Fix several constraints of raw modes

5 years ago · ba803a79ae
parent eb0e8eed2a
commit ba803a79ae
25 changed files with 63 additions and 45 deletions
--- a/src/modules/module_00022.c
+++ b/src/modules/module_00022.c
@ -48,6 +48,8 @@ u32         module_salt_type      (MAYBE_UNUSED const hashconfig_t *hashconfig,
 const char *module_st_hash        (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH;         }
 const char *module_st_pass        (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS;         }

+static const char *adm = ":Administration Tools:";
+
 int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
 {
  u32 *digest = (u32 *) digest_buf;
@ -62,8 +64,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
  token.attr[0]    = TOKEN_ATTR_VERIFY_LENGTH
                   | TOKEN_ATTR_VERIFY_BASE64A;

-  token.len_min[1] = 1;
-  token.len_max[1] = SALT_MAX;
+  token.len_min[1] = SALT_MIN;
+  token.len_max[1] = SALT_MAX - 23;
  token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH;

  const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
@ -159,15 +161,15 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE

  if (parse_rc == false) return (PARSER_SALT_LENGTH);

-  // max. salt length: 55 (max for MD5) - 22 (":Administration Tools:") - 1 (0x80) = 32
-  // 32 - 4 bytes (to fit w0lr for all attack modes) = 28
+  if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL)
+  {
+    // max. salt length: 55 (max for MD5) - 22 (":Administration Tools:") - 1 (0x80) = 32

-  if (salt->salt_len > 28) return (PARSER_SALT_LENGTH);
+    if (salt->salt_len > 32) return (PARSER_SALT_LENGTH);
+  }

  u8 *salt_buf_ptr = (u8 *) salt->salt_buf;

-  static const char *adm = ":Administration Tools:";
-
  memcpy (salt_buf_ptr + salt->salt_len, adm, strlen (adm));

  salt->salt_len += strlen (adm);
@ -179,10 +181,6 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
 {
  u32 *digest = (u32 *) digest_buf;

-  char username[30] = { 0 };
-
-  memcpy (username, salt->salt_buf, salt->salt_len - 22);
-
  char sig[6] = { 'n', 'r', 'c', 's', 't', 'n' };

  u32 tmp[4];
@ -241,7 +239,13 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
  tmp_buf[29] = sig[5];
  tmp_buf[30] = 0;

-  const int line_len = snprintf (line_buf, line_size, "%s:%s", tmp_buf, username);
+  char tmp_salt[SALT_MAX];
+
+  const int salt_len = generic_salt_encode (hashconfig, (const u8 *) salt->salt_buf, (const int) salt->salt_len - strlen (adm), (u8 *) tmp_salt);
+
+  tmp_salt[salt_len] = 0;
+
+  const int line_len = snprintf (line_buf, line_size, "%s:%s", tmp_buf, tmp_salt);

  return line_len;
 }
--- a/src/modules/module_00023.c
+++ b/src/modules/module_00023.c
@ -48,6 +48,8 @@ u32         module_salt_type      (MAYBE_UNUSED const hashconfig_t *hashconfig,
 const char *module_st_hash        (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH;         }
 const char *module_st_pass        (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS;         }

+static const char *skyper = "\nskyper\n";
+
 int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
 {
  u32 *digest = (u32 *) digest_buf;
@ -96,11 +98,18 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   * add static "salt" part
   */

+  if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL)
+  {
+    // max. salt length: 55 (max for MD5) - 8 ("\nskyper\n") - 1 (0x80) = 46
+
+    if (salt->salt_len > 46) return (PARSER_SALT_LENGTH);
+  }
+
  u8 *salt_buf_ptr = (u8 *) salt->salt_buf;

-  memcpy (salt_buf_ptr + salt_len, "\nskyper\n", 8);
+  memcpy (salt_buf_ptr + salt->salt_len, skyper, strlen (skyper));

-  salt->salt_len += 8;
+  salt->salt_len += strlen (skyper);

  return (PARSER_OK);
 }
@ -126,7 +135,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE

  char tmp_salt[SALT_MAX];

-  const int salt_len = generic_salt_encode (hashconfig, (const u8 *) salt->salt_buf, (const int) salt->salt_len - 8, (u8 *) tmp_salt);
+  const int salt_len = generic_salt_encode (hashconfig, (const u8 *) salt->salt_buf, (const int) salt->salt_len - strlen (skyper), (u8 *) tmp_salt);

  tmp_salt[salt_len] = 0;

--- a/src/modules/module_00111.c
+++ b/src/modules/module_00111.c
@ -67,8 +67,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
  token.attr[0]    = TOKEN_ATTR_FIXED_LENGTH
                   | TOKEN_ATTR_VERIFY_SIGNATURE;

-  token.len_min[1] = 28;
-  token.len_max[1] = 368; // 368 = 20 + 256 where 20 is digest length and 256 is SALT_MAX
+  token.len_min[1] = ((20 + SALT_MIN) * 8) / 6;
+  token.len_max[1] = ((20 + SALT_MAX) * 8) / 6;
  token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
                   | TOKEN_ATTR_VERIFY_BASE64A;

--- a/src/modules/module_00141.c
+++ b/src/modules/module_00141.c
@ -75,8 +75,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
  token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
                   | TOKEN_ATTR_VERIFY_DIGIT;

-  token.len_min[2] = 0;
-  token.len_max[2] = 44;
+  token.len_min[2] = (SALT_MIN * 8) / 6;
+  token.len_max[2] = (SALT_MAX * 8) / 6;
  token.sep[2]     = '*';
  token.attr[2]    = TOKEN_ATTR_VERIFY_LENGTH
                   | TOKEN_ATTR_VERIFY_BASE64A;
--- a/src/modules/module_01411.c
+++ b/src/modules/module_01411.c
@ -65,8 +65,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
  token.attr[0]    = TOKEN_ATTR_FIXED_LENGTH
                   | TOKEN_ATTR_VERIFY_SIGNATURE;

-  token.len_min[1] = 44;
-  token.len_max[1] = 385; // 385 = 32 + 256 where 32 is digest length and 256 is SALT_MAX
+  token.len_min[1] = ((32 + SALT_MIN) * 8) / 6;
+  token.len_max[1] = ((32 + SALT_MAX) * 8) / 6;
  token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
                   | TOKEN_ATTR_VERIFY_BASE64A;

--- a/src/modules/module_01441.c
+++ b/src/modules/module_01441.c
@ -75,8 +75,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
  token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
                   | TOKEN_ATTR_VERIFY_DIGIT;

-  token.len_min[2] = 0;
-  token.len_max[2] = 36;
+  token.len_min[2] = (SALT_MIN * 8) / 6;
+  token.len_max[2] = (SALT_MAX * 8) / 6;
  token.sep[2]     = '*';
  token.attr[2]    = TOKEN_ATTR_VERIFY_LENGTH
                   | TOKEN_ATTR_VERIFY_BASE64A;
--- a/src/modules/module_01711.c
+++ b/src/modules/module_01711.c
@ -66,8 +66,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
  token.attr[0]    = TOKEN_ATTR_FIXED_LENGTH
                   | TOKEN_ATTR_VERIFY_SIGNATURE;

-  token.len_min[1] = 88;
-  token.len_max[1] = 428; // 428 = 64 + 256 where 64 is digest length and 256 is SALT_MAX
+  token.len_min[1] = ((64 + SALT_MIN) * 8) / 6;
+  token.len_max[1] = ((64 + SALT_MAX) * 8) / 6;
  token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
                   | TOKEN_ATTR_VERIFY_BASE64A;

--- a/tools/test_modules/m00022.pm
+++ b/tools/test_modules/m00022.pm
@ -10,16 +10,19 @@ use warnings;

 use Digest::MD5 qw (md5);

-sub module_constraints { [[0, 255], [1, 11], [0, 33], [1, 11], [1, 33]] }
+sub module_constraints { [[0, 232], [0, 232], [0, 32], [0, 32], [0, 32]] }

 sub module_generate_hash
 {
  my $word = shift;
  my $salt = shift;

-  my $pass = sprintf ("%s:Administration Tools:%s", $salt, $word);
+  # we need to reduce the maximum password and salt buffer size by 23 since we
+  # add it here statically

-  my $hash_buf = md5 ($pass);
+  my $final = sprintf ("%s:Administration Tools:%s", $salt, $word);
+
+  my $hash_buf = md5 ($final);

  my $res = "";

--- a/tools/test_modules/m00023.pm
+++ b/tools/test_modules/m00023.pm
@ -20,7 +20,9 @@ sub module_generate_hash
  # we need to reduce the maximum password and salt buffer size by 8 since we
  # add it here statically

-  my $digest = md5_hex ($salt . "\nskyper\n" . $word);
+  my $final = sprintf ("%s\nskyper\n%s", $salt, $word);
+
+  my $digest = md5_hex ($final);

  my $hash = sprintf ("%s:%s", $digest, $salt);

--- a/tools/test_modules/m00030.pm
+++ b/tools/test_modules/m00030.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::MD5 qw (md5_hex);
 use Encode;

-sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 55], [0, 27]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 27], [0, 27]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m00040.pm
+++ b/tools/test_modules/m00040.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::MD5 qw (md5_hex);
 use Encode;

-sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 55], [0, 27]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 27], [0, 27]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m00125.pm
+++ b/tools/test_modules/m00125.pm
@ -10,7 +10,7 @@ use warnings;

 use Digest::SHA qw (sha1_hex);

-sub module_constraints { [[0, 255], [8, 8], [0, 55], [8, 8], [8, 55]] }
+sub module_constraints { [[0, 253], [8, 8], [0, 53], [8, 8], [8, 53]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m00130.pm
+++ b/tools/test_modules/m00130.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA1 qw (sha1_hex);
 use Encode;

-sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 55], [0, 27]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 27], [0, 27]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m00140.pm
+++ b/tools/test_modules/m00140.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA1 qw (sha1_hex);
 use Encode;

-sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 55], [0, 27]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 27], [0, 27]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m00141.pm
+++ b/tools/test_modules/m00141.pm
@ -12,7 +12,7 @@ use Digest::SHA1 qw (sha1);
 use MIME::Base64 qw (encode_base64 decode_base64);
 use Encode;

-sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 55], [0, 27]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 27], [0, 27]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01421.pm
+++ b/tools/test_modules/m01421.pm
@ -10,7 +10,7 @@ use warnings;

 use Digest::SHA qw (sha256_hex);

-sub module_constraints { [[0, 255], [6, 6], [0, 55], [6, 6], [0, 55]] }
+sub module_constraints { [[0, 255], [6, 6], [0, 55], [6, 6], [6, 55]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01430.pm
+++ b/tools/test_modules/m01430.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA qw (sha256_hex);
 use Encode;

-sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 55], [0, 27]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 27], [0, 27]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01440.pm
+++ b/tools/test_modules/m01440.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA qw (sha256_hex);
 use Encode;

-sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 55], [0, 27]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 27], [0, 27]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01450.pm
+++ b/tools/test_modules/m01450.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA  qw (sha256);
 use Digest::HMAC qw (hmac_hex);

-sub module_constraints { [[0, 255], [0, 255], [0, 55], [0, 55], [0, 55]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 55], [0, 55], [-1, -1]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01460.pm
+++ b/tools/test_modules/m01460.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA  qw (sha256);
 use Digest::HMAC qw (hmac_hex);

-sub module_constraints { [[0, 255], [0, 255], [0, 55], [0, 55], [0, 55]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 55], [0, 55], [-1, -1]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01722.pm
+++ b/tools/test_modules/m01722.pm
@ -10,7 +10,7 @@ use warnings;

 use Digest::SHA qw (sha512_hex);

-sub module_constraints { [[0, 255], [8, 8], [0, 55], [8, 8], [0, 55]] }
+sub module_constraints { [[0, 255], [8, 8], [0, 55], [8, 8], [8, 55]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01730.pm
+++ b/tools/test_modules/m01730.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA qw (sha512_hex);
 use Encode;

-sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 55], [0, 27]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 27], [0, 27]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01740.pm
+++ b/tools/test_modules/m01740.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA qw (sha512_hex);
 use Encode;

-sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 55], [0, 27]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 27], [0, 27], [0, 27]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01750.pm
+++ b/tools/test_modules/m01750.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA  qw (sha512);
 use Digest::HMAC qw (hmac_hex);

-sub module_constraints { [[0, 255], [0, 255], [0, 55], [0, 55], [0, 55]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 55], [0, 55], [-1, -1]] }

 sub module_generate_hash
 {
--- a/tools/test_modules/m01760.pm
+++ b/tools/test_modules/m01760.pm
@ -11,7 +11,7 @@ use warnings;
 use Digest::SHA  qw (sha512);
 use Digest::HMAC qw (hmac_hex);

-sub module_constraints { [[0, 255], [0, 255], [0, 55], [0, 55], [0, 55]] }
+sub module_constraints { [[0, 255], [0, 255], [0, 55], [0, 55], [-1, -1]] }

 sub module_generate_hash
 {