From ef47811c9d5bd0354b0b78e37f8152058a4d83f0 Mon Sep 17 00:00:00 2001
From: Jens Steube <jens.steube@gmail.com>
Date: Tue, 3 Mar 2020 09:55:13 +0100
Subject: [PATCH] Rename 23911 to 10901 and populate salt->salt_buf[]

---
 docs/changes.txt                              |   1 +
 docs/readme.txt                               |   1 +
 .../{module_23911.c => module_10901.c}        | 187 +++---------------
 tools/test_modules/{m23911.pm => m10901.pm}   |   3 +-
 4 files changed, 36 insertions(+), 156 deletions(-)
 rename src/modules/{module_23911.c => module_10901.c} (62%)
 rename tools/test_modules/{m23911.pm => m10901.pm} (92%)

diff --git a/docs/changes.txt b/docs/changes.txt
index 45b99f56d..dfea6fb71 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -53,6 +53,7 @@
 - Added hash-mode: QNX /etc/shadow (MD5)
 - Added hash-mode: QNX /etc/shadow (SHA256)
 - Added hash-mode: QNX /etc/shadow (SHA512)
+- Added hash-mode: RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256)
 - Added hash-mode: Ruby on Rails Restful-Authentication
 - Added hash-mode: sha1(md5(md5($pass)))
 - Added hash-mode: sha1(md5($pass.$salt))
diff --git a/docs/readme.txt b/docs/readme.txt
index bcd8b2fec..372197e3d 100644
--- a/docs/readme.txt
+++ b/docs/readme.txt
@@ -220,6 +220,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (9.0 or
 - CRAM-MD5 Dovecot
 - SSHA-256(Base64), LDAP {SSHA256}
 - SSHA-512(Base64), LDAP {SSHA512}
+- RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256)
 - FileZilla Server >= 0.9.55
 - ColdFusion 10+
 - Apache $apr1$ MD5, md5apr1, MD5 (APR)
diff --git a/src/modules/module_23911.c b/src/modules/module_10901.c
similarity index 62%
rename from src/modules/module_23911.c
rename to src/modules/module_10901.c
index b014bac33..0ecf50529 100644
--- a/src/modules/module_23911.c
+++ b/src/modules/module_10901.c
@@ -25,11 +25,7 @@ static const u32   OPTI_TYPE      = OPTI_TYPE_ZERO_BYTE
 static const u64   OPTS_TYPE      = OPTS_TYPE_PT_GENERATE_LE;
 static const u32   SALT_TYPE      = SALT_TYPE_EMBEDDED;
 static const char *ST_PASS        = "hashcat";
-static const char *ST_HASH        = "{PBKDF2_SHA256}AACkEGhlaiBqZW5z/jtuSox0CrtV9SHiVFjYeHpQ/ki2kwDrQeSqiiTn8LOmpPCw3r6TK/JDfl+ZAXRoc3VidGxldHllIXuxBDl6ItQOMupkRn+hzi/LEdr62a7B9sNOo8BPL9Z2nOi/m9AI+nAd/qwpLD1fbeDgs2DdpCZ4QfljuCLRBdURZV3HcXDUjD7PZ1CQcIOv9VbFlbu0IBmiU7ccMyb/qoxi+rPMqE4U8f6hL0TQjTjlOzU9MpPYS+WfztpYy7lEN6QghhOz0xe+0y2rDoK+yCS4PykkNS4FFc+xeiT6SNy3r7m+0teyaQKOExLrjogWkj+t+e4bMpHNx/FL3jkjCsuZnhq/t8eshG9DKmeD9b/QMkqT8dxe0jmr0s4+GnmHpMQMAxYW3pg70TluiDp3kJrDr1/d8OQerkQRevNx";
-
-static const u32   HASH_LEN_RAW   = 256;
-static const u32   SALT_LEN_RAW   = 64;
-static const u32   ITER_LEN_RAW   = 4;
+static const char *ST_HASH        = "{PBKDF2_SHA256}AAAgADkxMjM2NTIzMzgzMjQ3MjI4MDAwNTk5OTAyOTk4NDI2MjkyMzAzNjg0NjQwOTMxNjI3OTMzNjg0MDI0OTY5NTe5ULagRTYpLaUoeqJMg8x9W/DXu+9VTFaVhaYvebYrY+sOqn1ZMRnws22C1uAkiE2tFM8qN+xw5xe7OmCPZ203NuruK4oB33QlsKIEz4ppm0TR94JB9PJx7lIQwFHD3FUNUNryj4jk6UYyJ4+V1Z9Ug/Iy/ylQBJgfs5ihzgxHYZrfp1wUCXFzlZG9mxmziPm8VFnAhaX4+FBAZvLAx33jpbKOwEg7TmwP2VJ8BNFLQRqwYdlqIjQlAhncXH+dqIF9VdM4MonAA0hx76bMvFTP7LF5VO1IqVmcuYz7YG9v4KKRjnvoUUqOj6okUBQTay3EzsdFVnUW1FemYOccJd5q";
 
 u32         module_attack_exec    (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC;     }
 u32         module_dgst_pos0      (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0;       }
@@ -64,6 +60,10 @@ typedef struct pbkdf2_sha256_tmp
 
 static const char *SIGNATURE_REDHAT_PBKDF2_SHA256 = "{PBKDF2_SHA256}";
 
+static const int HASH_LEN_RAW = 256;
+static const int SALT_LEN_RAW = 64;
+static const int ITER_LEN_RAW = 4;
+
 u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
 {
   const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_t);
@@ -106,7 +106,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   //length of base64 encoded hash
   token.len_min[1] = 432;
   token.len_max[1] = 432;
-
   token.attr[1]    = TOKEN_ATTR_VERIFY_LENGTH
                    | TOKEN_ATTR_VERIFY_BASE64A;
 
@@ -119,103 +118,43 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   const u8 *tmp_pos = token.buf[1];
   const int tmp_len = token.len[1];
 
-  u8 tmp_buf[324];
+  u8 tmp_buf[512];
 
   memset (tmp_buf, 0, sizeof (tmp_buf));
 
   const int base64_decode_len = base64_decode (base64_to_int, tmp_pos, tmp_len, tmp_buf);
 
-  if (base64_decode_len != (4 + 64 + 256)) return (PARSER_HASH_LENGTH);
+  if (base64_decode_len != (ITER_LEN_RAW + SALT_LEN_RAW + HASH_LEN_RAW)) return (PARSER_HASH_LENGTH);
 
   // iter
 
   u8 *iter_pos = tmp_buf;
 
-  uint32_t iters[4] = {0};
+  u32 salt_iter;
 
-  memcpy (iters, iter_pos, ITER_LEN_RAW);
+  memcpy (&salt_iter, iter_pos, ITER_LEN_RAW);
 
-  // implementation does a ntohl(*iters)
-  salt->salt_iter = byte_swap_32(*iters) - 1;
+  salt_iter = byte_swap_32 (salt_iter); // implementation does a ntohl()
+
+  salt->salt_iter = salt_iter - 1;
 
   // salt
 
   u8 *salt_pos = tmp_buf + ITER_LEN_RAW;
 
-  salt->salt_len  = SALT_LEN_RAW;
+  salt->salt_len = SALT_LEN_RAW;
+
+  memcpy (pbkdf2_sha256->salt_buf, salt_pos, SALT_LEN_RAW);
 
-  u8 *salt_buf_ptr = (u8 *) pbkdf2_sha256->salt_buf;
-  memcpy (salt_buf_ptr, salt_pos, SALT_LEN_RAW);
+  for (int i = 0; i < SALT_LEN_RAW / 4; i++) salt->salt_buf[i] = pbkdf2_sha256->salt_buf[i];
 
   // hash
 
   u8 *hash_pos = tmp_buf + ITER_LEN_RAW + SALT_LEN_RAW;
-  memcpy(digest, hash_pos, HASH_LEN_RAW);
-
-  digest[0] = byte_swap_32 (digest[0]);
-  digest[1] = byte_swap_32 (digest[1]);
-  digest[2] = byte_swap_32 (digest[2]);
-  digest[3] = byte_swap_32 (digest[3]);
-  digest[4] = byte_swap_32 (digest[4]);
-  digest[5] = byte_swap_32 (digest[5]);
-  digest[6] = byte_swap_32 (digest[6]);
-  digest[7] = byte_swap_32 (digest[7]);
-  digest[8] = byte_swap_32 (digest[8]);
-  digest[9] = byte_swap_32 (digest[9]);
-  digest[10] = byte_swap_32 (digest[10]);
-  digest[11] = byte_swap_32 (digest[11]);
-  digest[12] = byte_swap_32 (digest[12]);
-  digest[13] = byte_swap_32 (digest[13]);
-  digest[14] = byte_swap_32 (digest[14]);
-  digest[15] = byte_swap_32 (digest[15]);
-  digest[16] = byte_swap_32 (digest[16]);
-  digest[17] = byte_swap_32 (digest[17]);
-  digest[18] = byte_swap_32 (digest[18]);
-  digest[19] = byte_swap_32 (digest[19]);
-  digest[20] = byte_swap_32 (digest[20]);
-  digest[21] = byte_swap_32 (digest[21]);
-  digest[22] = byte_swap_32 (digest[22]);
-  digest[23] = byte_swap_32 (digest[23]);
-  digest[24] = byte_swap_32 (digest[24]);
-  digest[25] = byte_swap_32 (digest[25]);
-  digest[26] = byte_swap_32 (digest[26]);
-  digest[27] = byte_swap_32 (digest[27]);
-  digest[28] = byte_swap_32 (digest[28]);
-  digest[29] = byte_swap_32 (digest[29]);
-  digest[30] = byte_swap_32 (digest[30]);
-  digest[31] = byte_swap_32 (digest[31]);
-  digest[32] = byte_swap_32 (digest[32]);
-  digest[33] = byte_swap_32 (digest[33]);
-  digest[34] = byte_swap_32 (digest[34]);
-  digest[35] = byte_swap_32 (digest[35]);
-  digest[36] = byte_swap_32 (digest[36]);
-  digest[37] = byte_swap_32 (digest[37]);
-  digest[38] = byte_swap_32 (digest[38]);
-  digest[39] = byte_swap_32 (digest[39]);
-  digest[40] = byte_swap_32 (digest[40]);
-  digest[41] = byte_swap_32 (digest[41]);
-  digest[42] = byte_swap_32 (digest[42]);
-  digest[43] = byte_swap_32 (digest[43]);
-  digest[44] = byte_swap_32 (digest[44]);
-  digest[45] = byte_swap_32 (digest[45]);
-  digest[46] = byte_swap_32 (digest[46]);
-  digest[47] = byte_swap_32 (digest[47]);
-  digest[48] = byte_swap_32 (digest[48]);
-  digest[49] = byte_swap_32 (digest[49]);
-  digest[50] = byte_swap_32 (digest[50]);
-  digest[51] = byte_swap_32 (digest[51]);
-  digest[52] = byte_swap_32 (digest[52]);
-  digest[53] = byte_swap_32 (digest[53]);
-  digest[54] = byte_swap_32 (digest[54]);
-  digest[55] = byte_swap_32 (digest[55]);
-  digest[56] = byte_swap_32 (digest[56]);
-  digest[57] = byte_swap_32 (digest[57]);
-  digest[58] = byte_swap_32 (digest[58]);
-  digest[59] = byte_swap_32 (digest[59]);
-  digest[60] = byte_swap_32 (digest[60]);
-  digest[61] = byte_swap_32 (digest[61]);
-  digest[62] = byte_swap_32 (digest[62]);
-  digest[63] = byte_swap_32 (digest[63]);
+
+  memcpy (digest, hash_pos, HASH_LEN_RAW);
+
+  for (int i = 0; i < HASH_LEN_RAW / 4; i++) digest[i] = byte_swap_32 (digest[i]);
 
   return (PARSER_OK);
 }
@@ -227,90 +166,28 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   const pbkdf2_sha256_t *pbkdf2_sha256 = (pbkdf2_sha256_t *) esalt_buf;
 
   u32 tmp_digest[64];
-  tmp_digest[0] = byte_swap_32 (digest[0]);
-  tmp_digest[1] = byte_swap_32 (digest[1]);
-  tmp_digest[2] = byte_swap_32 (digest[2]);
-  tmp_digest[3] = byte_swap_32 (digest[3]);
-  tmp_digest[4] = byte_swap_32 (digest[4]);
-  tmp_digest[5] = byte_swap_32 (digest[5]);
-  tmp_digest[6] = byte_swap_32 (digest[6]);
-  tmp_digest[7] = byte_swap_32 (digest[7]);
-  tmp_digest[8] = byte_swap_32 (digest[8]);
-  tmp_digest[9] = byte_swap_32 (digest[9]);
-  tmp_digest[10] = byte_swap_32 (digest[10]);
-  tmp_digest[11] = byte_swap_32 (digest[11]);
-  tmp_digest[12] = byte_swap_32 (digest[12]);
-  tmp_digest[13] = byte_swap_32 (digest[13]);
-  tmp_digest[14] = byte_swap_32 (digest[14]);
-  tmp_digest[15] = byte_swap_32 (digest[15]);
-  tmp_digest[16] = byte_swap_32 (digest[16]);
-  tmp_digest[17] = byte_swap_32 (digest[17]);
-  tmp_digest[18] = byte_swap_32 (digest[18]);
-  tmp_digest[19] = byte_swap_32 (digest[19]);
-  tmp_digest[20] = byte_swap_32 (digest[20]);
-  tmp_digest[21] = byte_swap_32 (digest[21]);
-  tmp_digest[22] = byte_swap_32 (digest[22]);
-  tmp_digest[23] = byte_swap_32 (digest[23]);
-  tmp_digest[24] = byte_swap_32 (digest[24]);
-  tmp_digest[25] = byte_swap_32 (digest[25]);
-  tmp_digest[26] = byte_swap_32 (digest[26]);
-  tmp_digest[27] = byte_swap_32 (digest[27]);
-  tmp_digest[28] = byte_swap_32 (digest[28]);
-  tmp_digest[29] = byte_swap_32 (digest[29]);
-  tmp_digest[30] = byte_swap_32 (digest[30]);
-  tmp_digest[31] = byte_swap_32 (digest[31]);
-  tmp_digest[32] = byte_swap_32 (digest[32]);
-  tmp_digest[33] = byte_swap_32 (digest[33]);
-  tmp_digest[34] = byte_swap_32 (digest[34]);
-  tmp_digest[35] = byte_swap_32 (digest[35]);
-  tmp_digest[36] = byte_swap_32 (digest[36]);
-  tmp_digest[37] = byte_swap_32 (digest[37]);
-  tmp_digest[38] = byte_swap_32 (digest[38]);
-  tmp_digest[39] = byte_swap_32 (digest[39]);
-  tmp_digest[40] = byte_swap_32 (digest[40]);
-  tmp_digest[41] = byte_swap_32 (digest[41]);
-  tmp_digest[42] = byte_swap_32 (digest[42]);
-  tmp_digest[43] = byte_swap_32 (digest[43]);
-  tmp_digest[44] = byte_swap_32 (digest[44]);
-  tmp_digest[45] = byte_swap_32 (digest[45]);
-  tmp_digest[46] = byte_swap_32 (digest[46]);
-  tmp_digest[47] = byte_swap_32 (digest[47]);
-  tmp_digest[48] = byte_swap_32 (digest[48]);
-  tmp_digest[49] = byte_swap_32 (digest[49]);
-  tmp_digest[50] = byte_swap_32 (digest[50]);
-  tmp_digest[51] = byte_swap_32 (digest[51]);
-  tmp_digest[52] = byte_swap_32 (digest[52]);
-  tmp_digest[53] = byte_swap_32 (digest[53]);
-  tmp_digest[54] = byte_swap_32 (digest[54]);
-  tmp_digest[55] = byte_swap_32 (digest[55]);
-  tmp_digest[56] = byte_swap_32 (digest[56]);
-  tmp_digest[57] = byte_swap_32 (digest[57]);
-  tmp_digest[58] = byte_swap_32 (digest[58]);
-  tmp_digest[59] = byte_swap_32 (digest[59]);
-  tmp_digest[60] = byte_swap_32 (digest[60]);
-  tmp_digest[61] = byte_swap_32 (digest[61]);
-  tmp_digest[62] = byte_swap_32 (digest[62]);
-  tmp_digest[63] = byte_swap_32 (digest[63]);
-
-  char tmp_buf[324] = { 0 };
+
+  for (int i = 0; i < HASH_LEN_RAW / 4; i++) tmp_digest[i] = byte_swap_32 (digest[i]);
+
+  char tmp_buf[512];
+
   memset (tmp_buf, 0, sizeof (tmp_buf));
 
-  uint32_t salt_iters[4] = { 0 };
+  const u32 salt_iters = byte_swap_32 (salt->salt_iter + 1); //htonl (salt->salt_iter);
 
-  salt_iters[0] = byte_swap_32 (salt->salt_iter + 1); //htonl(salt->salt_iter);
+  memcpy (tmp_buf, &salt_iters, ITER_LEN_RAW);
+  memcpy (tmp_buf + ITER_LEN_RAW, pbkdf2_sha256->salt_buf, salt->salt_len);
+  memcpy (tmp_buf + ITER_LEN_RAW + SALT_LEN_RAW, tmp_digest, HASH_LEN_RAW);
 
-  memcpy (tmp_buf, salt_iters, 4);
-  memcpy (tmp_buf + 4, pbkdf2_sha256->salt_buf, salt->salt_len);
-  memcpy (tmp_buf + 4 + 64, tmp_digest, 256);
+  char ptr_plain[512];
 
-  char ptr_plain[433] = { 0 };
+  memset (ptr_plain, 0, sizeof (ptr_plain));
 
-  base64_encode (int_to_base64, (const u8 *) tmp_buf, 324, (u8 *) ptr_plain);
+  base64_encode (int_to_base64, (const u8 *) tmp_buf, (ITER_LEN_RAW + SALT_LEN_RAW + HASH_LEN_RAW), (u8 *) ptr_plain);
 
   const int line_len = snprintf (line_buf, line_size, "%s%s", SIGNATURE_REDHAT_PBKDF2_SHA256, ptr_plain);
 
   return line_len;
-
 }
 
 void module_init (module_ctx_t *module_ctx)
diff --git a/tools/test_modules/m23911.pm b/tools/test_modules/m10901.pm
similarity index 92%
rename from tools/test_modules/m23911.pm
rename to tools/test_modules/m10901.pm
index fe7269069..d74ee2c29 100644
--- a/tools/test_modules/m23911.pm
+++ b/tools/test_modules/m10901.pm
@@ -16,7 +16,7 @@ sub module_generate_hash
 {
   my $word  = shift;
   my $salt  = shift;
-  my $iter  = shift // 10000;
+  my $iter  = shift // 8192; ## https://pagure.io/389-ds-base/blob/master/f/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
 
   if (length $salt == 0)
   {
@@ -29,6 +29,7 @@ sub module_generate_hash
     output_len => 256,
     salt_len => 64,
   );
+
   my $p = $pbkdf2->generate($word, $salt);
 
   my $decoded_hash = $pbkdf2->decode_string($p);