1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-26 09:58:16 +00:00

Merge branch 'master' into pkcs1

This commit is contained in:
Jens Steube 2020-06-10 10:51:43 +02:00 committed by GitHub
commit 9ea8b3424d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 2285 additions and 226 deletions

View File

@ -3,7 +3,7 @@ hashcat build documentation
### Revision ###
* 1.4
* 1.5
### Author ###
@ -33,6 +33,11 @@ $ make install
If you install it, cached kernels, session files, restore- and pot-files etc. will go to $HOME/.hashcat/
### Building hashcat for Windows (using Windows Subsystem for Linux) ###
Refer to [BUILD_WSL.md](BUILD_WSL.md)
### Building hashcat for Windows (using Cygwin) ###
Refer to [BUILD_CYGWIN.md](BUILD_CYGWIN.md)

36
BUILD_WSL.md Normal file
View File

@ -0,0 +1,36 @@
# Compiling hashcat for Windows with Windows Subsystem for Linux.
Tested on Windows 10 x64, should also work to build hashcat for Windows on Linux.
### Installation ###
Enable WSL.
Press the win + r key on your keyboard simultaneously and in the "Run" popup window type bash and make sure to install additional dependencies necessary for hashcat compilation
```
sudo apt install gcc-mingw-w64-x86-64 make git
git clone https://github.com/hashcat/hashcat
git clone https://github.com/win-iconv/win-iconv
cd win-iconv/
patch < ../hashcat/tools/win-iconv-64.diff
sudo make install
cd ../
```
### Building ###
You've already cloned the latest master revision of hashcat repository above, so switch to the folder and type "make win" to start compiling hashcat
```
cd hashcat/
make win
```
The process may take a while, please be patient. Once it's finished, close WSL.
Press the win + r keys together and (in the "Run" popup window) type cmd, using cd navigate to the hashcat folder e.g.
```
cd "C:\Users\user\hashcat"
```
and start hashcat by typing
```
hashcat.exe
```

View File

@ -16,6 +16,163 @@
#include "inc_hash_sha1.cl"
#endif
DECLSPEC u64 u32_to_u64 (const u32 in)
{
const u64 t0 = (u64) ((in >> 0) & 0xff);
const u64 t1 = (u64) ((in >> 8) & 0xff);
const u64 t2 = (u64) ((in >> 16) & 0xff);
const u64 t3 = (u64) ((in >> 24) & 0xff);
const u64 out = (t0 << 0)
| (t1 << 16)
| (t2 << 32)
| (t3 << 48);
return out;
}
DECLSPEC u32 u64_to_u32 (const u64 in)
{
const u32 t0 = (u32) ((in >> 0) & 0xff);
const u32 t1 = (u32) ((in >> 16) & 0xff);
const u32 t2 = (u32) ((in >> 32) & 0xff);
const u32 t3 = (u32) ((in >> 48) & 0xff);
const u32 out = (t0 << 0)
| (t1 << 8)
| (t2 << 16)
| (t3 << 24);
return out;
}
DECLSPEC int replace_u32_le (const u32 input, u32 *output, int cur_len)
{
// expand to keep 9th bit consistent
u64 input64 = u32_to_u64 (input);
u64 m64 = input64;
m64 ^= 0x002e002e002e002e; // convert 0x2e to 0x00
m64 ^= 0x00ff00ff00ff00ff; // convert 0x00 to 0xff (jit will optimize this to one instruction)
m64 += 0x0001000100010001; // only 0xff can set 9th bit
m64 &= 0x0100010001000100; // only 9th bit survives
m64 |= m64 << 1; // converts 0x0100 to 0xff00
m64 |= m64 << 2;
m64 |= m64 << 4;
m64 >>= 8; // back to original positions (in 64 bit)
u32 m = u64_to_u32 (m64);
u32 r = 0;
const u32 mn = ~m;
const u32 r0 = mn & 0x000000ff;
const u32 r1 = mn & 0x0000ff00;
const u32 r2 = mn & 0x00ff0000;
const u32 r3 = mn & 0xff000000;
cur_len <<= 24;
r |= cur_len; cur_len = (cur_len + 0x01000000) & r3; cur_len >>= 8;
r |= cur_len; cur_len = (cur_len + 0x00010000) & r2; cur_len >>= 8;
r |= cur_len; cur_len = (cur_len + 0x00000100) & r1; cur_len >>= 8;
r |= cur_len; cur_len = (cur_len + 0x00000001) & r0;
*output = (input & mn) | (r & m);
return cur_len;
}
DECLSPEC u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len)
{
// loop over w3...w0 (4 * 16 = 64 bytes):
int cur_len = 0 - (64 - pw_len); // number of padding bytes relative to buffer size
cur_len = replace_u32_le (w3[3], &w3[3], cur_len);
cur_len = replace_u32_le (w3[2], &w3[2], cur_len);
cur_len = replace_u32_le (w3[1], &w3[1], cur_len);
cur_len = replace_u32_le (w3[0], &w3[0], cur_len);
cur_len = replace_u32_le (w2[3], &w2[3], cur_len);
cur_len = replace_u32_le (w2[2], &w2[2], cur_len);
cur_len = replace_u32_le (w2[1], &w2[1], cur_len);
cur_len = replace_u32_le (w2[0], &w2[0], cur_len);
cur_len = replace_u32_le (w1[3], &w1[3], cur_len);
cur_len = replace_u32_le (w1[2], &w1[2], cur_len);
cur_len = replace_u32_le (w1[1], &w1[1], cur_len);
cur_len = replace_u32_le (w1[0], &w1[0], cur_len);
cur_len = replace_u32_le (w0[3], &w0[3], cur_len);
cur_len = replace_u32_le (w0[2], &w0[2], cur_len);
cur_len = replace_u32_le (w0[1], &w0[1], cur_len);
cur_len = replace_u32_le (w0[0], &w0[0], cur_len);
return cur_len;
}
#define REPLACE_DOT_BY_LEN_VECT(n) \
if (out_len.s##n > 0) \
{ \
u32 tmp0[4]; \
\
tmp0[0] = w0_t[0].s##n; \
tmp0[1] = w0_t[1].s##n; \
tmp0[2] = w0_t[2].s##n; \
tmp0[3] = w0_t[3].s##n; \
\
u32 tmp1[4]; \
\
tmp1[0] = w1_t[0].s##n; \
tmp1[1] = w1_t[1].s##n; \
tmp1[2] = w1_t[2].s##n; \
tmp1[3] = w1_t[3].s##n; \
\
u32 tmp2[4]; \
\
tmp2[0] = w2_t[0].s##n; \
tmp2[1] = w2_t[1].s##n; \
tmp2[2] = w2_t[2].s##n; \
tmp2[3] = w2_t[3].s##n; \
\
u32 tmp3[4]; \
\
tmp3[0] = w3_t[0].s##n; \
tmp3[1] = w3_t[1].s##n; \
tmp3[2] = w3_t[2].s##n; \
tmp3[3] = w3_t[3].s##n; \
\
const u32 len = replace_dot_by_len (tmp0, tmp1, tmp2, tmp3, out_len.s##n); \
\
switch_buffer_by_offset_le_S (tmp0, tmp1, tmp2, tmp3, 1); \
\
tmp0[0] |= len & 0xff; \
\
w0_t[0].s##n = tmp0[0]; \
w0_t[1].s##n = tmp0[1]; \
w0_t[2].s##n = tmp0[2]; \
w0_t[3].s##n = tmp0[3]; \
\
w1_t[0].s##n = tmp1[0]; \
w1_t[1].s##n = tmp1[1]; \
w1_t[2].s##n = tmp1[2]; \
w1_t[3].s##n = tmp1[3]; \
\
w2_t[0].s##n = tmp2[0]; \
w2_t[1].s##n = tmp2[1]; \
w2_t[2].s##n = tmp2[2]; \
w2_t[3].s##n = tmp2[3]; \
\
w3_t[0].s##n = tmp3[0]; \
w3_t[1].s##n = tmp3[1]; \
w3_t[2].s##n = tmp3[2]; \
w3_t[3].s##n = tmp3[3]; \
\
out_len.s##n++; \
}
KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ())
{
/**
@ -91,7 +248,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ())
u32x w2[4] = { 0 };
u32x w3[4] = { 0 };
const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1);
u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1);
/**
* salt
@ -119,9 +276,44 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ())
w3_t[2] = w3[2];
w3_t[3] = w3[3];
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1);
// replace "." with the length:
w0_t[0] |= out_len & 0xff;
#if VECT_SIZE == 1
if (out_len > 0)
{
const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, out_len);
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1);
w0_t[0] |= len & 0xff;
out_len++;
}
#endif
#if VECT_SIZE >= 2
REPLACE_DOT_BY_LEN_VECT (0)
REPLACE_DOT_BY_LEN_VECT (1)
#endif
#if VECT_SIZE >= 4
REPLACE_DOT_BY_LEN_VECT (2)
REPLACE_DOT_BY_LEN_VECT (3)
#endif
#if VECT_SIZE >= 8
REPLACE_DOT_BY_LEN_VECT (4)
REPLACE_DOT_BY_LEN_VECT (5)
REPLACE_DOT_BY_LEN_VECT (6)
REPLACE_DOT_BY_LEN_VECT (7)
#endif
#if VECT_SIZE >= 16
REPLACE_DOT_BY_LEN_VECT (8)
REPLACE_DOT_BY_LEN_VECT (9)
REPLACE_DOT_BY_LEN_VECT (a)
REPLACE_DOT_BY_LEN_VECT (b)
REPLACE_DOT_BY_LEN_VECT (c)
REPLACE_DOT_BY_LEN_VECT (d)
REPLACE_DOT_BY_LEN_VECT (e)
REPLACE_DOT_BY_LEN_VECT (f)
#endif
u32x s0[4];
u32x s1[4];
@ -145,7 +337,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ())
s3[2] = 0;
s3[3] = 0;
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + out_len);
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len);
w0_t[0] |= s0[0];
w0_t[1] |= s0[1];
@ -181,7 +373,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ())
s3[2] = 0;
s3[3] = 0;
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + out_len + domain_len + 1);
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len + domain_len + 1);
w0_t[0] |= s0[0];
w0_t[1] |= s0[1];
@ -219,7 +411,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_RULES ())
w3_t[0] = hc_swap32 (w3_t[0]);
w3_t[1] = hc_swap32 (w3_t[1]);
w3_t[2] = 0;
w3_t[3] = (1 + out_len + domain_len + 1 + salt_len) * 8;
w3_t[3] = (out_len + domain_len + 1 + salt_len) * 8;
u32x digest[5];
@ -360,7 +552,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ())
u32x w2[4] = { 0 };
u32x w3[4] = { 0 };
const u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1);
u32x out_len = apply_rules_vect_optimized (pw_buf0, pw_buf1, pw_len, rules_buf, il_pos, w0, w1);
/**
* salt
@ -388,9 +580,44 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ())
w3_t[2] = w3[2];
w3_t[3] = w3[3];
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1);
// replace "." with the length:
w0_t[0] |= out_len & 0xff;
#if VECT_SIZE == 1
if (out_len > 0)
{
const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, out_len);
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1);
w0_t[0] |= len & 0xff;
out_len++;
}
#endif
#if VECT_SIZE >= 2
REPLACE_DOT_BY_LEN_VECT (0)
REPLACE_DOT_BY_LEN_VECT (1)
#endif
#if VECT_SIZE >= 4
REPLACE_DOT_BY_LEN_VECT (2)
REPLACE_DOT_BY_LEN_VECT (3)
#endif
#if VECT_SIZE >= 8
REPLACE_DOT_BY_LEN_VECT (4)
REPLACE_DOT_BY_LEN_VECT (5)
REPLACE_DOT_BY_LEN_VECT (6)
REPLACE_DOT_BY_LEN_VECT (7)
#endif
#if VECT_SIZE >= 16
REPLACE_DOT_BY_LEN_VECT (8)
REPLACE_DOT_BY_LEN_VECT (9)
REPLACE_DOT_BY_LEN_VECT (a)
REPLACE_DOT_BY_LEN_VECT (b)
REPLACE_DOT_BY_LEN_VECT (c)
REPLACE_DOT_BY_LEN_VECT (d)
REPLACE_DOT_BY_LEN_VECT (e)
REPLACE_DOT_BY_LEN_VECT (f)
#endif
u32x s0[4];
u32x s1[4];
@ -414,7 +641,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ())
s3[2] = 0;
s3[3] = 0;
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + out_len);
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len);
w0_t[0] |= s0[0];
w0_t[1] |= s0[1];
@ -450,7 +677,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ())
s3[2] = 0;
s3[3] = 0;
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + out_len + domain_len + 1);
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, out_len + domain_len + 1);
w0_t[0] |= s0[0];
w0_t[1] |= s0[1];
@ -488,7 +715,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_RULES ())
w3_t[0] = hc_swap32 (w3_t[0]);
w3_t[1] = hc_swap32 (w3_t[1]);
w3_t[2] = 0;
w3_t[3] = (1 + out_len + domain_len + 1 + salt_len) * 8;
w3_t[3] = (out_len + domain_len + 1 + salt_len) * 8;
u32x digest[5];

View File

@ -67,11 +67,36 @@ KERNEL_FQ void m08300_mxx (KERN_ATTR_RULES ())
sha1_init (&ctx1);
ctx1.w0[0] = (tmp.pw_len & 0xff) << 24;
// replace "." with the length:
ctx1.len = 1;
if (tmp.pw_len > 0)
{
u32 len = 0;
sha1_update_swap (&ctx1, tmp.i, tmp.pw_len);
for (int pos = tmp.pw_len - 1; pos >= 0; pos--)
{
const u32 div = pos / 4;
const u32 mod = pos & 3;
const u32 sht = mod << 3;
if (((tmp.i[div] >> sht) & 0xff) == 0x2e) // '.'
{
tmp.i[div] += (len - 0x2e) << sht;
len = 0;
continue;
}
len++;
}
ctx1.w0[0] = (len & 0xff) << 24;
ctx1.len = 1;
sha1_update_swap (&ctx1, tmp.i, tmp.pw_len);
}
sha1_update (&ctx1, s_pc, salt_len_pc + 1);
@ -186,11 +211,36 @@ KERNEL_FQ void m08300_sxx (KERN_ATTR_RULES ())
sha1_init (&ctx1);
ctx1.w0[0] = (tmp.pw_len & 0xff) << 24;
// replace "." with the length:
ctx1.len = 1;
if (tmp.pw_len > 0)
{
u32 len = 0;
sha1_update_swap (&ctx1, tmp.i, tmp.pw_len);
for (int pos = tmp.pw_len - 1; pos >= 0; pos--)
{
const u32 div = pos / 4;
const u32 mod = pos & 3;
const u32 sht = mod << 3;
if (((tmp.i[div] >> sht) & 0xff) == 0x2e) // '.'
{
tmp.i[div] += (len - 0x2e) << sht;
len = 0;
continue;
}
len++;
}
ctx1.w0[0] = (len & 0xff) << 24;
ctx1.len = 1;
sha1_update_swap (&ctx1, tmp.i, tmp.pw_len);
}
sha1_update (&ctx1, s_pc, salt_len_pc + 1);

View File

@ -14,6 +14,163 @@
#include "inc_hash_sha1.cl"
#endif
DECLSPEC u64 u32_to_u64 (const u32 in)
{
const u64 t0 = (u64) ((in >> 0) & 0xff);
const u64 t1 = (u64) ((in >> 8) & 0xff);
const u64 t2 = (u64) ((in >> 16) & 0xff);
const u64 t3 = (u64) ((in >> 24) & 0xff);
const u64 out = (t0 << 0)
| (t1 << 16)
| (t2 << 32)
| (t3 << 48);
return out;
}
DECLSPEC u32 u64_to_u32 (const u64 in)
{
const u32 t0 = (u32) ((in >> 0) & 0xff);
const u32 t1 = (u32) ((in >> 16) & 0xff);
const u32 t2 = (u32) ((in >> 32) & 0xff);
const u32 t3 = (u32) ((in >> 48) & 0xff);
const u32 out = (t0 << 0)
| (t1 << 8)
| (t2 << 16)
| (t3 << 24);
return out;
}
DECLSPEC int replace_u32_le (const u32 input, u32 *output, int cur_len)
{
// expand to keep 9th bit consistent
u64 input64 = u32_to_u64 (input);
u64 m64 = input64;
m64 ^= 0x002e002e002e002e; // convert 0x2e to 0x00
m64 ^= 0x00ff00ff00ff00ff; // convert 0x00 to 0xff (jit will optimize this to one instruction)
m64 += 0x0001000100010001; // only 0xff can set 9th bit
m64 &= 0x0100010001000100; // only 9th bit survives
m64 |= m64 << 1; // converts 0x0100 to 0xff00
m64 |= m64 << 2;
m64 |= m64 << 4;
m64 >>= 8; // back to original positions (in 64 bit)
u32 m = u64_to_u32 (m64);
u32 r = 0;
const u32 mn = ~m;
const u32 r0 = mn & 0x000000ff;
const u32 r1 = mn & 0x0000ff00;
const u32 r2 = mn & 0x00ff0000;
const u32 r3 = mn & 0xff000000;
cur_len <<= 24;
r |= cur_len; cur_len = (cur_len + 0x01000000) & r3; cur_len >>= 8;
r |= cur_len; cur_len = (cur_len + 0x00010000) & r2; cur_len >>= 8;
r |= cur_len; cur_len = (cur_len + 0x00000100) & r1; cur_len >>= 8;
r |= cur_len; cur_len = (cur_len + 0x00000001) & r0;
*output = (input & mn) | (r & m);
return cur_len;
}
DECLSPEC u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len)
{
// loop over w3...w0 (4 * 16 = 64 bytes):
int cur_len = 0 - (64 - pw_len); // number of padding bytes relative to buffer size
cur_len = replace_u32_le (w3[3], &w3[3], cur_len);
cur_len = replace_u32_le (w3[2], &w3[2], cur_len);
cur_len = replace_u32_le (w3[1], &w3[1], cur_len);
cur_len = replace_u32_le (w3[0], &w3[0], cur_len);
cur_len = replace_u32_le (w2[3], &w2[3], cur_len);
cur_len = replace_u32_le (w2[2], &w2[2], cur_len);
cur_len = replace_u32_le (w2[1], &w2[1], cur_len);
cur_len = replace_u32_le (w2[0], &w2[0], cur_len);
cur_len = replace_u32_le (w1[3], &w1[3], cur_len);
cur_len = replace_u32_le (w1[2], &w1[2], cur_len);
cur_len = replace_u32_le (w1[1], &w1[1], cur_len);
cur_len = replace_u32_le (w1[0], &w1[0], cur_len);
cur_len = replace_u32_le (w0[3], &w0[3], cur_len);
cur_len = replace_u32_le (w0[2], &w0[2], cur_len);
cur_len = replace_u32_le (w0[1], &w0[1], cur_len);
cur_len = replace_u32_le (w0[0], &w0[0], cur_len);
return cur_len;
}
#define REPLACE_DOT_BY_LEN_VECT(n) \
if (pw_len.s##n > 0) \
{ \
u32 tmp0[4]; \
\
tmp0[0] = w0_t[0].s##n; \
tmp0[1] = w0_t[1].s##n; \
tmp0[2] = w0_t[2].s##n; \
tmp0[3] = w0_t[3].s##n; \
\
u32 tmp1[4]; \
\
tmp1[0] = w1_t[0].s##n; \
tmp1[1] = w1_t[1].s##n; \
tmp1[2] = w1_t[2].s##n; \
tmp1[3] = w1_t[3].s##n; \
\
u32 tmp2[4]; \
\
tmp2[0] = w2_t[0].s##n; \
tmp2[1] = w2_t[1].s##n; \
tmp2[2] = w2_t[2].s##n; \
tmp2[3] = w2_t[3].s##n; \
\
u32 tmp3[4]; \
\
tmp3[0] = w3_t[0].s##n; \
tmp3[1] = w3_t[1].s##n; \
tmp3[2] = w3_t[2].s##n; \
tmp3[3] = w3_t[3].s##n; \
\
const u32 len = replace_dot_by_len (tmp0, tmp1, tmp2, tmp3, pw_len.s##n); \
\
switch_buffer_by_offset_le_S (tmp0, tmp1, tmp2, tmp3, 1); \
\
tmp0[0] |= len & 0xff; \
\
w0_t[0].s##n = tmp0[0]; \
w0_t[1].s##n = tmp0[1]; \
w0_t[2].s##n = tmp0[2]; \
w0_t[3].s##n = tmp0[3]; \
\
w1_t[0].s##n = tmp1[0]; \
w1_t[1].s##n = tmp1[1]; \
w1_t[2].s##n = tmp1[2]; \
w1_t[3].s##n = tmp1[3]; \
\
w2_t[0].s##n = tmp2[0]; \
w2_t[1].s##n = tmp2[1]; \
w2_t[2].s##n = tmp2[2]; \
w2_t[3].s##n = tmp2[3]; \
\
w3_t[0].s##n = tmp3[0]; \
w3_t[1].s##n = tmp3[1]; \
w3_t[2].s##n = tmp3[2]; \
w3_t[3].s##n = tmp3[3]; \
\
pw_len.s##n++; \
}
KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ())
{
/**
@ -86,7 +243,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ())
{
const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63;
const u32x pw_len = (pw_l_len + pw_r_len) & 63;
u32x pw_len = (pw_l_len + pw_r_len) & 63;
/**
* concat password candidate
@ -177,9 +334,44 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ())
w3_t[2] = w3[2];
w3_t[3] = w3[3];
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1);
// replace "." with the length:
w0_t[0] |= pw_len & 0xff;
#if VECT_SIZE == 1
if (pw_len > 0)
{
const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, pw_len);
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1);
w0_t[0] |= len & 0xff;
pw_len++;
}
#endif
#if VECT_SIZE >= 2
REPLACE_DOT_BY_LEN_VECT (0)
REPLACE_DOT_BY_LEN_VECT (1)
#endif
#if VECT_SIZE >= 4
REPLACE_DOT_BY_LEN_VECT (2)
REPLACE_DOT_BY_LEN_VECT (3)
#endif
#if VECT_SIZE >= 8
REPLACE_DOT_BY_LEN_VECT (4)
REPLACE_DOT_BY_LEN_VECT (5)
REPLACE_DOT_BY_LEN_VECT (6)
REPLACE_DOT_BY_LEN_VECT (7)
#endif
#if VECT_SIZE >= 16
REPLACE_DOT_BY_LEN_VECT (8)
REPLACE_DOT_BY_LEN_VECT (9)
REPLACE_DOT_BY_LEN_VECT (a)
REPLACE_DOT_BY_LEN_VECT (b)
REPLACE_DOT_BY_LEN_VECT (c)
REPLACE_DOT_BY_LEN_VECT (d)
REPLACE_DOT_BY_LEN_VECT (e)
REPLACE_DOT_BY_LEN_VECT (f)
#endif
u32x s0[4];
u32x s1[4];
@ -203,7 +395,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ())
s3[2] = 0;
s3[3] = 0;
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + pw_len);
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len);
w0_t[0] |= s0[0];
w0_t[1] |= s0[1];
@ -239,7 +431,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ())
s3[2] = 0;
s3[3] = 0;
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + pw_len + domain_len + 1);
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len + domain_len + 1);
w0_t[0] |= s0[0];
w0_t[1] |= s0[1];
@ -277,7 +469,7 @@ KERNEL_FQ void m08300_m04 (KERN_ATTR_BASIC ())
w3_t[0] = hc_swap32 (w3_t[0]);
w3_t[1] = hc_swap32 (w3_t[1]);
w3_t[2] = 0;
w3_t[3] = (1 + pw_len + domain_len + 1 + salt_len) * 8;
w3_t[3] = (pw_len + domain_len + 1 + salt_len) * 8;
u32x digest[5];
@ -415,7 +607,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ())
{
const u32x pw_r_len = pwlenx_create_combt (combs_buf, il_pos) & 63;
const u32x pw_len = (pw_l_len + pw_r_len) & 63;
u32x pw_len = (pw_l_len + pw_r_len) & 63;
/**
* concat password candidate
@ -506,9 +698,44 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ())
w3_t[2] = w3[2];
w3_t[3] = w3[3];
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1);
// replace "." with the length:
w0_t[0] |= pw_len & 0xff;
#if VECT_SIZE == 1
if (pw_len > 0)
{
const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, pw_len);
switch_buffer_by_offset_le (w0_t, w1_t, w2_t, w3_t, 1);
w0_t[0] |= len & 0xff;
pw_len++;
}
#endif
#if VECT_SIZE >= 2
REPLACE_DOT_BY_LEN_VECT (0)
REPLACE_DOT_BY_LEN_VECT (1)
#endif
#if VECT_SIZE >= 4
REPLACE_DOT_BY_LEN_VECT (2)
REPLACE_DOT_BY_LEN_VECT (3)
#endif
#if VECT_SIZE >= 8
REPLACE_DOT_BY_LEN_VECT (4)
REPLACE_DOT_BY_LEN_VECT (5)
REPLACE_DOT_BY_LEN_VECT (6)
REPLACE_DOT_BY_LEN_VECT (7)
#endif
#if VECT_SIZE >= 16
REPLACE_DOT_BY_LEN_VECT (8)
REPLACE_DOT_BY_LEN_VECT (9)
REPLACE_DOT_BY_LEN_VECT (a)
REPLACE_DOT_BY_LEN_VECT (b)
REPLACE_DOT_BY_LEN_VECT (c)
REPLACE_DOT_BY_LEN_VECT (d)
REPLACE_DOT_BY_LEN_VECT (e)
REPLACE_DOT_BY_LEN_VECT (f)
#endif
u32x s0[4];
u32x s1[4];
@ -532,7 +759,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ())
s3[2] = 0;
s3[3] = 0;
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + pw_len);
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len);
w0_t[0] |= s0[0];
w0_t[1] |= s0[1];
@ -568,7 +795,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ())
s3[2] = 0;
s3[3] = 0;
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, 1 + pw_len + domain_len + 1);
switch_buffer_by_offset_le_VV (s0, s1, s2, s3, pw_len + domain_len + 1);
w0_t[0] |= s0[0];
w0_t[1] |= s0[1];
@ -606,7 +833,7 @@ KERNEL_FQ void m08300_s04 (KERN_ATTR_BASIC ())
w3_t[0] = hc_swap32 (w3_t[0]);
w3_t[1] = hc_swap32 (w3_t[1]);
w3_t[2] = 0;
w3_t[3] = (1 + pw_len + domain_len + 1 + salt_len) * 8;
w3_t[3] = (pw_len + domain_len + 1 + salt_len) * 8;
u32x digest[5];

View File

@ -14,6 +14,42 @@
#include "inc_hash_sha1.cl"
#endif
DECLSPEC const u32 replace_dot_by_len (pw_t *out, GLOBAL_AS const pw_t *in, const u32 old_len)
{
// first make out a copy of in:
out->pw_len = in->pw_len;
for (int i = 0; i < 64; i++)
{
out->i[i] = in->i[i];
}
// replace "." with the length:
u32 cur_len = old_len;
for (int pos = out->pw_len - 1; pos >= 0; pos--)
{
const u32 div = pos / 4;
const u32 mod = pos & 3;
const u32 sht = mod << 3;
if (((out->i[div] >> sht) & 0xff) == 0x2e) // '.'
{
out->i[div] += (cur_len - 0x2e) << sht;
cur_len = 0;
continue;
}
cur_len++;
}
return cur_len;
}
KERNEL_FQ void m08300_mxx (KERN_ATTR_BASIC ())
{
/**
@ -59,13 +95,27 @@ KERNEL_FQ void m08300_mxx (KERN_ATTR_BASIC ())
sha1_init (&ctx1);
ctx1.w0[0] = ((pws[gid].pw_len + combs_buf[il_pos].pw_len) & 0xff) << 24;
const u32 pw_len = pws[gid].pw_len + combs_buf[il_pos].pw_len;
ctx1.len = 1;
// replace "." with the length:
sha1_update_global_swap (&ctx1, pws[gid].i, pws[gid].pw_len);
if (pw_len > 0)
{
pw_t combs;
sha1_update_global_swap (&ctx1, combs_buf[il_pos].i, combs_buf[il_pos].pw_len);
const u32 first_len_combs = replace_dot_by_len (&combs, &combs_buf[il_pos], 0);
pw_t pw;
const u32 first_len_pw = replace_dot_by_len (&pw, &pws[gid], first_len_combs);
ctx1.w0[0] = (first_len_pw & 0xff) << 24;
ctx1.len = 1;
sha1_update_swap (&ctx1, pw.i, pw.pw_len);
sha1_update_swap (&ctx1, combs.i, combs.pw_len);
}
sha1_update (&ctx1, s_pc, salt_len_pc + 1);
@ -174,13 +224,27 @@ KERNEL_FQ void m08300_sxx (KERN_ATTR_BASIC ())
sha1_init (&ctx1);
ctx1.w0[0] = ((pws[gid].pw_len + combs_buf[il_pos].pw_len) & 0xff) << 24;
const u32 pw_len = pws[gid].pw_len + combs_buf[il_pos].pw_len;
ctx1.len = 1;
// replace "." with the length:
sha1_update_global_swap (&ctx1, pws[gid].i, pws[gid].pw_len);
if (pw_len > 0)
{
pw_t combs;
sha1_update_global_swap (&ctx1, combs_buf[il_pos].i, combs_buf[il_pos].pw_len);
const u32 first_len_combs = replace_dot_by_len (&combs, &combs_buf[il_pos], 0);
pw_t pw;
const u32 first_len_pw = replace_dot_by_len (&pw, &pws[gid], first_len_combs);
ctx1.w0[0] = (first_len_pw & 0xff) << 24;
ctx1.len = 1;
sha1_update_swap (&ctx1, pw.i, pw.pw_len);
sha1_update_swap (&ctx1, combs.i, combs.pw_len);
}
sha1_update (&ctx1, s_pc, salt_len_pc + 1);

View File

@ -14,6 +14,159 @@
#include "inc_hash_sha1.cl"
#endif
DECLSPEC u64 u32_to_u64 (const u32 in)
{
const u64 t0 = (u64) ((in >> 24) & 0xff);
const u64 t1 = (u64) ((in >> 16) & 0xff);
const u64 t2 = (u64) ((in >> 8) & 0xff);
const u64 t3 = (u64) ((in >> 0) & 0xff);
const u64 out = (t0 << 48)
| (t1 << 32)
| (t2 << 16)
| (t3 << 0);
return out;
}
DECLSPEC u32 u64_to_u32 (const u64 in)
{
const u32 t0 = (u32) ((in >> 48) & 0xff);
const u32 t1 = (u32) ((in >> 32) & 0xff);
const u32 t2 = (u32) ((in >> 16) & 0xff);
const u32 t3 = (u32) ((in >> 0) & 0xff);
const u32 out = (t0 << 24)
| (t1 << 16)
| (t2 << 8)
| (t3 << 0);
return out;
}
DECLSPEC int replace_u32_be (const u32 input, u32 *output, int cur_len)
{
// expand to keep 9th bit consistent
u64 input64 = u32_to_u64 (input);
u64 m64 = input64;
m64 ^= 0x002e002e002e002e; // convert 0x2e to 0x00
m64 ^= 0x00ff00ff00ff00ff; // convert 0x00 to 0xff (jit will optimize this to one instruction)
m64 += 0x0001000100010001; // only 0xff can set 9th bit
m64 &= 0x0100010001000100; // only 9th bit survives
m64 |= m64 << 1; // converts 0x0100 to 0xff00
m64 |= m64 << 2;
m64 |= m64 << 4;
m64 >>= 8; // back to original positions (in 64 bit)
u32 m = u64_to_u32 (m64);
u32 r = 0;
const u32 mn = ~m;
const u32 r0 = mn & 0xff000000;
const u32 r1 = mn & 0x00ff0000;
const u32 r2 = mn & 0x0000ff00;
const u32 r3 = mn & 0x000000ff;
r |= cur_len; cur_len = (cur_len + 0x00000001) & r3; cur_len <<= 8;
r |= cur_len; cur_len = (cur_len + 0x00000100) & r2; cur_len <<= 8;
r |= cur_len; cur_len = (cur_len + 0x00010000) & r1; cur_len <<= 8;
r |= cur_len; cur_len = (cur_len + 0x01000000) & r0; cur_len >>= 24;
*output = (input & mn) | (r & m);
return cur_len;
}
DECLSPEC u32 replace_dot_by_len (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len)
{
// loop over w3...w0 (4 * 16 = 64 bytes):
int cur_len = 0 - (64 - pw_len); // number of padding bytes relative to buffer size
cur_len = replace_u32_be (w3[3], &w3[3], cur_len);
cur_len = replace_u32_be (w3[2], &w3[2], cur_len);
cur_len = replace_u32_be (w3[1], &w3[1], cur_len);
cur_len = replace_u32_be (w3[0], &w3[0], cur_len);
cur_len = replace_u32_be (w2[3], &w2[3], cur_len);
cur_len = replace_u32_be (w2[2], &w2[2], cur_len);
cur_len = replace_u32_be (w2[1], &w2[1], cur_len);
cur_len = replace_u32_be (w2[0], &w2[0], cur_len);
cur_len = replace_u32_be (w1[3], &w1[3], cur_len);
cur_len = replace_u32_be (w1[2], &w1[2], cur_len);
cur_len = replace_u32_be (w1[1], &w1[1], cur_len);
cur_len = replace_u32_be (w1[0], &w1[0], cur_len);
cur_len = replace_u32_be (w0[3], &w0[3], cur_len);
cur_len = replace_u32_be (w0[2], &w0[2], cur_len);
cur_len = replace_u32_be (w0[1], &w0[1], cur_len);
cur_len = replace_u32_be (w0[0], &w0[0], cur_len);
return cur_len;
}
#define REPLACE_DOT_BY_LEN_VECT(n) \
{ \
u32 tmp0[4]; \
\
tmp0[0] = w0_t[0].s##n; \
tmp0[1] = w0_t[1].s##n; \
tmp0[2] = w0_t[2].s##n; \
tmp0[3] = w0_t[3].s##n; \
\
u32 tmp1[4]; \
\
tmp1[0] = w1_t[0].s##n; \
tmp1[1] = w1_t[1].s##n; \
tmp1[2] = w1_t[2].s##n; \
tmp1[3] = w1_t[3].s##n; \
\
u32 tmp2[4]; \
\
tmp2[0] = w2_t[0].s##n; \
tmp2[1] = w2_t[1].s##n; \
tmp2[2] = w2_t[2].s##n; \
tmp2[3] = w2_t[3].s##n; \
\
u32 tmp3[4]; \
\
tmp3[0] = w3_t[0].s##n; \
tmp3[1] = w3_t[1].s##n; \
tmp3[2] = w3_t[2].s##n; \
tmp3[3] = w3_t[3].s##n; \
\
const u32 len = replace_dot_by_len (tmp0, tmp1, tmp2, tmp3, pw_len); \
\
switch_buffer_by_offset_be_S (tmp0, tmp1, tmp2, tmp3, 1); \
\
tmp0[0] |= (len & 0xff) << 24; \
\
w0_t[0].s##n = tmp0[0]; \
w0_t[1].s##n = tmp0[1]; \
w0_t[2].s##n = tmp0[2]; \
w0_t[3].s##n = tmp0[3]; \
\
w1_t[0].s##n = tmp1[0]; \
w1_t[1].s##n = tmp1[1]; \
w1_t[2].s##n = tmp1[2]; \
w1_t[3].s##n = tmp1[3]; \
\
w2_t[0].s##n = tmp2[0]; \
w2_t[1].s##n = tmp2[1]; \
w2_t[2].s##n = tmp2[2]; \
w2_t[3].s##n = tmp2[3]; \
\
w3_t[0].s##n = tmp3[0]; \
w3_t[1].s##n = tmp3[1]; \
w3_t[2].s##n = tmp3[2]; \
w3_t[3].s##n = tmp3[3]; \
}
DECLSPEC void m08300m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KERN_ATTR_BASIC ())
{
/**
@ -168,9 +321,40 @@ DECLSPEC void m08300m (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER
w3_t[2] = w3[2];
w3_t[3] = w3[3];
switch_buffer_by_offset_be (w0_t, w1_t, w2_t, w3_t, 1);
// replace "." with the length:
#if VECT_SIZE == 1
const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, pw_len);
switch_buffer_by_offset_be (w0_t, w1_t, w2_t, w3_t, 1);
w0_t[0] |= (len & 0xff) << 24;
#endif
#if VECT_SIZE >= 2
REPLACE_DOT_BY_LEN_VECT (0)
REPLACE_DOT_BY_LEN_VECT (1)
#endif
#if VECT_SIZE >= 4
REPLACE_DOT_BY_LEN_VECT (2)
REPLACE_DOT_BY_LEN_VECT (3)
#endif
#if VECT_SIZE >= 8
REPLACE_DOT_BY_LEN_VECT (4)
REPLACE_DOT_BY_LEN_VECT (5)
REPLACE_DOT_BY_LEN_VECT (6)
REPLACE_DOT_BY_LEN_VECT (7)
#endif
#if VECT_SIZE >= 16
REPLACE_DOT_BY_LEN_VECT (8)
REPLACE_DOT_BY_LEN_VECT (9)
REPLACE_DOT_BY_LEN_VECT (a)
REPLACE_DOT_BY_LEN_VECT (b)
REPLACE_DOT_BY_LEN_VECT (c)
REPLACE_DOT_BY_LEN_VECT (d)
REPLACE_DOT_BY_LEN_VECT (e)
REPLACE_DOT_BY_LEN_VECT (f)
#endif
w0_t[0] |= (pw_len & 0xff) << 24;
w3_t[2] = 0;
w3_t[3] = (1 + pw_len + domain_len + 1 + salt_len) * 8;
@ -388,9 +572,40 @@ DECLSPEC void m08300s (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 pw_len, KER
w3_t[2] = w3[2];
w3_t[3] = w3[3];
switch_buffer_by_offset_be (w0_t, w1_t, w2_t, w3_t, 1);
// replace "." with the length:
#if VECT_SIZE == 1
const u32 len = replace_dot_by_len (w0_t, w1_t, w2_t, w3_t, pw_len);
switch_buffer_by_offset_be (w0_t, w1_t, w2_t, w3_t, 1);
w0_t[0] |= (len & 0xff) << 24;
#endif
#if VECT_SIZE >= 2
REPLACE_DOT_BY_LEN_VECT (0)
REPLACE_DOT_BY_LEN_VECT (1)
#endif
#if VECT_SIZE >= 4
REPLACE_DOT_BY_LEN_VECT (2)
REPLACE_DOT_BY_LEN_VECT (3)
#endif
#if VECT_SIZE >= 8
REPLACE_DOT_BY_LEN_VECT (4)
REPLACE_DOT_BY_LEN_VECT (5)
REPLACE_DOT_BY_LEN_VECT (6)
REPLACE_DOT_BY_LEN_VECT (7)
#endif
#if VECT_SIZE >= 16
REPLACE_DOT_BY_LEN_VECT (8)
REPLACE_DOT_BY_LEN_VECT (9)
REPLACE_DOT_BY_LEN_VECT (a)
REPLACE_DOT_BY_LEN_VECT (b)
REPLACE_DOT_BY_LEN_VECT (c)
REPLACE_DOT_BY_LEN_VECT (d)
REPLACE_DOT_BY_LEN_VECT (e)
REPLACE_DOT_BY_LEN_VECT (f)
#endif
w0_t[0] |= (pw_len & 0xff) << 24;
w3_t[2] = 0;
w3_t[3] = (1 + pw_len + domain_len + 1 + salt_len) * 8;

View File

@ -14,6 +14,17 @@
#include "inc_hash_sha1.cl"
#endif
#define REPLACE_DOT_BY_LEN(n) \
if (((tmp[div].s##n >> sht) & 0xff) == 0x2e) \
{ \
tmp[div].s##n += (len.s##n - 0x2e) << sht; \
len.s##n = 0; \
} \
else \
{ \
len.s##n++; \
}
KERNEL_FQ void m08300_mxx (KERN_ATTR_VECTOR ())
{
/**
@ -76,11 +87,66 @@ KERNEL_FQ void m08300_mxx (KERN_ATTR_VECTOR ())
sha1_init_vector (&ctx1);
ctx1.w0[0] = (pw_len & 0xff) << 24;
// replace "." with the length:
u32x tmp[64] = { 0 };
for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1)
{
tmp[idx] = w[idx];
}
u32x len = 0;
for (int pos = pw_len - 1; pos >= 0; pos--)
{
const u32 div = pos / 4;
const u32 mod = pos & 3;
const u32 sht = (3 - mod) << 3;
#if VECT_SIZE == 1
if (((tmp[div] >> sht) & 0xff) == 0x2e) // '.'
{
tmp[div] += (len - 0x2e) << sht;
len = 0;
}
else
{
len++;
}
#endif
#if VECT_SIZE >= 2
REPLACE_DOT_BY_LEN (0)
REPLACE_DOT_BY_LEN (1)
#endif
#if VECT_SIZE >= 4
REPLACE_DOT_BY_LEN (2)
REPLACE_DOT_BY_LEN (3)
#endif
#if VECT_SIZE >= 8
REPLACE_DOT_BY_LEN (4)
REPLACE_DOT_BY_LEN (5)
REPLACE_DOT_BY_LEN (6)
REPLACE_DOT_BY_LEN (7)
#endif
#if VECT_SIZE >= 16
REPLACE_DOT_BY_LEN (8)
REPLACE_DOT_BY_LEN (9)
REPLACE_DOT_BY_LEN (a)
REPLACE_DOT_BY_LEN (b)
REPLACE_DOT_BY_LEN (c)
REPLACE_DOT_BY_LEN (d)
REPLACE_DOT_BY_LEN (e)
REPLACE_DOT_BY_LEN (f)
#endif
}
ctx1.w0[0] = (len & 0xff) << 24;
ctx1.len = 1;
sha1_update_vector (&ctx1, w, pw_len);
sha1_update_vector (&ctx1, tmp, pw_len);
sha1_update_vector (&ctx1, s_pc, salt_len_pc + 1);
@ -206,11 +272,66 @@ KERNEL_FQ void m08300_sxx (KERN_ATTR_VECTOR ())
sha1_init_vector (&ctx1);
ctx1.w0[0] = (pw_len & 0xff) << 24;
// replace "." with the length:
u32x tmp[64];
for (int i = 0; i < 64; i++)
{
tmp[i] = w[i];
}
u32x len = 0;
for (int pos = pw_len - 1; pos >= 0; pos--)
{
const u32 div = pos / 4;
const u32 mod = pos & 3;
const u32 sht = (3 - mod) << 3;
#if VECT_SIZE == 1
if (((tmp[div] >> sht) & 0xff) == 0x2e) // '.'
{
tmp[div] += (len - 0x2e) << sht;
len = 0;
}
else
{
len++;
}
#endif
#if VECT_SIZE >= 2
REPLACE_DOT_BY_LEN (0)
REPLACE_DOT_BY_LEN (1)
#endif
#if VECT_SIZE >= 4
REPLACE_DOT_BY_LEN (2)
REPLACE_DOT_BY_LEN (3)
#endif
#if VECT_SIZE >= 8
REPLACE_DOT_BY_LEN (4)
REPLACE_DOT_BY_LEN (5)
REPLACE_DOT_BY_LEN (6)
REPLACE_DOT_BY_LEN (7)
#endif
#if VECT_SIZE >= 16
REPLACE_DOT_BY_LEN (8)
REPLACE_DOT_BY_LEN (9)
REPLACE_DOT_BY_LEN (a)
REPLACE_DOT_BY_LEN (b)
REPLACE_DOT_BY_LEN (c)
REPLACE_DOT_BY_LEN (d)
REPLACE_DOT_BY_LEN (e)
REPLACE_DOT_BY_LEN (f)
#endif
}
ctx1.w0[0] = (len & 0xff) << 24;
ctx1.len = 1;
sha1_update_vector (&ctx1, w, pw_len);
sha1_update_vector (&ctx1, tmp, pw_len);
sha1_update_vector (&ctx1, s_pc, salt_len_pc + 1);

View File

@ -17,14 +17,6 @@
#define ROUNDS 0x40000
#define PUTCHAR(a,p,c) ((u8 *)(a))[(p)] = (u8) (c)
#define GETCHAR(a,p) ((u8 *)(a))[(p)]
#define PUTCHAR_BE(a,p,c) ((u8 *)(a))[(p) ^ 3] = (u8) (c)
#define GETCHAR_BE(a,p) ((u8 *)(a))[(p) ^ 3]
#define MIN(a,b) (((a) < (b)) ? (a) : (b))
typedef struct pbkdf2_sha1
{
u32 salt_buf[64];
@ -33,7 +25,11 @@ typedef struct pbkdf2_sha1
typedef struct rar3_tmp
{
u32 dgst[17][5];
u32 dgst[5];
u32 w[66]; // 256 byte pass + 8 byte salt
u32 iv[4];
} rar3_tmp_t;
@ -138,6 +134,627 @@ DECLSPEC void memcat8c_be (u32 *w0, u32 *w1, u32 *w2, u32 *w3, const u32 len, co
}
}
// only change in this function compared to OpenCL/inc_hash_sha1.cl is that it returns
// the expanded 64 byte buffer w0_t..wf_t in t[]:
DECLSPEC void sha1_transform_rar29 (const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, u32 *digest, u32 *t)
{
u32 a = digest[0];
u32 b = digest[1];
u32 c = digest[2];
u32 d = digest[3];
u32 e = digest[4];
#ifdef IS_CPU
u32 w0_t = w0[0];
u32 w1_t = w0[1];
u32 w2_t = w0[2];
u32 w3_t = w0[3];
u32 w4_t = w1[0];
u32 w5_t = w1[1];
u32 w6_t = w1[2];
u32 w7_t = w1[3];
u32 w8_t = w2[0];
u32 w9_t = w2[1];
u32 wa_t = w2[2];
u32 wb_t = w2[3];
u32 wc_t = w3[0];
u32 wd_t = w3[1];
u32 we_t = w3[2];
u32 wf_t = w3[3];
#define K SHA1C00
SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0_t);
SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w1_t);
SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w2_t);
SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w3_t);
SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w4_t);
SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w5_t);
SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w6_t);
SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w7_t);
SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w8_t);
SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w9_t);
SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, wa_t);
SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, wb_t);
SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, wc_t);
SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, wd_t);
SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, we_t);
SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, wf_t);
w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w0_t);
w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w1_t);
w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w2_t);
w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w3_t);
#undef K
#define K SHA1C01
w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w4_t);
w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w5_t);
w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w6_t);
w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w7_t);
w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w8_t);
w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w9_t);
wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wa_t);
wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, wb_t);
wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, wc_t);
wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wd_t);
we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, we_t);
wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wf_t);
w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w0_t);
w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w1_t);
w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w2_t);
w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w3_t);
w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w4_t);
w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w5_t);
w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w6_t);
w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w7_t);
#undef K
#define K SHA1C02
w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w8_t);
w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w9_t);
wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, wa_t);
wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, wb_t);
wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, wc_t);
wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, wd_t);
we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, we_t);
wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, wf_t);
w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w0_t);
w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w1_t);
w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w2_t);
w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w3_t);
w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w4_t);
w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w5_t);
w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w6_t);
w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w7_t);
w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w8_t);
w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w9_t);
wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, wa_t);
wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, wb_t);
#undef K
#define K SHA1C03
wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, wc_t);
wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wd_t);
we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, we_t);
wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, wf_t);
w0_t = hc_rotl32_S ((wd_t ^ w8_t ^ w2_t ^ w0_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w0_t);
w1_t = hc_rotl32_S ((we_t ^ w9_t ^ w3_t ^ w1_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w1_t);
w2_t = hc_rotl32_S ((wf_t ^ wa_t ^ w4_t ^ w2_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w2_t);
w3_t = hc_rotl32_S ((w0_t ^ wb_t ^ w5_t ^ w3_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w3_t);
w4_t = hc_rotl32_S ((w1_t ^ wc_t ^ w6_t ^ w4_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w4_t);
w5_t = hc_rotl32_S ((w2_t ^ wd_t ^ w7_t ^ w5_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w5_t);
w6_t = hc_rotl32_S ((w3_t ^ we_t ^ w8_t ^ w6_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w6_t);
w7_t = hc_rotl32_S ((w4_t ^ wf_t ^ w9_t ^ w7_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w7_t);
w8_t = hc_rotl32_S ((w5_t ^ w0_t ^ wa_t ^ w8_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w8_t);
w9_t = hc_rotl32_S ((w6_t ^ w1_t ^ wb_t ^ w9_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w9_t);
wa_t = hc_rotl32_S ((w7_t ^ w2_t ^ wc_t ^ wa_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wa_t);
wb_t = hc_rotl32_S ((w8_t ^ w3_t ^ wd_t ^ wb_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, wb_t);
wc_t = hc_rotl32_S ((w9_t ^ w4_t ^ we_t ^ wc_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, wc_t);
wd_t = hc_rotl32_S ((wa_t ^ w5_t ^ wf_t ^ wd_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, wd_t);
we_t = hc_rotl32_S ((wb_t ^ w6_t ^ w0_t ^ we_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, we_t);
wf_t = hc_rotl32_S ((wc_t ^ w7_t ^ w1_t ^ wf_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, wf_t);
t[ 0] = w0_t;
t[ 1] = w1_t;
t[ 2] = w2_t;
t[ 3] = w3_t;
t[ 4] = w4_t;
t[ 5] = w5_t;
t[ 6] = w6_t;
t[ 7] = w7_t;
t[ 8] = w8_t;
t[ 9] = w9_t;
t[10] = wa_t;
t[11] = wb_t;
t[12] = wc_t;
t[13] = wd_t;
t[14] = we_t;
t[15] = wf_t;
#undef K
#else
u32 w00_t = w0[0];
u32 w01_t = w0[1];
u32 w02_t = w0[2];
u32 w03_t = w0[3];
u32 w04_t = w1[0];
u32 w05_t = w1[1];
u32 w06_t = w1[2];
u32 w07_t = w1[3];
u32 w08_t = w2[0];
u32 w09_t = w2[1];
u32 w0a_t = w2[2];
u32 w0b_t = w2[3];
u32 w0c_t = w3[0];
u32 w0d_t = w3[1];
u32 w0e_t = w3[2];
u32 w0f_t = w3[3];
u32 w10_t;
u32 w11_t;
u32 w12_t;
u32 w13_t;
u32 w14_t;
u32 w15_t;
u32 w16_t;
u32 w17_t;
u32 w18_t;
u32 w19_t;
u32 w1a_t;
u32 w1b_t;
u32 w1c_t;
u32 w1d_t;
u32 w1e_t;
u32 w1f_t;
u32 w20_t;
u32 w21_t;
u32 w22_t;
u32 w23_t;
u32 w24_t;
u32 w25_t;
u32 w26_t;
u32 w27_t;
u32 w28_t;
u32 w29_t;
u32 w2a_t;
u32 w2b_t;
u32 w2c_t;
u32 w2d_t;
u32 w2e_t;
u32 w2f_t;
u32 w30_t;
u32 w31_t;
u32 w32_t;
u32 w33_t;
u32 w34_t;
u32 w35_t;
u32 w36_t;
u32 w37_t;
u32 w38_t;
u32 w39_t;
u32 w3a_t;
u32 w3b_t;
u32 w3c_t;
u32 w3d_t;
u32 w3e_t;
u32 w3f_t;
u32 w40_t;
u32 w41_t;
u32 w42_t;
u32 w43_t;
u32 w44_t;
u32 w45_t;
u32 w46_t;
u32 w47_t;
u32 w48_t;
u32 w49_t;
u32 w4a_t;
u32 w4b_t;
u32 w4c_t;
u32 w4d_t;
u32 w4e_t;
u32 w4f_t;
#define K SHA1C00
SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w00_t);
SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w01_t);
SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w02_t);
SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w03_t);
SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w04_t);
SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w05_t);
SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w06_t);
SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w07_t);
SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w08_t);
SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w09_t);
SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0a_t);
SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w0b_t);
SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w0c_t);
SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w0d_t);
SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w0e_t);
SHA1_STEP_S (SHA1_F0o, a, b, c, d, e, w0f_t);
w10_t = hc_rotl32_S ((w0d_t ^ w08_t ^ w02_t ^ w00_t), 1u); SHA1_STEP_S (SHA1_F0o, e, a, b, c, d, w10_t);
w11_t = hc_rotl32_S ((w0e_t ^ w09_t ^ w03_t ^ w01_t), 1u); SHA1_STEP_S (SHA1_F0o, d, e, a, b, c, w11_t);
w12_t = hc_rotl32_S ((w0f_t ^ w0a_t ^ w04_t ^ w02_t), 1u); SHA1_STEP_S (SHA1_F0o, c, d, e, a, b, w12_t);
w13_t = hc_rotl32_S ((w10_t ^ w0b_t ^ w05_t ^ w03_t), 1u); SHA1_STEP_S (SHA1_F0o, b, c, d, e, a, w13_t);
#undef K
#define K SHA1C01
w14_t = hc_rotl32_S ((w11_t ^ w0c_t ^ w06_t ^ w04_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w14_t);
w15_t = hc_rotl32_S ((w12_t ^ w0d_t ^ w07_t ^ w05_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w15_t);
w16_t = hc_rotl32_S ((w13_t ^ w0e_t ^ w08_t ^ w06_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w16_t);
w17_t = hc_rotl32_S ((w14_t ^ w0f_t ^ w09_t ^ w07_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w17_t);
w18_t = hc_rotl32_S ((w15_t ^ w10_t ^ w0a_t ^ w08_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w18_t);
w19_t = hc_rotl32_S ((w16_t ^ w11_t ^ w0b_t ^ w09_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w19_t);
w1a_t = hc_rotl32_S ((w17_t ^ w12_t ^ w0c_t ^ w0a_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w1a_t);
w1b_t = hc_rotl32_S ((w18_t ^ w13_t ^ w0d_t ^ w0b_t), 1u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w1b_t);
w1c_t = hc_rotl32_S ((w19_t ^ w14_t ^ w0e_t ^ w0c_t), 1u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w1c_t);
w1d_t = hc_rotl32_S ((w1a_t ^ w15_t ^ w0f_t ^ w0d_t), 1u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w1d_t);
w1e_t = hc_rotl32_S ((w1b_t ^ w16_t ^ w10_t ^ w0e_t), 1u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w1e_t);
w1f_t = hc_rotl32_S ((w1c_t ^ w17_t ^ w11_t ^ w0f_t), 1u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w1f_t);
w20_t = hc_rotl32_S ((w1a_t ^ w10_t ^ w04_t ^ w00_t), 2u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w20_t);
w21_t = hc_rotl32_S ((w1b_t ^ w11_t ^ w05_t ^ w01_t), 2u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w21_t);
w22_t = hc_rotl32_S ((w1c_t ^ w12_t ^ w06_t ^ w02_t), 2u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w22_t);
w23_t = hc_rotl32_S ((w1d_t ^ w13_t ^ w07_t ^ w03_t), 2u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w23_t);
w24_t = hc_rotl32_S ((w1e_t ^ w14_t ^ w08_t ^ w04_t), 2u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w24_t);
w25_t = hc_rotl32_S ((w1f_t ^ w15_t ^ w09_t ^ w05_t), 2u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w25_t);
w26_t = hc_rotl32_S ((w20_t ^ w16_t ^ w0a_t ^ w06_t), 2u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w26_t);
w27_t = hc_rotl32_S ((w21_t ^ w17_t ^ w0b_t ^ w07_t), 2u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w27_t);
#undef K
#define K SHA1C02
w28_t = hc_rotl32_S ((w22_t ^ w18_t ^ w0c_t ^ w08_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w28_t);
w29_t = hc_rotl32_S ((w23_t ^ w19_t ^ w0d_t ^ w09_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w29_t);
w2a_t = hc_rotl32_S ((w24_t ^ w1a_t ^ w0e_t ^ w0a_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w2a_t);
w2b_t = hc_rotl32_S ((w25_t ^ w1b_t ^ w0f_t ^ w0b_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w2b_t);
w2c_t = hc_rotl32_S ((w26_t ^ w1c_t ^ w10_t ^ w0c_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w2c_t);
w2d_t = hc_rotl32_S ((w27_t ^ w1d_t ^ w11_t ^ w0d_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w2d_t);
w2e_t = hc_rotl32_S ((w28_t ^ w1e_t ^ w12_t ^ w0e_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w2e_t);
w2f_t = hc_rotl32_S ((w29_t ^ w1f_t ^ w13_t ^ w0f_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w2f_t);
w30_t = hc_rotl32_S ((w2a_t ^ w20_t ^ w14_t ^ w10_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w30_t);
w31_t = hc_rotl32_S ((w2b_t ^ w21_t ^ w15_t ^ w11_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w31_t);
w32_t = hc_rotl32_S ((w2c_t ^ w22_t ^ w16_t ^ w12_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w32_t);
w33_t = hc_rotl32_S ((w2d_t ^ w23_t ^ w17_t ^ w13_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w33_t);
w34_t = hc_rotl32_S ((w2e_t ^ w24_t ^ w18_t ^ w14_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w34_t);
w35_t = hc_rotl32_S ((w2f_t ^ w25_t ^ w19_t ^ w15_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w35_t);
w36_t = hc_rotl32_S ((w30_t ^ w26_t ^ w1a_t ^ w16_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w36_t);
w37_t = hc_rotl32_S ((w31_t ^ w27_t ^ w1b_t ^ w17_t), 2u); SHA1_STEP_S (SHA1_F2o, a, b, c, d, e, w37_t);
w38_t = hc_rotl32_S ((w32_t ^ w28_t ^ w1c_t ^ w18_t), 2u); SHA1_STEP_S (SHA1_F2o, e, a, b, c, d, w38_t);
w39_t = hc_rotl32_S ((w33_t ^ w29_t ^ w1d_t ^ w19_t), 2u); SHA1_STEP_S (SHA1_F2o, d, e, a, b, c, w39_t);
w3a_t = hc_rotl32_S ((w34_t ^ w2a_t ^ w1e_t ^ w1a_t), 2u); SHA1_STEP_S (SHA1_F2o, c, d, e, a, b, w3a_t);
w3b_t = hc_rotl32_S ((w35_t ^ w2b_t ^ w1f_t ^ w1b_t), 2u); SHA1_STEP_S (SHA1_F2o, b, c, d, e, a, w3b_t);
#undef K
#define K SHA1C03
w3c_t = hc_rotl32_S ((w36_t ^ w2c_t ^ w20_t ^ w1c_t), 2u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w3c_t);
w3d_t = hc_rotl32_S ((w37_t ^ w2d_t ^ w21_t ^ w1d_t), 2u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w3d_t);
w3e_t = hc_rotl32_S ((w38_t ^ w2e_t ^ w22_t ^ w1e_t), 2u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w3e_t);
w3f_t = hc_rotl32_S ((w39_t ^ w2f_t ^ w23_t ^ w1f_t), 2u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w3f_t);
w40_t = hc_rotl32_S ((w34_t ^ w20_t ^ w08_t ^ w00_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w40_t);
w41_t = hc_rotl32_S ((w35_t ^ w21_t ^ w09_t ^ w01_t), 4u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w41_t);
w42_t = hc_rotl32_S ((w36_t ^ w22_t ^ w0a_t ^ w02_t), 4u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w42_t);
w43_t = hc_rotl32_S ((w37_t ^ w23_t ^ w0b_t ^ w03_t), 4u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w43_t);
w44_t = hc_rotl32_S ((w38_t ^ w24_t ^ w0c_t ^ w04_t), 4u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w44_t);
w45_t = hc_rotl32_S ((w39_t ^ w25_t ^ w0d_t ^ w05_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w45_t);
w46_t = hc_rotl32_S ((w3a_t ^ w26_t ^ w0e_t ^ w06_t), 4u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w46_t);
w47_t = hc_rotl32_S ((w3b_t ^ w27_t ^ w0f_t ^ w07_t), 4u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w47_t);
w48_t = hc_rotl32_S ((w3c_t ^ w28_t ^ w10_t ^ w08_t), 4u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w48_t);
w49_t = hc_rotl32_S ((w3d_t ^ w29_t ^ w11_t ^ w09_t), 4u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w49_t);
w4a_t = hc_rotl32_S ((w3e_t ^ w2a_t ^ w12_t ^ w0a_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w4a_t);
w4b_t = hc_rotl32_S ((w3f_t ^ w2b_t ^ w13_t ^ w0b_t), 4u); SHA1_STEP_S (SHA1_F1, a, b, c, d, e, w4b_t);
w4c_t = hc_rotl32_S ((w40_t ^ w2c_t ^ w14_t ^ w0c_t), 4u); SHA1_STEP_S (SHA1_F1, e, a, b, c, d, w4c_t);
w4d_t = hc_rotl32_S ((w41_t ^ w2d_t ^ w15_t ^ w0d_t), 4u); SHA1_STEP_S (SHA1_F1, d, e, a, b, c, w4d_t);
w4e_t = hc_rotl32_S ((w42_t ^ w2e_t ^ w16_t ^ w0e_t), 4u); SHA1_STEP_S (SHA1_F1, c, d, e, a, b, w4e_t);
w4f_t = hc_rotl32_S ((w43_t ^ w2f_t ^ w17_t ^ w0f_t), 4u); SHA1_STEP_S (SHA1_F1, b, c, d, e, a, w4f_t);
t[ 0] = w40_t;
t[ 1] = w41_t;
t[ 2] = w42_t;
t[ 3] = w43_t;
t[ 4] = w44_t;
t[ 5] = w45_t;
t[ 6] = w46_t;
t[ 7] = w47_t;
t[ 8] = w48_t;
t[ 9] = w49_t;
t[10] = w4a_t;
t[11] = w4b_t;
t[12] = w4c_t;
t[13] = w4d_t;
t[14] = w4e_t;
t[15] = w4f_t;
#undef K
#endif
digest[0] += a;
digest[1] += b;
digest[2] += c;
digest[3] += d;
digest[4] += e;
}
// only change in this function compared to OpenCL/inc_hash_sha1.cl is that
// it calls our modified sha1_transform_rar29 () function
DECLSPEC void sha1_update_64_rar29 (sha1_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int bytes, u32 *t)
{
MAYBE_VOLATILE const int pos = ctx->len & 63;
int len = 64;
if (bytes < 64)
{
len = bytes;
}
ctx->len += len;
if (pos == 0)
{
ctx->w0[0] = w0[0];
ctx->w0[1] = w0[1];
ctx->w0[2] = w0[2];
ctx->w0[3] = w0[3];
ctx->w1[0] = w1[0];
ctx->w1[1] = w1[1];
ctx->w1[2] = w1[2];
ctx->w1[3] = w1[3];
ctx->w2[0] = w2[0];
ctx->w2[1] = w2[1];
ctx->w2[2] = w2[2];
ctx->w2[3] = w2[3];
ctx->w3[0] = w3[0];
ctx->w3[1] = w3[1];
ctx->w3[2] = w3[2];
ctx->w3[3] = w3[3];
if (len == 64)
{
sha1_transform_rar29 (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, t);
ctx->w0[0] = 0;
ctx->w0[1] = 0;
ctx->w0[2] = 0;
ctx->w0[3] = 0;
ctx->w1[0] = 0;
ctx->w1[1] = 0;
ctx->w1[2] = 0;
ctx->w1[3] = 0;
ctx->w2[0] = 0;
ctx->w2[1] = 0;
ctx->w2[2] = 0;
ctx->w2[3] = 0;
ctx->w3[0] = 0;
ctx->w3[1] = 0;
ctx->w3[2] = 0;
ctx->w3[3] = 0;
}
}
else
{
if ((pos + len) < 64)
{
switch_buffer_by_offset_be_S (w0, w1, w2, w3, pos);
ctx->w0[0] |= w0[0];
ctx->w0[1] |= w0[1];
ctx->w0[2] |= w0[2];
ctx->w0[3] |= w0[3];
ctx->w1[0] |= w1[0];
ctx->w1[1] |= w1[1];
ctx->w1[2] |= w1[2];
ctx->w1[3] |= w1[3];
ctx->w2[0] |= w2[0];
ctx->w2[1] |= w2[1];
ctx->w2[2] |= w2[2];
ctx->w2[3] |= w2[3];
ctx->w3[0] |= w3[0];
ctx->w3[1] |= w3[1];
ctx->w3[2] |= w3[2];
ctx->w3[3] |= w3[3];
}
else
{
u32 c0[4] = { 0 };
u32 c1[4] = { 0 };
u32 c2[4] = { 0 };
u32 c3[4] = { 0 };
switch_buffer_by_offset_carry_be_S (w0, w1, w2, w3, c0, c1, c2, c3, pos);
ctx->w0[0] |= w0[0];
ctx->w0[1] |= w0[1];
ctx->w0[2] |= w0[2];
ctx->w0[3] |= w0[3];
ctx->w1[0] |= w1[0];
ctx->w1[1] |= w1[1];
ctx->w1[2] |= w1[2];
ctx->w1[3] |= w1[3];
ctx->w2[0] |= w2[0];
ctx->w2[1] |= w2[1];
ctx->w2[2] |= w2[2];
ctx->w2[3] |= w2[3];
ctx->w3[0] |= w3[0];
ctx->w3[1] |= w3[1];
ctx->w3[2] |= w3[2];
ctx->w3[3] |= w3[3];
sha1_transform_rar29 (ctx->w0, ctx->w1, ctx->w2, ctx->w3, ctx->h, t);
ctx->w0[0] = c0[0];
ctx->w0[1] = c0[1];
ctx->w0[2] = c0[2];
ctx->w0[3] = c0[3];
ctx->w1[0] = c1[0];
ctx->w1[1] = c1[1];
ctx->w1[2] = c1[2];
ctx->w1[3] = c1[3];
ctx->w2[0] = c2[0];
ctx->w2[1] = c2[1];
ctx->w2[2] = c2[2];
ctx->w2[3] = c2[3];
ctx->w3[0] = c3[0];
ctx->w3[1] = c3[1];
ctx->w3[2] = c3[2];
ctx->w3[3] = c3[3];
}
}
}
// main change in this function compared to OpenCL/inc_hash_sha1.cl is that
// we call sha1_update_64_rar29 () and sometimes replace w[]
DECLSPEC void sha1_update_rar29 (sha1_ctx_t *ctx, u32 *w, const int len)
{
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
MAYBE_VOLATILE const int pos = ctx->len & 63;
int pos1 = 0;
int pos4 = 0;
if (len > 64) // or: if (pos1 < (len - 64))
{
w0[0] = w[pos4 + 0];
w0[1] = w[pos4 + 1];
w0[2] = w[pos4 + 2];
w0[3] = w[pos4 + 3];
w1[0] = w[pos4 + 4];
w1[1] = w[pos4 + 5];
w1[2] = w[pos4 + 6];
w1[3] = w[pos4 + 7];
w2[0] = w[pos4 + 8];
w2[1] = w[pos4 + 9];
w2[2] = w[pos4 + 10];
w2[3] = w[pos4 + 11];
w3[0] = w[pos4 + 12];
w3[1] = w[pos4 + 13];
w3[2] = w[pos4 + 14];
w3[3] = w[pos4 + 15];
sha1_update_64 (ctx, w0, w1, w2, w3, 64);
pos1 += 64;
pos4 += 16;
}
for (int diff = 64 - pos; pos1 < len; pos1 += 64, pos4 += 16, diff += 64)
{
w0[0] = w[pos4 + 0];
w0[1] = w[pos4 + 1];
w0[2] = w[pos4 + 2];
w0[3] = w[pos4 + 3];
w1[0] = w[pos4 + 4];
w1[1] = w[pos4 + 5];
w1[2] = w[pos4 + 6];
w1[3] = w[pos4 + 7];
w2[0] = w[pos4 + 8];
w2[1] = w[pos4 + 9];
w2[2] = w[pos4 + 10];
w2[3] = w[pos4 + 11];
w3[0] = w[pos4 + 12];
w3[1] = w[pos4 + 13];
w3[2] = w[pos4 + 14];
w3[3] = w[pos4 + 15];
// only major change in this function compared to OpenCL/inc_hash_sha1.cl:
u32 t[17] = { 0 };
sha1_update_64_rar29 (ctx, w0, w1, w2, w3, len - pos1, t);
if ((diff + 63) >= len) break;
// replaces 64 bytes (with offset diff) of the underlying data w[] with t[]:
// for (int i = 0; i < 16; i++) t[i] = hc_swap32_S (t[i]);
t[ 0] = hc_swap32_S (t[ 0]); // unroll seems to be faster
t[ 1] = hc_swap32_S (t[ 1]);
t[ 2] = hc_swap32_S (t[ 2]);
t[ 3] = hc_swap32_S (t[ 3]);
t[ 4] = hc_swap32_S (t[ 4]);
t[ 5] = hc_swap32_S (t[ 5]);
t[ 6] = hc_swap32_S (t[ 6]);
t[ 7] = hc_swap32_S (t[ 7]);
t[ 8] = hc_swap32_S (t[ 8]);
t[ 9] = hc_swap32_S (t[ 9]);
t[10] = hc_swap32_S (t[10]);
t[11] = hc_swap32_S (t[11]);
t[12] = hc_swap32_S (t[12]);
t[13] = hc_swap32_S (t[13]);
t[14] = hc_swap32_S (t[14]);
t[15] = hc_swap32_S (t[15]);
const u32 n_idx = diff / 4;
const u32 n_off = diff % 4;
if (n_off)
{
const u32 off_mul = n_off * 8;
const u32 off_sub = 32 - off_mul;
t[16] = (t[15] << off_sub);
t[15] = (t[15] >> off_mul) | (t[14] << off_sub);
t[14] = (t[14] >> off_mul) | (t[13] << off_sub);
t[13] = (t[13] >> off_mul) | (t[12] << off_sub);
t[12] = (t[12] >> off_mul) | (t[11] << off_sub);
t[11] = (t[11] >> off_mul) | (t[10] << off_sub);
t[10] = (t[10] >> off_mul) | (t[ 9] << off_sub);
t[ 9] = (t[ 9] >> off_mul) | (t[ 8] << off_sub);
t[ 8] = (t[ 8] >> off_mul) | (t[ 7] << off_sub);
t[ 7] = (t[ 7] >> off_mul) | (t[ 6] << off_sub);
t[ 6] = (t[ 6] >> off_mul) | (t[ 5] << off_sub);
t[ 5] = (t[ 5] >> off_mul) | (t[ 4] << off_sub);
t[ 4] = (t[ 4] >> off_mul) | (t[ 3] << off_sub);
t[ 3] = (t[ 3] >> off_mul) | (t[ 2] << off_sub);
t[ 2] = (t[ 2] >> off_mul) | (t[ 1] << off_sub);
t[ 1] = (t[ 1] >> off_mul) | (t[ 0] << off_sub);
t[ 0] = (t[ 0] >> off_mul);
}
w[n_idx] &= 0xffffff00 << ((3 - n_off) * 8);
w[n_idx] |= t[0];
w[n_idx + 1] = t[ 1];
w[n_idx + 2] = t[ 2];
w[n_idx + 3] = t[ 3];
w[n_idx + 4] = t[ 4];
w[n_idx + 5] = t[ 5];
w[n_idx + 6] = t[ 6];
w[n_idx + 7] = t[ 7];
w[n_idx + 8] = t[ 8];
w[n_idx + 9] = t[ 9];
w[n_idx + 10] = t[10];
w[n_idx + 11] = t[11];
w[n_idx + 12] = t[12];
w[n_idx + 13] = t[13];
w[n_idx + 14] = t[14];
w[n_idx + 15] = t[15];
// the final set is only meaningful: if (n_off)
w[n_idx + 16] &= 0xffffffff >> (n_off * 8);
w[n_idx + 16] |= t[16];
}
}
KERNEL_FQ void m12500_init (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t))
{
/**
@ -148,19 +765,82 @@ KERNEL_FQ void m12500_init (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t))
if (gid >= gid_max) return;
tmps[gid].dgst[0][0] = SHA1M_A;
tmps[gid].dgst[0][1] = SHA1M_B;
tmps[gid].dgst[0][2] = SHA1M_C;
tmps[gid].dgst[0][3] = SHA1M_D;
tmps[gid].dgst[0][4] = SHA1M_E;
tmps[gid].dgst[0] = SHA1M_A;
tmps[gid].dgst[1] = SHA1M_B;
tmps[gid].dgst[2] = SHA1M_C;
tmps[gid].dgst[3] = SHA1M_D;
tmps[gid].dgst[4] = SHA1M_E;
/**
* context save
*/
// store pass and salt in tmps:
sha1_ctx_t ctx;
const u32 pw_len = pws[gid].pw_len;
sha1_init (&ctx);
// first set the utf16le pass:
u32 w[80] = { 0 };
for (u32 i = 0, j = 0, k = 0; i < pw_len; i += 16, j += 4, k += 8)
{
u32 a[4];
a[0] = pws[gid].i[j + 0];
a[1] = pws[gid].i[j + 1];
a[2] = pws[gid].i[j + 2];
a[3] = pws[gid].i[j + 3];
u32 b[4];
u32 c[4];
make_utf16le (a, b, c);
w[k + 0] = hc_swap32_S (b[0]);
w[k + 1] = hc_swap32_S (b[1]);
w[k + 2] = hc_swap32_S (b[2]);
w[k + 3] = hc_swap32_S (b[3]);
w[k + 4] = hc_swap32_S (c[0]);
w[k + 5] = hc_swap32_S (c[1]);
w[k + 6] = hc_swap32_S (c[2]);
w[k + 7] = hc_swap32_S (c[3]);
}
// append salt:
const u32 salt_idx = (pw_len * 2) / 4;
const u32 salt_off = (pw_len * 2) & 3;
u32 salt_buf[3];
salt_buf[0] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[0]); // swap needed due to -O kernel
salt_buf[1] = hc_swap32_S (salt_bufs[salt_pos].salt_buf[1]);
salt_buf[2] = 0;
// switch buffer by offset (can only be 0 or 2 because of utf16):
if (salt_off == 2) // or just: if (salt_off)
{
salt_buf[2] = (salt_buf[1] << 16);
salt_buf[1] = (salt_buf[1] >> 16) | (salt_buf[0] << 16);
salt_buf[0] = (salt_buf[0] >> 16);
}
w[salt_idx] |= salt_buf[0];
w[salt_idx + 1] = salt_buf[1];
w[salt_idx + 2] = salt_buf[2];
// store initial w[] (pass and salt) in tmps:
for (u32 i = 0; i < 66; i++) // unroll ?
{
tmps[gid].w[i] = w[i];
}
// iv:
tmps[gid].iv[0] = 0;
tmps[gid].iv[1] = 0;
tmps[gid].iv[2] = 0;
tmps[gid].iv[3] = 0;
}
KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t))
@ -175,62 +855,106 @@ KERNEL_FQ void m12500_loop (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t))
const u32 pw_len = pws[gid].pw_len;
u32 w[64] = { 0 };
const u32 salt_len = 8;
for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1)
const u32 pw_salt_len = (pw_len * 2) + salt_len;
const u32 p3 = pw_salt_len + 3;
u32 w[80] = { 0 }; // 64 byte aligned
for (u32 i = 0; i < 66; i++) // unroll ?
{
w[idx] = pws[gid].i[idx];
w[i] = tmps[gid].w[i];
}
u32 salt_buf[16];
salt_buf[ 0] = salt_bufs[salt_pos].salt_buf[0];
salt_buf[ 1] = salt_bufs[salt_pos].salt_buf[1];
salt_buf[ 2] = 0;
salt_buf[ 3] = 0;
salt_buf[ 4] = 0;
salt_buf[ 5] = 0;
salt_buf[ 6] = 0;
salt_buf[ 7] = 0;
salt_buf[ 8] = 0;
salt_buf[ 9] = 0;
salt_buf[10] = 0;
salt_buf[11] = 0;
salt_buf[12] = 0;
salt_buf[13] = 0;
salt_buf[14] = 0;
salt_buf[15] = 0;
const u32 salt_len = 8;
// update IV:
const u32 init_pos = loop_pos / (ROUNDS / 16);
sha1_ctx_t ctx_iv;
sha1_init (&ctx_iv);
ctx_iv.h[0] = tmps[gid].dgst[0];
ctx_iv.h[1] = tmps[gid].dgst[1];
ctx_iv.h[2] = tmps[gid].dgst[2];
ctx_iv.h[3] = tmps[gid].dgst[3];
ctx_iv.h[4] = tmps[gid].dgst[4];
ctx_iv.len = loop_pos * p3;
sha1_update_rar29 (&ctx_iv, w, pw_salt_len);
memcat8c_be (ctx_iv.w0, ctx_iv.w1, ctx_iv.w2, ctx_iv.w3, ctx_iv.len, hc_swap32_S (loop_pos), ctx_iv.h);
ctx_iv.len += 3;
// copy the context from ctx_iv to ctx:
sha1_ctx_t ctx;
sha1_init (&ctx);
ctx.h[0] = ctx_iv.h[0];
ctx.h[1] = ctx_iv.h[1];
ctx.h[2] = ctx_iv.h[2];
ctx.h[3] = ctx_iv.h[3];
ctx.h[4] = ctx_iv.h[4];
ctx.h[0] = tmps[gid].dgst[init_pos][0];
ctx.h[1] = tmps[gid].dgst[init_pos][1];
ctx.h[2] = tmps[gid].dgst[init_pos][2];
ctx.h[3] = tmps[gid].dgst[init_pos][3];
ctx.h[4] = tmps[gid].dgst[init_pos][4];
ctx.w0[0] = ctx_iv.w0[0];
ctx.w0[1] = ctx_iv.w0[1];
ctx.w0[2] = ctx_iv.w0[2];
ctx.w0[3] = ctx_iv.w0[3];
for (u32 i = 0, j = loop_pos; i < 16384; i++, j++)
ctx.w1[0] = ctx_iv.w1[0];
ctx.w1[1] = ctx_iv.w1[1];
ctx.w1[2] = ctx_iv.w1[2];
ctx.w1[3] = ctx_iv.w1[3];
ctx.w2[0] = ctx_iv.w2[0];
ctx.w2[1] = ctx_iv.w2[1];
ctx.w2[2] = ctx_iv.w2[2];
ctx.w2[3] = ctx_iv.w2[3];
ctx.w3[0] = ctx_iv.w3[0];
ctx.w3[1] = ctx_iv.w3[1];
ctx.w3[2] = ctx_iv.w3[2];
ctx.w3[3] = ctx_iv.w3[3];
ctx.len = p3; // or ctx_iv.len ?
// final () for the IV byte:
sha1_final (&ctx_iv);
const u32 iv_idx = init_pos / 4;
const u32 iv_off = init_pos % 4;
tmps[gid].iv[iv_idx] |= (ctx_iv.h[4] & 0xff) << (iv_off * 8);
// main loop:
for (u32 i = 0, j = (loop_pos + 1); i < 16383; i++, j++)
{
sha1_update_utf16le_swap (&ctx, w, pw_len);
sha1_update_swap (&ctx, salt_buf, salt_len);
sha1_update_rar29 (&ctx, w, pw_salt_len);
memcat8c_be (ctx.w0, ctx.w1, ctx.w2, ctx.w3, ctx.len, hc_swap32_S (j), ctx.h);
ctx.len += 3;
}
tmps[gid].dgst[init_pos + 1][0] = ctx.h[0];
tmps[gid].dgst[init_pos + 1][1] = ctx.h[1];
tmps[gid].dgst[init_pos + 1][2] = ctx.h[2];
tmps[gid].dgst[init_pos + 1][3] = ctx.h[3];
tmps[gid].dgst[init_pos + 1][4] = ctx.h[4];
tmps[gid].dgst[0] = ctx.h[0];
tmps[gid].dgst[1] = ctx.h[1];
tmps[gid].dgst[2] = ctx.h[2];
tmps[gid].dgst[3] = ctx.h[3];
tmps[gid].dgst[4] = ctx.h[4];
// only needed if pw_len > 28:
for (u32 i = 0; i < 66; i++) // unroll ?
{
tmps[gid].w[i] = w[i];
}
}
KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t))
@ -298,43 +1022,19 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t))
const u32 pw_len = pws[gid].pw_len;
u32 w[64] = { 0 };
for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1)
{
w[idx] = pws[gid].i[idx];
}
u32 salt_buf[16];
salt_buf[ 0] = salt_bufs[salt_pos].salt_buf[0];
salt_buf[ 1] = salt_bufs[salt_pos].salt_buf[1];
salt_buf[ 2] = 0;
salt_buf[ 3] = 0;
salt_buf[ 4] = 0;
salt_buf[ 5] = 0;
salt_buf[ 6] = 0;
salt_buf[ 7] = 0;
salt_buf[ 8] = 0;
salt_buf[ 9] = 0;
salt_buf[10] = 0;
salt_buf[11] = 0;
salt_buf[12] = 0;
salt_buf[13] = 0;
salt_buf[14] = 0;
salt_buf[15] = 0;
const u32 salt_len = 8;
const u32 p3 = (pw_len * 2) + salt_len + 3;
const u32 pw_salt_len = (pw_len * 2) + salt_len;
const u32 p3 = pw_salt_len + 3;
u32 h[5];
h[0] = tmps[gid].dgst[16][0];
h[1] = tmps[gid].dgst[16][1];
h[2] = tmps[gid].dgst[16][2];
h[3] = tmps[gid].dgst[16][3];
h[4] = tmps[gid].dgst[16][4];
h[0] = tmps[gid].dgst[0];
h[1] = tmps[gid].dgst[1];
h[2] = tmps[gid].dgst[2];
h[3] = tmps[gid].dgst[3];
h[4] = tmps[gid].dgst[4];
u32 w0[4];
u32 w1[4];
@ -382,46 +1082,13 @@ KERNEL_FQ void m12500_comp (KERN_ATTR_TMPS_ESALT (rar3_tmp_t, pbkdf2_sha1_t))
AES128_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4);
u32 iv[4];
u32 iv[2];
iv[0] = 0;
iv[1] = 0;
iv[2] = 0;
iv[3] = 0;
for (int i = 0; i < 16; i++)
{
sha1_ctx_t ctx;
sha1_init (&ctx);
ctx.h[0] = tmps[gid].dgst[i][0];
ctx.h[1] = tmps[gid].dgst[i][1];
ctx.h[2] = tmps[gid].dgst[i][2];
ctx.h[3] = tmps[gid].dgst[i][3];
ctx.h[4] = tmps[gid].dgst[i][4];
const u32 iter_pos = i * (ROUNDS / 16);
ctx.len = iter_pos * p3;
sha1_update_utf16le_swap (&ctx, w, pw_len);
sha1_update_swap (&ctx, salt_buf, salt_len);
memcat8c_be (ctx.w0, ctx.w1, ctx.w2, ctx.w3, ctx.len, hc_swap32_S (iter_pos), ctx.h);
ctx.len += 3;
sha1_final (&ctx);
PUTCHAR (iv, i, ctx.h[4] & 0xff);
}
iv[0] = tmps[gid].iv[0];
iv[1] = tmps[gid].iv[1];
out[0] ^= hc_swap32_S (iv[0]);
out[1] ^= hc_swap32_S (iv[1]);
out[2] ^= hc_swap32_S (iv[2]);
out[3] ^= hc_swap32_S (iv[3]);
const u32 r0 = out[0];
const u32 r1 = out[1];

View File

@ -1,22 +1,21 @@
* changes v5.1.0 -> v6.0.0
##
## Feature
## Features
##
- Fully modularized hash-mode integration via plugin interface and conversion of all existing hash-modes
- Refactor hashcat backend interface to allow adding compute API other than OpenCL
- Added CUDA as a new compute API to hashcat backend (enables hashcat to run on NVIDIA Jetson, IBM POWER9 w/ Nvidia V100, etc.)
- Added new options --backend-ignore-cuda and --backend-ingore-opencl to ignore CUDA and/or OpenCL interface from being load on startup
- Added new parameter --brain-server-timer to specify the seconds for the next scheduled backup
- Added new way to specify the outfile format, the new --outfile-format now also supports timestamps
- Support use of all available GPU memory using CUDA backend
- Support use of all available CPU cores for hash-mode specific hooks
- Refactor hash-mode integration and replaced it with a fully modularized plugin interface
- Converted all existing hardwired hash-modes into hashcat plugins
- Added comprehensive plugin developer guide on how to add new/custom hash-modes to hashcat
- Refactor compute backend interface to allow adding compute API other than OpenCL
- Added CUDA as a new compute backend (enables hashcat to run on NVIDIA Jetson, IBM POWER9 w/ Nvidia V100, etc.)
- Support automatic use of all available GPU memory using CUDA backend
- Support automatic use of all available CPU cores for hash-mode specific hooks
- Support on-the-fly loading of compressed wordlists in zip and gzip format
- Support for inline VeraCrypt PIM brute-force
- Support deflate decompression for the 7-Zip hash-mode using zlib hook
- Added documentation on hashcat brain, slow-candidate and keyboard-layout mapping features
- Added additional documentation on hashcat brain, slow-candidate interface and keyboard-layout mapping features
- Keep output of --show and --left in the original ordering of the input hash file
- Improved performance of many hash-modes
##
## Algorithms
@ -37,15 +36,13 @@
- Added hash-mode: Kerberos 5 Pre-Auth etype 18 (AES256-CTS-HMAC-SHA1-96)
- Added hash-mode: Kerberos 5 TGS-REP etype 17 (AES128-CTS-HMAC-SHA1-96)
- Added hash-mode: Kerberos 5 TGS-REP etype 18 (AES256-CTS-HMAC-SHA1-96)
- Added hash-mode: md5($salt.sha1($salt.$pass))
- Added hash-mode: md5(sha1($pass).md5($pass).sha1($pass))
- Added hash-mode: md5(sha1($salt).md5($pass))
- Added hash-mode: MultiBit Classic .key (MD5)
- Added hash-mode: MultiBit HD (scrypt)
- Added hash-mode: MySQL $A$ (sha256crypt)
- Added hash-mode: Open Document Format (ODF) 1.1 (SHA-1, Blowfish)
- Added hash-mode: Open Document Format (ODF) 1.2 (SHA-256, AES)
- Added hash-mode: Oracle Transportation Management (SHA256)
- Added hash-mode: PKCS#1 key
- Added hash-mode: PKZIP archive encryption
- Added hash-mode: PKZIP Master Key
- Added hash-mode: Python passlib pbkdf2-sha1
@ -56,14 +53,6 @@
- Added hash-mode: QNX /etc/shadow (SHA512)
- Added hash-mode: RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256)
- Added hash-mode: Ruby on Rails Restful-Authentication
- Added hash-mode: sha1(md5(md5($pass)))
- Added hash-mode: sha1(md5($pass.$salt))
- Added hash-mode: sha1(md5($pass).$salt)
- Added hash-mode: sha1($salt1.$pass.$salt2)
- Added hash-mode: sha256(md5($pass))
- Added hash-mode: sha256($salt.$pass.$salt)
- Added hash-mode: sha256(sha256_bin($pass))
- Added hash-mode: sha256(sha256($pass).$salt)
- Added hash-mode: SecureZIP AES-128
- Added hash-mode: SecureZIP AES-192
- Added hash-mode: SecureZIP AES-256
@ -73,7 +62,17 @@
- Added hash-mode: Web2py pbkdf2-sha512
- Added hash-mode: WPA-PBKDF2-PMKID+EAPOL
- Added hash-mode: WPA-PMK-PMKID+EAPOL
- Added hash-mode: PKCS#1 key
- Added hash-mode: md5($salt.sha1($salt.$pass))
- Added hash-mode: md5(sha1($pass).md5($pass).sha1($pass))
- Added hash-mode: md5(sha1($salt).md5($pass))
- Added hash-mode: sha1(md5(md5($pass)))
- Added hash-mode: sha1(md5($pass.$salt))
- Added hash-mode: sha1(md5($pass).$salt)
- Added hash-mode: sha1($salt1.$pass.$salt2)
- Added hash-mode: sha256(md5($pass))
- Added hash-mode: sha256($salt.$pass.$salt)
- Added hash-mode: sha256(sha256_bin($pass))
- Added hash-mode: sha256(sha256($pass).$salt)
##
## Bugs
@ -82,13 +81,15 @@
- Fixed buffer overflow in build_plain() function
- Fixed buffer overflow in mp_add_cs_buf() function
- Fixed calculation of brain-session ID, only the first hash of the hashset was taken into account
- Fixed cleanup of password candidate buffers on GPU set from autotune in case -n was used
- Fixed cleanup of password candidate buffers on GPU set from autotune in case -n parameter was used
- Fixed copy/paste error leading to invalid "Integer overflow detected in keyspace of mask" in attack-mode 6 and 7
- Fixed cracking multiple Office hashes (modes 9500, 9600) with the same salt
- Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data
- Fixed cracking multiple Office hashes (modes 9500, 9600) if hashes shared the same salt
- Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes when testing decrypted data of unexpected format
- Fixed cracking of Cisco-PIX and Cisco-ASA MD5 passwords in mask-attack mode if mask > length 16
- Fixed cracking of DNSSEC (NSEC3) hashes by replacing all dots in the passwords with lengths
- Fixed cracking of Electrum Wallet Salt-Type 2 hashes
- Fixed cracking of NetNTLMv1 passwords in mask-attack mode if mask > length 16 (optimized kernels only)
- Fixed cracking of RAR3-hp hashes with passwords longer than 28 bytes with pure kernel
- Fixed cracking of VeraCrypt Streebog-512 hashes (CPU only)
- Fixed cracking raw Streebog-HMAC 256 and 512 hashes with password of length >= 64
- Fixed cracking raw Whirlpool hashes cracking with password of length >= 32
@ -114,15 +115,16 @@
##
- Bitcoin Wallet: Be more user friendly by allowing a larger data range for ckey and public_key
- Brain: Added new parameter --brain-server-timer to specify the seconds for the next scheduled backup
- Building: Fix for library compilation failure due to multiple defenition of sbob_xx64()
- Building: Updated BUILD.md
- Cracking bcrypt and Password Safe v2: Use a feedback from the compute API backend to dynamically find out optimal thread count
- Dictstat: On Windows, the st_ino attribute in the stat struct is not set which can lead to invalid cache hits. Added the filename to the database entry.
- Documents: Added README on how to build hashcat on MSYS2
- Documents: Added README on how to build hashcat on Cygwin, MSYS2 and WSL
- File handling: Print a truncation warning when an oversized line is detected
- My Wallet: Added additional plaintext pattern used in newer versions
- Office cracking: Support hash format with second block data for 40-bit oldoffice files (eliminates false positives)
- OpenCL Runtime: Added a warning if OpenCL runtime NEO, Beignet, POCL (v1.4 or older) or MESA is detected and skip associated devices (override with --force)
- OpenCL Runtime: Allow the kernel to access post-48k shared memory region on CUDA. Requires both module and kernel preparation
- OpenCL Runtime: Disable OpenCL kernel cache on Apple for Intel CPU (throws CL_BUILD_PROGRAM_FAILURE for no reason)
- OpenCL Runtime: Do not run shared- and constant-memory size checks if their memory type is of type global memory (typically CPU)
- OpenCL Runtime: Improve ROCm detection and make sure to not confuse with recent AMDGPU drivers
@ -132,18 +134,19 @@
- OpenCL Runtime: Workaround JiT compiler error on AMDGPU driver compiling WPA-EAPOL-PBKDF2 OpenCL kernel
- OpenCL Runtime: Workaround JiT compiler error on ROCm 2.3 driver if the 'inline' keyword is used in function declaration
- OpenCL Runtime: Workaround memory allocation error on AMD driver on Windows leading to CL_MEM_OBJECT_ALLOCATION_FAILURE
- OpenCL Runtime: Workaround ROCm OpenCL driver problem trying to write temporary file into readonly folder by setting TMPDIR
- OpenCL Runtime: Allow the kernel to access post-48k shared memory region on CUDA. Requires both module and kernel preparation
- OpenCL Runtime: Removed some workarounds by calling chdir() to specific folders on startup
- Outfile: Added new systematic to specify the outfile format, the new --outfile-format now also supports timestamps
- Startup Checks: Improved the pidfile check: Do not just check for existing PID but also check executable filename
- Startup Checks: Prevent the user to modify options which are overwritten automatically in benchmark mode
- Startup Screen: Add extra warning when using --force
- Startup Screen: Add extra warning when using --keep-guessing
- Startup Screen: Provide an estimate of host memory requirements for the requested attack
- Status Screen: Added brain status for all devices
- Status Screen: Added brain status for all compute devices
- Status Screen: Added remaining counts and changed recovered count logic
- Status Screen: Added --status-json flag for easier machine reading of hashcat status output
- Tab Completion: Allow using "make install" version of hashcat
- Tuning Database: Updated hashcat.hctune with new models and refreshed vector width values
- VeraCrypt: Added support for VeraCrypt PIM brute-force, replaced --veracrypt-pim with --veracrypt-pim-start and --veracrypt-pim-stop
- WipZip cracking: Added two byte early reject, resulting in higher cracking speed
- WPA/WPA2 cracking: In the potfile, replace password with PMK in order to detect already cracked networks across all WPA modes
@ -151,6 +154,7 @@
## Technical
##
- Backend Interface: Added new options --backend-ignore-cuda and --backend-ingore-opencl to ignore CUDA and/or OpenCL API from being used
- Binary Distribution: Removed 32-bit binary executables
- Building: On macOS, switch from ar to /usr/bin/ar to improve building compatibility
- Building: Skipping Travis/Appveyor build for non-code changes
@ -162,18 +166,18 @@
- Codebase: Remove redundant calls to fclose()
- Dependencies: Updated LZMA-Headers from 18.05 to 19.00
- Dependencies: Updated OpenCL-Headers to latest version from GitHub master repository
- Hash-Mode 12500 (RAR3-hp): Allow cracking of passwords up to length 64
- Hash-mode 1460 (HMAC-SHA256 (key = $salt)): Allow up to 64 byte of salt
- Hash-Mode 1680x (WPA-PMKID) specific: Changed separator character from '*' to ':'
- Hash-Mode 8300 (DNSSEC (NSEC3)) specific: Allow empty salt
- Hash-Mode 12500 (RAR3-hp): Allow cracking of passwords up to length 64
- Keep Guessing: No longer automatically activate --keep-guessing for modes 9720, 9820, 14900 and 18100
- Keep Guessing: No longer mark hashes as cracked/removed when in potfile
- Kernel Cache: Reactivate OpenCL runtime specific kernel caches
- Kernel Compile: Removed -cl-std= from all kernel build options since we're compatible to all OpenCL versions
- OpenCL Kernels: Fix OpenCL compiler warning on double precision constants
- OpenCL Kernels: Moved "gpu_decompress", "gpu_memset" and "gpu_atinit" into shared.cl in order to reduce compile time
- OpenCL Options: Set --spin-damp to 0 (disabled) by default. With the CUDA backend this workaround became deprecated
- OpenCL Options: Removed --opencl-platforms filter in order to force backend device numbers to stay constant
- OpenCL Options: Set --spin-damp to 0 (disabled) by default. With the CUDA backend this workaround became deprecated
- Parsers: switched from strtok() to strtok_r() for thread safety
- Requirements: Add new requirement for NVIDIA GPU: CUDA Toolkit (9.0 or later)
- Requirements: Update runtime check for minimum NVIDIA driver version from 367.x to 440.64 or later

View File

@ -348,6 +348,7 @@ NVIDIA GPUs require "NVIDIA Driver" (440.64 or later) and "CUDA Toolkit" (9.0 or
- Intel
- NVidia
- POCL
- ROCm
##
## Supported OpenCL device types

View File

@ -23,26 +23,26 @@
#define RULE_OP_MANGLE_TRUNCATE_AT '\''// cut the word at pos N
#define RULE_OP_MANGLE_REPLACE 's' // replace all chars X with char Y
#define RULE_OP_MANGLE_PURGECHAR '@' // purge all instances of char X
#define RULE_OP_MANGLE_DUPECHAR_FIRST 'z' // prepend first char of word to itself. ex: hello -> hhello
#define RULE_OP_MANGLE_DUPECHAR_LAST 'Z' // append last char of word to itself. ex: hello -> helloo
#define RULE_OP_MANGLE_DUPECHAR_FIRST 'z' // prepend first char of word to itself N times. ex: hello -> hhhello
#define RULE_OP_MANGLE_DUPECHAR_LAST 'Z' // append last char of word to itself N times. ex: hello -> hellooo
#define RULE_OP_MANGLE_DUPECHAR_ALL 'q' // duplicate all chars. ex: hello -> hheelllloo
#define RULE_OP_MANGLE_SWITCH_FIRST 'k' // switches the first 2 chars. ex: hello -> ehllo
#define RULE_OP_MANGLE_SWITCH_LAST 'K' // switches the last 2 chars. ex: hello -> helol
#define RULE_OP_MANGLE_SWITCH_AT '*' // switches the first 2 chars after pos N. ex: hello -> hlelo
#define RULE_OP_MANGLE_SWITCH_AT '*' // switches char at pos N with char at pos M. ex: hello -> holle
#define RULE_OP_MANGLE_CHR_SHIFTL 'L' // bitwise shift left char at pos N. ex: hello0 -> hello`
#define RULE_OP_MANGLE_CHR_SHIFTR 'R' // bitwise shift right char at pos N. ex: hello` -> hello0
#define RULE_OP_MANGLE_CHR_INCR '+' // bytewise increase at pos N. ex: hello0 -> hello1
#define RULE_OP_MANGLE_CHR_DECR '-' // bytewise decreate at pos N. ex: hello1 -> hello0
#define RULE_OP_MANGLE_REPLACE_NP1 '.' // replaces character @ n with value at @ n plus 1
#define RULE_OP_MANGLE_REPLACE_NM1 ',' // replaces character @ n with value at @ n minus 1
#define RULE_OP_MANGLE_DUPEBLOCK_FIRST 'y' // duplicates first n characters
#define RULE_OP_MANGLE_DUPEBLOCK_LAST 'Y' // duplicates last n characters
#define RULE_OP_MANGLE_REPLACE_NP1 '.' // replaces char @ n with value at @ n plus 1
#define RULE_OP_MANGLE_REPLACE_NM1 ',' // replaces char @ n with value at @ n minus 1
#define RULE_OP_MANGLE_DUPEBLOCK_FIRST 'y' // duplicates first N chars
#define RULE_OP_MANGLE_DUPEBLOCK_LAST 'Y' // duplicates last N chars
#define RULE_OP_MANGLE_TITLE 'E' // lowercase everything then upper case the first letter and every letter after a space
#define RULE_OP_MANGLE_TITLE_SEP 'e' // lowercase everything then upper case the first letter and every letter after char X
/* With -j or -k only */
#define RULE_OP_MANGLE_EXTRACT_MEMORY 'X' // insert substring delimited by N and M into current word at position I
#define RULE_OP_MANGLE_EXTRACT_MEMORY 'X' // insert substring delimited by N and M into current word at pos I
#define RULE_OP_MANGLE_APPEND_MEMORY '4' // insert the word saved by 'M' at the end of current word
#define RULE_OP_MANGLE_PREPEND_MEMORY '6' // insert the word saved by 'M' at the beginning of current word
#define RULE_OP_MEMORIZE_WORD 'M' // memorize current word
@ -52,9 +52,9 @@
#define RULE_OP_REJECT_EQUAL '_' // reject plains of length not equal to N
#define RULE_OP_REJECT_CONTAIN '!' // reject plains that contain char X
#define RULE_OP_REJECT_NOT_CONTAIN '/' // reject plains that do not contain char X
#define RULE_OP_REJECT_EQUAL_FIRST '(' // reject plains that do not contain char X at first position
#define RULE_OP_REJECT_EQUAL_LAST ')' // reject plains that do not contain char X at last position
#define RULE_OP_REJECT_EQUAL_AT '=' // reject plains that do not contain char X at position N
#define RULE_OP_REJECT_EQUAL_FIRST '(' // reject plains that do not contain char X at first pos
#define RULE_OP_REJECT_EQUAL_LAST ')' // reject plains that do not contain char X at last pos
#define RULE_OP_REJECT_EQUAL_AT '=' // reject plains that do not contain char X at pos N
#define RULE_OP_REJECT_CONTAINS '%' // reject plains that contain char X less than N times
#define RULE_OP_REJECT_MEMORY 'Q' // reject plains that match the plain saved (see M), i.e. if unchanged
#define RULE_LAST_REJECTED_SAVED_POS 'p' // position of the character last found with '/' or '%'
#define RULE_LAST_REJECTED_SAVED_POS 'p' // pos of the char last found with '/' or '%'

View File

@ -0,0 +1 @@
?l?d?u,?l?d,?l?d*!$@_,?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d

View File

@ -354,7 +354,12 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
{
if (hashconfig->has_optimized_kernel == false)
{
if (user_options->quiet == false) event_log_warning (hashcat_ctx, "%s: Optimized kernel requested but not needed - falling back to pure kernel", source_file);
if (user_options->quiet == false)
{
event_log_warning (hashcat_ctx, "Kernel %s:", source_file);
event_log_warning (hashcat_ctx, "Optimized kernel requested but not needed - falling back to pure kernel");
event_log_warning (hashcat_ctx, NULL);
}
}
else
{

View File

@ -56,7 +56,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH;
token.sep[1] = ':';
token.len_min[1] = 1;
token.len_min[1] = 0;
token.len_max[1] = 32;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
@ -104,9 +104,12 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u8 *salt_buf_pc_ptr = (u8 *) salt->salt_buf_pc;
memcpy (salt_buf_pc_ptr, domain_pos, domain_len);
if (domain_len > 0)
{
if (domain_pos[0] != '.') return (PARSER_SALT_VALUE);
if (salt_buf_pc_ptr[0] != '.') return (PARSER_SALT_VALUE);
memcpy (salt_buf_pc_ptr, domain_pos, domain_len);
}
u8 *len_ptr = salt_buf_pc_ptr;

View File

@ -42,16 +42,33 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig,
typedef struct rar3_tmp
{
u32 dgst[17][5];
u32 dgst[5];
u32 w[66]; // 256 byte pass + 8 byte salt
u32 iv[4];
} rar3_tmp_t;
typedef struct rar3_tmp_optimized
{
u32 dgst[17][5];
} rar3_tmp_optimized_t;
static const int ROUNDS_RAR3 = 262144;
static const char *SIGNATURE_RAR3 = "$RAR3$";
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 tmp_size = (const u64) sizeof (rar3_tmp_t);
const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL);
u64 tmp_size = (u64) sizeof (rar3_tmp_t);
if (optimized_kernel == true)
{
tmp_size = (u64) sizeof (rar3_tmp_optimized_t);
}
return tmp_size;
}
@ -74,7 +91,7 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con
{
const bool optimized_kernel = (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL);
u32 pw_max = PW_MAX;
u32 pw_max = 127;
if (optimized_kernel == true)
{

View File

@ -11,7 +11,11 @@ use warnings;
use Net::DNS::RR::NSEC3;
use Net::DNS::SEC;
sub module_constraints { [[1, 256], [-1, -1], [1, 55], [-1, -1], [-1, -1]] }
# we need to restict the pure password length for the test module to 63 bytes,
# because we can't have any string (including the pass) of over 63 bytes without "."
# sub module_constraints { [[1, 256], [-1, -1], [1, 55], [-1, -1], [-1, -1]] }
sub module_constraints { [[1, 63], [-1, -1], [1, 55], [-1, -1], [-1, -1]] }
sub get_random_dnssec_salt
{
@ -38,7 +42,14 @@ sub module_generate_hash
if (length $salt == 0)
{
$salt = get_random_dnssec_salt ();
if (int (rand (10)) == 0)
{
$salt = ":";
}
else
{
$salt = get_random_dnssec_salt ();
}
}
my ($domain, $salt_hex) = split (":", $salt);

View File

@ -0,0 +1,405 @@
#!/usr/bin/env perl
##
## Author......: See docs/credits.txt
## License.....: MIT
##
use strict;
use warnings;
use Digest::SHA;
use Crypt::CBC;
use Encode;
sub module_constraints { [[0, 127], [8, 8], [0, 20], [8, 8], [-1, -1]] }
my $ITERATIONS = 0x40000;
my $FIXED_RAW_STRING = pack ("H*", "c43d7b00400700000000000000000000");
my $SHA1C00 = 0x5a827999;
my $SHA1C01 = 0x6ed9eba1;
my $SHA1C02 = 0x8f1bbcdc;
my $SHA1C03 = 0xca62c1d6;
my $SHA1M_A = 0x67452301;
my $SHA1M_B = 0xefcdab89;
my $SHA1M_C = 0x98badcfe;
my $SHA1M_D = 0x10325476;
my $SHA1M_E = 0xc3d2e1f0;
sub rotl32
{
my $x = shift;
my $n = shift;
return (($x << $n) | ($x >> (32 - $n))) & 0xffffffff;
}
sub blk
{
my $b = shift;
my $i = shift;
$$b[$i & 15] = rotl32 ($$b[($i + 13) & 15] ^
$$b[($i + 8) & 15] ^
$$b[($i + 2) & 15] ^
$$b[($i + 0) & 15], 1);
return $$b[$i & 15];
}
sub R0
{
my ($b, $v, $w, $x, $y, $z, $i) = @_;
$$b[$i] = unpack ("L<", pack ("L>", $$b[$i])); # blk0 or just swap_byte32 ()
$z += (($w & ($x ^ $y)) ^ $y) + $$b[$i] + $SHA1C00 + rotl32 ($v, 5);
$z &= 0xffffffff;
$w = rotl32 ($w, 30);
return ($z, $w);
}
sub R1
{
my ($b, $v, $w, $x, $y, $z, $i) = @_;
$z += (($w & ($x ^ $y)) ^ $y) + blk ($b, $i) + $SHA1C00 + rotl32 ($v, 5);
$z &= 0xffffffff;
$w = rotl32 ($w, 30);
return ($z, $w);
}
sub R2
{
my ($b, $v, $w, $x, $y, $z, $i) = @_;
$z += ($w ^ $x ^ $y) + blk ($b, $i) + $SHA1C01 + rotl32 ($v, 5);
$z &= 0xffffffff;
$w = rotl32 ($w, 30);
return ($z, $w);
}
sub R3
{
my ($b, $v, $w, $x, $y, $z, $i) = @_;
$z += ((($w | $x) & $y) | ($w & $x)) + blk ($b, $i) + $SHA1C02 + rotl32 ($v, 5);
$z &= 0xffffffff;
$w = rotl32 ($w, 30);
return ($z, $w);
}
sub R4
{
my ($b, $v, $w, $x, $y, $z, $i) = @_;
$z += ($w ^ $x ^ $y) + blk ($b, $i) + $SHA1C03 + rotl32 ($v, 5);
$z &= 0xffffffff;
$w = rotl32 ($w, 30);
return ($z, $w);
}
sub sha1_transform
{
my ($state, $buffer) = @_;
my @block = unpack ("L<*", $$buffer);
my $a = $$state[0];
my $b = $$state[1];
my $c = $$state[2];
my $d = $$state[3];
my $e = $$state[4];
($e, $b) = R0 (\@block, $a, $b, $c, $d, $e, 0);
($d, $a) = R0 (\@block, $e, $a, $b, $c, $d, 1);
($c, $e) = R0 (\@block, $d, $e, $a, $b, $c, 2);
($b, $d) = R0 (\@block, $c, $d, $e, $a, $b, 3);
($a, $c) = R0 (\@block, $b, $c, $d, $e, $a, 4);
($e, $b) = R0 (\@block, $a, $b, $c, $d, $e, 5);
($d, $a) = R0 (\@block, $e, $a, $b, $c, $d, 6);
($c, $e) = R0 (\@block, $d, $e, $a, $b, $c, 7);
($b, $d) = R0 (\@block, $c, $d, $e, $a, $b, 8);
($a, $c) = R0 (\@block, $b, $c, $d, $e, $a, 9);
($e, $b) = R0 (\@block, $a, $b, $c, $d, $e, 10);
($d, $a) = R0 (\@block, $e, $a, $b, $c, $d, 11);
($c, $e) = R0 (\@block, $d, $e, $a, $b, $c, 12);
($b, $d) = R0 (\@block, $c, $d, $e, $a, $b, 13);
($a, $c) = R0 (\@block, $b, $c, $d, $e, $a, 14);
($e, $b) = R0 (\@block, $a, $b, $c, $d, $e, 15);
($d, $a) = R1 (\@block, $e, $a, $b, $c, $d, 16);
($c, $e) = R1 (\@block, $d, $e, $a, $b, $c, 17);
($b, $d) = R1 (\@block, $c, $d, $e, $a, $b, 18);
($a, $c) = R1 (\@block, $b, $c, $d, $e, $a, 19);
($e, $b) = R2 (\@block, $a, $b, $c, $d, $e, 20);
($d, $a) = R2 (\@block, $e, $a, $b, $c, $d, 21);
($c, $e) = R2 (\@block, $d, $e, $a, $b, $c, 22);
($b, $d) = R2 (\@block, $c, $d, $e, $a, $b, 23);
($a, $c) = R2 (\@block, $b, $c, $d, $e, $a, 24);
($e, $b) = R2 (\@block, $a, $b, $c, $d, $e, 25);
($d, $a) = R2 (\@block, $e, $a, $b, $c, $d, 26);
($c, $e) = R2 (\@block, $d, $e, $a, $b, $c, 27);
($b, $d) = R2 (\@block, $c, $d, $e, $a, $b, 28);
($a, $c) = R2 (\@block, $b, $c, $d, $e, $a, 29);
($e, $b) = R2 (\@block, $a, $b, $c, $d, $e, 30);
($d, $a) = R2 (\@block, $e, $a, $b, $c, $d, 31);
($c, $e) = R2 (\@block, $d, $e, $a, $b, $c, 32);
($b, $d) = R2 (\@block, $c, $d, $e, $a, $b, 33);
($a, $c) = R2 (\@block, $b, $c, $d, $e, $a, 34);
($e, $b) = R2 (\@block, $a, $b, $c, $d, $e, 35);
($d, $a) = R2 (\@block, $e, $a, $b, $c, $d, 36);
($c, $e) = R2 (\@block, $d, $e, $a, $b, $c, 37);
($b, $d) = R2 (\@block, $c, $d, $e, $a, $b, 38);
($a, $c) = R2 (\@block, $b, $c, $d, $e, $a, 39);
($e, $b) = R3 (\@block, $a, $b, $c, $d, $e, 40);
($d, $a) = R3 (\@block, $e, $a, $b, $c, $d, 41);
($c, $e) = R3 (\@block, $d, $e, $a, $b, $c, 42);
($b, $d) = R3 (\@block, $c, $d, $e, $a, $b, 43);
($a, $c) = R3 (\@block, $b, $c, $d, $e, $a, 44);
($e, $b) = R3 (\@block, $a, $b, $c, $d, $e, 45);
($d, $a) = R3 (\@block, $e, $a, $b, $c, $d, 46);
($c, $e) = R3 (\@block, $d, $e, $a, $b, $c, 47);
($b, $d) = R3 (\@block, $c, $d, $e, $a, $b, 48);
($a, $c) = R3 (\@block, $b, $c, $d, $e, $a, 49);
($e, $b) = R3 (\@block, $a, $b, $c, $d, $e, 50);
($d, $a) = R3 (\@block, $e, $a, $b, $c, $d, 51);
($c, $e) = R3 (\@block, $d, $e, $a, $b, $c, 52);
($b, $d) = R3 (\@block, $c, $d, $e, $a, $b, 53);
($a, $c) = R3 (\@block, $b, $c, $d, $e, $a, 54);
($e, $b) = R3 (\@block, $a, $b, $c, $d, $e, 55);
($d, $a) = R3 (\@block, $e, $a, $b, $c, $d, 56);
($c, $e) = R3 (\@block, $d, $e, $a, $b, $c, 57);
($b, $d) = R3 (\@block, $c, $d, $e, $a, $b, 58);
($a, $c) = R3 (\@block, $b, $c, $d, $e, $a, 59);
($e, $b) = R4 (\@block, $a, $b, $c, $d, $e, 60);
($d, $a) = R4 (\@block, $e, $a, $b, $c, $d, 61);
($c, $e) = R4 (\@block, $d, $e, $a, $b, $c, 62);
($b, $d) = R4 (\@block, $c, $d, $e, $a, $b, 63);
($a, $c) = R4 (\@block, $b, $c, $d, $e, $a, 64);
($e, $b) = R4 (\@block, $a, $b, $c, $d, $e, 65);
($d, $a) = R4 (\@block, $e, $a, $b, $c, $d, 66);
($c, $e) = R4 (\@block, $d, $e, $a, $b, $c, 67);
($b, $d) = R4 (\@block, $c, $d, $e, $a, $b, 68);
($a, $c) = R4 (\@block, $b, $c, $d, $e, $a, 69);
($e, $b) = R4 (\@block, $a, $b, $c, $d, $e, 70);
($d, $a) = R4 (\@block, $e, $a, $b, $c, $d, 71);
($c, $e) = R4 (\@block, $d, $e, $a, $b, $c, 72);
($b, $d) = R4 (\@block, $c, $d, $e, $a, $b, 73);
($a, $c) = R4 (\@block, $b, $c, $d, $e, $a, 74);
($e, $b) = R4 (\@block, $a, $b, $c, $d, $e, 75);
($d, $a) = R4 (\@block, $e, $a, $b, $c, $d, 76);
($c, $e) = R4 (\@block, $d, $e, $a, $b, $c, 77);
($b, $d) = R4 (\@block, $c, $d, $e, $a, $b, 78);
($a, $c) = R4 (\@block, $b, $c, $d, $e, $a, 79);
$$state[0] = ($$state[0] + $a) & 0xffffffff;
$$state[1] = ($$state[1] + $b) & 0xffffffff;
$$state[2] = ($$state[2] + $c) & 0xffffffff;
$$state[3] = ($$state[3] + $d) & 0xffffffff;
$$state[4] = ($$state[4] + $e) & 0xffffffff;
$$buffer = pack ("L<*", @block);
}
sub sha1_getstate
{
my $ctx = shift;
my $info = $ctx->getstate;
# state:
my $idx = index ($info, "H:");
my $state = substr ($info, $idx + 2, 44);
$state =~ s/://g;
my @state_arr = unpack ("L>*", pack ("H*", $state));
# block:
$idx = index ($info, "block:");
my $block = substr ($info, $idx + 6, 191);
$block =~ s/://g;
$block = pack ("H*", $block);
return (\@state_arr, $block);
}
sub sha1_update_rar29
{
my $ctx = shift;
my $data = shift;
my $len = shift;
my $count = shift;
my $ctx_orig = $ctx->clone;
$ctx->add ($$data);
# two early exits from this function, if (strange data) manipulation is not needed:
my $j = $count & 63;
return if (($j + $len) <= 63);
my $i = 64 - $j;
return if (($i + 63) >= $len);
# proceed with updating $data:
my ($state, $block) = sha1_getstate ($ctx_orig);
substr ($block, $j, $i) = substr ($$data, 0, $i);
sha1_transform ($state, \$block);
while (($i + 63) < $len)
{
my $workspace = substr ($$data, $i, 64);
sha1_transform ($state, \$workspace);
substr ($$data, $i, 64) = $workspace;
$i += 64;
}
}
sub module_generate_hash
{
my $pass = shift;
my $salt = shift;
# convert to utf16le:
my $buf = encode ("UTF-16LE", $pass);
# add the salt to the password buffer:
$buf .= $salt;
my $len = length ($buf);
my $count = 0;
my $ctx = Digest::SHA->new ('SHA1');
my $iv = "";
# main loop:
for (my $i = 0; $i < $ITERATIONS; $i++)
{
sha1_update_rar29 ($ctx, \$buf, $len, $count);
$count += $len;
my $pos = substr (pack ("L<", $i), 0, 3);
$ctx->add ($pos);
$count += 3;
if (($i & 0x3fff) == 0)
{
my $dgst = $ctx->clone->digest;
$iv .= substr ($dgst, 19, 1);
}
}
my $k = $ctx->digest;
$k = pack ("L<*", unpack ("L>4", $k)); # byte swap the first 4 * 4 = 16 bytes
my $aes = Crypt::CBC->new (
-cipher => "Crypt::Rijndael",
-key => $k,
-iv => $iv,
-keysize => 16,
-literal_key => 1,
-header => 'none');
my $hash = $aes->encrypt ($FIXED_RAW_STRING);
return sprintf ("\$RAR3\$*0*%s*%s", unpack ("H*", $salt), unpack ("H*", substr ($hash, 0, 16)));
}
sub module_verify_hash
{
my $line = shift;
my $idx = index ($line, ':');
return if ($idx < 1);
my $hash = substr ($line, 0, $idx);
my $word = substr ($line, $idx + 1);
return if (substr ($hash, 0, 9) ne "\$RAR3\$*0*");
$idx = index ($hash, '*', 9);
return if ($idx < 1);
my $salt = substr ($hash, 9, $idx - 9);
$salt = pack ("H*", $salt);
my $word_packed = pack_if_HEX_notation ($word);
my $new_hash = module_generate_hash ($word_packed, $salt);
return ($new_hash, $word);
}
1;