From df3890b49d0672e9e5e4e5f76639bb3480b7a777 Mon Sep 17 00:00:00 2001 From: jsteube Date: Thu, 6 Jul 2017 14:27:36 +0200 Subject: [PATCH] Added long passwords support for SCRYPT --- OpenCL/m08900.cl | 740 +++++------------------------------------------ src/interface.c | 2 + 2 files changed, 78 insertions(+), 664 deletions(-) diff --git a/OpenCL/m08900.cl b/OpenCL/m08900.cl index e1b83f1ee..6f846b54d 100644 --- a/OpenCL/m08900.cl +++ b/OpenCL/m08900.cl @@ -8,552 +8,11 @@ #include "inc_hash_functions.cl" #include "inc_types.cl" #include "inc_common.cl" +#include "inc_hash_sha256.cl" #define COMPARE_S "inc_comp_single.cl" #define COMPARE_M "inc_comp_multi.cl" -__constant u32a k_sha256[64] = -{ - SHA256C00, SHA256C01, SHA256C02, SHA256C03, - SHA256C04, SHA256C05, SHA256C06, SHA256C07, - SHA256C08, SHA256C09, SHA256C0a, SHA256C0b, - SHA256C0c, SHA256C0d, SHA256C0e, SHA256C0f, - SHA256C10, SHA256C11, SHA256C12, SHA256C13, - SHA256C14, SHA256C15, SHA256C16, SHA256C17, - SHA256C18, SHA256C19, SHA256C1a, SHA256C1b, - SHA256C1c, SHA256C1d, SHA256C1e, SHA256C1f, - SHA256C20, SHA256C21, SHA256C22, SHA256C23, - SHA256C24, SHA256C25, SHA256C26, SHA256C27, - SHA256C28, SHA256C29, SHA256C2a, SHA256C2b, - SHA256C2c, SHA256C2d, SHA256C2e, SHA256C2f, - SHA256C30, SHA256C31, SHA256C32, SHA256C33, - SHA256C34, SHA256C35, SHA256C36, SHA256C37, - SHA256C38, SHA256C39, SHA256C3a, SHA256C3b, - SHA256C3c, SHA256C3d, SHA256C3e, SHA256C3f, -}; - -void sha256_transform (const u32 w0[4], const u32 w1[4], const u32 w2[4], const u32 w3[4], u32 digest[8]) -{ - u32 a = digest[0]; - u32 b = digest[1]; - u32 c = digest[2]; - u32 d = digest[3]; - u32 e = digest[4]; - u32 f = digest[5]; - u32 g = digest[6]; - u32 h = digest[7]; - - u32 w0_t = w0[0]; - u32 w1_t = w0[1]; - u32 w2_t = w0[2]; - u32 w3_t = w0[3]; - u32 w4_t = w1[0]; - u32 w5_t = w1[1]; - u32 w6_t = w1[2]; - u32 w7_t = w1[3]; - u32 w8_t = w2[0]; - u32 w9_t = w2[1]; - u32 wa_t = w2[2]; - u32 wb_t = w2[3]; - u32 wc_t = w3[0]; - u32 wd_t = w3[1]; - u32 we_t = w3[2]; - u32 wf_t = w3[3]; - - #define ROUND_EXPAND() \ - { \ - w0_t = SHA256_EXPAND (we_t, w9_t, w1_t, w0_t); \ - w1_t = SHA256_EXPAND (wf_t, wa_t, w2_t, w1_t); \ - w2_t = SHA256_EXPAND (w0_t, wb_t, w3_t, w2_t); \ - w3_t = SHA256_EXPAND (w1_t, wc_t, w4_t, w3_t); \ - w4_t = SHA256_EXPAND (w2_t, wd_t, w5_t, w4_t); \ - w5_t = SHA256_EXPAND (w3_t, we_t, w6_t, w5_t); \ - w6_t = SHA256_EXPAND (w4_t, wf_t, w7_t, w6_t); \ - w7_t = SHA256_EXPAND (w5_t, w0_t, w8_t, w7_t); \ - w8_t = SHA256_EXPAND (w6_t, w1_t, w9_t, w8_t); \ - w9_t = SHA256_EXPAND (w7_t, w2_t, wa_t, w9_t); \ - wa_t = SHA256_EXPAND (w8_t, w3_t, wb_t, wa_t); \ - wb_t = SHA256_EXPAND (w9_t, w4_t, wc_t, wb_t); \ - wc_t = SHA256_EXPAND (wa_t, w5_t, wd_t, wc_t); \ - wd_t = SHA256_EXPAND (wb_t, w6_t, we_t, wd_t); \ - we_t = SHA256_EXPAND (wc_t, w7_t, wf_t, we_t); \ - wf_t = SHA256_EXPAND (wd_t, w8_t, w0_t, wf_t); \ - } - - #define ROUND_STEP(i) \ - { \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w0_t, k_sha256[i + 0]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w1_t, k_sha256[i + 1]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, w2_t, k_sha256[i + 2]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, w3_t, k_sha256[i + 3]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, w4_t, k_sha256[i + 4]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, w5_t, k_sha256[i + 5]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, w6_t, k_sha256[i + 6]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, w7_t, k_sha256[i + 7]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, a, b, c, d, e, f, g, h, w8_t, k_sha256[i + 8]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, h, a, b, c, d, e, f, g, w9_t, k_sha256[i + 9]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, g, h, a, b, c, d, e, f, wa_t, k_sha256[i + 10]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, f, g, h, a, b, c, d, e, wb_t, k_sha256[i + 11]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, e, f, g, h, a, b, c, d, wc_t, k_sha256[i + 12]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, d, e, f, g, h, a, b, c, wd_t, k_sha256[i + 13]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, c, d, e, f, g, h, a, b, we_t, k_sha256[i + 14]); \ - SHA256_STEP (SHA256_F0o, SHA256_F1o, b, c, d, e, f, g, h, a, wf_t, k_sha256[i + 15]); \ - } - - ROUND_STEP (0); - - #ifdef _unroll - #pragma unroll - #endif - for (int i = 16; i < 64; i += 16) - { - ROUND_EXPAND (); ROUND_STEP (i); - } - - digest[0] += a; - digest[1] += b; - digest[2] += c; - digest[3] += d; - digest[4] += e; - digest[5] += f; - digest[6] += g; - digest[7] += h; -} - -void hmac_sha256_pad (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8]) -{ - w0[0] = w0[0] ^ 0x36363636; - w0[1] = w0[1] ^ 0x36363636; - w0[2] = w0[2] ^ 0x36363636; - w0[3] = w0[3] ^ 0x36363636; - w1[0] = w1[0] ^ 0x36363636; - w1[1] = w1[1] ^ 0x36363636; - w1[2] = w1[2] ^ 0x36363636; - w1[3] = w1[3] ^ 0x36363636; - w2[0] = w2[0] ^ 0x36363636; - w2[1] = w2[1] ^ 0x36363636; - w2[2] = w2[2] ^ 0x36363636; - w2[3] = w2[3] ^ 0x36363636; - w3[0] = w3[0] ^ 0x36363636; - w3[1] = w3[1] ^ 0x36363636; - w3[2] = w3[2] ^ 0x36363636; - w3[3] = w3[3] ^ 0x36363636; - - ipad[0] = SHA256M_A; - ipad[1] = SHA256M_B; - ipad[2] = SHA256M_C; - ipad[3] = SHA256M_D; - ipad[4] = SHA256M_E; - ipad[5] = SHA256M_F; - ipad[6] = SHA256M_G; - ipad[7] = SHA256M_H; - - sha256_transform (w0, w1, w2, w3, ipad); - - w0[0] = w0[0] ^ 0x6a6a6a6a; - w0[1] = w0[1] ^ 0x6a6a6a6a; - w0[2] = w0[2] ^ 0x6a6a6a6a; - w0[3] = w0[3] ^ 0x6a6a6a6a; - w1[0] = w1[0] ^ 0x6a6a6a6a; - w1[1] = w1[1] ^ 0x6a6a6a6a; - w1[2] = w1[2] ^ 0x6a6a6a6a; - w1[3] = w1[3] ^ 0x6a6a6a6a; - w2[0] = w2[0] ^ 0x6a6a6a6a; - w2[1] = w2[1] ^ 0x6a6a6a6a; - w2[2] = w2[2] ^ 0x6a6a6a6a; - w2[3] = w2[3] ^ 0x6a6a6a6a; - w3[0] = w3[0] ^ 0x6a6a6a6a; - w3[1] = w3[1] ^ 0x6a6a6a6a; - w3[2] = w3[2] ^ 0x6a6a6a6a; - w3[3] = w3[3] ^ 0x6a6a6a6a; - - opad[0] = SHA256M_A; - opad[1] = SHA256M_B; - opad[2] = SHA256M_C; - opad[3] = SHA256M_D; - opad[4] = SHA256M_E; - opad[5] = SHA256M_F; - opad[6] = SHA256M_G; - opad[7] = SHA256M_H; - - sha256_transform (w0, w1, w2, w3, opad); -} - -void hmac_sha256_run (u32 w0[4], u32 w1[4], u32 w2[4], u32 w3[4], u32 ipad[8], u32 opad[8], u32 digest[8]) -{ - digest[0] = ipad[0]; - digest[1] = ipad[1]; - digest[2] = ipad[2]; - digest[3] = ipad[3]; - digest[4] = ipad[4]; - digest[5] = ipad[5]; - digest[6] = ipad[6]; - digest[7] = ipad[7]; - - sha256_transform (w0, w1, w2, w3, digest); - - w0[0] = digest[0]; - w0[1] = digest[1]; - w0[2] = digest[2]; - w0[3] = digest[3]; - w1[0] = digest[4]; - w1[1] = digest[5]; - w1[2] = digest[6]; - w1[3] = digest[7]; - w2[0] = 0x80000000; - w2[1] = 0; - w2[2] = 0; - w2[3] = 0; - w3[0] = 0; - w3[1] = 0; - w3[2] = 0; - w3[3] = (64 + 32) * 8; - - digest[0] = opad[0]; - digest[1] = opad[1]; - digest[2] = opad[2]; - digest[3] = opad[3]; - digest[4] = opad[4]; - digest[5] = opad[5]; - digest[6] = opad[6]; - digest[7] = opad[7]; - - sha256_transform (w0, w1, w2, w3, digest); -} - -void memcat8 (u32 block0[4], u32 block1[4], u32 block2[4], u32 block3[4], const u32 block_len, const u32 append[2]) -{ - switch (block_len) - { - case 0: - block0[0] = append[0]; - block0[1] = append[1]; - break; - - case 1: - block0[0] = block0[0] | append[0] << 8; - block0[1] = append[0] >> 24 | append[1] << 8; - block0[2] = append[1] >> 24; - break; - - case 2: - block0[0] = block0[0] | append[0] << 16; - block0[1] = append[0] >> 16 | append[1] << 16; - block0[2] = append[1] >> 16; - break; - - case 3: - block0[0] = block0[0] | append[0] << 24; - block0[1] = append[0] >> 8 | append[1] << 24; - block0[2] = append[1] >> 8; - break; - - case 4: - block0[1] = append[0]; - block0[2] = append[1]; - break; - - case 5: - block0[1] = block0[1] | append[0] << 8; - block0[2] = append[0] >> 24 | append[1] << 8; - block0[3] = append[1] >> 24; - break; - - case 6: - block0[1] = block0[1] | append[0] << 16; - block0[2] = append[0] >> 16 | append[1] << 16; - block0[3] = append[1] >> 16; - break; - - case 7: - block0[1] = block0[1] | append[0] << 24; - block0[2] = append[0] >> 8 | append[1] << 24; - block0[3] = append[1] >> 8; - break; - - case 8: - block0[2] = append[0]; - block0[3] = append[1]; - break; - - case 9: - block0[2] = block0[2] | append[0] << 8; - block0[3] = append[0] >> 24 | append[1] << 8; - block1[0] = append[1] >> 24; - break; - - case 10: - block0[2] = block0[2] | append[0] << 16; - block0[3] = append[0] >> 16 | append[1] << 16; - block1[0] = append[1] >> 16; - break; - - case 11: - block0[2] = block0[2] | append[0] << 24; - block0[3] = append[0] >> 8 | append[1] << 24; - block1[0] = append[1] >> 8; - break; - - case 12: - block0[3] = append[0]; - block1[0] = append[1]; - break; - - case 13: - block0[3] = block0[3] | append[0] << 8; - block1[0] = append[0] >> 24 | append[1] << 8; - block1[1] = append[1] >> 24; - break; - - case 14: - block0[3] = block0[3] | append[0] << 16; - block1[0] = append[0] >> 16 | append[1] << 16; - block1[1] = append[1] >> 16; - break; - - case 15: - block0[3] = block0[3] | append[0] << 24; - block1[0] = append[0] >> 8 | append[1] << 24; - block1[1] = append[1] >> 8; - break; - - case 16: - block1[0] = append[0]; - block1[1] = append[1]; - break; - - case 17: - block1[0] = block1[0] | append[0] << 8; - block1[1] = append[0] >> 24 | append[1] << 8; - block1[2] = append[1] >> 24; - break; - - case 18: - block1[0] = block1[0] | append[0] << 16; - block1[1] = append[0] >> 16 | append[1] << 16; - block1[2] = append[1] >> 16; - break; - - case 19: - block1[0] = block1[0] | append[0] << 24; - block1[1] = append[0] >> 8 | append[1] << 24; - block1[2] = append[1] >> 8; - break; - - case 20: - block1[1] = append[0]; - block1[2] = append[1]; - break; - - case 21: - block1[1] = block1[1] | append[0] << 8; - block1[2] = append[0] >> 24 | append[1] << 8; - block1[3] = append[1] >> 24; - break; - - case 22: - block1[1] = block1[1] | append[0] << 16; - block1[2] = append[0] >> 16 | append[1] << 16; - block1[3] = append[1] >> 16; - break; - - case 23: - block1[1] = block1[1] | append[0] << 24; - block1[2] = append[0] >> 8 | append[1] << 24; - block1[3] = append[1] >> 8; - break; - - case 24: - block1[2] = append[0]; - block1[3] = append[1]; - break; - - case 25: - block1[2] = block1[2] | append[0] << 8; - block1[3] = append[0] >> 24 | append[1] << 8; - block2[0] = append[1] >> 24; - break; - - case 26: - block1[2] = block1[2] | append[0] << 16; - block1[3] = append[0] >> 16 | append[1] << 16; - block2[0] = append[1] >> 16; - break; - - case 27: - block1[2] = block1[2] | append[0] << 24; - block1[3] = append[0] >> 8 | append[1] << 24; - block2[0] = append[1] >> 8; - break; - - case 28: - block1[3] = append[0]; - block2[0] = append[1]; - break; - - case 29: - block1[3] = block1[3] | append[0] << 8; - block2[0] = append[0] >> 24 | append[1] << 8; - block2[1] = append[1] >> 24; - break; - - case 30: - block1[3] = block1[3] | append[0] << 16; - block2[0] = append[0] >> 16 | append[1] << 16; - block2[1] = append[1] >> 16; - break; - - case 31: - block1[3] = block1[3] | append[0] << 24; - block2[0] = append[0] >> 8 | append[1] << 24; - block2[1] = append[1] >> 8; - break; - - case 32: - block2[0] = append[0]; - block2[1] = append[1]; - break; - - case 33: - block2[0] = block2[0] | append[0] << 8; - block2[1] = append[0] >> 24 | append[1] << 8; - block2[2] = append[1] >> 24; - break; - - case 34: - block2[0] = block2[0] | append[0] << 16; - block2[1] = append[0] >> 16 | append[1] << 16; - block2[2] = append[1] >> 16; - break; - - case 35: - block2[0] = block2[0] | append[0] << 24; - block2[1] = append[0] >> 8 | append[1] << 24; - block2[2] = append[1] >> 8; - break; - - case 36: - block2[1] = append[0]; - block2[2] = append[1]; - break; - - case 37: - block2[1] = block2[1] | append[0] << 8; - block2[2] = append[0] >> 24 | append[1] << 8; - block2[3] = append[1] >> 24; - break; - - case 38: - block2[1] = block2[1] | append[0] << 16; - block2[2] = append[0] >> 16 | append[1] << 16; - block2[3] = append[1] >> 16; - break; - - case 39: - block2[1] = block2[1] | append[0] << 24; - block2[2] = append[0] >> 8 | append[1] << 24; - block2[3] = append[1] >> 8; - break; - - case 40: - block2[2] = append[0]; - block2[3] = append[1]; - break; - - case 41: - block2[2] = block2[2] | append[0] << 8; - block2[3] = append[0] >> 24 | append[1] << 8; - block3[0] = append[1] >> 24; - break; - - case 42: - block2[2] = block2[2] | append[0] << 16; - block2[3] = append[0] >> 16 | append[1] << 16; - block3[0] = append[1] >> 16; - break; - - case 43: - block2[2] = block2[2] | append[0] << 24; - block2[3] = append[0] >> 8 | append[1] << 24; - block3[0] = append[1] >> 8; - break; - - case 44: - block2[3] = append[0]; - block3[0] = append[1]; - break; - - case 45: - block2[3] = block2[3] | append[0] << 8; - block3[0] = append[0] >> 24 | append[1] << 8; - block3[1] = append[1] >> 24; - break; - - case 46: - block2[3] = block2[3] | append[0] << 16; - block3[0] = append[0] >> 16 | append[1] << 16; - block3[1] = append[1] >> 16; - break; - - case 47: - block2[3] = block2[3] | append[0] << 24; - block3[0] = append[0] >> 8 | append[1] << 24; - block3[1] = append[1] >> 8; - break; - - case 48: - block3[0] = append[0]; - block3[1] = append[1]; - break; - - case 49: - block3[0] = block3[0] | append[0] << 8; - block3[1] = append[0] >> 24 | append[1] << 8; - block3[2] = append[1] >> 24; - break; - - case 50: - block3[0] = block3[0] | append[0] << 16; - block3[1] = append[0] >> 16 | append[1] << 16; - block3[2] = append[1] >> 16; - break; - - case 51: - block3[0] = block3[0] | append[0] << 24; - block3[1] = append[0] >> 8 | append[1] << 24; - block3[2] = append[1] >> 8; - break; - - case 52: - block3[1] = append[0]; - block3[2] = append[1]; - break; - - case 53: - block3[1] = block3[1] | append[0] << 8; - block3[2] = append[0] >> 24 | append[1] << 8; - block3[3] = append[1] >> 24; - break; - - case 54: - block3[1] = block3[1] | append[0] << 16; - block3[2] = append[0] >> 16 | append[1] << 16; - block3[3] = append[1] >> 16; - break; - - case 55: - block3[1] = block3[1] | append[0] << 24; - block3[2] = append[0] >> 8 | append[1] << 24; - block3[3] = append[1] >> 8; - break; - - case 56: - block3[2] = append[0]; - block3[3] = append[1]; - break; - } -} - uint4 swap32_4 (uint4 v) { return (rotate ((v & 0x00FF00FF), 24u) | rotate ((v & 0xFF00FF00), 8u)); @@ -759,89 +218,62 @@ __kernel void m08900_init (__global pw_t *pws, __global const kernel_rule_t *rul if (gid >= gid_max) return; u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; w0[0] = pws[gid].i[ 0]; w0[1] = pws[gid].i[ 1]; w0[2] = pws[gid].i[ 2]; w0[3] = pws[gid].i[ 3]; - - u32 w1[4]; - w1[0] = pws[gid].i[ 4]; w1[1] = pws[gid].i[ 5]; w1[2] = pws[gid].i[ 6]; w1[3] = pws[gid].i[ 7]; - - u32 w2[4]; - w2[0] = pws[gid].i[ 8]; w2[1] = pws[gid].i[ 9]; w2[2] = pws[gid].i[10]; w2[3] = pws[gid].i[11]; - - u32 w3[4]; - w3[0] = pws[gid].i[12]; w3[1] = pws[gid].i[13]; w3[2] = pws[gid].i[14]; w3[3] = pws[gid].i[15]; - /** - * salt - */ + w0[0] = swap32_S (w0[0]); + w0[1] = swap32_S (w0[1]); + w0[2] = swap32_S (w0[2]); + w0[3] = swap32_S (w0[3]); + w1[0] = swap32_S (w1[0]); + w1[1] = swap32_S (w1[1]); + w1[2] = swap32_S (w1[2]); + w1[3] = swap32_S (w1[3]); + w2[0] = swap32_S (w2[0]); + w2[1] = swap32_S (w2[1]); + w2[2] = swap32_S (w2[2]); + w2[3] = swap32_S (w2[3]); + w3[0] = swap32_S (w3[0]); + w3[1] = swap32_S (w3[1]); + w3[2] = swap32_S (w3[2]); + w3[3] = swap32_S (w3[3]); - u32 salt_buf0[4]; + sha256_hmac_ctx_t sha256_hmac_ctx; - salt_buf0[0] = salt_bufs[salt_pos].salt_buf[0]; - salt_buf0[1] = salt_bufs[salt_pos].salt_buf[1]; - salt_buf0[2] = salt_bufs[salt_pos].salt_buf[2]; - salt_buf0[3] = salt_bufs[salt_pos].salt_buf[3]; + sha256_hmac_init (&sha256_hmac_ctx, w0, w1, w2, w3); - u32 salt_buf1[4]; + sha256_hmac_update_global_swap (&sha256_hmac_ctx, salt_bufs[salt_pos].salt_buf, salt_bufs[salt_pos].salt_len); - salt_buf1[0] = salt_bufs[salt_pos].salt_buf[4]; - salt_buf1[1] = salt_bufs[salt_pos].salt_buf[5]; - salt_buf1[2] = salt_bufs[salt_pos].salt_buf[6]; - salt_buf1[3] = salt_bufs[salt_pos].salt_buf[7]; - - const u32 salt_len = salt_bufs[salt_pos].salt_len; - - /** - * 1st pbkdf2, creates B - */ - - w0[0] = swap32 (w0[0]); - w0[1] = swap32 (w0[1]); - w0[2] = swap32 (w0[2]); - w0[3] = swap32 (w0[3]); - w1[0] = swap32 (w1[0]); - w1[1] = swap32 (w1[1]); - w1[2] = swap32 (w1[2]); - w1[3] = swap32 (w1[3]); - w2[0] = swap32 (w2[0]); - w2[1] = swap32 (w2[1]); - w2[2] = swap32 (w2[2]); - w2[3] = swap32 (w2[3]); - w3[0] = swap32 (w3[0]); - w3[1] = swap32 (w3[1]); - w3[2] = swap32 (w3[2]); - w3[3] = swap32 (w3[3]); - - u32 ipad[8]; - u32 opad[8]; - - hmac_sha256_pad (w0, w1, w2, w3, ipad, opad); - - for (u32 i = 0, j = 0, k = 0; i < SCRYPT_CNT; i += 8, j += 1, k += 2) + for (u32 i = 0, j = 1, k = 0; i < SCRYPT_CNT; i += 8, j += 1, k += 2) { - w0[0] = salt_buf0[0]; - w0[1] = salt_buf0[1]; - w0[2] = salt_buf0[2]; - w0[3] = salt_buf0[3]; - w1[0] = salt_buf1[0]; - w1[1] = salt_buf1[1]; - w1[2] = salt_buf1[2]; - w1[3] = salt_buf1[3]; + sha256_hmac_ctx_t sha256_hmac_ctx2 = sha256_hmac_ctx; + + w0[0] = j; + w0[1] = 0; + w0[2] = 0; + w0[3] = 0; + w1[0] = 0; + w1[1] = 0; + w1[2] = 0; + w1[3] = 0; w2[0] = 0; w2[1] = 0; w2[2] = 0; @@ -851,33 +283,20 @@ __kernel void m08900_init (__global pw_t *pws, __global const kernel_rule_t *rul w3[2] = 0; w3[3] = 0; - u32 append[2]; + sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4); - append[0] = swap32 (j + 1); - append[1] = 0x80; - - memcat8 (w0, w1, w2, w3, salt_len, append); - - w0[0] = swap32 (w0[0]); - w0[1] = swap32 (w0[1]); - w0[2] = swap32 (w0[2]); - w0[3] = swap32 (w0[3]); - w1[0] = swap32 (w1[0]); - w1[1] = swap32 (w1[1]); - w1[2] = swap32 (w1[2]); - w1[3] = swap32 (w1[3]); - w2[0] = swap32 (w2[0]); - w2[1] = swap32 (w2[1]); - w2[2] = swap32 (w2[2]); - w2[3] = swap32 (w2[3]); - w3[0] = swap32 (w3[0]); - w3[1] = swap32 (w3[1]); - w3[2] = 0; - w3[3] = (64 + salt_len + 4) * 8; + sha256_hmac_final (&sha256_hmac_ctx2); u32 digest[8]; - hmac_sha256_run (w0, w1, w2, w3, ipad, opad, digest); + digest[0] = sha256_hmac_ctx2.opad.h[0]; + digest[1] = sha256_hmac_ctx2.opad.h[1]; + digest[2] = sha256_hmac_ctx2.opad.h[2]; + digest[3] = sha256_hmac_ctx2.opad.h[3]; + digest[4] = sha256_hmac_ctx2.opad.h[4]; + digest[5] = sha256_hmac_ctx2.opad.h[5]; + digest[6] = sha256_hmac_ctx2.opad.h[6]; + digest[7] = sha256_hmac_ctx2.opad.h[7]; const uint4 tmp0 = (uint4) (digest[0], digest[1], digest[2], digest[3]); const uint4 tmp1 = (uint4) (digest[4], digest[5], digest[6], digest[7]); @@ -934,58 +353,51 @@ __kernel void m08900_comp (__global pw_t *pws, __global const kernel_rule_t *rul if (gid >= gid_max) return; u32 w0[4]; + u32 w1[4]; + u32 w2[4]; + u32 w3[4]; w0[0] = pws[gid].i[ 0]; w0[1] = pws[gid].i[ 1]; w0[2] = pws[gid].i[ 2]; w0[3] = pws[gid].i[ 3]; - - u32 w1[4]; - w1[0] = pws[gid].i[ 4]; w1[1] = pws[gid].i[ 5]; w1[2] = pws[gid].i[ 6]; w1[3] = pws[gid].i[ 7]; - - u32 w2[4]; - w2[0] = pws[gid].i[ 8]; w2[1] = pws[gid].i[ 9]; w2[2] = pws[gid].i[10]; w2[3] = pws[gid].i[11]; - - u32 w3[4]; - w3[0] = pws[gid].i[12]; w3[1] = pws[gid].i[13]; w3[2] = pws[gid].i[14]; w3[3] = pws[gid].i[15]; + w0[0] = swap32_S (w0[0]); + w0[1] = swap32_S (w0[1]); + w0[2] = swap32_S (w0[2]); + w0[3] = swap32_S (w0[3]); + w1[0] = swap32_S (w1[0]); + w1[1] = swap32_S (w1[1]); + w1[2] = swap32_S (w1[2]); + w1[3] = swap32_S (w1[3]); + w2[0] = swap32_S (w2[0]); + w2[1] = swap32_S (w2[1]); + w2[2] = swap32_S (w2[2]); + w2[3] = swap32_S (w2[3]); + w3[0] = swap32_S (w3[0]); + w3[1] = swap32_S (w3[1]); + w3[2] = swap32_S (w3[2]); + w3[3] = swap32_S (w3[3]); + /** * 2nd pbkdf2, creates B */ - w0[0] = swap32 (w0[0]); - w0[1] = swap32 (w0[1]); - w0[2] = swap32 (w0[2]); - w0[3] = swap32 (w0[3]); - w1[0] = swap32 (w1[0]); - w1[1] = swap32 (w1[1]); - w1[2] = swap32 (w1[2]); - w1[3] = swap32 (w1[3]); - w2[0] = swap32 (w2[0]); - w2[1] = swap32 (w2[1]); - w2[2] = swap32 (w2[2]); - w2[3] = swap32 (w2[3]); - w3[0] = swap32 (w3[0]); - w3[1] = swap32 (w3[1]); - w3[2] = swap32 (w3[2]); - w3[3] = swap32 (w3[3]); + sha256_hmac_ctx_t ctx; - u32 ipad[8]; - u32 opad[8]; - - hmac_sha256_pad (w0, w1, w2, w3, ipad, opad); + sha256_hmac_init (&ctx, w0, w1, w2, w3); for (u32 l = 0; l < SCRYPT_CNT4; l += 4) { @@ -1021,11 +433,11 @@ __kernel void m08900_comp (__global pw_t *pws, __global const kernel_rule_t *rul w3[2] = tmp.s2; w3[3] = tmp.s3; - sha256_transform (w0, w1, w2, w3, ipad); + sha256_hmac_update_64 (&ctx, w0, w1, w2, w3, 64); } - w0[0] = 0x00000001; - w0[1] = 0x80000000; + w0[0] = 1; + w0[1] = 0; w0[2] = 0; w0[3] = 0; w1[0] = 0; @@ -1039,16 +451,16 @@ __kernel void m08900_comp (__global pw_t *pws, __global const kernel_rule_t *rul w3[0] = 0; w3[1] = 0; w3[2] = 0; - w3[3] = (64 + (SCRYPT_CNT * 4) + 4) * 8; + w3[3] = 0; - u32 digest[8]; + sha256_hmac_update_64 (&ctx, w0, w1, w2, w3, 4); - hmac_sha256_run (w0, w1, w2, w3, ipad, opad, digest); + sha256_hmac_final (&ctx); - const u32 r0 = swap32 (digest[DGST_R0]); - const u32 r1 = swap32 (digest[DGST_R1]); - const u32 r2 = swap32 (digest[DGST_R2]); - const u32 r3 = swap32 (digest[DGST_R3]); + const u32 r0 = swap32 (ctx.opad.h[DGST_R0]); + const u32 r1 = swap32 (ctx.opad.h[DGST_R1]); + const u32 r2 = swap32 (ctx.opad.h[DGST_R2]); + const u32 r3 = swap32 (ctx.opad.h[DGST_R3]); #define il_pos 0 diff --git a/src/interface.c b/src/interface.c index a98a2358f..014def8d8 100644 --- a/src/interface.c +++ b/src/interface.c @@ -24704,6 +24704,8 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) break; case 8800: hashconfig->pw_max = 64; // PBKDF2-HMAC-SHA1 max break; + case 8900: hashconfig->pw_max = 64; // PBKDF2-HMAC-SHA256 max + break; case 9710: hashconfig->pw_max = 5; // RC4-40 max break; case 9810: hashconfig->pw_max = 5; // RC4-40 max