 1)
if (verify_header_aes (esalt_bufs, ukey1, ukey2, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -650,12 +698,12 @@ __kernel void m13753_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey4[6] = swap32 (tmps[gid].out[30]);
ukey4[7] = swap32 (tmps[gid].out[31]);
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_aes_twofish (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4) == 1)
if (verify_header_serpent_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
@ -687,12 +735,12 @@ __kernel void m13753_comp (__global pw_t *pws, __global const kernel_rule_t *rul
ukey6[6] = swap32 (tmps[gid].out[46]);
ukey6[7] = swap32 (tmps[gid].out[47]);
if (verify_header_aes_twofish_serpent (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6) == 1)
if (verify_header_aes_twofish_serpent (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
if (verify_header_serpent_twofish_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6) == 1)
if (verify_header_serpent_twofish_aes (esalt_bufs, ukey1, ukey2, ukey3, ukey4, ukey5, ukey6, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4) == 1)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}

706
OpenCL/m14611.cl
Unescape View File

@ -0,0 +1,706 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_aes.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_aes.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
static void sha1_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[5])
{
u32 A = digest[0];
u32 B = digest[1];
u32 C = digest[2];
u32 D = digest[3];
u32 E = digest[4];
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
#undef K
#define K SHA1C00
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, w0_t);
SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, w1_t);
SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, w2_t);
SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, w3_t);
SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, w4_t);
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, w5_t);
SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, w6_t);
SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, w7_t);
SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, w8_t);
SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, w9_t);
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, wa_t);
SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, wb_t);
SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, wc_t);
SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, wd_t);
SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, we_t);
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, w3_t);
#undef K
#define K SHA1C01
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w7_t);
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, wb_t);
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w3_t);
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w7_t);
#undef K
#define K SHA1C02
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, wb_t);
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, w3_t);
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, w7_t);
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, wb_t);
#undef K
#define K SHA1C03
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w3_t);
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w7_t);
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, wb_t);
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, wf_t);
digest[0] += A;
digest[1] += B;
digest[2] += C;
digest[3] += D;
digest[4] += E;
}
static void hmac_sha1_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5])
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = SHA1M_A;
ipad[1] = SHA1M_B;
ipad[2] = SHA1M_C;
ipad[3] = SHA1M_D;
ipad[4] = SHA1M_E;
sha1_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = SHA1M_A;
opad[1] = SHA1M_B;
opad[2] = SHA1M_C;
opad[3] = SHA1M_D;
opad[4] = SHA1M_E;
sha1_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_sha1_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5], u32 digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
sha1_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
sha1_transform_S (w0, w1, w2, w3, digest);
}
static void sha1_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[5])
{
u32x A = digest[0];
u32x B = digest[1];
u32x C = digest[2];
u32x D = digest[3];
u32x E = digest[4];
u32x w0_t = w0[0];
u32x w1_t = w0[1];
u32x w2_t = w0[2];
u32x w3_t = w0[3];
u32x w4_t = w1[0];
u32x w5_t = w1[1];
u32x w6_t = w1[2];
u32x w7_t = w1[3];
u32x w8_t = w2[0];
u32x w9_t = w2[1];
u32x wa_t = w2[2];
u32x wb_t = w2[3];
u32x wc_t = w3[0];
u32x wd_t = w3[1];
u32x we_t = w3[2];
u32x wf_t = w3[3];
#undef K
#define K SHA1C00
SHA1_STEP (SHA1_F0o, A, B, C, D, E, w0_t);
SHA1_STEP (SHA1_F0o, E, A, B, C, D, w1_t);
SHA1_STEP (SHA1_F0o, D, E, A, B, C, w2_t);
SHA1_STEP (SHA1_F0o, C, D, E, A, B, w3_t);
SHA1_STEP (SHA1_F0o, B, C, D, E, A, w4_t);
SHA1_STEP (SHA1_F0o, A, B, C, D, E, w5_t);
SHA1_STEP (SHA1_F0o, E, A, B, C, D, w6_t);
SHA1_STEP (SHA1_F0o, D, E, A, B, C, w7_t);
SHA1_STEP (SHA1_F0o, C, D, E, A, B, w8_t);
SHA1_STEP (SHA1_F0o, B, C, D, E, A, w9_t);
SHA1_STEP (SHA1_F0o, A, B, C, D, E, wa_t);
SHA1_STEP (SHA1_F0o, E, A, B, C, D, wb_t);
SHA1_STEP (SHA1_F0o, D, E, A, B, C, wc_t);
SHA1_STEP (SHA1_F0o, C, D, E, A, B, wd_t);
SHA1_STEP (SHA1_F0o, B, C, D, E, A, we_t);
SHA1_STEP (SHA1_F0o, A, B, C, D, E, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F0o, E, A, B, C, D, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F0o, D, E, A, B, C, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F0o, C, D, E, A, B, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F0o, B, C, D, E, A, w3_t);
#undef K
#define K SHA1C01
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w7_t);
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wb_t);
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w3_t);
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w7_t);
#undef K
#define K SHA1C02
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wb_t);
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w3_t);
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w7_t);
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wb_t);
#undef K
#define K SHA1C03
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w3_t);
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w7_t);
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wb_t);
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wf_t);
digest[0] += A;
digest[1] += B;
digest[2] += C;
digest[3] += D;
digest[4] += E;
}
static void hmac_sha1_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[5], u32x opad[5], u32x digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
sha1_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
sha1_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14611_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
u32 w2[4];
w2[0] = pws[gid].i[ 8];
w2[1] = pws[gid].i[ 9];
w2[2] = pws[gid].i[10];
w2[3] = pws[gid].i[11];
u32 w3[4];
w3[0] = pws[gid].i[12];
w3[1] = pws[gid].i[13];
w3[2] = pws[gid].i[14];
w3[3] = pws[gid].i[15];
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u32 salt_buf0[4];
u32 salt_buf1[4];
salt_buf0[0] = swap32_S (salt_bufs[salt_pos].salt_buf[0]);
salt_buf0[1] = swap32_S (salt_bufs[salt_pos].salt_buf[1]);
salt_buf0[2] = swap32_S (salt_bufs[salt_pos].salt_buf[2]);
salt_buf0[3] = swap32_S (salt_bufs[salt_pos].salt_buf[3]);
salt_buf1[0] = swap32_S (salt_bufs[salt_pos].salt_buf[4]);
salt_buf1[1] = swap32_S (salt_bufs[salt_pos].salt_buf[5]);
salt_buf1[2] = swap32_S (salt_bufs[salt_pos].salt_buf[6]);
salt_buf1[3] = swap32_S (salt_bufs[salt_pos].salt_buf[7]);
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
w0[0] = swap32_S (w0[0]);
w0[1] = swap32_S (w0[1]);
w0[2] = swap32_S (w0[2]);
w0[3] = swap32_S (w0[3]);
w1[0] = swap32_S (w1[0]);
w1[1] = swap32_S (w1[1]);
w1[2] = swap32_S (w1[2]);
w1[3] = swap32_S (w1[3]);
w2[0] = swap32_S (w2[0]);
w2[1] = swap32_S (w2[1]);
w2[2] = swap32_S (w2[2]);
w2[3] = swap32_S (w2[3]);
w3[0] = swap32_S (w3[0]);
w3[1] = swap32_S (w3[1]);
w3[2] = swap32_S (w3[2]);
w3[3] = swap32_S (w3[3]);
u32 ipad[5];
u32 opad[5];
hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad32[0] = ipad[0];
tmps[gid].ipad32[1] = ipad[1];
tmps[gid].ipad32[2] = ipad[2];
tmps[gid].ipad32[3] = ipad[3];
tmps[gid].ipad32[4] = ipad[4];
tmps[gid].opad32[0] = opad[0];
tmps[gid].opad32[1] = opad[1];
tmps[gid].opad32[2] = opad[2];
tmps[gid].opad32[3] = opad[3];
tmps[gid].opad32[4] = opad[4];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 5, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = salt_buf1[0];
w1[1] = salt_buf1[1];
w1[2] = salt_buf1[2];
w1[3] = salt_buf1[3];
w2[0] = j;
w2[1] = 0x80000000;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + salt_len + 4) * 8;
u32 dgst[5];
hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst32[i + 0] = dgst[0];
tmps[gid].dgst32[i + 1] = dgst[1];
tmps[gid].dgst32[i + 2] = dgst[2];
tmps[gid].dgst32[i + 3] = dgst[3];
tmps[gid].dgst32[i + 4] = dgst[4];
tmps[gid].out32[i + 0] = dgst[0];
tmps[gid].out32[i + 1] = dgst[1];
tmps[gid].out32[i + 2] = dgst[2];
tmps[gid].out32[i + 3] = dgst[3];
tmps[gid].out32[i + 4] = dgst[4];
}
}
__kernel void m14611_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[5];
u32x opad[5];
ipad[0] = packv (tmps, ipad32, gid, 0);
ipad[1] = packv (tmps, ipad32, gid, 1);
ipad[2] = packv (tmps, ipad32, gid, 2);
ipad[3] = packv (tmps, ipad32, gid, 3);
ipad[4] = packv (tmps, ipad32, gid, 4);
opad[0] = packv (tmps, opad32, gid, 0);
opad[1] = packv (tmps, opad32, gid, 1);
opad[2] = packv (tmps, opad32, gid, 2);
opad[3] = packv (tmps, opad32, gid, 3);
opad[4] = packv (tmps, opad32, gid, 4);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 5)
{
u32x dgst[5];
u32x out[5];
dgst[0] = packv (tmps, dgst32, gid, i + 0);
dgst[1] = packv (tmps, dgst32, gid, i + 1);
dgst[2] = packv (tmps, dgst32, gid, i + 2);
dgst[3] = packv (tmps, dgst32, gid, i + 3);
dgst[4] = packv (tmps, dgst32, gid, i + 4);
out[0] = packv (tmps, out32, gid, i + 0);
out[1] = packv (tmps, out32, gid, i + 1);
out[2] = packv (tmps, out32, gid, i + 2);
out[3] = packv (tmps, out32, gid, i + 3);
out[4] = packv (tmps, out32, gid, i + 4);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
hmac_sha1_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
}
unpackv (tmps, dgst32, gid, i + 0, dgst[0]);
unpackv (tmps, dgst32, gid, i + 1, dgst[1]);
unpackv (tmps, dgst32, gid, i + 2, dgst[2]);
unpackv (tmps, dgst32, gid, i + 3, dgst[3]);
unpackv (tmps, dgst32, gid, i + 4, dgst[4]);
unpackv (tmps, out32, gid, i + 0, out[0]);
unpackv (tmps, out32, gid, i + 1, out[1]);
unpackv (tmps, out32, gid, i + 2, out[2]);
unpackv (tmps, out32, gid, i + 3, out[3]);
unpackv (tmps, out32, gid, i + 4, out[4]);
}
}
__kernel void m14611_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* aes shared
*/
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_sha1_then_aes_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

653
OpenCL/m14612.cl
Unescape View File

@ -0,0 +1,653 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_serpent.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_serpent.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
static void sha1_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[5])
{
u32 A = digest[0];
u32 B = digest[1];
u32 C = digest[2];
u32 D = digest[3];
u32 E = digest[4];
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
#undef K
#define K SHA1C00
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, w0_t);
SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, w1_t);
SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, w2_t);
SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, w3_t);
SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, w4_t);
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, w5_t);
SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, w6_t);
SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, w7_t);
SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, w8_t);
SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, w9_t);
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, wa_t);
SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, wb_t);
SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, wc_t);
SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, wd_t);
SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, we_t);
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, w3_t);
#undef K
#define K SHA1C01
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w7_t);
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, wb_t);
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w3_t);
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w7_t);
#undef K
#define K SHA1C02
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, wb_t);
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, w3_t);
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, w7_t);
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, wb_t);
#undef K
#define K SHA1C03
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w3_t);
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w7_t);
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, wb_t);
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, wf_t);
digest[0] += A;
digest[1] += B;
digest[2] += C;
digest[3] += D;
digest[4] += E;
}
static void hmac_sha1_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5])
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = SHA1M_A;
ipad[1] = SHA1M_B;
ipad[2] = SHA1M_C;
ipad[3] = SHA1M_D;
ipad[4] = SHA1M_E;
sha1_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = SHA1M_A;
opad[1] = SHA1M_B;
opad[2] = SHA1M_C;
opad[3] = SHA1M_D;
opad[4] = SHA1M_E;
sha1_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_sha1_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5], u32 digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
sha1_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
sha1_transform_S (w0, w1, w2, w3, digest);
}
static void sha1_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[5])
{
u32x A = digest[0];
u32x B = digest[1];
u32x C = digest[2];
u32x D = digest[3];
u32x E = digest[4];
u32x w0_t = w0[0];
u32x w1_t = w0[1];
u32x w2_t = w0[2];
u32x w3_t = w0[3];
u32x w4_t = w1[0];
u32x w5_t = w1[1];
u32x w6_t = w1[2];
u32x w7_t = w1[3];
u32x w8_t = w2[0];
u32x w9_t = w2[1];
u32x wa_t = w2[2];
u32x wb_t = w2[3];
u32x wc_t = w3[0];
u32x wd_t = w3[1];
u32x we_t = w3[2];
u32x wf_t = w3[3];
#undef K
#define K SHA1C00
SHA1_STEP (SHA1_F0o, A, B, C, D, E, w0_t);
SHA1_STEP (SHA1_F0o, E, A, B, C, D, w1_t);
SHA1_STEP (SHA1_F0o, D, E, A, B, C, w2_t);
SHA1_STEP (SHA1_F0o, C, D, E, A, B, w3_t);
SHA1_STEP (SHA1_F0o, B, C, D, E, A, w4_t);
SHA1_STEP (SHA1_F0o, A, B, C, D, E, w5_t);
SHA1_STEP (SHA1_F0o, E, A, B, C, D, w6_t);
SHA1_STEP (SHA1_F0o, D, E, A, B, C, w7_t);
SHA1_STEP (SHA1_F0o, C, D, E, A, B, w8_t);
SHA1_STEP (SHA1_F0o, B, C, D, E, A, w9_t);
SHA1_STEP (SHA1_F0o, A, B, C, D, E, wa_t);
SHA1_STEP (SHA1_F0o, E, A, B, C, D, wb_t);
SHA1_STEP (SHA1_F0o, D, E, A, B, C, wc_t);
SHA1_STEP (SHA1_F0o, C, D, E, A, B, wd_t);
SHA1_STEP (SHA1_F0o, B, C, D, E, A, we_t);
SHA1_STEP (SHA1_F0o, A, B, C, D, E, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F0o, E, A, B, C, D, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F0o, D, E, A, B, C, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F0o, C, D, E, A, B, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F0o, B, C, D, E, A, w3_t);
#undef K
#define K SHA1C01
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w7_t);
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wb_t);
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w3_t);
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w7_t);
#undef K
#define K SHA1C02
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wb_t);
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w3_t);
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w7_t);
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wb_t);
#undef K
#define K SHA1C03
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w3_t);
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w7_t);
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wb_t);
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wf_t);
digest[0] += A;
digest[1] += B;
digest[2] += C;
digest[3] += D;
digest[4] += E;
}
static void hmac_sha1_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[5], u32x opad[5], u32x digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
sha1_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
sha1_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14612_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
u32 w2[4];
w2[0] = pws[gid].i[ 8];
w2[1] = pws[gid].i[ 9];
w2[2] = pws[gid].i[10];
w2[3] = pws[gid].i[11];
u32 w3[4];
w3[0] = pws[gid].i[12];
w3[1] = pws[gid].i[13];
w3[2] = pws[gid].i[14];
w3[3] = pws[gid].i[15];
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u32 salt_buf0[4];
u32 salt_buf1[4];
salt_buf0[0] = swap32_S (salt_bufs[salt_pos].salt_buf[0]);
salt_buf0[1] = swap32_S (salt_bufs[salt_pos].salt_buf[1]);
salt_buf0[2] = swap32_S (salt_bufs[salt_pos].salt_buf[2]);
salt_buf0[3] = swap32_S (salt_bufs[salt_pos].salt_buf[3]);
salt_buf1[0] = swap32_S (salt_bufs[salt_pos].salt_buf[4]);
salt_buf1[1] = swap32_S (salt_bufs[salt_pos].salt_buf[5]);
salt_buf1[2] = swap32_S (salt_bufs[salt_pos].salt_buf[6]);
salt_buf1[3] = swap32_S (salt_bufs[salt_pos].salt_buf[7]);
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
w0[0] = swap32_S (w0[0]);
w0[1] = swap32_S (w0[1]);
w0[2] = swap32_S (w0[2]);
w0[3] = swap32_S (w0[3]);
w1[0] = swap32_S (w1[0]);
w1[1] = swap32_S (w1[1]);
w1[2] = swap32_S (w1[2]);
w1[3] = swap32_S (w1[3]);
w2[0] = swap32_S (w2[0]);
w2[1] = swap32_S (w2[1]);
w2[2] = swap32_S (w2[2]);
w2[3] = swap32_S (w2[3]);
w3[0] = swap32_S (w3[0]);
w3[1] = swap32_S (w3[1]);
w3[2] = swap32_S (w3[2]);
w3[3] = swap32_S (w3[3]);
u32 ipad[5];
u32 opad[5];
hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad32[0] = ipad[0];
tmps[gid].ipad32[1] = ipad[1];
tmps[gid].ipad32[2] = ipad[2];
tmps[gid].ipad32[3] = ipad[3];
tmps[gid].ipad32[4] = ipad[4];
tmps[gid].opad32[0] = opad[0];
tmps[gid].opad32[1] = opad[1];
tmps[gid].opad32[2] = opad[2];
tmps[gid].opad32[3] = opad[3];
tmps[gid].opad32[4] = opad[4];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 5, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = salt_buf1[0];
w1[1] = salt_buf1[1];
w1[2] = salt_buf1[2];
w1[3] = salt_buf1[3];
w2[0] = j;
w2[1] = 0x80000000;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + salt_len + 4) * 8;
u32 dgst[5];
hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst32[i + 0] = dgst[0];
tmps[gid].dgst32[i + 1] = dgst[1];
tmps[gid].dgst32[i + 2] = dgst[2];
tmps[gid].dgst32[i + 3] = dgst[3];
tmps[gid].dgst32[i + 4] = dgst[4];
tmps[gid].out32[i + 0] = dgst[0];
tmps[gid].out32[i + 1] = dgst[1];
tmps[gid].out32[i + 2] = dgst[2];
tmps[gid].out32[i + 3] = dgst[3];
tmps[gid].out32[i + 4] = dgst[4];
}
}
__kernel void m14612_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[5];
u32x opad[5];
ipad[0] = packv (tmps, ipad32, gid, 0);
ipad[1] = packv (tmps, ipad32, gid, 1);
ipad[2] = packv (tmps, ipad32, gid, 2);
ipad[3] = packv (tmps, ipad32, gid, 3);
ipad[4] = packv (tmps, ipad32, gid, 4);
opad[0] = packv (tmps, opad32, gid, 0);
opad[1] = packv (tmps, opad32, gid, 1);
opad[2] = packv (tmps, opad32, gid, 2);
opad[3] = packv (tmps, opad32, gid, 3);
opad[4] = packv (tmps, opad32, gid, 4);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 5)
{
u32x dgst[5];
u32x out[5];
dgst[0] = packv (tmps, dgst32, gid, i + 0);
dgst[1] = packv (tmps, dgst32, gid, i + 1);
dgst[2] = packv (tmps, dgst32, gid, i + 2);
dgst[3] = packv (tmps, dgst32, gid, i + 3);
dgst[4] = packv (tmps, dgst32, gid, i + 4);
out[0] = packv (tmps, out32, gid, i + 0);
out[1] = packv (tmps, out32, gid, i + 1);
out[2] = packv (tmps, out32, gid, i + 2);
out[3] = packv (tmps, out32, gid, i + 3);
out[4] = packv (tmps, out32, gid, i + 4);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
hmac_sha1_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
}
unpackv (tmps, dgst32, gid, i + 0, dgst[0]);
unpackv (tmps, dgst32, gid, i + 1, dgst[1]);
unpackv (tmps, dgst32, gid, i + 2, dgst[2]);
unpackv (tmps, dgst32, gid, i + 3, dgst[3]);
unpackv (tmps, dgst32, gid, i + 4, dgst[4]);
unpackv (tmps, out32, gid, i + 0, out[0]);
unpackv (tmps, out32, gid, i + 1, out[1]);
unpackv (tmps, out32, gid, i + 2, out[2]);
unpackv (tmps, out32, gid, i + 3, out[3]);
unpackv (tmps, out32, gid, i + 4, out[4]);
}
}
__kernel void m14612_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_sha1_then_serpent_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

653
OpenCL/m14613.cl
Unescape View File

@ -0,0 +1,653 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_twofish.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_twofish.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
static void sha1_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[5])
{
u32 A = digest[0];
u32 B = digest[1];
u32 C = digest[2];
u32 D = digest[3];
u32 E = digest[4];
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
#undef K
#define K SHA1C00
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, w0_t);
SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, w1_t);
SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, w2_t);
SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, w3_t);
SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, w4_t);
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, w5_t);
SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, w6_t);
SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, w7_t);
SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, w8_t);
SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, w9_t);
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, wa_t);
SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, wb_t);
SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, wc_t);
SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, wd_t);
SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, we_t);
SHA1_STEP_S (SHA1_F0o, A, B, C, D, E, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F0o, E, A, B, C, D, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F0o, D, E, A, B, C, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F0o, C, D, E, A, B, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F0o, B, C, D, E, A, w3_t);
#undef K
#define K SHA1C01
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w7_t);
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, wb_t);
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w3_t);
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w7_t);
#undef K
#define K SHA1C02
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, wb_t);
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, w3_t);
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F2o, A, B, C, D, E, w7_t);
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, E, A, B, C, D, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, D, E, A, B, C, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, C, D, E, A, B, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, B, C, D, E, A, wb_t);
#undef K
#define K SHA1C03
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, wf_t);
w0_t = rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w0_t);
w1_t = rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w1_t);
w2_t = rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w2_t);
w3_t = rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w3_t);
w4_t = rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w4_t);
w5_t = rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, w5_t);
w6_t = rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, w6_t);
w7_t = rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, w7_t);
w8_t = rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, w8_t);
w9_t = rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, w9_t);
wa_t = rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, wa_t);
wb_t = rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, A, B, C, D, E, wb_t);
wc_t = rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, E, A, B, C, D, wc_t);
wd_t = rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, D, E, A, B, C, wd_t);
we_t = rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, C, D, E, A, B, we_t);
wf_t = rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, B, C, D, E, A, wf_t);
digest[0] += A;
digest[1] += B;
digest[2] += C;
digest[3] += D;
digest[4] += E;
}
static void hmac_sha1_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5])
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = SHA1M_A;
ipad[1] = SHA1M_B;
ipad[2] = SHA1M_C;
ipad[3] = SHA1M_D;
ipad[4] = SHA1M_E;
sha1_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = SHA1M_A;
opad[1] = SHA1M_B;
opad[2] = SHA1M_C;
opad[3] = SHA1M_D;
opad[4] = SHA1M_E;
sha1_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_sha1_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5], u32 digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
sha1_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
sha1_transform_S (w0, w1, w2, w3, digest);
}
static void sha1_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[5])
{
u32x A = digest[0];
u32x B = digest[1];
u32x C = digest[2];
u32x D = digest[3];
u32x E = digest[4];
u32x w0_t = w0[0];
u32x w1_t = w0[1];
u32x w2_t = w0[2];
u32x w3_t = w0[3];
u32x w4_t = w1[0];
u32x w5_t = w1[1];
u32x w6_t = w1[2];
u32x w7_t = w1[3];
u32x w8_t = w2[0];
u32x w9_t = w2[1];
u32x wa_t = w2[2];
u32x wb_t = w2[3];
u32x wc_t = w3[0];
u32x wd_t = w3[1];
u32x we_t = w3[2];
u32x wf_t = w3[3];
#undef K
#define K SHA1C00
SHA1_STEP (SHA1_F0o, A, B, C, D, E, w0_t);
SHA1_STEP (SHA1_F0o, E, A, B, C, D, w1_t);
SHA1_STEP (SHA1_F0o, D, E, A, B, C, w2_t);
SHA1_STEP (SHA1_F0o, C, D, E, A, B, w3_t);
SHA1_STEP (SHA1_F0o, B, C, D, E, A, w4_t);
SHA1_STEP (SHA1_F0o, A, B, C, D, E, w5_t);
SHA1_STEP (SHA1_F0o, E, A, B, C, D, w6_t);
SHA1_STEP (SHA1_F0o, D, E, A, B, C, w7_t);
SHA1_STEP (SHA1_F0o, C, D, E, A, B, w8_t);
SHA1_STEP (SHA1_F0o, B, C, D, E, A, w9_t);
SHA1_STEP (SHA1_F0o, A, B, C, D, E, wa_t);
SHA1_STEP (SHA1_F0o, E, A, B, C, D, wb_t);
SHA1_STEP (SHA1_F0o, D, E, A, B, C, wc_t);
SHA1_STEP (SHA1_F0o, C, D, E, A, B, wd_t);
SHA1_STEP (SHA1_F0o, B, C, D, E, A, we_t);
SHA1_STEP (SHA1_F0o, A, B, C, D, E, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F0o, E, A, B, C, D, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F0o, D, E, A, B, C, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F0o, C, D, E, A, B, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F0o, B, C, D, E, A, w3_t);
#undef K
#define K SHA1C01
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w7_t);
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wb_t);
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w3_t);
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w7_t);
#undef K
#define K SHA1C02
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wb_t);
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w3_t);
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F2o, A, B, C, D, E, w7_t);
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F2o, E, A, B, C, D, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F2o, D, E, A, B, C, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F2o, C, D, E, A, B, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F2o, B, C, D, E, A, wb_t);
#undef K
#define K SHA1C03
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, wf_t);
w0_t = rotl32 ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w0_t);
w1_t = rotl32 ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w1_t);
w2_t = rotl32 ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w2_t);
w3_t = rotl32 ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w3_t);
w4_t = rotl32 ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w4_t);
w5_t = rotl32 ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, w5_t);
w6_t = rotl32 ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, w6_t);
w7_t = rotl32 ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, w7_t);
w8_t = rotl32 ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, w8_t);
w9_t = rotl32 ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, w9_t);
wa_t = rotl32 ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wa_t);
wb_t = rotl32 ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP (SHA1_F1, A, B, C, D, E, wb_t);
wc_t = rotl32 ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP (SHA1_F1, E, A, B, C, D, wc_t);
wd_t = rotl32 ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP (SHA1_F1, D, E, A, B, C, wd_t);
we_t = rotl32 ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP (SHA1_F1, C, D, E, A, B, we_t);
wf_t = rotl32 ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP (SHA1_F1, B, C, D, E, A, wf_t);
digest[0] += A;
digest[1] += B;
digest[2] += C;
digest[3] += D;
digest[4] += E;
}
static void hmac_sha1_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[5], u32x opad[5], u32x digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
sha1_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
sha1_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14613_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
u32 w2[4];
w2[0] = pws[gid].i[ 8];
w2[1] = pws[gid].i[ 9];
w2[2] = pws[gid].i[10];
w2[3] = pws[gid].i[11];
u32 w3[4];
w3[0] = pws[gid].i[12];
w3[1] = pws[gid].i[13];
w3[2] = pws[gid].i[14];
w3[3] = pws[gid].i[15];
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u32 salt_buf0[4];
u32 salt_buf1[4];
salt_buf0[0] = swap32_S (salt_bufs[salt_pos].salt_buf[0]);
salt_buf0[1] = swap32_S (salt_bufs[salt_pos].salt_buf[1]);
salt_buf0[2] = swap32_S (salt_bufs[salt_pos].salt_buf[2]);
salt_buf0[3] = swap32_S (salt_bufs[salt_pos].salt_buf[3]);
salt_buf1[0] = swap32_S (salt_bufs[salt_pos].salt_buf[4]);
salt_buf1[1] = swap32_S (salt_bufs[salt_pos].salt_buf[5]);
salt_buf1[2] = swap32_S (salt_bufs[salt_pos].salt_buf[6]);
salt_buf1[3] = swap32_S (salt_bufs[salt_pos].salt_buf[7]);
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
w0[0] = swap32_S (w0[0]);
w0[1] = swap32_S (w0[1]);
w0[2] = swap32_S (w0[2]);
w0[3] = swap32_S (w0[3]);
w1[0] = swap32_S (w1[0]);
w1[1] = swap32_S (w1[1]);
w1[2] = swap32_S (w1[2]);
w1[3] = swap32_S (w1[3]);
w2[0] = swap32_S (w2[0]);
w2[1] = swap32_S (w2[1]);
w2[2] = swap32_S (w2[2]);
w2[3] = swap32_S (w2[3]);
w3[0] = swap32_S (w3[0]);
w3[1] = swap32_S (w3[1]);
w3[2] = swap32_S (w3[2]);
w3[3] = swap32_S (w3[3]);
u32 ipad[5];
u32 opad[5];
hmac_sha1_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad32[0] = ipad[0];
tmps[gid].ipad32[1] = ipad[1];
tmps[gid].ipad32[2] = ipad[2];
tmps[gid].ipad32[3] = ipad[3];
tmps[gid].ipad32[4] = ipad[4];
tmps[gid].opad32[0] = opad[0];
tmps[gid].opad32[1] = opad[1];
tmps[gid].opad32[2] = opad[2];
tmps[gid].opad32[3] = opad[3];
tmps[gid].opad32[4] = opad[4];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 5, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = salt_buf1[0];
w1[1] = salt_buf1[1];
w1[2] = salt_buf1[2];
w1[3] = salt_buf1[3];
w2[0] = j;
w2[1] = 0x80000000;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + salt_len + 4) * 8;
u32 dgst[5];
hmac_sha1_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst32[i + 0] = dgst[0];
tmps[gid].dgst32[i + 1] = dgst[1];
tmps[gid].dgst32[i + 2] = dgst[2];
tmps[gid].dgst32[i + 3] = dgst[3];
tmps[gid].dgst32[i + 4] = dgst[4];
tmps[gid].out32[i + 0] = dgst[0];
tmps[gid].out32[i + 1] = dgst[1];
tmps[gid].out32[i + 2] = dgst[2];
tmps[gid].out32[i + 3] = dgst[3];
tmps[gid].out32[i + 4] = dgst[4];
}
}
__kernel void m14613_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[5];
u32x opad[5];
ipad[0] = packv (tmps, ipad32, gid, 0);
ipad[1] = packv (tmps, ipad32, gid, 1);
ipad[2] = packv (tmps, ipad32, gid, 2);
ipad[3] = packv (tmps, ipad32, gid, 3);
ipad[4] = packv (tmps, ipad32, gid, 4);
opad[0] = packv (tmps, opad32, gid, 0);
opad[1] = packv (tmps, opad32, gid, 1);
opad[2] = packv (tmps, opad32, gid, 2);
opad[3] = packv (tmps, opad32, gid, 3);
opad[4] = packv (tmps, opad32, gid, 4);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 5)
{
u32x dgst[5];
u32x out[5];
dgst[0] = packv (tmps, dgst32, gid, i + 0);
dgst[1] = packv (tmps, dgst32, gid, i + 1);
dgst[2] = packv (tmps, dgst32, gid, i + 2);
dgst[3] = packv (tmps, dgst32, gid, i + 3);
dgst[4] = packv (tmps, dgst32, gid, i + 4);
out[0] = packv (tmps, out32, gid, i + 0);
out[1] = packv (tmps, out32, gid, i + 1);
out[2] = packv (tmps, out32, gid, i + 2);
out[3] = packv (tmps, out32, gid, i + 3);
out[4] = packv (tmps, out32, gid, i + 4);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = 0x80000000;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 20) * 8;
hmac_sha1_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
}
unpackv (tmps, dgst32, gid, i + 0, dgst[0]);
unpackv (tmps, dgst32, gid, i + 1, dgst[1]);
unpackv (tmps, dgst32, gid, i + 2, dgst[2]);
unpackv (tmps, dgst32, gid, i + 3, dgst[3]);
unpackv (tmps, dgst32, gid, i + 4, dgst[4]);
unpackv (tmps, out32, gid, i + 0, out[0]);
unpackv (tmps, out32, gid, i + 1, out[1]);
unpackv (tmps, out32, gid, i + 2, out[2]);
unpackv (tmps, out32, gid, i + 3, out[3]);
unpackv (tmps, out32, gid, i + 4, out[4]);
}
}
__kernel void m14613_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_sha1_then_twofish_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

697
OpenCL/m14621.cl
Unescape View File

@ -0,0 +1,697 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_aes.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_aes.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
__constant u32 k_sha256[64] =
{
SHA256C00, SHA256C01, SHA256C02, SHA256C03,
SHA256C04, SHA256C05, SHA256C06, SHA256C07,
SHA256C08, SHA256C09, SHA256C0a, SHA256C0b,
SHA256C0c, SHA256C0d, SHA256C0e, SHA256C0f,
SHA256C10, SHA256C11, SHA256C12, SHA256C13,
SHA256C14, SHA256C15, SHA256C16, SHA256C17,
SHA256C18, SHA256C19, SHA256C1a, SHA256C1b,
SHA256C1c, SHA256C1d, SHA256C1e, SHA256C1f,
SHA256C20, SHA256C21, SHA256C22, SHA256C23,
SHA256C24, SHA256C25, SHA256C26, SHA256C27,
SHA256C28, SHA256C29, SHA256C2a, SHA256C2b,
SHA256C2c, SHA256C2d, SHA256C2e, SHA256C2f,
SHA256C30, SHA256C31, SHA256C32, SHA256C33,
SHA256C34, SHA256C35, SHA256C36, SHA256C37,
SHA256C38, SHA256C39, SHA256C3a, SHA256C3b,
SHA256C3c, SHA256C3d, SHA256C3e, SHA256C3f,
};
static void sha256_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[8])
{
u32 a = digest[0];
u32 b = digest[1];
u32 c = digest[2];
u32 d = digest[3];
u32 e = digest[4];
u32 f = digest[5];
u32 g = digest[6];
u32 h = digest[7];
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
#define ROUND_EXPAND_S() \
{ \
w0_t = SHA256_EXPAND_S (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA256_EXPAND_S (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA256_EXPAND_S (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA256_EXPAND_S (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA256_EXPAND_S (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA256_EXPAND_S (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA256_EXPAND_S (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA256_EXPAND_S (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA256_EXPAND_S (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA256_EXPAND_S (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA256_EXPAND_S (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA256_EXPAND_S (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA256_EXPAND_S (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA256_EXPAND_S (wb_t, w6_t, we_t, wd_t); \
we_t = SHA256_EXPAND_S (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA256_EXPAND_S (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP_S(i) \
{ \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \
}
ROUND_STEP_S (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 64; i += 16)
{
ROUND_EXPAND_S (); ROUND_STEP_S (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha256_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8])
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = SHA256M_A;
ipad[1] = SHA256M_B;
ipad[2] = SHA256M_C;
ipad[3] = SHA256M_D;
ipad[4] = SHA256M_E;
ipad[5] = SHA256M_F;
ipad[6] = SHA256M_G;
ipad[7] = SHA256M_H;
sha256_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = SHA256M_A;
opad[1] = SHA256M_B;
opad[2] = SHA256M_C;
opad[3] = SHA256M_D;
opad[4] = SHA256M_E;
opad[5] = SHA256M_F;
opad[6] = SHA256M_G;
opad[7] = SHA256M_H;
sha256_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_sha256_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8], u32 digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha256_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha256_transform_S (w0, w1, w2, w3, digest);
}
static void sha256_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[8])
{
u32x a = digest[0];
u32x b = digest[1];
u32x c = digest[2];
u32x d = digest[3];
u32x e = digest[4];
u32x f = digest[5];
u32x g = digest[6];
u32x h = digest[7];
u32x w0_t = w0[0];
u32x w1_t = w0[1];
u32x w2_t = w0[2];
u32x w3_t = w0[3];
u32x w4_t = w1[0];
u32x w5_t = w1[1];
u32x w6_t = w1[2];
u32x w7_t = w1[3];
u32x w8_t = w2[0];
u32x w9_t = w2[1];
u32x wa_t = w2[2];
u32x wb_t = w2[3];
u32x wc_t = w3[0];
u32x wd_t = w3[1];
u32x we_t = w3[2];
u32x wf_t = w3[3];
#define ROUND_EXPAND() \
{ \
w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); \
we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP(i) \
{ \
SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \
}
ROUND_STEP (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 64; i += 16)
{
ROUND_EXPAND (); ROUND_STEP (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha256_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[8], u32x opad[8], u32x digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha256_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha256_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14621_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
u32 w2[4];
w2[0] = pws[gid].i[ 8];
w2[1] = pws[gid].i[ 9];
w2[2] = pws[gid].i[10];
w2[3] = pws[gid].i[11];
u32 w3[4];
w3[0] = pws[gid].i[12];
w3[1] = pws[gid].i[13];
w3[2] = pws[gid].i[14];
w3[3] = pws[gid].i[15];
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u32 salt_buf0[4];
u32 salt_buf1[4];
salt_buf0[0] = swap32_S (salt_bufs[salt_pos].salt_buf[0]);
salt_buf0[1] = swap32_S (salt_bufs[salt_pos].salt_buf[1]);
salt_buf0[2] = swap32_S (salt_bufs[salt_pos].salt_buf[2]);
salt_buf0[3] = swap32_S (salt_bufs[salt_pos].salt_buf[3]);
salt_buf1[0] = swap32_S (salt_bufs[salt_pos].salt_buf[4]);
salt_buf1[1] = swap32_S (salt_bufs[salt_pos].salt_buf[5]);
salt_buf1[2] = swap32_S (salt_bufs[salt_pos].salt_buf[6]);
salt_buf1[3] = swap32_S (salt_bufs[salt_pos].salt_buf[7]);
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
w0[0] = swap32_S (w0[0]);
w0[1] = swap32_S (w0[1]);
w0[2] = swap32_S (w0[2]);
w0[3] = swap32_S (w0[3]);
w1[0] = swap32_S (w1[0]);
w1[1] = swap32_S (w1[1]);
w1[2] = swap32_S (w1[2]);
w1[3] = swap32_S (w1[3]);
w2[0] = swap32_S (w2[0]);
w2[1] = swap32_S (w2[1]);
w2[2] = swap32_S (w2[2]);
w2[3] = swap32_S (w2[3]);
w3[0] = swap32_S (w3[0]);
w3[1] = swap32_S (w3[1]);
w3[2] = swap32_S (w3[2]);
w3[3] = swap32_S (w3[3]);
u32 ipad[8];
u32 opad[8];
hmac_sha256_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad32[0] = ipad[0];
tmps[gid].ipad32[1] = ipad[1];
tmps[gid].ipad32[2] = ipad[2];
tmps[gid].ipad32[3] = ipad[3];
tmps[gid].ipad32[4] = ipad[4];
tmps[gid].ipad32[5] = ipad[5];
tmps[gid].ipad32[6] = ipad[6];
tmps[gid].ipad32[7] = ipad[7];
tmps[gid].opad32[0] = opad[0];
tmps[gid].opad32[1] = opad[1];
tmps[gid].opad32[2] = opad[2];
tmps[gid].opad32[3] = opad[3];
tmps[gid].opad32[4] = opad[4];
tmps[gid].opad32[5] = opad[5];
tmps[gid].opad32[6] = opad[6];
tmps[gid].opad32[7] = opad[7];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 8, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = salt_buf1[0];
w1[1] = salt_buf1[1];
w1[2] = salt_buf1[2];
w1[3] = salt_buf1[3];
w2[0] = j;
w2[1] = 0x80000000;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + salt_len + 4) * 8;
u32 dgst[8];
hmac_sha256_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst32[i + 0] = dgst[0];
tmps[gid].dgst32[i + 1] = dgst[1];
tmps[gid].dgst32[i + 2] = dgst[2];
tmps[gid].dgst32[i + 3] = dgst[3];
tmps[gid].dgst32[i + 4] = dgst[4];
tmps[gid].dgst32[i + 5] = dgst[5];
tmps[gid].dgst32[i + 6] = dgst[6];
tmps[gid].dgst32[i + 7] = dgst[7];
tmps[gid].out32[i + 0] = dgst[0];
tmps[gid].out32[i + 1] = dgst[1];
tmps[gid].out32[i + 2] = dgst[2];
tmps[gid].out32[i + 3] = dgst[3];
tmps[gid].out32[i + 4] = dgst[4];
tmps[gid].out32[i + 5] = dgst[5];
tmps[gid].out32[i + 6] = dgst[6];
tmps[gid].out32[i + 7] = dgst[7];
}
}
__kernel void m14621_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[8];
u32x opad[8];
ipad[0] = packv (tmps, ipad32, gid, 0);
ipad[1] = packv (tmps, ipad32, gid, 1);
ipad[2] = packv (tmps, ipad32, gid, 2);
ipad[3] = packv (tmps, ipad32, gid, 3);
ipad[4] = packv (tmps, ipad32, gid, 4);
ipad[5] = packv (tmps, ipad32, gid, 5);
ipad[6] = packv (tmps, ipad32, gid, 6);
ipad[7] = packv (tmps, ipad32, gid, 7);
opad[0] = packv (tmps, opad32, gid, 0);
opad[1] = packv (tmps, opad32, gid, 1);
opad[2] = packv (tmps, opad32, gid, 2);
opad[3] = packv (tmps, opad32, gid, 3);
opad[4] = packv (tmps, opad32, gid, 4);
opad[5] = packv (tmps, opad32, gid, 5);
opad[6] = packv (tmps, opad32, gid, 6);
opad[7] = packv (tmps, opad32, gid, 7);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 8)
{
u32x dgst[8];
u32x out[8];
dgst[0] = packv (tmps, dgst32, gid, i + 0);
dgst[1] = packv (tmps, dgst32, gid, i + 1);
dgst[2] = packv (tmps, dgst32, gid, i + 2);
dgst[3] = packv (tmps, dgst32, gid, i + 3);
dgst[4] = packv (tmps, dgst32, gid, i + 4);
dgst[5] = packv (tmps, dgst32, gid, i + 5);
dgst[6] = packv (tmps, dgst32, gid, i + 6);
dgst[7] = packv (tmps, dgst32, gid, i + 7);
out[0] = packv (tmps, out32, gid, i + 0);
out[1] = packv (tmps, out32, gid, i + 1);
out[2] = packv (tmps, out32, gid, i + 2);
out[3] = packv (tmps, out32, gid, i + 3);
out[4] = packv (tmps, out32, gid, i + 4);
out[5] = packv (tmps, out32, gid, i + 5);
out[6] = packv (tmps, out32, gid, i + 6);
out[7] = packv (tmps, out32, gid, i + 7);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = dgst[5];
w1[2] = dgst[6];
w1[3] = dgst[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
out[5] ^= dgst[5];
out[6] ^= dgst[6];
out[7] ^= dgst[7];
}
unpackv (tmps, dgst32, gid, i + 0, dgst[0]);
unpackv (tmps, dgst32, gid, i + 1, dgst[1]);
unpackv (tmps, dgst32, gid, i + 2, dgst[2]);
unpackv (tmps, dgst32, gid, i + 3, dgst[3]);
unpackv (tmps, dgst32, gid, i + 4, dgst[4]);
unpackv (tmps, dgst32, gid, i + 5, dgst[5]);
unpackv (tmps, dgst32, gid, i + 6, dgst[6]);
unpackv (tmps, dgst32, gid, i + 7, dgst[7]);
unpackv (tmps, out32, gid, i + 0, out[0]);
unpackv (tmps, out32, gid, i + 1, out[1]);
unpackv (tmps, out32, gid, i + 2, out[2]);
unpackv (tmps, out32, gid, i + 3, out[3]);
unpackv (tmps, out32, gid, i + 4, out[4]);
unpackv (tmps, out32, gid, i + 5, out[5]);
unpackv (tmps, out32, gid, i + 6, out[6]);
unpackv (tmps, out32, gid, i + 7, out[7]);
}
}
__kernel void m14621_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* aes shared
*/
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_sha256_then_aes_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

644
OpenCL/m14622.cl
Unescape View File

@ -0,0 +1,644 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_serpent.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_serpent.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
__constant u32 k_sha256[64] =
{
SHA256C00, SHA256C01, SHA256C02, SHA256C03,
SHA256C04, SHA256C05, SHA256C06, SHA256C07,
SHA256C08, SHA256C09, SHA256C0a, SHA256C0b,
SHA256C0c, SHA256C0d, SHA256C0e, SHA256C0f,
SHA256C10, SHA256C11, SHA256C12, SHA256C13,
SHA256C14, SHA256C15, SHA256C16, SHA256C17,
SHA256C18, SHA256C19, SHA256C1a, SHA256C1b,
SHA256C1c, SHA256C1d, SHA256C1e, SHA256C1f,
SHA256C20, SHA256C21, SHA256C22, SHA256C23,
SHA256C24, SHA256C25, SHA256C26, SHA256C27,
SHA256C28, SHA256C29, SHA256C2a, SHA256C2b,
SHA256C2c, SHA256C2d, SHA256C2e, SHA256C2f,
SHA256C30, SHA256C31, SHA256C32, SHA256C33,
SHA256C34, SHA256C35, SHA256C36, SHA256C37,
SHA256C38, SHA256C39, SHA256C3a, SHA256C3b,
SHA256C3c, SHA256C3d, SHA256C3e, SHA256C3f,
};
static void sha256_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[8])
{
u32 a = digest[0];
u32 b = digest[1];
u32 c = digest[2];
u32 d = digest[3];
u32 e = digest[4];
u32 f = digest[5];
u32 g = digest[6];
u32 h = digest[7];
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
#define ROUND_EXPAND_S() \
{ \
w0_t = SHA256_EXPAND_S (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA256_EXPAND_S (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA256_EXPAND_S (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA256_EXPAND_S (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA256_EXPAND_S (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA256_EXPAND_S (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA256_EXPAND_S (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA256_EXPAND_S (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA256_EXPAND_S (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA256_EXPAND_S (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA256_EXPAND_S (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA256_EXPAND_S (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA256_EXPAND_S (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA256_EXPAND_S (wb_t, w6_t, we_t, wd_t); \
we_t = SHA256_EXPAND_S (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA256_EXPAND_S (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP_S(i) \
{ \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \
}
ROUND_STEP_S (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 64; i += 16)
{
ROUND_EXPAND_S (); ROUND_STEP_S (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha256_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8])
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = SHA256M_A;
ipad[1] = SHA256M_B;
ipad[2] = SHA256M_C;
ipad[3] = SHA256M_D;
ipad[4] = SHA256M_E;
ipad[5] = SHA256M_F;
ipad[6] = SHA256M_G;
ipad[7] = SHA256M_H;
sha256_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = SHA256M_A;
opad[1] = SHA256M_B;
opad[2] = SHA256M_C;
opad[3] = SHA256M_D;
opad[4] = SHA256M_E;
opad[5] = SHA256M_F;
opad[6] = SHA256M_G;
opad[7] = SHA256M_H;
sha256_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_sha256_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8], u32 digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha256_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha256_transform_S (w0, w1, w2, w3, digest);
}
static void sha256_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[8])
{
u32x a = digest[0];
u32x b = digest[1];
u32x c = digest[2];
u32x d = digest[3];
u32x e = digest[4];
u32x f = digest[5];
u32x g = digest[6];
u32x h = digest[7];
u32x w0_t = w0[0];
u32x w1_t = w0[1];
u32x w2_t = w0[2];
u32x w3_t = w0[3];
u32x w4_t = w1[0];
u32x w5_t = w1[1];
u32x w6_t = w1[2];
u32x w7_t = w1[3];
u32x w8_t = w2[0];
u32x w9_t = w2[1];
u32x wa_t = w2[2];
u32x wb_t = w2[3];
u32x wc_t = w3[0];
u32x wd_t = w3[1];
u32x we_t = w3[2];
u32x wf_t = w3[3];
#define ROUND_EXPAND() \
{ \
w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); \
we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP(i) \
{ \
SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \
}
ROUND_STEP (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 64; i += 16)
{
ROUND_EXPAND (); ROUND_STEP (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha256_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[8], u32x opad[8], u32x digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha256_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha256_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14622_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
u32 w2[4];
w2[0] = pws[gid].i[ 8];
w2[1] = pws[gid].i[ 9];
w2[2] = pws[gid].i[10];
w2[3] = pws[gid].i[11];
u32 w3[4];
w3[0] = pws[gid].i[12];
w3[1] = pws[gid].i[13];
w3[2] = pws[gid].i[14];
w3[3] = pws[gid].i[15];
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u32 salt_buf0[4];
u32 salt_buf1[4];
salt_buf0[0] = swap32_S (salt_bufs[salt_pos].salt_buf[0]);
salt_buf0[1] = swap32_S (salt_bufs[salt_pos].salt_buf[1]);
salt_buf0[2] = swap32_S (salt_bufs[salt_pos].salt_buf[2]);
salt_buf0[3] = swap32_S (salt_bufs[salt_pos].salt_buf[3]);
salt_buf1[0] = swap32_S (salt_bufs[salt_pos].salt_buf[4]);
salt_buf1[1] = swap32_S (salt_bufs[salt_pos].salt_buf[5]);
salt_buf1[2] = swap32_S (salt_bufs[salt_pos].salt_buf[6]);
salt_buf1[3] = swap32_S (salt_bufs[salt_pos].salt_buf[7]);
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
w0[0] = swap32_S (w0[0]);
w0[1] = swap32_S (w0[1]);
w0[2] = swap32_S (w0[2]);
w0[3] = swap32_S (w0[3]);
w1[0] = swap32_S (w1[0]);
w1[1] = swap32_S (w1[1]);
w1[2] = swap32_S (w1[2]);
w1[3] = swap32_S (w1[3]);
w2[0] = swap32_S (w2[0]);
w2[1] = swap32_S (w2[1]);
w2[2] = swap32_S (w2[2]);
w2[3] = swap32_S (w2[3]);
w3[0] = swap32_S (w3[0]);
w3[1] = swap32_S (w3[1]);
w3[2] = swap32_S (w3[2]);
w3[3] = swap32_S (w3[3]);
u32 ipad[8];
u32 opad[8];
hmac_sha256_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad32[0] = ipad[0];
tmps[gid].ipad32[1] = ipad[1];
tmps[gid].ipad32[2] = ipad[2];
tmps[gid].ipad32[3] = ipad[3];
tmps[gid].ipad32[4] = ipad[4];
tmps[gid].ipad32[5] = ipad[5];
tmps[gid].ipad32[6] = ipad[6];
tmps[gid].ipad32[7] = ipad[7];
tmps[gid].opad32[0] = opad[0];
tmps[gid].opad32[1] = opad[1];
tmps[gid].opad32[2] = opad[2];
tmps[gid].opad32[3] = opad[3];
tmps[gid].opad32[4] = opad[4];
tmps[gid].opad32[5] = opad[5];
tmps[gid].opad32[6] = opad[6];
tmps[gid].opad32[7] = opad[7];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 8, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = salt_buf1[0];
w1[1] = salt_buf1[1];
w1[2] = salt_buf1[2];
w1[3] = salt_buf1[3];
w2[0] = j;
w2[1] = 0x80000000;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + salt_len + 4) * 8;
u32 dgst[8];
hmac_sha256_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst32[i + 0] = dgst[0];
tmps[gid].dgst32[i + 1] = dgst[1];
tmps[gid].dgst32[i + 2] = dgst[2];
tmps[gid].dgst32[i + 3] = dgst[3];
tmps[gid].dgst32[i + 4] = dgst[4];
tmps[gid].dgst32[i + 5] = dgst[5];
tmps[gid].dgst32[i + 6] = dgst[6];
tmps[gid].dgst32[i + 7] = dgst[7];
tmps[gid].out32[i + 0] = dgst[0];
tmps[gid].out32[i + 1] = dgst[1];
tmps[gid].out32[i + 2] = dgst[2];
tmps[gid].out32[i + 3] = dgst[3];
tmps[gid].out32[i + 4] = dgst[4];
tmps[gid].out32[i + 5] = dgst[5];
tmps[gid].out32[i + 6] = dgst[6];
tmps[gid].out32[i + 7] = dgst[7];
}
}
__kernel void m14622_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[8];
u32x opad[8];
ipad[0] = packv (tmps, ipad32, gid, 0);
ipad[1] = packv (tmps, ipad32, gid, 1);
ipad[2] = packv (tmps, ipad32, gid, 2);
ipad[3] = packv (tmps, ipad32, gid, 3);
ipad[4] = packv (tmps, ipad32, gid, 4);
ipad[5] = packv (tmps, ipad32, gid, 5);
ipad[6] = packv (tmps, ipad32, gid, 6);
ipad[7] = packv (tmps, ipad32, gid, 7);
opad[0] = packv (tmps, opad32, gid, 0);
opad[1] = packv (tmps, opad32, gid, 1);
opad[2] = packv (tmps, opad32, gid, 2);
opad[3] = packv (tmps, opad32, gid, 3);
opad[4] = packv (tmps, opad32, gid, 4);
opad[5] = packv (tmps, opad32, gid, 5);
opad[6] = packv (tmps, opad32, gid, 6);
opad[7] = packv (tmps, opad32, gid, 7);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 8)
{
u32x dgst[8];
u32x out[8];
dgst[0] = packv (tmps, dgst32, gid, i + 0);
dgst[1] = packv (tmps, dgst32, gid, i + 1);
dgst[2] = packv (tmps, dgst32, gid, i + 2);
dgst[3] = packv (tmps, dgst32, gid, i + 3);
dgst[4] = packv (tmps, dgst32, gid, i + 4);
dgst[5] = packv (tmps, dgst32, gid, i + 5);
dgst[6] = packv (tmps, dgst32, gid, i + 6);
dgst[7] = packv (tmps, dgst32, gid, i + 7);
out[0] = packv (tmps, out32, gid, i + 0);
out[1] = packv (tmps, out32, gid, i + 1);
out[2] = packv (tmps, out32, gid, i + 2);
out[3] = packv (tmps, out32, gid, i + 3);
out[4] = packv (tmps, out32, gid, i + 4);
out[5] = packv (tmps, out32, gid, i + 5);
out[6] = packv (tmps, out32, gid, i + 6);
out[7] = packv (tmps, out32, gid, i + 7);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = dgst[5];
w1[2] = dgst[6];
w1[3] = dgst[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
out[5] ^= dgst[5];
out[6] ^= dgst[6];
out[7] ^= dgst[7];
}
unpackv (tmps, dgst32, gid, i + 0, dgst[0]);
unpackv (tmps, dgst32, gid, i + 1, dgst[1]);
unpackv (tmps, dgst32, gid, i + 2, dgst[2]);
unpackv (tmps, dgst32, gid, i + 3, dgst[3]);
unpackv (tmps, dgst32, gid, i + 4, dgst[4]);
unpackv (tmps, dgst32, gid, i + 5, dgst[5]);
unpackv (tmps, dgst32, gid, i + 6, dgst[6]);
unpackv (tmps, dgst32, gid, i + 7, dgst[7]);
unpackv (tmps, out32, gid, i + 0, out[0]);
unpackv (tmps, out32, gid, i + 1, out[1]);
unpackv (tmps, out32, gid, i + 2, out[2]);
unpackv (tmps, out32, gid, i + 3, out[3]);
unpackv (tmps, out32, gid, i + 4, out[4]);
unpackv (tmps, out32, gid, i + 5, out[5]);
unpackv (tmps, out32, gid, i + 6, out[6]);
unpackv (tmps, out32, gid, i + 7, out[7]);
}
}
__kernel void m14622_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_sha256_then_serpent_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

644
OpenCL/m14623.cl
Unescape View File

@ -0,0 +1,644 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_twofish.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_twofish.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
__constant u32 k_sha256[64] =
{
SHA256C00, SHA256C01, SHA256C02, SHA256C03,
SHA256C04, SHA256C05, SHA256C06, SHA256C07,
SHA256C08, SHA256C09, SHA256C0a, SHA256C0b,
SHA256C0c, SHA256C0d, SHA256C0e, SHA256C0f,
SHA256C10, SHA256C11, SHA256C12, SHA256C13,
SHA256C14, SHA256C15, SHA256C16, SHA256C17,
SHA256C18, SHA256C19, SHA256C1a, SHA256C1b,
SHA256C1c, SHA256C1d, SHA256C1e, SHA256C1f,
SHA256C20, SHA256C21, SHA256C22, SHA256C23,
SHA256C24, SHA256C25, SHA256C26, SHA256C27,
SHA256C28, SHA256C29, SHA256C2a, SHA256C2b,
SHA256C2c, SHA256C2d, SHA256C2e, SHA256C2f,
SHA256C30, SHA256C31, SHA256C32, SHA256C33,
SHA256C34, SHA256C35, SHA256C36, SHA256C37,
SHA256C38, SHA256C39, SHA256C3a, SHA256C3b,
SHA256C3c, SHA256C3d, SHA256C3e, SHA256C3f,
};
static void sha256_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[8])
{
u32 a = digest[0];
u32 b = digest[1];
u32 c = digest[2];
u32 d = digest[3];
u32 e = digest[4];
u32 f = digest[5];
u32 g = digest[6];
u32 h = digest[7];
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
#define ROUND_EXPAND_S() \
{ \
w0_t = SHA256_EXPAND_S (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA256_EXPAND_S (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA256_EXPAND_S (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA256_EXPAND_S (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA256_EXPAND_S (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA256_EXPAND_S (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA256_EXPAND_S (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA256_EXPAND_S (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA256_EXPAND_S (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA256_EXPAND_S (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA256_EXPAND_S (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA256_EXPAND_S (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA256_EXPAND_S (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA256_EXPAND_S (wb_t, w6_t, we_t, wd_t); \
we_t = SHA256_EXPAND_S (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA256_EXPAND_S (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP_S(i) \
{ \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \
SHA256_STEP_S (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \
}
ROUND_STEP_S (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 64; i += 16)
{
ROUND_EXPAND_S (); ROUND_STEP_S (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha256_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8])
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = SHA256M_A;
ipad[1] = SHA256M_B;
ipad[2] = SHA256M_C;
ipad[3] = SHA256M_D;
ipad[4] = SHA256M_E;
ipad[5] = SHA256M_F;
ipad[6] = SHA256M_G;
ipad[7] = SHA256M_H;
sha256_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = SHA256M_A;
opad[1] = SHA256M_B;
opad[2] = SHA256M_C;
opad[3] = SHA256M_D;
opad[4] = SHA256M_E;
opad[5] = SHA256M_F;
opad[6] = SHA256M_G;
opad[7] = SHA256M_H;
sha256_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_sha256_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8], u32 digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha256_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha256_transform_S (w0, w1, w2, w3, digest);
}
static void sha256_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[8])
{
u32x a = digest[0];
u32x b = digest[1];
u32x c = digest[2];
u32x d = digest[3];
u32x e = digest[4];
u32x f = digest[5];
u32x g = digest[6];
u32x h = digest[7];
u32x w0_t = w0[0];
u32x w1_t = w0[1];
u32x w2_t = w0[2];
u32x w3_t = w0[3];
u32x w4_t = w1[0];
u32x w5_t = w1[1];
u32x w6_t = w1[2];
u32x w7_t = w1[3];
u32x w8_t = w2[0];
u32x w9_t = w2[1];
u32x wa_t = w2[2];
u32x wb_t = w2[3];
u32x wc_t = w3[0];
u32x wd_t = w3[1];
u32x we_t = w3[2];
u32x wf_t = w3[3];
#define ROUND_EXPAND() \
{ \
w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); \
we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP(i) \
{ \
SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \
SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \
}
ROUND_STEP (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 64; i += 16)
{
ROUND_EXPAND (); ROUND_STEP (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha256_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[8], u32x opad[8], u32x digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha256_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha256_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14623_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
u32 w2[4];
w2[0] = pws[gid].i[ 8];
w2[1] = pws[gid].i[ 9];
w2[2] = pws[gid].i[10];
w2[3] = pws[gid].i[11];
u32 w3[4];
w3[0] = pws[gid].i[12];
w3[1] = pws[gid].i[13];
w3[2] = pws[gid].i[14];
w3[3] = pws[gid].i[15];
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u32 salt_buf0[4];
u32 salt_buf1[4];
salt_buf0[0] = swap32_S (salt_bufs[salt_pos].salt_buf[0]);
salt_buf0[1] = swap32_S (salt_bufs[salt_pos].salt_buf[1]);
salt_buf0[2] = swap32_S (salt_bufs[salt_pos].salt_buf[2]);
salt_buf0[3] = swap32_S (salt_bufs[salt_pos].salt_buf[3]);
salt_buf1[0] = swap32_S (salt_bufs[salt_pos].salt_buf[4]);
salt_buf1[1] = swap32_S (salt_bufs[salt_pos].salt_buf[5]);
salt_buf1[2] = swap32_S (salt_bufs[salt_pos].salt_buf[6]);
salt_buf1[3] = swap32_S (salt_bufs[salt_pos].salt_buf[7]);
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
w0[0] = swap32_S (w0[0]);
w0[1] = swap32_S (w0[1]);
w0[2] = swap32_S (w0[2]);
w0[3] = swap32_S (w0[3]);
w1[0] = swap32_S (w1[0]);
w1[1] = swap32_S (w1[1]);
w1[2] = swap32_S (w1[2]);
w1[3] = swap32_S (w1[3]);
w2[0] = swap32_S (w2[0]);
w2[1] = swap32_S (w2[1]);
w2[2] = swap32_S (w2[2]);
w2[3] = swap32_S (w2[3]);
w3[0] = swap32_S (w3[0]);
w3[1] = swap32_S (w3[1]);
w3[2] = swap32_S (w3[2]);
w3[3] = swap32_S (w3[3]);
u32 ipad[8];
u32 opad[8];
hmac_sha256_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad32[0] = ipad[0];
tmps[gid].ipad32[1] = ipad[1];
tmps[gid].ipad32[2] = ipad[2];
tmps[gid].ipad32[3] = ipad[3];
tmps[gid].ipad32[4] = ipad[4];
tmps[gid].ipad32[5] = ipad[5];
tmps[gid].ipad32[6] = ipad[6];
tmps[gid].ipad32[7] = ipad[7];
tmps[gid].opad32[0] = opad[0];
tmps[gid].opad32[1] = opad[1];
tmps[gid].opad32[2] = opad[2];
tmps[gid].opad32[3] = opad[3];
tmps[gid].opad32[4] = opad[4];
tmps[gid].opad32[5] = opad[5];
tmps[gid].opad32[6] = opad[6];
tmps[gid].opad32[7] = opad[7];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 8, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = salt_buf1[0];
w1[1] = salt_buf1[1];
w1[2] = salt_buf1[2];
w1[3] = salt_buf1[3];
w2[0] = j;
w2[1] = 0x80000000;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + salt_len + 4) * 8;
u32 dgst[8];
hmac_sha256_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst32[i + 0] = dgst[0];
tmps[gid].dgst32[i + 1] = dgst[1];
tmps[gid].dgst32[i + 2] = dgst[2];
tmps[gid].dgst32[i + 3] = dgst[3];
tmps[gid].dgst32[i + 4] = dgst[4];
tmps[gid].dgst32[i + 5] = dgst[5];
tmps[gid].dgst32[i + 6] = dgst[6];
tmps[gid].dgst32[i + 7] = dgst[7];
tmps[gid].out32[i + 0] = dgst[0];
tmps[gid].out32[i + 1] = dgst[1];
tmps[gid].out32[i + 2] = dgst[2];
tmps[gid].out32[i + 3] = dgst[3];
tmps[gid].out32[i + 4] = dgst[4];
tmps[gid].out32[i + 5] = dgst[5];
tmps[gid].out32[i + 6] = dgst[6];
tmps[gid].out32[i + 7] = dgst[7];
}
}
__kernel void m14623_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[8];
u32x opad[8];
ipad[0] = packv (tmps, ipad32, gid, 0);
ipad[1] = packv (tmps, ipad32, gid, 1);
ipad[2] = packv (tmps, ipad32, gid, 2);
ipad[3] = packv (tmps, ipad32, gid, 3);
ipad[4] = packv (tmps, ipad32, gid, 4);
ipad[5] = packv (tmps, ipad32, gid, 5);
ipad[6] = packv (tmps, ipad32, gid, 6);
ipad[7] = packv (tmps, ipad32, gid, 7);
opad[0] = packv (tmps, opad32, gid, 0);
opad[1] = packv (tmps, opad32, gid, 1);
opad[2] = packv (tmps, opad32, gid, 2);
opad[3] = packv (tmps, opad32, gid, 3);
opad[4] = packv (tmps, opad32, gid, 4);
opad[5] = packv (tmps, opad32, gid, 5);
opad[6] = packv (tmps, opad32, gid, 6);
opad[7] = packv (tmps, opad32, gid, 7);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 8)
{
u32x dgst[8];
u32x out[8];
dgst[0] = packv (tmps, dgst32, gid, i + 0);
dgst[1] = packv (tmps, dgst32, gid, i + 1);
dgst[2] = packv (tmps, dgst32, gid, i + 2);
dgst[3] = packv (tmps, dgst32, gid, i + 3);
dgst[4] = packv (tmps, dgst32, gid, i + 4);
dgst[5] = packv (tmps, dgst32, gid, i + 5);
dgst[6] = packv (tmps, dgst32, gid, i + 6);
dgst[7] = packv (tmps, dgst32, gid, i + 7);
out[0] = packv (tmps, out32, gid, i + 0);
out[1] = packv (tmps, out32, gid, i + 1);
out[2] = packv (tmps, out32, gid, i + 2);
out[3] = packv (tmps, out32, gid, i + 3);
out[4] = packv (tmps, out32, gid, i + 4);
out[5] = packv (tmps, out32, gid, i + 5);
out[6] = packv (tmps, out32, gid, i + 6);
out[7] = packv (tmps, out32, gid, i + 7);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = dgst[5];
w1[2] = dgst[6];
w1[3] = dgst[7];
w2[0] = 0x80000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (64 + 32) * 8;
hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
out[5] ^= dgst[5];
out[6] ^= dgst[6];
out[7] ^= dgst[7];
}
unpackv (tmps, dgst32, gid, i + 0, dgst[0]);
unpackv (tmps, dgst32, gid, i + 1, dgst[1]);
unpackv (tmps, dgst32, gid, i + 2, dgst[2]);
unpackv (tmps, dgst32, gid, i + 3, dgst[3]);
unpackv (tmps, dgst32, gid, i + 4, dgst[4]);
unpackv (tmps, dgst32, gid, i + 5, dgst[5]);
unpackv (tmps, dgst32, gid, i + 6, dgst[6]);
unpackv (tmps, dgst32, gid, i + 7, dgst[7]);
unpackv (tmps, out32, gid, i + 0, out[0]);
unpackv (tmps, out32, gid, i + 1, out[1]);
unpackv (tmps, out32, gid, i + 2, out[2]);
unpackv (tmps, out32, gid, i + 3, out[3]);
unpackv (tmps, out32, gid, i + 4, out[4]);
unpackv (tmps, out32, gid, i + 5, out[5]);
unpackv (tmps, out32, gid, i + 6, out[6]);
unpackv (tmps, out32, gid, i + 7, out[7]);
}
}
__kernel void m14623_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_sha256_then_twofish_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

673
OpenCL/m14631.cl
Unescape View File

@ -0,0 +1,673 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_aes.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_aes.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
__constant u64 k_sha512[80] =
{
SHA512C00, SHA512C01, SHA512C02, SHA512C03,
SHA512C04, SHA512C05, SHA512C06, SHA512C07,
SHA512C08, SHA512C09, SHA512C0a, SHA512C0b,
SHA512C0c, SHA512C0d, SHA512C0e, SHA512C0f,
SHA512C10, SHA512C11, SHA512C12, SHA512C13,
SHA512C14, SHA512C15, SHA512C16, SHA512C17,
SHA512C18, SHA512C19, SHA512C1a, SHA512C1b,
SHA512C1c, SHA512C1d, SHA512C1e, SHA512C1f,
SHA512C20, SHA512C21, SHA512C22, SHA512C23,
SHA512C24, SHA512C25, SHA512C26, SHA512C27,
SHA512C28, SHA512C29, SHA512C2a, SHA512C2b,
SHA512C2c, SHA512C2d, SHA512C2e, SHA512C2f,
SHA512C30, SHA512C31, SHA512C32, SHA512C33,
SHA512C34, SHA512C35, SHA512C36, SHA512C37,
SHA512C38, SHA512C39, SHA512C3a, SHA512C3b,
SHA512C3c, SHA512C3d, SHA512C3e, SHA512C3f,
SHA512C40, SHA512C41, SHA512C42, SHA512C43,
SHA512C44, SHA512C45, SHA512C46, SHA512C47,
SHA512C48, SHA512C49, SHA512C4a, SHA512C4b,
SHA512C4c, SHA512C4d, SHA512C4e, SHA512C4f,
};
static void sha512_transform_S (const u64 w0[4], const u64 w1[4], const u64 w2[4], const u64 w3[4], u64 digest[8])
{
u64 a = digest[0];
u64 b = digest[1];
u64 c = digest[2];
u64 d = digest[3];
u64 e = digest[4];
u64 f = digest[5];
u64 g = digest[6];
u64 h = digest[7];
u64 w0_t = w0[0];
u64 w1_t = w0[1];
u64 w2_t = w0[2];
u64 w3_t = w0[3];
u64 w4_t = w1[0];
u64 w5_t = w1[1];
u64 w6_t = w1[2];
u64 w7_t = w1[3];
u64 w8_t = w2[0];
u64 w9_t = w2[1];
u64 wa_t = w2[2];
u64 wb_t = w2[3];
u64 wc_t = w3[0];
u64 wd_t = w3[1];
u64 we_t = w3[2];
u64 wf_t = w3[3];
#define ROUND_EXPAND_S() \
{ \
w0_t = SHA512_EXPAND_S (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA512_EXPAND_S (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA512_EXPAND_S (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA512_EXPAND_S (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA512_EXPAND_S (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA512_EXPAND_S (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA512_EXPAND_S (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA512_EXPAND_S (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA512_EXPAND_S (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA512_EXPAND_S (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA512_EXPAND_S (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA512_EXPAND_S (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA512_EXPAND_S (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA512_EXPAND_S (wb_t, w6_t, we_t, wd_t); \
we_t = SHA512_EXPAND_S (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA512_EXPAND_S (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP_S(i) \
{ \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha512[i + 0]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha512[i + 1]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha512[i + 2]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha512[i + 3]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha512[i + 4]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha512[i + 5]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha512[i + 6]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha512[i + 7]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha512[i + 8]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha512[i + 9]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha512[i + 10]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha512[i + 11]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha512[i + 12]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha512[i + 13]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, we_t, k_sha512[i + 14]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha512[i + 15]); \
}
ROUND_STEP_S (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 80; i += 16)
{
ROUND_EXPAND_S (); ROUND_STEP_S (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha512_pad_S (u64 w0[4], u64 w1[4], u64 w2[4], u64 w3[4], u64 ipad[8], u64 opad[8])
{
w0[0] = w0[0] ^ 0x3636363636363636;
w0[1] = w0[1] ^ 0x3636363636363636;
w0[2] = w0[2] ^ 0x3636363636363636;
w0[3] = w0[3] ^ 0x3636363636363636;
w1[0] = w1[0] ^ 0x3636363636363636;
w1[1] = w1[1] ^ 0x3636363636363636;
w1[2] = w1[2] ^ 0x3636363636363636;
w1[3] = w1[3] ^ 0x3636363636363636;
w2[0] = w2[0] ^ 0x3636363636363636;
w2[1] = w2[1] ^ 0x3636363636363636;
w2[2] = w2[2] ^ 0x3636363636363636;
w2[3] = w2[3] ^ 0x3636363636363636;
w3[0] = w3[0] ^ 0x3636363636363636;
w3[1] = w3[1] ^ 0x3636363636363636;
w3[2] = w3[2] ^ 0x3636363636363636;
w3[3] = w3[3] ^ 0x3636363636363636;
ipad[0] = SHA512M_A;
ipad[1] = SHA512M_B;
ipad[2] = SHA512M_C;
ipad[3] = SHA512M_D;
ipad[4] = SHA512M_E;
ipad[5] = SHA512M_F;
ipad[6] = SHA512M_G;
ipad[7] = SHA512M_H;
sha512_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a6a6a6a6a;
opad[0] = SHA512M_A;
opad[1] = SHA512M_B;
opad[2] = SHA512M_C;
opad[3] = SHA512M_D;
opad[4] = SHA512M_E;
opad[5] = SHA512M_F;
opad[6] = SHA512M_G;
opad[7] = SHA512M_H;
sha512_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_sha512_run_S (u64 w0[4], u64 w1[4], u64 w2[4], u64 w3[4], u64 ipad[8], u64 opad[8], u64 digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha512_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x8000000000000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + 64) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha512_transform_S (w0, w1, w2, w3, digest);
}
static void sha512_transform_V (const u64x w0[4], const u64x w1[4], const u64x w2[4], const u64x w3[4], u64x digest[8])
{
u64x a = digest[0];
u64x b = digest[1];
u64x c = digest[2];
u64x d = digest[3];
u64x e = digest[4];
u64x f = digest[5];
u64x g = digest[6];
u64x h = digest[7];
u64x w0_t = w0[0];
u64x w1_t = w0[1];
u64x w2_t = w0[2];
u64x w3_t = w0[3];
u64x w4_t = w1[0];
u64x w5_t = w1[1];
u64x w6_t = w1[2];
u64x w7_t = w1[3];
u64x w8_t = w2[0];
u64x w9_t = w2[1];
u64x wa_t = w2[2];
u64x wb_t = w2[3];
u64x wc_t = w3[0];
u64x wd_t = w3[1];
u64x we_t = w3[2];
u64x wf_t = w3[3];
#define ROUND_EXPAND() \
{ \
w0_t = SHA512_EXPAND (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA512_EXPAND (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA512_EXPAND (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA512_EXPAND (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA512_EXPAND (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA512_EXPAND (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA512_EXPAND (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA512_EXPAND (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA512_EXPAND (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA512_EXPAND (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA512_EXPAND (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA512_EXPAND (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA512_EXPAND (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA512_EXPAND (wb_t, w6_t, we_t, wd_t); \
we_t = SHA512_EXPAND (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA512_EXPAND (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP(i) \
{ \
SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha512[i + 0]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha512[i + 1]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha512[i + 2]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha512[i + 3]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha512[i + 4]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha512[i + 5]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha512[i + 6]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha512[i + 7]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha512[i + 8]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha512[i + 9]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha512[i + 10]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha512[i + 11]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha512[i + 12]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha512[i + 13]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, we_t, k_sha512[i + 14]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha512[i + 15]); \
}
ROUND_STEP (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 80; i += 16)
{
ROUND_EXPAND (); ROUND_STEP (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha512_run_V (u64x w0[4], u64x w1[4], u64x w2[4], u64x w3[4], u64x ipad[8], u64x opad[8], u64x digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha512_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x8000000000000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + 64) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha512_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14631_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u64 w0[4];
u64 w1[4];
u64 w2[4];
u64 w3[4];
w0[0] = hl32_to_64_S (swap32_S (pws[gid].i[ 0]), swap32_S (pws[gid].i[ 1]));
w0[1] = hl32_to_64_S (swap32_S (pws[gid].i[ 2]), swap32_S (pws[gid].i[ 3]));
w0[2] = hl32_to_64_S (swap32_S (pws[gid].i[ 4]), swap32_S (pws[gid].i[ 5]));
w0[3] = hl32_to_64_S (swap32_S (pws[gid].i[ 6]), swap32_S (pws[gid].i[ 7]));
w1[0] = hl32_to_64_S (swap32_S (pws[gid].i[ 8]), swap32_S (pws[gid].i[ 9]));
w1[1] = hl32_to_64_S (swap32_S (pws[gid].i[10]), swap32_S (pws[gid].i[11]));
w1[2] = hl32_to_64_S (swap32_S (pws[gid].i[12]), swap32_S (pws[gid].i[13]));
w1[3] = hl32_to_64_S (swap32_S (pws[gid].i[14]), swap32_S (pws[gid].i[15]));
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u64 salt_buf0[4];
salt_buf0[0] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[0]), swap32_S (salt_bufs[salt_pos].salt_buf[1]));
salt_buf0[1] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[2]), swap32_S (salt_bufs[salt_pos].salt_buf[3]));
salt_buf0[2] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[4]), swap32_S (salt_bufs[salt_pos].salt_buf[5]));
salt_buf0[3] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[6]), swap32_S (salt_bufs[salt_pos].salt_buf[7]));
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
u64 ipad[8];
u64 opad[8];
hmac_sha512_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad64[0] = ipad[0];
tmps[gid].ipad64[1] = ipad[1];
tmps[gid].ipad64[2] = ipad[2];
tmps[gid].ipad64[3] = ipad[3];
tmps[gid].ipad64[4] = ipad[4];
tmps[gid].ipad64[5] = ipad[5];
tmps[gid].ipad64[6] = ipad[6];
tmps[gid].ipad64[7] = ipad[7];
tmps[gid].opad64[0] = opad[0];
tmps[gid].opad64[1] = opad[1];
tmps[gid].opad64[2] = opad[2];
tmps[gid].opad64[3] = opad[3];
tmps[gid].opad64[4] = opad[4];
tmps[gid].opad64[5] = opad[5];
tmps[gid].opad64[6] = opad[6];
tmps[gid].opad64[7] = opad[7];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 16, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = hl32_to_64_S (j, 0x80000000);
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + salt_len + 4) * 8;
u64 dgst[8];
hmac_sha512_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst64[i + 0] = dgst[0];
tmps[gid].dgst64[i + 1] = dgst[1];
tmps[gid].dgst64[i + 2] = dgst[2];
tmps[gid].dgst64[i + 3] = dgst[3];
tmps[gid].dgst64[i + 4] = dgst[4];
tmps[gid].dgst64[i + 5] = dgst[5];
tmps[gid].dgst64[i + 6] = dgst[6];
tmps[gid].dgst64[i + 7] = dgst[7];
tmps[gid].out64[i + 0] = dgst[0];
tmps[gid].out64[i + 1] = dgst[1];
tmps[gid].out64[i + 2] = dgst[2];
tmps[gid].out64[i + 3] = dgst[3];
tmps[gid].out64[i + 4] = dgst[4];
tmps[gid].out64[i + 5] = dgst[5];
tmps[gid].out64[i + 6] = dgst[6];
tmps[gid].out64[i + 7] = dgst[7];
}
}
__kernel void m14631_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u64x ipad[8];
u64x opad[8];
ipad[0] = pack64v (tmps, ipad64, gid, 0);
ipad[1] = pack64v (tmps, ipad64, gid, 1);
ipad[2] = pack64v (tmps, ipad64, gid, 2);
ipad[3] = pack64v (tmps, ipad64, gid, 3);
ipad[4] = pack64v (tmps, ipad64, gid, 4);
ipad[5] = pack64v (tmps, ipad64, gid, 5);
ipad[6] = pack64v (tmps, ipad64, gid, 6);
ipad[7] = pack64v (tmps, ipad64, gid, 7);
opad[0] = pack64v (tmps, opad64, gid, 0);
opad[1] = pack64v (tmps, opad64, gid, 1);
opad[2] = pack64v (tmps, opad64, gid, 2);
opad[3] = pack64v (tmps, opad64, gid, 3);
opad[4] = pack64v (tmps, opad64, gid, 4);
opad[5] = pack64v (tmps, opad64, gid, 5);
opad[6] = pack64v (tmps, opad64, gid, 6);
opad[7] = pack64v (tmps, opad64, gid, 7);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 16)
{
u64x dgst[8];
u64x out[8];
dgst[0] = pack64v (tmps, dgst64, gid, i + 0);
dgst[1] = pack64v (tmps, dgst64, gid, i + 1);
dgst[2] = pack64v (tmps, dgst64, gid, i + 2);
dgst[3] = pack64v (tmps, dgst64, gid, i + 3);
dgst[4] = pack64v (tmps, dgst64, gid, i + 4);
dgst[5] = pack64v (tmps, dgst64, gid, i + 5);
dgst[6] = pack64v (tmps, dgst64, gid, i + 6);
dgst[7] = pack64v (tmps, dgst64, gid, i + 7);
out[0] = pack64v (tmps, out64, gid, i + 0);
out[1] = pack64v (tmps, out64, gid, i + 1);
out[2] = pack64v (tmps, out64, gid, i + 2);
out[3] = pack64v (tmps, out64, gid, i + 3);
out[4] = pack64v (tmps, out64, gid, i + 4);
out[5] = pack64v (tmps, out64, gid, i + 5);
out[6] = pack64v (tmps, out64, gid, i + 6);
out[7] = pack64v (tmps, out64, gid, i + 7);
for (u32 j = 0; j < loop_cnt; j++)
{
u64x w0[4];
u64x w1[4];
u64x w2[4];
u64x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = dgst[5];
w1[2] = dgst[6];
w1[3] = dgst[7];
w2[0] = 0x8000000000000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + 64) * 8;
hmac_sha512_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
out[5] ^= dgst[5];
out[6] ^= dgst[6];
out[7] ^= dgst[7];
}
unpackv (tmps, dgst64, gid, i + 0, dgst[0]);
unpackv (tmps, dgst64, gid, i + 1, dgst[1]);
unpackv (tmps, dgst64, gid, i + 2, dgst[2]);
unpackv (tmps, dgst64, gid, i + 3, dgst[3]);
unpackv (tmps, dgst64, gid, i + 4, dgst[4]);
unpackv (tmps, dgst64, gid, i + 5, dgst[5]);
unpackv (tmps, dgst64, gid, i + 6, dgst[6]);
unpackv (tmps, dgst64, gid, i + 7, dgst[7]);
unpackv (tmps, out64, gid, i + 0, out[0]);
unpackv (tmps, out64, gid, i + 1, out[1]);
unpackv (tmps, out64, gid, i + 2, out[2]);
unpackv (tmps, out64, gid, i + 3, out[3]);
unpackv (tmps, out64, gid, i + 4, out[4]);
unpackv (tmps, out64, gid, i + 5, out[5]);
unpackv (tmps, out64, gid, i + 6, out[6]);
unpackv (tmps, out64, gid, i + 7, out[7]);
}
}
__kernel void m14631_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* aes shared
*/
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_sha512_then_aes_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

620
OpenCL/m14632.cl
Unescape View File

@ -0,0 +1,620 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_serpent.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_serpent.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
__constant u64 k_sha512[80] =
{
SHA512C00, SHA512C01, SHA512C02, SHA512C03,
SHA512C04, SHA512C05, SHA512C06, SHA512C07,
SHA512C08, SHA512C09, SHA512C0a, SHA512C0b,
SHA512C0c, SHA512C0d, SHA512C0e, SHA512C0f,
SHA512C10, SHA512C11, SHA512C12, SHA512C13,
SHA512C14, SHA512C15, SHA512C16, SHA512C17,
SHA512C18, SHA512C19, SHA512C1a, SHA512C1b,
SHA512C1c, SHA512C1d, SHA512C1e, SHA512C1f,
SHA512C20, SHA512C21, SHA512C22, SHA512C23,
SHA512C24, SHA512C25, SHA512C26, SHA512C27,
SHA512C28, SHA512C29, SHA512C2a, SHA512C2b,
SHA512C2c, SHA512C2d, SHA512C2e, SHA512C2f,
SHA512C30, SHA512C31, SHA512C32, SHA512C33,
SHA512C34, SHA512C35, SHA512C36, SHA512C37,
SHA512C38, SHA512C39, SHA512C3a, SHA512C3b,
SHA512C3c, SHA512C3d, SHA512C3e, SHA512C3f,
SHA512C40, SHA512C41, SHA512C42, SHA512C43,
SHA512C44, SHA512C45, SHA512C46, SHA512C47,
SHA512C48, SHA512C49, SHA512C4a, SHA512C4b,
SHA512C4c, SHA512C4d, SHA512C4e, SHA512C4f,
};
static void sha512_transform_S (const u64 w0[4], const u64 w1[4], const u64 w2[4], const u64 w3[4], u64 digest[8])
{
u64 a = digest[0];
u64 b = digest[1];
u64 c = digest[2];
u64 d = digest[3];
u64 e = digest[4];
u64 f = digest[5];
u64 g = digest[6];
u64 h = digest[7];
u64 w0_t = w0[0];
u64 w1_t = w0[1];
u64 w2_t = w0[2];
u64 w3_t = w0[3];
u64 w4_t = w1[0];
u64 w5_t = w1[1];
u64 w6_t = w1[2];
u64 w7_t = w1[3];
u64 w8_t = w2[0];
u64 w9_t = w2[1];
u64 wa_t = w2[2];
u64 wb_t = w2[3];
u64 wc_t = w3[0];
u64 wd_t = w3[1];
u64 we_t = w3[2];
u64 wf_t = w3[3];
#define ROUND_EXPAND_S() \
{ \
w0_t = SHA512_EXPAND_S (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA512_EXPAND_S (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA512_EXPAND_S (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA512_EXPAND_S (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA512_EXPAND_S (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA512_EXPAND_S (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA512_EXPAND_S (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA512_EXPAND_S (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA512_EXPAND_S (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA512_EXPAND_S (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA512_EXPAND_S (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA512_EXPAND_S (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA512_EXPAND_S (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA512_EXPAND_S (wb_t, w6_t, we_t, wd_t); \
we_t = SHA512_EXPAND_S (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA512_EXPAND_S (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP_S(i) \
{ \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha512[i + 0]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha512[i + 1]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha512[i + 2]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha512[i + 3]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha512[i + 4]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha512[i + 5]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha512[i + 6]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha512[i + 7]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha512[i + 8]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha512[i + 9]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha512[i + 10]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha512[i + 11]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha512[i + 12]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha512[i + 13]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, we_t, k_sha512[i + 14]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha512[i + 15]); \
}
ROUND_STEP_S (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 80; i += 16)
{
ROUND_EXPAND_S (); ROUND_STEP_S (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha512_pad_S (u64 w0[4], u64 w1[4], u64 w2[4], u64 w3[4], u64 ipad[8], u64 opad[8])
{
w0[0] = w0[0] ^ 0x3636363636363636;
w0[1] = w0[1] ^ 0x3636363636363636;
w0[2] = w0[2] ^ 0x3636363636363636;
w0[3] = w0[3] ^ 0x3636363636363636;
w1[0] = w1[0] ^ 0x3636363636363636;
w1[1] = w1[1] ^ 0x3636363636363636;
w1[2] = w1[2] ^ 0x3636363636363636;
w1[3] = w1[3] ^ 0x3636363636363636;
w2[0] = w2[0] ^ 0x3636363636363636;
w2[1] = w2[1] ^ 0x3636363636363636;
w2[2] = w2[2] ^ 0x3636363636363636;
w2[3] = w2[3] ^ 0x3636363636363636;
w3[0] = w3[0] ^ 0x3636363636363636;
w3[1] = w3[1] ^ 0x3636363636363636;
w3[2] = w3[2] ^ 0x3636363636363636;
w3[3] = w3[3] ^ 0x3636363636363636;
ipad[0] = SHA512M_A;
ipad[1] = SHA512M_B;
ipad[2] = SHA512M_C;
ipad[3] = SHA512M_D;
ipad[4] = SHA512M_E;
ipad[5] = SHA512M_F;
ipad[6] = SHA512M_G;
ipad[7] = SHA512M_H;
sha512_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a6a6a6a6a;
opad[0] = SHA512M_A;
opad[1] = SHA512M_B;
opad[2] = SHA512M_C;
opad[3] = SHA512M_D;
opad[4] = SHA512M_E;
opad[5] = SHA512M_F;
opad[6] = SHA512M_G;
opad[7] = SHA512M_H;
sha512_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_sha512_run_S (u64 w0[4], u64 w1[4], u64 w2[4], u64 w3[4], u64 ipad[8], u64 opad[8], u64 digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha512_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x8000000000000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + 64) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha512_transform_S (w0, w1, w2, w3, digest);
}
static void sha512_transform_V (const u64x w0[4], const u64x w1[4], const u64x w2[4], const u64x w3[4], u64x digest[8])
{
u64x a = digest[0];
u64x b = digest[1];
u64x c = digest[2];
u64x d = digest[3];
u64x e = digest[4];
u64x f = digest[5];
u64x g = digest[6];
u64x h = digest[7];
u64x w0_t = w0[0];
u64x w1_t = w0[1];
u64x w2_t = w0[2];
u64x w3_t = w0[3];
u64x w4_t = w1[0];
u64x w5_t = w1[1];
u64x w6_t = w1[2];
u64x w7_t = w1[3];
u64x w8_t = w2[0];
u64x w9_t = w2[1];
u64x wa_t = w2[2];
u64x wb_t = w2[3];
u64x wc_t = w3[0];
u64x wd_t = w3[1];
u64x we_t = w3[2];
u64x wf_t = w3[3];
#define ROUND_EXPAND() \
{ \
w0_t = SHA512_EXPAND (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA512_EXPAND (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA512_EXPAND (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA512_EXPAND (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA512_EXPAND (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA512_EXPAND (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA512_EXPAND (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA512_EXPAND (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA512_EXPAND (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA512_EXPAND (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA512_EXPAND (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA512_EXPAND (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA512_EXPAND (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA512_EXPAND (wb_t, w6_t, we_t, wd_t); \
we_t = SHA512_EXPAND (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA512_EXPAND (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP(i) \
{ \
SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha512[i + 0]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha512[i + 1]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha512[i + 2]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha512[i + 3]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha512[i + 4]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha512[i + 5]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha512[i + 6]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha512[i + 7]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha512[i + 8]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha512[i + 9]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha512[i + 10]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha512[i + 11]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha512[i + 12]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha512[i + 13]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, we_t, k_sha512[i + 14]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha512[i + 15]); \
}
ROUND_STEP (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 80; i += 16)
{
ROUND_EXPAND (); ROUND_STEP (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha512_run_V (u64x w0[4], u64x w1[4], u64x w2[4], u64x w3[4], u64x ipad[8], u64x opad[8], u64x digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha512_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x8000000000000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + 64) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha512_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14632_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u64 w0[4];
u64 w1[4];
u64 w2[4];
u64 w3[4];
w0[0] = hl32_to_64_S (swap32_S (pws[gid].i[ 0]), swap32_S (pws[gid].i[ 1]));
w0[1] = hl32_to_64_S (swap32_S (pws[gid].i[ 2]), swap32_S (pws[gid].i[ 3]));
w0[2] = hl32_to_64_S (swap32_S (pws[gid].i[ 4]), swap32_S (pws[gid].i[ 5]));
w0[3] = hl32_to_64_S (swap32_S (pws[gid].i[ 6]), swap32_S (pws[gid].i[ 7]));
w1[0] = hl32_to_64_S (swap32_S (pws[gid].i[ 8]), swap32_S (pws[gid].i[ 9]));
w1[1] = hl32_to_64_S (swap32_S (pws[gid].i[10]), swap32_S (pws[gid].i[11]));
w1[2] = hl32_to_64_S (swap32_S (pws[gid].i[12]), swap32_S (pws[gid].i[13]));
w1[3] = hl32_to_64_S (swap32_S (pws[gid].i[14]), swap32_S (pws[gid].i[15]));
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u64 salt_buf0[4];
salt_buf0[0] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[0]), swap32_S (salt_bufs[salt_pos].salt_buf[1]));
salt_buf0[1] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[2]), swap32_S (salt_bufs[salt_pos].salt_buf[3]));
salt_buf0[2] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[4]), swap32_S (salt_bufs[salt_pos].salt_buf[5]));
salt_buf0[3] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[6]), swap32_S (salt_bufs[salt_pos].salt_buf[7]));
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
u64 ipad[8];
u64 opad[8];
hmac_sha512_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad64[0] = ipad[0];
tmps[gid].ipad64[1] = ipad[1];
tmps[gid].ipad64[2] = ipad[2];
tmps[gid].ipad64[3] = ipad[3];
tmps[gid].ipad64[4] = ipad[4];
tmps[gid].ipad64[5] = ipad[5];
tmps[gid].ipad64[6] = ipad[6];
tmps[gid].ipad64[7] = ipad[7];
tmps[gid].opad64[0] = opad[0];
tmps[gid].opad64[1] = opad[1];
tmps[gid].opad64[2] = opad[2];
tmps[gid].opad64[3] = opad[3];
tmps[gid].opad64[4] = opad[4];
tmps[gid].opad64[5] = opad[5];
tmps[gid].opad64[6] = opad[6];
tmps[gid].opad64[7] = opad[7];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 16, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = hl32_to_64_S (j, 0x80000000);
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + salt_len + 4) * 8;
u64 dgst[8];
hmac_sha512_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst64[i + 0] = dgst[0];
tmps[gid].dgst64[i + 1] = dgst[1];
tmps[gid].dgst64[i + 2] = dgst[2];
tmps[gid].dgst64[i + 3] = dgst[3];
tmps[gid].dgst64[i + 4] = dgst[4];
tmps[gid].dgst64[i + 5] = dgst[5];
tmps[gid].dgst64[i + 6] = dgst[6];
tmps[gid].dgst64[i + 7] = dgst[7];
tmps[gid].out64[i + 0] = dgst[0];
tmps[gid].out64[i + 1] = dgst[1];
tmps[gid].out64[i + 2] = dgst[2];
tmps[gid].out64[i + 3] = dgst[3];
tmps[gid].out64[i + 4] = dgst[4];
tmps[gid].out64[i + 5] = dgst[5];
tmps[gid].out64[i + 6] = dgst[6];
tmps[gid].out64[i + 7] = dgst[7];
}
}
__kernel void m14632_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u64x ipad[8];
u64x opad[8];
ipad[0] = pack64v (tmps, ipad64, gid, 0);
ipad[1] = pack64v (tmps, ipad64, gid, 1);
ipad[2] = pack64v (tmps, ipad64, gid, 2);
ipad[3] = pack64v (tmps, ipad64, gid, 3);
ipad[4] = pack64v (tmps, ipad64, gid, 4);
ipad[5] = pack64v (tmps, ipad64, gid, 5);
ipad[6] = pack64v (tmps, ipad64, gid, 6);
ipad[7] = pack64v (tmps, ipad64, gid, 7);
opad[0] = pack64v (tmps, opad64, gid, 0);
opad[1] = pack64v (tmps, opad64, gid, 1);
opad[2] = pack64v (tmps, opad64, gid, 2);
opad[3] = pack64v (tmps, opad64, gid, 3);
opad[4] = pack64v (tmps, opad64, gid, 4);
opad[5] = pack64v (tmps, opad64, gid, 5);
opad[6] = pack64v (tmps, opad64, gid, 6);
opad[7] = pack64v (tmps, opad64, gid, 7);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 16)
{
u64x dgst[8];
u64x out[8];
dgst[0] = pack64v (tmps, dgst64, gid, i + 0);
dgst[1] = pack64v (tmps, dgst64, gid, i + 1);
dgst[2] = pack64v (tmps, dgst64, gid, i + 2);
dgst[3] = pack64v (tmps, dgst64, gid, i + 3);
dgst[4] = pack64v (tmps, dgst64, gid, i + 4);
dgst[5] = pack64v (tmps, dgst64, gid, i + 5);
dgst[6] = pack64v (tmps, dgst64, gid, i + 6);
dgst[7] = pack64v (tmps, dgst64, gid, i + 7);
out[0] = pack64v (tmps, out64, gid, i + 0);
out[1] = pack64v (tmps, out64, gid, i + 1);
out[2] = pack64v (tmps, out64, gid, i + 2);
out[3] = pack64v (tmps, out64, gid, i + 3);
out[4] = pack64v (tmps, out64, gid, i + 4);
out[5] = pack64v (tmps, out64, gid, i + 5);
out[6] = pack64v (tmps, out64, gid, i + 6);
out[7] = pack64v (tmps, out64, gid, i + 7);
for (u32 j = 0; j < loop_cnt; j++)
{
u64x w0[4];
u64x w1[4];
u64x w2[4];
u64x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = dgst[5];
w1[2] = dgst[6];
w1[3] = dgst[7];
w2[0] = 0x8000000000000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + 64) * 8;
hmac_sha512_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
out[5] ^= dgst[5];
out[6] ^= dgst[6];
out[7] ^= dgst[7];
}
unpackv (tmps, dgst64, gid, i + 0, dgst[0]);
unpackv (tmps, dgst64, gid, i + 1, dgst[1]);
unpackv (tmps, dgst64, gid, i + 2, dgst[2]);
unpackv (tmps, dgst64, gid, i + 3, dgst[3]);
unpackv (tmps, dgst64, gid, i + 4, dgst[4]);
unpackv (tmps, dgst64, gid, i + 5, dgst[5]);
unpackv (tmps, dgst64, gid, i + 6, dgst[6]);
unpackv (tmps, dgst64, gid, i + 7, dgst[7]);
unpackv (tmps, out64, gid, i + 0, out[0]);
unpackv (tmps, out64, gid, i + 1, out[1]);
unpackv (tmps, out64, gid, i + 2, out[2]);
unpackv (tmps, out64, gid, i + 3, out[3]);
unpackv (tmps, out64, gid, i + 4, out[4]);
unpackv (tmps, out64, gid, i + 5, out[5]);
unpackv (tmps, out64, gid, i + 6, out[6]);
unpackv (tmps, out64, gid, i + 7, out[7]);
}
}
__kernel void m14632_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_sha512_then_serpent_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

620
OpenCL/m14633.cl
Unescape View File

@ -0,0 +1,620 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_twofish.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_twofish.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
__constant u64 k_sha512[80] =
{
SHA512C00, SHA512C01, SHA512C02, SHA512C03,
SHA512C04, SHA512C05, SHA512C06, SHA512C07,
SHA512C08, SHA512C09, SHA512C0a, SHA512C0b,
SHA512C0c, SHA512C0d, SHA512C0e, SHA512C0f,
SHA512C10, SHA512C11, SHA512C12, SHA512C13,
SHA512C14, SHA512C15, SHA512C16, SHA512C17,
SHA512C18, SHA512C19, SHA512C1a, SHA512C1b,
SHA512C1c, SHA512C1d, SHA512C1e, SHA512C1f,
SHA512C20, SHA512C21, SHA512C22, SHA512C23,
SHA512C24, SHA512C25, SHA512C26, SHA512C27,
SHA512C28, SHA512C29, SHA512C2a, SHA512C2b,
SHA512C2c, SHA512C2d, SHA512C2e, SHA512C2f,
SHA512C30, SHA512C31, SHA512C32, SHA512C33,
SHA512C34, SHA512C35, SHA512C36, SHA512C37,
SHA512C38, SHA512C39, SHA512C3a, SHA512C3b,
SHA512C3c, SHA512C3d, SHA512C3e, SHA512C3f,
SHA512C40, SHA512C41, SHA512C42, SHA512C43,
SHA512C44, SHA512C45, SHA512C46, SHA512C47,
SHA512C48, SHA512C49, SHA512C4a, SHA512C4b,
SHA512C4c, SHA512C4d, SHA512C4e, SHA512C4f,
};
static void sha512_transform_S (const u64 w0[4], const u64 w1[4], const u64 w2[4], const u64 w3[4], u64 digest[8])
{
u64 a = digest[0];
u64 b = digest[1];
u64 c = digest[2];
u64 d = digest[3];
u64 e = digest[4];
u64 f = digest[5];
u64 g = digest[6];
u64 h = digest[7];
u64 w0_t = w0[0];
u64 w1_t = w0[1];
u64 w2_t = w0[2];
u64 w3_t = w0[3];
u64 w4_t = w1[0];
u64 w5_t = w1[1];
u64 w6_t = w1[2];
u64 w7_t = w1[3];
u64 w8_t = w2[0];
u64 w9_t = w2[1];
u64 wa_t = w2[2];
u64 wb_t = w2[3];
u64 wc_t = w3[0];
u64 wd_t = w3[1];
u64 we_t = w3[2];
u64 wf_t = w3[3];
#define ROUND_EXPAND_S() \
{ \
w0_t = SHA512_EXPAND_S (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA512_EXPAND_S (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA512_EXPAND_S (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA512_EXPAND_S (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA512_EXPAND_S (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA512_EXPAND_S (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA512_EXPAND_S (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA512_EXPAND_S (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA512_EXPAND_S (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA512_EXPAND_S (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA512_EXPAND_S (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA512_EXPAND_S (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA512_EXPAND_S (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA512_EXPAND_S (wb_t, w6_t, we_t, wd_t); \
we_t = SHA512_EXPAND_S (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA512_EXPAND_S (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP_S(i) \
{ \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha512[i + 0]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha512[i + 1]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha512[i + 2]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha512[i + 3]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha512[i + 4]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha512[i + 5]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha512[i + 6]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha512[i + 7]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha512[i + 8]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha512[i + 9]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha512[i + 10]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha512[i + 11]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha512[i + 12]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha512[i + 13]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, we_t, k_sha512[i + 14]); \
SHA512_STEP_S (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha512[i + 15]); \
}
ROUND_STEP_S (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 80; i += 16)
{
ROUND_EXPAND_S (); ROUND_STEP_S (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha512_pad_S (u64 w0[4], u64 w1[4], u64 w2[4], u64 w3[4], u64 ipad[8], u64 opad[8])
{
w0[0] = w0[0] ^ 0x3636363636363636;
w0[1] = w0[1] ^ 0x3636363636363636;
w0[2] = w0[2] ^ 0x3636363636363636;
w0[3] = w0[3] ^ 0x3636363636363636;
w1[0] = w1[0] ^ 0x3636363636363636;
w1[1] = w1[1] ^ 0x3636363636363636;
w1[2] = w1[2] ^ 0x3636363636363636;
w1[3] = w1[3] ^ 0x3636363636363636;
w2[0] = w2[0] ^ 0x3636363636363636;
w2[1] = w2[1] ^ 0x3636363636363636;
w2[2] = w2[2] ^ 0x3636363636363636;
w2[3] = w2[3] ^ 0x3636363636363636;
w3[0] = w3[0] ^ 0x3636363636363636;
w3[1] = w3[1] ^ 0x3636363636363636;
w3[2] = w3[2] ^ 0x3636363636363636;
w3[3] = w3[3] ^ 0x3636363636363636;
ipad[0] = SHA512M_A;
ipad[1] = SHA512M_B;
ipad[2] = SHA512M_C;
ipad[3] = SHA512M_D;
ipad[4] = SHA512M_E;
ipad[5] = SHA512M_F;
ipad[6] = SHA512M_G;
ipad[7] = SHA512M_H;
sha512_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a6a6a6a6a;
opad[0] = SHA512M_A;
opad[1] = SHA512M_B;
opad[2] = SHA512M_C;
opad[3] = SHA512M_D;
opad[4] = SHA512M_E;
opad[5] = SHA512M_F;
opad[6] = SHA512M_G;
opad[7] = SHA512M_H;
sha512_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_sha512_run_S (u64 w0[4], u64 w1[4], u64 w2[4], u64 w3[4], u64 ipad[8], u64 opad[8], u64 digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha512_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x8000000000000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + 64) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha512_transform_S (w0, w1, w2, w3, digest);
}
static void sha512_transform_V (const u64x w0[4], const u64x w1[4], const u64x w2[4], const u64x w3[4], u64x digest[8])
{
u64x a = digest[0];
u64x b = digest[1];
u64x c = digest[2];
u64x d = digest[3];
u64x e = digest[4];
u64x f = digest[5];
u64x g = digest[6];
u64x h = digest[7];
u64x w0_t = w0[0];
u64x w1_t = w0[1];
u64x w2_t = w0[2];
u64x w3_t = w0[3];
u64x w4_t = w1[0];
u64x w5_t = w1[1];
u64x w6_t = w1[2];
u64x w7_t = w1[3];
u64x w8_t = w2[0];
u64x w9_t = w2[1];
u64x wa_t = w2[2];
u64x wb_t = w2[3];
u64x wc_t = w3[0];
u64x wd_t = w3[1];
u64x we_t = w3[2];
u64x wf_t = w3[3];
#define ROUND_EXPAND() \
{ \
w0_t = SHA512_EXPAND (we_t, w9_t, w1_t, w0_t); \
w1_t = SHA512_EXPAND (wf_t, wa_t, w2_t, w1_t); \
w2_t = SHA512_EXPAND (w0_t, wb_t, w3_t, w2_t); \
w3_t = SHA512_EXPAND (w1_t, wc_t, w4_t, w3_t); \
w4_t = SHA512_EXPAND (w2_t, wd_t, w5_t, w4_t); \
w5_t = SHA512_EXPAND (w3_t, we_t, w6_t, w5_t); \
w6_t = SHA512_EXPAND (w4_t, wf_t, w7_t, w6_t); \
w7_t = SHA512_EXPAND (w5_t, w0_t, w8_t, w7_t); \
w8_t = SHA512_EXPAND (w6_t, w1_t, w9_t, w8_t); \
w9_t = SHA512_EXPAND (w7_t, w2_t, wa_t, w9_t); \
wa_t = SHA512_EXPAND (w8_t, w3_t, wb_t, wa_t); \
wb_t = SHA512_EXPAND (w9_t, w4_t, wc_t, wb_t); \
wc_t = SHA512_EXPAND (wa_t, w5_t, wd_t, wc_t); \
wd_t = SHA512_EXPAND (wb_t, w6_t, we_t, wd_t); \
we_t = SHA512_EXPAND (wc_t, w7_t, wf_t, we_t); \
wf_t = SHA512_EXPAND (wd_t, w8_t, w0_t, wf_t); \
}
#define ROUND_STEP(i) \
{ \
SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha512[i + 0]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha512[i + 1]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha512[i + 2]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha512[i + 3]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha512[i + 4]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha512[i + 5]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha512[i + 6]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha512[i + 7]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha512[i + 8]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha512[i + 9]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha512[i + 10]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha512[i + 11]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha512[i + 12]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha512[i + 13]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, c, d, e, f, g, h, a, b, we_t, k_sha512[i + 14]); \
SHA512_STEP (SHA512_F0o, SHA512_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha512[i + 15]); \
}
ROUND_STEP (0);
#ifdef _unroll
#pragma unroll
#endif
for (int i = 16; i < 80; i += 16)
{
ROUND_EXPAND (); ROUND_STEP (i);
}
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
digest[5] += f;
digest[6] += g;
digest[7] += h;
}
static void hmac_sha512_run_V (u64x w0[4], u64x w1[4], u64x w2[4], u64x w3[4], u64x ipad[8], u64x opad[8], u64x digest[8])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
digest[5] = ipad[5];
digest[6] = ipad[6];
digest[7] = ipad[7];
sha512_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = digest[5];
w1[2] = digest[6];
w1[3] = digest[7];
w2[0] = 0x8000000000000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + 64) * 8;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
digest[5] = opad[5];
digest[6] = opad[6];
digest[7] = opad[7];
sha512_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14633_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u64 w0[4];
u64 w1[4];
u64 w2[4];
u64 w3[4];
w0[0] = hl32_to_64_S (swap32_S (pws[gid].i[ 0]), swap32_S (pws[gid].i[ 1]));
w0[1] = hl32_to_64_S (swap32_S (pws[gid].i[ 2]), swap32_S (pws[gid].i[ 3]));
w0[2] = hl32_to_64_S (swap32_S (pws[gid].i[ 4]), swap32_S (pws[gid].i[ 5]));
w0[3] = hl32_to_64_S (swap32_S (pws[gid].i[ 6]), swap32_S (pws[gid].i[ 7]));
w1[0] = hl32_to_64_S (swap32_S (pws[gid].i[ 8]), swap32_S (pws[gid].i[ 9]));
w1[1] = hl32_to_64_S (swap32_S (pws[gid].i[10]), swap32_S (pws[gid].i[11]));
w1[2] = hl32_to_64_S (swap32_S (pws[gid].i[12]), swap32_S (pws[gid].i[13]));
w1[3] = hl32_to_64_S (swap32_S (pws[gid].i[14]), swap32_S (pws[gid].i[15]));
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u64 salt_buf0[4];
salt_buf0[0] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[0]), swap32_S (salt_bufs[salt_pos].salt_buf[1]));
salt_buf0[1] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[2]), swap32_S (salt_bufs[salt_pos].salt_buf[3]));
salt_buf0[2] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[4]), swap32_S (salt_bufs[salt_pos].salt_buf[5]));
salt_buf0[3] = hl32_to_64_S (swap32_S (salt_bufs[salt_pos].salt_buf[6]), swap32_S (salt_bufs[salt_pos].salt_buf[7]));
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
u64 ipad[8];
u64 opad[8];
hmac_sha512_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad64[0] = ipad[0];
tmps[gid].ipad64[1] = ipad[1];
tmps[gid].ipad64[2] = ipad[2];
tmps[gid].ipad64[3] = ipad[3];
tmps[gid].ipad64[4] = ipad[4];
tmps[gid].ipad64[5] = ipad[5];
tmps[gid].ipad64[6] = ipad[6];
tmps[gid].ipad64[7] = ipad[7];
tmps[gid].opad64[0] = opad[0];
tmps[gid].opad64[1] = opad[1];
tmps[gid].opad64[2] = opad[2];
tmps[gid].opad64[3] = opad[3];
tmps[gid].opad64[4] = opad[4];
tmps[gid].opad64[5] = opad[5];
tmps[gid].opad64[6] = opad[6];
tmps[gid].opad64[7] = opad[7];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 16, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = hl32_to_64_S (j, 0x80000000);
w1[1] = 0;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + salt_len + 4) * 8;
u64 dgst[8];
hmac_sha512_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst64[i + 0] = dgst[0];
tmps[gid].dgst64[i + 1] = dgst[1];
tmps[gid].dgst64[i + 2] = dgst[2];
tmps[gid].dgst64[i + 3] = dgst[3];
tmps[gid].dgst64[i + 4] = dgst[4];
tmps[gid].dgst64[i + 5] = dgst[5];
tmps[gid].dgst64[i + 6] = dgst[6];
tmps[gid].dgst64[i + 7] = dgst[7];
tmps[gid].out64[i + 0] = dgst[0];
tmps[gid].out64[i + 1] = dgst[1];
tmps[gid].out64[i + 2] = dgst[2];
tmps[gid].out64[i + 3] = dgst[3];
tmps[gid].out64[i + 4] = dgst[4];
tmps[gid].out64[i + 5] = dgst[5];
tmps[gid].out64[i + 6] = dgst[6];
tmps[gid].out64[i + 7] = dgst[7];
}
}
__kernel void m14633_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u64x ipad[8];
u64x opad[8];
ipad[0] = pack64v (tmps, ipad64, gid, 0);
ipad[1] = pack64v (tmps, ipad64, gid, 1);
ipad[2] = pack64v (tmps, ipad64, gid, 2);
ipad[3] = pack64v (tmps, ipad64, gid, 3);
ipad[4] = pack64v (tmps, ipad64, gid, 4);
ipad[5] = pack64v (tmps, ipad64, gid, 5);
ipad[6] = pack64v (tmps, ipad64, gid, 6);
ipad[7] = pack64v (tmps, ipad64, gid, 7);
opad[0] = pack64v (tmps, opad64, gid, 0);
opad[1] = pack64v (tmps, opad64, gid, 1);
opad[2] = pack64v (tmps, opad64, gid, 2);
opad[3] = pack64v (tmps, opad64, gid, 3);
opad[4] = pack64v (tmps, opad64, gid, 4);
opad[5] = pack64v (tmps, opad64, gid, 5);
opad[6] = pack64v (tmps, opad64, gid, 6);
opad[7] = pack64v (tmps, opad64, gid, 7);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 16)
{
u64x dgst[8];
u64x out[8];
dgst[0] = pack64v (tmps, dgst64, gid, i + 0);
dgst[1] = pack64v (tmps, dgst64, gid, i + 1);
dgst[2] = pack64v (tmps, dgst64, gid, i + 2);
dgst[3] = pack64v (tmps, dgst64, gid, i + 3);
dgst[4] = pack64v (tmps, dgst64, gid, i + 4);
dgst[5] = pack64v (tmps, dgst64, gid, i + 5);
dgst[6] = pack64v (tmps, dgst64, gid, i + 6);
dgst[7] = pack64v (tmps, dgst64, gid, i + 7);
out[0] = pack64v (tmps, out64, gid, i + 0);
out[1] = pack64v (tmps, out64, gid, i + 1);
out[2] = pack64v (tmps, out64, gid, i + 2);
out[3] = pack64v (tmps, out64, gid, i + 3);
out[4] = pack64v (tmps, out64, gid, i + 4);
out[5] = pack64v (tmps, out64, gid, i + 5);
out[6] = pack64v (tmps, out64, gid, i + 6);
out[7] = pack64v (tmps, out64, gid, i + 7);
for (u32 j = 0; j < loop_cnt; j++)
{
u64x w0[4];
u64x w1[4];
u64x w2[4];
u64x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = dgst[5];
w1[2] = dgst[6];
w1[3] = dgst[7];
w2[0] = 0x8000000000000000;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = (128 + 64) * 8;
hmac_sha512_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
out[5] ^= dgst[5];
out[6] ^= dgst[6];
out[7] ^= dgst[7];
}
unpackv (tmps, dgst64, gid, i + 0, dgst[0]);
unpackv (tmps, dgst64, gid, i + 1, dgst[1]);
unpackv (tmps, dgst64, gid, i + 2, dgst[2]);
unpackv (tmps, dgst64, gid, i + 3, dgst[3]);
unpackv (tmps, dgst64, gid, i + 4, dgst[4]);
unpackv (tmps, dgst64, gid, i + 5, dgst[5]);
unpackv (tmps, dgst64, gid, i + 6, dgst[6]);
unpackv (tmps, dgst64, gid, i + 7, dgst[7]);
unpackv (tmps, out64, gid, i + 0, out[0]);
unpackv (tmps, out64, gid, i + 1, out[1]);
unpackv (tmps, out64, gid, i + 2, out[2]);
unpackv (tmps, out64, gid, i + 3, out[3]);
unpackv (tmps, out64, gid, i + 4, out[4]);
unpackv (tmps, out64, gid, i + 5, out[5]);
unpackv (tmps, out64, gid, i + 6, out[6]);
unpackv (tmps, out64, gid, i + 7, out[7]);
}
}
__kernel void m14633_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_sha512_then_twofish_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

861
OpenCL/m14641.cl
Unescape View File

@ -0,0 +1,861 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_aes.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_aes.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
static void ripemd160_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[5])
{
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
u32 a1 = digest[0];
u32 b1 = digest[1];
u32 c1 = digest[2];
u32 d1 = digest[3];
u32 e1 = digest[4];
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, w0_t, RIPEMD160C00, RIPEMD160S00);
RIPEMD160_STEP_S (RIPEMD160_F , e1, a1, b1, c1, d1, w1_t, RIPEMD160C00, RIPEMD160S01);
RIPEMD160_STEP_S (RIPEMD160_F , d1, e1, a1, b1, c1, w2_t, RIPEMD160C00, RIPEMD160S02);
RIPEMD160_STEP_S (RIPEMD160_F , c1, d1, e1, a1, b1, w3_t, RIPEMD160C00, RIPEMD160S03);
RIPEMD160_STEP_S (RIPEMD160_F , b1, c1, d1, e1, a1, w4_t, RIPEMD160C00, RIPEMD160S04);
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, w5_t, RIPEMD160C00, RIPEMD160S05);
RIPEMD160_STEP_S (RIPEMD160_F , e1, a1, b1, c1, d1, w6_t, RIPEMD160C00, RIPEMD160S06);
RIPEMD160_STEP_S (RIPEMD160_F , d1, e1, a1, b1, c1, w7_t, RIPEMD160C00, RIPEMD160S07);
RIPEMD160_STEP_S (RIPEMD160_F , c1, d1, e1, a1, b1, w8_t, RIPEMD160C00, RIPEMD160S08);
RIPEMD160_STEP_S (RIPEMD160_F , b1, c1, d1, e1, a1, w9_t, RIPEMD160C00, RIPEMD160S09);
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, wa_t, RIPEMD160C00, RIPEMD160S0A);
RIPEMD160_STEP_S (RIPEMD160_F , e1, a1, b1, c1, d1, wb_t, RIPEMD160C00, RIPEMD160S0B);
RIPEMD160_STEP_S (RIPEMD160_F , d1, e1, a1, b1, c1, wc_t, RIPEMD160C00, RIPEMD160S0C);
RIPEMD160_STEP_S (RIPEMD160_F , c1, d1, e1, a1, b1, wd_t, RIPEMD160C00, RIPEMD160S0D);
RIPEMD160_STEP_S (RIPEMD160_F , b1, c1, d1, e1, a1, we_t, RIPEMD160C00, RIPEMD160S0E);
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, wf_t, RIPEMD160C00, RIPEMD160S0F);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w7_t, RIPEMD160C10, RIPEMD160S10);
RIPEMD160_STEP_S (RIPEMD160_Go, d1, e1, a1, b1, c1, w4_t, RIPEMD160C10, RIPEMD160S11);
RIPEMD160_STEP_S (RIPEMD160_Go, c1, d1, e1, a1, b1, wd_t, RIPEMD160C10, RIPEMD160S12);
RIPEMD160_STEP_S (RIPEMD160_Go, b1, c1, d1, e1, a1, w1_t, RIPEMD160C10, RIPEMD160S13);
RIPEMD160_STEP_S (RIPEMD160_Go, a1, b1, c1, d1, e1, wa_t, RIPEMD160C10, RIPEMD160S14);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w6_t, RIPEMD160C10, RIPEMD160S15);
RIPEMD160_STEP_S (RIPEMD160_Go, d1, e1, a1, b1, c1, wf_t, RIPEMD160C10, RIPEMD160S16);
RIPEMD160_STEP_S (RIPEMD160_Go, c1, d1, e1, a1, b1, w3_t, RIPEMD160C10, RIPEMD160S17);
RIPEMD160_STEP_S (RIPEMD160_Go, b1, c1, d1, e1, a1, wc_t, RIPEMD160C10, RIPEMD160S18);
RIPEMD160_STEP_S (RIPEMD160_Go, a1, b1, c1, d1, e1, w0_t, RIPEMD160C10, RIPEMD160S19);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w9_t, RIPEMD160C10, RIPEMD160S1A);
RIPEMD160_STEP_S (RIPEMD160_Go, d1, e1, a1, b1, c1, w5_t, RIPEMD160C10, RIPEMD160S1B);
RIPEMD160_STEP_S (RIPEMD160_Go, c1, d1, e1, a1, b1, w2_t, RIPEMD160C10, RIPEMD160S1C);
RIPEMD160_STEP_S (RIPEMD160_Go, b1, c1, d1, e1, a1, we_t, RIPEMD160C10, RIPEMD160S1D);
RIPEMD160_STEP_S (RIPEMD160_Go, a1, b1, c1, d1, e1, wb_t, RIPEMD160C10, RIPEMD160S1E);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w8_t, RIPEMD160C10, RIPEMD160S1F);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, w3_t, RIPEMD160C20, RIPEMD160S20);
RIPEMD160_STEP_S (RIPEMD160_H , c1, d1, e1, a1, b1, wa_t, RIPEMD160C20, RIPEMD160S21);
RIPEMD160_STEP_S (RIPEMD160_H , b1, c1, d1, e1, a1, we_t, RIPEMD160C20, RIPEMD160S22);
RIPEMD160_STEP_S (RIPEMD160_H , a1, b1, c1, d1, e1, w4_t, RIPEMD160C20, RIPEMD160S23);
RIPEMD160_STEP_S (RIPEMD160_H , e1, a1, b1, c1, d1, w9_t, RIPEMD160C20, RIPEMD160S24);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, wf_t, RIPEMD160C20, RIPEMD160S25);
RIPEMD160_STEP_S (RIPEMD160_H , c1, d1, e1, a1, b1, w8_t, RIPEMD160C20, RIPEMD160S26);
RIPEMD160_STEP_S (RIPEMD160_H , b1, c1, d1, e1, a1, w1_t, RIPEMD160C20, RIPEMD160S27);
RIPEMD160_STEP_S (RIPEMD160_H , a1, b1, c1, d1, e1, w2_t, RIPEMD160C20, RIPEMD160S28);
RIPEMD160_STEP_S (RIPEMD160_H , e1, a1, b1, c1, d1, w7_t, RIPEMD160C20, RIPEMD160S29);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, w0_t, RIPEMD160C20, RIPEMD160S2A);
RIPEMD160_STEP_S (RIPEMD160_H , c1, d1, e1, a1, b1, w6_t, RIPEMD160C20, RIPEMD160S2B);
RIPEMD160_STEP_S (RIPEMD160_H , b1, c1, d1, e1, a1, wd_t, RIPEMD160C20, RIPEMD160S2C);
RIPEMD160_STEP_S (RIPEMD160_H , a1, b1, c1, d1, e1, wb_t, RIPEMD160C20, RIPEMD160S2D);
RIPEMD160_STEP_S (RIPEMD160_H , e1, a1, b1, c1, d1, w5_t, RIPEMD160C20, RIPEMD160S2E);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, wc_t, RIPEMD160C20, RIPEMD160S2F);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w1_t, RIPEMD160C30, RIPEMD160S30);
RIPEMD160_STEP_S (RIPEMD160_Io, b1, c1, d1, e1, a1, w9_t, RIPEMD160C30, RIPEMD160S31);
RIPEMD160_STEP_S (RIPEMD160_Io, a1, b1, c1, d1, e1, wb_t, RIPEMD160C30, RIPEMD160S32);
RIPEMD160_STEP_S (RIPEMD160_Io, e1, a1, b1, c1, d1, wa_t, RIPEMD160C30, RIPEMD160S33);
RIPEMD160_STEP_S (RIPEMD160_Io, d1, e1, a1, b1, c1, w0_t, RIPEMD160C30, RIPEMD160S34);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w8_t, RIPEMD160C30, RIPEMD160S35);
RIPEMD160_STEP_S (RIPEMD160_Io, b1, c1, d1, e1, a1, wc_t, RIPEMD160C30, RIPEMD160S36);
RIPEMD160_STEP_S (RIPEMD160_Io, a1, b1, c1, d1, e1, w4_t, RIPEMD160C30, RIPEMD160S37);
RIPEMD160_STEP_S (RIPEMD160_Io, e1, a1, b1, c1, d1, wd_t, RIPEMD160C30, RIPEMD160S38);
RIPEMD160_STEP_S (RIPEMD160_Io, d1, e1, a1, b1, c1, w3_t, RIPEMD160C30, RIPEMD160S39);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w7_t, RIPEMD160C30, RIPEMD160S3A);
RIPEMD160_STEP_S (RIPEMD160_Io, b1, c1, d1, e1, a1, wf_t, RIPEMD160C30, RIPEMD160S3B);
RIPEMD160_STEP_S (RIPEMD160_Io, a1, b1, c1, d1, e1, we_t, RIPEMD160C30, RIPEMD160S3C);
RIPEMD160_STEP_S (RIPEMD160_Io, e1, a1, b1, c1, d1, w5_t, RIPEMD160C30, RIPEMD160S3D);
RIPEMD160_STEP_S (RIPEMD160_Io, d1, e1, a1, b1, c1, w6_t, RIPEMD160C30, RIPEMD160S3E);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w2_t, RIPEMD160C30, RIPEMD160S3F);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, w4_t, RIPEMD160C40, RIPEMD160S40);
RIPEMD160_STEP_S (RIPEMD160_J , a1, b1, c1, d1, e1, w0_t, RIPEMD160C40, RIPEMD160S41);
RIPEMD160_STEP_S (RIPEMD160_J , e1, a1, b1, c1, d1, w5_t, RIPEMD160C40, RIPEMD160S42);
RIPEMD160_STEP_S (RIPEMD160_J , d1, e1, a1, b1, c1, w9_t, RIPEMD160C40, RIPEMD160S43);
RIPEMD160_STEP_S (RIPEMD160_J , c1, d1, e1, a1, b1, w7_t, RIPEMD160C40, RIPEMD160S44);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, wc_t, RIPEMD160C40, RIPEMD160S45);
RIPEMD160_STEP_S (RIPEMD160_J , a1, b1, c1, d1, e1, w2_t, RIPEMD160C40, RIPEMD160S46);
RIPEMD160_STEP_S (RIPEMD160_J , e1, a1, b1, c1, d1, wa_t, RIPEMD160C40, RIPEMD160S47);
RIPEMD160_STEP_S (RIPEMD160_J , d1, e1, a1, b1, c1, we_t, RIPEMD160C40, RIPEMD160S48);
RIPEMD160_STEP_S (RIPEMD160_J , c1, d1, e1, a1, b1, w1_t, RIPEMD160C40, RIPEMD160S49);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, w3_t, RIPEMD160C40, RIPEMD160S4A);
RIPEMD160_STEP_S (RIPEMD160_J , a1, b1, c1, d1, e1, w8_t, RIPEMD160C40, RIPEMD160S4B);
RIPEMD160_STEP_S (RIPEMD160_J , e1, a1, b1, c1, d1, wb_t, RIPEMD160C40, RIPEMD160S4C);
RIPEMD160_STEP_S (RIPEMD160_J , d1, e1, a1, b1, c1, w6_t, RIPEMD160C40, RIPEMD160S4D);
RIPEMD160_STEP_S (RIPEMD160_J , c1, d1, e1, a1, b1, wf_t, RIPEMD160C40, RIPEMD160S4E);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, wd_t, RIPEMD160C40, RIPEMD160S4F);
u32 a2 = digest[0];
u32 b2 = digest[1];
u32 c2 = digest[2];
u32 d2 = digest[3];
u32 e2 = digest[4];
RIPEMD160_STEP_S_WORKAROUND_BUG (RIPEMD160_J , a2, b2, c2, d2, e2, w5_t, RIPEMD160C50, RIPEMD160S50);
RIPEMD160_STEP_S (RIPEMD160_J , e2, a2, b2, c2, d2, we_t, RIPEMD160C50, RIPEMD160S51);
RIPEMD160_STEP_S (RIPEMD160_J , d2, e2, a2, b2, c2, w7_t, RIPEMD160C50, RIPEMD160S52);
RIPEMD160_STEP_S (RIPEMD160_J , c2, d2, e2, a2, b2, w0_t, RIPEMD160C50, RIPEMD160S53);
RIPEMD160_STEP_S (RIPEMD160_J , b2, c2, d2, e2, a2, w9_t, RIPEMD160C50, RIPEMD160S54);
RIPEMD160_STEP_S (RIPEMD160_J , a2, b2, c2, d2, e2, w2_t, RIPEMD160C50, RIPEMD160S55);
RIPEMD160_STEP_S (RIPEMD160_J , e2, a2, b2, c2, d2, wb_t, RIPEMD160C50, RIPEMD160S56);
RIPEMD160_STEP_S (RIPEMD160_J , d2, e2, a2, b2, c2, w4_t, RIPEMD160C50, RIPEMD160S57);
RIPEMD160_STEP_S (RIPEMD160_J , c2, d2, e2, a2, b2, wd_t, RIPEMD160C50, RIPEMD160S58);
RIPEMD160_STEP_S (RIPEMD160_J , b2, c2, d2, e2, a2, w6_t, RIPEMD160C50, RIPEMD160S59);
RIPEMD160_STEP_S (RIPEMD160_J , a2, b2, c2, d2, e2, wf_t, RIPEMD160C50, RIPEMD160S5A);
RIPEMD160_STEP_S (RIPEMD160_J , e2, a2, b2, c2, d2, w8_t, RIPEMD160C50, RIPEMD160S5B);
RIPEMD160_STEP_S (RIPEMD160_J , d2, e2, a2, b2, c2, w1_t, RIPEMD160C50, RIPEMD160S5C);
RIPEMD160_STEP_S (RIPEMD160_J , c2, d2, e2, a2, b2, wa_t, RIPEMD160C50, RIPEMD160S5D);
RIPEMD160_STEP_S (RIPEMD160_J , b2, c2, d2, e2, a2, w3_t, RIPEMD160C50, RIPEMD160S5E);
RIPEMD160_STEP_S (RIPEMD160_J , a2, b2, c2, d2, e2, wc_t, RIPEMD160C50, RIPEMD160S5F);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, w6_t, RIPEMD160C60, RIPEMD160S60);
RIPEMD160_STEP_S (RIPEMD160_Io, d2, e2, a2, b2, c2, wb_t, RIPEMD160C60, RIPEMD160S61);
RIPEMD160_STEP_S (RIPEMD160_Io, c2, d2, e2, a2, b2, w3_t, RIPEMD160C60, RIPEMD160S62);
RIPEMD160_STEP_S (RIPEMD160_Io, b2, c2, d2, e2, a2, w7_t, RIPEMD160C60, RIPEMD160S63);
RIPEMD160_STEP_S (RIPEMD160_Io, a2, b2, c2, d2, e2, w0_t, RIPEMD160C60, RIPEMD160S64);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, wd_t, RIPEMD160C60, RIPEMD160S65);
RIPEMD160_STEP_S (RIPEMD160_Io, d2, e2, a2, b2, c2, w5_t, RIPEMD160C60, RIPEMD160S66);
RIPEMD160_STEP_S (RIPEMD160_Io, c2, d2, e2, a2, b2, wa_t, RIPEMD160C60, RIPEMD160S67);
RIPEMD160_STEP_S (RIPEMD160_Io, b2, c2, d2, e2, a2, we_t, RIPEMD160C60, RIPEMD160S68);
RIPEMD160_STEP_S (RIPEMD160_Io, a2, b2, c2, d2, e2, wf_t, RIPEMD160C60, RIPEMD160S69);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, w8_t, RIPEMD160C60, RIPEMD160S6A);
RIPEMD160_STEP_S (RIPEMD160_Io, d2, e2, a2, b2, c2, wc_t, RIPEMD160C60, RIPEMD160S6B);
RIPEMD160_STEP_S (RIPEMD160_Io, c2, d2, e2, a2, b2, w4_t, RIPEMD160C60, RIPEMD160S6C);
RIPEMD160_STEP_S (RIPEMD160_Io, b2, c2, d2, e2, a2, w9_t, RIPEMD160C60, RIPEMD160S6D);
RIPEMD160_STEP_S (RIPEMD160_Io, a2, b2, c2, d2, e2, w1_t, RIPEMD160C60, RIPEMD160S6E);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, w2_t, RIPEMD160C60, RIPEMD160S6F);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, wf_t, RIPEMD160C70, RIPEMD160S70);
RIPEMD160_STEP_S (RIPEMD160_H , c2, d2, e2, a2, b2, w5_t, RIPEMD160C70, RIPEMD160S71);
RIPEMD160_STEP_S (RIPEMD160_H , b2, c2, d2, e2, a2, w1_t, RIPEMD160C70, RIPEMD160S72);
RIPEMD160_STEP_S (RIPEMD160_H , a2, b2, c2, d2, e2, w3_t, RIPEMD160C70, RIPEMD160S73);
RIPEMD160_STEP_S (RIPEMD160_H , e2, a2, b2, c2, d2, w7_t, RIPEMD160C70, RIPEMD160S74);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, we_t, RIPEMD160C70, RIPEMD160S75);
RIPEMD160_STEP_S (RIPEMD160_H , c2, d2, e2, a2, b2, w6_t, RIPEMD160C70, RIPEMD160S76);
RIPEMD160_STEP_S (RIPEMD160_H , b2, c2, d2, e2, a2, w9_t, RIPEMD160C70, RIPEMD160S77);
RIPEMD160_STEP_S (RIPEMD160_H , a2, b2, c2, d2, e2, wb_t, RIPEMD160C70, RIPEMD160S78);
RIPEMD160_STEP_S (RIPEMD160_H , e2, a2, b2, c2, d2, w8_t, RIPEMD160C70, RIPEMD160S79);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, wc_t, RIPEMD160C70, RIPEMD160S7A);
RIPEMD160_STEP_S (RIPEMD160_H , c2, d2, e2, a2, b2, w2_t, RIPEMD160C70, RIPEMD160S7B);
RIPEMD160_STEP_S (RIPEMD160_H , b2, c2, d2, e2, a2, wa_t, RIPEMD160C70, RIPEMD160S7C);
RIPEMD160_STEP_S (RIPEMD160_H , a2, b2, c2, d2, e2, w0_t, RIPEMD160C70, RIPEMD160S7D);
RIPEMD160_STEP_S (RIPEMD160_H , e2, a2, b2, c2, d2, w4_t, RIPEMD160C70, RIPEMD160S7E);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, wd_t, RIPEMD160C70, RIPEMD160S7F);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, w8_t, RIPEMD160C80, RIPEMD160S80);
RIPEMD160_STEP_S (RIPEMD160_Go, b2, c2, d2, e2, a2, w6_t, RIPEMD160C80, RIPEMD160S81);
RIPEMD160_STEP_S (RIPEMD160_Go, a2, b2, c2, d2, e2, w4_t, RIPEMD160C80, RIPEMD160S82);
RIPEMD160_STEP_S (RIPEMD160_Go, e2, a2, b2, c2, d2, w1_t, RIPEMD160C80, RIPEMD160S83);
RIPEMD160_STEP_S (RIPEMD160_Go, d2, e2, a2, b2, c2, w3_t, RIPEMD160C80, RIPEMD160S84);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, wb_t, RIPEMD160C80, RIPEMD160S85);
RIPEMD160_STEP_S (RIPEMD160_Go, b2, c2, d2, e2, a2, wf_t, RIPEMD160C80, RIPEMD160S86);
RIPEMD160_STEP_S (RIPEMD160_Go, a2, b2, c2, d2, e2, w0_t, RIPEMD160C80, RIPEMD160S87);
RIPEMD160_STEP_S (RIPEMD160_Go, e2, a2, b2, c2, d2, w5_t, RIPEMD160C80, RIPEMD160S88);
RIPEMD160_STEP_S (RIPEMD160_Go, d2, e2, a2, b2, c2, wc_t, RIPEMD160C80, RIPEMD160S89);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, w2_t, RIPEMD160C80, RIPEMD160S8A);
RIPEMD160_STEP_S (RIPEMD160_Go, b2, c2, d2, e2, a2, wd_t, RIPEMD160C80, RIPEMD160S8B);
RIPEMD160_STEP_S (RIPEMD160_Go, a2, b2, c2, d2, e2, w9_t, RIPEMD160C80, RIPEMD160S8C);
RIPEMD160_STEP_S (RIPEMD160_Go, e2, a2, b2, c2, d2, w7_t, RIPEMD160C80, RIPEMD160S8D);
RIPEMD160_STEP_S (RIPEMD160_Go, d2, e2, a2, b2, c2, wa_t, RIPEMD160C80, RIPEMD160S8E);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, we_t, RIPEMD160C80, RIPEMD160S8F);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, wc_t, RIPEMD160C90, RIPEMD160S90);
RIPEMD160_STEP_S (RIPEMD160_F , a2, b2, c2, d2, e2, wf_t, RIPEMD160C90, RIPEMD160S91);
RIPEMD160_STEP_S (RIPEMD160_F , e2, a2, b2, c2, d2, wa_t, RIPEMD160C90, RIPEMD160S92);
RIPEMD160_STEP_S (RIPEMD160_F , d2, e2, a2, b2, c2, w4_t, RIPEMD160C90, RIPEMD160S93);
RIPEMD160_STEP_S (RIPEMD160_F , c2, d2, e2, a2, b2, w1_t, RIPEMD160C90, RIPEMD160S94);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, w5_t, RIPEMD160C90, RIPEMD160S95);
RIPEMD160_STEP_S (RIPEMD160_F , a2, b2, c2, d2, e2, w8_t, RIPEMD160C90, RIPEMD160S96);
RIPEMD160_STEP_S (RIPEMD160_F , e2, a2, b2, c2, d2, w7_t, RIPEMD160C90, RIPEMD160S97);
RIPEMD160_STEP_S (RIPEMD160_F , d2, e2, a2, b2, c2, w6_t, RIPEMD160C90, RIPEMD160S98);
RIPEMD160_STEP_S (RIPEMD160_F , c2, d2, e2, a2, b2, w2_t, RIPEMD160C90, RIPEMD160S99);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, wd_t, RIPEMD160C90, RIPEMD160S9A);
RIPEMD160_STEP_S (RIPEMD160_F , a2, b2, c2, d2, e2, we_t, RIPEMD160C90, RIPEMD160S9B);
RIPEMD160_STEP_S (RIPEMD160_F , e2, a2, b2, c2, d2, w0_t, RIPEMD160C90, RIPEMD160S9C);
RIPEMD160_STEP_S (RIPEMD160_F , d2, e2, a2, b2, c2, w3_t, RIPEMD160C90, RIPEMD160S9D);
RIPEMD160_STEP_S (RIPEMD160_F , c2, d2, e2, a2, b2, w9_t, RIPEMD160C90, RIPEMD160S9E);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, wb_t, RIPEMD160C90, RIPEMD160S9F);
const u32 a = digest[1] + c1 + d2;
const u32 b = digest[2] + d1 + e2;
const u32 c = digest[3] + e1 + a2;
const u32 d = digest[4] + a1 + b2;
const u32 e = digest[0] + b1 + c2;
digest[0] = a;
digest[1] = b;
digest[2] = c;
digest[3] = d;
digest[4] = e;
}
static void hmac_ripemd160_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5])
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = RIPEMD160M_A;
ipad[1] = RIPEMD160M_B;
ipad[2] = RIPEMD160M_C;
ipad[3] = RIPEMD160M_D;
ipad[4] = RIPEMD160M_E;
ripemd160_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = RIPEMD160M_A;
opad[1] = RIPEMD160M_B;
opad[2] = RIPEMD160M_C;
opad[3] = RIPEMD160M_D;
opad[4] = RIPEMD160M_E;
ripemd160_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_ripemd160_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5], u32 digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
ripemd160_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 20) * 8;
w3[3] = 0;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
ripemd160_transform_S (w0, w1, w2, w3, digest);
}
static void ripemd160_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[5])
{
u32x w0_t = w0[0];
u32x w1_t = w0[1];
u32x w2_t = w0[2];
u32x w3_t = w0[3];
u32x w4_t = w1[0];
u32x w5_t = w1[1];
u32x w6_t = w1[2];
u32x w7_t = w1[3];
u32x w8_t = w2[0];
u32x w9_t = w2[1];
u32x wa_t = w2[2];
u32x wb_t = w2[3];
u32x wc_t = w3[0];
u32x wd_t = w3[1];
u32x we_t = w3[2];
u32x wf_t = w3[3];
u32x a1 = digest[0];
u32x b1 = digest[1];
u32x c1 = digest[2];
u32x d1 = digest[3];
u32x e1 = digest[4];
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, w0_t, RIPEMD160C00, RIPEMD160S00);
RIPEMD160_STEP (RIPEMD160_F , e1, a1, b1, c1, d1, w1_t, RIPEMD160C00, RIPEMD160S01);
RIPEMD160_STEP (RIPEMD160_F , d1, e1, a1, b1, c1, w2_t, RIPEMD160C00, RIPEMD160S02);
RIPEMD160_STEP (RIPEMD160_F , c1, d1, e1, a1, b1, w3_t, RIPEMD160C00, RIPEMD160S03);
RIPEMD160_STEP (RIPEMD160_F , b1, c1, d1, e1, a1, w4_t, RIPEMD160C00, RIPEMD160S04);
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, w5_t, RIPEMD160C00, RIPEMD160S05);
RIPEMD160_STEP (RIPEMD160_F , e1, a1, b1, c1, d1, w6_t, RIPEMD160C00, RIPEMD160S06);
RIPEMD160_STEP (RIPEMD160_F , d1, e1, a1, b1, c1, w7_t, RIPEMD160C00, RIPEMD160S07);
RIPEMD160_STEP (RIPEMD160_F , c1, d1, e1, a1, b1, w8_t, RIPEMD160C00, RIPEMD160S08);
RIPEMD160_STEP (RIPEMD160_F , b1, c1, d1, e1, a1, w9_t, RIPEMD160C00, RIPEMD160S09);
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, wa_t, RIPEMD160C00, RIPEMD160S0A);
RIPEMD160_STEP (RIPEMD160_F , e1, a1, b1, c1, d1, wb_t, RIPEMD160C00, RIPEMD160S0B);
RIPEMD160_STEP (RIPEMD160_F , d1, e1, a1, b1, c1, wc_t, RIPEMD160C00, RIPEMD160S0C);
RIPEMD160_STEP (RIPEMD160_F , c1, d1, e1, a1, b1, wd_t, RIPEMD160C00, RIPEMD160S0D);
RIPEMD160_STEP (RIPEMD160_F , b1, c1, d1, e1, a1, we_t, RIPEMD160C00, RIPEMD160S0E);
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, wf_t, RIPEMD160C00, RIPEMD160S0F);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w7_t, RIPEMD160C10, RIPEMD160S10);
RIPEMD160_STEP (RIPEMD160_Go, d1, e1, a1, b1, c1, w4_t, RIPEMD160C10, RIPEMD160S11);
RIPEMD160_STEP (RIPEMD160_Go, c1, d1, e1, a1, b1, wd_t, RIPEMD160C10, RIPEMD160S12);
RIPEMD160_STEP (RIPEMD160_Go, b1, c1, d1, e1, a1, w1_t, RIPEMD160C10, RIPEMD160S13);
RIPEMD160_STEP (RIPEMD160_Go, a1, b1, c1, d1, e1, wa_t, RIPEMD160C10, RIPEMD160S14);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w6_t, RIPEMD160C10, RIPEMD160S15);
RIPEMD160_STEP (RIPEMD160_Go, d1, e1, a1, b1, c1, wf_t, RIPEMD160C10, RIPEMD160S16);
RIPEMD160_STEP (RIPEMD160_Go, c1, d1, e1, a1, b1, w3_t, RIPEMD160C10, RIPEMD160S17);
RIPEMD160_STEP (RIPEMD160_Go, b1, c1, d1, e1, a1, wc_t, RIPEMD160C10, RIPEMD160S18);
RIPEMD160_STEP (RIPEMD160_Go, a1, b1, c1, d1, e1, w0_t, RIPEMD160C10, RIPEMD160S19);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w9_t, RIPEMD160C10, RIPEMD160S1A);
RIPEMD160_STEP (RIPEMD160_Go, d1, e1, a1, b1, c1, w5_t, RIPEMD160C10, RIPEMD160S1B);
RIPEMD160_STEP (RIPEMD160_Go, c1, d1, e1, a1, b1, w2_t, RIPEMD160C10, RIPEMD160S1C);
RIPEMD160_STEP (RIPEMD160_Go, b1, c1, d1, e1, a1, we_t, RIPEMD160C10, RIPEMD160S1D);
RIPEMD160_STEP (RIPEMD160_Go, a1, b1, c1, d1, e1, wb_t, RIPEMD160C10, RIPEMD160S1E);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w8_t, RIPEMD160C10, RIPEMD160S1F);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, w3_t, RIPEMD160C20, RIPEMD160S20);
RIPEMD160_STEP (RIPEMD160_H , c1, d1, e1, a1, b1, wa_t, RIPEMD160C20, RIPEMD160S21);
RIPEMD160_STEP (RIPEMD160_H , b1, c1, d1, e1, a1, we_t, RIPEMD160C20, RIPEMD160S22);
RIPEMD160_STEP (RIPEMD160_H , a1, b1, c1, d1, e1, w4_t, RIPEMD160C20, RIPEMD160S23);
RIPEMD160_STEP (RIPEMD160_H , e1, a1, b1, c1, d1, w9_t, RIPEMD160C20, RIPEMD160S24);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, wf_t, RIPEMD160C20, RIPEMD160S25);
RIPEMD160_STEP (RIPEMD160_H , c1, d1, e1, a1, b1, w8_t, RIPEMD160C20, RIPEMD160S26);
RIPEMD160_STEP (RIPEMD160_H , b1, c1, d1, e1, a1, w1_t, RIPEMD160C20, RIPEMD160S27);
RIPEMD160_STEP (RIPEMD160_H , a1, b1, c1, d1, e1, w2_t, RIPEMD160C20, RIPEMD160S28);
RIPEMD160_STEP (RIPEMD160_H , e1, a1, b1, c1, d1, w7_t, RIPEMD160C20, RIPEMD160S29);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, w0_t, RIPEMD160C20, RIPEMD160S2A);
RIPEMD160_STEP (RIPEMD160_H , c1, d1, e1, a1, b1, w6_t, RIPEMD160C20, RIPEMD160S2B);
RIPEMD160_STEP (RIPEMD160_H , b1, c1, d1, e1, a1, wd_t, RIPEMD160C20, RIPEMD160S2C);
RIPEMD160_STEP (RIPEMD160_H , a1, b1, c1, d1, e1, wb_t, RIPEMD160C20, RIPEMD160S2D);
RIPEMD160_STEP (RIPEMD160_H , e1, a1, b1, c1, d1, w5_t, RIPEMD160C20, RIPEMD160S2E);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, wc_t, RIPEMD160C20, RIPEMD160S2F);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w1_t, RIPEMD160C30, RIPEMD160S30);
RIPEMD160_STEP (RIPEMD160_Io, b1, c1, d1, e1, a1, w9_t, RIPEMD160C30, RIPEMD160S31);
RIPEMD160_STEP (RIPEMD160_Io, a1, b1, c1, d1, e1, wb_t, RIPEMD160C30, RIPEMD160S32);
RIPEMD160_STEP (RIPEMD160_Io, e1, a1, b1, c1, d1, wa_t, RIPEMD160C30, RIPEMD160S33);
RIPEMD160_STEP (RIPEMD160_Io, d1, e1, a1, b1, c1, w0_t, RIPEMD160C30, RIPEMD160S34);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w8_t, RIPEMD160C30, RIPEMD160S35);
RIPEMD160_STEP (RIPEMD160_Io, b1, c1, d1, e1, a1, wc_t, RIPEMD160C30, RIPEMD160S36);
RIPEMD160_STEP (RIPEMD160_Io, a1, b1, c1, d1, e1, w4_t, RIPEMD160C30, RIPEMD160S37);
RIPEMD160_STEP (RIPEMD160_Io, e1, a1, b1, c1, d1, wd_t, RIPEMD160C30, RIPEMD160S38);
RIPEMD160_STEP (RIPEMD160_Io, d1, e1, a1, b1, c1, w3_t, RIPEMD160C30, RIPEMD160S39);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w7_t, RIPEMD160C30, RIPEMD160S3A);
RIPEMD160_STEP (RIPEMD160_Io, b1, c1, d1, e1, a1, wf_t, RIPEMD160C30, RIPEMD160S3B);
RIPEMD160_STEP (RIPEMD160_Io, a1, b1, c1, d1, e1, we_t, RIPEMD160C30, RIPEMD160S3C);
RIPEMD160_STEP (RIPEMD160_Io, e1, a1, b1, c1, d1, w5_t, RIPEMD160C30, RIPEMD160S3D);
RIPEMD160_STEP (RIPEMD160_Io, d1, e1, a1, b1, c1, w6_t, RIPEMD160C30, RIPEMD160S3E);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w2_t, RIPEMD160C30, RIPEMD160S3F);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, w4_t, RIPEMD160C40, RIPEMD160S40);
RIPEMD160_STEP (RIPEMD160_J , a1, b1, c1, d1, e1, w0_t, RIPEMD160C40, RIPEMD160S41);
RIPEMD160_STEP (RIPEMD160_J , e1, a1, b1, c1, d1, w5_t, RIPEMD160C40, RIPEMD160S42);
RIPEMD160_STEP (RIPEMD160_J , d1, e1, a1, b1, c1, w9_t, RIPEMD160C40, RIPEMD160S43);
RIPEMD160_STEP (RIPEMD160_J , c1, d1, e1, a1, b1, w7_t, RIPEMD160C40, RIPEMD160S44);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, wc_t, RIPEMD160C40, RIPEMD160S45);
RIPEMD160_STEP (RIPEMD160_J , a1, b1, c1, d1, e1, w2_t, RIPEMD160C40, RIPEMD160S46);
RIPEMD160_STEP (RIPEMD160_J , e1, a1, b1, c1, d1, wa_t, RIPEMD160C40, RIPEMD160S47);
RIPEMD160_STEP (RIPEMD160_J , d1, e1, a1, b1, c1, we_t, RIPEMD160C40, RIPEMD160S48);
RIPEMD160_STEP (RIPEMD160_J , c1, d1, e1, a1, b1, w1_t, RIPEMD160C40, RIPEMD160S49);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, w3_t, RIPEMD160C40, RIPEMD160S4A);
RIPEMD160_STEP (RIPEMD160_J , a1, b1, c1, d1, e1, w8_t, RIPEMD160C40, RIPEMD160S4B);
RIPEMD160_STEP (RIPEMD160_J , e1, a1, b1, c1, d1, wb_t, RIPEMD160C40, RIPEMD160S4C);
RIPEMD160_STEP (RIPEMD160_J , d1, e1, a1, b1, c1, w6_t, RIPEMD160C40, RIPEMD160S4D);
RIPEMD160_STEP (RIPEMD160_J , c1, d1, e1, a1, b1, wf_t, RIPEMD160C40, RIPEMD160S4E);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, wd_t, RIPEMD160C40, RIPEMD160S4F);
u32x a2 = digest[0];
u32x b2 = digest[1];
u32x c2 = digest[2];
u32x d2 = digest[3];
u32x e2 = digest[4];
RIPEMD160_STEP_WORKAROUND_BUG (RIPEMD160_J , a2, b2, c2, d2, e2, w5_t, RIPEMD160C50, RIPEMD160S50);
RIPEMD160_STEP (RIPEMD160_J , e2, a2, b2, c2, d2, we_t, RIPEMD160C50, RIPEMD160S51);
RIPEMD160_STEP (RIPEMD160_J , d2, e2, a2, b2, c2, w7_t, RIPEMD160C50, RIPEMD160S52);
RIPEMD160_STEP (RIPEMD160_J , c2, d2, e2, a2, b2, w0_t, RIPEMD160C50, RIPEMD160S53);
RIPEMD160_STEP (RIPEMD160_J , b2, c2, d2, e2, a2, w9_t, RIPEMD160C50, RIPEMD160S54);
RIPEMD160_STEP (RIPEMD160_J , a2, b2, c2, d2, e2, w2_t, RIPEMD160C50, RIPEMD160S55);
RIPEMD160_STEP (RIPEMD160_J , e2, a2, b2, c2, d2, wb_t, RIPEMD160C50, RIPEMD160S56);
RIPEMD160_STEP (RIPEMD160_J , d2, e2, a2, b2, c2, w4_t, RIPEMD160C50, RIPEMD160S57);
RIPEMD160_STEP (RIPEMD160_J , c2, d2, e2, a2, b2, wd_t, RIPEMD160C50, RIPEMD160S58);
RIPEMD160_STEP (RIPEMD160_J , b2, c2, d2, e2, a2, w6_t, RIPEMD160C50, RIPEMD160S59);
RIPEMD160_STEP (RIPEMD160_J , a2, b2, c2, d2, e2, wf_t, RIPEMD160C50, RIPEMD160S5A);
RIPEMD160_STEP (RIPEMD160_J , e2, a2, b2, c2, d2, w8_t, RIPEMD160C50, RIPEMD160S5B);
RIPEMD160_STEP (RIPEMD160_J , d2, e2, a2, b2, c2, w1_t, RIPEMD160C50, RIPEMD160S5C);
RIPEMD160_STEP (RIPEMD160_J , c2, d2, e2, a2, b2, wa_t, RIPEMD160C50, RIPEMD160S5D);
RIPEMD160_STEP (RIPEMD160_J , b2, c2, d2, e2, a2, w3_t, RIPEMD160C50, RIPEMD160S5E);
RIPEMD160_STEP (RIPEMD160_J , a2, b2, c2, d2, e2, wc_t, RIPEMD160C50, RIPEMD160S5F);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, w6_t, RIPEMD160C60, RIPEMD160S60);
RIPEMD160_STEP (RIPEMD160_Io, d2, e2, a2, b2, c2, wb_t, RIPEMD160C60, RIPEMD160S61);
RIPEMD160_STEP (RIPEMD160_Io, c2, d2, e2, a2, b2, w3_t, RIPEMD160C60, RIPEMD160S62);
RIPEMD160_STEP (RIPEMD160_Io, b2, c2, d2, e2, a2, w7_t, RIPEMD160C60, RIPEMD160S63);
RIPEMD160_STEP (RIPEMD160_Io, a2, b2, c2, d2, e2, w0_t, RIPEMD160C60, RIPEMD160S64);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, wd_t, RIPEMD160C60, RIPEMD160S65);
RIPEMD160_STEP (RIPEMD160_Io, d2, e2, a2, b2, c2, w5_t, RIPEMD160C60, RIPEMD160S66);
RIPEMD160_STEP (RIPEMD160_Io, c2, d2, e2, a2, b2, wa_t, RIPEMD160C60, RIPEMD160S67);
RIPEMD160_STEP (RIPEMD160_Io, b2, c2, d2, e2, a2, we_t, RIPEMD160C60, RIPEMD160S68);
RIPEMD160_STEP (RIPEMD160_Io, a2, b2, c2, d2, e2, wf_t, RIPEMD160C60, RIPEMD160S69);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, w8_t, RIPEMD160C60, RIPEMD160S6A);
RIPEMD160_STEP (RIPEMD160_Io, d2, e2, a2, b2, c2, wc_t, RIPEMD160C60, RIPEMD160S6B);
RIPEMD160_STEP (RIPEMD160_Io, c2, d2, e2, a2, b2, w4_t, RIPEMD160C60, RIPEMD160S6C);
RIPEMD160_STEP (RIPEMD160_Io, b2, c2, d2, e2, a2, w9_t, RIPEMD160C60, RIPEMD160S6D);
RIPEMD160_STEP (RIPEMD160_Io, a2, b2, c2, d2, e2, w1_t, RIPEMD160C60, RIPEMD160S6E);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, w2_t, RIPEMD160C60, RIPEMD160S6F);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, wf_t, RIPEMD160C70, RIPEMD160S70);
RIPEMD160_STEP (RIPEMD160_H , c2, d2, e2, a2, b2, w5_t, RIPEMD160C70, RIPEMD160S71);
RIPEMD160_STEP (RIPEMD160_H , b2, c2, d2, e2, a2, w1_t, RIPEMD160C70, RIPEMD160S72);
RIPEMD160_STEP (RIPEMD160_H , a2, b2, c2, d2, e2, w3_t, RIPEMD160C70, RIPEMD160S73);
RIPEMD160_STEP (RIPEMD160_H , e2, a2, b2, c2, d2, w7_t, RIPEMD160C70, RIPEMD160S74);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, we_t, RIPEMD160C70, RIPEMD160S75);
RIPEMD160_STEP (RIPEMD160_H , c2, d2, e2, a2, b2, w6_t, RIPEMD160C70, RIPEMD160S76);
RIPEMD160_STEP (RIPEMD160_H , b2, c2, d2, e2, a2, w9_t, RIPEMD160C70, RIPEMD160S77);
RIPEMD160_STEP (RIPEMD160_H , a2, b2, c2, d2, e2, wb_t, RIPEMD160C70, RIPEMD160S78);
RIPEMD160_STEP (RIPEMD160_H , e2, a2, b2, c2, d2, w8_t, RIPEMD160C70, RIPEMD160S79);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, wc_t, RIPEMD160C70, RIPEMD160S7A);
RIPEMD160_STEP (RIPEMD160_H , c2, d2, e2, a2, b2, w2_t, RIPEMD160C70, RIPEMD160S7B);
RIPEMD160_STEP (RIPEMD160_H , b2, c2, d2, e2, a2, wa_t, RIPEMD160C70, RIPEMD160S7C);
RIPEMD160_STEP (RIPEMD160_H , a2, b2, c2, d2, e2, w0_t, RIPEMD160C70, RIPEMD160S7D);
RIPEMD160_STEP (RIPEMD160_H , e2, a2, b2, c2, d2, w4_t, RIPEMD160C70, RIPEMD160S7E);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, wd_t, RIPEMD160C70, RIPEMD160S7F);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, w8_t, RIPEMD160C80, RIPEMD160S80);
RIPEMD160_STEP (RIPEMD160_Go, b2, c2, d2, e2, a2, w6_t, RIPEMD160C80, RIPEMD160S81);
RIPEMD160_STEP (RIPEMD160_Go, a2, b2, c2, d2, e2, w4_t, RIPEMD160C80, RIPEMD160S82);
RIPEMD160_STEP (RIPEMD160_Go, e2, a2, b2, c2, d2, w1_t, RIPEMD160C80, RIPEMD160S83);
RIPEMD160_STEP (RIPEMD160_Go, d2, e2, a2, b2, c2, w3_t, RIPEMD160C80, RIPEMD160S84);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, wb_t, RIPEMD160C80, RIPEMD160S85);
RIPEMD160_STEP (RIPEMD160_Go, b2, c2, d2, e2, a2, wf_t, RIPEMD160C80, RIPEMD160S86);
RIPEMD160_STEP (RIPEMD160_Go, a2, b2, c2, d2, e2, w0_t, RIPEMD160C80, RIPEMD160S87);
RIPEMD160_STEP (RIPEMD160_Go, e2, a2, b2, c2, d2, w5_t, RIPEMD160C80, RIPEMD160S88);
RIPEMD160_STEP (RIPEMD160_Go, d2, e2, a2, b2, c2, wc_t, RIPEMD160C80, RIPEMD160S89);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, w2_t, RIPEMD160C80, RIPEMD160S8A);
RIPEMD160_STEP (RIPEMD160_Go, b2, c2, d2, e2, a2, wd_t, RIPEMD160C80, RIPEMD160S8B);
RIPEMD160_STEP (RIPEMD160_Go, a2, b2, c2, d2, e2, w9_t, RIPEMD160C80, RIPEMD160S8C);
RIPEMD160_STEP (RIPEMD160_Go, e2, a2, b2, c2, d2, w7_t, RIPEMD160C80, RIPEMD160S8D);
RIPEMD160_STEP (RIPEMD160_Go, d2, e2, a2, b2, c2, wa_t, RIPEMD160C80, RIPEMD160S8E);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, we_t, RIPEMD160C80, RIPEMD160S8F);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, wc_t, RIPEMD160C90, RIPEMD160S90);
RIPEMD160_STEP (RIPEMD160_F , a2, b2, c2, d2, e2, wf_t, RIPEMD160C90, RIPEMD160S91);
RIPEMD160_STEP (RIPEMD160_F , e2, a2, b2, c2, d2, wa_t, RIPEMD160C90, RIPEMD160S92);
RIPEMD160_STEP (RIPEMD160_F , d2, e2, a2, b2, c2, w4_t, RIPEMD160C90, RIPEMD160S93);
RIPEMD160_STEP (RIPEMD160_F , c2, d2, e2, a2, b2, w1_t, RIPEMD160C90, RIPEMD160S94);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, w5_t, RIPEMD160C90, RIPEMD160S95);
RIPEMD160_STEP (RIPEMD160_F , a2, b2, c2, d2, e2, w8_t, RIPEMD160C90, RIPEMD160S96);
RIPEMD160_STEP (RIPEMD160_F , e2, a2, b2, c2, d2, w7_t, RIPEMD160C90, RIPEMD160S97);
RIPEMD160_STEP (RIPEMD160_F , d2, e2, a2, b2, c2, w6_t, RIPEMD160C90, RIPEMD160S98);
RIPEMD160_STEP (RIPEMD160_F , c2, d2, e2, a2, b2, w2_t, RIPEMD160C90, RIPEMD160S99);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, wd_t, RIPEMD160C90, RIPEMD160S9A);
RIPEMD160_STEP (RIPEMD160_F , a2, b2, c2, d2, e2, we_t, RIPEMD160C90, RIPEMD160S9B);
RIPEMD160_STEP (RIPEMD160_F , e2, a2, b2, c2, d2, w0_t, RIPEMD160C90, RIPEMD160S9C);
RIPEMD160_STEP (RIPEMD160_F , d2, e2, a2, b2, c2, w3_t, RIPEMD160C90, RIPEMD160S9D);
RIPEMD160_STEP (RIPEMD160_F , c2, d2, e2, a2, b2, w9_t, RIPEMD160C90, RIPEMD160S9E);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, wb_t, RIPEMD160C90, RIPEMD160S9F);
const u32x a = digest[1] + c1 + d2;
const u32x b = digest[2] + d1 + e2;
const u32x c = digest[3] + e1 + a2;
const u32x d = digest[4] + a1 + b2;
const u32x e = digest[0] + b1 + c2;
digest[0] = a;
digest[1] = b;
digest[2] = c;
digest[3] = d;
digest[4] = e;
}
static void hmac_ripemd160_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[5], u32x opad[5], u32x digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
ripemd160_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 20) * 8;
w3[3] = 0;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
ripemd160_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14641_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
u32 w2[4];
w2[0] = pws[gid].i[ 8];
w2[1] = pws[gid].i[ 9];
w2[2] = pws[gid].i[10];
w2[3] = pws[gid].i[11];
u32 w3[4];
w3[0] = pws[gid].i[12];
w3[1] = pws[gid].i[13];
w3[2] = pws[gid].i[14];
w3[3] = pws[gid].i[15];
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u32 salt_buf0[4];
u32 salt_buf1[4];
salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0];
salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1];
salt_buf0[2] = salt_bufs[salt_pos].salt_buf[2];
salt_buf0[3] = salt_bufs[salt_pos].salt_buf[3];
salt_buf1[0] = salt_bufs[salt_pos].salt_buf[4];
salt_buf1[1] = salt_bufs[salt_pos].salt_buf[5];
salt_buf1[2] = salt_bufs[salt_pos].salt_buf[6];
salt_buf1[3] = salt_bufs[salt_pos].salt_buf[7];
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
u32 ipad[5];
u32 opad[5];
hmac_ripemd160_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad32[0] = ipad[0];
tmps[gid].ipad32[1] = ipad[1];
tmps[gid].ipad32[2] = ipad[2];
tmps[gid].ipad32[3] = ipad[3];
tmps[gid].ipad32[4] = ipad[4];
tmps[gid].opad32[0] = opad[0];
tmps[gid].opad32[1] = opad[1];
tmps[gid].opad32[2] = opad[2];
tmps[gid].opad32[3] = opad[3];
tmps[gid].opad32[4] = opad[4];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 5, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = salt_buf1[0];
w1[1] = salt_buf1[1];
w1[2] = salt_buf1[2];
w1[3] = salt_buf1[3];
w2[0] = j << 24;
w2[1] = 0x80;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + salt_len + 4) * 8;
w3[3] = 0;
u32 dgst[5];
hmac_ripemd160_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst32[i + 0] = dgst[0];
tmps[gid].dgst32[i + 1] = dgst[1];
tmps[gid].dgst32[i + 2] = dgst[2];
tmps[gid].dgst32[i + 3] = dgst[3];
tmps[gid].dgst32[i + 4] = dgst[4];
tmps[gid].out32[i + 0] = dgst[0];
tmps[gid].out32[i + 1] = dgst[1];
tmps[gid].out32[i + 2] = dgst[2];
tmps[gid].out32[i + 3] = dgst[3];
tmps[gid].out32[i + 4] = dgst[4];
}
}
__kernel void m14641_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[5];
u32x opad[5];
ipad[0] = packv (tmps, ipad32, gid, 0);
ipad[1] = packv (tmps, ipad32, gid, 1);
ipad[2] = packv (tmps, ipad32, gid, 2);
ipad[3] = packv (tmps, ipad32, gid, 3);
ipad[4] = packv (tmps, ipad32, gid, 4);
opad[0] = packv (tmps, opad32, gid, 0);
opad[1] = packv (tmps, opad32, gid, 1);
opad[2] = packv (tmps, opad32, gid, 2);
opad[3] = packv (tmps, opad32, gid, 3);
opad[4] = packv (tmps, opad32, gid, 4);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 5)
{
u32x dgst[5];
u32x out[5];
dgst[0] = packv (tmps, dgst32, gid, i + 0);
dgst[1] = packv (tmps, dgst32, gid, i + 1);
dgst[2] = packv (tmps, dgst32, gid, i + 2);
dgst[3] = packv (tmps, dgst32, gid, i + 3);
dgst[4] = packv (tmps, dgst32, gid, i + 4);
out[0] = packv (tmps, out32, gid, i + 0);
out[1] = packv (tmps, out32, gid, i + 1);
out[2] = packv (tmps, out32, gid, i + 2);
out[3] = packv (tmps, out32, gid, i + 3);
out[4] = packv (tmps, out32, gid, i + 4);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = 0x80;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 20) * 8;
w3[3] = 0;
hmac_ripemd160_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
}
unpackv (tmps, dgst32, gid, i + 0, dgst[0]);
unpackv (tmps, dgst32, gid, i + 1, dgst[1]);
unpackv (tmps, dgst32, gid, i + 2, dgst[2]);
unpackv (tmps, dgst32, gid, i + 3, dgst[3]);
unpackv (tmps, dgst32, gid, i + 4, dgst[4]);
unpackv (tmps, out32, gid, i + 0, out[0]);
unpackv (tmps, out32, gid, i + 1, out[1]);
unpackv (tmps, out32, gid, i + 2, out[2]);
unpackv (tmps, out32, gid, i + 3, out[3]);
unpackv (tmps, out32, gid, i + 4, out[4]);
}
}
__kernel void m14641_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
const u32 lid = get_local_id (0);
const u32 lsz = get_local_size (0);
/**
* aes shared
*/
#ifdef REAL_SHM
__local u32 s_td0[256];
__local u32 s_td1[256];
__local u32 s_td2[256];
__local u32 s_td3[256];
__local u32 s_td4[256];
__local u32 s_te0[256];
__local u32 s_te1[256];
__local u32 s_te2[256];
__local u32 s_te3[256];
__local u32 s_te4[256];
for (u32 i = lid; i < 256; i += lsz)
{
s_td0[i] = td0[i];
s_td1[i] = td1[i];
s_td2[i] = td2[i];
s_td3[i] = td3[i];
s_td4[i] = td4[i];
s_te0[i] = te0[i];
s_te1[i] = te1[i];
s_te2[i] = te2[i];
s_te3[i] = te3[i];
s_te4[i] = te4[i];
}
barrier (CLK_LOCAL_MEM_FENCE);
#else
__constant u32 *s_td0 = td0;
__constant u32 *s_td1 = td1;
__constant u32 *s_td2 = td2;
__constant u32 *s_td3 = td3;
__constant u32 *s_td4 = td4;
__constant u32 *s_te0 = te0;
__constant u32 *s_te1 = te1;
__constant u32 *s_te2 = te2;
__constant u32 *s_te3 = te3;
__constant u32 *s_te4 = te4;
#endif
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_ripemd160_then_aes_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf, s_te0, s_te1, s_te2, s_te3, s_te4, s_td0, s_td1, s_td2, s_td3, s_td4);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

808
OpenCL/m14642.cl
Unescape View File

@ -0,0 +1,808 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_serpent.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_serpent.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
static void ripemd160_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[5])
{
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
u32 a1 = digest[0];
u32 b1 = digest[1];
u32 c1 = digest[2];
u32 d1 = digest[3];
u32 e1 = digest[4];
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, w0_t, RIPEMD160C00, RIPEMD160S00);
RIPEMD160_STEP_S (RIPEMD160_F , e1, a1, b1, c1, d1, w1_t, RIPEMD160C00, RIPEMD160S01);
RIPEMD160_STEP_S (RIPEMD160_F , d1, e1, a1, b1, c1, w2_t, RIPEMD160C00, RIPEMD160S02);
RIPEMD160_STEP_S (RIPEMD160_F , c1, d1, e1, a1, b1, w3_t, RIPEMD160C00, RIPEMD160S03);
RIPEMD160_STEP_S (RIPEMD160_F , b1, c1, d1, e1, a1, w4_t, RIPEMD160C00, RIPEMD160S04);
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, w5_t, RIPEMD160C00, RIPEMD160S05);
RIPEMD160_STEP_S (RIPEMD160_F , e1, a1, b1, c1, d1, w6_t, RIPEMD160C00, RIPEMD160S06);
RIPEMD160_STEP_S (RIPEMD160_F , d1, e1, a1, b1, c1, w7_t, RIPEMD160C00, RIPEMD160S07);
RIPEMD160_STEP_S (RIPEMD160_F , c1, d1, e1, a1, b1, w8_t, RIPEMD160C00, RIPEMD160S08);
RIPEMD160_STEP_S (RIPEMD160_F , b1, c1, d1, e1, a1, w9_t, RIPEMD160C00, RIPEMD160S09);
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, wa_t, RIPEMD160C00, RIPEMD160S0A);
RIPEMD160_STEP_S (RIPEMD160_F , e1, a1, b1, c1, d1, wb_t, RIPEMD160C00, RIPEMD160S0B);
RIPEMD160_STEP_S (RIPEMD160_F , d1, e1, a1, b1, c1, wc_t, RIPEMD160C00, RIPEMD160S0C);
RIPEMD160_STEP_S (RIPEMD160_F , c1, d1, e1, a1, b1, wd_t, RIPEMD160C00, RIPEMD160S0D);
RIPEMD160_STEP_S (RIPEMD160_F , b1, c1, d1, e1, a1, we_t, RIPEMD160C00, RIPEMD160S0E);
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, wf_t, RIPEMD160C00, RIPEMD160S0F);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w7_t, RIPEMD160C10, RIPEMD160S10);
RIPEMD160_STEP_S (RIPEMD160_Go, d1, e1, a1, b1, c1, w4_t, RIPEMD160C10, RIPEMD160S11);
RIPEMD160_STEP_S (RIPEMD160_Go, c1, d1, e1, a1, b1, wd_t, RIPEMD160C10, RIPEMD160S12);
RIPEMD160_STEP_S (RIPEMD160_Go, b1, c1, d1, e1, a1, w1_t, RIPEMD160C10, RIPEMD160S13);
RIPEMD160_STEP_S (RIPEMD160_Go, a1, b1, c1, d1, e1, wa_t, RIPEMD160C10, RIPEMD160S14);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w6_t, RIPEMD160C10, RIPEMD160S15);
RIPEMD160_STEP_S (RIPEMD160_Go, d1, e1, a1, b1, c1, wf_t, RIPEMD160C10, RIPEMD160S16);
RIPEMD160_STEP_S (RIPEMD160_Go, c1, d1, e1, a1, b1, w3_t, RIPEMD160C10, RIPEMD160S17);
RIPEMD160_STEP_S (RIPEMD160_Go, b1, c1, d1, e1, a1, wc_t, RIPEMD160C10, RIPEMD160S18);
RIPEMD160_STEP_S (RIPEMD160_Go, a1, b1, c1, d1, e1, w0_t, RIPEMD160C10, RIPEMD160S19);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w9_t, RIPEMD160C10, RIPEMD160S1A);
RIPEMD160_STEP_S (RIPEMD160_Go, d1, e1, a1, b1, c1, w5_t, RIPEMD160C10, RIPEMD160S1B);
RIPEMD160_STEP_S (RIPEMD160_Go, c1, d1, e1, a1, b1, w2_t, RIPEMD160C10, RIPEMD160S1C);
RIPEMD160_STEP_S (RIPEMD160_Go, b1, c1, d1, e1, a1, we_t, RIPEMD160C10, RIPEMD160S1D);
RIPEMD160_STEP_S (RIPEMD160_Go, a1, b1, c1, d1, e1, wb_t, RIPEMD160C10, RIPEMD160S1E);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w8_t, RIPEMD160C10, RIPEMD160S1F);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, w3_t, RIPEMD160C20, RIPEMD160S20);
RIPEMD160_STEP_S (RIPEMD160_H , c1, d1, e1, a1, b1, wa_t, RIPEMD160C20, RIPEMD160S21);
RIPEMD160_STEP_S (RIPEMD160_H , b1, c1, d1, e1, a1, we_t, RIPEMD160C20, RIPEMD160S22);
RIPEMD160_STEP_S (RIPEMD160_H , a1, b1, c1, d1, e1, w4_t, RIPEMD160C20, RIPEMD160S23);
RIPEMD160_STEP_S (RIPEMD160_H , e1, a1, b1, c1, d1, w9_t, RIPEMD160C20, RIPEMD160S24);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, wf_t, RIPEMD160C20, RIPEMD160S25);
RIPEMD160_STEP_S (RIPEMD160_H , c1, d1, e1, a1, b1, w8_t, RIPEMD160C20, RIPEMD160S26);
RIPEMD160_STEP_S (RIPEMD160_H , b1, c1, d1, e1, a1, w1_t, RIPEMD160C20, RIPEMD160S27);
RIPEMD160_STEP_S (RIPEMD160_H , a1, b1, c1, d1, e1, w2_t, RIPEMD160C20, RIPEMD160S28);
RIPEMD160_STEP_S (RIPEMD160_H , e1, a1, b1, c1, d1, w7_t, RIPEMD160C20, RIPEMD160S29);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, w0_t, RIPEMD160C20, RIPEMD160S2A);
RIPEMD160_STEP_S (RIPEMD160_H , c1, d1, e1, a1, b1, w6_t, RIPEMD160C20, RIPEMD160S2B);
RIPEMD160_STEP_S (RIPEMD160_H , b1, c1, d1, e1, a1, wd_t, RIPEMD160C20, RIPEMD160S2C);
RIPEMD160_STEP_S (RIPEMD160_H , a1, b1, c1, d1, e1, wb_t, RIPEMD160C20, RIPEMD160S2D);
RIPEMD160_STEP_S (RIPEMD160_H , e1, a1, b1, c1, d1, w5_t, RIPEMD160C20, RIPEMD160S2E);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, wc_t, RIPEMD160C20, RIPEMD160S2F);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w1_t, RIPEMD160C30, RIPEMD160S30);
RIPEMD160_STEP_S (RIPEMD160_Io, b1, c1, d1, e1, a1, w9_t, RIPEMD160C30, RIPEMD160S31);
RIPEMD160_STEP_S (RIPEMD160_Io, a1, b1, c1, d1, e1, wb_t, RIPEMD160C30, RIPEMD160S32);
RIPEMD160_STEP_S (RIPEMD160_Io, e1, a1, b1, c1, d1, wa_t, RIPEMD160C30, RIPEMD160S33);
RIPEMD160_STEP_S (RIPEMD160_Io, d1, e1, a1, b1, c1, w0_t, RIPEMD160C30, RIPEMD160S34);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w8_t, RIPEMD160C30, RIPEMD160S35);
RIPEMD160_STEP_S (RIPEMD160_Io, b1, c1, d1, e1, a1, wc_t, RIPEMD160C30, RIPEMD160S36);
RIPEMD160_STEP_S (RIPEMD160_Io, a1, b1, c1, d1, e1, w4_t, RIPEMD160C30, RIPEMD160S37);
RIPEMD160_STEP_S (RIPEMD160_Io, e1, a1, b1, c1, d1, wd_t, RIPEMD160C30, RIPEMD160S38);
RIPEMD160_STEP_S (RIPEMD160_Io, d1, e1, a1, b1, c1, w3_t, RIPEMD160C30, RIPEMD160S39);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w7_t, RIPEMD160C30, RIPEMD160S3A);
RIPEMD160_STEP_S (RIPEMD160_Io, b1, c1, d1, e1, a1, wf_t, RIPEMD160C30, RIPEMD160S3B);
RIPEMD160_STEP_S (RIPEMD160_Io, a1, b1, c1, d1, e1, we_t, RIPEMD160C30, RIPEMD160S3C);
RIPEMD160_STEP_S (RIPEMD160_Io, e1, a1, b1, c1, d1, w5_t, RIPEMD160C30, RIPEMD160S3D);
RIPEMD160_STEP_S (RIPEMD160_Io, d1, e1, a1, b1, c1, w6_t, RIPEMD160C30, RIPEMD160S3E);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w2_t, RIPEMD160C30, RIPEMD160S3F);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, w4_t, RIPEMD160C40, RIPEMD160S40);
RIPEMD160_STEP_S (RIPEMD160_J , a1, b1, c1, d1, e1, w0_t, RIPEMD160C40, RIPEMD160S41);
RIPEMD160_STEP_S (RIPEMD160_J , e1, a1, b1, c1, d1, w5_t, RIPEMD160C40, RIPEMD160S42);
RIPEMD160_STEP_S (RIPEMD160_J , d1, e1, a1, b1, c1, w9_t, RIPEMD160C40, RIPEMD160S43);
RIPEMD160_STEP_S (RIPEMD160_J , c1, d1, e1, a1, b1, w7_t, RIPEMD160C40, RIPEMD160S44);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, wc_t, RIPEMD160C40, RIPEMD160S45);
RIPEMD160_STEP_S (RIPEMD160_J , a1, b1, c1, d1, e1, w2_t, RIPEMD160C40, RIPEMD160S46);
RIPEMD160_STEP_S (RIPEMD160_J , e1, a1, b1, c1, d1, wa_t, RIPEMD160C40, RIPEMD160S47);
RIPEMD160_STEP_S (RIPEMD160_J , d1, e1, a1, b1, c1, we_t, RIPEMD160C40, RIPEMD160S48);
RIPEMD160_STEP_S (RIPEMD160_J , c1, d1, e1, a1, b1, w1_t, RIPEMD160C40, RIPEMD160S49);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, w3_t, RIPEMD160C40, RIPEMD160S4A);
RIPEMD160_STEP_S (RIPEMD160_J , a1, b1, c1, d1, e1, w8_t, RIPEMD160C40, RIPEMD160S4B);
RIPEMD160_STEP_S (RIPEMD160_J , e1, a1, b1, c1, d1, wb_t, RIPEMD160C40, RIPEMD160S4C);
RIPEMD160_STEP_S (RIPEMD160_J , d1, e1, a1, b1, c1, w6_t, RIPEMD160C40, RIPEMD160S4D);
RIPEMD160_STEP_S (RIPEMD160_J , c1, d1, e1, a1, b1, wf_t, RIPEMD160C40, RIPEMD160S4E);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, wd_t, RIPEMD160C40, RIPEMD160S4F);
u32 a2 = digest[0];
u32 b2 = digest[1];
u32 c2 = digest[2];
u32 d2 = digest[3];
u32 e2 = digest[4];
RIPEMD160_STEP_S_WORKAROUND_BUG (RIPEMD160_J , a2, b2, c2, d2, e2, w5_t, RIPEMD160C50, RIPEMD160S50);
RIPEMD160_STEP_S (RIPEMD160_J , e2, a2, b2, c2, d2, we_t, RIPEMD160C50, RIPEMD160S51);
RIPEMD160_STEP_S (RIPEMD160_J , d2, e2, a2, b2, c2, w7_t, RIPEMD160C50, RIPEMD160S52);
RIPEMD160_STEP_S (RIPEMD160_J , c2, d2, e2, a2, b2, w0_t, RIPEMD160C50, RIPEMD160S53);
RIPEMD160_STEP_S (RIPEMD160_J , b2, c2, d2, e2, a2, w9_t, RIPEMD160C50, RIPEMD160S54);
RIPEMD160_STEP_S (RIPEMD160_J , a2, b2, c2, d2, e2, w2_t, RIPEMD160C50, RIPEMD160S55);
RIPEMD160_STEP_S (RIPEMD160_J , e2, a2, b2, c2, d2, wb_t, RIPEMD160C50, RIPEMD160S56);
RIPEMD160_STEP_S (RIPEMD160_J , d2, e2, a2, b2, c2, w4_t, RIPEMD160C50, RIPEMD160S57);
RIPEMD160_STEP_S (RIPEMD160_J , c2, d2, e2, a2, b2, wd_t, RIPEMD160C50, RIPEMD160S58);
RIPEMD160_STEP_S (RIPEMD160_J , b2, c2, d2, e2, a2, w6_t, RIPEMD160C50, RIPEMD160S59);
RIPEMD160_STEP_S (RIPEMD160_J , a2, b2, c2, d2, e2, wf_t, RIPEMD160C50, RIPEMD160S5A);
RIPEMD160_STEP_S (RIPEMD160_J , e2, a2, b2, c2, d2, w8_t, RIPEMD160C50, RIPEMD160S5B);
RIPEMD160_STEP_S (RIPEMD160_J , d2, e2, a2, b2, c2, w1_t, RIPEMD160C50, RIPEMD160S5C);
RIPEMD160_STEP_S (RIPEMD160_J , c2, d2, e2, a2, b2, wa_t, RIPEMD160C50, RIPEMD160S5D);
RIPEMD160_STEP_S (RIPEMD160_J , b2, c2, d2, e2, a2, w3_t, RIPEMD160C50, RIPEMD160S5E);
RIPEMD160_STEP_S (RIPEMD160_J , a2, b2, c2, d2, e2, wc_t, RIPEMD160C50, RIPEMD160S5F);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, w6_t, RIPEMD160C60, RIPEMD160S60);
RIPEMD160_STEP_S (RIPEMD160_Io, d2, e2, a2, b2, c2, wb_t, RIPEMD160C60, RIPEMD160S61);
RIPEMD160_STEP_S (RIPEMD160_Io, c2, d2, e2, a2, b2, w3_t, RIPEMD160C60, RIPEMD160S62);
RIPEMD160_STEP_S (RIPEMD160_Io, b2, c2, d2, e2, a2, w7_t, RIPEMD160C60, RIPEMD160S63);
RIPEMD160_STEP_S (RIPEMD160_Io, a2, b2, c2, d2, e2, w0_t, RIPEMD160C60, RIPEMD160S64);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, wd_t, RIPEMD160C60, RIPEMD160S65);
RIPEMD160_STEP_S (RIPEMD160_Io, d2, e2, a2, b2, c2, w5_t, RIPEMD160C60, RIPEMD160S66);
RIPEMD160_STEP_S (RIPEMD160_Io, c2, d2, e2, a2, b2, wa_t, RIPEMD160C60, RIPEMD160S67);
RIPEMD160_STEP_S (RIPEMD160_Io, b2, c2, d2, e2, a2, we_t, RIPEMD160C60, RIPEMD160S68);
RIPEMD160_STEP_S (RIPEMD160_Io, a2, b2, c2, d2, e2, wf_t, RIPEMD160C60, RIPEMD160S69);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, w8_t, RIPEMD160C60, RIPEMD160S6A);
RIPEMD160_STEP_S (RIPEMD160_Io, d2, e2, a2, b2, c2, wc_t, RIPEMD160C60, RIPEMD160S6B);
RIPEMD160_STEP_S (RIPEMD160_Io, c2, d2, e2, a2, b2, w4_t, RIPEMD160C60, RIPEMD160S6C);
RIPEMD160_STEP_S (RIPEMD160_Io, b2, c2, d2, e2, a2, w9_t, RIPEMD160C60, RIPEMD160S6D);
RIPEMD160_STEP_S (RIPEMD160_Io, a2, b2, c2, d2, e2, w1_t, RIPEMD160C60, RIPEMD160S6E);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, w2_t, RIPEMD160C60, RIPEMD160S6F);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, wf_t, RIPEMD160C70, RIPEMD160S70);
RIPEMD160_STEP_S (RIPEMD160_H , c2, d2, e2, a2, b2, w5_t, RIPEMD160C70, RIPEMD160S71);
RIPEMD160_STEP_S (RIPEMD160_H , b2, c2, d2, e2, a2, w1_t, RIPEMD160C70, RIPEMD160S72);
RIPEMD160_STEP_S (RIPEMD160_H , a2, b2, c2, d2, e2, w3_t, RIPEMD160C70, RIPEMD160S73);
RIPEMD160_STEP_S (RIPEMD160_H , e2, a2, b2, c2, d2, w7_t, RIPEMD160C70, RIPEMD160S74);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, we_t, RIPEMD160C70, RIPEMD160S75);
RIPEMD160_STEP_S (RIPEMD160_H , c2, d2, e2, a2, b2, w6_t, RIPEMD160C70, RIPEMD160S76);
RIPEMD160_STEP_S (RIPEMD160_H , b2, c2, d2, e2, a2, w9_t, RIPEMD160C70, RIPEMD160S77);
RIPEMD160_STEP_S (RIPEMD160_H , a2, b2, c2, d2, e2, wb_t, RIPEMD160C70, RIPEMD160S78);
RIPEMD160_STEP_S (RIPEMD160_H , e2, a2, b2, c2, d2, w8_t, RIPEMD160C70, RIPEMD160S79);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, wc_t, RIPEMD160C70, RIPEMD160S7A);
RIPEMD160_STEP_S (RIPEMD160_H , c2, d2, e2, a2, b2, w2_t, RIPEMD160C70, RIPEMD160S7B);
RIPEMD160_STEP_S (RIPEMD160_H , b2, c2, d2, e2, a2, wa_t, RIPEMD160C70, RIPEMD160S7C);
RIPEMD160_STEP_S (RIPEMD160_H , a2, b2, c2, d2, e2, w0_t, RIPEMD160C70, RIPEMD160S7D);
RIPEMD160_STEP_S (RIPEMD160_H , e2, a2, b2, c2, d2, w4_t, RIPEMD160C70, RIPEMD160S7E);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, wd_t, RIPEMD160C70, RIPEMD160S7F);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, w8_t, RIPEMD160C80, RIPEMD160S80);
RIPEMD160_STEP_S (RIPEMD160_Go, b2, c2, d2, e2, a2, w6_t, RIPEMD160C80, RIPEMD160S81);
RIPEMD160_STEP_S (RIPEMD160_Go, a2, b2, c2, d2, e2, w4_t, RIPEMD160C80, RIPEMD160S82);
RIPEMD160_STEP_S (RIPEMD160_Go, e2, a2, b2, c2, d2, w1_t, RIPEMD160C80, RIPEMD160S83);
RIPEMD160_STEP_S (RIPEMD160_Go, d2, e2, a2, b2, c2, w3_t, RIPEMD160C80, RIPEMD160S84);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, wb_t, RIPEMD160C80, RIPEMD160S85);
RIPEMD160_STEP_S (RIPEMD160_Go, b2, c2, d2, e2, a2, wf_t, RIPEMD160C80, RIPEMD160S86);
RIPEMD160_STEP_S (RIPEMD160_Go, a2, b2, c2, d2, e2, w0_t, RIPEMD160C80, RIPEMD160S87);
RIPEMD160_STEP_S (RIPEMD160_Go, e2, a2, b2, c2, d2, w5_t, RIPEMD160C80, RIPEMD160S88);
RIPEMD160_STEP_S (RIPEMD160_Go, d2, e2, a2, b2, c2, wc_t, RIPEMD160C80, RIPEMD160S89);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, w2_t, RIPEMD160C80, RIPEMD160S8A);
RIPEMD160_STEP_S (RIPEMD160_Go, b2, c2, d2, e2, a2, wd_t, RIPEMD160C80, RIPEMD160S8B);
RIPEMD160_STEP_S (RIPEMD160_Go, a2, b2, c2, d2, e2, w9_t, RIPEMD160C80, RIPEMD160S8C);
RIPEMD160_STEP_S (RIPEMD160_Go, e2, a2, b2, c2, d2, w7_t, RIPEMD160C80, RIPEMD160S8D);
RIPEMD160_STEP_S (RIPEMD160_Go, d2, e2, a2, b2, c2, wa_t, RIPEMD160C80, RIPEMD160S8E);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, we_t, RIPEMD160C80, RIPEMD160S8F);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, wc_t, RIPEMD160C90, RIPEMD160S90);
RIPEMD160_STEP_S (RIPEMD160_F , a2, b2, c2, d2, e2, wf_t, RIPEMD160C90, RIPEMD160S91);
RIPEMD160_STEP_S (RIPEMD160_F , e2, a2, b2, c2, d2, wa_t, RIPEMD160C90, RIPEMD160S92);
RIPEMD160_STEP_S (RIPEMD160_F , d2, e2, a2, b2, c2, w4_t, RIPEMD160C90, RIPEMD160S93);
RIPEMD160_STEP_S (RIPEMD160_F , c2, d2, e2, a2, b2, w1_t, RIPEMD160C90, RIPEMD160S94);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, w5_t, RIPEMD160C90, RIPEMD160S95);
RIPEMD160_STEP_S (RIPEMD160_F , a2, b2, c2, d2, e2, w8_t, RIPEMD160C90, RIPEMD160S96);
RIPEMD160_STEP_S (RIPEMD160_F , e2, a2, b2, c2, d2, w7_t, RIPEMD160C90, RIPEMD160S97);
RIPEMD160_STEP_S (RIPEMD160_F , d2, e2, a2, b2, c2, w6_t, RIPEMD160C90, RIPEMD160S98);
RIPEMD160_STEP_S (RIPEMD160_F , c2, d2, e2, a2, b2, w2_t, RIPEMD160C90, RIPEMD160S99);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, wd_t, RIPEMD160C90, RIPEMD160S9A);
RIPEMD160_STEP_S (RIPEMD160_F , a2, b2, c2, d2, e2, we_t, RIPEMD160C90, RIPEMD160S9B);
RIPEMD160_STEP_S (RIPEMD160_F , e2, a2, b2, c2, d2, w0_t, RIPEMD160C90, RIPEMD160S9C);
RIPEMD160_STEP_S (RIPEMD160_F , d2, e2, a2, b2, c2, w3_t, RIPEMD160C90, RIPEMD160S9D);
RIPEMD160_STEP_S (RIPEMD160_F , c2, d2, e2, a2, b2, w9_t, RIPEMD160C90, RIPEMD160S9E);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, wb_t, RIPEMD160C90, RIPEMD160S9F);
const u32 a = digest[1] + c1 + d2;
const u32 b = digest[2] + d1 + e2;
const u32 c = digest[3] + e1 + a2;
const u32 d = digest[4] + a1 + b2;
const u32 e = digest[0] + b1 + c2;
digest[0] = a;
digest[1] = b;
digest[2] = c;
digest[3] = d;
digest[4] = e;
}
static void hmac_ripemd160_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5])
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = RIPEMD160M_A;
ipad[1] = RIPEMD160M_B;
ipad[2] = RIPEMD160M_C;
ipad[3] = RIPEMD160M_D;
ipad[4] = RIPEMD160M_E;
ripemd160_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = RIPEMD160M_A;
opad[1] = RIPEMD160M_B;
opad[2] = RIPEMD160M_C;
opad[3] = RIPEMD160M_D;
opad[4] = RIPEMD160M_E;
ripemd160_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_ripemd160_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5], u32 digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
ripemd160_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 20) * 8;
w3[3] = 0;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
ripemd160_transform_S (w0, w1, w2, w3, digest);
}
static void ripemd160_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[5])
{
u32x w0_t = w0[0];
u32x w1_t = w0[1];
u32x w2_t = w0[2];
u32x w3_t = w0[3];
u32x w4_t = w1[0];
u32x w5_t = w1[1];
u32x w6_t = w1[2];
u32x w7_t = w1[3];
u32x w8_t = w2[0];
u32x w9_t = w2[1];
u32x wa_t = w2[2];
u32x wb_t = w2[3];
u32x wc_t = w3[0];
u32x wd_t = w3[1];
u32x we_t = w3[2];
u32x wf_t = w3[3];
u32x a1 = digest[0];
u32x b1 = digest[1];
u32x c1 = digest[2];
u32x d1 = digest[3];
u32x e1 = digest[4];
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, w0_t, RIPEMD160C00, RIPEMD160S00);
RIPEMD160_STEP (RIPEMD160_F , e1, a1, b1, c1, d1, w1_t, RIPEMD160C00, RIPEMD160S01);
RIPEMD160_STEP (RIPEMD160_F , d1, e1, a1, b1, c1, w2_t, RIPEMD160C00, RIPEMD160S02);
RIPEMD160_STEP (RIPEMD160_F , c1, d1, e1, a1, b1, w3_t, RIPEMD160C00, RIPEMD160S03);
RIPEMD160_STEP (RIPEMD160_F , b1, c1, d1, e1, a1, w4_t, RIPEMD160C00, RIPEMD160S04);
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, w5_t, RIPEMD160C00, RIPEMD160S05);
RIPEMD160_STEP (RIPEMD160_F , e1, a1, b1, c1, d1, w6_t, RIPEMD160C00, RIPEMD160S06);
RIPEMD160_STEP (RIPEMD160_F , d1, e1, a1, b1, c1, w7_t, RIPEMD160C00, RIPEMD160S07);
RIPEMD160_STEP (RIPEMD160_F , c1, d1, e1, a1, b1, w8_t, RIPEMD160C00, RIPEMD160S08);
RIPEMD160_STEP (RIPEMD160_F , b1, c1, d1, e1, a1, w9_t, RIPEMD160C00, RIPEMD160S09);
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, wa_t, RIPEMD160C00, RIPEMD160S0A);
RIPEMD160_STEP (RIPEMD160_F , e1, a1, b1, c1, d1, wb_t, RIPEMD160C00, RIPEMD160S0B);
RIPEMD160_STEP (RIPEMD160_F , d1, e1, a1, b1, c1, wc_t, RIPEMD160C00, RIPEMD160S0C);
RIPEMD160_STEP (RIPEMD160_F , c1, d1, e1, a1, b1, wd_t, RIPEMD160C00, RIPEMD160S0D);
RIPEMD160_STEP (RIPEMD160_F , b1, c1, d1, e1, a1, we_t, RIPEMD160C00, RIPEMD160S0E);
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, wf_t, RIPEMD160C00, RIPEMD160S0F);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w7_t, RIPEMD160C10, RIPEMD160S10);
RIPEMD160_STEP (RIPEMD160_Go, d1, e1, a1, b1, c1, w4_t, RIPEMD160C10, RIPEMD160S11);
RIPEMD160_STEP (RIPEMD160_Go, c1, d1, e1, a1, b1, wd_t, RIPEMD160C10, RIPEMD160S12);
RIPEMD160_STEP (RIPEMD160_Go, b1, c1, d1, e1, a1, w1_t, RIPEMD160C10, RIPEMD160S13);
RIPEMD160_STEP (RIPEMD160_Go, a1, b1, c1, d1, e1, wa_t, RIPEMD160C10, RIPEMD160S14);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w6_t, RIPEMD160C10, RIPEMD160S15);
RIPEMD160_STEP (RIPEMD160_Go, d1, e1, a1, b1, c1, wf_t, RIPEMD160C10, RIPEMD160S16);
RIPEMD160_STEP (RIPEMD160_Go, c1, d1, e1, a1, b1, w3_t, RIPEMD160C10, RIPEMD160S17);
RIPEMD160_STEP (RIPEMD160_Go, b1, c1, d1, e1, a1, wc_t, RIPEMD160C10, RIPEMD160S18);
RIPEMD160_STEP (RIPEMD160_Go, a1, b1, c1, d1, e1, w0_t, RIPEMD160C10, RIPEMD160S19);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w9_t, RIPEMD160C10, RIPEMD160S1A);
RIPEMD160_STEP (RIPEMD160_Go, d1, e1, a1, b1, c1, w5_t, RIPEMD160C10, RIPEMD160S1B);
RIPEMD160_STEP (RIPEMD160_Go, c1, d1, e1, a1, b1, w2_t, RIPEMD160C10, RIPEMD160S1C);
RIPEMD160_STEP (RIPEMD160_Go, b1, c1, d1, e1, a1, we_t, RIPEMD160C10, RIPEMD160S1D);
RIPEMD160_STEP (RIPEMD160_Go, a1, b1, c1, d1, e1, wb_t, RIPEMD160C10, RIPEMD160S1E);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w8_t, RIPEMD160C10, RIPEMD160S1F);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, w3_t, RIPEMD160C20, RIPEMD160S20);
RIPEMD160_STEP (RIPEMD160_H , c1, d1, e1, a1, b1, wa_t, RIPEMD160C20, RIPEMD160S21);
RIPEMD160_STEP (RIPEMD160_H , b1, c1, d1, e1, a1, we_t, RIPEMD160C20, RIPEMD160S22);
RIPEMD160_STEP (RIPEMD160_H , a1, b1, c1, d1, e1, w4_t, RIPEMD160C20, RIPEMD160S23);
RIPEMD160_STEP (RIPEMD160_H , e1, a1, b1, c1, d1, w9_t, RIPEMD160C20, RIPEMD160S24);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, wf_t, RIPEMD160C20, RIPEMD160S25);
RIPEMD160_STEP (RIPEMD160_H , c1, d1, e1, a1, b1, w8_t, RIPEMD160C20, RIPEMD160S26);
RIPEMD160_STEP (RIPEMD160_H , b1, c1, d1, e1, a1, w1_t, RIPEMD160C20, RIPEMD160S27);
RIPEMD160_STEP (RIPEMD160_H , a1, b1, c1, d1, e1, w2_t, RIPEMD160C20, RIPEMD160S28);
RIPEMD160_STEP (RIPEMD160_H , e1, a1, b1, c1, d1, w7_t, RIPEMD160C20, RIPEMD160S29);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, w0_t, RIPEMD160C20, RIPEMD160S2A);
RIPEMD160_STEP (RIPEMD160_H , c1, d1, e1, a1, b1, w6_t, RIPEMD160C20, RIPEMD160S2B);
RIPEMD160_STEP (RIPEMD160_H , b1, c1, d1, e1, a1, wd_t, RIPEMD160C20, RIPEMD160S2C);
RIPEMD160_STEP (RIPEMD160_H , a1, b1, c1, d1, e1, wb_t, RIPEMD160C20, RIPEMD160S2D);
RIPEMD160_STEP (RIPEMD160_H , e1, a1, b1, c1, d1, w5_t, RIPEMD160C20, RIPEMD160S2E);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, wc_t, RIPEMD160C20, RIPEMD160S2F);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w1_t, RIPEMD160C30, RIPEMD160S30);
RIPEMD160_STEP (RIPEMD160_Io, b1, c1, d1, e1, a1, w9_t, RIPEMD160C30, RIPEMD160S31);
RIPEMD160_STEP (RIPEMD160_Io, a1, b1, c1, d1, e1, wb_t, RIPEMD160C30, RIPEMD160S32);
RIPEMD160_STEP (RIPEMD160_Io, e1, a1, b1, c1, d1, wa_t, RIPEMD160C30, RIPEMD160S33);
RIPEMD160_STEP (RIPEMD160_Io, d1, e1, a1, b1, c1, w0_t, RIPEMD160C30, RIPEMD160S34);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w8_t, RIPEMD160C30, RIPEMD160S35);
RIPEMD160_STEP (RIPEMD160_Io, b1, c1, d1, e1, a1, wc_t, RIPEMD160C30, RIPEMD160S36);
RIPEMD160_STEP (RIPEMD160_Io, a1, b1, c1, d1, e1, w4_t, RIPEMD160C30, RIPEMD160S37);
RIPEMD160_STEP (RIPEMD160_Io, e1, a1, b1, c1, d1, wd_t, RIPEMD160C30, RIPEMD160S38);
RIPEMD160_STEP (RIPEMD160_Io, d1, e1, a1, b1, c1, w3_t, RIPEMD160C30, RIPEMD160S39);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w7_t, RIPEMD160C30, RIPEMD160S3A);
RIPEMD160_STEP (RIPEMD160_Io, b1, c1, d1, e1, a1, wf_t, RIPEMD160C30, RIPEMD160S3B);
RIPEMD160_STEP (RIPEMD160_Io, a1, b1, c1, d1, e1, we_t, RIPEMD160C30, RIPEMD160S3C);
RIPEMD160_STEP (RIPEMD160_Io, e1, a1, b1, c1, d1, w5_t, RIPEMD160C30, RIPEMD160S3D);
RIPEMD160_STEP (RIPEMD160_Io, d1, e1, a1, b1, c1, w6_t, RIPEMD160C30, RIPEMD160S3E);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w2_t, RIPEMD160C30, RIPEMD160S3F);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, w4_t, RIPEMD160C40, RIPEMD160S40);
RIPEMD160_STEP (RIPEMD160_J , a1, b1, c1, d1, e1, w0_t, RIPEMD160C40, RIPEMD160S41);
RIPEMD160_STEP (RIPEMD160_J , e1, a1, b1, c1, d1, w5_t, RIPEMD160C40, RIPEMD160S42);
RIPEMD160_STEP (RIPEMD160_J , d1, e1, a1, b1, c1, w9_t, RIPEMD160C40, RIPEMD160S43);
RIPEMD160_STEP (RIPEMD160_J , c1, d1, e1, a1, b1, w7_t, RIPEMD160C40, RIPEMD160S44);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, wc_t, RIPEMD160C40, RIPEMD160S45);
RIPEMD160_STEP (RIPEMD160_J , a1, b1, c1, d1, e1, w2_t, RIPEMD160C40, RIPEMD160S46);
RIPEMD160_STEP (RIPEMD160_J , e1, a1, b1, c1, d1, wa_t, RIPEMD160C40, RIPEMD160S47);
RIPEMD160_STEP (RIPEMD160_J , d1, e1, a1, b1, c1, we_t, RIPEMD160C40, RIPEMD160S48);
RIPEMD160_STEP (RIPEMD160_J , c1, d1, e1, a1, b1, w1_t, RIPEMD160C40, RIPEMD160S49);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, w3_t, RIPEMD160C40, RIPEMD160S4A);
RIPEMD160_STEP (RIPEMD160_J , a1, b1, c1, d1, e1, w8_t, RIPEMD160C40, RIPEMD160S4B);
RIPEMD160_STEP (RIPEMD160_J , e1, a1, b1, c1, d1, wb_t, RIPEMD160C40, RIPEMD160S4C);
RIPEMD160_STEP (RIPEMD160_J , d1, e1, a1, b1, c1, w6_t, RIPEMD160C40, RIPEMD160S4D);
RIPEMD160_STEP (RIPEMD160_J , c1, d1, e1, a1, b1, wf_t, RIPEMD160C40, RIPEMD160S4E);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, wd_t, RIPEMD160C40, RIPEMD160S4F);
u32x a2 = digest[0];
u32x b2 = digest[1];
u32x c2 = digest[2];
u32x d2 = digest[3];
u32x e2 = digest[4];
RIPEMD160_STEP_WORKAROUND_BUG (RIPEMD160_J , a2, b2, c2, d2, e2, w5_t, RIPEMD160C50, RIPEMD160S50);
RIPEMD160_STEP (RIPEMD160_J , e2, a2, b2, c2, d2, we_t, RIPEMD160C50, RIPEMD160S51);
RIPEMD160_STEP (RIPEMD160_J , d2, e2, a2, b2, c2, w7_t, RIPEMD160C50, RIPEMD160S52);
RIPEMD160_STEP (RIPEMD160_J , c2, d2, e2, a2, b2, w0_t, RIPEMD160C50, RIPEMD160S53);
RIPEMD160_STEP (RIPEMD160_J , b2, c2, d2, e2, a2, w9_t, RIPEMD160C50, RIPEMD160S54);
RIPEMD160_STEP (RIPEMD160_J , a2, b2, c2, d2, e2, w2_t, RIPEMD160C50, RIPEMD160S55);
RIPEMD160_STEP (RIPEMD160_J , e2, a2, b2, c2, d2, wb_t, RIPEMD160C50, RIPEMD160S56);
RIPEMD160_STEP (RIPEMD160_J , d2, e2, a2, b2, c2, w4_t, RIPEMD160C50, RIPEMD160S57);
RIPEMD160_STEP (RIPEMD160_J , c2, d2, e2, a2, b2, wd_t, RIPEMD160C50, RIPEMD160S58);
RIPEMD160_STEP (RIPEMD160_J , b2, c2, d2, e2, a2, w6_t, RIPEMD160C50, RIPEMD160S59);
RIPEMD160_STEP (RIPEMD160_J , a2, b2, c2, d2, e2, wf_t, RIPEMD160C50, RIPEMD160S5A);
RIPEMD160_STEP (RIPEMD160_J , e2, a2, b2, c2, d2, w8_t, RIPEMD160C50, RIPEMD160S5B);
RIPEMD160_STEP (RIPEMD160_J , d2, e2, a2, b2, c2, w1_t, RIPEMD160C50, RIPEMD160S5C);
RIPEMD160_STEP (RIPEMD160_J , c2, d2, e2, a2, b2, wa_t, RIPEMD160C50, RIPEMD160S5D);
RIPEMD160_STEP (RIPEMD160_J , b2, c2, d2, e2, a2, w3_t, RIPEMD160C50, RIPEMD160S5E);
RIPEMD160_STEP (RIPEMD160_J , a2, b2, c2, d2, e2, wc_t, RIPEMD160C50, RIPEMD160S5F);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, w6_t, RIPEMD160C60, RIPEMD160S60);
RIPEMD160_STEP (RIPEMD160_Io, d2, e2, a2, b2, c2, wb_t, RIPEMD160C60, RIPEMD160S61);
RIPEMD160_STEP (RIPEMD160_Io, c2, d2, e2, a2, b2, w3_t, RIPEMD160C60, RIPEMD160S62);
RIPEMD160_STEP (RIPEMD160_Io, b2, c2, d2, e2, a2, w7_t, RIPEMD160C60, RIPEMD160S63);
RIPEMD160_STEP (RIPEMD160_Io, a2, b2, c2, d2, e2, w0_t, RIPEMD160C60, RIPEMD160S64);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, wd_t, RIPEMD160C60, RIPEMD160S65);
RIPEMD160_STEP (RIPEMD160_Io, d2, e2, a2, b2, c2, w5_t, RIPEMD160C60, RIPEMD160S66);
RIPEMD160_STEP (RIPEMD160_Io, c2, d2, e2, a2, b2, wa_t, RIPEMD160C60, RIPEMD160S67);
RIPEMD160_STEP (RIPEMD160_Io, b2, c2, d2, e2, a2, we_t, RIPEMD160C60, RIPEMD160S68);
RIPEMD160_STEP (RIPEMD160_Io, a2, b2, c2, d2, e2, wf_t, RIPEMD160C60, RIPEMD160S69);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, w8_t, RIPEMD160C60, RIPEMD160S6A);
RIPEMD160_STEP (RIPEMD160_Io, d2, e2, a2, b2, c2, wc_t, RIPEMD160C60, RIPEMD160S6B);
RIPEMD160_STEP (RIPEMD160_Io, c2, d2, e2, a2, b2, w4_t, RIPEMD160C60, RIPEMD160S6C);
RIPEMD160_STEP (RIPEMD160_Io, b2, c2, d2, e2, a2, w9_t, RIPEMD160C60, RIPEMD160S6D);
RIPEMD160_STEP (RIPEMD160_Io, a2, b2, c2, d2, e2, w1_t, RIPEMD160C60, RIPEMD160S6E);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, w2_t, RIPEMD160C60, RIPEMD160S6F);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, wf_t, RIPEMD160C70, RIPEMD160S70);
RIPEMD160_STEP (RIPEMD160_H , c2, d2, e2, a2, b2, w5_t, RIPEMD160C70, RIPEMD160S71);
RIPEMD160_STEP (RIPEMD160_H , b2, c2, d2, e2, a2, w1_t, RIPEMD160C70, RIPEMD160S72);
RIPEMD160_STEP (RIPEMD160_H , a2, b2, c2, d2, e2, w3_t, RIPEMD160C70, RIPEMD160S73);
RIPEMD160_STEP (RIPEMD160_H , e2, a2, b2, c2, d2, w7_t, RIPEMD160C70, RIPEMD160S74);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, we_t, RIPEMD160C70, RIPEMD160S75);
RIPEMD160_STEP (RIPEMD160_H , c2, d2, e2, a2, b2, w6_t, RIPEMD160C70, RIPEMD160S76);
RIPEMD160_STEP (RIPEMD160_H , b2, c2, d2, e2, a2, w9_t, RIPEMD160C70, RIPEMD160S77);
RIPEMD160_STEP (RIPEMD160_H , a2, b2, c2, d2, e2, wb_t, RIPEMD160C70, RIPEMD160S78);
RIPEMD160_STEP (RIPEMD160_H , e2, a2, b2, c2, d2, w8_t, RIPEMD160C70, RIPEMD160S79);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, wc_t, RIPEMD160C70, RIPEMD160S7A);
RIPEMD160_STEP (RIPEMD160_H , c2, d2, e2, a2, b2, w2_t, RIPEMD160C70, RIPEMD160S7B);
RIPEMD160_STEP (RIPEMD160_H , b2, c2, d2, e2, a2, wa_t, RIPEMD160C70, RIPEMD160S7C);
RIPEMD160_STEP (RIPEMD160_H , a2, b2, c2, d2, e2, w0_t, RIPEMD160C70, RIPEMD160S7D);
RIPEMD160_STEP (RIPEMD160_H , e2, a2, b2, c2, d2, w4_t, RIPEMD160C70, RIPEMD160S7E);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, wd_t, RIPEMD160C70, RIPEMD160S7F);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, w8_t, RIPEMD160C80, RIPEMD160S80);
RIPEMD160_STEP (RIPEMD160_Go, b2, c2, d2, e2, a2, w6_t, RIPEMD160C80, RIPEMD160S81);
RIPEMD160_STEP (RIPEMD160_Go, a2, b2, c2, d2, e2, w4_t, RIPEMD160C80, RIPEMD160S82);
RIPEMD160_STEP (RIPEMD160_Go, e2, a2, b2, c2, d2, w1_t, RIPEMD160C80, RIPEMD160S83);
RIPEMD160_STEP (RIPEMD160_Go, d2, e2, a2, b2, c2, w3_t, RIPEMD160C80, RIPEMD160S84);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, wb_t, RIPEMD160C80, RIPEMD160S85);
RIPEMD160_STEP (RIPEMD160_Go, b2, c2, d2, e2, a2, wf_t, RIPEMD160C80, RIPEMD160S86);
RIPEMD160_STEP (RIPEMD160_Go, a2, b2, c2, d2, e2, w0_t, RIPEMD160C80, RIPEMD160S87);
RIPEMD160_STEP (RIPEMD160_Go, e2, a2, b2, c2, d2, w5_t, RIPEMD160C80, RIPEMD160S88);
RIPEMD160_STEP (RIPEMD160_Go, d2, e2, a2, b2, c2, wc_t, RIPEMD160C80, RIPEMD160S89);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, w2_t, RIPEMD160C80, RIPEMD160S8A);
RIPEMD160_STEP (RIPEMD160_Go, b2, c2, d2, e2, a2, wd_t, RIPEMD160C80, RIPEMD160S8B);
RIPEMD160_STEP (RIPEMD160_Go, a2, b2, c2, d2, e2, w9_t, RIPEMD160C80, RIPEMD160S8C);
RIPEMD160_STEP (RIPEMD160_Go, e2, a2, b2, c2, d2, w7_t, RIPEMD160C80, RIPEMD160S8D);
RIPEMD160_STEP (RIPEMD160_Go, d2, e2, a2, b2, c2, wa_t, RIPEMD160C80, RIPEMD160S8E);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, we_t, RIPEMD160C80, RIPEMD160S8F);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, wc_t, RIPEMD160C90, RIPEMD160S90);
RIPEMD160_STEP (RIPEMD160_F , a2, b2, c2, d2, e2, wf_t, RIPEMD160C90, RIPEMD160S91);
RIPEMD160_STEP (RIPEMD160_F , e2, a2, b2, c2, d2, wa_t, RIPEMD160C90, RIPEMD160S92);
RIPEMD160_STEP (RIPEMD160_F , d2, e2, a2, b2, c2, w4_t, RIPEMD160C90, RIPEMD160S93);
RIPEMD160_STEP (RIPEMD160_F , c2, d2, e2, a2, b2, w1_t, RIPEMD160C90, RIPEMD160S94);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, w5_t, RIPEMD160C90, RIPEMD160S95);
RIPEMD160_STEP (RIPEMD160_F , a2, b2, c2, d2, e2, w8_t, RIPEMD160C90, RIPEMD160S96);
RIPEMD160_STEP (RIPEMD160_F , e2, a2, b2, c2, d2, w7_t, RIPEMD160C90, RIPEMD160S97);
RIPEMD160_STEP (RIPEMD160_F , d2, e2, a2, b2, c2, w6_t, RIPEMD160C90, RIPEMD160S98);
RIPEMD160_STEP (RIPEMD160_F , c2, d2, e2, a2, b2, w2_t, RIPEMD160C90, RIPEMD160S99);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, wd_t, RIPEMD160C90, RIPEMD160S9A);
RIPEMD160_STEP (RIPEMD160_F , a2, b2, c2, d2, e2, we_t, RIPEMD160C90, RIPEMD160S9B);
RIPEMD160_STEP (RIPEMD160_F , e2, a2, b2, c2, d2, w0_t, RIPEMD160C90, RIPEMD160S9C);
RIPEMD160_STEP (RIPEMD160_F , d2, e2, a2, b2, c2, w3_t, RIPEMD160C90, RIPEMD160S9D);
RIPEMD160_STEP (RIPEMD160_F , c2, d2, e2, a2, b2, w9_t, RIPEMD160C90, RIPEMD160S9E);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, wb_t, RIPEMD160C90, RIPEMD160S9F);
const u32x a = digest[1] + c1 + d2;
const u32x b = digest[2] + d1 + e2;
const u32x c = digest[3] + e1 + a2;
const u32x d = digest[4] + a1 + b2;
const u32x e = digest[0] + b1 + c2;
digest[0] = a;
digest[1] = b;
digest[2] = c;
digest[3] = d;
digest[4] = e;
}
static void hmac_ripemd160_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[5], u32x opad[5], u32x digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
ripemd160_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 20) * 8;
w3[3] = 0;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
ripemd160_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14642_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
u32 w2[4];
w2[0] = pws[gid].i[ 8];
w2[1] = pws[gid].i[ 9];
w2[2] = pws[gid].i[10];
w2[3] = pws[gid].i[11];
u32 w3[4];
w3[0] = pws[gid].i[12];
w3[1] = pws[gid].i[13];
w3[2] = pws[gid].i[14];
w3[3] = pws[gid].i[15];
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u32 salt_buf0[4];
u32 salt_buf1[4];
salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0];
salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1];
salt_buf0[2] = salt_bufs[salt_pos].salt_buf[2];
salt_buf0[3] = salt_bufs[salt_pos].salt_buf[3];
salt_buf1[0] = salt_bufs[salt_pos].salt_buf[4];
salt_buf1[1] = salt_bufs[salt_pos].salt_buf[5];
salt_buf1[2] = salt_bufs[salt_pos].salt_buf[6];
salt_buf1[3] = salt_bufs[salt_pos].salt_buf[7];
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
u32 ipad[5];
u32 opad[5];
hmac_ripemd160_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad32[0] = ipad[0];
tmps[gid].ipad32[1] = ipad[1];
tmps[gid].ipad32[2] = ipad[2];
tmps[gid].ipad32[3] = ipad[3];
tmps[gid].ipad32[4] = ipad[4];
tmps[gid].opad32[0] = opad[0];
tmps[gid].opad32[1] = opad[1];
tmps[gid].opad32[2] = opad[2];
tmps[gid].opad32[3] = opad[3];
tmps[gid].opad32[4] = opad[4];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 5, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = salt_buf1[0];
w1[1] = salt_buf1[1];
w1[2] = salt_buf1[2];
w1[3] = salt_buf1[3];
w2[0] = j << 24;
w2[1] = 0x80;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + salt_len + 4) * 8;
w3[3] = 0;
u32 dgst[5];
hmac_ripemd160_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst32[i + 0] = dgst[0];
tmps[gid].dgst32[i + 1] = dgst[1];
tmps[gid].dgst32[i + 2] = dgst[2];
tmps[gid].dgst32[i + 3] = dgst[3];
tmps[gid].dgst32[i + 4] = dgst[4];
tmps[gid].out32[i + 0] = dgst[0];
tmps[gid].out32[i + 1] = dgst[1];
tmps[gid].out32[i + 2] = dgst[2];
tmps[gid].out32[i + 3] = dgst[3];
tmps[gid].out32[i + 4] = dgst[4];
}
}
__kernel void m14642_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[5];
u32x opad[5];
ipad[0] = packv (tmps, ipad32, gid, 0);
ipad[1] = packv (tmps, ipad32, gid, 1);
ipad[2] = packv (tmps, ipad32, gid, 2);
ipad[3] = packv (tmps, ipad32, gid, 3);
ipad[4] = packv (tmps, ipad32, gid, 4);
opad[0] = packv (tmps, opad32, gid, 0);
opad[1] = packv (tmps, opad32, gid, 1);
opad[2] = packv (tmps, opad32, gid, 2);
opad[3] = packv (tmps, opad32, gid, 3);
opad[4] = packv (tmps, opad32, gid, 4);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 5)
{
u32x dgst[5];
u32x out[5];
dgst[0] = packv (tmps, dgst32, gid, i + 0);
dgst[1] = packv (tmps, dgst32, gid, i + 1);
dgst[2] = packv (tmps, dgst32, gid, i + 2);
dgst[3] = packv (tmps, dgst32, gid, i + 3);
dgst[4] = packv (tmps, dgst32, gid, i + 4);
out[0] = packv (tmps, out32, gid, i + 0);
out[1] = packv (tmps, out32, gid, i + 1);
out[2] = packv (tmps, out32, gid, i + 2);
out[3] = packv (tmps, out32, gid, i + 3);
out[4] = packv (tmps, out32, gid, i + 4);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = 0x80;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 20) * 8;
w3[3] = 0;
hmac_ripemd160_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
}
unpackv (tmps, dgst32, gid, i + 0, dgst[0]);
unpackv (tmps, dgst32, gid, i + 1, dgst[1]);
unpackv (tmps, dgst32, gid, i + 2, dgst[2]);
unpackv (tmps, dgst32, gid, i + 3, dgst[3]);
unpackv (tmps, dgst32, gid, i + 4, dgst[4]);
unpackv (tmps, out32, gid, i + 0, out[0]);
unpackv (tmps, out32, gid, i + 1, out[1]);
unpackv (tmps, out32, gid, i + 2, out[2]);
unpackv (tmps, out32, gid, i + 3, out[3]);
unpackv (tmps, out32, gid, i + 4, out[4]);
}
}
__kernel void m14642_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_ripemd160_then_serpent_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

808
OpenCL/m14643.cl
Unescape View File

@ -0,0 +1,808 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define _LUKS_
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_cipher_twofish.cl"
#include "inc_luks_af.cl"
#include "inc_luks_essiv.cl"
#include "inc_luks_xts.cl"
#include "inc_luks_twofish.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
#define MAX_ENTROPY 7.0
static void ripemd160_transform_S (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[5])
{
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
u32 a1 = digest[0];
u32 b1 = digest[1];
u32 c1 = digest[2];
u32 d1 = digest[3];
u32 e1 = digest[4];
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, w0_t, RIPEMD160C00, RIPEMD160S00);
RIPEMD160_STEP_S (RIPEMD160_F , e1, a1, b1, c1, d1, w1_t, RIPEMD160C00, RIPEMD160S01);
RIPEMD160_STEP_S (RIPEMD160_F , d1, e1, a1, b1, c1, w2_t, RIPEMD160C00, RIPEMD160S02);
RIPEMD160_STEP_S (RIPEMD160_F , c1, d1, e1, a1, b1, w3_t, RIPEMD160C00, RIPEMD160S03);
RIPEMD160_STEP_S (RIPEMD160_F , b1, c1, d1, e1, a1, w4_t, RIPEMD160C00, RIPEMD160S04);
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, w5_t, RIPEMD160C00, RIPEMD160S05);
RIPEMD160_STEP_S (RIPEMD160_F , e1, a1, b1, c1, d1, w6_t, RIPEMD160C00, RIPEMD160S06);
RIPEMD160_STEP_S (RIPEMD160_F , d1, e1, a1, b1, c1, w7_t, RIPEMD160C00, RIPEMD160S07);
RIPEMD160_STEP_S (RIPEMD160_F , c1, d1, e1, a1, b1, w8_t, RIPEMD160C00, RIPEMD160S08);
RIPEMD160_STEP_S (RIPEMD160_F , b1, c1, d1, e1, a1, w9_t, RIPEMD160C00, RIPEMD160S09);
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, wa_t, RIPEMD160C00, RIPEMD160S0A);
RIPEMD160_STEP_S (RIPEMD160_F , e1, a1, b1, c1, d1, wb_t, RIPEMD160C00, RIPEMD160S0B);
RIPEMD160_STEP_S (RIPEMD160_F , d1, e1, a1, b1, c1, wc_t, RIPEMD160C00, RIPEMD160S0C);
RIPEMD160_STEP_S (RIPEMD160_F , c1, d1, e1, a1, b1, wd_t, RIPEMD160C00, RIPEMD160S0D);
RIPEMD160_STEP_S (RIPEMD160_F , b1, c1, d1, e1, a1, we_t, RIPEMD160C00, RIPEMD160S0E);
RIPEMD160_STEP_S (RIPEMD160_F , a1, b1, c1, d1, e1, wf_t, RIPEMD160C00, RIPEMD160S0F);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w7_t, RIPEMD160C10, RIPEMD160S10);
RIPEMD160_STEP_S (RIPEMD160_Go, d1, e1, a1, b1, c1, w4_t, RIPEMD160C10, RIPEMD160S11);
RIPEMD160_STEP_S (RIPEMD160_Go, c1, d1, e1, a1, b1, wd_t, RIPEMD160C10, RIPEMD160S12);
RIPEMD160_STEP_S (RIPEMD160_Go, b1, c1, d1, e1, a1, w1_t, RIPEMD160C10, RIPEMD160S13);
RIPEMD160_STEP_S (RIPEMD160_Go, a1, b1, c1, d1, e1, wa_t, RIPEMD160C10, RIPEMD160S14);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w6_t, RIPEMD160C10, RIPEMD160S15);
RIPEMD160_STEP_S (RIPEMD160_Go, d1, e1, a1, b1, c1, wf_t, RIPEMD160C10, RIPEMD160S16);
RIPEMD160_STEP_S (RIPEMD160_Go, c1, d1, e1, a1, b1, w3_t, RIPEMD160C10, RIPEMD160S17);
RIPEMD160_STEP_S (RIPEMD160_Go, b1, c1, d1, e1, a1, wc_t, RIPEMD160C10, RIPEMD160S18);
RIPEMD160_STEP_S (RIPEMD160_Go, a1, b1, c1, d1, e1, w0_t, RIPEMD160C10, RIPEMD160S19);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w9_t, RIPEMD160C10, RIPEMD160S1A);
RIPEMD160_STEP_S (RIPEMD160_Go, d1, e1, a1, b1, c1, w5_t, RIPEMD160C10, RIPEMD160S1B);
RIPEMD160_STEP_S (RIPEMD160_Go, c1, d1, e1, a1, b1, w2_t, RIPEMD160C10, RIPEMD160S1C);
RIPEMD160_STEP_S (RIPEMD160_Go, b1, c1, d1, e1, a1, we_t, RIPEMD160C10, RIPEMD160S1D);
RIPEMD160_STEP_S (RIPEMD160_Go, a1, b1, c1, d1, e1, wb_t, RIPEMD160C10, RIPEMD160S1E);
RIPEMD160_STEP_S (RIPEMD160_Go, e1, a1, b1, c1, d1, w8_t, RIPEMD160C10, RIPEMD160S1F);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, w3_t, RIPEMD160C20, RIPEMD160S20);
RIPEMD160_STEP_S (RIPEMD160_H , c1, d1, e1, a1, b1, wa_t, RIPEMD160C20, RIPEMD160S21);
RIPEMD160_STEP_S (RIPEMD160_H , b1, c1, d1, e1, a1, we_t, RIPEMD160C20, RIPEMD160S22);
RIPEMD160_STEP_S (RIPEMD160_H , a1, b1, c1, d1, e1, w4_t, RIPEMD160C20, RIPEMD160S23);
RIPEMD160_STEP_S (RIPEMD160_H , e1, a1, b1, c1, d1, w9_t, RIPEMD160C20, RIPEMD160S24);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, wf_t, RIPEMD160C20, RIPEMD160S25);
RIPEMD160_STEP_S (RIPEMD160_H , c1, d1, e1, a1, b1, w8_t, RIPEMD160C20, RIPEMD160S26);
RIPEMD160_STEP_S (RIPEMD160_H , b1, c1, d1, e1, a1, w1_t, RIPEMD160C20, RIPEMD160S27);
RIPEMD160_STEP_S (RIPEMD160_H , a1, b1, c1, d1, e1, w2_t, RIPEMD160C20, RIPEMD160S28);
RIPEMD160_STEP_S (RIPEMD160_H , e1, a1, b1, c1, d1, w7_t, RIPEMD160C20, RIPEMD160S29);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, w0_t, RIPEMD160C20, RIPEMD160S2A);
RIPEMD160_STEP_S (RIPEMD160_H , c1, d1, e1, a1, b1, w6_t, RIPEMD160C20, RIPEMD160S2B);
RIPEMD160_STEP_S (RIPEMD160_H , b1, c1, d1, e1, a1, wd_t, RIPEMD160C20, RIPEMD160S2C);
RIPEMD160_STEP_S (RIPEMD160_H , a1, b1, c1, d1, e1, wb_t, RIPEMD160C20, RIPEMD160S2D);
RIPEMD160_STEP_S (RIPEMD160_H , e1, a1, b1, c1, d1, w5_t, RIPEMD160C20, RIPEMD160S2E);
RIPEMD160_STEP_S (RIPEMD160_H , d1, e1, a1, b1, c1, wc_t, RIPEMD160C20, RIPEMD160S2F);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w1_t, RIPEMD160C30, RIPEMD160S30);
RIPEMD160_STEP_S (RIPEMD160_Io, b1, c1, d1, e1, a1, w9_t, RIPEMD160C30, RIPEMD160S31);
RIPEMD160_STEP_S (RIPEMD160_Io, a1, b1, c1, d1, e1, wb_t, RIPEMD160C30, RIPEMD160S32);
RIPEMD160_STEP_S (RIPEMD160_Io, e1, a1, b1, c1, d1, wa_t, RIPEMD160C30, RIPEMD160S33);
RIPEMD160_STEP_S (RIPEMD160_Io, d1, e1, a1, b1, c1, w0_t, RIPEMD160C30, RIPEMD160S34);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w8_t, RIPEMD160C30, RIPEMD160S35);
RIPEMD160_STEP_S (RIPEMD160_Io, b1, c1, d1, e1, a1, wc_t, RIPEMD160C30, RIPEMD160S36);
RIPEMD160_STEP_S (RIPEMD160_Io, a1, b1, c1, d1, e1, w4_t, RIPEMD160C30, RIPEMD160S37);
RIPEMD160_STEP_S (RIPEMD160_Io, e1, a1, b1, c1, d1, wd_t, RIPEMD160C30, RIPEMD160S38);
RIPEMD160_STEP_S (RIPEMD160_Io, d1, e1, a1, b1, c1, w3_t, RIPEMD160C30, RIPEMD160S39);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w7_t, RIPEMD160C30, RIPEMD160S3A);
RIPEMD160_STEP_S (RIPEMD160_Io, b1, c1, d1, e1, a1, wf_t, RIPEMD160C30, RIPEMD160S3B);
RIPEMD160_STEP_S (RIPEMD160_Io, a1, b1, c1, d1, e1, we_t, RIPEMD160C30, RIPEMD160S3C);
RIPEMD160_STEP_S (RIPEMD160_Io, e1, a1, b1, c1, d1, w5_t, RIPEMD160C30, RIPEMD160S3D);
RIPEMD160_STEP_S (RIPEMD160_Io, d1, e1, a1, b1, c1, w6_t, RIPEMD160C30, RIPEMD160S3E);
RIPEMD160_STEP_S (RIPEMD160_Io, c1, d1, e1, a1, b1, w2_t, RIPEMD160C30, RIPEMD160S3F);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, w4_t, RIPEMD160C40, RIPEMD160S40);
RIPEMD160_STEP_S (RIPEMD160_J , a1, b1, c1, d1, e1, w0_t, RIPEMD160C40, RIPEMD160S41);
RIPEMD160_STEP_S (RIPEMD160_J , e1, a1, b1, c1, d1, w5_t, RIPEMD160C40, RIPEMD160S42);
RIPEMD160_STEP_S (RIPEMD160_J , d1, e1, a1, b1, c1, w9_t, RIPEMD160C40, RIPEMD160S43);
RIPEMD160_STEP_S (RIPEMD160_J , c1, d1, e1, a1, b1, w7_t, RIPEMD160C40, RIPEMD160S44);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, wc_t, RIPEMD160C40, RIPEMD160S45);
RIPEMD160_STEP_S (RIPEMD160_J , a1, b1, c1, d1, e1, w2_t, RIPEMD160C40, RIPEMD160S46);
RIPEMD160_STEP_S (RIPEMD160_J , e1, a1, b1, c1, d1, wa_t, RIPEMD160C40, RIPEMD160S47);
RIPEMD160_STEP_S (RIPEMD160_J , d1, e1, a1, b1, c1, we_t, RIPEMD160C40, RIPEMD160S48);
RIPEMD160_STEP_S (RIPEMD160_J , c1, d1, e1, a1, b1, w1_t, RIPEMD160C40, RIPEMD160S49);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, w3_t, RIPEMD160C40, RIPEMD160S4A);
RIPEMD160_STEP_S (RIPEMD160_J , a1, b1, c1, d1, e1, w8_t, RIPEMD160C40, RIPEMD160S4B);
RIPEMD160_STEP_S (RIPEMD160_J , e1, a1, b1, c1, d1, wb_t, RIPEMD160C40, RIPEMD160S4C);
RIPEMD160_STEP_S (RIPEMD160_J , d1, e1, a1, b1, c1, w6_t, RIPEMD160C40, RIPEMD160S4D);
RIPEMD160_STEP_S (RIPEMD160_J , c1, d1, e1, a1, b1, wf_t, RIPEMD160C40, RIPEMD160S4E);
RIPEMD160_STEP_S (RIPEMD160_J , b1, c1, d1, e1, a1, wd_t, RIPEMD160C40, RIPEMD160S4F);
u32 a2 = digest[0];
u32 b2 = digest[1];
u32 c2 = digest[2];
u32 d2 = digest[3];
u32 e2 = digest[4];
RIPEMD160_STEP_S_WORKAROUND_BUG (RIPEMD160_J , a2, b2, c2, d2, e2, w5_t, RIPEMD160C50, RIPEMD160S50);
RIPEMD160_STEP_S (RIPEMD160_J , e2, a2, b2, c2, d2, we_t, RIPEMD160C50, RIPEMD160S51);
RIPEMD160_STEP_S (RIPEMD160_J , d2, e2, a2, b2, c2, w7_t, RIPEMD160C50, RIPEMD160S52);
RIPEMD160_STEP_S (RIPEMD160_J , c2, d2, e2, a2, b2, w0_t, RIPEMD160C50, RIPEMD160S53);
RIPEMD160_STEP_S (RIPEMD160_J , b2, c2, d2, e2, a2, w9_t, RIPEMD160C50, RIPEMD160S54);
RIPEMD160_STEP_S (RIPEMD160_J , a2, b2, c2, d2, e2, w2_t, RIPEMD160C50, RIPEMD160S55);
RIPEMD160_STEP_S (RIPEMD160_J , e2, a2, b2, c2, d2, wb_t, RIPEMD160C50, RIPEMD160S56);
RIPEMD160_STEP_S (RIPEMD160_J , d2, e2, a2, b2, c2, w4_t, RIPEMD160C50, RIPEMD160S57);
RIPEMD160_STEP_S (RIPEMD160_J , c2, d2, e2, a2, b2, wd_t, RIPEMD160C50, RIPEMD160S58);
RIPEMD160_STEP_S (RIPEMD160_J , b2, c2, d2, e2, a2, w6_t, RIPEMD160C50, RIPEMD160S59);
RIPEMD160_STEP_S (RIPEMD160_J , a2, b2, c2, d2, e2, wf_t, RIPEMD160C50, RIPEMD160S5A);
RIPEMD160_STEP_S (RIPEMD160_J , e2, a2, b2, c2, d2, w8_t, RIPEMD160C50, RIPEMD160S5B);
RIPEMD160_STEP_S (RIPEMD160_J , d2, e2, a2, b2, c2, w1_t, RIPEMD160C50, RIPEMD160S5C);
RIPEMD160_STEP_S (RIPEMD160_J , c2, d2, e2, a2, b2, wa_t, RIPEMD160C50, RIPEMD160S5D);
RIPEMD160_STEP_S (RIPEMD160_J , b2, c2, d2, e2, a2, w3_t, RIPEMD160C50, RIPEMD160S5E);
RIPEMD160_STEP_S (RIPEMD160_J , a2, b2, c2, d2, e2, wc_t, RIPEMD160C50, RIPEMD160S5F);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, w6_t, RIPEMD160C60, RIPEMD160S60);
RIPEMD160_STEP_S (RIPEMD160_Io, d2, e2, a2, b2, c2, wb_t, RIPEMD160C60, RIPEMD160S61);
RIPEMD160_STEP_S (RIPEMD160_Io, c2, d2, e2, a2, b2, w3_t, RIPEMD160C60, RIPEMD160S62);
RIPEMD160_STEP_S (RIPEMD160_Io, b2, c2, d2, e2, a2, w7_t, RIPEMD160C60, RIPEMD160S63);
RIPEMD160_STEP_S (RIPEMD160_Io, a2, b2, c2, d2, e2, w0_t, RIPEMD160C60, RIPEMD160S64);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, wd_t, RIPEMD160C60, RIPEMD160S65);
RIPEMD160_STEP_S (RIPEMD160_Io, d2, e2, a2, b2, c2, w5_t, RIPEMD160C60, RIPEMD160S66);
RIPEMD160_STEP_S (RIPEMD160_Io, c2, d2, e2, a2, b2, wa_t, RIPEMD160C60, RIPEMD160S67);
RIPEMD160_STEP_S (RIPEMD160_Io, b2, c2, d2, e2, a2, we_t, RIPEMD160C60, RIPEMD160S68);
RIPEMD160_STEP_S (RIPEMD160_Io, a2, b2, c2, d2, e2, wf_t, RIPEMD160C60, RIPEMD160S69);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, w8_t, RIPEMD160C60, RIPEMD160S6A);
RIPEMD160_STEP_S (RIPEMD160_Io, d2, e2, a2, b2, c2, wc_t, RIPEMD160C60, RIPEMD160S6B);
RIPEMD160_STEP_S (RIPEMD160_Io, c2, d2, e2, a2, b2, w4_t, RIPEMD160C60, RIPEMD160S6C);
RIPEMD160_STEP_S (RIPEMD160_Io, b2, c2, d2, e2, a2, w9_t, RIPEMD160C60, RIPEMD160S6D);
RIPEMD160_STEP_S (RIPEMD160_Io, a2, b2, c2, d2, e2, w1_t, RIPEMD160C60, RIPEMD160S6E);
RIPEMD160_STEP_S (RIPEMD160_Io, e2, a2, b2, c2, d2, w2_t, RIPEMD160C60, RIPEMD160S6F);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, wf_t, RIPEMD160C70, RIPEMD160S70);
RIPEMD160_STEP_S (RIPEMD160_H , c2, d2, e2, a2, b2, w5_t, RIPEMD160C70, RIPEMD160S71);
RIPEMD160_STEP_S (RIPEMD160_H , b2, c2, d2, e2, a2, w1_t, RIPEMD160C70, RIPEMD160S72);
RIPEMD160_STEP_S (RIPEMD160_H , a2, b2, c2, d2, e2, w3_t, RIPEMD160C70, RIPEMD160S73);
RIPEMD160_STEP_S (RIPEMD160_H , e2, a2, b2, c2, d2, w7_t, RIPEMD160C70, RIPEMD160S74);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, we_t, RIPEMD160C70, RIPEMD160S75);
RIPEMD160_STEP_S (RIPEMD160_H , c2, d2, e2, a2, b2, w6_t, RIPEMD160C70, RIPEMD160S76);
RIPEMD160_STEP_S (RIPEMD160_H , b2, c2, d2, e2, a2, w9_t, RIPEMD160C70, RIPEMD160S77);
RIPEMD160_STEP_S (RIPEMD160_H , a2, b2, c2, d2, e2, wb_t, RIPEMD160C70, RIPEMD160S78);
RIPEMD160_STEP_S (RIPEMD160_H , e2, a2, b2, c2, d2, w8_t, RIPEMD160C70, RIPEMD160S79);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, wc_t, RIPEMD160C70, RIPEMD160S7A);
RIPEMD160_STEP_S (RIPEMD160_H , c2, d2, e2, a2, b2, w2_t, RIPEMD160C70, RIPEMD160S7B);
RIPEMD160_STEP_S (RIPEMD160_H , b2, c2, d2, e2, a2, wa_t, RIPEMD160C70, RIPEMD160S7C);
RIPEMD160_STEP_S (RIPEMD160_H , a2, b2, c2, d2, e2, w0_t, RIPEMD160C70, RIPEMD160S7D);
RIPEMD160_STEP_S (RIPEMD160_H , e2, a2, b2, c2, d2, w4_t, RIPEMD160C70, RIPEMD160S7E);
RIPEMD160_STEP_S (RIPEMD160_H , d2, e2, a2, b2, c2, wd_t, RIPEMD160C70, RIPEMD160S7F);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, w8_t, RIPEMD160C80, RIPEMD160S80);
RIPEMD160_STEP_S (RIPEMD160_Go, b2, c2, d2, e2, a2, w6_t, RIPEMD160C80, RIPEMD160S81);
RIPEMD160_STEP_S (RIPEMD160_Go, a2, b2, c2, d2, e2, w4_t, RIPEMD160C80, RIPEMD160S82);
RIPEMD160_STEP_S (RIPEMD160_Go, e2, a2, b2, c2, d2, w1_t, RIPEMD160C80, RIPEMD160S83);
RIPEMD160_STEP_S (RIPEMD160_Go, d2, e2, a2, b2, c2, w3_t, RIPEMD160C80, RIPEMD160S84);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, wb_t, RIPEMD160C80, RIPEMD160S85);
RIPEMD160_STEP_S (RIPEMD160_Go, b2, c2, d2, e2, a2, wf_t, RIPEMD160C80, RIPEMD160S86);
RIPEMD160_STEP_S (RIPEMD160_Go, a2, b2, c2, d2, e2, w0_t, RIPEMD160C80, RIPEMD160S87);
RIPEMD160_STEP_S (RIPEMD160_Go, e2, a2, b2, c2, d2, w5_t, RIPEMD160C80, RIPEMD160S88);
RIPEMD160_STEP_S (RIPEMD160_Go, d2, e2, a2, b2, c2, wc_t, RIPEMD160C80, RIPEMD160S89);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, w2_t, RIPEMD160C80, RIPEMD160S8A);
RIPEMD160_STEP_S (RIPEMD160_Go, b2, c2, d2, e2, a2, wd_t, RIPEMD160C80, RIPEMD160S8B);
RIPEMD160_STEP_S (RIPEMD160_Go, a2, b2, c2, d2, e2, w9_t, RIPEMD160C80, RIPEMD160S8C);
RIPEMD160_STEP_S (RIPEMD160_Go, e2, a2, b2, c2, d2, w7_t, RIPEMD160C80, RIPEMD160S8D);
RIPEMD160_STEP_S (RIPEMD160_Go, d2, e2, a2, b2, c2, wa_t, RIPEMD160C80, RIPEMD160S8E);
RIPEMD160_STEP_S (RIPEMD160_Go, c2, d2, e2, a2, b2, we_t, RIPEMD160C80, RIPEMD160S8F);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, wc_t, RIPEMD160C90, RIPEMD160S90);
RIPEMD160_STEP_S (RIPEMD160_F , a2, b2, c2, d2, e2, wf_t, RIPEMD160C90, RIPEMD160S91);
RIPEMD160_STEP_S (RIPEMD160_F , e2, a2, b2, c2, d2, wa_t, RIPEMD160C90, RIPEMD160S92);
RIPEMD160_STEP_S (RIPEMD160_F , d2, e2, a2, b2, c2, w4_t, RIPEMD160C90, RIPEMD160S93);
RIPEMD160_STEP_S (RIPEMD160_F , c2, d2, e2, a2, b2, w1_t, RIPEMD160C90, RIPEMD160S94);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, w5_t, RIPEMD160C90, RIPEMD160S95);
RIPEMD160_STEP_S (RIPEMD160_F , a2, b2, c2, d2, e2, w8_t, RIPEMD160C90, RIPEMD160S96);
RIPEMD160_STEP_S (RIPEMD160_F , e2, a2, b2, c2, d2, w7_t, RIPEMD160C90, RIPEMD160S97);
RIPEMD160_STEP_S (RIPEMD160_F , d2, e2, a2, b2, c2, w6_t, RIPEMD160C90, RIPEMD160S98);
RIPEMD160_STEP_S (RIPEMD160_F , c2, d2, e2, a2, b2, w2_t, RIPEMD160C90, RIPEMD160S99);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, wd_t, RIPEMD160C90, RIPEMD160S9A);
RIPEMD160_STEP_S (RIPEMD160_F , a2, b2, c2, d2, e2, we_t, RIPEMD160C90, RIPEMD160S9B);
RIPEMD160_STEP_S (RIPEMD160_F , e2, a2, b2, c2, d2, w0_t, RIPEMD160C90, RIPEMD160S9C);
RIPEMD160_STEP_S (RIPEMD160_F , d2, e2, a2, b2, c2, w3_t, RIPEMD160C90, RIPEMD160S9D);
RIPEMD160_STEP_S (RIPEMD160_F , c2, d2, e2, a2, b2, w9_t, RIPEMD160C90, RIPEMD160S9E);
RIPEMD160_STEP_S (RIPEMD160_F , b2, c2, d2, e2, a2, wb_t, RIPEMD160C90, RIPEMD160S9F);
const u32 a = digest[1] + c1 + d2;
const u32 b = digest[2] + d1 + e2;
const u32 c = digest[3] + e1 + a2;
const u32 d = digest[4] + a1 + b2;
const u32 e = digest[0] + b1 + c2;
digest[0] = a;
digest[1] = b;
digest[2] = c;
digest[3] = d;
digest[4] = e;
}
static void hmac_ripemd160_pad_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5])
{
w0[0] = w0[0] ^ 0x36363636;
w0[1] = w0[1] ^ 0x36363636;
w0[2] = w0[2] ^ 0x36363636;
w0[3] = w0[3] ^ 0x36363636;
w1[0] = w1[0] ^ 0x36363636;
w1[1] = w1[1] ^ 0x36363636;
w1[2] = w1[2] ^ 0x36363636;
w1[3] = w1[3] ^ 0x36363636;
w2[0] = w2[0] ^ 0x36363636;
w2[1] = w2[1] ^ 0x36363636;
w2[2] = w2[2] ^ 0x36363636;
w2[3] = w2[3] ^ 0x36363636;
w3[0] = w3[0] ^ 0x36363636;
w3[1] = w3[1] ^ 0x36363636;
w3[2] = w3[2] ^ 0x36363636;
w3[3] = w3[3] ^ 0x36363636;
ipad[0] = RIPEMD160M_A;
ipad[1] = RIPEMD160M_B;
ipad[2] = RIPEMD160M_C;
ipad[3] = RIPEMD160M_D;
ipad[4] = RIPEMD160M_E;
ripemd160_transform_S (w0, w1, w2, w3, ipad);
w0[0] = w0[0] ^ 0x6a6a6a6a;
w0[1] = w0[1] ^ 0x6a6a6a6a;
w0[2] = w0[2] ^ 0x6a6a6a6a;
w0[3] = w0[3] ^ 0x6a6a6a6a;
w1[0] = w1[0] ^ 0x6a6a6a6a;
w1[1] = w1[1] ^ 0x6a6a6a6a;
w1[2] = w1[2] ^ 0x6a6a6a6a;
w1[3] = w1[3] ^ 0x6a6a6a6a;
w2[0] = w2[0] ^ 0x6a6a6a6a;
w2[1] = w2[1] ^ 0x6a6a6a6a;
w2[2] = w2[2] ^ 0x6a6a6a6a;
w2[3] = w2[3] ^ 0x6a6a6a6a;
w3[0] = w3[0] ^ 0x6a6a6a6a;
w3[1] = w3[1] ^ 0x6a6a6a6a;
w3[2] = w3[2] ^ 0x6a6a6a6a;
w3[3] = w3[3] ^ 0x6a6a6a6a;
opad[0] = RIPEMD160M_A;
opad[1] = RIPEMD160M_B;
opad[2] = RIPEMD160M_C;
opad[3] = RIPEMD160M_D;
opad[4] = RIPEMD160M_E;
ripemd160_transform_S (w0, w1, w2, w3, opad);
}
static void hmac_ripemd160_run_S (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[5], u32 opad[5], u32 digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
ripemd160_transform_S (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 20) * 8;
w3[3] = 0;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
ripemd160_transform_S (w0, w1, w2, w3, digest);
}
static void ripemd160_transform_V (const u32x w0[4], const u32x w1[4], const u32x w2[4], const u32x w3[4], u32x digest[5])
{
u32x w0_t = w0[0];
u32x w1_t = w0[1];
u32x w2_t = w0[2];
u32x w3_t = w0[3];
u32x w4_t = w1[0];
u32x w5_t = w1[1];
u32x w6_t = w1[2];
u32x w7_t = w1[3];
u32x w8_t = w2[0];
u32x w9_t = w2[1];
u32x wa_t = w2[2];
u32x wb_t = w2[3];
u32x wc_t = w3[0];
u32x wd_t = w3[1];
u32x we_t = w3[2];
u32x wf_t = w3[3];
u32x a1 = digest[0];
u32x b1 = digest[1];
u32x c1 = digest[2];
u32x d1 = digest[3];
u32x e1 = digest[4];
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, w0_t, RIPEMD160C00, RIPEMD160S00);
RIPEMD160_STEP (RIPEMD160_F , e1, a1, b1, c1, d1, w1_t, RIPEMD160C00, RIPEMD160S01);
RIPEMD160_STEP (RIPEMD160_F , d1, e1, a1, b1, c1, w2_t, RIPEMD160C00, RIPEMD160S02);
RIPEMD160_STEP (RIPEMD160_F , c1, d1, e1, a1, b1, w3_t, RIPEMD160C00, RIPEMD160S03);
RIPEMD160_STEP (RIPEMD160_F , b1, c1, d1, e1, a1, w4_t, RIPEMD160C00, RIPEMD160S04);
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, w5_t, RIPEMD160C00, RIPEMD160S05);
RIPEMD160_STEP (RIPEMD160_F , e1, a1, b1, c1, d1, w6_t, RIPEMD160C00, RIPEMD160S06);
RIPEMD160_STEP (RIPEMD160_F , d1, e1, a1, b1, c1, w7_t, RIPEMD160C00, RIPEMD160S07);
RIPEMD160_STEP (RIPEMD160_F , c1, d1, e1, a1, b1, w8_t, RIPEMD160C00, RIPEMD160S08);
RIPEMD160_STEP (RIPEMD160_F , b1, c1, d1, e1, a1, w9_t, RIPEMD160C00, RIPEMD160S09);
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, wa_t, RIPEMD160C00, RIPEMD160S0A);
RIPEMD160_STEP (RIPEMD160_F , e1, a1, b1, c1, d1, wb_t, RIPEMD160C00, RIPEMD160S0B);
RIPEMD160_STEP (RIPEMD160_F , d1, e1, a1, b1, c1, wc_t, RIPEMD160C00, RIPEMD160S0C);
RIPEMD160_STEP (RIPEMD160_F , c1, d1, e1, a1, b1, wd_t, RIPEMD160C00, RIPEMD160S0D);
RIPEMD160_STEP (RIPEMD160_F , b1, c1, d1, e1, a1, we_t, RIPEMD160C00, RIPEMD160S0E);
RIPEMD160_STEP (RIPEMD160_F , a1, b1, c1, d1, e1, wf_t, RIPEMD160C00, RIPEMD160S0F);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w7_t, RIPEMD160C10, RIPEMD160S10);
RIPEMD160_STEP (RIPEMD160_Go, d1, e1, a1, b1, c1, w4_t, RIPEMD160C10, RIPEMD160S11);
RIPEMD160_STEP (RIPEMD160_Go, c1, d1, e1, a1, b1, wd_t, RIPEMD160C10, RIPEMD160S12);
RIPEMD160_STEP (RIPEMD160_Go, b1, c1, d1, e1, a1, w1_t, RIPEMD160C10, RIPEMD160S13);
RIPEMD160_STEP (RIPEMD160_Go, a1, b1, c1, d1, e1, wa_t, RIPEMD160C10, RIPEMD160S14);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w6_t, RIPEMD160C10, RIPEMD160S15);
RIPEMD160_STEP (RIPEMD160_Go, d1, e1, a1, b1, c1, wf_t, RIPEMD160C10, RIPEMD160S16);
RIPEMD160_STEP (RIPEMD160_Go, c1, d1, e1, a1, b1, w3_t, RIPEMD160C10, RIPEMD160S17);
RIPEMD160_STEP (RIPEMD160_Go, b1, c1, d1, e1, a1, wc_t, RIPEMD160C10, RIPEMD160S18);
RIPEMD160_STEP (RIPEMD160_Go, a1, b1, c1, d1, e1, w0_t, RIPEMD160C10, RIPEMD160S19);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w9_t, RIPEMD160C10, RIPEMD160S1A);
RIPEMD160_STEP (RIPEMD160_Go, d1, e1, a1, b1, c1, w5_t, RIPEMD160C10, RIPEMD160S1B);
RIPEMD160_STEP (RIPEMD160_Go, c1, d1, e1, a1, b1, w2_t, RIPEMD160C10, RIPEMD160S1C);
RIPEMD160_STEP (RIPEMD160_Go, b1, c1, d1, e1, a1, we_t, RIPEMD160C10, RIPEMD160S1D);
RIPEMD160_STEP (RIPEMD160_Go, a1, b1, c1, d1, e1, wb_t, RIPEMD160C10, RIPEMD160S1E);
RIPEMD160_STEP (RIPEMD160_Go, e1, a1, b1, c1, d1, w8_t, RIPEMD160C10, RIPEMD160S1F);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, w3_t, RIPEMD160C20, RIPEMD160S20);
RIPEMD160_STEP (RIPEMD160_H , c1, d1, e1, a1, b1, wa_t, RIPEMD160C20, RIPEMD160S21);
RIPEMD160_STEP (RIPEMD160_H , b1, c1, d1, e1, a1, we_t, RIPEMD160C20, RIPEMD160S22);
RIPEMD160_STEP (RIPEMD160_H , a1, b1, c1, d1, e1, w4_t, RIPEMD160C20, RIPEMD160S23);
RIPEMD160_STEP (RIPEMD160_H , e1, a1, b1, c1, d1, w9_t, RIPEMD160C20, RIPEMD160S24);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, wf_t, RIPEMD160C20, RIPEMD160S25);
RIPEMD160_STEP (RIPEMD160_H , c1, d1, e1, a1, b1, w8_t, RIPEMD160C20, RIPEMD160S26);
RIPEMD160_STEP (RIPEMD160_H , b1, c1, d1, e1, a1, w1_t, RIPEMD160C20, RIPEMD160S27);
RIPEMD160_STEP (RIPEMD160_H , a1, b1, c1, d1, e1, w2_t, RIPEMD160C20, RIPEMD160S28);
RIPEMD160_STEP (RIPEMD160_H , e1, a1, b1, c1, d1, w7_t, RIPEMD160C20, RIPEMD160S29);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, w0_t, RIPEMD160C20, RIPEMD160S2A);
RIPEMD160_STEP (RIPEMD160_H , c1, d1, e1, a1, b1, w6_t, RIPEMD160C20, RIPEMD160S2B);
RIPEMD160_STEP (RIPEMD160_H , b1, c1, d1, e1, a1, wd_t, RIPEMD160C20, RIPEMD160S2C);
RIPEMD160_STEP (RIPEMD160_H , a1, b1, c1, d1, e1, wb_t, RIPEMD160C20, RIPEMD160S2D);
RIPEMD160_STEP (RIPEMD160_H , e1, a1, b1, c1, d1, w5_t, RIPEMD160C20, RIPEMD160S2E);
RIPEMD160_STEP (RIPEMD160_H , d1, e1, a1, b1, c1, wc_t, RIPEMD160C20, RIPEMD160S2F);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w1_t, RIPEMD160C30, RIPEMD160S30);
RIPEMD160_STEP (RIPEMD160_Io, b1, c1, d1, e1, a1, w9_t, RIPEMD160C30, RIPEMD160S31);
RIPEMD160_STEP (RIPEMD160_Io, a1, b1, c1, d1, e1, wb_t, RIPEMD160C30, RIPEMD160S32);
RIPEMD160_STEP (RIPEMD160_Io, e1, a1, b1, c1, d1, wa_t, RIPEMD160C30, RIPEMD160S33);
RIPEMD160_STEP (RIPEMD160_Io, d1, e1, a1, b1, c1, w0_t, RIPEMD160C30, RIPEMD160S34);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w8_t, RIPEMD160C30, RIPEMD160S35);
RIPEMD160_STEP (RIPEMD160_Io, b1, c1, d1, e1, a1, wc_t, RIPEMD160C30, RIPEMD160S36);
RIPEMD160_STEP (RIPEMD160_Io, a1, b1, c1, d1, e1, w4_t, RIPEMD160C30, RIPEMD160S37);
RIPEMD160_STEP (RIPEMD160_Io, e1, a1, b1, c1, d1, wd_t, RIPEMD160C30, RIPEMD160S38);
RIPEMD160_STEP (RIPEMD160_Io, d1, e1, a1, b1, c1, w3_t, RIPEMD160C30, RIPEMD160S39);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w7_t, RIPEMD160C30, RIPEMD160S3A);
RIPEMD160_STEP (RIPEMD160_Io, b1, c1, d1, e1, a1, wf_t, RIPEMD160C30, RIPEMD160S3B);
RIPEMD160_STEP (RIPEMD160_Io, a1, b1, c1, d1, e1, we_t, RIPEMD160C30, RIPEMD160S3C);
RIPEMD160_STEP (RIPEMD160_Io, e1, a1, b1, c1, d1, w5_t, RIPEMD160C30, RIPEMD160S3D);
RIPEMD160_STEP (RIPEMD160_Io, d1, e1, a1, b1, c1, w6_t, RIPEMD160C30, RIPEMD160S3E);
RIPEMD160_STEP (RIPEMD160_Io, c1, d1, e1, a1, b1, w2_t, RIPEMD160C30, RIPEMD160S3F);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, w4_t, RIPEMD160C40, RIPEMD160S40);
RIPEMD160_STEP (RIPEMD160_J , a1, b1, c1, d1, e1, w0_t, RIPEMD160C40, RIPEMD160S41);
RIPEMD160_STEP (RIPEMD160_J , e1, a1, b1, c1, d1, w5_t, RIPEMD160C40, RIPEMD160S42);
RIPEMD160_STEP (RIPEMD160_J , d1, e1, a1, b1, c1, w9_t, RIPEMD160C40, RIPEMD160S43);
RIPEMD160_STEP (RIPEMD160_J , c1, d1, e1, a1, b1, w7_t, RIPEMD160C40, RIPEMD160S44);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, wc_t, RIPEMD160C40, RIPEMD160S45);
RIPEMD160_STEP (RIPEMD160_J , a1, b1, c1, d1, e1, w2_t, RIPEMD160C40, RIPEMD160S46);
RIPEMD160_STEP (RIPEMD160_J , e1, a1, b1, c1, d1, wa_t, RIPEMD160C40, RIPEMD160S47);
RIPEMD160_STEP (RIPEMD160_J , d1, e1, a1, b1, c1, we_t, RIPEMD160C40, RIPEMD160S48);
RIPEMD160_STEP (RIPEMD160_J , c1, d1, e1, a1, b1, w1_t, RIPEMD160C40, RIPEMD160S49);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, w3_t, RIPEMD160C40, RIPEMD160S4A);
RIPEMD160_STEP (RIPEMD160_J , a1, b1, c1, d1, e1, w8_t, RIPEMD160C40, RIPEMD160S4B);
RIPEMD160_STEP (RIPEMD160_J , e1, a1, b1, c1, d1, wb_t, RIPEMD160C40, RIPEMD160S4C);
RIPEMD160_STEP (RIPEMD160_J , d1, e1, a1, b1, c1, w6_t, RIPEMD160C40, RIPEMD160S4D);
RIPEMD160_STEP (RIPEMD160_J , c1, d1, e1, a1, b1, wf_t, RIPEMD160C40, RIPEMD160S4E);
RIPEMD160_STEP (RIPEMD160_J , b1, c1, d1, e1, a1, wd_t, RIPEMD160C40, RIPEMD160S4F);
u32x a2 = digest[0];
u32x b2 = digest[1];
u32x c2 = digest[2];
u32x d2 = digest[3];
u32x e2 = digest[4];
RIPEMD160_STEP_WORKAROUND_BUG (RIPEMD160_J , a2, b2, c2, d2, e2, w5_t, RIPEMD160C50, RIPEMD160S50);
RIPEMD160_STEP (RIPEMD160_J , e2, a2, b2, c2, d2, we_t, RIPEMD160C50, RIPEMD160S51);
RIPEMD160_STEP (RIPEMD160_J , d2, e2, a2, b2, c2, w7_t, RIPEMD160C50, RIPEMD160S52);
RIPEMD160_STEP (RIPEMD160_J , c2, d2, e2, a2, b2, w0_t, RIPEMD160C50, RIPEMD160S53);
RIPEMD160_STEP (RIPEMD160_J , b2, c2, d2, e2, a2, w9_t, RIPEMD160C50, RIPEMD160S54);
RIPEMD160_STEP (RIPEMD160_J , a2, b2, c2, d2, e2, w2_t, RIPEMD160C50, RIPEMD160S55);
RIPEMD160_STEP (RIPEMD160_J , e2, a2, b2, c2, d2, wb_t, RIPEMD160C50, RIPEMD160S56);
RIPEMD160_STEP (RIPEMD160_J , d2, e2, a2, b2, c2, w4_t, RIPEMD160C50, RIPEMD160S57);
RIPEMD160_STEP (RIPEMD160_J , c2, d2, e2, a2, b2, wd_t, RIPEMD160C50, RIPEMD160S58);
RIPEMD160_STEP (RIPEMD160_J , b2, c2, d2, e2, a2, w6_t, RIPEMD160C50, RIPEMD160S59);
RIPEMD160_STEP (RIPEMD160_J , a2, b2, c2, d2, e2, wf_t, RIPEMD160C50, RIPEMD160S5A);
RIPEMD160_STEP (RIPEMD160_J , e2, a2, b2, c2, d2, w8_t, RIPEMD160C50, RIPEMD160S5B);
RIPEMD160_STEP (RIPEMD160_J , d2, e2, a2, b2, c2, w1_t, RIPEMD160C50, RIPEMD160S5C);
RIPEMD160_STEP (RIPEMD160_J , c2, d2, e2, a2, b2, wa_t, RIPEMD160C50, RIPEMD160S5D);
RIPEMD160_STEP (RIPEMD160_J , b2, c2, d2, e2, a2, w3_t, RIPEMD160C50, RIPEMD160S5E);
RIPEMD160_STEP (RIPEMD160_J , a2, b2, c2, d2, e2, wc_t, RIPEMD160C50, RIPEMD160S5F);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, w6_t, RIPEMD160C60, RIPEMD160S60);
RIPEMD160_STEP (RIPEMD160_Io, d2, e2, a2, b2, c2, wb_t, RIPEMD160C60, RIPEMD160S61);
RIPEMD160_STEP (RIPEMD160_Io, c2, d2, e2, a2, b2, w3_t, RIPEMD160C60, RIPEMD160S62);
RIPEMD160_STEP (RIPEMD160_Io, b2, c2, d2, e2, a2, w7_t, RIPEMD160C60, RIPEMD160S63);
RIPEMD160_STEP (RIPEMD160_Io, a2, b2, c2, d2, e2, w0_t, RIPEMD160C60, RIPEMD160S64);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, wd_t, RIPEMD160C60, RIPEMD160S65);
RIPEMD160_STEP (RIPEMD160_Io, d2, e2, a2, b2, c2, w5_t, RIPEMD160C60, RIPEMD160S66);
RIPEMD160_STEP (RIPEMD160_Io, c2, d2, e2, a2, b2, wa_t, RIPEMD160C60, RIPEMD160S67);
RIPEMD160_STEP (RIPEMD160_Io, b2, c2, d2, e2, a2, we_t, RIPEMD160C60, RIPEMD160S68);
RIPEMD160_STEP (RIPEMD160_Io, a2, b2, c2, d2, e2, wf_t, RIPEMD160C60, RIPEMD160S69);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, w8_t, RIPEMD160C60, RIPEMD160S6A);
RIPEMD160_STEP (RIPEMD160_Io, d2, e2, a2, b2, c2, wc_t, RIPEMD160C60, RIPEMD160S6B);
RIPEMD160_STEP (RIPEMD160_Io, c2, d2, e2, a2, b2, w4_t, RIPEMD160C60, RIPEMD160S6C);
RIPEMD160_STEP (RIPEMD160_Io, b2, c2, d2, e2, a2, w9_t, RIPEMD160C60, RIPEMD160S6D);
RIPEMD160_STEP (RIPEMD160_Io, a2, b2, c2, d2, e2, w1_t, RIPEMD160C60, RIPEMD160S6E);
RIPEMD160_STEP (RIPEMD160_Io, e2, a2, b2, c2, d2, w2_t, RIPEMD160C60, RIPEMD160S6F);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, wf_t, RIPEMD160C70, RIPEMD160S70);
RIPEMD160_STEP (RIPEMD160_H , c2, d2, e2, a2, b2, w5_t, RIPEMD160C70, RIPEMD160S71);
RIPEMD160_STEP (RIPEMD160_H , b2, c2, d2, e2, a2, w1_t, RIPEMD160C70, RIPEMD160S72);
RIPEMD160_STEP (RIPEMD160_H , a2, b2, c2, d2, e2, w3_t, RIPEMD160C70, RIPEMD160S73);
RIPEMD160_STEP (RIPEMD160_H , e2, a2, b2, c2, d2, w7_t, RIPEMD160C70, RIPEMD160S74);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, we_t, RIPEMD160C70, RIPEMD160S75);
RIPEMD160_STEP (RIPEMD160_H , c2, d2, e2, a2, b2, w6_t, RIPEMD160C70, RIPEMD160S76);
RIPEMD160_STEP (RIPEMD160_H , b2, c2, d2, e2, a2, w9_t, RIPEMD160C70, RIPEMD160S77);
RIPEMD160_STEP (RIPEMD160_H , a2, b2, c2, d2, e2, wb_t, RIPEMD160C70, RIPEMD160S78);
RIPEMD160_STEP (RIPEMD160_H , e2, a2, b2, c2, d2, w8_t, RIPEMD160C70, RIPEMD160S79);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, wc_t, RIPEMD160C70, RIPEMD160S7A);
RIPEMD160_STEP (RIPEMD160_H , c2, d2, e2, a2, b2, w2_t, RIPEMD160C70, RIPEMD160S7B);
RIPEMD160_STEP (RIPEMD160_H , b2, c2, d2, e2, a2, wa_t, RIPEMD160C70, RIPEMD160S7C);
RIPEMD160_STEP (RIPEMD160_H , a2, b2, c2, d2, e2, w0_t, RIPEMD160C70, RIPEMD160S7D);
RIPEMD160_STEP (RIPEMD160_H , e2, a2, b2, c2, d2, w4_t, RIPEMD160C70, RIPEMD160S7E);
RIPEMD160_STEP (RIPEMD160_H , d2, e2, a2, b2, c2, wd_t, RIPEMD160C70, RIPEMD160S7F);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, w8_t, RIPEMD160C80, RIPEMD160S80);
RIPEMD160_STEP (RIPEMD160_Go, b2, c2, d2, e2, a2, w6_t, RIPEMD160C80, RIPEMD160S81);
RIPEMD160_STEP (RIPEMD160_Go, a2, b2, c2, d2, e2, w4_t, RIPEMD160C80, RIPEMD160S82);
RIPEMD160_STEP (RIPEMD160_Go, e2, a2, b2, c2, d2, w1_t, RIPEMD160C80, RIPEMD160S83);
RIPEMD160_STEP (RIPEMD160_Go, d2, e2, a2, b2, c2, w3_t, RIPEMD160C80, RIPEMD160S84);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, wb_t, RIPEMD160C80, RIPEMD160S85);
RIPEMD160_STEP (RIPEMD160_Go, b2, c2, d2, e2, a2, wf_t, RIPEMD160C80, RIPEMD160S86);
RIPEMD160_STEP (RIPEMD160_Go, a2, b2, c2, d2, e2, w0_t, RIPEMD160C80, RIPEMD160S87);
RIPEMD160_STEP (RIPEMD160_Go, e2, a2, b2, c2, d2, w5_t, RIPEMD160C80, RIPEMD160S88);
RIPEMD160_STEP (RIPEMD160_Go, d2, e2, a2, b2, c2, wc_t, RIPEMD160C80, RIPEMD160S89);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, w2_t, RIPEMD160C80, RIPEMD160S8A);
RIPEMD160_STEP (RIPEMD160_Go, b2, c2, d2, e2, a2, wd_t, RIPEMD160C80, RIPEMD160S8B);
RIPEMD160_STEP (RIPEMD160_Go, a2, b2, c2, d2, e2, w9_t, RIPEMD160C80, RIPEMD160S8C);
RIPEMD160_STEP (RIPEMD160_Go, e2, a2, b2, c2, d2, w7_t, RIPEMD160C80, RIPEMD160S8D);
RIPEMD160_STEP (RIPEMD160_Go, d2, e2, a2, b2, c2, wa_t, RIPEMD160C80, RIPEMD160S8E);
RIPEMD160_STEP (RIPEMD160_Go, c2, d2, e2, a2, b2, we_t, RIPEMD160C80, RIPEMD160S8F);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, wc_t, RIPEMD160C90, RIPEMD160S90);
RIPEMD160_STEP (RIPEMD160_F , a2, b2, c2, d2, e2, wf_t, RIPEMD160C90, RIPEMD160S91);
RIPEMD160_STEP (RIPEMD160_F , e2, a2, b2, c2, d2, wa_t, RIPEMD160C90, RIPEMD160S92);
RIPEMD160_STEP (RIPEMD160_F , d2, e2, a2, b2, c2, w4_t, RIPEMD160C90, RIPEMD160S93);
RIPEMD160_STEP (RIPEMD160_F , c2, d2, e2, a2, b2, w1_t, RIPEMD160C90, RIPEMD160S94);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, w5_t, RIPEMD160C90, RIPEMD160S95);
RIPEMD160_STEP (RIPEMD160_F , a2, b2, c2, d2, e2, w8_t, RIPEMD160C90, RIPEMD160S96);
RIPEMD160_STEP (RIPEMD160_F , e2, a2, b2, c2, d2, w7_t, RIPEMD160C90, RIPEMD160S97);
RIPEMD160_STEP (RIPEMD160_F , d2, e2, a2, b2, c2, w6_t, RIPEMD160C90, RIPEMD160S98);
RIPEMD160_STEP (RIPEMD160_F , c2, d2, e2, a2, b2, w2_t, RIPEMD160C90, RIPEMD160S99);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, wd_t, RIPEMD160C90, RIPEMD160S9A);
RIPEMD160_STEP (RIPEMD160_F , a2, b2, c2, d2, e2, we_t, RIPEMD160C90, RIPEMD160S9B);
RIPEMD160_STEP (RIPEMD160_F , e2, a2, b2, c2, d2, w0_t, RIPEMD160C90, RIPEMD160S9C);
RIPEMD160_STEP (RIPEMD160_F , d2, e2, a2, b2, c2, w3_t, RIPEMD160C90, RIPEMD160S9D);
RIPEMD160_STEP (RIPEMD160_F , c2, d2, e2, a2, b2, w9_t, RIPEMD160C90, RIPEMD160S9E);
RIPEMD160_STEP (RIPEMD160_F , b2, c2, d2, e2, a2, wb_t, RIPEMD160C90, RIPEMD160S9F);
const u32x a = digest[1] + c1 + d2;
const u32x b = digest[2] + d1 + e2;
const u32x c = digest[3] + e1 + a2;
const u32x d = digest[4] + a1 + b2;
const u32x e = digest[0] + b1 + c2;
digest[0] = a;
digest[1] = b;
digest[2] = c;
digest[3] = d;
digest[4] = e;
}
static void hmac_ripemd160_run_V (u32x w0[4], u32x w1[4], u32x w2[4], u32x w3[4], u32x ipad[5], u32x opad[5], u32x digest[5])
{
digest[0] = ipad[0];
digest[1] = ipad[1];
digest[2] = ipad[2];
digest[3] = ipad[3];
digest[4] = ipad[4];
ripemd160_transform_V (w0, w1, w2, w3, digest);
w0[0] = digest[0];
w0[1] = digest[1];
w0[2] = digest[2];
w0[3] = digest[3];
w1[0] = digest[4];
w1[1] = 0x80;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 20) * 8;
w3[3] = 0;
digest[0] = opad[0];
digest[1] = opad[1];
digest[2] = opad[2];
digest[3] = opad[3];
digest[4] = opad[4];
ripemd160_transform_V (w0, w1, w2, w3, digest);
}
__kernel void m14643_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
/**
* base
*/
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 w0[4];
w0[0] = pws[gid].i[ 0];
w0[1] = pws[gid].i[ 1];
w0[2] = pws[gid].i[ 2];
w0[3] = pws[gid].i[ 3];
u32 w1[4];
w1[0] = pws[gid].i[ 4];
w1[1] = pws[gid].i[ 5];
w1[2] = pws[gid].i[ 6];
w1[3] = pws[gid].i[ 7];
u32 w2[4];
w2[0] = pws[gid].i[ 8];
w2[1] = pws[gid].i[ 9];
w2[2] = pws[gid].i[10];
w2[3] = pws[gid].i[11];
u32 w3[4];
w3[0] = pws[gid].i[12];
w3[1] = pws[gid].i[13];
w3[2] = pws[gid].i[14];
w3[3] = pws[gid].i[15];
/**
* salt
*/
u32 salt_len = salt_bufs[salt_pos].salt_len;
u32 salt_buf0[4];
u32 salt_buf1[4];
salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0];
salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1];
salt_buf0[2] = salt_bufs[salt_pos].salt_buf[2];
salt_buf0[3] = salt_bufs[salt_pos].salt_buf[3];
salt_buf1[0] = salt_bufs[salt_pos].salt_buf[4];
salt_buf1[1] = salt_bufs[salt_pos].salt_buf[5];
salt_buf1[2] = salt_bufs[salt_pos].salt_buf[6];
salt_buf1[3] = salt_bufs[salt_pos].salt_buf[7];
u32 key_size = luks_bufs[salt_pos].key_size;
/**
* pads
*/
u32 ipad[5];
u32 opad[5];
hmac_ripemd160_pad_S (w0, w1, w2, w3, ipad, opad);
tmps[gid].ipad32[0] = ipad[0];
tmps[gid].ipad32[1] = ipad[1];
tmps[gid].ipad32[2] = ipad[2];
tmps[gid].ipad32[3] = ipad[3];
tmps[gid].ipad32[4] = ipad[4];
tmps[gid].opad32[0] = opad[0];
tmps[gid].opad32[1] = opad[1];
tmps[gid].opad32[2] = opad[2];
tmps[gid].opad32[3] = opad[3];
tmps[gid].opad32[4] = opad[4];
for (u32 i = 0, j = 1; i < ((key_size / 8) / 4); i += 5, j += 1)
{
w0[0] = salt_buf0[0];
w0[1] = salt_buf0[1];
w0[2] = salt_buf0[2];
w0[3] = salt_buf0[3];
w1[0] = salt_buf1[0];
w1[1] = salt_buf1[1];
w1[2] = salt_buf1[2];
w1[3] = salt_buf1[3];
w2[0] = j << 24;
w2[1] = 0x80;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + salt_len + 4) * 8;
w3[3] = 0;
u32 dgst[5];
hmac_ripemd160_run_S (w0, w1, w2, w3, ipad, opad, dgst);
tmps[gid].dgst32[i + 0] = dgst[0];
tmps[gid].dgst32[i + 1] = dgst[1];
tmps[gid].dgst32[i + 2] = dgst[2];
tmps[gid].dgst32[i + 3] = dgst[3];
tmps[gid].dgst32[i + 4] = dgst[4];
tmps[gid].out32[i + 0] = dgst[0];
tmps[gid].out32[i + 1] = dgst[1];
tmps[gid].out32[i + 2] = dgst[2];
tmps[gid].out32[i + 3] = dgst[3];
tmps[gid].out32[i + 4] = dgst[4];
}
}
__kernel void m14643_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if ((gid * VECT_SIZE) >= gid_max) return;
u32x ipad[5];
u32x opad[5];
ipad[0] = packv (tmps, ipad32, gid, 0);
ipad[1] = packv (tmps, ipad32, gid, 1);
ipad[2] = packv (tmps, ipad32, gid, 2);
ipad[3] = packv (tmps, ipad32, gid, 3);
ipad[4] = packv (tmps, ipad32, gid, 4);
opad[0] = packv (tmps, opad32, gid, 0);
opad[1] = packv (tmps, opad32, gid, 1);
opad[2] = packv (tmps, opad32, gid, 2);
opad[3] = packv (tmps, opad32, gid, 3);
opad[4] = packv (tmps, opad32, gid, 4);
u32 key_size = luks_bufs[salt_pos].key_size;
for (u32 i = 0; i < ((key_size / 8) / 4); i += 5)
{
u32x dgst[5];
u32x out[5];
dgst[0] = packv (tmps, dgst32, gid, i + 0);
dgst[1] = packv (tmps, dgst32, gid, i + 1);
dgst[2] = packv (tmps, dgst32, gid, i + 2);
dgst[3] = packv (tmps, dgst32, gid, i + 3);
dgst[4] = packv (tmps, dgst32, gid, i + 4);
out[0] = packv (tmps, out32, gid, i + 0);
out[1] = packv (tmps, out32, gid, i + 1);
out[2] = packv (tmps, out32, gid, i + 2);
out[3] = packv (tmps, out32, gid, i + 3);
out[4] = packv (tmps, out32, gid, i + 4);
for (u32 j = 0; j < loop_cnt; j++)
{
u32x w0[4];
u32x w1[4];
u32x w2[4];
u32x w3[4];
w0[0] = dgst[0];
w0[1] = dgst[1];
w0[2] = dgst[2];
w0[3] = dgst[3];
w1[0] = dgst[4];
w1[1] = 0x80;
w1[2] = 0;
w1[3] = 0;
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = (64 + 20) * 8;
w3[3] = 0;
hmac_ripemd160_run_V (w0, w1, w2, w3, ipad, opad, dgst);
out[0] ^= dgst[0];
out[1] ^= dgst[1];
out[2] ^= dgst[2];
out[3] ^= dgst[3];
out[4] ^= dgst[4];
}
unpackv (tmps, dgst32, gid, i + 0, dgst[0]);
unpackv (tmps, dgst32, gid, i + 1, dgst[1]);
unpackv (tmps, dgst32, gid, i + 2, dgst[2]);
unpackv (tmps, dgst32, gid, i + 3, dgst[3]);
unpackv (tmps, dgst32, gid, i + 4, dgst[4]);
unpackv (tmps, out32, gid, i + 0, out[0]);
unpackv (tmps, out32, gid, i + 1, out[1]);
unpackv (tmps, out32, gid, i + 2, out[2]);
unpackv (tmps, out32, gid, i + 3, out[3]);
unpackv (tmps, out32, gid, i + 4, out[4]);
}
}
__kernel void m14643_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const comb_t *combs_buf, __global const bf_t *bfs_buf, __global luks_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global luks_t *luks_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
// decrypt AF with first pbkdf2 result
// merge AF to masterkey
// decrypt first payload sector with masterkey
u32 pt_buf[128];
luks_af_ripemd160_then_twofish_decrypt (&luks_bufs[salt_pos], &tmps[gid], pt_buf);
// check entropy
const float entropy = get_entropy (pt_buf, 128);
if (entropy < MAX_ENTROPY)
{
mark_hash (plains_buf, d_return_buf, salt_pos, 0, 0, gid, 0);
}
}

7
docs/changes.txt
Unescape View File

@ -1,10 +1,17 @@
* changes v3.30 -> v3.xx:
##
## Features
##
- Added support for parsing 7-Zip hashes with LZMA/LZMA2 compression indicator set to a non-zero value
##
## Algorithms
##
- Added hash-mode 14600 = LUKS
##
## Workarounds
##

3
docs/readme.txt
Unescape View File

@ -1,4 +1,4 @@
hashcat v3.30
hashcat v3.40
=============
AMD users on Windows require "AMD Radeon Software Crimson Edition" (15.12 or later)
@ -211,6 +211,7 @@ NVidia users require "NVIDIA Driver" (367.x or later)
- Android FDE (Samsung DEK)
- TrueCrypt
- VeraCrypt
- LUKS
##
## Attack-Modes

6
hashcat.hctune
Unescape View File

@ -452,3 +452,9 @@ ALIAS_Apple_Iris_Pro * 8700 1 1
ALIAS_Apple_Iris_Pro * 13731 1 1 64
ALIAS_Apple_Iris_Pro * 13732 1 1 32
ALIAS_Apple_Iris_Pro * 13733 1 1 16
##########
## LUKS ##
##########
DEVICE_TYPE_GPU * 14600 1 2 1024

465
include/interface.h
Unescape View File

@ -23,6 +23,133 @@ static const char LM_MASKED_PLAIN[] = "[notfound]";
* algo specific
*/
// original headers from luks.h
#define LUKS_CIPHERNAME_L 32
#define LUKS_CIPHERMODE_L 32
#define LUKS_HASHSPEC_L 32
#define LUKS_DIGESTSIZE 20 // since SHA1
#define LUKS_HMACSIZE 32
#define LUKS_SALTSIZE 32
#define LUKS_NUMKEYS 8
// Minimal number of iterations
#define LUKS_MKD_ITERATIONS_MIN 1000
#define LUKS_SLOT_ITERATIONS_MIN 1000
#define LUKS_KEY_DISABLED_OLD 0
#define LUKS_KEY_ENABLED_OLD 0xCAFE
#define LUKS_KEY_DISABLED 0x0000DEAD
#define LUKS_KEY_ENABLED 0x00AC71F3
#define LUKS_STRIPES 4000
// partition header starts with magic
#define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
#define LUKS_MAGIC_L 6
/* Actually we need only 37, but we don't want struct autoaligning to kick in */
#define UUID_STRING_L 40
/* Offset to keyslot area [in bytes] */
#define LUKS_ALIGN_KEYSLOTS 4096
struct luks_phdr {
char magic[LUKS_MAGIC_L];
uint16_t version;
char cipherName[LUKS_CIPHERNAME_L];
char cipherMode[LUKS_CIPHERMODE_L];
char hashSpec[LUKS_HASHSPEC_L];
uint32_t payloadOffset;
uint32_t keyBytes;
char mkDigest[LUKS_DIGESTSIZE];
char mkDigestSalt[LUKS_SALTSIZE];
uint32_t mkDigestIterations;
char uuid[UUID_STRING_L];
struct {
uint32_t active;
/* parameters used for password processing */
uint32_t passwordIterations;
char passwordSalt[LUKS_SALTSIZE];
/* parameters used for AF store/load */
uint32_t keyMaterialOffset;
uint32_t stripes;
} keyblock[LUKS_NUMKEYS];
/* Align it to 512 sector size */
char _padding[432];
};
// not from original headers start with hc_
typedef enum hc_luks_hash_type
{
HC_LUKS_HASH_TYPE_SHA1 = 1,
HC_LUKS_HASH_TYPE_SHA256 = 2,
HC_LUKS_HASH_TYPE_SHA512 = 3,
HC_LUKS_HASH_TYPE_RIPEMD160 = 4,
HC_LUKS_HASH_TYPE_WHIRLPOOL = 5,
} hc_luks_hash_type_t;
typedef enum hc_luks_key_size
{
HC_LUKS_KEY_SIZE_128 = 128,
HC_LUKS_KEY_SIZE_256 = 256,
HC_LUKS_KEY_SIZE_512 = 512,
} hc_luks_key_size_t;
typedef enum hc_luks_cipher_type
{
HC_LUKS_CIPHER_TYPE_AES = 1,
HC_LUKS_CIPHER_TYPE_SERPENT = 2,
HC_LUKS_CIPHER_TYPE_TWOFISH = 3,
} hc_luks_cipher_type_t;
typedef enum hc_luks_cipher_mode
{
HC_LUKS_CIPHER_MODE_CBC_ESSIV = 1,
HC_LUKS_CIPHER_MODE_CBC_PLAIN = 2,
HC_LUKS_CIPHER_MODE_XTS_PLAIN = 3,
} hc_luks_cipher_mode_t;
typedef struct luks
{
int hash_type; // hc_luks_hash_type_t
int key_size; // hc_luks_key_size_t
int cipher_type; // hc_luks_cipher_type_t
int cipher_mode; // hc_luks_cipher_mode_t
u32 ct_buf[128];
u32 af_src_buf[((HC_LUKS_KEY_SIZE_512 / 8) * LUKS_STRIPES) / 4];
} luks_t;
typedef struct luks_tmp
{
union
{
u32 ipad32[32];
u64 ipad64[16];
};
union
{
u32 opad32[32];
u64 opad64[16];
};
union
{
u32 dgst32[32];
u64 dgst64[16];
};
union
{
u32 out32[32];
u64 out64[16];
};
} luks_tmp_t;
typedef struct rar5
{
u32 iv[4];
@ -1117,171 +1244,187 @@ typedef enum hash_type
HASH_TYPE_STDOUT = 52,
HASH_TYPE_DES = 53,
HASH_TYPE_PLAINTEXT = 54,
HASH_TYPE_LUKS = 55,
} hash_type_t;
typedef enum kern_type
{
KERN_TYPE_MD5 = 0,
KERN_TYPE_MD5_PWSLT = 10,
KERN_TYPE_MD5_SLTPW = 20,
KERN_TYPE_MD5_PWUSLT = 30,
KERN_TYPE_MD5_SLTPWU = 40,
KERN_TYPE_HMACMD5_PW = 50,
KERN_TYPE_HMACMD5_SLT = 60,
KERN_TYPE_SHA1 = 100,
KERN_TYPE_SHA1_PWSLT = 110,
KERN_TYPE_SHA1_SLTPW = 120,
KERN_TYPE_SHA1_PWUSLT = 130,
KERN_TYPE_SHA1_SLTPWU = 140,
KERN_TYPE_HMACSHA1_PW = 150,
KERN_TYPE_HMACSHA1_SLT = 160,
KERN_TYPE_MYSQL = 200,
KERN_TYPE_MYSQL41 = 300,
KERN_TYPE_PHPASS = 400,
KERN_TYPE_MD5CRYPT = 500,
KERN_TYPE_MD4 = 900,
KERN_TYPE_MD4_PWU = 1000,
KERN_TYPE_MD44_PWUSLT = 1100,
KERN_TYPE_SHA224 = 1300,
KERN_TYPE_SHA256 = 1400,
KERN_TYPE_SHA256_PWSLT = 1410,
KERN_TYPE_SHA256_SLTPW = 1420,
KERN_TYPE_SHA256_PWUSLT = 1430,
KERN_TYPE_SHA256_SLTPWU = 1440,
KERN_TYPE_HMACSHA256_PW = 1450,
KERN_TYPE_HMACSHA256_SLT = 1460,
KERN_TYPE_DESCRYPT = 1500,
KERN_TYPE_APR1CRYPT = 1600,
KERN_TYPE_SHA512 = 1700,
KERN_TYPE_SHA512_PWSLT = 1710,
KERN_TYPE_SHA512_SLTPW = 1720,
KERN_TYPE_SHA512_PWSLTU = 1730,
KERN_TYPE_SHA512_SLTPWU = 1740,
KERN_TYPE_HMACSHA512_PW = 1750,
KERN_TYPE_HMACSHA512_SLT = 1760,
KERN_TYPE_SHA512CRYPT = 1800,
KERN_TYPE_STDOUT = 2000,
KERN_TYPE_DCC2 = 2100,
KERN_TYPE_MD5PIX = 2400,
KERN_TYPE_MD5ASA = 2410,
KERN_TYPE_WPA = 2500,
KERN_TYPE_MD55 = 2600,
KERN_TYPE_MD55_PWSLT1 = 2610,
KERN_TYPE_MD55_PWSLT2 = 2710,
KERN_TYPE_MD55_SLTPW = 2810,
KERN_TYPE_LM = 3000,
KERN_TYPE_ORACLEH = 3100,
KERN_TYPE_BCRYPT = 3200,
KERN_TYPE_MD5_SLT_MD5_PW = 3710,
KERN_TYPE_MD5_SLT_PW_SLT = 3800,
KERN_TYPE_MD5U5 = 4300,
KERN_TYPE_MD5U5_PWSLT1 = 4310,
KERN_TYPE_MD5_SHA1 = 4400,
KERN_TYPE_SHA11 = 4500,
KERN_TYPE_SHA1_MD5 = 4700,
KERN_TYPE_MD5_CHAP = 4800,
KERN_TYPE_SHA1_SLT_PW_SLT = 4900,
KERN_TYPE_KECCAK = 5000,
KERN_TYPE_MD5H = 5100,
KERN_TYPE_PSAFE3 = 5200,
KERN_TYPE_IKEPSK_MD5 = 5300,
KERN_TYPE_IKEPSK_SHA1 = 5400,
KERN_TYPE_NETNTLMv1 = 5500,
KERN_TYPE_NETNTLMv2 = 5600,
KERN_TYPE_ANDROIDPIN = 5800,
KERN_TYPE_RIPEMD160 = 6000,
KERN_TYPE_WHIRLPOOL = 6100,
KERN_TYPE_TCRIPEMD160_XTS512 = 6211,
KERN_TYPE_TCRIPEMD160_XTS1024 = 6212,
KERN_TYPE_TCRIPEMD160_XTS1536 = 6213,
KERN_TYPE_TCSHA512_XTS512 = 6221,
KERN_TYPE_TCSHA512_XTS1024 = 6222,
KERN_TYPE_TCSHA512_XTS1536 = 6223,
KERN_TYPE_TCWHIRLPOOL_XTS512 = 6231,
KERN_TYPE_TCWHIRLPOOL_XTS1024 = 6232,
KERN_TYPE_TCWHIRLPOOL_XTS1536 = 6233,
KERN_TYPE_VCSHA256_XTS512 = 13751,
KERN_TYPE_VCSHA256_XTS1024 = 13752,
KERN_TYPE_VCSHA256_XTS1536 = 13753,
KERN_TYPE_MD5AIX = 6300,
KERN_TYPE_SHA256AIX = 6400,
KERN_TYPE_SHA512AIX = 6500,
KERN_TYPE_AGILEKEY = 6600,
KERN_TYPE_SHA1AIX = 6700,
KERN_TYPE_LASTPASS = 6800,
KERN_TYPE_GOST = 6900,
KERN_TYPE_PBKDF2_SHA512 = 7100,
KERN_TYPE_RAKP = 7300,
KERN_TYPE_SHA256CRYPT = 7400,
KERN_TYPE_KRB5PA = 7500,
KERN_TYPE_SHA1_SLT_SHA1_PW = 7600,
KERN_TYPE_SAPB = 7700,
KERN_TYPE_SAPG = 7800,
KERN_TYPE_DRUPAL7 = 7900,
KERN_TYPE_SYBASEASE = 8000,
KERN_TYPE_NETSCALER = 8100,
KERN_TYPE_CLOUDKEY = 8200,
KERN_TYPE_NSEC3 = 8300,
KERN_TYPE_WBB3 = 8400,
KERN_TYPE_RACF = 8500,
KERN_TYPE_LOTUS5 = 8600,
KERN_TYPE_LOTUS6 = 8700,
KERN_TYPE_ANDROIDFDE = 8800,
KERN_TYPE_SCRYPT = 8900,
KERN_TYPE_PSAFE2 = 9000,
KERN_TYPE_LOTUS8 = 9100,
KERN_TYPE_OFFICE2007 = 9400,
KERN_TYPE_OFFICE2010 = 9500,
KERN_TYPE_OFFICE2013 = 9600,
KERN_TYPE_OLDOFFICE01 = 9700,
KERN_TYPE_OLDOFFICE01CM1 = 9710,
KERN_TYPE_OLDOFFICE01CM2 = 9720,
KERN_TYPE_OLDOFFICE34 = 9800,
KERN_TYPE_OLDOFFICE34CM1 = 9810,
KERN_TYPE_OLDOFFICE34CM2 = 9820,
KERN_TYPE_RADMIN2 = 9900,
KERN_TYPE_SIPHASH = 10100,
KERN_TYPE_SAPH_SHA1 = 10300,
KERN_TYPE_PDF11 = 10400,
KERN_TYPE_PDF11CM1 = 10410,
KERN_TYPE_PDF11CM2 = 10420,
KERN_TYPE_PDF14 = 10500,
KERN_TYPE_PDF17L8 = 10700,
KERN_TYPE_SHA384 = 10800,
KERN_TYPE_PBKDF2_SHA256 = 10900,
KERN_TYPE_PRESTASHOP = 11000,
KERN_TYPE_POSTGRESQL_AUTH = 11100,
KERN_TYPE_MYSQL_AUTH = 11200,
KERN_TYPE_BITCOIN_WALLET = 11300,
KERN_TYPE_SIP_AUTH = 11400,
KERN_TYPE_CRC32 = 11500,
KERN_TYPE_SEVEN_ZIP = 11600,
KERN_TYPE_GOST_2012SBOG_256 = 11700,
KERN_TYPE_GOST_2012SBOG_512 = 11800,
KERN_TYPE_PBKDF2_MD5 = 11900,
KERN_TYPE_PBKDF2_SHA1 = 12000,
KERN_TYPE_ECRYPTFS = 12200,
KERN_TYPE_ORACLET = 12300,
KERN_TYPE_BSDICRYPT = 12400,
KERN_TYPE_RAR3 = 12500,
KERN_TYPE_CF10 = 12600,
KERN_TYPE_MYWALLET = 12700,
KERN_TYPE_MS_DRSR = 12800,
KERN_TYPE_ANDROIDFDE_SAMSUNG = 12900,
KERN_TYPE_RAR5 = 13000,
KERN_TYPE_KRB5TGS = 13100,
KERN_TYPE_AXCRYPT = 13200,
KERN_TYPE_SHA1_AXCRYPT = 13300,
KERN_TYPE_KEEPASS = 13400,
KERN_TYPE_PSTOKEN = 13500,
KERN_TYPE_ZIP2 = 13600,
KERN_TYPE_WIN8PHONE = 13800,
KERN_TYPE_OPENCART = 13900,
KERN_TYPE_DES = 14000,
KERN_TYPE_3DES = 14100,
KERN_TYPE_SHA1CX = 14400,
KERN_TYPE_PLAINTEXT = 99999,
KERN_TYPE_MD5 = 0,
KERN_TYPE_MD5_PWSLT = 10,
KERN_TYPE_MD5_SLTPW = 20,
KERN_TYPE_MD5_PWUSLT = 30,
KERN_TYPE_MD5_SLTPWU = 40,
KERN_TYPE_HMACMD5_PW = 50,
KERN_TYPE_HMACMD5_SLT = 60,
KERN_TYPE_SHA1 = 100,
KERN_TYPE_SHA1_PWSLT = 110,
KERN_TYPE_SHA1_SLTPW = 120,
KERN_TYPE_SHA1_PWUSLT = 130,
KERN_TYPE_SHA1_SLTPWU = 140,
KERN_TYPE_HMACSHA1_PW = 150,
KERN_TYPE_HMACSHA1_SLT = 160,
KERN_TYPE_MYSQL = 200,
KERN_TYPE_MYSQL41 = 300,
KERN_TYPE_PHPASS = 400,
KERN_TYPE_MD5CRYPT = 500,
KERN_TYPE_MD4 = 900,
KERN_TYPE_MD4_PWU = 1000,
KERN_TYPE_MD44_PWUSLT = 1100,
KERN_TYPE_SHA224 = 1300,
KERN_TYPE_SHA256 = 1400,
KERN_TYPE_SHA256_PWSLT = 1410,
KERN_TYPE_SHA256_SLTPW = 1420,
KERN_TYPE_SHA256_PWUSLT = 1430,
KERN_TYPE_SHA256_SLTPWU = 1440,
KERN_TYPE_HMACSHA256_PW = 1450,
KERN_TYPE_HMACSHA256_SLT = 1460,
KERN_TYPE_DESCRYPT = 1500,
KERN_TYPE_APR1CRYPT = 1600,
KERN_TYPE_SHA512 = 1700,
KERN_TYPE_SHA512_PWSLT = 1710,
KERN_TYPE_SHA512_SLTPW = 1720,
KERN_TYPE_SHA512_PWSLTU = 1730,
KERN_TYPE_SHA512_SLTPWU = 1740,
KERN_TYPE_HMACSHA512_PW = 1750,
KERN_TYPE_HMACSHA512_SLT = 1760,
KERN_TYPE_SHA512CRYPT = 1800,
KERN_TYPE_STDOUT = 2000,
KERN_TYPE_DCC2 = 2100,
KERN_TYPE_MD5PIX = 2400,
KERN_TYPE_MD5ASA = 2410,
KERN_TYPE_WPA = 2500,
KERN_TYPE_MD55 = 2600,
KERN_TYPE_MD55_PWSLT1 = 2610,
KERN_TYPE_MD55_PWSLT2 = 2710,
KERN_TYPE_MD55_SLTPW = 2810,
KERN_TYPE_LM = 3000,
KERN_TYPE_ORACLEH = 3100,
KERN_TYPE_BCRYPT = 3200,
KERN_TYPE_MD5_SLT_MD5_PW = 3710,
KERN_TYPE_MD5_SLT_PW_SLT = 3800,
KERN_TYPE_MD5U5 = 4300,
KERN_TYPE_MD5U5_PWSLT1 = 4310,
KERN_TYPE_MD5_SHA1 = 4400,
KERN_TYPE_SHA11 = 4500,
KERN_TYPE_SHA1_MD5 = 4700,
KERN_TYPE_MD5_CHAP = 4800,
KERN_TYPE_SHA1_SLT_PW_SLT = 4900,
KERN_TYPE_KECCAK = 5000,
KERN_TYPE_MD5H = 5100,
KERN_TYPE_PSAFE3 = 5200,
KERN_TYPE_IKEPSK_MD5 = 5300,
KERN_TYPE_IKEPSK_SHA1 = 5400,
KERN_TYPE_NETNTLMv1 = 5500,
KERN_TYPE_NETNTLMv2 = 5600,
KERN_TYPE_ANDROIDPIN = 5800,
KERN_TYPE_RIPEMD160 = 6000,
KERN_TYPE_WHIRLPOOL = 6100,
KERN_TYPE_TCRIPEMD160_XTS512 = 6211,
KERN_TYPE_TCRIPEMD160_XTS1024 = 6212,
KERN_TYPE_TCRIPEMD160_XTS1536 = 6213,
KERN_TYPE_TCSHA512_XTS512 = 6221,
KERN_TYPE_TCSHA512_XTS1024 = 6222,
KERN_TYPE_TCSHA512_XTS1536 = 6223,
KERN_TYPE_TCWHIRLPOOL_XTS512 = 6231,
KERN_TYPE_TCWHIRLPOOL_XTS1024 = 6232,
KERN_TYPE_TCWHIRLPOOL_XTS1536 = 6233,
KERN_TYPE_VCSHA256_XTS512 = 13751,
KERN_TYPE_VCSHA256_XTS1024 = 13752,
KERN_TYPE_VCSHA256_XTS1536 = 13753,
KERN_TYPE_MD5AIX = 6300,
KERN_TYPE_SHA256AIX = 6400,
KERN_TYPE_SHA512AIX = 6500,
KERN_TYPE_AGILEKEY = 6600,
KERN_TYPE_SHA1AIX = 6700,
KERN_TYPE_LASTPASS = 6800,
KERN_TYPE_GOST = 6900,
KERN_TYPE_PBKDF2_SHA512 = 7100,
KERN_TYPE_RAKP = 7300,
KERN_TYPE_SHA256CRYPT = 7400,
KERN_TYPE_KRB5PA = 7500,
KERN_TYPE_SHA1_SLT_SHA1_PW = 7600,
KERN_TYPE_SAPB = 7700,
KERN_TYPE_SAPG = 7800,
KERN_TYPE_DRUPAL7 = 7900,
KERN_TYPE_SYBASEASE = 8000,
KERN_TYPE_NETSCALER = 8100,
KERN_TYPE_CLOUDKEY = 8200,
KERN_TYPE_NSEC3 = 8300,
KERN_TYPE_WBB3 = 8400,
KERN_TYPE_RACF = 8500,
KERN_TYPE_LOTUS5 = 8600,
KERN_TYPE_LOTUS6 = 8700,
KERN_TYPE_ANDROIDFDE = 8800,
KERN_TYPE_SCRYPT = 8900,
KERN_TYPE_PSAFE2 = 9000,
KERN_TYPE_LOTUS8 = 9100,
KERN_TYPE_OFFICE2007 = 9400,
KERN_TYPE_OFFICE2010 = 9500,
KERN_TYPE_OFFICE2013 = 9600,
KERN_TYPE_OLDOFFICE01 = 9700,
KERN_TYPE_OLDOFFICE01CM1 = 9710,
KERN_TYPE_OLDOFFICE01CM2 = 9720,
KERN_TYPE_OLDOFFICE34 = 9800,
KERN_TYPE_OLDOFFICE34CM1 = 9810,
KERN_TYPE_OLDOFFICE34CM2 = 9820,
KERN_TYPE_RADMIN2 = 9900,
KERN_TYPE_SIPHASH = 10100,
KERN_TYPE_SAPH_SHA1 = 10300,
KERN_TYPE_PDF11 = 10400,
KERN_TYPE_PDF11CM1 = 10410,
KERN_TYPE_PDF11CM2 = 10420,
KERN_TYPE_PDF14 = 10500,
KERN_TYPE_PDF17L8 = 10700,
KERN_TYPE_SHA384 = 10800,
KERN_TYPE_PBKDF2_SHA256 = 10900,
KERN_TYPE_PRESTASHOP = 11000,
KERN_TYPE_POSTGRESQL_AUTH = 11100,
KERN_TYPE_MYSQL_AUTH = 11200,
KERN_TYPE_BITCOIN_WALLET = 11300,
KERN_TYPE_SIP_AUTH = 11400,
KERN_TYPE_CRC32 = 11500,
KERN_TYPE_SEVEN_ZIP = 11600,
KERN_TYPE_GOST_2012SBOG_256 = 11700,
KERN_TYPE_GOST_2012SBOG_512 = 11800,
KERN_TYPE_PBKDF2_MD5 = 11900,
KERN_TYPE_PBKDF2_SHA1 = 12000,
KERN_TYPE_ECRYPTFS = 12200,
KERN_TYPE_ORACLET = 12300,
KERN_TYPE_BSDICRYPT = 12400,
KERN_TYPE_RAR3 = 12500,
KERN_TYPE_CF10 = 12600,
KERN_TYPE_MYWALLET = 12700,
KERN_TYPE_MS_DRSR = 12800,
KERN_TYPE_ANDROIDFDE_SAMSUNG = 12900,
KERN_TYPE_RAR5 = 13000,
KERN_TYPE_KRB5TGS = 13100,
KERN_TYPE_AXCRYPT = 13200,
KERN_TYPE_SHA1_AXCRYPT = 13300,
KERN_TYPE_KEEPASS = 13400,
KERN_TYPE_PSTOKEN = 13500,
KERN_TYPE_ZIP2 = 13600,
KERN_TYPE_WIN8PHONE = 13800,
KERN_TYPE_OPENCART = 13900,
KERN_TYPE_DES = 14000,
KERN_TYPE_3DES = 14100,
KERN_TYPE_SHA1CX = 14400,
KERN_TYPE_LUKS_SHA1_AES = 14611,
KERN_TYPE_LUKS_SHA1_SERPENT = 14612,
KERN_TYPE_LUKS_SHA1_TWOFISH = 14613,
KERN_TYPE_LUKS_SHA256_AES = 14621,
KERN_TYPE_LUKS_SHA256_SERPENT = 14622,
KERN_TYPE_LUKS_SHA256_TWOFISH = 14623,
KERN_TYPE_LUKS_SHA512_AES = 14631,
KERN_TYPE_LUKS_SHA512_SERPENT = 14632,
KERN_TYPE_LUKS_SHA512_TWOFISH = 14633,
KERN_TYPE_LUKS_RIPEMD160_AES = 14641,
KERN_TYPE_LUKS_RIPEMD160_SERPENT = 14642,
KERN_TYPE_LUKS_RIPEMD160_TWOFISH = 14643,
KERN_TYPE_LUKS_WHIRLPOOL_AES = 14651,
KERN_TYPE_LUKS_WHIRLPOOL_SERPENT = 14652,
KERN_TYPE_LUKS_WHIRLPOOL_TWOFISH = 14653,
KERN_TYPE_PLAINTEXT = 99999,
} kern_type_t;
@ -1344,6 +1487,7 @@ typedef enum rounds_count
ROUNDS_AXCRYPT = 10000,
ROUNDS_KEEPASS = 6000,
ROUNDS_ZIP2 = 1000,
ROUNDS_LUKS = 163044, // this equal to jtr -test
ROUNDS_STDOUT = 0
} rounds_count_t;
@ -1510,6 +1654,7 @@ int win8phone_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_bu
int opencart_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
int plaintext_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
int sha1cx_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
int luks_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig, const int keyslot_idx);
/**
* output functions

10
include/types.h
Unescape View File

@ -439,6 +439,16 @@ typedef enum parser_rc
PARSER_HASH_FILE = -18,
PARSER_HASH_ENCODING = -19,
PARSER_SALT_ENCODING = -20,
PARSER_LUKS_FILE_SIZE = -21,
PARSER_LUKS_MAGIC = -22,
PARSER_LUKS_VERSION = -23,
PARSER_LUKS_CIPHER_TYPE = -24,
PARSER_LUKS_CIPHER_MODE = -25,
PARSER_LUKS_HASH_TYPE = -26,
PARSER_LUKS_KEY_SIZE = -27,
PARSER_LUKS_KEY_DISABLED = -28,
PARSER_LUKS_KEY_STRIPES = -29,
PARSER_LUKS_HASH_CIPHER = -30,
PARSER_UNKNOWN_ERROR = -255
} parser_rc_t;

43
src/hashes.c
Unescape View File

@ -487,6 +487,19 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
hashes_avail = st.st_size / sizeof (hccap_t);
}
else if (hashconfig->hash_mode == 14600)
{
hc_stat_t st;
if (hc_stat (hashes->hashfile, &st) == -1)
{
event_log_error (hashcat_ctx, "%s: %m", hashes->hashfile);
return -1;
}
hashes_avail = LUKS_NUMKEYS;
}
else
{
hashes_avail = 1;
@ -790,6 +803,36 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
}
}
}
else if (hashconfig->hash_mode == 14600)
{
if (hash_len == 0)
{
event_log_error (hashcat_ctx, "LUKS container not specified");
return -1;
}
hashlist_mode = HL_MODE_FILE;
hashes->hashlist_mode = hashlist_mode;
for (int keyslot_idx = 0; keyslot_idx < LUKS_NUMKEYS; keyslot_idx++)
{
parser_status = luks_parse_hash ((u8 *) hash_buf, hash_len, &hashes_buf[hashes_cnt], hashconfig, keyslot_idx);
if (parser_status != PARSER_OK)
{
if (parser_status != PARSER_LUKS_KEY_DISABLED)
{
event_log_warning (hashcat_ctx, "Hashfile '%s': %s", hash_buf, strparser (parser_status));
}
continue;
}
hashes_cnt++;
}
}
else
{
parser_status = hashconfig->parse_func ((u8 *) hash_buf, hash_len, &hashes_buf[hashes_cnt], hashconfig);

312
src/interface.c
Unescape View File

@ -60,6 +60,16 @@ static const char PA_017[] = "Invalid SIP directive, only MD5 is supported";
static const char PA_018[] = "Hash-file exception";
static const char PA_019[] = "Hash-encoding exception";
static const char PA_020[] = "Salt-encoding exception";
static const char PA_021[] = "Invalid LUKS filesize";
static const char PA_022[] = "Invalid LUKS identifier";
static const char PA_023[] = "Invalid LUKS version";
static const char PA_024[] = "Invalid or unsupported LUKS cipher type";
static const char PA_025[] = "Invalid or unsupported LUKS cipher mode";
static const char PA_026[] = "Invalid or unsupported LUKS hash type";
static const char PA_027[] = "Invalid LUKS key size";
static const char PA_028[] = "Disabled LUKS key detected";
static const char PA_029[] = "Invalid LUKS key AF stripes count";
static const char PA_030[] = "Invalid combination of LUKS hash type and cipher type";
static const char PA_255[] = "Unknown error";
static const char HT_00000[] = "MD5";
@ -215,6 +225,7 @@ static const char HT_13900[] = "OpenCart";
static const char HT_14000[] = "DES (PT = $salt, key = $pass)";
static const char HT_14100[] = "3DES (PT = $salt, key = $pass)";
static const char HT_14400[] = "sha1(CX)";
static const char HT_14600[] = "LUKS";
static const char HT_99999[] = "Plaintext";
static const char HT_00011[] = "Joomla < 2.5.18";
@ -13122,6 +13133,261 @@ int sha1cx_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNU
return (PARSER_OK);
}
int luks_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig, const int keyslot_idx)
{
u32 *digest = (u32 *) hash_buf->digest;
salt_t *salt = hash_buf->salt;
luks_t *luks = (luks_t *) hash_buf->esalt;
if (input_len == 0) return (PARSER_HASH_LENGTH);
FILE *fp = fopen ((const char *) input_buf, "rb");
if (fp == NULL) return (PARSER_HASH_FILE);
struct luks_phdr hdr;
const int nread = fread (&hdr, sizeof (hdr), 1, fp);
if (nread != 1) return (PARSER_LUKS_FILE_SIZE);
// copy digest which we're not using ;)
u32 *mkDigest_ptr = (u32 *) hdr.mkDigest;
digest[0] = mkDigest_ptr[0];
digest[1] = mkDigest_ptr[1];
digest[2] = mkDigest_ptr[2];
digest[3] = mkDigest_ptr[3];
digest[4] = mkDigest_ptr[4];
digest[5] = mkDigest_ptr[5];
digest[6] = mkDigest_ptr[6];
digest[7] = mkDigest_ptr[7];
// verify the content
#define ntohs __builtin_bswap16
#define ntohl __builtin_bswap32
char luks_magic[6] = LUKS_MAGIC;
if (memcmp (hdr.magic, luks_magic, LUKS_MAGIC_L)) return (PARSER_LUKS_MAGIC);
if (ntohs (hdr.version) != 1) return (PARSER_LUKS_VERSION);
if (strcmp (hdr.cipherName, "aes") == 0)
{
luks->cipher_type = HC_LUKS_CIPHER_TYPE_AES;
}
else if (strcmp (hdr.cipherName, "serpent") == 0)
{
luks->cipher_type = HC_LUKS_CIPHER_TYPE_SERPENT;
}
else if (strcmp (hdr.cipherName, "twofish") == 0)
{
luks->cipher_type = HC_LUKS_CIPHER_TYPE_TWOFISH;
}
else
{
return (PARSER_LUKS_CIPHER_TYPE);
}
if (strcmp (hdr.cipherMode, "cbc-essiv:sha256") == 0)
{
luks->cipher_mode = HC_LUKS_CIPHER_MODE_CBC_ESSIV;
}
else if (strcmp (hdr.cipherMode, "cbc-plain") == 0)
{
luks->cipher_mode = HC_LUKS_CIPHER_MODE_CBC_PLAIN;
}
else if (strcmp (hdr.cipherMode, "cbc-plain64") == 0)
{
luks->cipher_mode = HC_LUKS_CIPHER_MODE_CBC_PLAIN;
}
else if (strcmp (hdr.cipherMode, "xts-plain") == 0)
{
luks->cipher_mode = HC_LUKS_CIPHER_MODE_XTS_PLAIN;
}
else if (strcmp (hdr.cipherMode, "xts-plain64") == 0)
{
luks->cipher_mode = HC_LUKS_CIPHER_MODE_XTS_PLAIN;
}
else
{
return (PARSER_LUKS_CIPHER_MODE);
}
if (strcmp (hdr.hashSpec, "sha1") == 0)
{
luks->hash_type = HC_LUKS_HASH_TYPE_SHA1;
}
else if (strcmp (hdr.hashSpec, "sha256") == 0)
{
luks->hash_type = HC_LUKS_HASH_TYPE_SHA256;
}
else if (strcmp (hdr.hashSpec, "sha512") == 0)
{
luks->hash_type = HC_LUKS_HASH_TYPE_SHA512;
}
else if (strcmp (hdr.hashSpec, "ripemd160") == 0)
{
luks->hash_type = HC_LUKS_HASH_TYPE_RIPEMD160;
}
else if (strcmp (hdr.hashSpec, "whirlpool") == 0)
{
luks->hash_type = HC_LUKS_HASH_TYPE_WHIRLPOOL;
}
else
{
return (PARSER_LUKS_HASH_TYPE);
}
const u32 keyBytes = ntohl (hdr.keyBytes);
if (keyBytes == 16)
{
luks->key_size = HC_LUKS_KEY_SIZE_128;
}
else if (keyBytes == 32)
{
luks->key_size = HC_LUKS_KEY_SIZE_256;
}
else if (keyBytes == 64)
{
luks->key_size = HC_LUKS_KEY_SIZE_512;
}
else
{
return (PARSER_LUKS_KEY_SIZE);
}
// find the correct kernel based on hash and cipher
if ((luks->hash_type == HC_LUKS_HASH_TYPE_SHA1) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_AES))
{
hashconfig->kern_type = KERN_TYPE_LUKS_SHA1_AES;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_SHA1) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_SERPENT))
{
hashconfig->kern_type = KERN_TYPE_LUKS_SHA1_SERPENT;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_SHA1) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_TWOFISH))
{
hashconfig->kern_type = KERN_TYPE_LUKS_SHA1_TWOFISH;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_SHA256) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_AES))
{
hashconfig->kern_type = KERN_TYPE_LUKS_SHA256_AES;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_SHA256) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_SERPENT))
{
hashconfig->kern_type = KERN_TYPE_LUKS_SHA256_SERPENT;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_SHA256) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_TWOFISH))
{
hashconfig->kern_type = KERN_TYPE_LUKS_SHA256_TWOFISH;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_SHA512) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_AES))
{
hashconfig->kern_type = KERN_TYPE_LUKS_SHA512_AES;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_SHA512) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_SERPENT))
{
hashconfig->kern_type = KERN_TYPE_LUKS_SHA512_SERPENT;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_SHA512) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_TWOFISH))
{
hashconfig->kern_type = KERN_TYPE_LUKS_SHA512_TWOFISH;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_RIPEMD160) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_AES))
{
hashconfig->kern_type = KERN_TYPE_LUKS_RIPEMD160_AES;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_RIPEMD160) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_SERPENT))
{
hashconfig->kern_type = KERN_TYPE_LUKS_RIPEMD160_SERPENT;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_RIPEMD160) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_TWOFISH))
{
hashconfig->kern_type = KERN_TYPE_LUKS_RIPEMD160_TWOFISH;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_WHIRLPOOL) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_AES))
{
hashconfig->kern_type = KERN_TYPE_LUKS_WHIRLPOOL_AES;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_WHIRLPOOL) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_SERPENT))
{
hashconfig->kern_type = KERN_TYPE_LUKS_WHIRLPOOL_SERPENT;
}
else if ((luks->hash_type == HC_LUKS_HASH_TYPE_WHIRLPOOL) && (luks->cipher_type == HC_LUKS_CIPHER_TYPE_TWOFISH))
{
hashconfig->kern_type = KERN_TYPE_LUKS_WHIRLPOOL_TWOFISH;
}
else
{
return (PARSER_LUKS_HASH_CIPHER);
}
// verify the selected keyslot informations
const u32 active = ntohl (hdr.keyblock[keyslot_idx].active);
const u32 stripes = ntohl (hdr.keyblock[keyslot_idx].stripes);
if (active != LUKS_KEY_ENABLED) return (PARSER_LUKS_KEY_DISABLED);
if (stripes != LUKS_STRIPES) return (PARSER_LUKS_KEY_STRIPES);
// configure the salt (not esalt)
u32 *passwordSalt_ptr = (u32 *) hdr.keyblock[keyslot_idx].passwordSalt;
salt->salt_buf[0] = passwordSalt_ptr[0];
salt->salt_buf[1] = passwordSalt_ptr[1];
salt->salt_buf[2] = passwordSalt_ptr[2];
salt->salt_buf[3] = passwordSalt_ptr[3];
salt->salt_buf[4] = passwordSalt_ptr[4];
salt->salt_buf[5] = passwordSalt_ptr[5];
salt->salt_buf[6] = passwordSalt_ptr[6];
salt->salt_buf[7] = passwordSalt_ptr[7];
salt->salt_len = LUKS_SALTSIZE;
const u32 passwordIterations = ntohl (hdr.keyblock[keyslot_idx].passwordIterations);
salt->salt_iter = passwordIterations - 1;
// Load AF data for this keyslot into esalt
const u32 keyMaterialOffset = ntohl (hdr.keyblock[keyslot_idx].keyMaterialOffset);
const int rc_seek1 = fseek (fp, keyMaterialOffset * 512, SEEK_SET);
if (rc_seek1 == -1) return (PARSER_LUKS_FILE_SIZE);
const int nread2 = fread (luks->af_src_buf, keyBytes, stripes, fp);
if (nread2 != (int) stripes) return (PARSER_LUKS_FILE_SIZE);
// finally, copy some encrypted payload data for entropy check
const u32 payloadOffset = ntohl (hdr.payloadOffset);
const int rc_seek2 = fseek (fp, payloadOffset * 512, SEEK_SET);
if (rc_seek2 == -1) return (PARSER_LUKS_FILE_SIZE);
const int nread3 = fread (luks->ct_buf, sizeof (u32), 128, fp);
if (nread3 != 128) return (PARSER_LUKS_FILE_SIZE);
// that should be it, close the fp
fclose (fp);
return (PARSER_OK);
}
/**
* output
*/
@ -13366,6 +13632,7 @@ char *strhashtype (const u32 hash_mode)
case 14000: return ((char *) HT_14000);
case 14100: return ((char *) HT_14100);
case 14400: return ((char *) HT_14400);
case 14600: return ((char *) HT_14600);
case 99999: return ((char *) HT_99999);
}
@ -13397,6 +13664,16 @@ char *strparser (const u32 parser_status)
case PARSER_HASH_FILE: return ((char *) PA_018);
case PARSER_HASH_ENCODING: return ((char *) PA_019);
case PARSER_SALT_ENCODING: return ((char *) PA_020);
case PARSER_LUKS_FILE_SIZE: return ((char *) PA_021);
case PARSER_LUKS_MAGIC: return ((char *) PA_022);
case PARSER_LUKS_VERSION: return ((char *) PA_023);
case PARSER_LUKS_CIPHER_TYPE: return ((char *) PA_024);
case PARSER_LUKS_CIPHER_MODE: return ((char *) PA_025);
case PARSER_LUKS_HASH_TYPE: return ((char *) PA_026);
case PARSER_LUKS_KEY_SIZE: return ((char *) PA_027);
case PARSER_LUKS_KEY_DISABLED: return ((char *) PA_028);
case PARSER_LUKS_KEY_STRIPES: return ((char *) PA_029);
case PARSER_LUKS_HASH_CIPHER: return ((char *) PA_030);
}
return ((char *) PA_255);
@ -16239,6 +16516,10 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le
byte_swap_32 (digest_buf[3]),
byte_swap_32 (digest_buf[4]));
}
else if (hash_mode == 14600)
{
snprintf (out_buf, out_len - 1, "%s", hashfile);
}
else if (hash_mode == 99999)
{
char *ptr = (char *) digest_buf;
@ -20231,6 +20512,21 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
hashconfig->dgst_pos3 = 1;
break;
case 14600: hashconfig->hash_type = HASH_TYPE_LUKS;
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL;
hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_BINARY_HASHFILE;
hashconfig->kern_type = KERN_TYPE_LUKS_SHA1_AES; // this gets overwritten from within parser
hashconfig->dgst_size = DGST_SIZE_4_16;
hashconfig->parse_func = NULL; // luks_parse_hash is kind of unconvetional
hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE;
hashconfig->dgst_pos0 = 0;
hashconfig->dgst_pos1 = 1;
hashconfig->dgst_pos2 = 2;
hashconfig->dgst_pos3 = 3;
break;
case 99999: hashconfig->hash_type = HASH_TYPE_PLAINTEXT;
hashconfig->salt_type = SALT_TYPE_NONE;
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
@ -20278,9 +20574,9 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
}
const u32 is_salted = ((hashconfig->salt_type == SALT_TYPE_INTERN)
| (hashconfig->salt_type == SALT_TYPE_EXTERN)
| (hashconfig->salt_type == SALT_TYPE_EMBEDDED)
| (hashconfig->salt_type == SALT_TYPE_VIRTUAL));
| (hashconfig->salt_type == SALT_TYPE_EXTERN)
| (hashconfig->salt_type == SALT_TYPE_EMBEDDED)
| (hashconfig->salt_type == SALT_TYPE_VIRTUAL));
hashconfig->is_salted = is_salted;
@ -20363,6 +20659,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
case 13762: hashconfig->esalt_size = sizeof (tc_t); break;
case 13763: hashconfig->esalt_size = sizeof (tc_t); break;
case 13800: hashconfig->esalt_size = sizeof (win8phone_t); break;
case 14600: hashconfig->esalt_size = sizeof (luks_t); break;
}
// tmp_size
@ -20451,6 +20748,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
case 13761: hashconfig->tmp_size = sizeof (tc_tmp_t); break;
case 13762: hashconfig->tmp_size = sizeof (tc_tmp_t); break;
case 13763: hashconfig->tmp_size = sizeof (tc_tmp_t); break;
case 14600: hashconfig->tmp_size = sizeof (luks_tmp_t); break;
};
// hook_size
@ -20762,6 +21060,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
break;
case 14100: salt->salt_len = 8;
break;
case 14600: salt->salt_len = LUKS_SALTSIZE;
break;
}
// special esalt handling
@ -20824,6 +21124,10 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
((zip2_t *) esalt)->data_len = 32;
((zip2_t *) esalt)->mode = 3;
break;
case 14600: ((luks_t *) esalt)->key_size = HC_LUKS_KEY_SIZE_256;
((luks_t *) esalt)->cipher_type = HC_LUKS_CIPHER_TYPE_AES;
((luks_t *) esalt)->cipher_mode = HC_LUKS_CIPHER_MODE_XTS_PLAIN;
break;
}
}
@ -20995,6 +21299,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
break;
case 13763: salt->salt_iter = ROUNDS_VERACRYPT_200000;
break;
case 14600: salt->salt_iter = ROUNDS_LUKS;
break;
}
}

6
src/opencl.c
Unescape View File

@ -3712,9 +3712,9 @@ int opencl_session_begin (hashcat_ctx_t *hashcat_ctx)
const char *files_names[files_cnt] =
{
"inc_cipher_aes256.cl",
"inc_cipher_serpent256.cl",
"inc_cipher_twofish256.cl",
"inc_cipher_aes.cl",
"inc_cipher_serpent.cl",
"inc_cipher_twofish.cl",
"inc_common.cl",
"inc_comp_multi_bs.cl",
"inc_comp_multi.cl",

1
src/potfile.c
Unescape View File

@ -301,6 +301,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx)
if (hashconfig->hash_mode == 9000) return 0;
if ((hashconfig->hash_mode >= 13700)
&& (hashconfig->hash_mode <= 13799)) return 0;
if (hashconfig->hash_mode == 14600) return 0;
hash_t hash_buf;

1
src/usage.c
Unescape View File

@ -306,6 +306,7 @@ static const char *USAGE_BIG[] =
" Y | 2 = XTS 1024 bit cascaded Serpent-AES | Full-Disk encryptions (FDE)",
" Y | 2 = XTS 1024 bit cascaded Twofish-Serpent | Full-Disk encryptions (FDE)",
" Y | 3 = XTS 1536 bit all | Full-Disk encryptions (FDE)",
" 14600 | LUKS | Full-Disk encryptions (FDE)",
" 9700 | MS Office <= 2003 $0|$1, MD5 + RC4 | Documents",
" 9710 | MS Office <= 2003 $0|$1, MD5 + RC4, collider #1 | Documents",
" 9720 | MS Office <= 2003 $0|$1, MD5 + RC4, collider #2 | Documents",

208
tools/test.sh
Unescape View File

@ -9,7 +9,7 @@ TDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# missing hash types: 5200,6251,6261,6271,6281
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 900 1000 1100 1300 1400 1410 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 4300 4400 4500 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7100 7200 7300 7400 7500 7600 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12100 12200 12300 12400 12600 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 14000 14100 14400 99999"
HASH_TYPES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 125 130 131 132 133 140 141 150 160 200 300 400 500 900 1000 1100 1300 1400 1410 1420 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 4300 4400 4500 4700 4800 4900 5000 5100 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7100 7200 7300 7400 7500 7600 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8900 9100 9200 9300 9400 9500 9600 9700 9800 9900 10000 10100 10200 10300 10400 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11900 12000 12100 12200 12300 12400 12600 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 14000 14100 14400 14600 99999"
#ATTACK_MODES="0 1 3 6 7"
ATTACK_MODES="0 1 3 7"
@ -22,7 +22,7 @@ HASHFILE_ONLY="2500"
NEVER_CRACK="11600"
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12100 12200 12300 12400 12500 12800 12900 13000 13200 13400 13600"
SLOW_ALGOS="400 500 501 1600 1800 2100 2500 3200 5200 5800 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6251 6261 6271 6281 6300 6400 6500 6600 6700 6800 7100 7200 7400 7900 8200 8800 8900 9000 9100 9200 9300 9400 9500 9600 10000 10300 10500 10700 10900 11300 11600 11900 12000 12100 12200 12300 12400 12500 12800 12900 13000 13200 13400 13600 14600"
OPTS="--quiet --force --potfile-disable --runtime 200 --gpu-temp-disable --weak-hash-threshold=0"
@ -31,6 +31,8 @@ OUTD="test_$(date +%s)"
PACKAGE_CMD="7z a"
PACKAGE_FOLDER=""
EXTRACT_CMD="7z x"
mask_3[0]=""
mask_3[1]="?d"
mask_3[2]="?d?d"
@ -161,6 +163,65 @@ function init()
return 0
fi
if [[ ${hash_type} -eq 14600 ]]; then
luks_tests_folder="${TDIR}/luks_tests/"
if [ ! -d "${luks_tests_folder}" ]; then
mkdir -p "${luks_tests_folder}"
fi
luks_first_test_file="${luks_tests_folder}/hashcat_ripemd160_aes_cbc-essiv_128.luks"
if [ ! -f "${luks_first_test_file}" ]; then
luks_tests="hashcat_luks_testfiles.7z"
luks_tests_url="https://hashcat.net/misc/example_hashes/${luks_tests}"
cd ${TDIR}
# if the file already exists, but was not successfully extracted, we assume it's a broken
# downloaded file and therefore it should be deleted
if [ -f "${luks_tests}" ]; then
rm -f "${luks_tests}"
fi
echo ""
echo "ATTENTION: the luks test files (for -m ${hash_type}) are currently missing on your system."
echo "They will be fetched from ${luks_tests_url}"
echo "Note: this needs to be done only once and could take a little bit to download/extract."
echo "These luks test files are not shipped directly with hashcat because the file sizes are"
echo "particularily large and therefore a bandwidth burner for users who do not run these tests."
echo ""
# download:
if ! wget -q "${luks_tests_url}" &> /dev/null; then
cd - >/dev/null
echo "ERROR: Could not fetch the luks test files from this url: ${luks_tests_url}"
exit 1
fi
# extract:
${EXTRACT_CMD} "${luks_tests}" &> /dev/null
# cleanup:
rm -f "${luks_tests}"
cd - >/dev/null
# just to be very sure, check again that (one of) the files now exist:
if [ ! -f "${luks_first_test_file}" ]; then
echo "ERROR: downloading and extracting ${luks_tests} into ${luks_tests_folder} did not complete successfully"
exit 1
fi
fi
return 0
fi
# create list of password and hashes of same type
grep " ${hash_type} '" ${OUTD}/all.sh > ${OUTD}/${hash_type}.sh 2>/dev/null
@ -644,7 +705,7 @@ function attack_1()
elif [ ${hash_type} -eq 14100 ]; then
offset=23
fi
hash_file=${OUTD}/${hash_type}_multihash_combi.txt
tail -n ${offset} ${OUTD}/${hash_type}_hashes.txt > ${hash_file}
@ -771,7 +832,7 @@ function attack_3()
mask_offset=23
max=23
fi
i=1
@ -1797,6 +1858,136 @@ function truecrypt_test()
fi
}
function luks_test()
{
hashType=$1
attackType=$2
# if -m all was set let us default to -a 3 only. You could specify the attack type directly, e.g. -m 0
# the problem with defaulting to all=0,1,3,6,7 is that it could take way too long
if [ "${attackType}" -eq 65535 ]; then
attackType=3
fi
#LUKS_HASHES="sha1 sha256 sha512 ripemd160 whirlpool"
LUKS_HASHES="sha1 sha256 sha512 ripemd160"
LUKS_CIPHERS="aes serpent twofish"
LUKS_MODES="cbc-essiv cbc-plain64 xts-plain64"
LUKS_KEYSIZES="128 256 512"
LUKS_PASSWORD=$(cat "${TDIR}/luks_tests/pw")
for luks_h in ${LUKS_HASHES}; do
for luks_c in ${LUKS_CIPHERS}; do
for luks_m in ${LUKS_MODES}; do
for luks_k in ${LUKS_KEYSIZES}; do
CMD=""
# filter out not supported combinations:
case "${luks_k}" in
128)
case "${luks_m}" in
cbc-essiv|cbc-plain64)
;;
*)
continue
;;
esac
;;
256)
case "${luks_m}" in
cbc-essiv|cbc-plain64|xts-plain64)
;;
*)
continue
;;
esac
;;
512)
case "${luks_m}" in
xts-plain64)
;;
*)
continue
;;
esac
;;
esac
luks_mode="${luks_h}-${luks_c}-${luks_m}-${luks_k}"
luks_file="${TDIR}/luks_tests/hashcat_${luks_h}_${luks_c}_${luks_m}_${luks_k}.luks"
luks_main_mask="?l"
luks_mask="${luks_main_mask}"
# for combination or hybrid attacks
luks_pass_part_file1="${OUTD}/${hashType}_dict1"
luks_pass_part_file2="${OUTD}/${hashType}_dict2"
case $attackType in
0)
CMD="./${BIN} ${OPTS} -a 0 -m ${hashType} ${luks_file} ${TDIR}/luks_tests/pw"
;;
1)
luks_pass_part1_len=$((${#LUKS_PASSWORD} / 2))
luks_pass_part2_start=$((${luks_pass_part1_len} + 1))
echo "${LUKS_PASSWORD}" | cut -c-${luks_pass_part1_len} > "${luks_pass_part_file1}"
echo "${LUKS_PASSWORD}" | cut -c${luks_pass_part2_start}- > "${luks_pass_part_file2}"
CMD="./${BIN} ${OPTS} -a 6 -m ${hashType} ${luks_file} ${luks_pass_part_file1} ${luks_pass_part_file2}"
;;
3)
luks_mask_fixed_len=$((${#LUKS_PASSWORD} - 1))
luks_mask="$(echo "${LUKS_PASSWORD}" | cut -c-${luks_mask_fixed_len})"
luks_mask="${luks_mask}${luks_main_mask}"
CMD="./${BIN} ${OPTS} -a 3 -m ${hashType} ${luks_file} ${luks_mask}"
;;
6)
luks_pass_part1_len=$((${#LUKS_PASSWORD} - 1))
echo "${LUKS_PASSWORD}" | cut -c-${luks_pass_part1_len} > "${luks_pass_part_file1}"
CMD="./${BIN} ${OPTS} -a 6 -m ${hashType} ${luks_file} ${luks_pass_part_file1} ${luks_mask}"
;;
7)
echo "${LUKS_PASSWORD}" | cut -c2- > "${luks_pass_part_file1}"
CMD="./${BIN} ${OPTS} -a 7 -m ${hashType} ${luks_file} ${luks_mask} ${luks_pass_part_file1}"
;;
esac
if [ -n "${CMD}" ]; then
echo "> Testing hash type ${hashType} with attack mode ${attackType}, markov ${MARKOV}, single hash, Device-Type ${TYPE}, vector-width ${VECTOR}, luksMode ${luks_mode}" &>> ${OUTD}/logfull.txt
output=$(${CMD} 2>&1)
ret=${?}
echo "${output}" >> ${OUTD}/logfull.txt
cnt=1
e_nf=0
msg="OK"
if [ ${ret} -ne 0 ]; then
e_nf=1
msg="Error"
fi
echo "[ ${OUTD} ] [ Type ${hash_type}, Attack ${attackType}, Mode single, Device-Type ${TYPE}, Vector-Width ${VECTOR}, luksMode ${luks_mode} ] > $msg : ${e_nf}/${cnt} not found"
status ${ret}
fi
done
done
done
done
}
function usage()
{
cat << EOF
@ -2045,8 +2236,10 @@ if [ "${PACKAGE}" -eq 0 -o -z "${PACKAGE_FOLDER}" ]; then
# generate random test entry
if [ ${HT} -eq 65535 ]; then
perl tools/test.pl single > ${OUTD}/all.sh
elif [[ ${HT} -lt 6211 ]] || [[ ${HT} -gt 6243 ]]; then
perl tools/test.pl single ${HT} > ${OUTD}/all.sh
elif [[ ${HT} -ne 14600 ]]; then
if [[ ${HT} -lt 6211 ]] || [[ ${HT} -gt 6243 ]]; then
perl tools/test.pl single ${HT} > ${OUTD}/all.sh
fi
fi
else
@ -2118,6 +2311,9 @@ if [ "${PACKAGE}" -eq 0 -o -z "${PACKAGE_FOLDER}" ]; then
truecrypt_test ${hash_type} 0
truecrypt_test ${hash_type} 1
truecrypt_test ${hash_type} 2
elif [[ ${hash_type} -eq 14600 ]]; then
# run luks tests
luks_test ${hash_type} ${ATTACK}
else
# run attack mode 0 (stdin)
if [[ ${ATTACK} -eq 65535 ]] || [[ ${ATTACK} -eq 0 ]]; then attack_0; fi

Write Preview
Loading…
Cancel
Save