arno
/
hashcat
mirror of https://github.com/hashcat/hashcat.git
1
0
Fork 0
Code Issues Releases Wiki Activity

RACF KDFAES module

Browse Source
pull/3940/head
c0rs 3 months ago
parent c1a10518fd
commit cd74101a04
3 changed files with 1688 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1135
OpenCL/m34000-pure.cl
View File

File diff suppressed because it is too large Load Diff

378
src/modules/module_34000.c
Unescape View File

@ -0,0 +1,378 @@
/**
* Author......: 0xc0rs
* License.....: MIT
*/
#include "common.h"
#include "types.h"
#include "modules.h"
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "emu_inc_cipher_des.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
static const u32 DGST_POS1 = 1;
static const u32 DGST_POS2 = 2;
static const u32 DGST_POS3 = 3;
static const u32 DGST_SIZE = DGST_SIZE_4_4;
static const u32 HASH_CATEGORY = HASH_CATEGORY_OS;
static const char *HASH_NAME = "RACF KDFAES";
static const u64 KERN_TYPE = 34000;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP2
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
static const u64 OPTS_TYPE = OPTS_TYPE_ST_UPPER
| OPTS_TYPE_HASH_COPY
| OPTS_TYPE_INIT2
| OPTS_TYPE_LOOP2;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "$racf-kdfaes$*USER*E7D7E66D000180000008003200100010*00112233445566778899AABBCCDDEEFF*5390653DEC0316FB5AD56053208056A6";
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
typedef struct pbkdf2_sha256_tmp
{
u32 ipad[8];
u32 opad[8];
u32 dgst[32];
u32 out[32];
} pbkdf2_sha256_tmp_t;
typedef struct pbkdf2_sha256_tmpx
{
u32x ipad[8];
u32x opad[8];
u32x dgst[32];
u32x out[32];
} pbkdf2_sha256_tmpx_t;
typedef struct racf_kdfaes_tmp
{
u32 key[16];
u32 salt_buf[16];
u32 salt_len;
u32 out[256]; // change for mem_fact > 10
u32 out_len;
pbkdf2_sha256_tmp_t pbkdf2_tmp;
} racf_kdfaes_tmp_t;
typedef struct racf_kdfaes
{
u32 salt_buf[64];
u32 mem_fac;
u32 rep_fac;
} racf_kdfaes_t;
static const char *SIGNATURE_RACF_KDFAES = "$racf-kdfaes$";
char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra, MAYBE_UNUSED const hashes_t *hashes, MAYBE_UNUSED const hc_device_param_t *device_param)
{
char *jit_build_options = NULL;
// Extra treatment for Apple systems
if (device_param->opencl_platform_vendor_id == VENDOR_ID_APPLE)
{
return jit_build_options;
}
// NVIDIA GPU
if (device_param->opencl_device_vendor_id == VENDOR_ID_NV)
{
hc_asprintf (&jit_build_options, "-D _unroll");
}
// HIP
if (device_param->opencl_device_vendor_id == VENDOR_ID_AMD_USE_HIP)
{
hc_asprintf (&jit_build_options, "-D _unroll");
}
// ROCM
if ((device_param->opencl_device_vendor_id == VENDOR_ID_AMD) && (device_param->has_vperm == true))
{
hc_asprintf (&jit_build_options, "-D _unroll");
}
return jit_build_options;
}
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (racf_kdfaes_t);
return esalt_size;
}
u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 tmp_size = (const u64) sizeof (racf_kdfaes_tmp_t);
return tmp_size;
}
u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_max = 8;
return pw_max;
}
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
{
const u8 ascii_to_ebcdic[] =
{
0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, 0x16, 0x05, 0x25, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f,
0x40, 0x4f, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f,
0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6,
0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0x4a, 0xe0, 0x5a, 0x5f, 0x6d,
0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96,
0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xc0, 0x6a, 0xd0, 0xa1, 0x07,
0x20, 0x21, 0x22, 0x23, 0x24, 0x15, 0x06, 0x17, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x1b,
0x30, 0x31, 0x1a, 0x33, 0x34, 0x35, 0x36, 0x08, 0x38, 0x39, 0x3a, 0x3b, 0x04, 0x14, 0x3e, 0xe1,
0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
0x58, 0x59, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
0x76, 0x77, 0x78, 0x80, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e,
0x9f, 0xa0, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xda, 0xdb,
0xdc, 0xdd, 0xde, 0xdf, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
};
u32 *digest = (u32 *) digest_buf;
racf_kdfaes_t *racf_kdfaes = (racf_kdfaes_t *) esalt_buf;
hc_token_t token;
memset (&token, 0, sizeof (hc_token_t));
token.token_cnt = 5;
token.signatures_cnt = 1;
token.signatures_buf[0] = SIGNATURE_RACF_KDFAES;
token.sep[0] = '*';
token.len[0] = 13;
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_SIGNATURE;
token.sep[1] = '*';
token.len_min[1] = 0;
token.len_max[1] = 8;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
token.sep[2] = '*';
token.len[2] = 32;
token.attr[2] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[3] = '*';
token.len[3] = 32;
token.attr[3] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[4] = '*';
token.len[4] = 32;
token.attr[4] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
u8 tmp_buf[512];
int tmp_len;
// username (save to salt->salt_buf_pc)
const u8 *username_pos = token.buf[1];
const int username_len = token.len[1];
memset (tmp_buf, 0, sizeof (tmp_buf));
for (int i = 0; i < username_len; i++)
{
tmp_buf[i] = ascii_to_ebcdic[(int) username_pos[i]];
}
for (int i = username_len; i < token.len_max[1]; i++)
{
tmp_buf[i] = 0x40;
}
memcpy (salt->salt_buf_pc, tmp_buf, token.len_max[1]);
// header (save to racf_kdfaes->mem_fac and racf_kdfaes->rep_fac)
const u8 *header_pos = token.buf[2];
u32 mem_fac = 0, rep_fac = 0;
mem_fac |= ((u32) hex_convert (header_pos[16+1]) << 8);
mem_fac |= ((u32) hex_convert (header_pos[16+0]) << 12);
mem_fac |= ((u32) hex_convert (header_pos[16+3]) << 0);
mem_fac |= ((u32) hex_convert (header_pos[16+2]) << 4);
rep_fac |= ((u32) hex_convert (header_pos[20+1]) << 8);
rep_fac |= ((u32) hex_convert (header_pos[20+0]) << 12);
rep_fac |= ((u32) hex_convert (header_pos[20+3]) << 0);
rep_fac |= ((u32) hex_convert (header_pos[20+2]) << 4);
/**
* racf_kdfaes->mem_fac defines a size of memory buffer (racf_kdfaes_tmp->out): size = 8 * racf_kdfaes->mem_fac
* mem_fac = 8 => racf_kdfaes->mem_fac = 8 => u32 out[64]
* mem_fac = 9 => racf_kdfaes->mem_fac = 16 => u32 out[128]
* mem_fac = 10 => racf_kdfaes->mem_fac = 32 => u32 out[256]
* mem_fac = 11 => racf_kdfaes->mem_fac = 64 => u32 out[512]
* mem_fac = 12 => racf_kdfaes->mem_fac = 128 => u32 out[1024]
* due to the significant increase in bruteforce time with a high mem_fac the module is developed only for a mem_fac <= 10
* If it's necessary to brute hash with mem_fac > 10 (not default option) then increase size for racf_kdfaes_tmp->out buffer
*/
racf_kdfaes->mem_fac = (2 << (mem_fac - 1)) / 32;
/**
* racf_kdfaes->rep_fac defines a number of iteration in PBKDF2-SHA256-HMAC
*/
racf_kdfaes->rep_fac = rep_fac;
// salt (save to racf_kdfaes->salt_buf and salt->salt_buf)
const u8 *salt_pos = token.buf[3];
const int salt_len = token.len[3];
memset (tmp_buf, 0, sizeof (tmp_buf));
tmp_len = hex_decode(salt_pos, salt_len, tmp_buf);
if (tmp_len != 16) return (PARSER_SALT_LENGTH);
memcpy (racf_kdfaes->salt_buf, tmp_buf, tmp_len);
memcpy (salt->salt_buf, tmp_buf, tmp_len);
salt->salt_len = tmp_len;
salt->salt_iter = racf_kdfaes->mem_fac;
salt->salt_iter2 = rep_fac*100 - 1;
// hash
const u8 *hash_pos = token.buf[4];
const int hash_len = token.len[4];
memset (tmp_buf, 0, sizeof (tmp_buf));
tmp_len = hex_decode(hash_pos, hash_len, tmp_buf);
if (tmp_len != 16) return (PARSER_HASH_LENGTH);
memcpy (digest, tmp_buf, 16);
return (PARSER_OK);
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
return snprintf (line_buf, line_size, "%s", hash_info->orighash);
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
module_ctx->module_benchmark_charset = MODULE_DEFAULT;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
module_ctx->module_deprecated_notice = MODULE_DEFAULT;
module_ctx->module_dgst_pos0 = module_dgst_pos0;
module_ctx->module_dgst_pos1 = module_dgst_pos1;
module_ctx->module_dgst_pos2 = module_dgst_pos2;
module_ctx->module_dgst_pos3 = module_dgst_pos3;
module_ctx->module_dgst_size = module_dgst_size;
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
module_ctx->module_esalt_size = module_esalt_size;
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT;
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
module_ctx->module_hash_binary_save = MODULE_DEFAULT;
module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT;
module_ctx->module_hash_decode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
module_ctx->module_hash_decode = module_hash_decode;
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
module_ctx->module_hash_encode_potfile = MODULE_DEFAULT;
module_ctx->module_hash_encode = module_hash_encode;
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
module_ctx->module_hash_mode = MODULE_DEFAULT;
module_ctx->module_hash_category = module_hash_category;
module_ctx->module_hash_name = module_hash_name;
module_ctx->module_hashes_count_min = MODULE_DEFAULT;
module_ctx->module_hashes_count_max = MODULE_DEFAULT;
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_size = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_init = MODULE_DEFAULT;
module_ctx->module_hook_extra_param_term = MODULE_DEFAULT;
module_ctx->module_hook12 = MODULE_DEFAULT;
module_ctx->module_hook23 = MODULE_DEFAULT;
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
module_ctx->module_hook_size = MODULE_DEFAULT;
module_ctx->module_jit_build_options = module_jit_build_options;
module_ctx->module_jit_cache_disable = MODULE_DEFAULT;
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
module_ctx->module_kern_type = module_kern_type;
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
module_ctx->module_opti_type = module_opti_type;
module_ctx->module_opts_type = module_opts_type;
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
module_ctx->module_potfile_custom_check = MODULE_DEFAULT;
module_ctx->module_potfile_disable = MODULE_DEFAULT;
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
module_ctx->module_pwdump_column = MODULE_DEFAULT;
module_ctx->module_pw_max = module_pw_max;
module_ctx->module_pw_min = MODULE_DEFAULT;
module_ctx->module_salt_max = MODULE_DEFAULT;
module_ctx->module_salt_min = MODULE_DEFAULT;
module_ctx->module_salt_type = module_salt_type;
module_ctx->module_separator = MODULE_DEFAULT;
module_ctx->module_st_hash = module_st_hash;
module_ctx->module_st_pass = module_st_pass;
module_ctx->module_tmp_size = module_tmp_size;
module_ctx->module_unstable_warning = MODULE_DEFAULT;
module_ctx->module_warmup_disable = MODULE_DEFAULT;
}

175
tools/test_modules/m34000.pm
Unescape View File

@ -0,0 +1,175 @@
#!/usr/bin/env perl
##
## Author......: See docs/credits.txt
## License.....: MIT
##
use strict;
use warnings;
use Convert::EBCDIC qw (ascii2ebcdic);
use Digest::HMAC qw (hmac);
use Digest::SHA qw(hmac_sha256);
use Crypt::PBKDF2;
use Crypt::DES;
use Crypt::Rijndael;
sub module_constraints { [[0, 8], [1, 8], [-1, -1], [-1, -1], [-1, -1]] }
sub prepare_hmac_key
{
my ($username, $password) = @_;
$username = substr ($username . " " x 8, 0, 8);
$password = substr ($password . " " x 8, 0, 8);
my $username_ebc = ascii2ebcdic ($username);
my $password_ebc = ascii2ebcdic ($password);
my @pw = split ("", $password_ebc); # split by char
for (my $i = 0; $i < 8; $i++)
{
$pw[$i] = unpack ("C", $pw[$i]);
$pw[$i] ^= 0x55;
$pw[$i] <<= 1;
$pw[$i] = pack ("C", $pw[$i] & 0xff);
}
my $key = join ("", @pw);
my $cipher = new Crypt::DES $key;
my $ciphertext = $cipher->encrypt ($username_ebc);
return $ciphertext;
}
sub prepare_aes_key
{
my $mem_fac = (2 << (shift() - 1)) / 32;
my $rep_fac = shift;
my $hmac_key = shift;
my $data_hex = shift;
my $msg = pack ("H32", $data_hex) . pack('N', $mem_fac) . pack('N', 1);
my $mem_buf = "";
# step 1: proprietary PBKDF2-HMAC-SHA256 (prepare $mem_buf)
for my $n (0 .. $mem_fac - 1) {
my $u_current = hmac_sha256($msg, $hmac_key);
my $f_res = $u_current;
my $h_prev = $u_current;
# recalc hmac
for my $i (0 .. $rep_fac * 100 - 2) {
$h_prev = $u_current;
$u_current = hmac_sha256($u_current, $hmac_key);
my $f_res_tmp = '';
for my $j (0 .. length($f_res) - 1) {
$f_res_tmp .= chr(ord(substr($f_res, $j, 1)) ^ ord(substr($u_current, $j, 1)));
}
$f_res = $f_res_tmp;
}
$msg = substr ($h_prev, 0, 16) . $f_res . pack('N', 1);
$mem_buf .= $f_res
}
# step 2: mem_buf substitutions
# Set new HMAC key (last block from mem_buf)
my $mem_buf_len = length ($mem_buf);
$hmac_key = substr ($mem_buf, $mem_buf_len - 32, 32);
# Substitutions
for my $n (0 .. $mem_fac - 1) {
my $n_key = unpack ('N', substr ($hmac_key, 28, 4) ) & ($mem_fac - 1);
my $mem_buf_blk = substr ($mem_buf, $n_key * 32, 32) . pack('N', 1);
$mem_buf_blk = hmac_sha256($mem_buf_blk, $hmac_key);
$mem_buf = substr ($mem_buf, 0, $n * 32) . $mem_buf_blk . substr ($mem_buf, ($n+1) * 32, $mem_buf_len - ($n+1) * 32);
$hmac_key = $mem_buf_blk;
}
# step 3: PBKDF2-HMAC-SHA256(mem_buf, hmac_key, rep_fac)
my $pbkdf2 = Crypt::PBKDF2->new
(
hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
iterations => $rep_fac*100,
output_len => 32
);
$msg = substr ($mem_buf, 0, ($mem_fac-1) * 32);
my $aes_key = $pbkdf2->PBKDF2 ($msg, $hmac_key);
return $aes_key;
}
sub module_generate_hash
{
my $word = shift;
my $username = shift;
my $mem_fac = shift // 0x08;
my $rep_fac = shift // 0x32;
my $salt_data = shift // uc random_hex_string (32);
my $hmac_key = prepare_hmac_key (uc $username, $word);
my $aes_key = prepare_aes_key ($mem_fac, $rep_fac, $hmac_key, $salt_data);
my $plaint = ascii2ebcdic (substr (uc $username . " " x 8, 0, 8)) . "\x00" x 8;
my $rijndael = Crypt::Rijndael->new($aes_key, Crypt::Rijndael::MODE_ECB());
my $ciphertext = $rijndael->encrypt($plaint);
my $hash = sprintf ('$racf-kdfaes$*%s*E7D7E66D00018000%04X%04X00100010*%s*%s', uc $username, $mem_fac, $rep_fac, uc $salt_data, uc unpack("H32", $ciphertext));
return $hash;
}
sub module_verify_hash
{
my $line = shift;
my @line_elements = split (":", $line);
return if scalar @line_elements < 2;
my $hash_in = shift @line_elements;
my $word = join (":", @line_elements);
# check signature
my @hash_elements = split ('\*', $hash_in);
return unless ($hash_elements[0] eq '$racf-kdfaes$');
my $username = $hash_elements[1];
my $mem_fac = hex (substr ($hash_elements[2], 16, 4));
my $rep_fac = hex (substr ($hash_elements[2], 20, 4));
my $salt = $hash_elements[3];
return unless defined $word;
return unless defined $username;
return unless defined $mem_fac;
return unless defined $rep_fac;
return unless defined $salt;
$word = pack_if_HEX_notation ($word);
my $new_hash = module_generate_hash ($word, $username, $mem_fac, $rep_fac, $salt);
return ($new_hash, $word);
}
1;
Write Preview
Loading…
Cancel
Save